367 research outputs found
Maximum Gap in (Inverse) Cyclotomic Polynomial
Let denote the maximum of the differences (gaps) between two
consecutive exponents occurring in a polynomial . Let denote the
-th cyclotomic polynomial and let denote the -th inverse
cyclotomic polynomial. In this note, we study and where
is a product of odd primes, say , etc. It is trivial to
determine , and . Hence the
simplest non-trivial cases are and . We
provide an exact expression for We also provide an exact
expression for
under a mild condition. The condition is almost always
satisfied (only finite exceptions for each ). We also provide a lower
bound and an upper bound for
An Authenticated Group Key Agreement Protocol on Braid groups
In this paper, we extend the 2-party key exchange protocol on braid groups to the group key agreement protocol based on the hardness of Ko-Lee problem. We also provide authenticity to the group key agreement protocol
On Ideal Secret-Sharing Schemes for -homogeneous access structures
A -uniform hypergraph is a hypergraph where each -hyperedge has exactly
vertices. A -homogeneous access structure is represented by a
-uniform hypergraph , in which the participants correspond to
the vertices of hypergraph . A set of vertices can reconstruct the
secret value from their shares if they are connected by a -hyperedge, while
a set of non-adjacent vertices does not obtain any information about the
secret. One parameter for measuring the efficiency of a secret sharing scheme
is the information rate, defined as the ratio between the length of the secret
and the maximum length of the shares given to the participants. Secret sharing
schemes with an information rate equal to one are called ideal secret sharing
schemes. An access structure is considered ideal if an ideal secret sharing
scheme can realize it. Characterizing ideal access structures is one of the
important problems in secret sharing schemes. The characterization of ideal
access structures has been studied by many authors~\cite{BD, CT,JZB,
FP1,FP2,DS1,TD}. In this paper, we characterize ideal -homogeneous access
structures using the independent sequence method. In particular, we prove that
the reduced access structure of is an -threshold access
structure when the optimal information rate of is larger than
, where is a -homogeneous access structure
satisfying specific criteria.Comment: 19 page
On Insecure Uses of BGN for Privacy Preserving Data Aggregation Protocols
The notion of aggregator oblivious (AO) security for privacy preserving data
aggregation was formalized with a specific construction of AO-secure blinding
technique over a cyclic group by Shi et al. Some of proposals of data
aggregation protocols use the blinding technique of Shi et al. for BGN
cryptosystem, an additive homomorphic encryption. Previously, there have been
some security analysis on some of BGN based data aggregation protocols in the
context of integrity or authenticity of data. Even with such security analysis,
the BGN cryptosystem has been a popular building block of privacy preserving
data aggregation protocol. In this paper, we study the privacy issues in the
blinding technique of Shi et al. used for BGN cryptosystem. We show that the
blinding techniques for the BGN cryptosystem used in several protocols are not
privacy preserving against the recipient, the decryptor. Our analysis is based
on the fact that the BGN cryptosystem uses a pairing e:GxG-->G_T and the
existence of the pairing makes the DDH problem on G easy to solve. We also
suggest how to prevent such privacy leakage in the blinding technique of Shi et
al. used for BGN cryptosystem.Comment: 11 page
Efficient Lattice Gadget Decomposition Algorithm with Bounded Uniform Distribution
A gadget decomposition algorithm is commonly used in many advanced lattice cryptography applications which support homomorphic operation over ciphertexts to control the noise growth. For a special structure of a gadget, the algorithm is digit decomposition. If such algorithm samples from a subgaussian distribution, that is, the output is randomized, it gives more benefits on output quality. One of important advantages is Pythagorean additivity which makes resulting noise contained in a ciphertext grow much less than naive digit decomposition. Therefore, the error analysis becomes cleaner and tighter than the use of other measures like and . Even though such advantage can also be achieved by the use of discrete Gaussian sampling, it is not preferable for practical performance due to large factor in resulting noise and the complex computation of exponential function, whereas more relaxed probability condition is required for subgaussian distribution. Nevertheless, subgaussian sampling has
barely received an attention so far, thus no practical algorithms was implemented before an efficient algorithm is presented by Genis et al., recently.
In this paper, we present a practically efficient gadget decomposition algorithm where output follows a subgaussian distribution. We parallelize the existing practical subgaussian gadget decomposition algorithm, using bounded uniform distribution. Our algorithm is divided into two independent subalgorithms and only one algorithm depends on input. Therefore, the other algorithm can be considered as pre-computation.
As an experimental result, our algorithm performs over 50\% better than the existing algorithm
Towards Round-Optimal Secure Multiparty Computations: Multikey FHE without a CRS
Multikey fully homomorphic encryption (MFHE) allows homomorphic operations between ciphertexts encrypted under different keys. In applications for secure multiparty computation (MPC)protocols, MFHE can be more advantageous than usual fully homomorphic encryption (FHE) since
users do not need to agree with a common public key before the computation when using MFHE. In EUROCRYPT 2016, Mukherjee and Wichs constructed a secure MPC protocol in only two rounds via MFHE which deals with a common random/reference string (CRS) in key generation. After then, Brakerski et al.. replaced the role of CRS with the distributed setup for CRS calculation to form a four round secure MPC protocol. Thus, recent improvements in round complexity of MPC protocols have
been made using MFHE.
In this paper, we go further to obtain round-efficient and secure MPC protocols. The underlying MFHE schemes in previous works still involve the common value, CRS, it seems to weaken the power of using
MFHE to allow users to independently generate their own keys. Therefore, we resolve the issue by constructing an MFHE scheme without CRS based on LWE assumption, and then we obtain a secure MPC protocol against semi-malicious security in three rounds
- β¦