1,373 research outputs found
Quantum Algorithm for the Collision Problem
In this note, we give a quantum algorithm that finds collisions in arbitrary
r-to-one functions after only O((N/r)^(1/3)) expected evaluations of the
function. Assuming the function is given by a black box, this is more efficient
than the best possible classical algorithm, even allowing probabilism. We also
give a similar algorithm for finding claws in pairs of functions. Furthermore,
we exhibit a space-time tradeoff for our technique. Our approach uses Grover's
quantum searching algorithm in a novel way.Comment: 8 pages, LaTeX2
Periodic harmonic functions on lattices and points count in positive characteristic
This survey addresses pluri-periodic harmonic functions on lattices with
values in a positive characteristic field. We mention, as a motivation, the
game "Lights Out" following the work of Sutner, Goldwasser-Klostermeyer-Ware,
Barua-Ramakrishnan-Sarkar, Hunzikel-Machiavello-Park e.a.; see also 2 previous
author's preprints for a more detailed account. Our approach explores harmonic
analysis and algebraic geometry over a positive characteristic field. The
Fourier transform allows us to interpret pluri-periods of harmonic functions on
lattices as torsion multi-orders of points on the corresponding affine
algebraic variety.Comment: These are notes on 13p. based on a talk presented during the meeting
"Analysis on Graphs and Fractals", the Cardiff University, 29 May-2 June 2007
(a sattelite meeting of the programme "Analysis on Graphs and its
Applications" at the Isaac Newton Institute from 8 January to 29 June 2007
Revocation in Publicly Verifiable Outsourced Computation
The combination of software-as-a-service and the increasing use of mobile devices gives rise to a considerable difference in computational power between servers and clients. Thus, there is a desire for clients to outsource the evaluation of complex functions to an external server. Servers providing such a service may be rewarded per computation, and as such have an incentive to cheat by returning garbage rather than devoting resources and time to compute a valid result. In this work, we introduce the notion of Revocable Publicly Verifiable Computation (RPVC), where a cheating server is revoked and may not perform future computations (thus incurring a financial penalty). We introduce a Key Distribution Center (KDC) to efficiently handle the generation and distribution of the keys required to support RPVC. The KDC is an authority over entities in the system and enables revocation. We also introduce a notion of blind verification such that results are verifiable (and hence servers can be rewarded or punished) without learning the value. We present a rigorous definitional framework, define a number of new security models and present a construction of such a scheme built upon Key-Policy Attribute-based Encryption.
On formal verification of arithmetic-based cryptographic primitives
Cryptographic primitives are fundamental for information security: they are
used as basic components for cryptographic protocols or public-key
cryptosystems. In many cases, their security proofs consist in showing that
they are reducible to computationally hard problems. Those reductions can be
subtle and tedious, and thus not easily checkable. On top of the proof
assistant Coq, we had implemented in previous work a toolbox for writing and
checking game-based security proofs of cryptographic primitives. In this paper
we describe its extension with number-theoretic capabilities so that it is now
possible to write and check arithmetic-based cryptographic primitives in our
toolbox. We illustrate our work by machine checking the game-based proofs of
unpredictability of the pseudo-random bit generator of Blum, Blum and Shub, and
semantic security of the public-key cryptographic scheme of Goldwasser and
Micali.Comment: 13 page
Quantum Interactive Proofs with Competing Provers
This paper studies quantum refereed games, which are quantum interactive
proof systems with two competing provers: one that tries to convince the
verifier to accept and the other that tries to convince the verifier to reject.
