Input-shrinking functions: theory and application

In this thesis, we contribute to the emerging field of the Leakage-Resilient Cryptography by studying the problem of secure data storage on hardware that may leak information, introducing a new primitive, a leakage-resilient storage, and showing two different constructions of such storage scheme provably secure against a class of leakage functions that can depend only on some restricted part of the memory and against a class of computationally weak leakage functions, e.g. functions computable by small circuits, respectively. Our results come with instantiations and analysis of concrete parameters. Furthermore, as second contribution, we present our implementation in C programming language, using the cryptographic library of the OpenSSL project, of a two-party Authenticated Key Exchange (AKE) protocol, which allows a client and a server, who share a huge secret file, to securely compute a shared key, providing client-to-server authentication, also in the presence of active attackers. Following the work of Cash et al. (TCC 2007), we based our construction on a Weak Key Exchange (WKE) protocol, developed in the BRM, and a Password-based Authenticated Key Exchange (PAKE) protocol secure in the Universally Composable (UC) framework. The WKE protocol showed by Cash et al. uses an explicit construction of averaging sampler, which uses less random bits than the random choice but does not seem to be efficiently implementable in practice. In this thesis, we propose a WKE protocol similar but simpler than that one of Cash et al.: our protocol uses more randomness than the Cash et al.'s one, as it simply uses random choice instead of averaging sampler, but we are able to show an efficient implementation of it. Moreover, we formally adapt the security analysis of the WKE protocol of Cash et al. to our WKE protocol. To complete our AKE protocol, we implement the PAKE protocol showed secure in the UC framework by Abdalla et al. (CT-RSA 2008), which is more efficient than the Canetti et al.'s UC-PAKE protocol (EuroCrypt 2005) used in Cash et al.'s work. In our implementation of the WKE protocol, to achieve small constant communication complexity and amount of randomness, we rely on the Random Oracle (RO) model. However, we would like to note that in our implementation of the AKE protocol we need also a UC-PAKE protocol which already relies on RO, as it is impossible to achieve UC-PAKE in the standard model. In our work we focus not only on the theoretical aspects of the area, providing formal models and proofs, but also on the practical ones, analyzing instantiations, concrete parameters and implementation of the proposed solutions, to contribute to bridge the gap between theory and practice in this field

Algebraic methods in randomness and pseudorandomness

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2010.Cataloged from PDF version of thesis.Includes bibliographical references (p. 183-188).Algebra and randomness come together rather nicely in computation. A central example of this relationship in action is the Schwartz-Zippel lemma and its application to the fast randomized checking of polynomial identities. In this thesis, we further this relationship in two ways: (1) by compiling new algebraic techniques that are of potential computational interest, and (2) demonstrating the relevance of these techniques by making progress on several questions in randomness and pseudorandomness. The technical ingredients we introduce include: " Multiplicity-enhanced versions of the Schwartz-Zippel lenina and the "polynomial method", extending their applicability to "higher-degree" polynomials. " Conditions for polynomials to have an unusually small number of roots. " Conditions for polynomials to have an unusually structured set of roots, e.g., containing a large linear space. Our applications include: * Explicit constructions of randomness extractors with logarithmic seed and vanishing "entropy loss". " Limit laws for first-order logic augmented with the parity quantifier on random graphs (extending the classical 0-1 law). " Explicit dispersers for affine sources of imperfect randomness with sublinear entropy.by Swastik Kopparty.Ph.D