4,996 research outputs found
Protocols for Bounded-Concurrent Secure Two-Party Computation in the Plain Model
Until recently, most research on the topic of secure computation focused on the stand-alone model, where a single protocol execution takes place. In this paper, we construct protocols for the setting of {\em bounded-concurrent self composition}, where a (single) secure protocol is run many times concurrently, and there is a predetermined bound on the number of concurrent executions. In short, we show that {\em any} two-party functionality can be securely computed under bounded-concurrent self composition, in the {\sf plain model} (where the only setup assumption made is that the parties communicate via authenticated channels). Our protocol provides the first feasibility result for general two-party computation in the plain model, {\em for any model of concurrency}. All previous protocols assumed a trusted setup phase in order to obtain a common reference string. On the downside, the number of rounds of communication in our protocol is super-linear in the bound on the number of concurrent executions. However, we believe that our constructions will lead to more efficient
protocols for this task
Classical Cryptographic Protocols in a Quantum World
Cryptographic protocols, such as protocols for secure function evaluation
(SFE), have played a crucial role in the development of modern cryptography.
The extensive theory of these protocols, however, deals almost exclusively with
classical attackers. If we accept that quantum information processing is the
most realistic model of physically feasible computation, then we must ask: what
classical protocols remain secure against quantum attackers?
Our main contribution is showing the existence of classical two-party
protocols for the secure evaluation of any polynomial-time function under
reasonable computational assumptions (for example, it suffices that the
learning with errors problem be hard for quantum polynomial time). Our result
shows that the basic two-party feasibility picture from classical cryptography
remains unchanged in a quantum world.Comment: Full version of an old paper in Crypto'11. Invited to IJQI. This is
authors' copy with different formattin
Composability in quantum cryptography
In this article, we review several aspects of composability in the context of
quantum cryptography. The first part is devoted to key distribution. We discuss
the security criteria that a quantum key distribution protocol must fulfill to
allow its safe use within a larger security application (e.g., for secure
message transmission). To illustrate the practical use of composability, we
show how to generate a continuous key stream by sequentially composing rounds
of a quantum key distribution protocol. In a second part, we take a more
general point of view, which is necessary for the study of cryptographic
situations involving, for example, mutually distrustful parties. We explain the
universal composability framework and state the composition theorem which
guarantees that secure protocols can securely be composed to larger
applicationsComment: 18 pages, 2 figure
Simulatable security for quantum protocols
The notion of simulatable security (reactive simulatability, universal
composability) is a powerful tool for allowing the modular design of
cryptographic protocols (composition of protocols) and showing the security of
a given protocol embedded in a larger one. Recently, these methods have
received much attention in the quantum cryptographic community.
We give a short introduction to simulatable security in general and proceed
by sketching the many different definitional choices together with their
advantages and disadvantages.
Based on the reactive simulatability modelling of Backes, Pfitzmann and
Waidner we then develop a quantum security model. By following the BPW
modelling as closely as possible, we show that composable quantum security
definitions for quantum protocols can strongly profit from their classical
counterparts, since most of the definitional choices in the modelling are
independent of the underlying machine model.
In particular, we give a proof for the simple composition theorem in our
framework.Comment: Added proof of combination lemma; added comparison to the model of
Ben-Or, Mayers; minor correction
A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM
Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a
number of applications, in particular, as an essential building block for
two-party and multi-party computation. We construct a round-optimal (2 rounds)
universally composable (UC) protocol for oblivious transfer secure against
active adaptive adversaries from any OW-CPA secure public-key encryption scheme
with certain properties in the random oracle model (ROM). In terms of
computation, our protocol only requires the generation of a public/secret-key
pair, two encryption operations and one decryption operation, apart from a few
calls to the random oracle. In~terms of communication, our protocol only
requires the transfer of one public-key, two ciphertexts, and three binary
strings of roughly the same size as the message. Next, we show how to
instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE,
and CDH assumptions. Our instantiations based on the low noise LPN, McEliece,
and QC-MDPC assumptions are the first UC-secure OT protocols based on coding
assumptions to achieve: 1) adaptive security, 2) optimal round complexity, 3)
low communication and computational complexities. Previous results in this
setting only achieved static security and used costly cut-and-choose
techniques.Our instantiation based on CDH achieves adaptive security at the
small cost of communicating only two more group elements as compared to the
gap-DH based Simplest OT protocol of Chou and Orlandi (Latincrypt 15), which
only achieves static security in the ROM
Quantum Cryptography Beyond Quantum Key Distribution
Quantum cryptography is the art and science of exploiting quantum mechanical
effects in order to perform cryptographic tasks. While the most well-known
example of this discipline is quantum key distribution (QKD), there exist many
other applications such as quantum money, randomness generation, secure two-
and multi-party computation and delegated quantum computation. Quantum
cryptography also studies the limitations and challenges resulting from quantum
adversaries---including the impossibility of quantum bit commitment, the
difficulty of quantum rewinding and the definition of quantum security models
for classical primitives. In this review article, aimed primarily at
cryptographers unfamiliar with the quantum world, we survey the area of
theoretical quantum cryptography, with an emphasis on the constructions and
limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference
Finding Safety in Numbers with Secure Allegation Escrows
For fear of retribution, the victim of a crime may be willing to report it
only if other victims of the same perpetrator also step forward. Common
examples include 1) identifying oneself as the victim of sexual harassment,
especially by a person in a position of authority or 2) accusing an influential
politician, an authoritarian government, or ones own employer of corruption. To
handle such situations, legal literature has proposed the concept of an
allegation escrow: a neutral third-party that collects allegations anonymously,
matches them against each other, and de-anonymizes allegers only after
de-anonymity thresholds (in terms of number of co-allegers), pre-specified by
the allegers, are reached.
An allegation escrow can be realized as a single trusted third party;
however, this party must be trusted to keep the identity of the alleger and
content of the allegation private. To address this problem, this paper
introduces Secure Allegation Escrows (SAE, pronounced "say"). A SAE is a group
of parties with independent interests and motives, acting jointly as an escrow
for collecting allegations from individuals, matching the allegations, and
de-anonymizing the allegations when designated thresholds are reached. By
design, SAEs provide a very strong property: No less than a majority of parties
constituting a SAE can de-anonymize or disclose the content of an allegation
without a sufficient number of matching allegations (even in collusion with any
number of other allegers). Once a sufficient number of matching allegations
exist, the join escrow discloses the allegation with the allegers' identities.
We describe how SAEs can be constructed using a novel authentication protocol
and a novel allegation matching and bucketing algorithm, provide formal proofs
of the security of our constructions, and evaluate a prototype implementation,
demonstrating feasibility in practice.Comment: To appear in NDSS 2020. New version includes improvements to writing
and proof. The protocol is unchange
Universally Composable Quantum Multi-Party Computation
The Universal Composability model (UC) by Canetti (FOCS 2001) allows for
secure composition of arbitrary protocols. We present a quantum version of the
UC model which enjoys the same compositionality guarantees. We prove that in
this model statistically secure oblivious transfer protocols can be constructed
from commitments. Furthermore, we show that every statistically classically UC
secure protocol is also statistically quantum UC secure. Such implications are
not known for other quantum security definitions. As a corollary, we get that
quantum UC secure protocols for general multi-party computation can be
constructed from commitments
- …