Navigating in the Cayley graph of SL2(Fp)SL_2(F_p) and applications to hashing

Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, $A$ and $B$, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with $2 \times 2$ matrices over $F_p$. Since there are many known pairs of $2 \times 2$ matrices over $Z$ that generate a free monoid, this yields numerous pairs of matrices over $F_p$, for a sufficiently large prime $p$, that are candidates for collision-resistant hashing. However, this trick can "backfire", and lifting matrix entries to $Z$ may facilitate finding a collision. This "lifting attack" was successfully used by Tillich and Z\'emor in the special case where two matrices $A$ and $B$ generate (as a monoid) the whole monoid $SL_2(Z_+)$. However, in this paper we show that the situation with other, "similar", pairs of matrices from $SL_2(Z)$ is different, and the "lifting attack" can (in some cases) produce collisions in the group generated by $A$ and $B$, but not in the positive monoid. Therefore, we argue that for these pairs of matrices, there are no known attacks at this time that would affect security of the corresponding hash functions. We also give explicit lower bounds on the length of collisions for hash functions corresponding to some particular pairs of matrices from $SL_2(F_p)$.Comment: 10 page

Security and defence of mobile systems under impact

The Group “Dynamics and Fracture of Structural Elements” offers its experience in Solid Mechanics analysis for the study of the impact protection of vehicles, aircrafts and persons. The Group activities have a strong research component, in which numerical simulation tools as well as sophisticated experimental techniques are employed. This technological offer could be of interest to automobile companies (impact and collision security), aeronautical companies (impact of external body on fuselage, attack, and fragments o ice) and defence companies (special armours for mobile systems and persons).Contrato Programa de Comercialización e Internacionalización. Sistema Regional de Investigación Científica e Innovación Tecnológica. (Comunidad de Madrid; Universidad Carlos III de Madrid

Security of signed ELGamal encryption

Assuming a cryptographically strong cyclic group G of prime order q and a random hash function H, we show that ElGamal encryption with an added Schnorr signature is secure against the adaptive chosen ciphertext attack, in which an attacker can freely use a decryption oracle except for the target ciphertext. We also prove security against the novel one-more-decyption attack. Our security proofs are in a new model, corresponding to a combination of two previously introduced models, the Random Oracle model and the Generic model. The security extends to the distributed threshold version of the scheme. Moreover, we propose a very practical scheme for private information retrieval that is based on blind decryption of ElGamal ciphertexts

Security of discrete log cryptosystems in the random oracle and the generic model

We introduce novel security proofs that use combinatorial counting arguments rather than reductions to the discrete logarithm or to the Diffie-Hellman problem. Our security results are sharp and clean with no polynomial reduction times involved. We consider a combination of the random oracle model and the generic model. This corresponds to assuming an ideal hash function H given by an oracle and an ideal group of prime order q, where the binary encoding of the group elements is useless for cryptographic attacks In this model, we first show that Schnorr signatures are secure against the one-more signature forgery : A generic adversary performing t generic steps including l sequential interactions with the signer cannot produce l+1 signatures with a better probability than (t 2)/q. We also characterize the different power of sequential and of parallel attacks. Secondly, we prove signed ElGamal encryption is secure against the adaptive chosen ciphertext attack, in which an attacker can arbitrarily use a decryption oracle except for the challenge ciphertext. Moreover, signed ElGamal encryption is secure against the one-more decryption attack: A generic adversary performing t generic steps including l interactions with the decryption oracle cannot distinguish the plaintexts of l + 1 ciphertexts from random strings with a probability exceeding (t 2)/q

On the optimality of individual entangling-probe attacks against BB84 quantum key distribution

It is shown that an existing method to study ideal individual attacks on the BB84 QKD protocol using error discard can be adapted to reconciliation with error correction, and that an optimal attack can be explicitly found. Moreover, this attack fills Luetkenhaus bound, independently of whether error positions are leaked to Eve, proving that it is tight. In addition, we clarify why the existence of such optimal attacks is not in contradiction with the established ``old-style'' theory of BB84 individual attacks, as incorrectly suggested recently in a news feature.Comment: 12 pages, 3 figure