Close to Uniform Prime Number Generation With Fewer Random Bits

In this paper, we analyze several variants of a simple method for generating prime numbers with fewer random bits. To generate a prime $p$ less than $x$, the basic idea is to fix a constant $q\propto x^{1-\varepsilon}$, pick a uniformly random $a<q$ coprime to $q$, and choose $p$ of the form $a+t\cdot q$, where only $t$ is updated if the primality test fails. We prove that variants of this approach provide prime generation algorithms requiring few random bits and whose output distribution is close to uniform, under less and less expensive assumptions: first a relatively strong conjecture by H.L. Montgomery, made precise by Friedlander and Granville; then the Extended Riemann Hypothesis; and finally fully unconditionally using the Barban-Davenport-Halberstam theorem. We argue that this approach has a number of desirable properties compared to previous algorithms.Comment: Full version of ICALP 2014 paper. Alternate version of IACR ePrint Report 2011/48

Multi-authority secret-ballot elections with linear work

We present new cryptographic protocols for multi-authority secret ballot elections that guarantee privacy, robustness, and universal verifiability. Application of some novel techniques, in particular the construction of witness hiding/indistinguishable protocols from Cramer, Damgaard and Schoenmakers, and the verifiable secret sharing scheme of Pedersen, reduce the work required by the voter or an authority to a linear number of cryptographic operations in the population size (compared to quadratic in previous schemes). Thus we get significantly closer to a practical election scheme

Strong Secrecy for Multiple Access Channels

We show strongly secret achievable rate regions for two different wiretap multiple-access channel coding problems. In the first problem, each encoder has a private message and both together have a common message to transmit. The encoders have entropy-limited access to common randomness. If no common randomness is available, then the achievable region derived here does not allow for the secret transmission of a common message. The second coding problem assumes that the encoders do not have a common message nor access to common randomness. However, they may have a conferencing link over which they may iteratively exchange rate-limited information. This can be used to form a common message and common randomness to reduce the second coding problem to the first one. We give the example of a channel where the achievable region equals zero without conferencing or common randomness and where conferencing establishes the possibility of secret message transmission. Both coding problems describe practically relevant networks which need to be secured against eavesdropping attacks.Comment: 55 page

On the Communication Complexity of Secure Computation

Information theoretically secure multi-party computation (MPC) is a central primitive of modern cryptography. However, relatively little is known about the communication complexity of this primitive. In this work, we develop powerful information theoretic tools to prove lower bounds on the communication complexity of MPC. We restrict ourselves to a 3-party setting in order to bring out the power of these tools without introducing too many complications. Our techniques include the use of a data processing inequality for residual information - i.e., the gap between mutual information and G\'acs-K\"orner common information, a new information inequality for 3-party protocols, and the idea of distribution switching by which lower bounds computed under certain worst-case scenarios can be shown to apply for the general case. Using these techniques we obtain tight bounds on communication complexity by MPC protocols for various interesting functions. In particular, we show concrete functions that have "communication-ideal" protocols, which achieve the minimum communication simultaneously on all links in the network. Also, we obtain the first explicit example of a function that incurs a higher communication cost than the input length in the secure computation model of Feige, Kilian and Naor (1994), who had shown that such functions exist. We also show that our communication bounds imply tight lower bounds on the amount of randomness required by MPC protocols for many interesting functions.Comment: 37 page

Tomographic Quantum Cryptography

We present a protocol for quantum cryptography in which the data obtained for mismatched bases are used in full for the purpose of quantum state tomography. Eavesdropping on the quantum channel is seriously impeded by requiring that the outcome of the tomography is consistent with unbiased noise in the channel. We study the incoherent eavesdropping attacks that are still permissible and establish under which conditions a secure cryptographic key can be generated. The whole analysis is carried out for channels that transmit quantum systems of any finite dimension.Comment: REVTeX4, 9 pages, 3 figures, 1 tabl

Analysis of property-preservation capabilities of the ROX and ESh hash domain extenders

Two of the most recent and powerful multi-property preserving (MPP) hash domain extension transforms are the Ramdom-Oracle-XOR (ROX) transform and the Enveloped Shoup (ESh) transform. The former was proposed by Andreeva et al. at ASIACRYPT 2007 and the latter was proposed by Bellare and Ristenpart at ICALP 2007. In the existing literature, ten notions of security for hash functions have been considered in analysis of MPP capabilities of domain extension transforms, namely CR, Sec, aSec, eSec (TCR), Pre, aPre, ePre, MAC, PRF, PRO. Andreeva et al. showed that ROX is able to preserve seven properties; namely collision resistance (CR), three flavors of second preimage resistance (Sec, aSec, eSec) and three variants of preimage resistance (Pre, aPre, ePre). Bellare and Ristenpart showed that ESh is capable of preserving five important security notions; namely CR, message authentication code (MAC), pseudorandom function (PRF), pseudorandom oracle (PRO), and target collision resistance (TCR). Nonetheless, there is no further study on these two MPP hash domain extension transforms with regard to the other properties. The aim of this paper is to fill this gap. Firstly, we show that ROX does not preserve two other widely-used and important security notions, namely MAC and PRO. We also show a positive result about ROX, namely that it also preserves PRF. Secondly, we show that ESh does not preserve other four properties, namely Sec, aSec, Pre, and aPre. On the positive side we show that ESh can preserve ePre property. Our results in this paper provide a full picture of the MPP capabilities of both ROX and ESh transforms by completing the property-preservation analysis of these transforms in regard to all ten security notions of interest, namely CR, Sec, aSec, eSec (TCR), Pre, aPre, ePre, MAC, PRF, PRO

A reversible theory of entanglement and its relation to the second law

We consider the manipulation of multipartite entangled states in the limit of many copies under quantum operations that asymptotically cannot generate entanglement. As announced in [Brandao and Plenio, Nature Physics 4, 8 (2008)], and in stark contrast to the manipulation of entanglement under local operations and classical communication, the entanglement shared by two or more parties can be reversibly interconverted in this setting. The unique entanglement measure is identified as the regularized relative entropy of entanglement, which is shown to be equal to a regularized and smoothed version of the logarithmic robustness of entanglement. Here we give a rigorous proof of this result, which is fundamentally based on a certain recent extension of quantum Stein's Lemma proved in [Brandao and Plenio, Commun. Math. 295, 791 (2010)], giving the best measurement strategy for discriminating several copies of an entangled state from an arbitrary sequence of non-entangled states, with an optimal distinguishability rate equal to the regularized relative entropy of entanglement. We moreover analyse the connection of our approach to axiomatic formulations of the second law of thermodynamics.Comment: 21 pages. revised versio

Speeding Up the Wide-Pipe: Secure and Fast Hashing

status: accepte