Generic Attacks on Hash CombinersAbstract
Hash combiners are a practical way to make cryptographic hash functions more tolerant to future attacks and compatible with existing infrastructure. A combiner combines two or more hash functions in a way that is hopefully more secure than each of the underlying hash functions, or at least remains secure as long as one of them is secure. Two classical hash combiners are the exclusive-or (XOR) combiner \( \mathcal {H}_1(M) \oplus \mathcal {H}_2(M) \) and the concatenation combiner \( \mathcal {H}_1(M) \Vert \mathcal {H}_2(M) \) . Both of them process the same message using the two underlying hash functions in parallel. Apart from parallel combiners, there are also cascade constructions sequentially calling the underlying hash functions to process the message repeatedly, such as Hash-Twice \(\mathcal {H}_2(\mathcal {H}_1(IV, M), M)\) and the Zipper hash \(\mathcal {H}_2(\mathcal {H}_1(IV, M), \overleftarrow{M})\) , where \(\overleftarrow{M}\) is the reverse of the message M. In this work, we study the security of these hash combiners by devising the best-known generic attacks. The results show that the security of most of the combiners is not as high as commonly believed. We summarize our attacks and their computational complexities (ignoring the polynomial factors) as follows:
|
Feasibility and Infeasibility of Secure Computation with Malicious PUFsAbstract
A recent line of work has explored the use of physically unclonable functions (PUFs) for secure computation, with the goals of (1) achieving universal composability without additional setup and/or (2) obtaining unconditional security (i.e., avoiding complexity-theoretic assumptions). Initial work assumed that all PUFs, even those created by an attacker, are honestly generated. Subsequently, researchers have investigated models in which an adversary can create malicious PUFs with arbitrary behavior. Researchers have considered both malicious PUFs that might be stateful, as well as malicious PUFs that can have arbitrary behavior but are guaranteed to be stateless. We settle the main open questions regarding secure computation in the malicious-PUF model:
|
Efficient Fully Structure-Preserving Signatures and Shrinking CommitmentsAbstract
In structure-preserving signatures, public keys, messages, and signatures are all collections of source group elements of some bilinear groups. In this paper, we introduce fully structure-preserving signature schemes, with the additional requirement that even secret keys are group elements. This strong property allows efficient non-interactive proofs of knowledge of the secret key, which is useful in designing cryptographic protocols under simulation-based security where online extraction of the secret key is needed. We present efficient constructions under simple standard assumptions and pursue even more efficient constructions with the extra property of randomizability based on the generic bilinear group model. An essential building block for our efficient standard model construction is a shrinking structure-preserving trapdoor commitment scheme, which is by itself an important primitive and of independent interest as it appears to contradict a known impossibility result that structure-preserving commitments cannot be shrinking. We argue that a relaxed binding property lets us circumvent the impossibility while still retaining the usefulness of the primitive in important applications as mentioned above.
|
The Magic of ELFsAbstract
We introduce the notion of an Extremely Lossy Function (ELF). An ELF is a family of functions with an image size that is tunable anywhere from injective to having a polynomial-sized image. Moreover, for any efficient adversary, for a sufficiently large polynomial r (necessarily chosen to be larger than the running time of the adversary), the adversary cannot distinguish the injective case from the case of image size r. We develop a handful of techniques for using ELFs, and show that such extreme lossiness is useful for instantiating random oracles in several settings. In particular, we show how to use ELFs to build secure point function obfuscation with auxiliary input, as well as polynomially many hardcore bits for any one-way function. Such applications were previously known from strong knowledge assumptions—for example, polynomially many hardcore bits were only known from differing inputs obfuscation, a notion whose plausibility has been seriously challenged. We also use ELFs to build a simple hash function with output intractability, a new notion we define that may be useful for generating common reference strings. Next, we give a construction of ELFs relying on the exponential hardness of the decisional Diffie–Hellman problem, which is plausible in elliptic curve groups. Combining with the applications above, our work gives several practical constructions relying on qualitatively different—and arguably better—assumptions than prior works.
