New directions in cryptography.

Abstract Two kinds of contemporary developments in cryp-communications over an insecure channel order to use cryptogtography are examined. Widening applications of teleprocess-raphy to insure privacy, however, it currently necessary for the ing have given rise to a need for new types of cryptographic communicating parties to share a key which is known to no systems, which minimize the need for secure key distribution one else. This is done by sending the key in advance over some channels and supply the equivalent of a written signature. This secure channel such a private courier or registered mail. A paper suggests ways to solve these currently open problems. private conversation between two people with no prior acquainIt also discusses how the theories of communication and compu-tance is a common occurrence in business, however, and it is tation are beginning to provide the tools to solve cryptographic unrealistic to expect initial business contacts to be postponed problems of long standing. long enough for keys to be transmitted by some physical means. The cost and delay imposed by this key distribution problem is a major barrier to the transfer of business communication

New directions in cryptography.

Abstract Two kinds of contemporary developments in cryp-communications over an insecure channel order to use cryptogtography are examined. Widening applications of teleprocess-raphy to insure privacy, however, it currently necessary for the ing have given rise to a need for new types of cryptographic communicating parties to share a key which is known to no systems, which minimize the need for secure key distribution one else. This is done by sending the key in advance over some channels and supply the equivalent of a written signature. This secure channel such a private courier or registered mail. A paper suggests ways to solve these currently open problems. private conversation between two people with no prior acquainIt also discusses how the theories of communication and compu-tance is a common occurrence in business, however, and it is tation are beginning to provide the tools to solve cryptographic unrealistic to expect initial business contacts to be postponed problems of long standing. long enough for keys to be transmitted by some physical means. The cost and delay imposed by this key distribution problem is a major barrier to the transfer of business communication

Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions

Authenticated Diffie-Hellman key exchange allows two principals communicating over a public network, and each holding public /private keys, to agree on a shared secret value. In this paper we study the natural extension of this cryptographic problem to a group of principals. We begin from existing formal security models and refine them to incorporate major missing details (e.g., strong-corruption and concurrent sessions). Within this model we define the execution of a protocol for authenticated dynamic group Diffie-Hellman and show that it is provably secure under the decisional Diffie-Hellman assumption. Our security result holds in the standard model and thus provides better security guarantees than previously published results in the random oracle model

Resolution of Linear Algebra for the Discrete Logarithm Problem Using GPU and Multi-core Architectures

In cryptanalysis, solving the discrete logarithm problem (DLP) is key to assessing the security of many public-key cryptosystems. The index-calculus methods, that attack the DLP in multiplicative subgroups of finite fields, require solving large sparse systems of linear equations modulo large primes. This article deals with how we can run this computation on GPU- and multi-core-based clusters, featuring InfiniBand networking. More specifically, we present the sparse linear algebra algorithms that are proposed in the literature, in particular the block Wiedemann algorithm. We discuss the parallelization of the central matrix--vector product operation from both algorithmic and practical points of view, and illustrate how our approach has contributed to the recent record-sized DLP computation in GF($2^{809}$).Comment: Euro-Par 2014 Parallel Processing, Aug 2014, Porto, Portugal. \<http://europar2014.dcc.fc.up.pt/\&gt

Horizon formation and far-from-equilibrium isotropization in supersymmetric Yang-Mills plasma

Using gauge/gravity duality, we study the creation and evolution of anisotropic, homogeneous strongly coupled $\mathcal N=4$ supersymmetric Yang-Mills plasma. In the dual gravitational description, this corresponds to horizon formation in a geometry driven to be anisotropic by a time-dependent change in boundary conditions.Comment: 4 pages, typos corrected, published versio

Chosen-ciphertext security from subset sum

We construct a public-key encryption (PKE) scheme whose security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted. At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012

Anonymous Single-Sign-On for n designated services with traceability

Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.Comment: 3

On the Gold Standard for Security of Universal Steganography

While symmetric-key steganography is quite well understood both in the information-theoretic and in the computational setting, many fundamental questions about its public-key counterpart resist persistent attempts to solve them. The computational model for public-key steganography was proposed by von Ahn and Hopper in EUROCRYPT 2004. At TCC 2005, Backes and Cachin gave the first universal public-key stegosystem - i.e. one that works on all channels - achieving security against replayable chosen-covertext attacks (SS-RCCA) and asked whether security against non-replayable chosen-covertext attacks (SS-CCA) is achievable. Later, Hopper (ICALP 2005) provided such a stegosystem for every efficiently sampleable channel, but did not achieve universality. He posed the question whether universality and SS-CCA-security can be achieved simultaneously. No progress on this question has been achieved since more than a decade. In our work we solve Hopper's problem in a somehow complete manner: As our main positive result we design an SS-CCA-secure stegosystem that works for every memoryless channel. On the other hand, we prove that this result is the best possible in the context of universal steganography. We provide a family of 0-memoryless channels - where the already sent documents have only marginal influence on the current distribution - and prove that no SS-CCA-secure steganography for this family exists in the standard non-look-ahead model.Comment: EUROCRYPT 2018, llncs styl