3,286 research outputs found
Concurrent Knowledge-Extraction in the Public-Key Model
Knowledge extraction is a fundamental notion, modelling machine possession of
values (witnesses) in a computational complexity sense. The notion provides an
essential tool for cryptographic protocol design and analysis, enabling one to
argue about the internal state of protocol players without ever looking at this
supposedly secret state. However, when transactions are concurrent (e.g., over
the Internet) with players possessing public-keys (as is common in
cryptography), assuring that entities ``know'' what they claim to know, where
adversaries may be well coordinated across different transactions, turns out to
be much more subtle and in need of re-examination. Here, we investigate how to
formally treat knowledge possession by parties (with registered public-keys)
interacting over the Internet. Stated more technically, we look into the
relative power of the notion of ``concurrent knowledge-extraction'' (CKE) in
the concurrent zero-knowledge (CZK) bare public-key (BPK) model.Comment: 38 pages, 4 figure
Rearrangeable Networks with Limited Depth
Rearrangeable networks are switching systems capable of establishing simultaneous independent communication paths in accordance with any one-to-one correspondence between their n inputs and n outputs. Classical results show that Ω( n log n ) switches are necessary and that O( n log n ) switches are sufficient for such networks. We are interested in the minimum possible number of switches in rearrangeable networks in which the depth (the length of the longest path from an input to an output) is at most k, where k is fixed as n increases. We show that Ω( n1 + 1/k ) switches are necessary and that O( n1 + 1/k ( log n )1/k ) switches are sufficient for such networks
Brightest galaxies as halo centre tracers in SDSS DR7
Determining the positions of halo centres in large-scale structure surveys is
crucial for many cosmological studies. A common assumption is that halo centres
correspond to the location of their brightest member galaxies. In this paper,
we study the dynamics of brightest galaxies with respect to other halo members
in the Sloan Digital Sky Survey DR7. Specifically, we look at the line-of-sight
velocity and spatial offsets between brightest galaxies and their neighbours.
We compare those to detailed mock catalogues, constructed from high-resolution,
dark-matter-only -body simulations, in which it is assumed that satellite
galaxies trace dark matter subhaloes. This allows us to place constraints on
the fraction of haloes in which the brightest galaxy is not the
central. Compared to previous studies we explicitly take into account the
unrelaxed state of the host haloes, velocity offsets of halo cores and
correlations between and the satellite occupation. We find that
strongly decreases with the luminosity of the brightest galaxy
and increases with the mass of the host halo. Overall, in the halo mass range
we find , in good
agreement with a previous study by Skibba et al. We discuss the implications of
these findings for studies inferring the galaxy--halo connection from satellite
kinematics, models of the conditional luminosity function and galaxy formation
in general.Comment: 24 pages, 15 figures. Accepted for publication in MNRA
Generalized Tsirelson Inequalities, Commuting-Operator Provers, and Multi-Prover Interactive Proof Systems
A central question in quantum information theory and computational complexity
is how powerful nonlocal strategies are in cooperative games with imperfect
information, such as multi-prover interactive proof systems. This paper
develops a new method for proving limits of nonlocal strategies that make use
of prior entanglement among players (or, provers, in the terminology of
multi-prover interactive proofs). Instead of proving the limits for usual
isolated provers who initially share entanglement, this paper proves the limits
for "commuting-operator provers", who share private space, but can apply only
such operators that are commutative with any operator applied by other provers.
Commuting-operator provers are at least as powerful as usual isolated but
prior-entangled provers, and thus, limits for commuting-operator provers
immediately give limits for usual entangled provers. Using this method, we
obtain an n-party generalization of the Tsirelson bound for the Clauser-Horne-
Shimony-Holt inequality for every n. Our bounds are tight in the sense that, in
every n-party case, the equality is achievable by a usual nonlocal strategy
with prior entanglement. We also apply our method to a 3-prover 1-round binary
interactive proof for NEXP. Combined with the technique developed by Kempe,
Kobayashi, Matsumoto, Toner and Vidick to analyze the soundness of the proof
system, it is proved to be NP-hard to distinguish whether the entangled value
of a 3-prover 1-round binary-answer game is equal to 1 or at most 1-1/p(n) for
some polynomial p, where n is the number of questions. This is in contrast to
the 2-prover 1-round binary-answer case, where the corresponding problem is
efficiently decidable. Alternatively, NEXP has a 3-prover 1-round binary
interactive proof system with perfect completeness and soundness 1-2^{-poly}.Comment: 20 pages. v2: An incorrect statement in the abstract about the
two-party case is corrected. Relation between this work and a preliminary
work by Sun, Yao and Preda is clarifie
A New Family of Implicitly Authenticated Diffie-Hellman Protocols
Cryptography algorithm standards play a key role both to the practice of information security and to cryptography theory research. Among them, the MQV and HMQV protocols ((H)MQV, in
short) are a family of implicitly authenticated Diffie-Hellman key-exchange (DHKE) protocols that are among the most efficient and are widely standardized. In this work, from some new perspectives
and under some new design rationales, and also inspired by the security analysis of HMQV, we develop a new family of practical implicitly authenticated DHKE (IA-DHKE) protocols, which enjoy
notable performance among security, efficiency, privacy, fairness and easy deployment. We make detailed comparisons between our new protocols and (H)MQV, showing that the newly developed
protocols outperform HMQV in most aspects. Very briefly speaking, we achieve:
1. The most efficient provably secure IA-DHKE protocol to date, and the first online-optimal provably secure IA-DHKE protocols.
2. The first IA-DHKE protocol that is provably secure, resilience to the leakage of DH components and exponents, under merely standard assumptions without additionally relying on the knowledge-of-exponent assumption (KEA).
3. The first provably secure privacy-preserving and computationally fair IA-DHKE protocol, with privacy-preserving properties of reasonable deniability and post-ID computability and the property
of session-key computational fairness.
Guided by our new design rationales, in this work we also formalize and introduce some new concept, say session-key computational fairness (as a complement to session-key security), to the literature
Computationally-Fair Group and Identity-Based Key-Exchange
In this work, we re-examine some fundamental group key-exchange and identity-based key-exchange protocols, specifically the Burmester-Desmedet group key-exchange protocol [7] (re-ferred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol [9]
(referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are not computationally fair. Specifically, with our attacks, an
adversary can do the following damages:
(1) It can compute the session-key output with much lesser computational complexity than that of the victim honest player, and can maliciously nullify the contributions from the victim honest players.
(2) It can set the session-key output to be some pre-determined value, which can be efficiently and publicly computed without knowing any secrecy supposed to be held by the attacker.
We remark these attacks are beyond the traditional security models for group key-exchange and identity-based key-exchange.
Then, based on the computationally fair Diffie-Hellman key-
exchange in [21], we present some fixing approaches, and prove that the fixed protocols are computationally fair
- …