7 research outputs found
The Twist-AUgmented technique for key exchange
Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice or it is easy to misuse it. In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study the case of Zp where p is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique --the so-called 'Twist-AUgmented' technique-- which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions
The Q-curve construction for endomorphism-accelerated elliptic curves
We give a detailed account of the use of -curve reductions to
construct elliptic curves over with efficiently computable
endomorphisms, which can be used to accelerate elliptic curve-based
cryptosystems in the same way as Gallant--Lambert--Vanstone (GLV) and
Galbraith--Lin--Scott (GLS) endomorphisms. Like GLS (which is a degenerate case
of our construction), we offer the advantage over GLV of selecting from a much
wider range of curves, and thus finding secure group orders when is fixed
for efficient implementation. Unlike GLS, we also offer the possibility of
constructing twist-secure curves. We construct several one-parameter families
of elliptic curves over equipped with efficient
endomorphisms for every p \textgreater{} 3, and exhibit examples of
twist-secure curves over for the efficient Mersenne prime
.Comment: To appear in the Journal of Cryptology. arXiv admin note: text
overlap with arXiv:1305.540
Efficient Encodings to Hyperelliptic Curves over Finite Fields
Many cryptosystems are based on the difficulty of the discrete logarithm problem in finitegroups. In this case elliptic and hyperelliptic cryptosystems are more noticed because they providegood security with smaller size keys. Since these systems were used for cryptography, it hasbeen an important issue to transform a random value in finite field into a random point on anelliptic or hyperelliptic curve in a deterministic and efficient method. In this paper we proposea deterministic encoding to hyperelliptic curves over finite field. For cryptographic desires it isimportant to have an injective encoding. In finite fields with characteristic three we obtain aninjective encoding for genus two hyperelliptic curves
Covercrypt: an Efficient Early-Abort KEM for Hidden Access Policies with Traceability from the DDH and LWE
Attribute-Based Encryption (ABE) is a very attractive primitive to limit access according to specific rights. While very powerful instantiations have been offered, under various computational assumptions, they rely on either classical or post-quantum problems, and are quite intricate to implement, generally resulting in poor efficiency; the construction we offer results in a powerful efficiency gap with respect to existing solutions.
With the threat of quantum computers, post-quantum solutions are important, but not yet tested enough to rely on such problems only. We thus first study an hybrid approach to rely on the best of the two worlds: the scheme is secure if at least one of the two underlying assumptions is still valid (i.e. the DDH and LWE).
Then, we address the ABE problem, with a practical solution delivering encrypted contents such that only authorized users can decrypt, without revealing the target sets, while also granting tracing capabilities. Our scheme is inspired by the Subset Cover framework where the users\u27 rights are organized as subsets and a content is encrypted with respect to a subset covering of the target set.
Quite conveniently, we offer black-box modularity: one can easily use any public-key encryption of their choice, such as Kyber, with their favorite library, to combine it with a simple ElGamal variant of key encapsulation mechanisms, providing strong security guarantees
Continuous Variable Optimisation of Quantum Randomness and Probabilistic Linear Amplification
In the past decade, quantum communication protocols based on
continuous variables (CV) has seen considerable development in
both theoretical and experimental aspects.
Nonetheless, challenges remain in both the practical security and
the operating range for CV systems, before such systems may be
used extensively. In this thesis, we present
the optimisation of experimental parameters for secure randomness
generation and propose a non-deterministic approach to enhance
amplification of CV quantum state.
The first part of this thesis examines the security of quantum
devices: in particular, we investigate quantum random number
generators (QRNG) and quantum key distribution
(QKD) schemes. In a realistic scenario, the output of a quantum
random number generator is inevitably tainted by classical
technical noise, which potentially compromises
the security of such a device. To safeguard against this, we
propose and experimentally demonstrate an approach that produces
side-information independent randomness. We present a method for
maximising such randomness contained in a number sequence
generated from a given quantum-to-classical-noise ratio. The
detected photocurrent
in our experiment is shown to have a real-time random-number
generation rate of 14 (Mbit/s)/MHz.
Next, we study the one-sided device-independent (1sDI) quantum
key distribution scheme in the context of continuous variables.
By exploiting recently proven entropic
uncertainty relations, one may bound the information leaked to an
eavesdropper. We use such a bound to further derive the secret
key rate, that depends only upon the
conditional Shannon entropies accessible to Alice and Bob, the
two honest communicating parties. We identify and experimentally
demonstrate such a protocol, using only
coherent states as the resource. We measure the correlations
necessary for 1sDI key distribution up to an applied loss
equivalent to 3.5 km of fibre transmission.
The second part of this thesis concerns the improvement in the
transmission of a quantum state. We study two approximate
implementations of a probabilistic noiseless
linear amplifier (NLA): a physical implementation that truncates
the working space of the NLA or a measurement-based
implementation that realises the truncation
by a bounded postselection filter. We do this by conducting a
full analysis on the measurement-based NLA (MB-NLA), making
explicit the relationship between its various
operating parameters, such as amplification gain and the cut-off
of operating domain. We compare it with its physical counterpart
in terms of the Husimi Q-distribution and
their probability of success.
We took our investigations further by combining a probabilistic
NLA with an ideal deterministic linear amplifier (DLA). In
particular, we show that when NLA gain is strictly lesser than
the DLA gain, this combination can be realised by integrating an
MB-NLA in an optical DLA setup. This results in a hybrid device
which we refer to as the heralded hybrid quantum amplifier. A
quantum cloning machine based on this hybrid amplifier is
constructed through an amplify-then-split method. We perform
probabilistic cloning of arbitrary coherent states, and
demonstrate the production of up to five clones, with the
fidelity of each clone clearly exceeding the corresponding
no-cloning limit
The twist-augmented technique for key exchange
Abstract. Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to derive other keys. Whereas this is a quite simple tool, it is not easy to use in practice —or it is easy to misuse it—. In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study DH-key exchange, in the cases of prime subgroups of Z ⋆ p (and namely where p is a safe-prime) and of elliptic curves, since in IPSec, for example, only these groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called ’Twist-AUgmented’ technique — an alternative to randomness extractors which exploits specific properties of some elliptic curves. We finally compare the efficiency of this method with other solutions