Tight security bounds for multiple encryption

Multiple encryption---the practice of composing a blockcipher several times with itself under independent keys---has received considerable attention of late from the standpoint of provable security. Despite these efforts proving definitive security bounds (i.e., with matching attacks) has remained elusive even for the special case of triple encryption. In this paper we close the gap by improving both the best known attacks and best known provable security, so that both bounds match. Our results apply for arbitrary number of rounds and show that the security of $\ell$-round multiple encryption is precisely $\exp(\kappa + \min\{\kappa (\ell\u27-2)/2), n (\ell\u27-2)/\ell\u27\})$ where $\exp(t) = 2^t$ and where $\ell\u27 = 2\lceil \ell/2\rceil$ is the even integer closest to $\ell$ and greater than or equal to $\ell$, for all $\ell \geq 1$. Our technique is based on Patarin\u27s H-coefficient method and reuses a combinatorial result of Chen and Steinberger originally required in the context of key-alternating ciphers

Indifferentiability of 8-Round Feistel Networks

We prove that a balanced 8-round Feistel network is indifferentiable from a random permutation. This result comes on the heels of (and is part of the same body of work as) a 10-round indifferentiability result for Feistel network recently announced by the same team of authors. The current 8-round simulator achieves similar security, query complexity and runtime as the 10-round simulator and is not significantly more involved. The security of our simulator is also slightly better than the security of the 14-round simulator of Holenstein et al. for essentially the same runtime and query complexity

Indifferentiability of 10-Round Feistel Networks

We prove that a (balanced) 10-round Feistel network is indifferentiable from a random permutation. In a previous seminal result, Holenstein et al. had established indifferentiability of Feistel at 14 rounds. Our simulator achieves security $O(q^8/2^n)$ and query complexity $O(q^4)$, where $n$ is half the block length, similarly to the 14-round simulator of Holenstein et al., so that our result is a strict (and also the first) improvement of that work. Our simulator is very similar to a 10-round simulator of Seurin that was subsequently found to be flawed. Indeed, the main change of our simulator is to switch to FIFO path completion from LIFO path completion. This relatively minor change results in an overall significant paradigm shift, including a conceptually simpler proof

Machine-checked proofs for cryptographic standards indifferentiability of SPONGE and secure high-assurance implementations of SHA-3

We present a high-assurance and high-speed implementation of the SHA-3 hash function. Our implementation is written in the Jasmin programming language, and is formally verified for functional correctness, provable security and timing attack resistance in the EasyCrypt proof assistant. Our implementation is the first to achieve simultaneously the four desirable properties (efficiency, correctness, provable security, and side-channel protection) for a non-trivial cryptographic primitive.Concretely, our mechanized proofs show that: 1) the SHA-3 hash function is indifferentiable from a random oracle, and thus is resistant against collision, first and second preimage attacks; 2) the SHA-3 hash function is correctly implemented by a vectorized x86 implementation. Furthermore, the implementation is provably protected against timing attacks in an idealized model of timing leaks. The proofs include new EasyCrypt libraries of independent interest for programmable random oracles and modular indifferentiability proofs.This work received support from the National Institute of Standards and Technologies under agreement number 60NANB15D248.This work was partially supported by Office of Naval Research under projects N00014-12-1-0914, N00014-15-1-2750 and N00014-19-1-2292.This work was partially funded by national funds via the Portuguese Foundation for Science and Technology (FCT) in the context of project PTDC/CCI-INF/31698/2017. Manuel Barbosa was supported by grant SFRH/BSAB/143018/2018 awarded by the FCT.This work was supported in part by the National Science Foundation under grant number 1801564.This work was supported in part by the FutureTPM project of the Horizon 2020 Framework Programme of the European Union, under GA number 779391.This work was supported by the ANR Scrypt project, grant number ANR-18-CE25-0014.This work was supported by the ANR TECAP project, grant number ANR-17-CE39-0004-01

The Security of Multiple Encryption in the Ideal Cipher Model

Multiple encryption - the practice of composing a blockcipher several times with itself under independent keys - has received considerable attention of late from the standpoint of provable security. Despite these efforts proving definitive security bounds (i.e., with matching attacks) has remained elusive even for the special case of triple encryption. In this paper we close the gap by improving both the best known attacks and best known provable security, so that both bounds match. Our results apply for arbitrary number of rounds and show that the security of ℓ-round multiple encryption is precisely exp(k+min{k(ℓ′-2)/2), n(ℓ′-2)/ℓ′}) where exp(t) = 2t and where ell;′ = 2⌈ell;/2⌉ is the smallest even integer greater than or equal to ℓ, for all ℓ ≥ 1. Our technique is based on Patarin's H-coefficient method and relies on a combinatorial result of Chen and Steinberger originally required in the context of key-alternating ciphers. © 2014 International Association for Cryptologic Research.status: publishe

Defining hospital community benefit activities using Delphi technique: A comparison between China and the United States.

