Electromagnetic wave refraction at an interface of a double wire medium

Plane-wave reflection and refraction at an interface with a double wire medium is considered. The problem of additional boundary conditions (ABC) in application to wire media is discussed and an ABC-free approach, known in the solid state physics, is used. Expressions for the fields and Poynting vectors of the refracted waves are derived. Directions and values of the power density flow of the refracted waves are found and the conservation of the power flow through the interface is checked. The difference between the results, given by the conventional model of wire media and the model, properly taking into account spatial dispersion, is discussed.Comment: 17 pages, 11 figure

MV3: A new word based stream cipher using rapid mixing and revolving buffers

MV3 is a new word based stream cipher for encrypting long streams of data. A direct adaptation of a byte based cipher such as RC4 into a 32- or 64-bit word version will obviously need vast amounts of memory. This scaling issue necessitates a look for new components and principles, as well as mathematical analysis to justify their use. Our approach, like RC4's, is based on rapidly mixing random walks on directed graphs (that is, walks which reach a random state quickly, from any starting point). We begin with some well understood walks, and then introduce nonlinearity in their steps in order to improve security and show long term statistical correlations are negligible. To minimize the short term correlations, as well as to deter attacks using equations involving successive outputs, we provide a method for sequencing the outputs derived from the walk using three revolving buffers. The cipher is fast -- it runs at a speed of less than 5 cycles per byte on a Pentium IV processor. A word based cipher needs to output more bits per step, which exposes more correlations for attacks. Moreover we seek simplicity of construction and transparent analysis. To meet these requirements, we use a larger state and claim security corresponding to only a fraction of it. Our design is for an adequately secure word-based cipher; our very preliminary estimate puts the security close to exhaustive search for keys of size < 256 bits.Comment: 27 pages, shortened version will appear in "Topics in Cryptology - CT-RSA 2007

Poynting's theorem and energy conservation in the propagation of light in bounded media

Starting from the Maxwell-Lorentz equations, Poynting's theorem is reconsidered. The energy flux vector is introduced as S_e=(E x B)/mu_0 instead of E x H, because only by this choice the energy dissipation can be related to the balance of the kinetic energy of the matter subsystem. Conservation of the total energy as the sum of kinetic and electromagnetic energy follows. In our discussion, media and their microscopic nature are represented exactly by their susceptibility functions, which do not necessarily have to be known. On this footing, it can be shown that energy conservation in the propagation of light through bounded media is ensured by Maxwell's boundary conditions alone, even for some frequently used approximations. This is demonstrated for approaches using additional boundary conditions and the dielectric approximation in detail, the latter of which suspected to violate energy conservation for decades.Comment: 5 pages, RevTeX4, changes: complete rewrit

Reexamination of Quantum Bit Commitment: the Possible and the Impossible

Bit commitment protocols whose security is based on the laws of quantum mechanics alone are generally held to be impossible. In this paper we give a strengthened and explicit proof of this result. We extend its scope to a much larger variety of protocols, which may have an arbitrary number of rounds, in which both classical and quantum information is exchanged, and which may include aborts and resets. Moreover, we do not consider the receiver to be bound to a fixed "honest" strategy, so that "anonymous state protocols", which were recently suggested as a possible way to beat the known no-go results are also covered. We show that any concealing protocol allows the sender to find a cheating strategy, which is universal in the sense that it works against any strategy of the receiver. Moreover, if the concealing property holds only approximately, the cheat goes undetected with a high probability, which we explicitly estimate. The proof uses an explicit formalization of general two party protocols, which is applicable to more general situations, and a new estimate about the continuity of the Stinespring dilation of a general quantum channel. The result also provides a natural characterization of protocols that fall outside the standard setting of unlimited available technology, and thus may allow secure bit commitment. We present a new such protocol whose security, perhaps surprisingly, relies on decoherence in the receiver's lab.Comment: v1: 26 pages, 4 eps figures. v2: 31 pages, 5 eps figures; replaced with published version; title changed to comply with puzzling Phys. Rev. regulations; impossibility proof extended to protocols with infinitely many rounds or a continuous communication tree; security proof of decoherence monster protocol expanded; presentation clarifie

A roadmap to fully homomorphic elections: Stronger security, better verifiability

After the trials of remote internet voting for local elections in 2011 and parliamentary elections in 2013, a number of local referendums has renewed interest in internet voting in Norway. The voting scheme used in Norway is not quantum-safe and it has limited voter verifiability. In this case study, we consider how we can use fully homomorphic encryption to construct a quantum-safe voting scheme with better voter verifiability. While fully homomorphic cryptosystems are not efficient enough for the the system we sketch to be implemented and run today, we expect future improvements in fully homomorphic encryption which may eventually make these techniques practical

Surface Screening in the Casimir Force

We calculate the corrections to the Casimir force between two metals due to the spatial dispersion of their response functions. We employ model-independent expressions for the force in terms of the optical coefficients. We express the non-local corrections to the Fresnel coefficients employing the surface $d_\perp$ parameter, which accounts for the distribution of the surface screening charge. Within a self-consistent jellium calculation, spatial dispersion increases the Casimir force significatively for small separations. The nonlocal correction has the opposite sign than previously predicted employing hydrodynamic models and assuming abruptly terminated surfaces.Comment: 5 pages, 2 figure

