Composability in quantum cryptography

In this article, we review several aspects of composability in the context of quantum cryptography. The first part is devoted to key distribution. We discuss the security criteria that a quantum key distribution protocol must fulfill to allow its safe use within a larger security application (e.g., for secure message transmission). To illustrate the practical use of composability, we show how to generate a continuous key stream by sequentially composing rounds of a quantum key distribution protocol. In a second part, we take a more general point of view, which is necessary for the study of cryptographic situations involving, for example, mutually distrustful parties. We explain the universal composability framework and state the composition theorem which guarantees that secure protocols can securely be composed to larger applicationsComment: 18 pages, 2 figure

A Polly Cracker system based on Satisfiability

This paper presents a public-key cryptosystem based on a subclass of the well-known satisfiability problem from propositional logic, namely the doubly-balanced 3-sat problem. We first describe the construction of an instance of our system starting from such a 3-sat formula. Then we discuss security issues: this is achieved on the one hand by exploring best methods to date for solving this particular problem, and on the other hand by studying (systems of multivariate) polynomial equation solving algorithms in this particular setting. The result of our investigations is that both types of method fail to break our instances. We end the paper with some complexity considerations and implementation results

Cryptanalysis of an authentication scheme using truncated polynomials

10.1016/j.ipl.2009.04.011Information Processing Letters10915861-863IFPL

Basic Algorithms for Rational Function Fields

AbstractBy means of Gröbner basis techniques algorithms for solving various problems concerning subfields K(g):=K(g1, …,gm) of a rational function field K(x):=K(x1, …,xn) are derived: computing canonical generating sets, deciding field membership, computing the degree and separability degree resp. the transcendence degree and a transcendence basis of K(x)/K(g), deciding whetherf∈K(x) is algebraic or transcendental over K(g), computing minimal polynomials, and deciding whether K(g) contains elements of a “particular structure”, e.g. monic univariate polynomials of fixed degree. The essential idea is to reduce these problems to questions concerning an ideal of a polynomial ring; connections between minimal primary decompositions over K(x) of this ideal and intermediate fields of K(g) and K(x) are given. In the last section some practical considerations concerning the use of the algorithms are discussed

Progressive lattice sieving

Most algorithms for hard lattice problems are based on the principle of rank reduction: to solve a problem in a d-dimensional lattice, one first solves one or more problem instances in a sublattice of rank d–1, and then uses this information to find a solution to the original problem. Existing lattice sieving methods, however, tackle lattice problems such as the shortest vector problem (SVP) directly, and work with the full-rank lattice from the start. Lattice sieving further seems to benefit less from starting with reduced bases than other methods, and finding an approximate solution almost takes as long as finding an exact solution. These properties currently set sieving apart from other methods. In this work we consider a progressive approach to lattice sieving, where we gradually introduce new basis vectors only when the sieve has stabilized on the previous basis vectors. This leads to improved (heuristic) guarantees on finding approximate shortest vectors, a bigger practical impact of the quality of the basis on the run-time, better memory management, a smoother and more predictable behavior of the algorithm, and significantly faster convergence – compared to traditional approaches, we save between a factor 20 to 40 in the time complexity for SVP

Kryptoanalyse der Ruland/Schweitzer-Signatur von Bitstroemen

Available from TIB Hannover: RR 631(2001,2) / FIZ - Fachinformationszzentrum Karlsruhe / TIB - Technische InformationsbibliothekSIGLEDEGerman