On the Key Dependent Message Security of the Fujisaki-Okamoto Constructions

In PKC 1999, Fujisaki and Okamoto showed how to convert any public key encryption (PKE) scheme secure against chosen plaintext attacks (CPA) to a PKE scheme which is secure against chosen ciphertext attacks (CCA) in the random oracle model. Surprisingly, the resulting CCA secure scheme has almost the same efficiency as the underlying CPA secure scheme. Moreover, in J. Cryptology 2013, they proposed the more efficient conversion by using the hybrid encryption framework. In this work, we clarify whether these two constructions are also secure in the sense of key dependent message security against chosen ciphertext attacks (KDM-CCA security), under exactly the same assumptions on the building blocks as those used by Fujisaki and Okamoto. Specifically, we show two results: Firstly, we show that the construction proposed in PKC 1999 does not satisfy KDM-CCA security generally. Secondly, on the other hand, we show that the construction proposed in J. Cryptology 2013 satisfies KDM-CCA security

A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems

Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. This approach captures a strong notion of security, guaranteed against all probabilistic polynomial-time attacks. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are treated as black boxes. Since the seminal work of Dolev and Yao, it has been realized that this latter approach enables significantly simpler and often automated proofs. However, the guarantees that it offers have been quite unclear. For more than twenty years the two approaches have coexisted but evolved mostly independently. Recently, significant research efforts attempt to develop paradigms for cryptographic systems analysis that combines the best of both worlds. There are two broad directions that have been followed. {\em Computational soundness} aims to establish sufficient conditions under which results obtained using symbolic models imply security under computational models. The {\em direct approach} aims to apply the principles and the techniques developed in the context of symbolic models directly to computational ones. In this paper we survey existing results along both of these directions. Our goal is to provide a rather complete summary that could act as a quick reference for researchers who want to contribute to the field, want to make use of existing results, or just want to get a better picture of what results already exist

Exploring the effects of climate change communication and training efforts: lessons from training-courses aimed at mid-career professionals

Research on the different ways in which climate change and adaptation (CCA) is communicated and taught has been growing in popularity over the last few decades. Researchers in communication science have found that the way in which information is presented and transferred is important in influencing people's perceptions and attitudes towards particular topics and issues. With this in mind, the lack of interest or realization of the severity of climate change at many levels of governance may be indicative that climate change, the subsequent negative impacts thereof and the need to implement adaptive and mitigative strategies - is not being effectively communicated to these audiences. This research explores the effect of CCA training-courses on participant knowledge, perceptions and attitudes towards CCA and related issues. It also highlights training methods and elements of course design which participants identified as enabling factors in enabling their understanding of CCA. The data collection used a mix methods approach, and focused around two training-courses. Participants (n=37) were mid-career professionals, many of whom engage in decision-making and policy development activities in different levels and sectors of government. Quantitative data was collected using scaled pre-and-post training tests. Qualitative data was collected through 14 semi-structured interviews, process observations, and anonymous feedback slips. A majority of participants (68%), showed an increase in knowledge scores after attending training. Similarly, 62% of participants responded more positively to questions relating to CCA in the post-training test compared to their pre-test responses. This research did not find a strong correlation between changes in knowledge, and changes in perceptions and attitudes; however, there were positive changes in all three variables. Participants discussed six methods of teaching and training which enabled their understanding of CCA and related issues; namely, PowerPointTM presentations, group work, practical exercises, games and role-play. Learnings from studying the training-courses highlight the importance of collaborative learning, diversity in participant groups, active engagement of participants with various mixed training methods and careful framing of content such that it inspires a sense of confidence rather than hopelessness. The effective communication and transfer of CCA information to professionals that are engaged in decision-making and policy development is key to increasing adaptive capacity, and subsequently adaptation at scale. It is therefore critical that CCA communication and capacity building efforts, such as training-courses, are designed such that they optimize participant learning and understanding

Chosen Ciphertext Security from Injective Trapdoor Functions

We provide a construction of chosen ciphertext secure public-key encryption from (injective) trapdoor functions. Our construction is black box and assumes no special properties (e.g. ``lossy\u27\u27, ``correlated product secure\u27\u27) of the trapdoor function

Advances in Functional Encryption

Functional encryption is a novel paradigm for public-key encryption that enables both fine-grained access control and selective computation on encrypted data, as is necessary to protect big, complex data in the cloud. In this thesis, I provide a brief introduction to functional encryption, and an overview of my contributions to the area

Cryptographic Hashing From Strong One-Way Functions

Constructing collision-resistant hash families (CRHFs) from one-way functions is a long-standing open problem and source of frustration in theoretical cryptography. In fact, there are strong negative results: black-box separations from one-way functions that are $2^{-(1-o(1))n}$-secure against polynomial time adversaries (Simon, EUROCRYPT \u2798) and even from indistinguishability obfuscation (Asharov and Segev, FOCS \u2715). In this work, we formulate a mild strengthening of exponentially secure one-way functions, and we construct CRHFs from such functions. Specifically, our security notion requires that every polynomial time algorithm has at most $2^{-n - \omega(\log(n))}$ probability of inverting two independent challenges. More generally, we consider the problem of simultaneously inverting $k$ functions $f_1,\ldots, f_k$, which we say constitute a ``one-way product function\u27\u27 (OWPF). We show that sufficiently hard OWPFs yield hash families that are multi-input correlation intractable (Canetti, Goldreich, and Halevi, STOC \u2798) with respect to all sparse (bounded arity) output relations. Additionally assuming indistinguishability obfuscation, we construct hash families that achieve a broader notion of correlation intractability, extending the recent work of Kalai, Rothblum, and Rothblum (CRYPTO \u2717). In particular, these families are sufficient to instantiate the Fiat-Shamir heuristic in the plain model for a natural class of interactive proofs. An interesting consequence of our results is a potential new avenue for bypassing black-box separations. In particular, proving (with necessarily non-black-box techniques) that parallel repetition amplifies the hardness of specific one-way functions -- for example, all one-way permutations -- suffices to directly bypass Simon\u27s impossibility result

Symbolic Analysis of Cryptographic Protocols

We rely on the security properties of cryptographic protocols every day while browsing the Internet or withdrawing money from an ATM. However, many of the protocols we use today were standardized without a proof of security. Serious flaws in protocols restrict the level of security we can reach for applications. This thesis motivates why we should strive for proofs of security and provides a framework that makes using automated tools to conduct such proofs more feasible

Placement of dynamic data objects over heterogeneous memory organizations in embedded systems

Tesis inédita de la Universidad Complutense de Madrid, Facultad de Informática, Departamento de Arquitectura de Computadoras y Automática, leída el 24-11-2015Depto. de Arquitectura de Computadores y AutomáticaFac. de InformáticaTRUEunpu