1,754 research outputs found
Lattice-Based Blind Signatures, Revisited
We observe that all previously known lattice-based blind signature schemes
contain subtle flaws in their security proofs (e.g., Rückert, ASIACRYPT \u2708) or can be attacked (e.g., BLAZE by Alkadri et al., FC \u2720).
Motivated by this, we revisit the problem of constructing blind signatures from standard lattice assumptions.
We propose a new three-round lattice-based blind signature scheme whose security can be proved, in the random oracle model, from the standard SIS assumption. Our starting point is a modified version of the (insecure) BLAZE scheme, which itself is based Lyubashevsky\u27s three-round identification scheme combined with a new aborting technique to reduce the correctness error.
Our proof builds upon and extends the recent modular framework for blind signatures of Hauck, Kiltz, and Loss
(EUROCRYPT \u2719). It also introduces several new techniques to overcome the additional challenges posed by the correctness error which is inherent to all lattice-based constructions.
While our construction is mostly of theoretical interest, we believe it to be an important stepping stone for future works in this area
How to avoid repetitions in lattice-based deniable zero-knowledge proofs
Interactive zero-knowledge systems are a very important cryptographic primitive, used in many applications, especially when deniability (also known as non-transferability) is desired. In the lattice-based setting, the currently most efficient interactive zero-knowledge systems employ the technique of rejection sampling, which implies that the interaction does not always finish correctly in the first execution; the whole interaction must be re-run until abort does not happen. While repetitions due to aborts are acceptable in theory, in some practical applications it is desirable to avoid re-runs for usability reasons. In this work we present a generic technique that departs from an interactive zero-knowledge system (that might require multiple re-runs to complete the protocol) and obtains a 3-moves zero-knowledge system (without re-runs). The transformation combines the well-known Fiat-Shamir technique with a couple of initially exchanged messages. The resulting 3-moves system enjoys honest-verifier zero-knowledge and can be easily turned into a fully deniable proof using standard techniques. We show some practical scenarios where our transformation can be beneficial and we also discuss the results of an implementation of our transformation.Preprin
Contributions to Lattice–based Cryptography
Post–quantum cryptography (PQC) is a new and fast–growing part of Cryptography. It focuses on developing cryptographic algorithms and protocols that resist quantum adversaries (i.e., the adversaries who have access to quantum computers). To construct a new PQC primitive, a designer must use a mathematical problem intractable for the quantum adversary. Many intractability assumptions are being used in PQC. There seems to be a consensus in the research community that the most promising are intractable/hard problems in lattices. However, lattice–based cryptography still needs more research to make it more efficient and practical. The thesis contributes toward achieving either the novelty or the practicality of lattice– based cryptographic systems
Hyperspectral Unmixing Overview: Geometrical, Statistical, and Sparse Regression-Based Approaches
Imaging spectrometers measure electromagnetic energy scattered in their
instantaneous field view in hundreds or thousands of spectral channels with
higher spectral resolution than multispectral cameras. Imaging spectrometers
are therefore often referred to as hyperspectral cameras (HSCs). Higher
spectral resolution enables material identification via spectroscopic analysis,
which facilitates countless applications that require identifying materials in
scenarios unsuitable for classical spectroscopic analysis. Due to low spatial
resolution of HSCs, microscopic material mixing, and multiple scattering,
spectra measured by HSCs are mixtures of spectra of materials in a scene. Thus,
accurate estimation requires unmixing. Pixels are assumed to be mixtures of a
few materials, called endmembers. Unmixing involves estimating all or some of:
the number of endmembers, their spectral signatures, and their abundances at
each pixel. Unmixing is a challenging, ill-posed inverse problem because of
model inaccuracies, observation noise, environmental conditions, endmember
variability, and data set size. Researchers have devised and investigated many
models searching for robust, stable, tractable, and accurate unmixing
algorithms. This paper presents an overview of unmixing methods from the time
of Keshava and Mustard's unmixing tutorial [1] to the present. Mixing models
are first discussed. Signal-subspace, geometrical, statistical, sparsity-based,
and spatial-contextual unmixing algorithms are described. Mathematical problems
and potential solutions are described. Algorithm characteristics are
illustrated experimentally.Comment: This work has been accepted for publication in IEEE Journal of
Selected Topics in Applied Earth Observations and Remote Sensin
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
Zero-Knowledge Password Policy Check from Lattices
Passwords are ubiquitous and most commonly used to authenticate users when
logging into online services. Using high entropy passwords is critical to
prevent unauthorized access and password policies emerged to enforce this
requirement on passwords. However, with current methods of password storage,
poor practices and server breaches have leaked many passwords to the public. To
protect one's sensitive information in case of such events, passwords should be
hidden from servers. Verifier-based password authenticated key exchange,
proposed by Bellovin and Merrit (IEEE S\&P, 1992), allows authenticated secure
channels to be established with a hash of a password (verifier). Unfortunately,
this restricts password policies as passwords cannot be checked from their
verifier. To address this issue, Kiefer and Manulis (ESORICS 2014) proposed
zero-knowledge password policy check (ZKPPC). A ZKPPC protocol allows users to
prove in zero knowledge that a hash of the user's password satisfies the
password policy required by the server. Unfortunately, their proposal is not
quantum resistant with the use of discrete logarithm-based cryptographic tools
and there are currently no other viable alternatives. In this work, we
construct the first post-quantum ZKPPC using lattice-based tools. To this end,
we introduce a new randomised password hashing scheme for ASCII-based passwords
and design an accompanying zero-knowledge protocol for policy compliance.
Interestingly, our proposal does not follow the framework established by Kiefer
and Manulis and offers an alternate construction without homomorphic
commitments. Although our protocol is not ready to be used in practice, we
think it is an important first step towards a quantum-resistant
privacy-preserving password-based authentication and key exchange system
Critical Perspectives on Provable Security: Fifteen Years of Another Look Papers
We give an overview of our critiques of “proofs” of security and a guide to
our papers on the subject that have appeared over the past decade and a half. We also
provide numerous additional examples and a few updates and errata
Using models to model-check recursive schemes
We propose a model-based approach to the model checking problem for recursive
schemes. Since simply typed lambda calculus with the fixpoint operator,
lambda-Y-calculus, is equivalent to schemes, we propose the use of a model of
lambda-Y-calculus to discriminate the terms that satisfy a given property. If a
model is finite in every type, this gives a decision procedure. We provide a
construction of such a model for every property expressed by automata with
trivial acceptance conditions and divergence testing. Such properties pose
already interesting challenges for model construction. Moreover, we argue that
having models capturing some class of properties has several other virtues in
addition to providing decidability of the model-checking problem. As an
illustration, we show a very simple construction transforming a scheme to a
scheme reflecting a property captured by a given model.Comment: Long version of a paper presented at TLCA 201
- …