3,617 research outputs found
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
Hardware authentication based on PUFs and SHA-3 2nd round candidates
Security features are getting a growing interest in microelectronics. Not only entities have to authenticate in the context of a high secure communication but also the hardware employed has to be trusted. Silicon Physical Unclonable Functions (PUFs) or Physical Random Functions, which exploits manufacturing process variations in integrated circuits, have been used to authenticate the hardware in which they are included and, based on them, several cryptographic protocols have been reported. This paper describes the hardware implementation of a symmetric-key authentication protocol in which a PUF is one of the relevant blocks. The second relevant block is a SHA-3 2nd round candidate, a Secure Hash Algorithm (in particular Keccak), which has been proposed to replace the SHA-2 functions that have been broken no long time ago. Implementation details are discussed in the case of Xilinx FPGAs.Junta de AndalucĂa P08-TIC-03674Comunidad Europea FP7-INFSO-ICT-248858Ministerio de Ciencia y TecnologĂa TEC2008-04920 y DPI2008-0384
Asymptotic Analysis of Plausible Tree Hash Modes for SHA-3
Discussions about the choice of a tree hash mode of operation for a
standardization have recently been undertaken. It appears that a single tree
mode cannot address adequately all possible uses and specifications of a
system. In this paper, we review the tree modes which have been proposed, we
discuss their problems and propose remedies. We make the reasonable assumption
that communicating systems have different specifications and that software
applications are of different types (securing stored content or live-streamed
content). Finally, we propose new modes of operation that address the resource
usage problem for the three most representative categories of devices and we
analyse their asymptotic behavior
Optimization of Tree Modes for Parallel Hash Functions: A Case Study
This paper focuses on parallel hash functions based on tree modes of
operation for an inner Variable-Input-Length function. This inner function can
be either a single-block-length (SBL) and prefix-free MD hash function, or a
sponge-based hash function. We discuss the various forms of optimality that can
be obtained when designing parallel hash functions based on trees where all
leaves have the same depth. The first result is a scheme which optimizes the
tree topology in order to decrease the running time. Then, without affecting
the optimal running time we show that we can slightly change the corresponding
tree topology so as to minimize the number of required processors as well.
Consequently, the resulting scheme decreases in the first place the running
time and in the second place the number of required processors.Comment: Preprint version. Added citations, IEEE Transactions on Computers,
201
3-Message Zero Knowledge Against Human Ignorance
The notion of Zero Knowledge has driven the field of cryptography since its conception over thirty years ago. It is well established that two-message zero-knowledge protocols for NP do not exist, and that four-message zero-knowledge arguments exist under the minimal assumption of one-way functions. Resolving the precise round complexity of zero-knowledge has been an outstanding open problem for far too long.
In this work, we present a three-message zero-knowledge argument system with soundness against uniform polynomial-time cheating provers. The main component in our construction is the recent delegation protocol for RAM computations (Kalai and Paneth, TCC 2016B and Brakerski, Holmgren and Kalai, ePrint 2016). Concretely, we rely on a three-message variant of their protocol based on a key-less collision-resistant hash functions secure against uniform adversaries as well as other standard primitives.
More generally, beyond uniform provers, our protocol provides a natural and meaningful security guarantee against real-world adversaries, which we formalize following Rogaway’s “human-ignorance” approach (VIETCRYPT 2006): in a nutshell, we give an explicit uniform reduction from any adversary breaking the soundness of our protocol to finding collisions in the underlying hash function.National Science Foundation (U.S.) (Award CNS-1350619)National Science Foundation (U.S.) (Award CNS-1413964
Quantum attacks on Bitcoin, and how to protect against them
The key cryptographic protocols used to secure the internet and financial
transactions of today are all susceptible to attack by the development of a
sufficiently large quantum computer. One particular area at risk are
cryptocurrencies, a market currently worth over 150 billion USD. We investigate
the risk of Bitcoin, and other cryptocurrencies, to attacks by quantum
computers. We find that the proof-of-work used by Bitcoin is relatively
resistant to substantial speedup by quantum computers in the next 10 years,
mainly because specialized ASIC miners are extremely fast compared to the
estimated clock speed of near-term quantum computers. On the other hand, the
elliptic curve signature scheme used by Bitcoin is much more at risk, and could
be completely broken by a quantum computer as early as 2027, by the most
optimistic estimates. We analyze an alternative proof-of-work called Momentum,
based on finding collisions in a hash function, that is even more resistant to
speedup by a quantum computer. We also review the available post-quantum
signature schemes to see which one would best meet the security and efficiency
requirements of blockchain applications.Comment: 21 pages, 6 figures. For a rough update on the progress of Quantum
devices and prognostications on time from now to break Digital signatures,
see https://www.quantumcryptopocalypse.com/quantum-moores-law
- …