585 research outputs found
A Universal Forgery of Hess\u27s Second ID-based Signature against the Known-message Attack
In this paper we propose a universal forgery attack of Hess\u27s second
ID-based signature scheme against the known-message attack
Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma
Multisignatures allow n signers to produce a short joint signature on a single message. Multisignatures were achieved in the plain model with a non-interactive protocol in groups with bilinear maps, by Boneh et al [4], and by a three-round protocol under the Discrete Logarithm (DL) assumption, by Bellare and Neven [3], with mul-tisignature verification cost of, respectively, O(n) pairings or ex-ponentiations. In addition, multisignatures with O(1) verification were shown in so-called Key Verification (KV) model, where each public key is accompanied by a short proof of well-formedness, again either with a non-interactive protocol using bilinear maps, by Ristenpart and Yilek [15], or with a three-round protocol under the Diffie-Hellman assumption, by Bagherzandi and Jarecki [1]. We improve on these results in two ways: First, we show a two-round O(n)-verification multisignature secure under the DL as
Fixed Argument Pairing Inversion on Elliptic Curves
Let be an elliptic curve over a finite field with a power of prime , a prime dividing , and the smallest positive integer satisfying , called embedding degree. Then a bilinear map is defined, called the Tate pairing. And the Ate pairing and other variants are obtained by reducing the domain for each argument and raising it to some power.
In this paper we consider the {\em Fixed Argument Pairing Inversion (FAPI)} problem for the Tate pairing and its variants. In 2012, considering FAPI for the Ate pairing, Kanayama and Okamoto formulated the {\em Exponentiation Inversion (EI)} problem. However the definition gives a somewhat vague description of the hardness of EI. We point out that the described EI can be easily solved, and hence clarify the description so that the problem does contain the actual hardness connection with the prescribed domain for given pairings.
Next we show that inverting the Ate pairing (including other variants of the Tate pairing) defined on the smaller domain is neither easier nor harder than inverting the Tate pairing defined on the lager domain. This is very interesting because it is commonly believed that the structure of the Ate pairing is so simple and good (that is, the Miller length is short, the solution domain is small and has an algebraic structure induced from the Frobenius map) that it may leak some information, thus there would be a chance for attackers to find further approach to solve FAPI for the Ate pairing, differently from the Tate pairing
Fully Homomorphic Encryption over the Integers Revisited
Two main computational problems serve as security foundations of current fully homomorphic encryption schemes: Regev\u27s Learning With Errors problem (LWE) and Howgrave-Graham\u27s Approximate Greatest Common Divisor problem (AGCD). Our first contribution is a reduction from LWE to AGCD. As a second contribution, we describe a new AGCD-based fully homomorphic encryption scheme, which outperforms all prior AGCD-based proposals: its security does not rely on the presumed hardness of the so-called Sparse Subset Sum problem, and the bit-length of a ciphertext is only softO(lambda), where lambda refers to the security parameter
An Approach to Reduce Storage for Homomorphic Computations
We introduce a hybrid homomorphic encryption by combining public key encryption (PKE) and somewhat homomorphic encryption (SHE) to reduce storage for most applications of somewhat or fully homomorphic encryption (FHE). In this model, one encrypts messages with a PKE and computes on encrypted data using a SHE or a FHE after homomorphic decryption.
To obtain efficient homomorphic decryption, our hybrid schemes is constructed by combining IND-CPA PKE schemes without complicated message paddings with SHE schemes with large integer message space. Furthermore, we remark that if the underlying PKE is multiplicative on a domain closed under addition and multiplication, this scheme has an important advantage that one can evaluate a polynomial of arbitrary degree without recryption.
We propose such a scheme by concatenating ElGamal and Goldwasser-Micali scheme over a ring for a composite integer whose message space is .
To be used in practical applications, homomorphic decryption of the base PKE is too expensive. We accelerate the homomorphic evaluation of the decryption by introducing a method to reduce the degree of exponentiation circuit at the cost of additional public keys. Using same technique, we give an efficient solution to the open problem~\cite{KLYC13} partially.
As an independent interest, we obtain another generic conversion method from private key SHE to public key SHE. Differently from Rothblum~\cite{RothTCC11}, it is free to choose the message space of SHE
Probability that the k-gcd of products of positive integers is B-friable
In 1849, Dirichlet~\cite{D49} proved that the probability that two positive integers are relatively prime is 1/\zeta(2). Later, it was generalized into the case that positive integers has no nontrivial th power common divisor.
