6 research outputs found
Lower and Upper Bounds for Deniable Public-Key Encryption
A deniable cryptosystem allows a sender and a receiver to
communicate over an insecure channel in such a way that the
communication is still secure even if the adversary can threaten the
parties into revealing their internal states after the execution of
the protocol. This is done by allowing the parties to change their
internal state to make it look like a given ciphertext decrypts to a
message different from what it really decrypts to. Deniable
encryption was in this way introduced to allow to deny a message
exchange and hence combat coercion.
Depending on which parties can be coerced, the security level, the
flavor and the number of rounds of the cryptosystem, it is possible
to define a number of notions of deniable encryption.
In this paper we prove that there does not exist any non-interactive
receiver-deniable cryptosystem with better than polynomial
security. This also shows that it is impossible to construct a
non-interactive bi-deniable public-key encryption scheme with better
than polynomial security. Specifically, we give an explicit bound
relating the security of the scheme to how efficient the scheme is
in terms of key size. Our impossibility result establishes a lower
bound on the security.
As a final contribution we give constructions of deniable public-key
encryption schemes which establishes upper bounds on the security in
terms of key length. There is a gap between our lower and upper
bounds, which leaves the interesting open problem of finding the
tight bounds
Compressing Vector OLE
Oblivious linear-function evaluation (OLE) is a secure two-party protocol allowing a receiver to learn a secret linear combination of a pair of field elements held by a sender. OLE serves as a common building block for secure computation of arithmetic circuits, analogously to the role of oblivious transfer (OT) for boolean circuits.
A useful extension of OLE is vector OLE (VOLE), allowing the receiver to learn a linear combination of two vectors held by the sender. In several applications of OLE, one can replace a large number of instances of OLE by a smaller number of long instances of VOLE. This motivates the goal of amortizing the cost of generating long instances of VOLE.
We suggest a new approach for fast generation of pseudo-random instances of VOLE via a deterministic local expansion of a pair of short correlated seeds and no interaction. This provides the first example of compressing a non-trivial and cryptographically useful correlation with good concrete efficiency. Our VOLE generators can be used to enhance the efficiency of a host of cryptographic applications. These include secure arithmetic computation and non-interactive zero-knowledge proofs with reusable preprocessing.
Our VOLE generators are based on a novel combination of function secret sharing (FSS) for multi-point functions and linear codes in which decoding is intractable. Their security can be based on variants of the learning parity with noise (LPN) assumption over large fields that resist known attacks. We provide several constructions that offer tradeoffs between different efficiency measures and the underlying intractability assumptions
CAPA:The Spirit of Beaver Against Physical Attacks
In this paper we introduce two things: On one hand we introduce the Tile-Probe-and-Fault model, a model generalising the wire-probe model of Ishai et al. extending it to cover both more realistic side-channel leakage scenarios on a chip and also to cover fault and combined attacks. Secondly we introduce CAPA: a combined Countermeasure Against Physical Attacks. Our countermeasure is motivated by our model, and aims to provide security against higher-order SCA, multiple-shot FA and combined attacks. The tile-probe-and-fault model leads one to naturally look (by analogy) at actively secure multi-party computation protocols. Indeed, CAPA draws much inspiration from the MPC protocol SPDZ. So as to demonstrate that the model, and the CAPA countermeasure, are not just theoretical constructions, but could also serve to build practical countermeasures, we present initial experiments of proof-of-concept designs using the CAPA methodology. Namely, a hardware implementation of the KATAN and AES block ciphers, as well as a software bitsliced AES S-box implementation. We demonstrate experimentally that the design can resist second-order DPA attacks, even when the attacker is presented with many hundreds of thousands of traces. In addition our proof-of-concept can also detect faults within our model with high probability in accordance to the methodology