1,973 research outputs found
Chosen-ciphertext security from subset sum
We construct a public-key encryption (PKE) scheme whose
security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted. At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012
A proposal for founding mistrustful quantum cryptography on coin tossing
A significant branch of classical cryptography deals with the problems which
arise when mistrustful parties need to generate, process or exchange
information. As Kilian showed a while ago, mistrustful classical cryptography
can be founded on a single protocol, oblivious transfer, from which general
secure multi-party computations can be built.
The scope of mistrustful quantum cryptography is limited by no-go theorems,
which rule out, inter alia, unconditionally secure quantum protocols for
oblivious transfer or general secure two-party computations. These theorems
apply even to protocols which take relativistic signalling constraints into
account. The best that can be hoped for, in general, are quantum protocols
computationally secure against quantum attack. I describe here a method for
building a classically certified bit commitment, and hence every other
mistrustful cryptographic task, from a secure coin tossing protocol. No
security proof is attempted, but I sketch reasons why these protocols might
resist quantum computational attack.Comment: Title altered in deference to Physical Review's fear of question
marks. Published version; references update
Naor-Yung paradigm with shared randomness and applications
The Naor-Yung paradigm (Naor and Yung, STOC’90) allows to generically boost security under chosen-plaintext attacks (CPA) to security against chosen-ciphertext attacks (CCA) for public-key encryption (PKE) schemes. The main idea is to encrypt the plaintext twice (under independent public keys), and to append a non-interactive zero-knowledge (NIZK) proof that the two ciphertexts indeed encrypt the same message. Later work by Camenisch, Chandran, and Shoup (Eurocrypt’09) and Naor and Segev (Crypto’09 and SIAM J. Comput.’12) established that the very same techniques can also be used in the settings of key-dependent message (KDM) and key-leakage attacks (respectively). In this paper we study the conditions under which the two ciphertexts in the Naor-Yung construction can share the same random coins. We find that this is possible, provided that the underlying PKE scheme meets an additional simple property. The motivation for re-using the same random coins is that this allows to design much more efficient NIZK proofs. We showcase such an improvement in the random oracle model, under standard complexity assumptions including Decisional Diffie-Hellman, Quadratic Residuosity, and Subset Sum. The length of the resulting ciphertexts is reduced by 50%, yielding truly efficient PKE schemes achieving CCA security under KDM and key-leakage attacks. As an additional contribution, we design the first PKE scheme whose CPA security under KDM attacks can be directly reduced to (low-density instances of) the Subset Sum assumption. The scheme supports keydependent messages computed via any affine function of the secret ke
- …