Provably Detectable Sequence Generation from AI Models via Steganographic Embedding

This disclosure describes techniques to produce machine-generated content with strong guarantees of detectability. Sequential content is generated by a generative artificial intelligence tool. The inference procedure used to sample content from the model is extended to provide cryptographic guarantees that the content can be detected to be synthetic. The sampling step that occurs during the generation of sequential output from a generative model is augmented with provably secure steganographic techniques. At each generation step where candidate tokens are evaluated for inclusion in the output of the AI tool, tokens that do not satisfy a cryptographically defined condition relative to previous tokens are rejected. The cryptographic condition is designed to satisfy the formal threshold of detectability desired. Outputs generated as a result of this process are detectable as synthetic by computation of statistics on top of the count of sequence positions where the condition holds

On hashing with tweakable ciphers

Cryptographic hash functions are often built on block ciphers in order to reduce the security analysis of the hash to that of the cipher, and to minimize the hardware size. Well known hash constructs are used in international standards like MD5 and SHA-1. Recently, researchers proposed new modes of operations for hash functions to protect against generic attacks, and it remains open how to base such functions on block ciphers. An attracting and intuitive choice is to combine previous constructions with tweakable block ciphers. We investigate such constructions, and show the surprising result that combining a provably secure mode of operation with a provably secure tweakable cipher does not guarantee the security of the constructed hash function. In fact, simple attacks can be possible when the interaction between secure components leaves some additional "freedom" to an adversary. Our techniques are derived from the principle of slide attacks, which were introduced for attacking block ciphers

Побудова клептографічних механізмів у функціях гешування

This research belongs to kleptographic problems of hash functions. Relevance of the research follows from importance of hash functions in hybrid cryptosystem and also from existence of kleptographic attack vectors on such systems. Currently, there are numerous results at kleptography in symmetric ciphers and asymmetric crypto protocols which demonstrate different aspects of kleptographic trapdoor implementation, however, a few of them highlight kleptographic problems of hash functions. Insufficiency of researches in hash kleptography problems leads to kleptography related risks in hash function at designing and standardization stage. In this article, we analyse ways to develop hash functions with kleptographic trapdoor. One of informal requirements for such functions is ''proximity'' to famous and common used constructions, i.e. it must be based on common schemes, that are used for development of well known hash functions. In current paper, it's suggested to build trapdoored hash function based on Merkle-Damgard scheme, which is the base of numerous of wide spread hash function. As compression function we choose one of the well known compression function schemes which are based on block ciphers and are proved to be collision resistant (like as Davice-Mayer or Miyaguchi-Preneel constructions). Instead of block ciphers in compression function we use special transformation based of Discrete Logarithm Problem and prove collision resistance preserving. The final result of the research is hash function with kleptographic trapdoor which allows developer effectively recover part of message (till 50\%) using knowledge of hash digest and secret in the kleptographi trapdoor design. In the same time, this function is still secure for other users who don't own design's secretРабота посвящена клептографическим проблемам функций хеширования. Актуальность данной работы вытекает из ключевой роли функций хеширования в современных гибридных криптосистемах и из факта существования клептографического вектора атак на такие системы. Сейчас, несмотря на то, что существует ряд работ, в которых исследованы клептографические возможности симметричных шифров и асимметричных криптографических протоколов, крайне мало исследований посвящено клептографическим проблемам функций хеширования. Недостаточность исследований клептографических возможностей хеш функций приводит к ризкам наличия клептографических механизмов в функциях хеширования, встроенных на этапе проектирования и стандартизации. В данной работе исследуются возможности построения функции хеширования с клептографическим механизмом. Одной из неформальных требований к таким функциям является требование «сходства» ее к известным функций хеширования, то есть должна базироваться на известных общих схемах хеш функций. В данной работе для реализации функции хеширования с лазейкой предлагается использовать схему Меркла-Дамгарда, что является основой многих известных функций хеширования, а функцией сжатия выбрана одна из общеизвестных конструкций построения функции сжатия на основе блочного шифра, что доказано устойчивыми к построению коллизий. Вместо блочного шифра в функции сжатия используется преобразование специального вида, а также приходится сохранение устойчивости к коллизиям с использованием данного преобразования. Результатом исследований является хеш-функция с клептографическим механизмом, что позволяет разработчику эффективно восстанавливать часть (до 50%) сообщения на основе хеш-кода и знания секрета в структуре клептографического механизма. В то же время, функция остается криптографически стойкой для других пользователей, не владеющих секретомРобота присвячена клептографічним проблемам функцій гешування. Актуальність даної роботи витікає з ключової ролі функцій гешування у сучасних гібридних криптосистемах та з факту існування клептографічного вектору атак на такі системи. Наразі, попри те, що існує ряд робіт, у яких досліджено клептографічні можливості симетричних шифрів та асиметричних криптографічних протоколів, вкрай мало досліджень присвячено клептографічним проблемам функцій гешування. Недостатність досліджень клептографічних можливостей геш функцій зумовлює ризики наявності клептографічних механізмів у функціях гешування, вбудованих на етапі проектування та стандартизації. У даній роботі досліджуються можливості побудови функції гешування з клептографічним механізмом. Однією з неформальних вимог до таких функцій є вимога ''подібності'' її до відомих функцій гешування, тобто має базуватися на відомих загальних схемах геш функцій. У даній роботі для реалізації функції гешування з лазівкою пропонується використовувати схему МерклаДамгарда, що є основою багатьох відомих функцій гешування, а функцією стиснення обрано одну з загальновідомих конструкцій побудови функції стиснення на основі блокового шифру, що є доведено стійкими до побудови колізій. Замість блокового шифру в функції стиснення використовується перетворення спеціального виду, а також доводиться збереження стійкості до колізій з використанням даного перетворення. Результатом досліджень є геш функція з клептографічним механізмом, що дозволяє розробнику ефективно відновлювати частину (до 50%) повідомлення на основі геш коду та знання секрету у структурі клептографічного механізму. В той же час, функція залишається криптографічно стійкою для інших користувачів, що не володіють секретом