IntroductionCurrently there is no expert consensus regarding what activities and programs constitute hospital community benefits. In China, the hospital community benefit movement started gaining attention after the recent health care system reform in 2009. In the United States, the Internal Revenue Service and the nonprofit hospital sector have struggled to define community benefit for many years. More recently, under the Affordable Care Act (ACA)'s new "community benefit" requirements, nonprofit hospitals further developed these benefits to qualify for 501(c)(3) tax exempt status.MethodsThe Delphi survey method was used to explore activities and/or programs that are considered to be hospital community benefits in China and the United States. Twenty Chinese and 19 American of academics, senior hospital managers and policy makers were recruited as experts and participated in two rounds of surveys. The survey questionnaire was first developed in China using the 5-point Likert scale to rate the support for certain hospital community benefits activities; it was then translated into English. The questionnaires were modified after the first round of Delphi. After two rounds of surveys, only responses with a minimum of 70 percent support rate were accepted by the research team.ResultsDelphi survey results show that experts from China and the U.S. agree on 68.75 percent of HCB activities and/ or programs, including emergency preparedness, social benefit activities, bad debt /Medicaid shortfall, disaster relief, environmental protection, health promotion and education, education and research, charity care, medical services with positive externality, provision of low profit services, and sliding scale fees.ConclusionsIn China, experts believe that healthcare is a "human right" and that the government has the main responsibility of ensuring affordable access to healthcare for its citizens. Meanwhile, healthcare is considered a commodity in the U.S., and many Americans, especially those who are vulnerable and low-income, are not able to afford and access needed healthcare services. Though the U.S. government recognized the importance of community benefit and included a section in the ACA that outlines new community benefit requirements for nonprofit hospitals, there is a need to issue specific policies regarding the amounts and types of community benefits non-profit hospitals should provide to receive tax exemption status

How to Build Pseudorandom Functions From Public Random Permutations

Contains fulltext : 207814.pdf (preprint version ) (Open Access) Contains fulltext : 207814.pdf (Publisher’s version ) (Open Access)Advances in Cryptology – CRYPTO 2019: 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 201

Potentiating Functional Antigen-specific CD8+ T Cell Immunity by a Novel PD1 Isoform-based Fusion DNA Vaccine

Understanding and identifying new ways of mounting an effective CD8(+) T cell immune response is important for eliminating infectious pathogens. Although upregulated programmed death-1 (PD1) in chronic infections (such as HIV-1 and tuberculosis) impedes T cell responses, blocking this PD1/PD-L pathway could functionally rescue the “exhausted” T cells. However, there exists a number of PD1 spliced variants with unknown biological function. Here, we identified a new isoform of human PD1 (Δ42PD1) that contains a 42-nucleotide in-frame deletion located at exon 2 domain found expressed in peripheral blood mononuclear cells (PBMCs). Δ42PD1 appears to function distinctly from PD1, as it does not engage PD-L1/PD-L2 but its recombinant form could induce proinflammatory cytokines. We utilized Δ42PD1 as an intramolecular adjuvant to develop a fusion DNA vaccine with HIV-1 Gag p24 antigen to immunize mice, which elicited a significantly enhanced level of anti-p24 IgG1/IgG2a antibody titers, and important p24-specific and tetramer(+)CD8(+) T cells responses that lasted for ≥7.5 months. Furthermore, p24-specific CD8(+) T cells remain functionally improved in proliferative and cytolytic capacities. Importantly, the enhanced antigen-specific immunity protected mice against pathogenic viral challenge and tumor growth. Thus, this newly identified PD1 variant (Δ42PD1) amplifies the generation of antigen-specific CD8(+) T cell immunity when used in a DNA vaccine