Enhancing Cryptographic Security by Partial Key Management

Cryptographic security can degrade over time due to attackers using more powerful hardware or more sophisticated software. To maintain security, cryptographic machinery is replaced or strengthened as and when weaknesses are found. However, updating certain cryptographic components is infeasible or expensive, resulting in updates that either don’t occur or are delayed. This disclosure describes techniques to enhance cryptographic security by updating portions of a cryptographic system when updating cryptographic parameters is only partially possible. Authenticating data (auth-data) sent by the un-updateable component during normal operation is used to deliver new and upgraded security parameters to secure communication. Security degradation resulting from the inability to effect an end-to-end update is limited to the immediate vicinity of the un-updateable component. The described techniques can be used to improve security of Internet-of-Things (IoT) device communication

Symmetric Public-Key Encryption

Public-key encryption would seem to be inherently asymmetric. in that only messages sent to a user can be encrypted using his public key. We demonstrate that the use of interactive protocols for sending encrypted messages enables a symmetric use of public keys; we give cryptographic protocols for the following tasks: 1. Probabilistic encryption, using the same public key, both of messages that are sent to a particular user as well as of messages that the user sends to others, without compromising the key. We propose a public-key cryptosystem based on these protocols which has only one key, owned by a cryptographic server. 2. Authentication both of the sender and of the receiver of a probabilistically encrypted message. 3. Probabilistic encryption which is provably secure against both chosen-message and chosen-ciphertext attack

Distributed Algorithms in Synchronous Broadcasting Networks

In this paper we consider a synchronous broadcasting network, a distributed computation model which represents communication networks that are used extensively in practice. This is the first work we know of that deals with this model in a theoretical context. The problem we consider is a basic problem of information sharing, the computation of the multiple identification function. That is, given a network of p processors, each of which contains an n-bit string of information, the question is how every processor can compute the subset of processors which have the same information as itself. The problem was suggested by Yao in his classical paper in communication complexity [17], as a generalization of the two-processor case studied in that paper. The immediate algorithm which solves this problem takes O(np) time (time = communication time in bits, which is our complexity measure). We present the following algorithms: - a. An algorithm which takes advantage of properties of strings, uses a very simple scheduling policy, and does not use arithmetic operations. (In fact, the processor can be a Turing machine). 'the algorithm's complexity is O(nlog2p+p). - b. An algorithm which uses a simulation of sorting networks by the distributed system. If t(p) is the depth of the sorting network of p processors, then our algorithm takes O( n t(p) + p) time. Using recent results on sorting networks we get an O(nlogp+p) (impractical) algorithm. The algorithm also uses addition and subtraction operations. -c. By letting the processor use modular arithmetic operations as well, we can use Yao's probabilistic version, modify our algorithms and get probabilistic algorithms (with small error) where logn replaces n in the complexity expressions. To prove lower bounds for the problem we use Yao's result to get an fl(n) bound, and we also show an fl(p) bound. We suggest open problems concerning new techniques for proving lower bounds in the presence of broadcasting, as well as other problems about efficient use of the model and comparisons between different models of distributed computation

Distributed Algorithms in Synchronous Broadcasting Networks

In this paper we consider a synchronous broadcasting network, a distributed computation model which represents communication networks that are used extensively in practice. This is the first work we know of that deals with this model in a theoretical context. The problem we consider is a basic problem of information sharing, the computation of the multiple identification function. That is, given a network of p processors, each of which contains an n-bit string of information, the question is how every processor can compute the subset of processors which have the same information as itself. The problem was suggested by Yao in his classical paper in communication complexity [17], as a generalization of the two-processor case studied in that paper. The immediate algorithm which solves this problem takes O(np) time (time = communication time in bits, which is our complexity measure). We present the following algorithms: - a. An algorithm which takes advantage of properties of strings, uses a very simple scheduling policy, and does not use arithmetic operations. (In fact, the processor can be a Turing machine). 'the algorithm's complexity is O(nlog2p+p). - b. An algorithm which uses a simulation of sorting networks by the distributed system. If t(p) is the depth of the sorting network of p processors, then our algorithm takes O( n t(p) + p) time. Using recent results on sorting networks we get an O(nlogp+p) (impractical) algorithm. The algorithm also uses addition and subtraction operations. -c. By letting the processor use modular arithmetic operations as well, we can use Yao's probabilistic version, modify our algorithms and get probabilistic algorithms (with small error) where logn replaces n in the complexity expressions. To prove lower bounds for the problem we use Yao's result to get an fl(n) bound, and we also show an fl(p) bound. We suggest open problems concerning new techniques for proving lower bounds in the presence of broadcasting, as well as other problems about efficient use of the model and comparisons between different models of distributed computation

Multi-authority secret-ballot elections with linear work

We present new cryptographic protocols for multi-authority secret ballot elections that guarantee privacy, robustness, and universal verifiability. Application of some novel techniques, in particular the construction of witness hiding/indistinguishable protocols from Cramer, Damgaard and Schoenmakers, and the verifiable secret sharing scheme of Pedersen, reduce the work required by the voter or an authority to a linear number of cryptographic operations in the population size (compared to quadratic in previous schemes). Thus we get significantly closer to a practical election scheme

Online/Offline OR Composition of Sigma Protocols

Proofs of partial knowledge allow a prover to prove knowledge of witnesses for k out of n instances of NP languages. Cramer, Schoenmakers and Damgård [10] provided an efficient construction of a 3-round public-coin witness-indistinguishable (k, n)-proof of partial knowledge for any NP language, by cleverly combining n executions of Σ-protocols for that language. This transform assumes that all n instances are fully specified before the proof starts, and thus directly rules out the possibility of choosing some of the instances after the first round. Very recently, Ciampi et al. [6] provided an improved transform where one of the instances can be specified in the last round. They focus on (1, 2)-proofs of partial knowledge with the additional feature that one instance is defined in the last round, and could be adaptively chosen by the verifier. They left as an open question the existence of an efficient (1, 2)-proof of partial knowledge where no instance is known in the first round. More in general, they left open the question of constructing an efficient (k, n)-proof of partial knowledge where knowledge of all n instances can be postponed. Indeed, this property is achieved only by inefficient constructions requiring NP reductions [19]. In this paper we focus on the question of achieving adaptive-input proofs of partial knowledge. We provide through a transform the first efficient construction of a 3-round public-coin witness-indistinguishable (k, n)-proof of partial knowledge where all instances can be decided in the third round. Our construction enjoys adaptive-input witness indistinguishability. Additionally, the proof of knowledge property remains also if the adversarial prover selects instances adaptively at last round as long as our transform is applied to a proof of knowledge belonging to the widely used class of proofs of knowledge described in [9,21]. Since knowledge of instances and witnesses is not needed before the last round, we have that the first round can be precomputed and in the online/offline setting our performance is similar to the one of [10]. Our new transform relies on the DDH assumption (in contrast to the transforms of [6,10] that are unconditional)

E-Commerce Applications of Smart Cards

Smart cards (also called chip cards or IC-cards) are portable modest computing devices with programmable data store and certain tamper-resistance capabilities. They are embedded in a plastic card that looks like a traditional magnetic stripe credit-card. We review the state of the art of e-commerce applications of smart cards