366 research outputs found
Revisiting Deniability in Quantum Key Exchange via Covert Communication and Entanglement Distillation
We revisit the notion of deniability in quantum key exchange (QKE), a topic
that remains largely unexplored. In the only work on this subject by Donald
Beaver, it is argued that QKE is not necessarily deniable due to an
eavesdropping attack that limits key equivocation. We provide more insight into
the nature of this attack and how it extends to other constructions such as QKE
obtained from uncloneable encryption. We then adopt the framework for quantum
authenticated key exchange, developed by Mosca et al., and extend it to
introduce the notion of coercer-deniable QKE, formalized in terms of the
indistinguishability of real and fake coercer views. Next, we apply results
from a recent work by Arrazola and Scarani on covert quantum communication to
establish a connection between covert QKE and deniability. We propose DC-QKE, a
simple deniable covert QKE protocol, and prove its deniability via a reduction
to the security of covert QKE. Finally, we consider how entanglement
distillation can be used to enable information-theoretically deniable protocols
for QKE and tasks beyond key exchange.Comment: 16 pages, published in the proceedings of NordSec 201
Asymptotic information leakage under one-try attacks
We study the asymptotic behaviour of (a) information leakage and (b) adversaryās error probability in information hiding systems modelled as noisy channels. Specifically, we assume the attacker can make a single guess after observing n independent executions of the system, throughout which the secret information is kept fixed. We show that the asymptotic behaviour of quantities (a) and (b) can be determined in a simple way from the channel matrix. Moreover, simple and tight bounds on them as functions of n show that the convergence is exponential. We also discuss feasible methods to evaluate the rate of convergence. Our results cover both the Bayesian case, where a prior probability distribution on the secrets is assumed known to the attacker, and the maximum-likelihood case, where the attacker does not know such distribution. In the Bayesian case, we identify the distributions that maximize the leakage. We consider both the min-entropy setting studied by Smith and the additive form recently proposed by Braun et al., and show the two forms do agree asymptotically. Next, we extend these results to a more sophisticated eavesdropping scenario, where the attacker can perform a (noisy) observation at each state of the computation and the systems are modelled as hidden Markov models
Adaptively Secure Computationally Efficient Searchable Symmetric Encryption
Searchable encryption is a technique that allows a client to store documents on a server in encrypted form. Stored documents can be retrieved selectively while revealing as little information as\ud
possible to the server. In the symmetric searchable encryption domain, the storage and the retrieval are performed by the same client. Most conventional searchable encryption schemes suffer\ud
from two disadvantages.\ud
First, searching the stored documents takes time linear in the size of the database, and/or uses heavy arithmetic operations.\ud
Secondly, the existing schemes do not consider adaptive attackers;\ud
a search-query will reveal information even about documents stored\ud
in the future. If they do consider this, it is at a significant\ud
cost to updates.\ud
In this paper we propose a novel symmetric searchable encryption\ud
scheme that offers searching at constant time in the number of\ud
unique keywords stored on the server. We present two variants of\ud
the basic scheme which differ in the efficiency of search and\ud
update. We show how each scheme could be used in a personal health\ud
record system
A New Enforcement on Declassification with Reachability Analysis
Language-based information flow security aims to decide whether an
action-observable program can unintentionally leak confidential information if
it has the authority to access confidential data. Recent concerns about
declassification polices have provided many choices for practical intended
information release, but more precise enforcement mechanism for these policies
is insufficiently studied. In this paper, we propose a security property on the
where-dimension of declassification and present an enforcement based on
automated verification. The approach automatically transforms the abstract
model with a variant of self-composition, and checks the reachability of
illegal-flow state of the model after transformation. The self-composition is
equipped with a store-match pattern to reduce the state space and to model the
equivalence of declassified expressions in the premise of property. The
evaluation shows that our approach is more precise than type-based enforcement.Comment: 7 pages, this is a full version of the work presented on 2011 IEEE
INFOCOM Workshop
Panini -- Anonymous Anycast and an Instantiation
Anycast messaging (i.e., sending a message to an unspecified receiver) has
long been neglected by the anonymous communication community. An anonymous
anycast prevents senders from learning who the receiver of their message is,
allowing for greater privacy in areas such as political activism and
whistleblowing. While there have been some protocol ideas proposed, formal
treatment of the problem is absent. Formal definitions of what constitutes
anonymous anycast and privacy in this context are however a requirement for
constructing protocols with provable guarantees. In this work, we define the
anycast functionality and use a game-based approach to formalize its privacy
and security goals. We further propose Panini, the first anonymous anycast
protocol that only requires readily available infrastructure. We show that
Panini allows the actual receiver of the anycast message to remain anonymous,
even in the presence of an honest but curious sender. In an empirical
evaluation, we find that Panini adds only minimal overhead over regular
unicast: Sending a message anonymously to one of eight possible receivers
results in an end-to-end latency of 0.76s
Anonymous Symmetric-Key Communication
We study anonymity of probabilistic encryption (pE) and probabilistic authenticated encryption (pAE). We start by providing concise game-based security definitions capturing anonymity for both pE and pAE, and then show that the commonly used notion of indistinguishability from random ciphertexts (IND$) indeed implies the anonymity notions for both pE and pAE. This is in contrast to a recent work of Chan and Rogaway (Asiacrypt 2019), where it is shown that IND$-secure nonce-based authenticated encryption can only achieve anonymity if a sophisticated transformation is applied. Moreover, we also show that the Encrypt-then-MAC paradigm is anonymity-preserving, in the sense that if both the underlying probabilistic MAC (pMAC) and pE schemes are anonymous, then also the resulting pAE scheme is. Finally, we provide a composable treatment of anonymity using the constructive cryptography framework of Maurer and Renner (ICS 2011). We introduce adequate abstractions modeling various kinds of anonymous communication channels for many senders and one receiver in the presence of an active man-in-the-middle adversary. Then we show that the game-based notions indeed are anonymity-preserving, in the sense that they imply constructions between such anonymous channels, thus generating authenticity and/or confidentiality as expected, but crucially retaining anonymity if present
On Privacy Notions in Anonymous Communication
Many anonymous communication networks (ACNs) with different privacy goals
have been developed. However, there are no accepted formal definitions of
privacy and ACNs often define their goals and adversary models ad hoc. However,
for the understanding and comparison of different flavors of privacy, a common
foundation is needed. In this paper, we introduce an analysis framework for
ACNs that captures the notions and assumptions known from different analysis
frameworks. Therefore, we formalize privacy goals as notions and identify their
building blocks. For any pair of notions we prove whether one is strictly
stronger, and, if so, which. Hence, we are able to present a complete
hierarchy. Further, we show how to add practical assumptions, e.g. regarding
the protocol model or user corruption as options to our notions. This way, we
capture the notions and assumptions of, to the best of our knowledge, all
existing analytical frameworks for ACNs and are able to revise inconsistencies
between them. Thus, our new framework builds a common ground and allows for
sharper analysis, since new combinations of assumptions are possible and the
relations between the notions are known
- ā¦