25 research outputs found
Evaluation of Some Algorithms for Hardware-Oriented Message Authentication
In this technical report, we consider ultra light-weight constructions of message authentication in hardware applications. We examine several known constructions and evaluate details around their hardware implementations. These constructions are all based on the framework of universal hash functions
The universality of iterated hashing over variable-length strings
Iterated hash functions process strings recursively, one character at a time.
At each iteration, they compute a new hash value from the preceding hash value
and the next character. We prove that iterated hashing can be pairwise
independent, but never 3-wise independent. We show that it can be almost
universal over strings much longer than the number of hash values; we bound the
maximal string length given the collision probability
Key recycling in authentication
In their seminal work on authentication, Wegman and Carter propose that to
authenticate multiple messages, it is sufficient to reuse the same hash
function as long as each tag is encrypted with a one-time pad. They argue that
because the one-time pad is perfectly hiding, the hash function used remains
completely unknown to the adversary.
Since their proof is not composable, we revisit it using a composable
security framework. It turns out that the above argument is insufficient: if
the adversary learns whether a corrupted message was accepted or rejected,
information about the hash function is leaked, and after a bounded finite
amount of rounds it is completely known. We show however that this leak is very
small: Wegman and Carter's protocol is still -secure, if
-almost strongly universal hash functions are used. This implies
that the secret key corresponding to the choice of hash function can be reused
in the next round of authentication without any additional error than this
.
We also show that if the players have a mild form of synchronization, namely
that the receiver knows when a message should be received, the key can be
recycled for any arbitrary task, not only new rounds of authentication.Comment: 17+3 pages. 11 figures. v3: Rewritten with AC instead of UC. Extended
the main result to both synchronous and asynchronous networks. Matches
published version up to layout and updated references. v2: updated
introduction and reference
A New Version of Grain-128 with Authentication
A new version of the stream cipher Grain-128 is proposed. The new version, Grain-128a, is strengthened against all known attacks and observations on the original Grain-128, and has built-in support for authentication. The changes are modest, keeping the basic structure of Grain-128. This gives a high confidence in Grain-128a and allows for easy updating of existing implementations
Pseudorandom Generator Based on Hard Lattice Problem
This paper studies how to construct a pseudorandom generator using hard lattice problems.
We use a variation of the classical hard problem \emph{Inhomogeneous Small Integer Solution} ISIS of lattice, say \emph{Inhomogeneous Subset Sum Solution} ISSS. ISSS itself is a hash function. Proving the preimage sizes ISSS hash function images are almost the same, we construct a pseudorandom generator using the method in \cite{GKL93}. Also, we construct a pseudoentropy generator using the method in \cite{HILL99}. Most theoretical PRG constructions are not feasible in fact as they require rather long random bits as seeds. Our PRG construction only requires seed length to be which is feasible practically
Demonstration of Free-space Reference Frame Independent Quantum Key Distribution
Quantum key distribution (QKD) is moving from research laboratories towards
applications. As computing becomes more mobile, cashless as well as cardless
payment solutions are introduced, and a need arises for incorporating QKD in a
mobile device. Handheld devices present a particular challenge as the
orientation and the phase of a qubit will depend on device motion. This problem
is addressed by the reference frame independent (RFI) QKD scheme. The scheme
tolerates an unknown phase between logical states that varies slowly compared
to the rate of particle repetition. Here we experimentally demonstrate the
feasibility of RFI QKD over a free-space link in a prepare and measure scheme
using polarisation encoding. We extend the security analysis of the RFI QKD
scheme to be able to deal with uncalibrated devices and a finite number of
measurements. Together these advances are an important step towards mass
production of handheld QKD devices