Analysis of property-preservation capabilities of the ROX and ESh hash domain extenders

Two of the most recent and powerful multi-property preserving (MPP) hash domain extension transforms are the Ramdom-Oracle-XOR (ROX) transform and the Enveloped Shoup (ESh) transform. The former was proposed by Andreeva et al. at ASIACRYPT 2007 and the latter was proposed by Bellare and Ristenpart at ICALP 2007. In the existing literature, ten notions of security for hash functions have been considered in analysis of MPP capabilities of domain extension transforms, namely CR, Sec, aSec, eSec (TCR), Pre, aPre, ePre, MAC, PRF, PRO. Andreeva et al. showed that ROX is able to preserve seven properties; namely collision resistance (CR), three flavors of second preimage resistance (Sec, aSec, eSec) and three variants of preimage resistance (Pre, aPre, ePre). Bellare and Ristenpart showed that ESh is capable of preserving five important security notions; namely CR, message authentication code (MAC), pseudorandom function (PRF), pseudorandom oracle (PRO), and target collision resistance (TCR). Nonetheless, there is no further study on these two MPP hash domain extension transforms with regard to the other properties. The aim of this paper is to fill this gap. Firstly, we show that ROX does not preserve two other widely-used and important security notions, namely MAC and PRO. We also show a positive result about ROX, namely that it also preserves PRF. Secondly, we show that ESh does not preserve other four properties, namely Sec, aSec, Pre, and aPre. On the positive side we show that ESh can preserve ePre property. Our results in this paper provide a full picture of the MPP capabilities of both ROX and ESh transforms by completing the property-preservation analysis of these transforms in regard to all ten security notions of interest, namely CR, Sec, aSec, eSec (TCR), Pre, aPre, ePre, MAC, PRF, PRO

Secure Multiparty Computation from SGX

International audienceIsolated Execution Environments (IEE) offered by novel commodity hardware such as Intel's SGX deployed in Skylake processors permit executing software in a protected environment that shields it from a malicious operating system; it also permits a remote user to obtain strong interactive attestation guarantees on both the code running in an IEE and its input/output behaviour. In this paper we show how IEEs provide a new path to constructing general secure multiparty computation (MPC) protocols. Our protocol is intuitive and elegant: it uses code within an IEE to play the role of a trusted third party (TTP), and the attestation guarantees of SGX to bootstrap secure communications between participants and the TTP. In our protocol the load of communications and computations on participants only depends on the size of each party's inputs and outputs and is thus small and independent from the intricacy of the functionality to be computed. The remaining computational load-essentially that of computing the functionality-is moved to an untrusted party running an IEE-enabled machine, an appealing feature for Cloud-based scenarios. However, as often the case even with the simplest cryptographic protocols, we found that there is a large gap between this intuitively appealing solution and a protocol with rigorous security guarantees. We bridge this gap through a comprehensive set of results that include: i. a detailed construction of a protocol for secure computation for arbitrary functionalities; ii. formal security definitions for the security of the overall protocol and that of its components; and iii. a modular security analysis of our protocol that relies on a novel notion of labeled attested computation. We implemented and extensively evaluated our solution on SGX-enabled hardware, providing detailed measurements of our protocol as well as comparisons with software-only MPC solutions. Furthermore, we show the cost induced by using constant-time, i.e., timing side channel resilient, code in our implementation

Efficient public-key cryptography with bounded leakage and tamper resilience

We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions. The model of bounded tamper resistance was recently put forward by Damgård et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attack

Circuit-Private Multi-Key FHE

Multi-key fully homomorphic encryption (MFHE) schemes allow polynomially many users without trusted setup assumptions to send their data (encrypted under different FHE keys chosen by users independently of each other) to an honest-but-curious server that can compute the output of an arbitrary polynomial-time computable function on this joint data and issue it back to all participating users for decryption. One of the main open problems left in MFHE was dealing with malicious users without trusted setup assumptions. We show how this can be done, generalizing previous results of circuit-private FHE. Just like standard circuit-private FHE, our security model shows that even if both ciphertexts and public keys of individual users are not well-formed, no information is revealed regarding the server computation--- other than that gained from the output on some well-formed inputs of all users. MFHE schemes have direct applications to server-assisted multiparty computation (MPC), called on-the-fly MPC, introduced by López-Alt et al. (STOC \u2712), where the number of users is not known in advance. In this setting, a poly-time server wants to evaluate a circuit $C$ on data uploaded by multiple clients and encrypted under different keys. Circuit privacy requires that users\u27 work is independent of $|C|$ held by the server, while each client learns nothing about $C$ other than its output. We present a framework for transforming MFHE schemes with no circuit privacy into maliciously circuit-private schemes. We then construct 3-round on-the-fly MPC with circuit privacy against malicious clients in the plain model