65 research outputs found
On Proactive Verifiable Secret Sharing Schemes
The paper has been presented at the International Conference Pioneers of Bulgarian
Mathematics, Dedicated to Nikola Obreshkoff and Lubomir Tschakaloff , Sofia, July, 2006.
The material in this paper was presented in part at the 11th Workshop on Selected Areas in Cryptography (SAC) 2004This paper investigates the security of Proactive Secret Sharing
Schemes. We first consider the approach of using commitment to 0 in the
renewal phase in order to refresh the player's shares and we present two types
of attacks in the information theoretic case. Then we prove the conditions
for the security of such a proactive scheme. Proactivity can be added also
using re-sharing instead of commitment to 0. We investigate this alternative
approach too and describe two protocols. We also show that both techniques
are not secure against a mobile adversary.
To summarize we generalize the existing threshold protocols to protocols
for general access structure. Besides this, we propose attacks against the
existing proactive verifiable secret sharing schemes, and give modifications
of the schemes that resist these attacks
On Distributed Oblivious Transfer
The paper has been presented at the International Conference Pioneers of Bulgarian Mathematics, Dedicated to Nikola Obreshkoff and Lubomir Tschakaloff , Sofia, July, 2006. The material in this paper was presented in part at INDOCRYPT 2002This paper is about unconditionally secure distributed protocols
for oblivious transfer, as proposed by Naor and Pinkas and generalized by
Blundo et al. In this setting a Sender has ζ secrets and a Receiver is
interested in one of them. The Sender distributes the information about
the secrets to n servers, and a Receiver must contact a threshold of the
servers in order to compute the secret. We present a non-existence result
and a lower bound for the existence of one-round, threshold, distributed
oblivious transfer protocols, generalizing the results of Blundo et al. A
threshold based construction implementing 1-out-of-ζ distributed oblivious
transfer achieving this lower bound is described. A condition for existence
of distributed oblivious transfer schemes based on general access structures
is proven. We also present a general access structure protocol implementing
1-out-of-ζ distributed oblivious transfer
Yet Another Secure Distance-Bounding Protocol
Distance-bounding protocols have been proposed by Brands and Chaum in 1993
in order to detect \emph{relay attacks}, also known as \emph{mafia fraud}.
Although the idea has been introduced fifteen years ago, only recently distance-bounding protocols
attracted the attention of the researchers.
Several new protocols have been proposed the last five years.
In this paper, a new secure distance-bounding protocol is presented. It is self-contained and composable
with other protocols for example for authentication or key-negotiation. It allows periodically execution
and achieves better use of the communication channels by exchanging authenticated nonces.
The proposed protocol becomes suitable for wider class of devices, since the resource
requirements to the prover are relaxed
On a Relation Between Verifiable Secret Sharing Schemes and a Class of Error-Correcting Codes
In this paper we try to shed a new insight on Verifiable Secret
Sharing Schemes (VSS). We first define a new ``metric (with slightly
different properties than the standard Hamming metric). Using
this metric we define a very particular class of codes that we call
{\it error-set correcting codes}, based on a set of forbidden distances which is a
monotone decreasing set. Next we redefine the packing problem for the new
settings and generalize the notion of error-correcting capability of the
error-set correcting codes accordingly (taking into account the new metric and the
new packing). Then we consider burst-error interleaving codes
proposing an efficient burst-error correcting technique, which is in fact the well
known VSS and Distributed Commitments (DC) pair-wise checking protocol and we prove
the error-correcting capability of the error-set correcting interleaving codes.
Using the known relationship, due to Van Dijk, between a Monotone
Span Program (MSP) and a generator matrix of the code generated by
the suitable set of vectors, we prove that the error-set
correcting codes in fact has the allowed (opposite to forbidden)
distances of the dual access structure of the access structure
that the MSP computes. We give an efficient construction for them
based on this relation and as a consequence we establish a link
between Secret Sharing Schemes (SSS) and the error-set correcting
codes.
Further we give a necessary and sufficient condition for the existence
of linear SSS (LSSS), to be secure against -adversary
expressed in terms of an error-set correcting code. Finally, we present necessary
and sufficient conditions for the existence of a VSS scheme,
based on an error-set correcting code, secure against -adversary.
Our approach is general and covers all known linear VSS/DC. It allows
us to establish the minimal conditions for security of VSSs. Our
main theorem states that the security of a scheme is equivalent to
a pure geometrical (coding) condition on the linear mappings describing
the scheme. Hence the security of all known schemes, e.g. all known bounds
for existence of unconditionally secure VSS/DC including the recent result of
Fehr and Maurer, can be expressed as certain (geometrical) coding conditions
Low-Latency ECDSA Signature Verification - A Road Towards Safer Traffic -
Car-to-car and Car-to-Infrastructure messages exchanged in Intelligent Transportation Systems can reach reception rates up to and over 1000 messages per second. As these messages contain ECDSA signatures this puts a very heavy load onto the verification hardware. In fact the load is so high that currently it can only be achieved by implementations running on high end CPUs and FPGAs. These implementations are far from cost-effective nor energy efficient. In this paper we present an ASIC implementation of a dedicated ECDSA verification engine that can reach verification rates of up to 27.000 verifications per second using only 1.034 kGE
Optimized Threshold Implementations: Securing Cryptographic Accelerators for Low-Energy and Low-Latency Applications
Threshold implementations have emerged as one of the most popular masking countermeasures for hardware implementations of cryptographic primitives. In the original version of TI, the number of input shares was dependent on both security order and algebraic degree of a function , namely . At CRYPTO 2015, a new method was presented yielding to a -th order secure implementation using input shares. In this work, we first provide a construction for TI sharing which achieves the minimal number of output shares for any -input Boolean function of degree . Furthermore, we present a heuristic for minimizing the number of output shares for higher order TI. Finally, we demonstrate the applicability of our results on and TI versions, for first- and second-order secure, low-latency and low-energy implementations of the PRINCE block cipher
Whirlwind: a new cryptographic hash function
A new cryptographic hash function Whirlwind is presented. We give the full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6
Decomposition of Permutations in a Finite Field
We describe a method to decompose any power permutation, as a sequence of power permutations of lower algebraic degree.
As a result we obtain decompositions of the inversion in for small from up to , as well as for the APN functions, when .
More precisely, we find decompositions into quadratic power permutations for any not multiple of and decompositions into cubic power permutations for multiple of . Finally, we use the Theorem of Carlitz to prove that for any -bit permutation can be decomposed in quadratic and cubic permutations
Who Watches the Watchers: Attacking Glitch Detection Circuits
Over the last decades, fault injection attacks have been demonstrated to be an effective method for breaking the security of electronic devices. Some types of fault injection attacks, like clock and voltage glitching, require very few resources by the attacker and are practical and simple to execute. A cost-effective countermeasure against these attacks is the use of a detector circuit which detects timing violations - the underlying effect that glitch attacks rely on. In this paper, we take a closer look at three examples of such detectors that have been presented in the literature. We demonstrate four high-speed clock glitching attacks, which successfully inject faults in systems, where detectors have been implemented to protect. The attacks remain unnoticed by the glitch detectors. We verify our attacks with practical experiments on an FPGA
Higher-Order Threshold Implementation of the AES S-Box
In this paper we present a threshold implementation of the Advanced Encryption Standard’s S-box which is secure against first- and second-order power analysis attacks. This security guarantee holds even in the presence of glitches, and includes resistance against bivariate attacks. The design requires an area of 7849 Gate Equivalents and 126 bits of randomness per S-box execution. The implementation is tested on an FPGA platform and its security claim is supported by practical leakage detection tests
- …