107,060 research outputs found
Post-Quantum Security of Authenticated Key Establishment Protocols
We present a security model for authenticated key establishment that allows for quantum interactions between the adversary and quantum oracles that emulate classical parties, resulting in a truly post-quantum security definition. We then give a generic construction for a secure protocol in the quantum random oracle model by combining a signature scheme which is existentially unforgeable under adaptive quantum chosen message attack in the quantum random oracle model (EUF-qCMA-QRO secure) with an unauthenticated key establishment protocol which is secure against a passive adversary. This construction allows us to give an explicit example of a secure protocol whose security is based on a variant of the Diffie-Hellman problem for isogenies of supersingular elliptic curves; in particular, generic security-strengthening transformations allow us to take a signature scheme which is EUF-CMA-RO secure against a quantum adversary and transform it into an EUF-qCMA-QRO signature scheme, which we combine with a standard secure unauthenticated key establishment protocol to achieve the desired result
Security of two-way quantum cryptography against asymmetric Gaussian attacks
Recently, we have shown the advantages of two-way quantum communications in
continuous variable quantum cryptography. Thanks to this new approach, two
honest users can achieve a non-trivial security enhancement as long as the
Gaussian interactions of an eavesdropper are independent and identical. In this
work, we consider asymmetric strategies where the Gaussian interactions can be
different and classically correlated. For several attacks of this kind, we
prove that the enhancement of security still holds when the two-way protocols
are used in direct reconciliation.Comment: Proceeding of the SPIE Conference "Quantum Communications and Quantum
Imaging VI" - San Diego 2008. This paper is connected with
arXiv:quant-ph/0611167 (for the last version see: Nature Physics 4, 726
(2008)
Concurrently Non-Malleable Zero Knowledge in the Authenticated Public-Key Model
We consider a type of zero-knowledge protocols that are of interest for their
practical applications within networks like the Internet: efficient
zero-knowledge arguments of knowledge that remain secure against concurrent
man-in-the-middle attacks. In an effort to reduce the setup assumptions
required for efficient zero-knowledge arguments of knowledge that remain secure
against concurrent man-in-the-middle attacks, we consider a model, which we
call the Authenticated Public-Key (APK) model. The APK model seems to
significantly reduce the setup assumptions made by the CRS model (as no trusted
party or honest execution of a centralized algorithm are required), and can be
seen as a slightly stronger variation of the Bare Public-Key (BPK) model from
\cite{CGGM,MR}, and a weaker variation of the registered public-key model used
in \cite{BCNP}. We then define and study man-in-the-middle attacks in the APK
model. Our main result is a constant-round concurrent non-malleable
zero-knowledge argument of knowledge for any polynomial-time relation
(associated to a language in ), under the (minimal) assumption of
the existence of a one-way function family. Furthermore,We show time-efficient
instantiations of our protocol based on known number-theoretic assumptions. We
also note a negative result with respect to further reducing the setup
assumptions of our protocol to those in the (unauthenticated) BPK model, by
showing that concurrently non-malleable zero-knowledge arguments of knowledge
in the BPK model are only possible for trivial languages
Pairing-based identification schemes
We propose four different identification schemes that make use of bilinear
pairings, and prove their security under certain computational assumptions.
Each of the schemes is more efficient and/or more secure than any known
pairing-based identification scheme
Security of discrete log cryptosystems in the random oracle and the generic model
We introduce novel security proofs that use combinatorial counting arguments rather than reductions to the discrete logarithm or to the Diffie-Hellman problem. Our security results are sharp and clean with no polynomial reduction times involved. We consider a combination of the random oracle model and the generic model. This corresponds to assuming an ideal hash function H given by an oracle and an ideal group of prime order q, where the binary encoding of the group elements is useless for cryptographic attacks In this model, we first show that Schnorr signatures are secure against the one-more signature forgery : A generic adversary performing t generic steps including l sequential interactions with the signer cannot produce l+1 signatures with a better probability than (t 2)/q. We also characterize the different power of sequential and of parallel attacks. Secondly, we prove signed ElGamal encryption is secure against the adaptive chosen ciphertext attack, in which an attacker can arbitrarily use a decryption oracle except for the challenge ciphertext. Moreover, signed ElGamal encryption is secure against the one-more decryption attack: A generic adversary performing t generic steps including l interactions with the decryption oracle cannot distinguish the plaintexts of l + 1 ciphertexts from random strings with a probability exceeding (t 2)/q
Formal Computational Unlinkability Proofs of RFID Protocols
We set up a framework for the formal proofs of RFID protocols in the
computational model. We rely on the so-called computationally complete symbolic
attacker model. Our contributions are: i) To design (and prove sound) axioms
reflecting the properties of hash functions (Collision-Resistance, PRF); ii) To
formalize computational unlinkability in the model; iii) To illustrate the
method, providing the first formal proofs of unlinkability of RFID protocols,
in the computational model
- …