|
Probabilistic Termination and Composability of Cryptographic ProtocolsAbstract
When analyzing the round complexity of multi-party protocols, one often overlooks the fact that underlying resources, such as a broadcast channel, can by themselves be expensive to implement. For example, it is well known that it is impossible to implement a broadcast channel by a (deterministic) protocol in a sublinear (in the number of corrupted parties) number of rounds. The seminal works of Rabin and Ben-Or from the early 1980s demonstrated that limitations as the above can be overcome by using randomization and allowing parties to terminate at different rounds, igniting the study of protocols over point-to-point channels with probabilistic termination and expected constantround complexity. However, absent a rigorous simulation-based definition, the suggested protocols are proven secure in a property-based manner or via ad hoc simulation-based frameworks, therefore guaranteeing limited, if any, composability. In this work, we put forth the first simulation-based treatment of multi-party cryptographic protocols with probabilistic termination. We define secure multi-party computation (MPC) with probabilistic termination in the UC framework and prove a universal composition theorem for probabilistic termination protocols. Our theorem allows to compile a protocol using deterministic termination hybrids into a protocol that uses expected constant round protocols for emulating these hybrids, preserving the expected round complexity of the calling protocol. We showcase our definitions and compiler by providing the first composable protocols (with simulation-based security proofs) for the following primitives, relying on point-to-point channels: (1) expected constant round perfect Byzantine agreement, (2) expected constant round perfect parallel broadcast, and (3) perfectly secure MPC with round complexity independent of the number of parties.
|
Beyond Conventional Security in Sponge-Based Authenticated Encryption ModesAbstract
The Sponge function is known to achieve \(2^{c/2}\) security, where c is its capacity. This bound was carried over to its keyed variants, such as SpongeWrap, to achieve a \(\min \{2^{c/2},2^\kappa \}\) security bound, with \(\kappa \) the key length. Similarly, many CAESAR competition submissions were designed to comply with the classical \(2^{c/2}\) security bound. We show that Sponge-based constructions for authenticated encryption can achieve the significantly higher bound of \(\min \{2^{b/2},2^c,2^\kappa \}\) , with \(b>c\) the permutation size, by proving that the CAESAR submission NORX achieves this bound. The proof relies on rigorous computation of multi-collision probabilities, which may be of independent interest. We additionally derive a generic attack based on multi-collisions that matches the bound. We show how to apply the proof to five other Sponge-based CAESAR submissions: Ascon, CBEAM/STRIBOB, ICEPOLE, Keyak, and two out of the three PRIMATEs. A direct application of the result shows that the parameter choices of some of these submissions are overly conservative. Simple tweaks render the schemes considerably more efficient without sacrificing security. We finally consider the remaining one of the three PRIMATEs, APE, and derive a blockwise adaptive attack in the nonce-respecting setting with complexity \(2^{c/2}\) , therewith demonstrating that the techniques cannot be applied to APE.
|
On Black-Box Complexity of Universally Composable Security in the CRS ModelAbstract
In this work, we study the intrinsic complexity of black-box Universally Composable (UC) secure computation based on general assumptions. We present a thorough study in various corruption modelings while focusing on achieving security in the common reference string (CRS) model. Our results involve the following:
|
Oblivious Network RAM and Leveraging Parallelism to Achieve ObliviousnessAbstract
Oblivious RAM (ORAM) is a cryptographic primitive that allows a trusted CPU to securely access untrusted memory, such that the access patterns reveal nothing about sensitive data. ORAM is known to have broad applications in secure processor design and secure multiparty computation for big data. Unfortunately, due to a logarithmic lower bound by Goldreich and Ostrovsky (J ACM 43(3):431–473, 1996), ORAM is bound to incur a moderate cost in practice. In particular, with the latest developments in ORAM constructions, we are quickly approaching this limit, and the room for performance improvement is small. In this paper, we consider new models of computation in which the cost of obliviousness can be fundamentally reduced in comparison with the standard ORAM model. We propose the oblivious network RAM model of computation, where a CPU communicates with multiple memory banks, such that the adversary observes only which bank the CPU is communicating with, but not the address offset within each memory bank. In other words, obliviousness within each bank comes for free—either because the architecture prevents a malicious party from observing the address accessed within a bank, or because another solution is used to obfuscate memory accesses within each bank—and hence we only need to obfuscate communication patterns between the CPU and the memory banks. We present new constructions for obliviously simulating general or parallel programs in the network RAM model. We describe applications of our new model in distributed storage applications with a network adversary.
