Still Wrong Use of Pairings in Cryptography

Several pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too inefficient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/efficiency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page

(In)security of efficient tree-based group key agreement using bilinear map

A group key agreement protocol enables three or more parties to agree on a secret group key to allow for communication of secret messages between them. In this paper, we consider the security of an efficiency-improved version of the tree-based group key agreement protocol using bilinear maps proposed by Lee et al., and claimed to reduce computational costs while preserving security. To be precise, we show several attacks on this protocol and discuss how they could have been avoided

Unconstrained Tree Tensor Network: An adaptive gauge picture for enhanced performance

We introduce a variational algorithm to simulate quantum many-body states based on a tree tensor network ansatz which releases the isometry constraint usually imposed by the real-space renormalization coarse-graining: This additional numerical freedom, combined with the loop-free topology of the tree network, allows one to maximally exploit the internal gauge invariance of tensor networks, ultimately leading to a computationally flexible and efficient algorithm able to treat open and periodic boundary conditions on the same footing. We benchmark the novel approach against the 1D Ising model in transverse field with periodic boundary conditions and discuss the strategy to cope with the broken translational invariance generated by the network structure. We then perform investigations on a state-of-the-art problem, namely the bilinear-biquadratic model in the transition between dimer and ferromagnetic phases. Our results clearly display an exponentially diverging correlation length and thus support the most recent guesses on the peculiarity of the transition.Comment: 11 pages, 13 figure

Dining Cryptographers with 0.924 Verifiable Collision Resolution

The dining cryptographers protocol implements a multiple access channel in which senders and recipients are anonymous. A problem is that a malicious participant can disrupt communication by deliberately creating collisions. We propose a computationally secure dining cryptographers protocol with collision resolution that achieves a maximum stable throughput of 0.924 messages per round and which allows to easily detect disruptors.Comment: 11 pages, 3 figure

An adaptive prefix-assignment technique for symmetry reduction

This paper presents a technique for symmetry reduction that adaptively assigns a prefix of variables in a system of constraints so that the generated prefix-assignments are pairwise nonisomorphic under the action of the symmetry group of the system. The technique is based on McKay's canonical extension framework [J.~Algorithms 26 (1998), no.~2, 306--324]. Among key features of the technique are (i) adaptability---the prefix sequence can be user-prescribed and truncated for compatibility with the group of symmetries; (ii) parallelizability---prefix-assignments can be processed in parallel independently of each other; (iii) versatility---the method is applicable whenever the group of symmetries can be concisely represented as the automorphism group of a vertex-colored graph; and (iv) implementability---the method can be implemented relying on a canonical labeling map for vertex-colored graphs as the only nontrivial subroutine. To demonstrate the practical applicability of our technique, we have prepared an experimental open-source implementation of the technique and carry out a set of experiments that demonstrate ability to reduce symmetry on hard instances. Furthermore, we demonstrate that the implementation effectively parallelizes to compute clusters with multiple nodes via a message-passing interface.Comment: Updated manuscript submitted for revie

Attribute-based encryption with encryption and decryption outsourcing

In this paper we propose a new scheme for ciphertext-policy attribute-based encryption that allows outsourcing of computationally expensive encryption and decryption steps. The scheme constitutes an important building block for mobile applications where both the host and users use mobile devices with limited computational power. In the proposed scheme, during encryption the host involves a semi-trusted proxy to encrypt a partially encrypted (by the host) message according to an access policy provided by the host. The proxy is unable to learn the message from this partially encrypted text. A user can only decrypt the stored ciphertext if he possesses secret keys associated with a set of attributes that satisfies the associated policy. To reduce computational load in the decryption step, the user, in his turn, involves a semi-trusted proxy (e.g. a cloud) by deploying the scheme of Green et al. (2011). The cloud is given a transformation key that facilitates construction of an El Gamal-ciphertext from the original ciphertext if the user\u27s attributes satisfy the ciphertext. This El Gamal-ciphertext can be then efficiently decrypted on the user\u27s resource-constrained device. The resulting ABE scheme with encryption and decryption outsourcing is proven to be secure in the generic group model

Secure Authentication and Privacy-Preserving Techniques in Vehicular Ad-hoc NETworks (VANETs)

In the last decade, there has been growing interest in Vehicular Ad Hoc NETworks (VANETs). Today car manufacturers have already started to equip vehicles with sophisticated sensors that can provide many assistive features such as front collision avoidance, automatic lane tracking, partial autonomous driving, suggestive lane changing, and so on. Such technological advancements are enabling the adoption of VANETs not only to provide safer and more comfortable driving experience but also provide many other useful services to the driver as well as passengers of a vehicle. However, privacy, authentication and secure message dissemination are some of the main issues that need to be thoroughly addressed and solved for the widespread adoption/deployment of VANETs. Given the importance of these issues, researchers have spent a lot of effort in these areas over the last decade. We present an overview of the following issues that arise in VANETs: privacy, authentication, and secure message dissemination. Then we present a comprehensive review of various solutions proposed in the last 10 years which address these issues. Our survey sheds light on some open issues that need to be addressed in the future

On Constant-Round Concurrent Zero-Knowledge from a Knowledge Assumption

In this work, we consider the long-standing open question of constructing constant-round concurrent zero-knowledge protocols in the plain model. Resolving this question is known to require non-black-box techniques. We consider non-black-box techniques for zero-knowledge based on knowledge assumptions, a line of thinking initiated by the work of Hada and Tanaka (CRYPTO 1998). Prior to our work, it was not known whether knowledge assumptions could be used for achieving security in the concurrent setting, due to a number of significant limitations that we discuss here. Nevertheless, we obtain the following results: 1. We obtain the first constant round concurrent zero-knowledge argument for \textbf{NP} in the plain model based on a new variant of knowledge of exponent assumption. Furthermore, our construction avoids the inefficiency inherent in previous non-black-box techniques such that those of Barak (FOCS 2001); we obtain our result through an efficient protocol compiler. 2. Unlike Hada and Tanaka, we do not require a knowledge assumption to argue the soundness of our protocol. Instead, we use a discrete log like assumption, which we call Diffie-Hellman Logarithm Assumption, to prove the soundness of our protocol. 3. We give evidence that our new variant of knowledge of exponent assumption is in fact plausible. In particular, we show that our assumption holds in the generic group model. 4. Knowledge assumptions are especially delicate assumptions whose plausibility may be hard to gauge. We give a novel framework to express knowledge assumptions in a more flexible way, which may allow for formulation of plausible assumptions and exploration of their impact and application in cryptography.Comment: 30 pages, 3 figure