741 research outputs found
A min-entropy uncertainty relation for finite size cryptography
Apart from their foundational significance, entropic uncertainty relations
play a central role in proving the security of quantum cryptographic protocols.
Of particular interest are thereby relations in terms of the smooth min-entropy
for BB84 and six-state encodings. Previously, strong uncertainty relations were
obtained which are valid in the limit of large block lengths. Here, we prove a
new uncertainty relation in terms of the smooth min-entropy that is only
marginally less strong, but has the crucial property that it can be applied to
rather small block lengths. This paves the way for a practical implementation
of many cryptographic protocols. As part of our proof we show tight uncertainty
relations for a family of Renyi entropies that may be of independent interest.Comment: 5+6 pages, 1 figure, revtex. new version changed author's name from
Huei Ying Nelly Ng to Nelly Huei Ying Ng, for consistency with other
publication
A transform of complementary aspects with applications to entropic uncertainty relations
Even though mutually unbiased bases and entropic uncertainty relations play
an important role in quantum cryptographic protocols they remain ill
understood. Here, we construct special sets of up to 2n+1 mutually unbiased
bases (MUBs) in dimension d=2^n which have particularly beautiful symmetry
properties derived from the Clifford algebra. More precisely, we show that
there exists a unitary transformation that cyclically permutes such bases. This
unitary can be understood as a generalization of the Fourier transform, which
exchanges two MUBs, to multiple complementary aspects. We proceed to prove a
lower bound for min-entropic entropic uncertainty relations for any set of
MUBs, and show that symmetry plays a central role in obtaining tight bounds.
For example, we obtain for the first time a tight bound for four MUBs in
dimension d=4, which is attained by an eigenstate of our complementarity
transform. Finally, we discuss the relation to other symmetries obtained by
transformations in discrete phase space, and note that the extrema of discrete
Wigner functions are directly related to min-entropic uncertainty relations for
MUBs.Comment: 16 pages, 2 figures, v2: published version, clarified ref [30
Implementation of two-party protocols in the noisy-storage model
The noisy-storage model allows the implementation of secure two-party
protocols under the sole assumption that no large-scale reliable quantum
storage is available to the cheating party. No quantum storage is thereby
required for the honest parties. Examples of such protocols include bit
commitment, oblivious transfer and secure identification. Here, we provide a
guideline for the practical implementation of such protocols. In particular, we
analyze security in a practical setting where the honest parties themselves are
unable to perform perfect operations and need to deal with practical problems
such as errors during transmission and detector inefficiencies. We provide
explicit security parameters for two different experimental setups using weak
coherent, and parametric down conversion sources. In addition, we analyze a
modification of the protocols based on decoy states.Comment: 41 pages, 33 figures, this is a companion paper to arXiv:0906.1030
considering practical aspects, v2: published version, title changed in
accordance with PRA guideline
Improving the Security of Quantum Protocols via Commit-and-Open
We consider two-party quantum protocols starting with a transmission of some
random BB84 qubits followed by classical messages. We show a general "compiler"
improving the security of such protocols: if the original protocol is secure
against an "almost honest" adversary, then the compiled protocol is secure
against an arbitrary computationally bounded (quantum) adversary. The
compilation preserves the number of qubits sent and the number of rounds up to
a constant factor. The compiler also preserves security in the
bounded-quantum-storage model (BQSM), so if the original protocol was
BQSM-secure, the compiled protocol can only be broken by an adversary who has
large quantum memory and large computing power. This is in contrast to known
BQSM-secure protocols, where security breaks down completely if the adversary
has larger quantum memory than expected. We show how our technique can be
applied to quantum identification and oblivious transfer protocols.Comment: 21 pages; editorial change (reorganizing of several subsections in
new section 5 about "extensions and generalizations"); added clarifications
about efficient simulation; minor improvement
Statistically-secure ORAM with Overhead
We demonstrate a simple, statistically secure, ORAM with computational
overhead ; previous ORAM protocols achieve only
computational security (under computational assumptions) or require
overheard. An additional benefit of our ORAM is its
conceptual simplicity, which makes it easy to implement in both software and
(commercially available) hardware.
Our construction is based on recent ORAM constructions due to Shi, Chan,
Stefanov, and Li (Asiacrypt 2011) and Stefanov and Shi (ArXiv 2012), but with
some crucial modifications in the algorithm that simplifies the ORAM and enable
our analysis. A central component in our analysis is reducing the analysis of
our algorithm to a "supermarket" problem; of independent interest (and of
importance to our analysis,) we provide an upper bound on the rate of "upset"
customers in the "supermarket" problem
More is Less: Perfectly Secure Oblivious Algorithms in the Multi-Server Setting
The problem of Oblivious RAM (ORAM) has traditionally been studied in a
single-server setting, but more recently the multi-server setting has also been
considered. Yet it is still unclear whether the multi-server setting has any
inherent advantages, e.g., whether the multi-server setting can be used to
achieve stronger security goals or provably better efficiency than is possible
in the single-server case.