|
Leakage Resilience from Program ObfuscationAbstract
The literature on leakage-resilient cryptography contains various leakage models that provide different levels of security. In the bounded leakage model (Akavia et al.—TCC 2009), it is assumed that there is a fixed upper bound L on the number of bits the attacker may leak on the secret key in the entire lifetime of the scheme. Alternatively, in the continual leakage model (Brakerski et al.—FOCS 2010, Dodis et al.—FOCS 2010), the lifetime of a cryptographic scheme is divided into “time periods” between which the scheme’s secret key is updated. Furthermore, in its attack the adversary is allowed to obtain some bounded amount of leakage on the current secret key during each time period. In the continual leakage model, a challenging problem has been to provide security against leakage on key updates, that is, leakage that is a function of not only the current secret key but also the randomness used to update it. We propose a modular approach to overcome this problem based on program obfuscation. Namely, we present a compiler that transforms any public key encryption or signature scheme that achieves a slight strengthening of continual leakage resilience, which we call consecutive continual leakage resilience, to one that is continual leakage resilient with leakage on key updates, assuming indistinguishability obfuscation (Barak et al.—CRYPTO 2001, Garg et al.—FOCS 2013). Under stronger forms of obfuscation, the leakage rate tolerated by our compiled scheme is essentially as good as that of the starting scheme. Our compiler is derived by making a connection between the problems of leakage on key updates and so-called sender-deniable encryption (Canetti et al.—CRYPTO 1997), which was recently constructed based on indistinguishability obfuscation by Sahai and Waters (STOC 2014). In the bounded leakage model, we give an approach to constructing leakage-resilient public key encryption from program obfuscation based on the public key encryption scheme of Sahai and Waters (STOC 2014). In particular, we achieve leakage-resilient public key encryption tolerating L bits of leakage for any L from \({\mathsf {iO}} \) and one-way functions. We build on this to achieve leakage-resilient public key encryption with optimal leakage rate of \(1-o(1)\) based on stronger forms of obfuscation and collision-resistant hash functions. Such a leakage rate is not known to be achievable in a generic way based on public key encryption alone. We then develop additional techniques to construct public key encryption that is (consecutive) continual leakage resilient under appropriate assumptions, which we believe is of independent interest.
|
Key Establishment à la Merkle in a Quantum WorldAbstract
In 1974, Ralph Merkle proposed the first unclassified protocol for secure communications over insecure channels. When legitimate communicating parties are willing to spend an amount of computational effort proportional to some parameter N, an eavesdropper cannot break into their communication without spending a time proportional to \(N^2\) , which is quadratically more than the legitimate effort. In a quantum world, however, Merkle’s protocol is immediately broken by Grover’s algorithm, but it is easily repaired if we are satisfied with a quantum protocol against which a quantum adversary needs to spend a time proportional to \(N^{3/2}\) in order to break it. Can we do better? We give two new key establishment protocols in the spirit of Merkle’s. The first one, which requires the legitimate parties to have access to a quantum computer, resists any quantum adversary who is not willing to make an effort at least proportional to \(N^{5/3}\) , except with vanishing probability. Our second protocol is purely classical, yet it requires any quantum adversary to work asymptotically harder than the legitimate parties, again except with vanishing probability. In either case, security is proved for a typical run of the protocols: the probabilities are taken over the random (or quantum) choices made by the legitimate participants in order to establish their key as well as over the random (or quantum) choices made by the adversary who is trying to be privy to it.
|
ΩτοΡινοΛαρυγγολόγος Medicine by Alexandros G. Sfakianakis,Anapafseos 5 Agios Nikolaos 72100 Crete Greece,00302841026182,00306932607174,
Translate
Ετικέτες
Τρίτη 16 Ιουλίου 2019
Cryptology
Αναρτήθηκε από
Medicine by Alexandros G. Sfakianakis,Anapafseos 5 Agios Nikolaos 72100 Crete Greece,00302841026182,00306932607174,alsfakia@gmail.com,
στις
11:02 μ.μ.
Ετικέτες
00302841026182,
00306932607174,
alsfakia@gmail.com,
Anapafseos 5 Agios Nikolaos 72100 Crete Greece,
Medicine by Alexandros G. Sfakianakis
Εγγραφή σε:
Σχόλια ανάρτησης (Atom)
Αρχειοθήκη ιστολογίου
-
►
2023
(278)
- ► Φεβρουαρίου (139)
- ► Ιανουαρίου (139)
-
►
2022
(1962)
- ► Δεκεμβρίου (107)
- ► Σεπτεμβρίου (158)
- ► Φεβρουαρίου (165)
- ► Ιανουαρίου (163)
-
►
2021
(3614)
- ► Δεκεμβρίου (152)
- ► Σεπτεμβρίου (271)
- ► Φεβρουαρίου (64)
- ► Ιανουαρίου (357)
-
►
2020
(3279)
- ► Δεκεμβρίου (396)
- ► Σεπτεμβρίου (157)
- ► Φεβρουαρίου (382)
- ► Ιανουαρίου (84)
-
▼
2019
(11718)
- ► Δεκεμβρίου (265)
- ► Σεπτεμβρίου (545)
-
▼
Ιουλίου
(1727)
- Viruses, Vol. 11, Pages 701: Metagenomic N...
- Vaccines, Vol. 7, Pages 77: Nanobodies that Neutr...
