20 research outputs found
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
Lattice-based Group Signature Scheme with Verifier-local Revocation
International audienceSupport of membership revocation is a desirable functionality for any group signature scheme. Among the known revocation approaches, verifier-local revocation (VLR) seems to be the most flexible one, because it only requires the verifiers to possess some up-to-date revocation information, but not the signers. All of the contemporary VLR group signatures operate in the bilinear map setting, and all of them will be insecure once quantum computers become a reality. In this work, we introduce the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant. In comparison with existing lattice-based group signatures, our scheme has several noticeable advantages: support of membership revocation, logarithmic-size signatures, and weaker security assumption. In the random oracle model, our scheme is proved to be secure based on the hardness of the SIVP_{SoftO(n^{1.5})}$ problem in general lattices - an assumption that is as weak as those of state-of-the-art lattice-based standard signatures. Moreover, our construction works without relying on encryption schemes, which is an intriguing feature for group signatures
Origins of the Ambient Solar Wind: Implications for Space Weather
The Sun's outer atmosphere is heated to temperatures of millions of degrees,
and solar plasma flows out into interplanetary space at supersonic speeds. This
paper reviews our current understanding of these interrelated problems: coronal
heating and the acceleration of the ambient solar wind. We also discuss where
the community stands in its ability to forecast how variations in the solar
wind (i.e., fast and slow wind streams) impact the Earth. Although the last few
decades have seen significant progress in observations and modeling, we still
do not have a complete understanding of the relevant physical processes, nor do
we have a quantitatively precise census of which coronal structures contribute
to specific types of solar wind. Fast streams are known to be connected to the
central regions of large coronal holes. Slow streams, however, appear to come
from a wide range of sources, including streamers, pseudostreamers, coronal
loops, active regions, and coronal hole boundaries. Complicating our
understanding even more is the fact that processes such as turbulence,
stream-stream interactions, and Coulomb collisions can make it difficult to
unambiguously map a parcel measured at 1 AU back down to its coronal source. We
also review recent progress -- in theoretical modeling, observational data
analysis, and forecasting techniques that sit at the interface between data and
theory -- that gives us hope that the above problems are indeed solvable.Comment: Accepted for publication in Space Science Reviews. Special issue
connected with a 2016 ISSI workshop on "The Scientific Foundations of Space
Weather." 44 pages, 9 figure
Changes of Chemerin Production in Obese Patients with Different States of Carbohydrate Metabolism
Functional Encryption for Inner Product Predicates from Learning with Errors
We propose a lattice-based functional encryption scheme for inner product predicates whose security follows from the difficulty of the learning with errors (LWE) problem. This construction allows us to achieve applications such as range and subset queries, polynomial evaluation, and CNF/DNF formulas on encrypted data. Our scheme supports inner products over small fields, in contrast to earlier works based on bilinear maps. Our construction is the first functional encryption scheme based on lattice techniques that goes beyond basic identity-based encryption. The main technique in our scheme is a novel twist to the identity-based encryption scheme of Agrawal, Boneh and Boyen (Eurocrypt 2010). Our scheme is weakly attribute hiding in the standard model
Lattice-Based Group Signatures with Logarithmic Signature Size
Group signatures are cryptographic primitives where users can anonymously sign messages in the name of a population they belong to. Gordon et al. (Asiacrypt 2010) suggested the first realization of group signatures based on lattice assumptions in the random oracle model. A significant drawback of their scheme is its linear signature size in the cardinality N of the group. A recent extension proposed by Camenisch et al. (SCN 2012) suffers from the same overhead. In this paper, we describe the first lattice-based group signature schemes where the signature and public key sizes are essentially logarithmic in N (for any fixed security level). Our basic construction only satisfies a relaxed definition of anonymity (just like the Gordon et al. system) but readily extends into a fully anonymous group signature (i.e., that resists adversaries equipped with a signature opening oracle). We prove the security of our schemes in the random oracle model under the SIS and LWE assumptions