18 research outputs found
Balanced Boolean Functions with Optimum Algebraic Immunity and High Nonlinearity
In this paper, three constructions of balanced Boolean functions with optimum algebraic immunity are proposed. The cryptographical properties such as algebraic degree and nonlinearity of the constructed functions are also analyzed
Is Vertical Logistic Regression Privacy-Preserving? A Comprehensive Privacy Analysis and Beyond
We consider vertical logistic regression (VLR) trained with mini-batch
gradient descent -- a setting which has attracted growing interest among
industries and proven to be useful in a wide range of applications including
finance and medical research. We provide a comprehensive and rigorous privacy
analysis of VLR in a class of open-source Federated Learning frameworks, where
the protocols might differ between one another, yet a procedure of obtaining
local gradients is implicitly shared. We first consider the honest-but-curious
threat model, in which the detailed implementation of protocol is neglected and
only the shared procedure is assumed, which we abstract as an oracle. We find
that even under this general setting, single-dimension feature and label can
still be recovered from the other party under suitable constraints of batch
size, thus demonstrating the potential vulnerability of all frameworks
following the same philosophy. Then we look into a popular instantiation of the
protocol based on Homomorphic Encryption (HE). We propose an active attack that
significantly weaken the constraints on batch size in the previous analysis via
generating and compressing auxiliary ciphertext. To address the privacy leakage
within the HE-based protocol, we develop a simple-yet-effective countermeasure
based on Differential Privacy (DP), and provide both utility and privacy
guarantees for the updated algorithm. Finally, we empirically verify the
effectiveness of our attack and defense on benchmark datasets. Altogether, our
findings suggest that all vertical federated learning frameworks that solely
depend on HE might contain severe privacy risks, and DP, which has already
demonstrated its power in horizontal federated learning, can also play a
crucial role in the vertical setting, especially when coupled with HE or secure
multi-party computation (MPC) techniques
Related-Key Differential Attack on Round Reduced RECTANGLE-80
RECTANGLE is a newly proposed lightweight block cipher which allows fast implementations for multiple platforms by using bit-slice techniques. It is an iterative 25-round SPN block cipher with a 64-bit block size and a 80-bit or 128-bit key size. Until now, the results on analyzing the cipher are not too much, which includes an attack on the 18-round reduced version proposed by the designers themselves. In this paper, we find all 15-round differential characteristics with 26--30 active S-boxes for given input, output and round subkey differences, which have a total probability . Based on these differential characteristics, we extend the corresponding distinguisher to 2 rounds backward and forward respectively, and propose an attack on the 19-round reduced RECTANGLE-80 with data complexity of plaintexts, time complexity of about encryptions and memory complexity of . TThese data and time complexities are much lower than that of the designers for the 18-round reduced RECTANGLE-80
Solving Small Exponential ECDLP in EC-based Additively Homomorphic Encryption and Applications
Additively Homomorphic Encryption (AHE) has been widely used in various applications, such as federated learning, blockchain, and online auctions. Elliptic Curve (EC) based AHE has the advantages of efficient encryption, homomorphic addition, scalar multiplication algorithms, and short ciphertext length. However, EC-based AHE schemes require solving a small exponential Elliptic Curve Discrete Logarithm Problem (ECDLP) when running the decryption algorithm, i.e., recovering the plaintext from . Therefore, the decryption of EC-based AHE schemes is inefficient when the plaintext length . This leads to people being more inclined to use RSA-based AHE schemes rather than EC-based ones.
This paper proposes an efficient algorithm called for solving the small exponential ECDLP at -bit security level. We perform a series of deep optimizations from two points: computation and memory overhead. These optimizations ensure efficient decryption when the plaintext length is as long as possible in practice. Moreover, we also provide a concrete implementation and apply to some specific applications. Experimental results show that is far faster than the previous works. For example, the decryption can be done in ms with a single thread when , which is about times faster than that of Paillier. Furthermore, we experiment with from to , and the existing works generally only consider . The decryption only requires second with threads when . In the practical applications, we can speed up model training of existing vertical federated learning frameworks by to times. At the same time, the decryption efficiency is accelerated by about times in a blockchain financial system (ESORICS 2021) with the same memory overhead
Improved Differential Analysis of Block Cipher PRIDE
In CRYPTO 2014 Albrecht \emph{et al.} brought in a 20-round iterative lightweight block
cipher PRIDE which is based on a good linear layer for achieving a
tradeoff between security and efficiency. A recent
analysis is presented by Zhao \emph{et al.}. Inspired by their work, we use an
automatic search method to find out 56 iterative differential characteristics of PRIDE, containing 24
1-round iterative characteristics, based on three of them we construct a 15-round differential and perform a differential attack on the 19-round PRIDE, with data,
time and memory
complexity of , and respectively