37 research outputs found
On the joint security of signature and encryption schemes under randomness reuse: efficiency and security amplification
Lecture Notes in Computer Science, 7341We extend the work of Bellare, Boldyreva and Staddon on the systematic analysis of randomness reuse to construct multi-recipient encryption schemes to the case where randomness is reused across different cryptographic primitives. We find that through the additional binding introduced through randomness reuse, one can actually obtain a security amplification with respect to the standard black-box compositions, and achieve a stronger level of security. We introduce stronger notions of security for encryption and signatures, where challenge messages can depend in a restricted way on the random coins used in encryption, and show that two variants of the KEM/DEM paradigm give rise to encryption schemes that meet this enhanced notion of security. We obtain the most efficient signcryption scheme to date that is secure against insider attackers without random oracles.(undefined
SIGNCRYPTION ANALYZE
The aim of this paper is to provide an overview for the research that has been done so far in signcryption area. The paper also presents the extensions for the signcryption scheme and discusses the security in signcryption. The main contribution to this paper represents the implementation of the signcryption algorithm with the examples provided.ElGamal, elliptic curves, encryption, identity-based, proxy-signcryption, public key, ring-signcryption, RSA, signcryption
Combined schemes for signature and encryption: The public-key and the identity-based setting
Consider a scenario in which parties use a public-key encryption scheme and a signature scheme with a single public key/private key pair-so the private key sk is used for both signing and decrypting. Such a simultaneous use of a key is in general considered poor cryptographic practice, but from an efficiency point of view looks attractive. We offer security notions to analyze such violations of key separation. For both the identity-and the non-identity-based setting, we show that-although being insecure in general-for schemes of interest the resulting combined scheme can offer strong security guarantees.First and last author were supported by the Spanish Ministerio de EconomĂa y Competitividad through the project grant MTM-2012-15167
Empirical and Strong Coordination via Soft Covering with Polar Codes
We design polar codes for empirical coordination and strong coordination in
two-node networks. Our constructions hinge on the fact that polar codes enable
explicit low-complexity schemes for soft covering. We leverage this property to
propose explicit and low-complexity coding schemes that achieve the capacity
regions of both empirical coordination and strong coordination for sequences of
actions taking value in an alphabet of prime cardinality. Our results improve
previously known polar coding schemes, which (i) were restricted to uniform
distributions and to actions obtained via binary symmetric channels for strong
coordination, (ii) required a non-negligible amount of common randomness for
empirical coordination, and (iii) assumed that the simulation of discrete
memoryless channels could be perfectly implemented. As a by-product of our
results, we obtain a polar coding scheme that achieves channel resolvability
for an arbitrary discrete memoryless channel whose input alphabet has prime
cardinality.Comment: 14 pages, two-column, 5 figures, accepted to IEEE Transactions on
Information Theor
Generic Methods to Achieve Tighter Security Reductions for a Category of IBE Schemes
We show that Katz-Wang's duplicating key and ciphertext technique can be extended to a generic method that can be used in a certain category of Identity-Based Encryption (IBE) schemes for the purposes of improving their security reductions. We further develop two refined approaches by adapting the randomness reuse technique in the Katz-Wang technique: one is public key duplication, and the other is master key duplication. Compared to the Katz-Wang technique, our two refined approaches do not only improve the performances of the resulting IBE schemes but also enable a reduction algorithm to deal with decryption queries correctly and therefore can achieve chosen ciphertext security. As case studies, we apply these two approaches to modify the Boneh-Franklin IBE scheme and the Boneh-Boyen IBE scheme, respectively. Both of the modifications improve the tightness of security reductions, compared to the original schemes, with a reasonably low cost.http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcApp=PARTNER_APP&SrcAuth=LinksAMR&KeyUT=WOS:000306288000004&DestLinkType=FullRecord&DestApp=ALL_WOS&UsrCustomerID=8e1609b174ce4e31116a60747a720701Computer Science, Information SystemsComputer Science, Theory & MethodsEICPCI-S(ISTP)
A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM
Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a
number of applications, in particular, as an essential building block for
two-party and multi-party computation. We construct a round-optimal (2 rounds)
universally composable (UC) protocol for oblivious transfer secure against
active adaptive adversaries from any OW-CPA secure public-key encryption scheme
with certain properties in the random oracle model (ROM). In terms of
computation, our protocol only requires the generation of a public/secret-key
pair, two encryption operations and one decryption operation, apart from a few
calls to the random oracle. In~terms of communication, our protocol only
requires the transfer of one public-key, two ciphertexts, and three binary
strings of roughly the same size as the message. Next, we show how to
instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE,
and CDH assumptions. Our instantiations based on the low noise LPN, McEliece,
and QC-MDPC assumptions are the first UC-secure OT protocols based on coding
assumptions to achieve: 1) adaptive security, 2) optimal round complexity, 3)
low communication and computational complexities. Previous results in this
setting only achieved static security and used costly cut-and-choose
techniques.Our instantiation based on CDH achieves adaptive security at the
small cost of communicating only two more group elements as compared to the
gap-DH based Simplest OT protocol of Chou and Orlandi (Latincrypt 15), which
only achieves static security in the ROM
Randomness Optimization for Gadget Compositions in Higher-Order Masking
Physical characteristics of electronic devices, leaking secret and sensitive information to an adversary with physical access, pose a long-known threat to cryptographic hardware implementations. Among a variety of proposed countermeasures against such Side-Channel Analysis attacks, masking has emerged as a promising, but often costly, candidate. Furthermore, the manual realization of masked implementations has proven error-prone and often introduces flaws, possibly resulting in insecure circuits. In the context of automatic masking, a new line of research emerged, aiming to replace each physical gate with a secure gadget that fulfills well-defined properties, guaranteeing security when interconnected to a large circuit. Unfortunately, those gadgets introduce a significant amount of additional overhead into the design, in terms of area, latency, and randomness requirements.
In this work, we present a novel approach to reduce the demands for randomness in such gadget-composed circuits by reusing randomness across gadgets while maintaining security in the probing adversary model. To this end, we embedded the corresponding optimization passes into an Electronic Design Automation toolchain, able to construct, optimize, and implement masked circuits, starting from an unprotected design. As such, our security-aware optimization offers an additional building block for existing or new Electronic Design Automation frameworks, where security is considered a first-class design constraint
On the relationship between functional encryption, obfuscation, and fully homomorphic encryption
We investigate the relationship between Functional Encryption (FE) and Fully Homomorphic Encryption (FHE), demonstrating that, under certain assumptions, a Functional Encryption scheme supporting evaluation on two ciphertexts implies Fully Homomorphic Encryption. We first introduce the notion of Randomized Functional Encryption (RFE), a generalization of Functional Encryption dealing with randomized functionalities of interest in its own right, and show how to construct an RFE from a (standard) semantically secure FE. For this we define the notion of entropically secure FE and use it as an intermediary step in the construction. Finally we show that RFEs constructed in this way can be used to construct FHE schemes thereby establishing a relation between the FHE and FE primitives. We conclude the paper by recasting the construction of RFE schemes in the context of obfuscation.NSF -National Science Foundatio
Post-Quantum Multi-Recipient Public Key Encryption
A multi-message multi-recipient PKE (mmPKE) encrypts a batch of
messages, in one go, to a corresponding set of independently chosen
receiver public keys. The resulting multi-recipient ciphertext can be
then be reduced (by any 3rd party) to a shorter, receiver specific,
invidual ciphertext . Finally, to recover the -th message in the
batch from their indvidual ciphertext the -th receiver only needs
their own decryption key. A special case of mmPKE is multi-recipient PKE
where all receivers are sent the same message. By treating (m)mPKE and
their KEM counterparts as a stand-alone primitives we allow for more
efficient constructions than trivially composing individual PKE/KEM
instances. This is especially valuable in the post-quantum setting, where
PKE/KEM ciphertexts and public keys tend to be far larger than their
classic counterparts.
In this work we describe a collection of new results around batched KEMs
and PKE. We provide both classic and post-quantum proofs for all results.
Our results are geared towards practical constructions and applications
(for example in the domain of PQ-secure group messaging).
Concretely, our results include a new non-adaptive to adaptive compiler
for CPA-secure mKEMs resulting in public keys roughly half the size of
the previous state-of-the-art [Hashimoto et.al., CCS\u2721]. We also prove
their FO transform for mKEMs to be secure in the quantum random oracle
model. We provide the first mKEM combiner as well as two mmPKE
constructions. The first is an arbitrary message-length black-box
construction from an mKEM (e.g. one produced by combining a PQ with a
classic mKEM). The second is optimized for short messages and achieves
hybrid PQ/classic security more directly. When encrypting short
messages (e.g. as in several recent mmPKE applications) at 256-bits of
security the mmPKE ciphertext are bytes shorter than the generic
construction. Finally, we provide an optimized implementation of the (CCA
secure) mKEM construction based on the NIST PQC winner Kyber and report
benchmarks showing a significant speedup for batched encapsulation and up
to 79% savings in ciphertext size compared to a naive solution