6,302 research outputs found
Secure Random Key Pre-Distribution Against Semi-Honest Adversaries
Recently, Eschenauer and Gligor [EG02] proposed a model (the EG-model) for random key pre-distribution in distributed sensor networks (DSN) that allows sensors to establish private shared keys. In this model, each sensor is randomly assigned a set of keys, called a key-ring, from a secret key-pool. Two nodes can communicate securely by using a shared key (direct key) or via a chain of shared keys (key-path). The authors show how the key-ring size can be chosen so that nodes are guaranteed to be linked either by direct keys or by key-paths. Security of this system is proven for an eavesdropping (passive) adversary.
In this paper we assume the same key pre-distribution set-up but consider a semi-honest adversary. Semi-honest adversaries are privacy adversaries that have access to a fraction of the keys in the key pool, the compromised keys, but are otherwise passive, in the sense that they do not cause nodes to deviate from protocol executions (to remain undetectable). Since they can decrypt messages secured by key-paths with compromised keys, the security guarantees of the EG model break down.
We revisit the security of key establishment in the presence of such adversaries and make a number of contributions. First, we show that it is possible to choose the size of the key-rings so that any two
nodes can exchange a private key securely in the presence of a semi-honest adversary. Second, we give a protocol that achieves this guarantee and prove its security. Third, we introduce a new efficiency parameter for the EG-model that allows the protocol designer to trade-off the communication required for key establishment with the key-ring size. Finally, we propose a concrete key establishment protocol (based on the DSR protocol) that guarantees security in the presence of a semi-honest adversary
Classical Cryptographic Protocols in a Quantum World
Cryptographic protocols, such as protocols for secure function evaluation
(SFE), have played a crucial role in the development of modern cryptography.
The extensive theory of these protocols, however, deals almost exclusively with
classical attackers. If we accept that quantum information processing is the
most realistic model of physically feasible computation, then we must ask: what
classical protocols remain secure against quantum attackers?
Our main contribution is showing the existence of classical two-party
protocols for the secure evaluation of any polynomial-time function under
reasonable computational assumptions (for example, it suffices that the
learning with errors problem be hard for quantum polynomial time). Our result
shows that the basic two-party feasibility picture from classical cryptography
remains unchanged in a quantum world.Comment: Full version of an old paper in Crypto'11. Invited to IJQI. This is
authors' copy with different formattin
Secure two-party quantum evaluation of unitaries against specious adversaries
We describe how any two-party quantum computation, specified by a unitary
which simultaneously acts on the registers of both parties, can be privately
implemented against a quantum version of classical semi-honest adversaries that
we call specious. Our construction requires two ideal functionalities to
garantee privacy: a private SWAP between registers held by the two parties and
a classical private AND-box equivalent to oblivious transfer. If the unitary to
be evaluated is in the Clifford group then only one call to SWAP is required
for privacy. On the other hand, any unitary not in the Clifford requires one
call to an AND-box per R-gate in the circuit. Since SWAP is itself in the
Clifford group, this functionality is universal for the private evaluation of
any unitary in that group. SWAP can be built from a classical bit commitment
scheme or an AND-box but an AND-box cannot be constructed from SWAP. It follows
that unitaries in the Clifford group are to some extent the easy ones. We also
show that SWAP cannot be implemented privately in the bare model
A privacy-preserving fuzzy interest matching protocol for friends finding in social networks
Nowadays, it is very popular to make friends, share photographs, and exchange news throughout social networks. Social networks widely expand the area of people’s social connections and make communication much smoother than ever before. In a social network, there are many social groups established based on common interests among persons, such as learning group, family group, and reading group. People often describe their profiles when registering as a user in a social network. Then social networks can organize these users into groups of friends according to their profiles. However, an important issue must be considered, namely many users’ sensitive profiles could have been leaked out during this process. Therefore, it is reasonable to design a privacy-preserving friends-finding protocol in social network. Toward this goal, we design a fuzzy interest matching protocol based on private set intersection. Concretely, two candidate users can first organize their profiles into sets, then use Bloom filters to generate new data structures, and finally find the intersection sets to decide whether being friends or not in the social network. The protocol is shown to be secure in the malicious model and can be useful for practical purposes.Peer ReviewedPostprint (author's final draft
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
Peer-to-Peer Secure Multi-Party Numerical Computation Facing Malicious Adversaries
We propose an efficient framework for enabling secure multi-party numerical
computations in a Peer-to-Peer network. This problem arises in a range of
applications such as collaborative filtering, distributed computation of trust
and reputation, monitoring and other tasks, where the computing nodes is
expected to preserve the privacy of their inputs while performing a joint
computation of a certain function. Although there is a rich literature in the
field of distributed systems security concerning secure multi-party
computation, in practice it is hard to deploy those methods in very large scale
Peer-to-Peer networks. In this work, we try to bridge the gap between
theoretical algorithms in the security domain, and a practical Peer-to-Peer
deployment.
We consider two security models. The first is the semi-honest model where
peers correctly follow the protocol, but try to reveal private information. We
provide three possible schemes for secure multi-party numerical computation for
this model and identify a single light-weight scheme which outperforms the
others. Using extensive simulation results over real Internet topologies, we
demonstrate that our scheme is scalable to very large networks, with up to
millions of nodes. The second model we consider is the malicious peers model,
where peers can behave arbitrarily, deliberately trying to affect the results
of the computation as well as compromising the privacy of other peers. For this
model we provide a fourth scheme to defend the execution of the computation
against the malicious peers. The proposed scheme has a higher complexity
relative to the semi-honest model. Overall, we provide the Peer-to-Peer network
designer a set of tools to choose from, based on the desired level of security.Comment: Submitted to Peer-to-Peer Networking and Applications Journal (PPNA)
200
- …