10 research outputs found
IMPROVING THE ROUND COMPLEXITY OF IDEAL-CIPHER CONSTRUCTIONS
Block ciphers are an essential ingredient of modern cryptography.
They are widely used as building blocks in many cryptographic constructions
such as encryption schemes, hash functions etc.
The security of block ciphers is not currently
known to reduce to well-studied, easily formulated, computational
problems.
Nevertheless, modern block-cipher constructions
are far from ad-hoc,
and a strong theory for their design has been developed.
Two classical paradigms for block cipher design are the Feistel network and the
key-alternating cipher (which is encompassed by the popular
substitution-permutation network).
Both of these paradigms that are iterated structures
that involve applications of random-looking functions/permutations
over many rounds.
An important area of research is to understand the provable
security guarantees offered by these classical design paradigms for block cipher constructions.
This can be done using a security notion called indifferentiability which formalizes
what it means for a block cipher to be ideal.
In particular, this notion allows us to assert the structural robustness
of a block cipher design.
In this thesis, we apply the indifferentiability notion to the two classical paradigms
mentioned above and improve upon the previously known round complexity
in both cases.
Specifically, we make the following two contributions:
(1) We show that a 10-round Feistel network behaves as an ideal block cipher
when the keyed round functions are built using a random oracle.
(2) We show that a 5-round key-alternating cipher (also known as the iterated Even-Mansour
construction) with identical round keys behaves as an ideal block cipher when the round permutations are independent, public random permutations
The Multi-user Security of GCM, Revisited: Tight Bounds for Nonce Randomization
Multi-user (mu) security considers large-scale attackers (e.g., state
actors) that given access to a number of sessions, attempt to
compromise {\em at least} one of them. Mu security of authenticated
encryption (AE) was explicitly considered in the development of TLS
1.3.
This paper revisits the mu security of GCM, which remains to date the most widely used dedicated AE mode. We provide new concrete security
bounds which improve upon previous work by adopting a refined
parameterization of adversarial resources that highlights the impact
on security of (1) nonce re-use across users and of (2) re-keying.
As one of the main applications, we give tight security bounds for the
nonce-randomization mechanism adopted in the record protocol of TLS
1.3 as a mitigation of large-scale multi-user attacks. We provide
tight security bounds that yield the first validation of this
method. In particular, we solve the main open question of Bellare and
Tackmann (CRYPTO \u2716), who only considered restricted attackers which do not attempt to violate integrity, and only gave non-tight bounds
Byzantine Resilient Computing with the Cloud
We study a framework for modeling distributed network systems assisted by a
reliable and powerful cloud service. Our framework aims at capturing hybrid
systems based on a point to point message passing network of machines, with the
additional capability of being able to access the services of a trusted
high-performance external entity (the cloud). We focus on one concrete aspect
that was not studied before, namely, ways of utilizing the cloud assistance in
order to attain increased resilience against Byzantine behavior of machines in
the network. Our network is modeled as a congested clique comprising
machines that are completely connected to form a clique and can communicate
with each other by passing small messages. In every execution, up to
machines (for suitable values of ) are allowed to be
Byzantine, i.e., behave maliciously including colluding with each other, with
the remaining or more machines being \emph{honest} (for
). Additionally, the machines in our congested clique can
access data through a trusted cloud via queries. This externality of the data
captures many real-world distributed computing scenarios and provides a natural
context for exploring Byzantine resilience for essentially all conceivable
problems. Moreover, we are no longer bound by the usual limits of
or even that are typically seen in Byzantine Agreement. We focus
on a few fundamental problems. We start with the problem,
wherein the cloud stores bits and these bits must be downloaded to all
of the machines. In addition to , we also consider the
problem of computing the and of
the bits in the cloud. We study these problems under several settings
comprising various values and adversarial capabilities.Comment: 54 page
Verifiable Oblivious Storage
We formalize the notion of Verifiable Oblivious Storage (VOS), where a client outsources the storage of data to a server while ensuring data confidentiality, access pattern privacy, and integrity and freshness of data accesses. VOS generalizes the notion of Oblivious RAM (ORAM) in that it allows the server to perform computation, and also explicitly considers data integrity and freshness.