- Antibiotic and Pesticides Residues in Breast Milk
- Social Sciences, Vol. 8, Pages 229: The Street-Wi...
- Psych, Vol. 1, Pages 429-430: Expression of Conce...
- Microorganisms, Vol. 7, Pages 230: Contras...
- Medicina, Vol. 55, Pages 423: Handheld Ult...
- JCM, Vol. 8, Pages 1144: Shock Index Predi...
- Humanities, Vol. 8, Pages 130: The Composi...
- Children, Vol. 6, Pages 89: Emerging Topics in Ca...
- Cancers, Vol. 11, Pages 1091: Glioblastoma...
- Impact of skeletal muscle mass volume on surgica...
- A method using the cephalic vein for superdraina...
- Direct muscle neurotization with long acellular ...
- Allergy, Asthma , Immunology
- CranioMaxillofacial Surgery
- Neuroradiology/Head and Neck ImagingOriginal Res...
- Systems approach reveals photosensitivity and P...
- NeuroOncology
- Griseofulvin versus Terbinafine for pediatric Ti...
- Identification of Cryptococcus Antigen in HIV‐po...
- Epidemiology and Management Burden of Invasive F...
- Phaeohyphomycosis caused by Phialophora american...
- MicrosurgeryEarly View Online Version of Recor...
- Chondro-Osseous Respiratory Epithelial Adenoma...
- Otolaryngology
- Adult-Type Rhabdomyoma of the Omohyoid Muscle ...
- Thyroglossal Duct Cyst Carcinoma in a Young Fe...
- Case Reports in Otolaryngology Volume 2019, Arti...
- Lung Perfusion Scintigraphy in Eisenmenger Syndr...
- Case Reports in Otolaryngology
- Otology & Neurotology
- Hunger-Activated AgRP Neurons Inhibit MPOA Neur...
- Development of a delayed-release nutrient for appe...
- Neoadjuvant BRAF‐targeted therapy in regionally ...
- Discoidin domain receptors: A promising target i...
- Self-seeding circulating tumor cells promote th...
- Necrosis Rather Than Apoptosis is The Dominant f...
- Magician's Corner: How to Start Lear...
- Impact of Long Wavelength Ultraviolet A1 and Vis...
- Method for Measurements of Terrestrial Ultravio...
- Unusually complicated course of a common disease...
- Lead poisoning has been described in older childre...
- Teaching Topic Immediate Transfusion in Africa...
- INTERACTIVE MEDICAL CASE
- Weighing the Risks and Rewards of Peanut Oral...
- Buried bumper syndrome (BBS) is one of the uncommo...
- GASTROENTEROLOGY ENDOSCOPY: NOT JUST A PROCEDURA...
- Health Physics
- Techniques in Shoulder & Elbow Surgery
- Primer on Precision Medicine for Complex Chronic...
- Clinical and Translational Gastroenterology
- Technological Pedagogical and Content Knowledge ...
- Intraoperative Placement of Paravertebral Cathet...
- Heterogeneity of human pancreatic islet isolatio...
- Anaesthesia
- Academic Medicine
- Menopause
- Clinical Orthopaedics and Related Research(R)
- pH-sensitive anti-CTLA4 antibodies: yes to effi...
- Therapeutics
- American Journal of Therapeutics
- FULL MOON > AUGUST - We have the Algonquin Indians...
- Medicine by Alexandros G. Sfakianakis,Anapafseos 5...
- Pediatric Radiology
- Obesity Surgery
- Pediatric Orthopaedics
- Rheumatology
- Anaesthesiology
- Cardiovascular Medicine
- Medicine by Alexandros G. Sfakianakis,Anapafseos 5...
- Trauma and Acute Care Surgery
- Cancer Research and Clinical Oncology
- Endocrine
- Medicine by Alexandros G. Sfakianakis,Anapafseos 5...
- Hypertension
- Angiogenesis
- Musculoskeletal Surgery
- Physiological Sciences
- Cardiology
- Gastroenterology
- Medicine by Alexandros G. Sfakianakis,Anapafseos 5...
- Update on treatment options for blast-induced he...
- Triglycerides and endothelial function: molecula...
- Neuropsychology as a Method of Diagnosis and Tre...
- Combination of laser microdissection, 2D-DIGE an...
- Plasma lipoproteome in Alzheimer’s disease: a p...
- Validation of a novel model for the early dete...
- Journal of the European Academy of Dermatology a...
- ► Φεβρουαρίου (1143)
- ► Ιανουαρίου (744)
-
►
2017
(2)
- ► Φεβρουαρίου (1)
- ► Ιανουαρίου (1)
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου