29,239 research outputs found
Lattice-based Programmable Hash Functions and Applications
Driven by the open problem raised by Hofheinz and Kiltz
(Journal of Cryptology, 2012), we study the formalization of lattice-based programmable hash function (PHF), and give three types of concrete constructions by using several techniques such as a novel combination of cover-free sets and lattice trapdoors. Under the Inhomogeneous Small Integer Solution (ISIS) assumption, we show that any (non-trivial) lattice-based PHF is a collision-resistant hash function, which gives a direct application of this new primitive.
We further demonstrate the power of lattice-based PHF by giving generic constructions of signature and identity-based encryption (IBE) in the standard model, which not only provide a way to unify several previous lattice-based schemes using the partitioning proof techniques, but also allow us to obtain new short signature schemes and IBE schemes from (ideal) lattices. Specifically, by instantiating the generic constructions with our Type-II and Type-III PHF constructions, we immediately obtain two short signatures and two IBE schemes with asymptotically much shorter keys. A major downside which inherits from our Type-II and Type-III PHF constructions is that we can only prove the security of the new signatures and IBEs in the bounded security model that the
number Q of the adversary’s queries is required to be known in advance. Another downside is that the computational time of our new signatures and IBEs is a linear function of Q, which is large for typical parameters.
To overcome the above limitations, we also give a refined way of
using Type-II and Type-III PHFs to construct lattice-based short signatures with short verification keys in the full security model. In particular, our methods depart from the confined guessing technique of B¨ohl et al. (Eurocrypt’13) that was used to construct previous standard model short signature schemes with short verification keys by Ducas and Micciancio (Crypto’14) and by Alperin-Sheriff (PKC’15), and allow us to achieve much tighter security from weaker hardness assumptions
Programmable hash functions and their applications
We introduce a new combinatorial primitive called *programmable hash functions* (PHFs). PHFs can be used to *program* the output of a hash function such that it contains solved or unsolved discrete logarithm instances with a certain probability. This is a technique originally used for security proofs in the random oracle model. We give a variety of *standard model* realizations of PHFs (with different parameters).
The programmability makes PHFs a suitable tool to obtain black-box proofs of cryptographic protocols when considering adaptive attacks. We propose generic digital signature schemes from the strong RSA problem and from some hardness assumption on bilinear maps that can be
instantiated with any PHF. Our schemes offer various improvements over known constructions. In particular, for a reasonable choice of parameters, we obtain short standard model digital signatures over bilinear maps
LHC String Phenomenology
We argue that it is possible to address the deeper LHC Inverse Problem, to
gain insight into the underlying theory from LHC signatures of new physics. We
propose a technique which may allow us to distinguish among, and favor or
disfavor, various classes of underlying theoretical constructions using
(assumed) new physics signals at the LHC. We think that this can be done with
limited data , and improved with more data. This is because of
two reasons -- a) it is possible in many cases to reliably go from
(semi)realistic microscopic string construction to the space of experimental
observables, say, LHC signatures. b) The patterns of signatures at the LHC are
sensitive to the structure of the underlying theoretical constructions. We
illustrate our approach by analyzing two promising classes of string
compactifications along with six other string-motivated constructions. Even
though these constructions are not complete, they illustrate the point we want
to emphasize. We think that using this technique effectively over time can
eventually help us to meaningfully connect experimental data to microscopic
theory.Comment: 50 Pages, 13 Figures, 3 Tables, v2: minor changes, references adde
Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model
Strongly unforgeable signature schemes provide a more stringent security
guarantee than the standard existential unforgeability. It requires that not
only forging a signature on a new message is hard, it is infeasible as well to
produce a new signature on a message for which the adversary has seen valid
signatures before. Strongly unforgeable signatures are useful both in practice
and as a building block in many cryptographic constructions.
This work investigates a generic transformation that compiles any
existential-unforgeable scheme into a strongly unforgeable one, which was
proposed by Teranishi et al. and was proven in the classical random-oracle
model. Our main contribution is showing that the transformation also works
against quantum adversaries in the quantum random-oracle model. We develop
proof techniques such as adaptively programming a quantum random-oracle in a
new setting, which could be of independent interest. Applying the
transformation to an existential-unforgeable signature scheme due to Cash et
al., which can be shown to be quantum-secure assuming certain lattice problems
are hard for quantum computers, we get an efficient quantum-secure strongly
unforgeable signature scheme in the quantum random-oracle model.Comment: 15 pages, to appear in Proceedings TQC 201
Signatures and Induction Principles for Higher Inductive-Inductive Types
Higher inductive-inductive types (HIITs) generalize inductive types of
dependent type theories in two ways. On the one hand they allow the
simultaneous definition of multiple sorts that can be indexed over each other.
