11,651 research outputs found
Card-based Cryptographic Protocols Using a Minimal Number of Cards
Secure multiparty computation can be done with a deck of playing cards. For example, den Boer (EUROCRYPT ’89) devised his famous “five-card trick”, which is a secure two-party AND protocol using five cards. However, the output of the protocol is revealed in the process and it is therefore not suitable for general circuits with hidden intermediate results. To overcome this limitation, protocols in committed format, i.e., with concealed output, have been introduced, among them the six-card AND protocol of (Mizuki and Sone, FAW 2009). In their paper, the authors ask whether six cards are minimal for committed format AND protocols.
We give a comprehensive answer to this problem: there is a four-card AND protocol with a runtime that is finite in expectation (i.e., a Las Vegas protocol), but no protocol with finite runtime. Moreover, we show that five cards are sufficient for finite runtime. In other words, improving on (Mizuki, Kumamoto, and Sone, ASIACRYPT 2012) “The Five-Card Trick can be done with four cards”, our results can be stated as “The Five-Card Trick can be done in committed format” and furthermore it “can be done with four cards in Las Vegas committed format”.
By devising a Las Vegas protocol for any -ary boolean function using cards, we address the open question posed by (Nishida et al., TAMC 2015) on whether cards are necessary for computing any -ary boolean function. For this we use the shuffle abstraction as introduced in the computational model of card-based protocols in (Mizuki and Shizuya, Int. J. Inf. Secur., 2014). We augment this result by a discussion on implementing such general shuffle operations
Recommended from our members
Computer-aided analysis of concurrent systems
The introduction of concurrency into programs has added to the complexity of the software design process. This is most evident in the design of communications protocols where concurrency is inherent to the behavior of the system. The complexity exhibited by such software systems makes more evident the needs for computer-aided tools for automatically analyzing behavior.The Distributed Systems project at UCI has been developing a suite of tools, based on Petri nets, which support the design and evaluation of concurrent software systems. This paper focuses attention on one of the tools: the reachability graph analyzer (RGA). This tool provides mechanisms for proving general system properties (e.g., deadlock-freeness) as well as system-specific properties. The tool is sufficiently general to allow a user to apply complex user-defined analysis algorithms to reachability graphs. The alternating-bit protocol with a bounded channel is used to demonstrate the power of the tool and to point to future extensions
Secure Grouping Protocol Using a Deck of Cards
We consider a problem, which we call secure grouping, of dividing a number of
parties into some subsets (groups) in the following manner: Each party has to
know the other members of his/her group, while he/she may not know anything
about how the remaining parties are divided (except for certain public
predetermined constraints, such as the number of parties in each group). In
this paper, we construct an information-theoretically secure protocol using a
deck of physical cards to solve the problem, which is jointly executable by the
parties themselves without a trusted third party. Despite the non-triviality
and the potential usefulness of the secure grouping, our proposed protocol is
fairly simple to describe and execute. Our protocol is based on algebraic
properties of conjugate permutations. A key ingredient of our protocol is our
new techniques to apply multiplication and inverse operations to hidden
permutations (i.e., those encoded by using face-down cards), which would be of
independent interest and would have various potential applications
Unforgeable Noise-Tolerant Quantum Tokens
The realization of devices which harness the laws of quantum mechanics
represents an exciting challenge at the interface of modern technology and
fundamental science. An exemplary paragon of the power of such quantum
primitives is the concept of "quantum money". A dishonest holder of a quantum
bank-note will invariably fail in any forging attempts; indeed, under
assumptions of ideal measurements and decoherence-free memories such security
is guaranteed by the no-cloning theorem. In any practical situation, however,
noise, decoherence and operational imperfections abound. Thus, the development
of secure "quantum money"-type primitives capable of tolerating realistic
infidelities is of both practical and fundamental importance. Here, we propose
a novel class of such protocols and demonstrate their tolerance to noise;
moreover, we prove their rigorous security by determining tight fidelity
thresholds. Our proposed protocols require only the ability to prepare, store
and measure single qubit quantum memories, making their experimental
realization accessible with current technologies.Comment: 18 pages, 5 figure
Classical computing, quantum computing, and Shor's factoring algorithm
This is an expository talk written for the Bourbaki Seminar. After a brief
introduction, Section 1 discusses in the categorical language the structure of
the classical deterministic computations. Basic notions of complexity icluding
the P/NP problem are reviewed. Section 2 introduces the notion of quantum
parallelism and explains the main issues of quantum computing. Section 3 is
devoted to four quantum subroutines: initialization, quantum computing of
classical Boolean functions, quantum Fourier transform, and Grover's search
algorithm. The central Section 4 explains Shor's factoring algorithm. Section 5
relates Kolmogorov's complexity to the spectral properties of computable
function. Appendix contributes to the prehistory of quantum computing.Comment: 27 pp., no figures, amste
Optimal security limits of RFID distance bounding protocols
In this paper, we classify the RFID distance bounding protocols having bitwise fast phases and no final signature. We also give the theoretical security bounds for two specific classes, leaving the security bounds for the general case as an open problem. As for the classification, we introduce the notion of k-previous challenge dependent (k-PCD) protocols where each response bit depends on the current and k-previous challenges and there is no final signature. We treat the case k = 0, which means each response bit depends only on the current challenge, as a special case and define such protocols as current challenge dependent (CCD) protocols. In general, we construct a trade-off curve between the security levels of mafia and distance frauds by introducing two generic attack algorithms. This leads to the conclusion that CCD protocols cannot attain the ideal security against distance fraud, i.e. 1/2, for each challenge-response bit, without totally losing the security against mafia fraud. We extend the generic attacks to 1-PCD protocols and obtain a trade-off curve for 1-PCD protocols pointing out that 1-PCD protocols can provide better security than CCD protocols. Thereby, we propose a natural extension of a CCD protocol to a 1-PCD protocol in order to improve its security. As a study case, we give two natural extensions of Hancke and Kuhn protocol to show how to enhance the security against either mafia fraud or distance fraud without extra cost
Security Issues of the Digital Certificates within Public Key Infrastructures
The paper presents the basic byte level interpretation of an X.509 v3 digital certificate according to ASN.1 DER/BER encoding. The reasons for byte level analysis are various and important. For instance, a research paper has mentioned how a PKI security may be violated by MD5 collision over information from the certificates. In order to develop further studies on the topic a serious knowledge about certificate structure is necessary.digital certificates, certificates authority, ASN.1 DER/BER, PKI
- …