Faster computation of the Tate pairing

This paper proposes new explicit formulas for the doubling and addition step in Miller's algorithm to compute the Tate pairing. For Edwards curves the formulas come from a new way of seeing the arithmetic. We state the first geometric interpretation of the group law on Edwards curves by presenting the functions which arise in the addition and doubling. Computing the coefficients of the functions and the sum or double of the points is faster than with all previously proposed formulas for pairings on Edwards curves. They are even competitive with all published formulas for pairing computation on Weierstrass curves. We also speed up pairing computation on Weierstrass curves in Jacobian coordinates. Finally, we present several examples of pairing-friendly Edwards curves.Comment: 15 pages, 2 figures. Final version accepted for publication in Journal of Number Theor

Identity Based Threshold Ring Signature

In threshold ring signature schemes, any group of $t$ entities spontaneously conscripting arbitrarily $n-t$ entities to generate a publicly verifiable $t$-out-of-$n$ signature on behalf of the whole group, yet the actual signers remain anonymous. The spontaneity of these schemes is desirable for ad-hoc groups such as mobile ad-hoc networks. In this paper, we present an identity based (ID-based) threshold ring signature scheme. The scheme is provably secure in the random oracle model and provides trusted authority compatibility. To the best of authors\u27 knowledge, our scheme is the first ID-based threshold ring signature scheme which is also the most efficient (in terms of number of pairing operations required) ID-based ring signature scheme (when $t = 1$) and threshold ring signature scheme from pairings

