1,669 research outputs found
On the security of the Blockchain Bix Protocol and Certificates
The BIX protocol is a blockchain-based protocol that allows distribution of
certificates linking a subject with his public key, hence providing a service
similar to that of a PKI but without the need of a CA. In this paper we analyze
the security of the BIX protocol in a formal way, in four steps. First, we
identify formal security assumptions which are well-suited to this protocol.
Second, we present some attack scenarios against the BIX protocol. Third, we
provide a formal security proof that some of these attacks are not feasible
under our previously established assumptions. Finally, we show how another
attack may be carried on.Comment: 16 pages, 1 figur
Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes
We present here a new family of trapdoor one-way Preimage Sampleable
Functions (PSF) based on codes, the Wave-PSF family. The trapdoor function is
one-way under two computational assumptions: the hardness of generic decoding
for high weights and the indistinguishability of generalized -codes.
Our proof follows the GPV strategy [GPV08]. By including rejection sampling, we
ensure the proper distribution for the trapdoor inverse output. The domain
sampling property of our family is ensured by using and proving a variant of
the left-over hash lemma. We instantiate the new Wave-PSF family with ternary
generalized -codes to design a "hash-and-sign" signature scheme which
achieves existential unforgeability under adaptive chosen message attacks
(EUF-CMA) in the random oracle model. For 128 bits of classical security,
signature sizes are in the order of 15 thousand bits, the public key size in
the order of 4 megabytes, and the rejection rate is limited to one rejection
every 10 to 12 signatures.Comment: arXiv admin note: text overlap with arXiv:1706.0806
Implementing 128-bit Secure MPKC Signatures
Multivariate Public Key Cryptosystems (MPKCs) are often touted as
future-proofing against Quantum Computers. In 2009, it was shown
that hardware advances do not favor just ``traditional\u27\u27
alternatives such as ECC and RSA, but also makes MPKCs faster and
keeps them competitive at 80-bit security when properly implemented.
These techniques became outdated due to emergence of new instruction
sets and higher requirements on security.
In this paper, we review how MPKC signatures changes from 2009
including new parameters (from a newer security level at 128-bit),
crypto-safe implementations,
and the impact of new AVX2and AESNI instructions.
We also present new techniques
on evaluating multivariate polynomials, multiplications of large finite fields
by additive Fast Fourier Transforms, and constant time linear solvers
- …