We show that allowing server-side computation enables us to
construct asymptotically more efficient VOS schemes whose bandwidth overhead cannot be matched by any ORAM scheme, due to a known lower bound by Goldreich and Ostrovsky. Specifically, for large block sizes
we can construct a VOS scheme with constant bandwidth per query; further, answering queries requires only poly-logarithmic
server computation. We describe applications of VOS to Dynamic Proofs of Retrievability, and RAM-model secure multi-party computation
Provable Security of (Tweakable) Block Ciphers Based on Substitution-Permutation Networks
Substitution-Permutation Networks (SPNs) refer to a family
of constructions which build a wn-bit block cipher from n-bit public
permutations (often called S-boxes), which alternate keyless and “local”
substitution steps utilizing such S-boxes, with keyed and “global” permu-
tation steps which are non-cryptographic. Many widely deployed block
ciphers are constructed based on the SPNs, but there are essentially no
provable-security results about SPNs.
In this work, we initiate a comprehensive study of the provable security
of SPNs as (possibly tweakable) wn-bit block ciphers, when the underlying
n-bit permutation is modeled as a public random permutation. When the
permutation step is linear (which is the case for most existing designs),
we show that 3 SPN rounds are necessary and sufficient for security. On
the other hand, even 1-round SPNs can be secure when non-linearity
is allowed. Moreover, 2-round non-linear SPNs can achieve “beyond-
birthday” (up to 2 2n/3 adversarial queries) security, and, as the number
of non-linear rounds increases, our bounds are meaningful for the number
of queries approaching 2 n . Finally, our non-linear SPNs can be made
tweakable by incorporating the tweak into the permutation layer, and
provide good multi-user security.
As an application, our construction can turn two public n-bit permuta-
tions (or fixed-key block ciphers) into a tweakable block cipher working
on wn-bit inputs, 6n-bit key and an n-bit tweak (for any w ≥ 2); the
tweakable block cipher provides security up to 2 2n/3 adversarial queries
in the random permutation model, while only requiring w calls to each
permutation, and 3w field multiplications for each wn-bit input
Provable Security of Substitution-Permutation Networks
Many modern block ciphers are constructed based on the paradigm of substitution-permutation networks (SPNs). But, somewhat surprisingly---especially in comparison with Feistel networks, which have been analyzed by dozens of papers going back to the seminal work of Luby and Rackoff---there are essentially no provable-security results about SPNs. In this work, we initiate a comprehensive study of the security of SPNs as strong pseudorandom permutations when the underlying -box is modeled as a public random permutation. We show that 3~rounds of S-boxes are necessary and sufficient for secure linear SPNs, but that even 1-round SPNs can be secure when non-linearity is allowed.
Additionally, our results imply security in settings where an SPN structure is used for domain extension of a block cipher, even when the attacker has direct access to the small-domain block cipher
Role of matrix metalloproteinases in multi-system inflammatory syndrome and acute COVID-19 in children
INTRODUCTION: Multisystem Inflammatory Syndrome in children (MIS-C) is a serious inflammatory sequela of SARS-CoV2 infection. The pathogenesis of MIS-C is vague and matrix metalloproteinases (MMPs) may have an important role. Matrix metalloproteinases (MMPs) are known drivers of lung pathology in many diseases. METHODS: To elucidate the role of MMPs in pathogenesis of pediatric COVID-19, we examined their plasma levels in MIS-C and acute COVID-19 children and compared them to convalescent COVID-19 and children with other common tropical diseases (with overlapping clinical manifestations). RESULTS: Children with MIS-C had elevated levels of MMPs (P < 0.005 statistically significant) in comparison to acute COVID-19, other tropical diseases (Dengue fever, typhoid fever, and scrub typhus fever) and convalescent COVID-19 children. PCA and ROC analysis (sensitivity 84–100% and specificity 80–100%) showed that MMP-8, 12, 13 could help distinguish MIS-C from acute COVID-19 and other tropical diseases with high sensitivity and specificity. Among MIS-C children, elevated levels of MMPs were seen in children requiring intensive care unit admission as compared to children not needing intensive care. Similar findings were noted when children with severe/moderate COVID-19 were compared to children with mild COVID-19. Finally, MMP levels exhibited significant correlation with laboratory parameters, including lymphocyte counts, CRP, D-dimer, Ferritin and Sodium levels. DISCUSSION: Our findings suggest that MMPs play a pivotal role in the pathogenesis of MIS-C and COVID-19 in children and may help distinguish MIS-C from other conditions with overlapping clinical presentation