A Decentralized Dynamic PKI based on Blockchain

The central role of the certificate authority (CA) in traditional public key infrastructure (PKI) makes it fragile and prone to compromises and operational failures. Maintaining CAs and revocation lists is demanding especially in loosely-connected and large systems. Log-based PKIs have been proposed as a remedy but they do not solve the problem effectively. We provide a general model and a solution for decentralized and dynamic PKI based on a blockchain and web of trust model where the traditional CA and digital certificates are removed and instead, everything is registered on the blockchain. Registration, revocation, and update of public keys are based on a consensus mechanism between a certain number of entities that are already part of the system. Any node which is part of the system can be an auditor and initiate the revocation procedure once it finds out malicious activities. Revocation lists are no longer required as any node can efficiently verify the public keys through witnesses

Generic Constructions of RIBE via Subset Difference Method

Revocable identity-based encryption (RIBE) is an extension of IBE which can support a key revocation mechanism, and it is important when deploying an IBE system in practice. Boneh and Franklin (Crypto\u2701) presented the first generic construction of RIBE, however, their scheme is not scalable where the size of key updates is linear in the number of users in the system. The first generic construction of RIBE is presented by Ma and Lin with complete subtree (CS) method by combining IBE and hierarchical IBE (HIBE) schemes. Recently, Lee proposed a new generic construction using the subset difference (SD) method by combining IBE,identity-based revocation (IBR), and two-level HIBE schemes. In this paper, we present a new primitive called Identity-Based Encryption with Ciphertext Delegation (CIBE) and propose a generic construction of RIBE scheme via subset difference method using CIBE and HIBE as building blocks. CIBE is a special type of Wildcarded IBE (WIBE) and Identity-Based Broadcast Encryption (IBBE). Furthermore, we show that CIBE can be constructed from IBE in a black-box way. Instantiating the underlying building blocks with different concrete schemes, we can obtain a RIBE scheme with constant-size public parameter, ciphertext, private key and $O(r)$ key updates in the selective-ID model. Additionally, our generic RIBE scheme can be easily converted to a sever-aided RIBE scheme which is more suitable for lightweight devices

Truncated Differential Based Known-Key Attacks on Round-Reduced Simon

At Crypto 2015, Blondeau, Peyrin and Wang proposed a truncated-differential-based known-key attack on full PRESENT, a nibble oriented lightweight blockcipher with a SPN structure. The truncated difference they used is derived from the existing multidimensional linear characteristics. An innovative technique of their work is the design of a MITM layer added before the characteristic that covers extra rounds with a complexity lower than that of a generic construction. We notice that there are good linear hulls for bit-oriented block cipher Simon corresponding to highly qualified truncated differential characteristics. Based on these characteristics, we propose known-key distinguishers on round-reduced Simon block cipher family, which is bit oriented and has a Feistel structure. Similar to the MITM layer, we design a specific start-from-the-middle method for pre-adding extra rounds with complexities lower than generic bounds. With these techniques, we launch basic known-key attacks on round-reduced Simon. We also involve some key guessing technique and further extend the basic attacks to more rounds. Our known-key attacks can reach as many as 29/32/38/48/63-rounds of Simon32/48/64/96/128, which comes quite close to the full number of rounds. To the best of our knowledge, these are the first known-key results on the block cipher Simon

Tweakable Blockciphers for Efficient Authenticated Encryptions with Beyond the Birthday-Bound Security

Modular design via a tweakable blockcipher (TBC) offers efficient authenticated encryption (AE) schemes (with associated data) that call a blockcipher once for each data block (of associated data or a plaintext). However, the existing efficient blockcipher-based TBCs are secure up to the birthday bound, where the underlying keyed blockcipher is a secure strong pseudorandom permutation. Existing blockcipher-based AE schemes with beyond-birthday-bound (BBB) security are not efficient, that is, a blockcipher is called twice or more for each data block. In this paper, we present a TBC, XKX, that offers efficient blockcipher-based AE schemes with BBB security, by combining with efficient TBC-based AE schemes such as ΘCB3 an