10 research outputs found
On the hardness of approximating the permanent of structured matrices
We show that for several natural classes of "structured" matrices, including symmetric, circulant, Hankel and Toeplitz matrices, approximating the permanent modulo a prime p is as hard as computing its exact value. Results of this kind are well known for arbitrary matrices. However the techniques used do not seem to apply to "structured" matrices. Our approach is based on recent advances in the hidden number problem introduced by Boneh and Venkatesan in 1996 combined with some bounds of exponential sums motivated by the Waring problem in finite fields
Finding Significant Fourier Coefficients: Clarifications, Simplifications, Applications and Limitations
Ideas from Fourier analysis have been used in cryptography for the last three
decades. Akavia, Goldwasser and Safra unified some of these ideas to give a
complete algorithm that finds significant Fourier coefficients of functions on
any finite abelian group. Their algorithm stimulated a lot of interest in the
cryptography community, especially in the context of `bit security'. This
manuscript attempts to be a friendly and comprehensive guide to the tools and
results in this field. The intended readership is cryptographers who have heard
about these tools and seek an understanding of their mechanics and their
usefulness and limitations. A compact overview of the algorithm is presented
with emphasis on the ideas behind it. We show how these ideas can be extended
to a `modulus-switching' variant of the algorithm. We survey some applications
of this algorithm, and explain that several results should be taken in the
right context. In particular, we point out that some of the most important bit
security problems are still open. Our original contributions include: a
discussion of the limitations on the usefulness of these tools; an answer to an
open question about the modular inversion hidden number problem
Hardness of Computing Individual Bits for One-way Functions on Elliptic Curves
We prove that if one can predict any of the bits of the input to an elliptic curve based one-way function over a finite field, then we can invert the function. In particular, our result implies that if one can predict any of the bits of the input to a classical pairing-based one-way function with non-negligible advantage over a random guess then one can efficiently invert this function and thus, solve the Fixed Argument Pairing Inversion problem (FAPI-1/FAPI-2). The latter has implications on the security of various pairing-based schemes such as the identity-based encryption scheme of BonehâFranklin, Hessâ identity-based signature scheme, as well as Jouxâs three-party one-round key agreement protocol. Moreover, if one can solve FAPI-1 and FAPI-2 in polynomial time then one can solve the Computational Diffie--Hellman problem (CDH) in polynomial time. Our result implies that all the bits of the functions defined above are hard-to-compute assuming these functions are one-way. The argument is based on a list-decoding technique via discrete Fourier transforms due to Akavia--GoldwasserâSafra as well as an idea due to BonehâShparlinski
On the Bit Security of Elliptic Curve Diffie--Hellman
This paper gives the first bit security result for the elliptic curve Diffie--Hellman key exchange protocol for elliptic curves defined over prime fields. About of the most significant bits of the -coordinate of the Diffie--Hellman key are as hard to compute as the entire key. A similar result can be derived for the lower bits. The paper also generalizes and improves the result for elliptic curves over extension fields, that shows that computing one component (in the ground field) of the Diffie--Hellman key is as hard to compute as the entire key
Secure group key agreement
As a result of the increased popularity of group-oriented applications and protocols, group communication occurs in many different settings: from network multicasting to application layer tele- and video-conferencing. Regardless of the application environment, security services are necessary to provide communication privacy and integrity. This thesis considers the problem of key management in a special class of groups, namely dynamic peer groups. Key management, especially in a group setting, is the corner stone for all other security services. Dynamic peer groups require not only initial key agreement but also auxiliary key agreement operations such as member addition, member exclusion and group fusion. We discuss all group key agreement operations and present a concrete protocol suite, CLIQUES, which offers all of these operations. By providing the first formal model for group key establishment and investigating carefully the underlying cryptographic assumptions as well as their relations, we formally prove the security of a subset of the protocols based on the security of the Decisional Diffie-Hellman assumption; achieving as a side-effect the first provably secure group key agreement protocolMit der Verbreitung offener Netze, insbesondere des Internets, fand auch
die Gruppenkommunikation eine rasante Verbreitung. Eine Vielzahl heutiger
Protokolle sind gruppen-orientiert: angefangen bei Multicast-Diensten
in der Netzwerkschicht bis hin zu Videokonferenzsystemen auf der Anwendungsschicht. Alle diese Dienste haben Sicherheitsanforderungen wie Vertraulichkeit und IntegritĂ€t zu erfĂŒllen, die den Einsatz kryptographischer
Techniken und die VerfĂŒgbarkeit gemeinsamer kryptographischen SchlĂŒssel
oft unumgÀnglich machen.