In this paper, we further generalize this result: the probability that the gcd of m products of n positive integers is B-friable is \prod_{p>B}[1-{1-(1-\frac{1}{p})^{n}}^{m}] for m >= 2. We show that it is lower bounded by \frac{1}{\zeta(s)} for some s>1 if B>n^{\frac{m}{m-1}}, which completes the heuristic proof in the cryptanalysis of cryptographic multilinear maps by Cheon et al.~\cite{CHLRS15}.
We extend this result to the case of -gcd: the probability is
\prod_{p>B}[1-{1-(1-\frac{1}{p})^{n}(1+\frac{_{n}H_{1}}{p}+\cdot\cdot\cdot+\frac{_{n}H_{k-1}}{p^{k-1}})}^{m}], where _{n}H_{i} = n+i-1 \choose i
A NEW APPROACH TO THE DISCRETE LOGARITHM PROBLEM WITH AUXILIARY INPUTS
The discrete logarithm problem with auxiliary inputs is to
solve~ for given elements
of a cyclic group of prime order~.
The best-known algorithm, proposed by Cheon in 2006,
solves in the case of
with running time of
group exponentiations~( or depending on the sign).
There have been several attempts to generalize this algorithm
in the case of for ,
but it has been shown, by Kim, Cheon and Lee, that
they cannot have better complexity than the usual square root algorithms.
We propose a new algorithm to solve the DLPwAI.
The complexity of the algorithm is determined by
a chosen polynomial f \in \F_p[x] of degree .
We show that the proposed algorithm has a running time of
group exponentiations,
where~ is the number of absolutely irreducible factors of .
We note that it is always smaller than .
To obtain a better complexity of the algorithm,
we investigate an upper bound of and
try to find polynomials that achieve the upper bound.
We can find such polynomials in the case of .
In this case, the algorithm has a running time of
group operations
which corresponds with the lower bound in the generic group model.
On the contrary, we show that no polynomial exists that achieves the
upper bound in the case of .
As an independent interest, we present an analysis of a non-uniform
birthday problem.
Precisely, we show that a collision occurs with a high probability after
samplings of balls,
where the probability of assigning balls to the bin is arbitrary
Psychological experiences of Korean missionary “kids” (MKs): A qualitative inquiry
The present study is a qualitative investigation of the psychological experiences of children of Korean missionaries, through the eyes of Korean missionary kids (MKs) and missionary workers. A semi-structured interview was conducted with 11 MKs and MK workers, and data were analysed using the Consensual Qualitative Research method. Several domains emerged: challenges associated with the MK experience, resiliency of MKs, intrapersonal and interpersonal coping skills, mental health concerns, religion and spirituality, a complex cultural identity, preparation for college transition, and hopes for MKs and their missionary parents. Categories corresponding to the domains are highlighted. The present study addresses a need for more attention paid to the non-American MK experience, and it presents some implications for the church and higher educational institutions
Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations
Modular exponentiation in an abelian group is one of the most
frequently used mathematical primitives in modern cryptography.
{\em Batch verification} is to verify many exponentiations
simultaneously. We propose two fast batch verification algorithms.
The first one makes use of exponents with small weight, called
{\em sparse exponents}, which is asymptotically 10 times faster
than the individual verification and twice faster than the
previous works without security loss. The second one is applied
only to elliptic curves defined over small finite fields. Using
sparse Frobenius expansion with small integer coefficients, we
propose a complex exponent test which is four times faster than
the previous works. For example, each exponentiation in one batch
requires asymptotically 9 elliptic curve additions in some
elliptic curves for security
Fully Secure Anonymous Hierarchical Identity-Based Encryption with Constant Size Ciphertexts
Efficient and privacy-preserving constructions for search functionality on encrypted
data is important issues for data outsourcing, and data retrieval, etc. Fully secure anonymous
Hierarchical ID-Based Encryption (HIBE) schemes is useful primitives that can be applicable to
searchable encryptions [4], such as ID-based searchable encryption, temporary searchable encryption [1], and anonymous forward secure HIBE [9]. We propose a fully secure anonymous HIBE scheme with constant size ciphertexts
- …