We prove that every language having an ordinary quantum interactive proof
system also has a quantum refereed game in which the verifier exchanges just
one round of messages with each prover. A key part of our proof is the fact
that there exists a single quantum measurement that reliably distinguishes
between mixed states chosen arbitrarily from disjoint convex sets having large
minimal trace distance from one another. We also show how to reduce the
probability of error for some classes of quantum refereed games.Comment: 13 pages, to appear in STACS 200
Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering
Abstract. Traditionally, secure cryptographic algorithms provide security against an adversary who has only black-box access to the secret information of honest parties. However, such models are not always adequate. In particular, the security of these algorithms may completely break under (feasible) attacks that tamper with the secret key. In this paper we propose a theoretical framework to investigate the algorithmic aspects related to tamper-proof security. In particular, we define a model of security against an adversary who is allowed to apply arbitrary feasible functions f to the secret key sk, and obtain the result of the cryptographic algorithms using the new secret key f(sk). We prove that in the most general setting it is impossible to achieve this strong notion of security. We then show minimal additions to the model, which are needed in order to obtain provable security. We prove that these additions are necessary and also sufficient for most common cryptographic primitives, such as encryption and signature schemes. We discuss the applications to portable devices protected by PINs and show how to integrate PIN security into the generic security design. Finally we investigate restrictions of the model in which the tampering powers of the adversary are limited. These restrictions model realistic attacks (like differential fault analysis) that have been demonstrated in practice. In these settings we show security solutions that work even without the additions mentioned above
Making Classical Ground State Spin Computing Fault-Tolerant
We examine a model of classical deterministic computing in which the ground
state of the classical system is a spatial history of the computation. This
model is relevant to quantum dot cellular automata as well as to recent
universal adiabatic quantum computing constructions. In its most primitive
form, systems constructed in this model cannot compute in an error free manner
when working at non-zero temperature. However, by exploiting a mapping between
the partition function for this model and probabilistic classical circuits we
are able to show that it is possible to make this model effectively error free.
We achieve this by using techniques in fault-tolerant classical computing and
the result is that the system can compute effectively error free if the
temperature is below a critical temperature. We further link this model to
computational complexity and show that a certain problem concerning finite
temperature classical spin systems is complete for the complexity class
Merlin-Arthur. This provides an interesting connection between the physical
behavior of certain many-body spin systems and computational complexity.Comment: 24 pages, 1 figur
Non-malleable encryption: simpler, shorter, stronger
In a seminal paper, Dolev et al. [15] introduced the notion of non-malleable encryption (NM-CPA). This notion is very intriguing since it suffices for many applications of chosen-ciphertext secure encryption (IND-CCA), and, yet, can be generically built from semantically secure (IND-CPA) encryption, as was shown in the seminal works by Pass et al. [29] and by Choi et al. [9], the latter of which provided a black-box construction. In this paper we investigate three questions related to NM-CPA security: 1. Can the rate of the construction by Choi et al. of NM-CPA from IND-CPA be improved? 2. Is it possible to achieve multi-bit NM-CPA security more efficiently from a single-bit NM-CPA scheme than from IND-CPA? 3. Is there a notion stronger than NM-CPA that has natural applications and can be achieved from IND-CPA security? We answer all three questions in the positive. First, we improve the rate in the scheme of Choi et al. by a factor O(λ), where λ is the security parameter. Still, encrypting a message of size O(λ) would require ciphertext and keys of size O(λ2) times that of the IND-CPA scheme, even in our improved scheme. Therefore, we show a more efficient domain extension technique for building a λ-bit NM-CPA scheme from a single-bit NM-CPA scheme with keys and ciphertext of size O(λ) times that of the NM-CPA one-bit scheme. To achieve our goal, we define and construct a novel type of continuous non-malleable code (NMC), called secret-state NMC, as we show that standard continuous NMCs are not enough for the natural “encode-then-encrypt-bit-by-bit” approach to work. Finally, we introduce a new security notion for public-key encryption that we dub non-malleability under (chosen-ciphertext) self-destruct attacks (NM-SDA). After showing that NM-SDA is a strict strengthening of NM-CPA and allows for more applications, we nevertheless show that both of our results—(faster) construction from IND-CPA and domain extension from one-bit scheme—also hold for our stronger NM-SDA security. In particular, the notions of IND-CPA, NM-CPA, and NM-SDA security are all equivalent, lying (plausibly, strictly?) below IND-CCA securit
Chosen-ciphertext security from subset sum
We construct a public-key encryption (PKE) scheme whose
security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted. At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012
Searching a bitstream in linear time for the longest substring of any given density
Given an arbitrary bitstream, we consider the problem of finding the longest
substring whose ratio of ones to zeroes equals a given value. The central
result of this paper is an algorithm that solves this problem in linear time.
The method involves (i) reformulating the problem as a constrained walk through
a sparse matrix, and then (ii) developing a data structure for this sparse
matrix that allows us to perform each step of the walk in amortised constant
time. We also give a linear time algorithm to find the longest substring whose
ratio of ones to zeroes is bounded below by a given value. Both problems have
practical relevance to cryptography and bioinformatics.Comment: 22 pages, 19 figures; v2: minor edits and enhancement
- …