Still Wrong Use of Pairings in Cryptography

Several pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too inefficient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/efficiency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page

Problems on q-Analogs in Coding Theory

The interest in $q$-analogs of codes and designs has been increased in the last few years as a consequence of their new application in error-correction for random network coding. There are many interesting theoretical, algebraic, and combinatorial coding problems concerning these q-analogs which remained unsolved. The first goal of this paper is to make a short summary of the large amount of research which was done in the area mainly in the last few years and to provide most of the relevant references. The second goal of this paper is to present one hundred open questions and problems for future research, whose solution will advance the knowledge in this area. The third goal of this paper is to present and start some directions in solving some of these problems.Comment: arXiv admin note: text overlap with arXiv:0805.3528 by other author

Tables of subspace codes

One of the main problems of subspace coding asks for the maximum possible cardinality of a subspace code with minimum distance at least $d$ over $\mathbb{F}_q^n$, where the dimensions of the codewords, which are vector spaces, are contained in $K\subseteq\{0,1,\dots,n\}$. In the special case of $K=\{k\}$ one speaks of constant dimension codes. Since this (still) emerging field is very prosperous on the one hand side and there are a lot of connections to classical objects from Galois geometry it is a bit difficult to keep or to obtain an overview about the current state of knowledge. To this end we have implemented an on-line database of the (at least to us) known results at \url{subspacecodes.uni-bayreuth.de}. The aim of this recurrently updated technical report is to provide a user guide how this technical tool can be used in research projects and to describe the so far implemented theoretic and algorithmic knowledge.Comment: 44 pages, 6 tables, 7 screenshot

Quantum authentication with key recycling

We show that a family of quantum authentication protocols introduced in [Barnum et al., FOCS 2002] can be used to construct a secure quantum channel and additionally recycle all of the secret key if the message is successfully authenticated, and recycle part of the key if tampering is detected. We give a full security proof that constructs the secure channel given only insecure noisy channels and a shared secret key. We also prove that the number of recycled key bits is optimal for this family of protocols, i.e., there exists an adversarial strategy to obtain all non-recycled bits. Previous works recycled less key and only gave partial security proofs, since they did not consider all possible distinguishers (environments) that may be used to distinguish the real setting from the ideal secure quantum channel and secret key resource.Comment: 38+17 pages, 13 figures. v2: constructed ideal secure channel and secret key resource have been slightly redefined; also added a proof in the appendix for quantum authentication without key recycling that has better parameters and only requires weak purity testing code

Johnson type bounds for mixed dimension subspace codes

Subspace codes, i.e., sets of subspaces of $\mathbb{F}_q^v$, are applied in random linear network coding. Here we give improved upper bounds for their cardinalities based on the Johnson bound for constant dimension codes.Comment: 16 pages, typos correcte