In der folgenden Doktorarbeit betrachte ich dieses grundlegendste Problem
der Gruppenkommunikation, nĂ€mlich das SchlĂŒsselmanagement, fĂŒr dynamische Gruppen, die sogenannten "Dynamic Peer-Groups\u27;. Die Dynamik dieser Gruppen erfordert nicht nur initialen SchlĂŒsselaustausch innerhalb einer Gruppe sondern auch sichere und effiziente Verfahren fĂŒr die Aufnahme neuer und den AusschluĂ alter Gruppenmitglieder. Ich diskutiere alle dafĂŒr notwendigen Dienste und prĂ€sentiere CLIQUES, eine Familie von Protokollen, die diese Dienste implementiert. Ich gebe erstmalig eine formale Definition fĂŒ sicheres Gruppen-SchlĂŒsselmanagement und beweise die Sicherheit der genannten Protokolle basierend auf einer kryptographischen Standardannahme, der "Decisional Diffie-Hellman\u27; Annahme. Diese Sicherheitsbetrachtung wird durch eine detaillierte Untersuchung dieser Annahme und ihrer Relation zu verwandten Annahmen abgeschlossen
Secure group key agreement
As a result of the increased popularity of group-oriented applications and protocols, group communication occurs in many different settings: from network multicasting to application layer tele- and video-conferencing. Regardless of the application environment, security services are necessary to provide communication privacy and integrity. This thesis considers the problem of key management in a special class of groups, namely dynamic peer groups. Key management, especially in a group setting, is the corner stone for all other security services. Dynamic peer groups require not only initial key agreement but also auxiliary key agreement operations such as member addition, member exclusion and group fusion. We discuss all group key agreement operations and present a concrete protocol suite, CLIQUES, which offers all of these operations. By providing the first formal model for group key establishment and investigating carefully the underlying cryptographic assumptions as well as their relations, we formally prove the security of a subset of the protocols based on the security of the Decisional Diffie-Hellman assumption; achieving as a side-effect the first provably secure group key agreement protocolMit der Verbreitung offener Netze, insbesondere des Internets, fand auch
die Gruppenkommunikation eine rasante Verbreitung. Eine Vielzahl heutiger
Protokolle sind gruppen-orientiert: angefangen bei Multicast-Diensten
in der Netzwerkschicht bis hin zu Videokonferenzsystemen auf der Anwendungsschicht. Alle diese Dienste haben Sicherheitsanforderungen wie Vertraulichkeit und IntegritĂ€t zu erfĂŒllen, die den Einsatz kryptographischer
Techniken und die VerfĂŒgbarkeit gemeinsamer kryptographischen SchlĂŒssel
oft unumgÀnglich machen.
In der folgenden Doktorarbeit betrachte ich dieses grundlegendste Problem
der Gruppenkommunikation, nĂ€mlich das SchlĂŒsselmanagement, fĂŒr dynamische Gruppen, die sogenannten "Dynamic Peer-Groups';. Die Dynamik dieser Gruppen erfordert nicht nur initialen SchlĂŒsselaustausch innerhalb einer Gruppe sondern auch sichere und effiziente Verfahren fĂŒr die Aufnahme neuer und den AusschluĂ alter Gruppenmitglieder. Ich diskutiere alle dafĂŒr notwendigen Dienste und prĂ€sentiere CLIQUES, eine Familie von Protokollen, die diese Dienste implementiert. Ich gebe erstmalig eine formale Definition fĂŒ sicheres Gruppen-SchlĂŒsselmanagement und beweise die Sicherheit der genannten Protokolle basierend auf einer kryptographischen Standardannahme, der "Decisional Diffie-Hellman'; Annahme. Diese Sicherheitsbetrachtung wird durch eine detaillierte Untersuchung dieser Annahme und ihrer Relation zu verwandten Annahmen abgeschlossen
On the Security of Diffie-Hellman Bits
Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a "hidden" element α of a finite field IFp of p elements from rather short strings of the most significant bits of the remainder modulo p o
On the Security of DiffieâHellman Bits
Abstract. Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a âhidden â element α of a finite field IFp of p elements from rather short strings of the most significant bits of the remainder modulo p of αt for several values of t selected uniformly at random from IF â p. We use some recent bounds of exponential sums to generalize this algorithm to the case when t is selected from a quite small subgroup of IF â p. Namely, our results apply to subgroups of size at least p 1/3+Δ for all primes p and to subgroups of size at least p Δ for almost all primes p, for any fixed Δ> 0. We also use this generalization to improve (and correct) one of the statements of the aforementioned work about the computational security of the most significant bits of the DiffieâHellman key. 1