On the other hand they support equality constructors, thus generalizing higher
inductive types of homotopy type theory. Examples that make use of both
features are the Cauchy real numbers and the well-typed syntax of type theory
where conversion rules are given as equality constructors. In this paper we
propose a general definition of HIITs using a small type theory, named the
theory of signatures. A context in this theory encodes a HIIT by listing the
constructors. We also compute notions of induction and recursion for HIITs, by
using variants of syntactic logical relation translations. Building full
categorical semantics and constructing initial algebras is left for future
work. The theory of HIIT signatures was formalised in Agda together with the
syntactic translations. We also provide a Haskell implementation, which takes
signatures as input and outputs translation results as valid Agda code
Fully leakage-resilient signatures revisited: Graceful degradation, noisy leakage, and construction in the bounded-retrieval model
We construct new leakage-resilient signature schemes. Our schemes remain unforgeable against an adversary leaking arbitrary (yet bounded) information on the entire state of the signer (sometimes known as fully leakage resilience), including the random coin tosses of the signing algorithm. The main feature of our constructions is that they offer a graceful degradation of security in situations where standard existential unforgeability is impossible
Signcryption schemes with threshold unsigncryption, and applications
The final publication is available at link.springer.comThe goal of a signcryption scheme is to achieve the same functionalities as encryption and signature together, but in a more efficient way than encrypting and signing separately. To increase security and reliability in some applications, the unsigncryption phase can be distributed among a group of users, through a (t, n)-threshold process. In this work we consider this task of threshold unsigncryption, which has received very few attention from the cryptographic literature up to now (maybe surprisingly, due to its potential applications). First we describe in detail the security requirements that a scheme for such a task should satisfy: existential unforgeability and indistinguishability, under insider chosen message/ciphertext attacks, in a multi-user setting. Then we show that generic constructions of signcryption schemes (by combining encryption and signature schemes) do not offer this level of security in the scenario of threshold unsigncryption. For this reason, we propose two new protocols for threshold unsigncryption, which we prove to be secure, one in the random oracle model and one in the standard model. The two proposed schemes enjoy an additional property that can be very useful. Namely, the unsigncryption protocol can be divided in two phases: a first one where the authenticity of the ciphertext is verified, maybe by a single party; and a second one where the ciphertext is decrypted by a subset of t receivers, without using the identity of the sender. As a consequence, the schemes can be used in applications requiring some level of anonymity, such as electronic auctions.Peer ReviewedPostprint (author's final draft
High-level signatures and initial semantics
We present a device for specifying and reasoning about syntax for datatypes,
programming languages, and logic calculi. More precisely, we study a notion of
signature for specifying syntactic constructions.
In the spirit of Initial Semantics, we define the syntax generated by a
signature to be the initial object---if it exists---in a suitable category of
models. In our framework, the existence of an associated syntax to a signature
is not automatically guaranteed. We identify, via the notion of presentation of
a signature, a large class of signatures that do generate a syntax.
Our (presentable) signatures subsume classical algebraic signatures (i.e.,
signatures for languages with variable binding, such as the pure lambda
calculus) and extend them to include several other significant examples of
syntactic constructions.
One key feature of our notions of signature, syntax, and presentation is that
they are highly compositional, in the sense that complex examples can be
obtained by assembling simpler ones. Moreover, through the Initial Semantics
approach, our framework provides, beyond the desired algebra of terms, a
well-behaved substitution and the induction and recursion principles associated
to the syntax.
This paper builds upon ideas from a previous attempt by Hirschowitz-Maggesi,
which, in turn, was directly inspired by some earlier work of
Ghani-Uustalu-Hamana and Matthes-Uustalu.
The main results presented in the paper are computer-checked within the
UniMath system.Comment: v2: extended version of the article as published in CSL 2018
(http://dx.doi.org/10.4230/LIPIcs.CSL.2018.4); list of changes given in
Section 1.5 of the paper; v3: small corrections throughout the paper, no
major change
- …