In this work, we construct a perfectly secure 3-server ORAM scheme that
outperforms the best known single-server scheme by a logarithmic factor. In the
process, we also show, for the first time, that there exist specific algorithms
for which multiple servers can overcome known lower bounds in the single-server
setting.Comment: 36 pages, Accepted in Asiacrypt 201
Turbospeedz: Double Your Online SPDZ! Improving SPDZ using Function Dependent Preprocessing
Secure multiparty computation allows a set of mutually distrusting parties to securely compute a function of their private inputs, revealing only the output, even if some of the parties are corrupt. Recent years have seen an enormous amount of work that drastically improved the concrete efficiency of secure multiparty computation protocols. Many secure multiparty protocols work in an ``offline-online model. In this model, the computation is split into two main phases: a relatively slow ``offline phase , which the parties execute before they know their input, and a fast ``online phase , which the parties execute after receiving their input.
One of the most popular and efficient protocols for secure multiparty computation working in this model is the SPDZ protocol (Damgaard et al., CRYPTO 2012). The SPDZ offline phase is function independent, i.e., does not requires knowledge of the computed function at the offline phase. Thus, a natural question is: can the efficiency of the SPDZ protocol be improved if the function is known at the offline phase?
In this work, we answer the above question affirmatively. We show that by using a function dependent preprocessing protocol, the online communication of the SPDZ protocol can be brought down significantly, almost by a factor of 2, and the online computation is often also significantly reduced. In scenarios where communication is the bottleneck, such as strong computers on low bandwidth networks, this could potentially almost double the online throughput of the SPDZ protocol, when securely computing the same circuit many times in parallel (on different inputs).
We present two versions of our protocol: Our first version uses the SPDZ offline phase protocol as a black-box, which achieves the improved online communication at the cost of slightly increasing the offline communication. Our second version works by modifying the state-of-the-art SPDZ preprocessing protocol, Overdrive (Keller et al., Eurocrypt 2018). This version improves the overall communication over the state-of-the-art SPDZ when the function is known at the offline phase
Data-Oblivious Graph Algorithms in Outsourced External Memory
Motivated by privacy preservation for outsourced data, data-oblivious
external memory is a computational framework where a client performs
computations on data stored at a semi-trusted server in a way that does not
reveal her data to the server. This approach facilitates collaboration and
reliability over traditional frameworks, and it provides privacy protection,
even though the server has full access to the data and he can monitor how it is
accessed by the client. The challenge is that even if data is encrypted, the
server can learn information based on the client data access pattern; hence,
access patterns must also be obfuscated. We investigate privacy-preserving
algorithms for outsourced external memory that are based on the use of
data-oblivious algorithms, that is, algorithms where each possible sequence of
data accesses is independent of the data values. We give new efficient
data-oblivious algorithms in the outsourced external memory model for a number
of fundamental graph problems. Our results include new data-oblivious
external-memory methods for constructing minimum spanning trees, performing
various traversals on rooted trees, answering least common ancestor queries on
trees, computing biconnected components, and forming open ear decompositions.
None of our algorithms make use of constant-time random oracles.Comment: 20 page
Lattice-Based zk-SNARKs from Square Span Programs
Zero-knowledge SNARKs (zk-SNARKs) are non-interactive proof systems with short (i.e., independent of the size of the witness) and efficiently verifiable proofs. They elegantly resolve the juxtaposition of individual privacy and public trust, by providing an efficient way of demonstrating knowledge of secret information without actually revealing it. To this day, zk-SNARKs are widely deployed all over the planet and are used to keep alive a system worth billion of euros, namely the cryptocurrency Zcash. However, all current SNARKs implementations rely on so-called pre-quantum assumptions and, for this reason, are not expected to withstand cryptanalitic efforts over the next few decades.
In this work, we introduce a new zk-SNARK that can be instantiated from lattice-based assumptions, and which is thus believed to be post-quantum secure. We provide a generalization in the spirit of Gennaro et al. (Eurocrypt'13) to the SNARK of Danezis et al. (Asiacrypt'14) that is based on Square Span Programs (SSP) and relies on weaker computational assumptions. We focus on designated-verifier proofs and propose a protocol in which a proof consists of just 5 LWE encodings. We provide a concrete choice of parameters, showing that our construction is practically instantiable
Security and Efficiency Analysis of the Hamming Distance Computation Protocol Based on Oblivious Transfer
open access articleBringer et al. proposed two cryptographic protocols for the computation of Hamming distance. Their first scheme uses Oblivious Transfer and provides security in the semi-honest model. The other scheme uses Committed Oblivious Transfer and is claimed to provide full security in the malicious case. The proposed protocols have direct implications to biometric authentication schemes between a prover and a verifier where the verifier has biometric data of the users in plain form.
In this paper, we show that their protocol is not actually fully secure against malicious adversaries. More precisely, our attack breaks the soundness property of their protocol where a malicious user can compute a Hamming distance which is different from the actual value. For biometric authentication systems, this attack allows a malicious adversary to pass the authentication without knowledge of the honest user's input with at most complexity instead of , where is the input length. We propose an enhanced version of their protocol where this attack is eliminated. The security of our modified protocol is proven using the simulation-based paradigm. Furthermore, as for efficiency concerns, the modified protocol utilizes Verifiable Oblivious Transfer which does not require the commitments to outputs which improves its efficiency significantly
- …