949 research outputs found
Can NSEC5 be practical for DNSSEC deployments?
NSEC5 is proposed modification to DNSSEC that simultaneously guarantees two security properties: (1) privacy against offline zone enumeration, and (2) integrity of zone contents, even if an adversary compromises the authoritative nameserver responsible for responding to DNS queries for the zone. This paper redesigns NSEC5 to make it both practical and performant. Our NSEC5 redesign features a new fast verifiable random function (VRF) based on elliptic curve cryptography (ECC), along with a cryptographic proof of its security. This VRF is also of independent interest, as it is being standardized by the IETF and being used by several other projects. We show how to integrate NSEC5 using our ECC-based VRF into the DNSSEC protocol, leveraging precomputation to improve performance and DNS protocol-level optimizations to shorten responses. Next, we present the first full-fledged implementation of NSEC5—extending widely-used DNS software to present a nameserver and recursive resolver that support NSEC5—and evaluate their performance under aggressive DNS query loads. Our performance results
indicate that our redesigned NSEC5 can be viable even for high-throughput scenarioshttps://eprint.iacr.org/2017/099.pdfFirst author draf
Pseudorandomness for Regular Branching Programs via Fourier Analysis
We present an explicit pseudorandom generator for oblivious, read-once,
permutation branching programs of constant width that can read their input bits
in any order. The seed length is , where is the length of the
branching program. The previous best seed length known for this model was
, which follows as a special case of a generator due to
Impagliazzo, Meka, and Zuckerman (FOCS 2012) (which gives a seed length of
for arbitrary branching programs of size ). Our techniques
also give seed length for general oblivious, read-once branching
programs of width , which is incomparable to the results of
Impagliazzo et al.Our pseudorandom generator is similar to the one used by
Gopalan et al. (FOCS 2012) for read-once CNFs, but the analysis is quite
different; ours is based on Fourier analysis of branching programs. In
particular, we show that an oblivious, read-once, regular branching program of
width has Fourier mass at most at level , independent of the
length of the program.Comment: RANDOM 201
Using Simon's Algorithm to Attack Symmetric-Key Cryptographic Primitives
We present new connections between quantum information and the field of
classical cryptography. In particular, we provide examples where Simon's
algorithm can be used to show insecurity of commonly used cryptographic
symmetric-key primitives. Specifically, these examples consist of a quantum
distinguisher for the 3-round Feistel network and a forgery attack on CBC-MAC
which forges a tag for a chosen-prefix message querying only other messages (of
the same length). We assume that an adversary has quantum-oracle access to the
respective classical primitives. Similar results have been achieved recently in
independent work by Kaplan et al. Our findings shed new light on the
post-quantum security of cryptographic schemes and underline that classical
security proofs of cryptographic constructions need to be revisited in light of
quantum attackers.Comment: 14 pages, 2 figures. v3: final polished version, more formal
definitions adde
Weighted Polynomial Approximations: Limits for Learning and Pseudorandomness
Polynomial approximations to boolean functions have led to many positive
results in computer science. In particular, polynomial approximations to the
sign function underly algorithms for agnostically learning halfspaces, as well
as pseudorandom generators for halfspaces. In this work, we investigate the
limits of these techniques by proving inapproximability results for the sign
function.
Firstly, the polynomial regression algorithm of Kalai et al. (SIAM J. Comput.
2008) shows that halfspaces can be learned with respect to log-concave
distributions on in the challenging agnostic learning model. The
power of this algorithm relies on the fact that under log-concave
distributions, halfspaces can be approximated arbitrarily well by low-degree
polynomials. We ask whether this technique can be extended beyond log-concave
distributions, and establish a negative result. We show that polynomials of any
degree cannot approximate the sign function to within arbitrarily low error for
a large class of non-log-concave distributions on the real line, including
those with densities proportional to .
Secondly, we investigate the derandomization of Chernoff-type concentration
inequalities. Chernoff-type tail bounds on sums of independent random variables
have pervasive applications in theoretical computer science. Schmidt et al.
(SIAM J. Discrete Math. 1995) showed that these inequalities can be established
for sums of random variables with only -wise independence,
for a tail probability of . We show that their results are tight up to
constant factors.
These results rely on techniques from weighted approximation theory, which
studies how well functions on the real line can be approximated by polynomials
under various distributions. We believe that these techniques will have further
applications in other areas of computer science.Comment: 22 page
- …