14 research outputs found
On the Distribution of the Power Generator over a Residue Ring for Parts of the Period
This paper studies the distribution of the power generator of pseudorandom numbers over a residue ring for parts of the period. These results compliment some recently obtained distribution bounds of the power generator modulo an arbitrary number for the entire period. Also, the arbitrary modulus case may have some cryptography related applications and could be of interest in other settings which require quality pseudorandom numbers.This paper studies the distribution of the power generator of pseudorandom numbers over a residue ring for parts of the period. These results compliment some recently obtained distribution bounds of the power generator modulo an arbitrary number for the entire period. Also, the arbitrary modulus case may have some cryptography related applications and could be of interest in other settings which require quality pseudorandom numbers
Timed Commitments Revisited
Timed commitments (Boneh and Naor, CRYPTO 2000) are a variant of
standard commitments which incorporates a forced opening mechanism
that allows anyone to reveal the committed message, but not before
a certain prescribed date.
Timed commitments have a wide-range of applications such as
contract signing, fair multi-party computation, sealed bid auctions
or new blockchain applications such as preventing front-running or
unbiased randomness generation.
We revisit the notion of timed commitments and propose an alternative
simplified definition. We also provide two new constructions of timed
commitments with different trade-offs
On the Provable Security of an Efficient RSA-Based Pseudorandom Generator
Pseudorandom Generators (PRGs) based on the RSA inversion
(one-wayness) problem have been extensively studied in the
literature over the last 25 years. These generators have the
attractive feature of provable pseudorandomness security assuming
the hardness of the RSA inversion problem. However, despite
extensive study, the most efficient provably secure RSA-based
generators output asymptotically only at most bits per
multiply modulo an RSA modulus of bitlength , and hence are too
slow to be used in many practical applications.
To bring theory closer to practice, we present a simple
modification to the proof of security by Fischlin and Schnorr of
an RSA-based PRG, which shows that one can obtain an RSA-based PRG
which outputs bits per multiply and has provable
pseudorandomness security assuming the hardness of a well-studied
variant of the RSA inversion problem, where a constant fraction of
the plaintext bits are given. Our result gives a positive answer to an open question posed by Gennaro (J. of Cryptology, 2005) regarding finding a PRG beating the rate bits per multiply at the cost of a reasonable assumption on RSA inversion
Another Look at Provable Security . II
We discuss the question of how to interpret reduction arguments
in cryptography. We give some examples to show the subtlety
and difficulty of this question
Learning with Errors in the Exponent
We initiate the study of a novel class of group-theoretic intractability problems. Inspired by the theory of learning in presence of errors [Regev, STOC\u2705] we ask if noise in the exponent amplifies intractability. We put forth the notion of Learning with Errors in the Exponent (LWEE) and rather surprisingly show that various attractive properties known to exclusively hold for lattices carry over. Most notably are worst-case hardness and post-quantum resistance. In fact, LWEE\u27s duality is due to the reducibility to two seemingly unrelated assumptions: learning with errors and the representation problem [Brands, Crypto\u2793] in finite groups. For suitable parameter choices LWEE superposes properties from each individual intractability problem. The argument holds in the classical and quantum model of computation.
We give the very first construction of a semantically secure public-key encryption system in the standard model. The heart of our construction is an ``error recovery\u27\u27 technique inspired by [Joye-Libert, Eurocrypt\u2713] to handle critical propagations of noise terms in the exponent
Non-Interactive Key Exchange
Non-interactive key exchange (NIKE) is a fundamental but much-overlooked cryptographic primitive. It appears as a major contribution in the ground-breaking paper of Diffie and Hellman, but NIKE has remained largely unstudied since then. In this paper, we provide different security models for this primitive and explore the relationships between them. We then give constructions for secure NIKE in the Random Oracle Model based on the hardness of factoring and in the standard model based on the hardness of a variant of the decisional Bilinear Diffie Hellman Problem for asymmetric pairings. We also study the relationship between NIKE and public key encryption (PKE), showing that a secure NIKE scheme can be generically converted into an IND-CCA secure PKE scheme. This conversion also illustrates the fundamental nature of NIKE in public key cryptography
Cryptographic Extraction and Key Derivation: The HKDF Scheme
In spite of the central role of key derivation functions (KDF) in applied cryptography, there has been little formal work addressing the design and analysis of general multi-purpose KDFs. In practice, most KDFs (including those widely standardized) follow ad-hoc approaches that treat cryptographic hash functions as perfectly random functions. In this paper we close some gaps between theory and practice by contributing to the study and engineering of KDFs in several ways. We provide detailed rationale for the design of KDFs based on the extract-then-expand approach; we present the first general and rigorous definition of KDFs and their security which we base on the notion of computational extractors; we specify a concrete fully practical KDF based on the HMAC construction; and we provide an analysis of this construction based on the extraction and pseudorandom properties of HMAC. The resultant KDF design can support a large variety of KDF applications under suitable assumptions on the underlying hash function; particular attention and effort is devoted to minimizing these assumptions as much as possible for each usage scenario.
Beyond the theoretical interest in modeling KDFs, this work is intended to address two important and timely needs of cryptographic applications: (i) providing a single hash-based KDF design that can be standardized for use in multiple and diverse applications, and (ii) providing a conservative, yet efficient, design that exercises much care in the way it utilizes a cryptographic hash function.
(The HMAC-based scheme presented here, named HKDF, is being standardized by the IETF.