Improved and Formal Proposal for Device Independent Quantum Private Query

In this paper, we propose a novel Quantum Private Query (QPQ) scheme with full Device-Independent certification. To the best of our knowledge, this is the first time we provide such a full DI-QPQ scheme using EPR-pairs. Our proposed scheme exploits self-testing of shared EPR-pairs along with the self-testing of projective measurement operators in a setting where the client and the server do not trust each other. To certify full device independence, we exploit a strategy to self-test a particular class of POVM elements that are used in the protocol. Further, we provide formal security analysis and obtain an upper bound on the maximum cheating probabilities for both the dishonest client as well as the dishonest server.Comment: 33 pages, 2 figure

On Deterministic Polynomial-time Equivalence of Computing the CRT-RSA Secret Keys and Factoring

Let N = pq be the product of two large primes. Consider Chinese remainder theorem-Rivest, Shamir, Adleman (CRT-RSA) with the public encryption exponent e and private decryption exponents dp, dq. It is well known that given any one of dp or dq (or both) one can factorise N in probabilistic poly(log N) time with success probability almost equal to 1. Though this serves all the practical purposes, from theoretical point of view, this is not a deterministic polynomial time algorithm. In this paper, we present a lattice-based deterministic poly(log N) time algorithm that uses both dp, dq (in addition to the public information e, N) to factorise N for certain ranges of dp, dq. We like to stress that proving the equivalence for all the values of dp, dq may be a nontrivial task.Defence Science Journal, 2012, 62(2), pp.122-126, DOI:http://dx.doi.org/10.14429/dsj.62.171

Rotation symmetric Boolean functions---count and cryptographic properties

The article of record as published may be located at http://dx.doi.org/10.1.1.137.6388Rotation symmetric (RotS) Boolean functions have been used as components of different cryptosystems. This class of Boolean functions are invariant under circular translation of indices. Using Burnsideﾒs lemma it can be seen that the number of n-variable rotation symmetric Boolean functions is 2gn, where gn = 1 nPt|n (t) 2n t , and (.) is the Euler phi-function. In this paper, we find the number of short and long cycles of elements in Fn2 having fixed weight, under the RotS action. As a consequence we obtain the number of homogeneous RotS functions having algebraic degree w. Our results make the search space of RotS functions much reduced and we successfully analyzed important cryptographic properties of such functions by executing computer programs. We study RotS bent functions up to 10 variables and observe (experimentally) that there is no homogeneous rotation symmetric bent function having degree > 2. Further, we studied the RotS functions on 5, 6, 7 variables by computer search for correlation immunity and propagation characteristics and found some functions with very good cryptographic properties which were not known earlier

Chosen IV Cryptanalysis on Reduced Round ChaCha and Salsa

Recently, ChaCha20 (the stream cipher ChaCha with 20 rounds) is in the process of being a standard and thus it attracts serious interest in cryptanalysis. The most significant effort to analyse Salsa and ChaCha had been explained by Aumasson et al long back (FSE 2008) and further, only minor improvements could be achieved. In this paper, first we revisit the work of Aumasson et al to provide a clearer insight of the existing attack (2^{248} complexity for ChaCha7, i.e., 7 rounds) and showing certain improvements (complexity around 2^{243}) by exploiting additional Probabilistic Neutral Bits. More importantly, we describe a novel idea that explores proper choice of IVs corresponding to the keys, for which the complexity can be improved further (2^{239}). The choice of IVs corresponding to the keys is the prime observation of this work. We systematically show how a single difference propagates after one round and how the differences can be reduced with proper choices of IVs. For Salsa too (Salsa20/8, i.e., 8 rounds), we get improvement in complexity, reducing it to 2^{245.5} from 2^{247.2} reported by Aumasson et al

The Index j in RC4 is not Pseudo-random due to Non-existence of Finney Cycle

In this very short note we prove that the pseudo-random index j of RC4 is indeed not pseudo-random. This is a simple result that missed our attention for quite a long time. We show that in long term Pr(j = i+1) = 1/N - 1/N^2, instead of the random association 1/N and this happens for the non-existence of the condition S[i] = 1 and j = i+1 that is mandatory for the non-existence of the Finney cycle