6 research outputs found
Optimal Randomness Extraction from a Diffie-Hellman Element
The original publication is available at www.springerlink.comInternational audienceNo abstrac
Two-sources Randomness Extractors for Elliptic Curves
This paper studies the task of two-sources randomness extractors for elliptic
curves defined over finite fields , where can be a prime or a binary
field. In fact, we introduce new constructions of functions over elliptic
curves which take in input two random points from two differents subgroups. In
other words, for a ginven elliptic curve defined over a finite field
and two random points and , where and are two subgroups of
, our function extracts the least significant bits of the
abscissa of the point when is a large prime, and the -first
coefficients of the asbcissa of the point when , where is a prime greater than . We show that the extracted bits
are close to uniform.
Our construction extends some interesting randomness extractors for elliptic
curves, namely those defined in \cite{op} and \cite{ciss1,ciss2}, when
. The proposed constructions can be used in any
cryptographic schemes which require extraction of random bits from two sources
over elliptic curves, namely in key exchange protole, design of strong
pseudo-random number generators, etc
Pseudorandom Functions and Permutations Provably Secure Against Related-Key Attacks
This paper fills an important foundational gap with the first proofs, under standard assumptions and in the standard model, of the existence of pseudorandom functions (PRFs) and pseudorandom permutations (PRPs) resisting rich and relevant forms of related-key attacks (RKA). An RKA allows the adversary to query the function not only under the target key but under other keys derived from it in adversary-specified ways. Based on the Naor-Reingold PRF we obtain an RKA-PRF whose keyspace is a group and that is proven, under DDH, to resist attacks in which the key may be operated on by arbitrary adversary-specified group elements. Previous work was able only to provide schemes in idealized models (ideal cipher, random oracle), under new, non-standard assumptions, or for limited classes of attacks. The reason was technical difficulties that we resolve via a new approach and framework that, in addition to the above, yields other RKA-PRFs including a DLIN-based one derived from the Lewko-Waters PRF. Over the last 15 years cryptanalysts and blockcipher designers have routinely and consistently targeted RKA-security; it is visibly important for abuse-resistant cryptography; and it helps protect against fault-injection sidechannel attacks. Yet ours are the first significant proofs of existence of secure constructs. We warn that our constructs are proofs-of-concept in the foundational style and not practical