Secure Two-Party Computation over a Z-Channel

In secure two-party computation, two mutually distrusting parties are interested in jointly computing a function, while preserving the privacy of their respective inputs. However, when communicating over a clear channel, security against computationally unbounded adversaries is impossible. Thus is the importance of noisy channels, over which we can build Oblivious Transfer (OT), a fundamental primitive in cryptography and the basic building block for any secure multi-party computation. The noisy channels commonly used in current constructions are mostly derived from the Binary Symmetric Channel (BSC), which is modified to extend the capabilities of an attacker. Still, these constructions are based on very strong assumptions, in particular on the error probability, which makes them hard to implement. In this paper, we provide a protocol achieving oblivious transfer over a Z-channel, a natural channel model in various contexts, ranging from optical to covert communication. The protocol proves to be particularly efficient for a large range of error probabilities p (e.g., for 0.17 ≤ p ≤ 0.29 when a security parameter ε = 10− 9 is chosen), where it requires a limited amount of data to be sent through the channel. Our construction also proves to offer security against unfair adversaries, who are able to select the channel probability within a fixed range. We provide coding schemes that can further increase the efficiency of the protocol for probabilities distant from the range mentioned above, and also allow the use of a Z-channel with an error probability greater than 0.5. The flexibility and the efficiency of the construction make an actual implementation of oblivious transfer a more realistic prospect

Public Key Encryption Supporting Plaintext Equality Test and User-Specified Authorization

In this paper we investigate a category of public key encryption schemes which supports plaintext equality test and user-specified authorization. With this new primitive, two users, who possess their own public/private key pairs, can issue token(s) to a proxy to authorize it to perform plaintext equality test from their ciphertexts. We provide a formal formulation for this primitive, and present a construction with provable security in our security model. To mitigate the risks against the semi-trusted proxies, we enhance the proposed cryptosystem by integrating the concept of computational client puzzles. As a showcase, we construct a secure personal health record application based on this primitive

NP-completeness of Certain Sub-classes of the Syndrome Decoding Problem

The problem of Syndrome Decoding was proven to be NP-complete in 1978 and, since then, quite a few cryptographic applications have had their security rely on the (provable) difficulty of solving some instances of it. However, in most cases, the instances to be solved follow some specific constraint: the target weight is a function of the dimension and length of the code. In these cases, is the Syndrome Decoding problem still NP-complete? This is the question that this article intends to answer

Robustness of the BB84 quantum key distribution protocol against general coherent attacks

It is demonstrated that for the entanglement-based version of the Bennett-Brassard (BB84) quantum key distribution protocol, Alice and Bob share provable entanglement if and only if the estimated qubit error rate is below 25% or above 75%. In view of the intimate relation between entanglement and security, this result sheds also new light on the unconditional security of the BB84 protocol in its original prepare-and-measure form. In particular, it indicates that for small qubit error rates 25% is the ultimate upper security bound for any prepare-and-measure BB84-type QKD protocol. On the contrary, for qubit error rates between 25% and 75% we demonstrate that the correlations shared between Alice and Bob can always be explained by separable states and thus, no secret key can be distilled in this regime.Comment: New improved version. A minor mistake has been eliminate

Practical Fault-Tolerant Data Aggregation

During Financial Cryptography 2012 Chan et al. presented a novel privacy-protection fault-tolerant data aggregation protocol. Comparing to previous work, their scheme guaranteed provable privacy of individuals and could work even if some number of users refused to participate. In our paper we demonstrate that despite its merits, their method provides unacceptably low accuracy of aggregated data for a wide range of assumed parameters and cannot be used in majority of real-life systems. To show this we use both precise analytic and experimental methods. Additionally, we present a precise data aggregation protocol that provides provable level of security even facing massive failures of nodes. Moreover, the protocol requires significantly less computation (limited exploiting of heavy cryptography) than most of currently known fault tolerant aggregation protocols and offers better security guarantees that make it suitable for systems of limited resources (including sensor networks). To obtain our result we relax however the model and allow some limited communication between the nodes.Comment: Submitted to ACNS 2016;30 page