[{"quality_controlled":"1","publisher":"Springer","oa":1,"year":"2015","day":"01","page":"233 - 253","doi":"10.1007/978-3-662-48000-7_12","date_published":"2015-08-01T00:00:00Z","date_created":"2018-12-11T11:53:14Z","project":[{"name":"Provable Security for Physical Cryptography","grant_number":"259668","_id":"258C570E-B435-11E9-9278-68D0E5697425","call_identifier":"FP7"}],"citation":{"chicago":"Fuchsbauer, Georg, Christian Hanser, and Daniel Slamanig. “Practical Round-Optimal Blind Signatures in the Standard Model,” 9216:233–53. Springer, 2015. https://doi.org/10.1007/978-3-662-48000-7_12.","ista":"Fuchsbauer G, Hanser C, Slamanig D. 2015. Practical round-optimal blind signatures in the standard model. CRYPTO: International Cryptology Conference, LNCS, vol. 9216, 233–253.","mla":"Fuchsbauer, Georg, et al. Practical Round-Optimal Blind Signatures in the Standard Model. Vol. 9216, Springer, 2015, pp. 233–53, doi:10.1007/978-3-662-48000-7_12.","ieee":"G. Fuchsbauer, C. Hanser, and D. Slamanig, “Practical round-optimal blind signatures in the standard model,” presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States, 2015, vol. 9216, pp. 233–253.","short":"G. Fuchsbauer, C. Hanser, D. Slamanig, in:, Springer, 2015, pp. 233–253.","ama":"Fuchsbauer G, Hanser C, Slamanig D. Practical round-optimal blind signatures in the standard model. In: Vol 9216. Springer; 2015:233-253. doi:10.1007/978-3-662-48000-7_12","apa":"Fuchsbauer, G., Hanser, C., & Slamanig, D. (2015). Practical round-optimal blind signatures in the standard model (Vol. 9216, pp. 233–253). Presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States: Springer. https://doi.org/10.1007/978-3-662-48000-7_12"},"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","publist_id":"5503","author":[{"full_name":"Fuchsbauer, Georg","last_name":"Fuchsbauer","id":"46B4C3EE-F248-11E8-B48F-1D18A9856A87","first_name":"Georg"},{"full_name":"Hanser, Christian","last_name":"Hanser","first_name":"Christian"},{"first_name":"Daniel","last_name":"Slamanig","full_name":"Slamanig, Daniel"}],"article_processing_charge":"No","title":"Practical round-optimal blind signatures in the standard model","abstract":[{"text":"Round-optimal blind signatures are notoriously hard to construct in the standard model, especially in the malicious-signer model, where blindness must hold under adversarially chosen keys. This is substantiated by several impossibility results. The only construction that can be termed theoretically efficient, by Garg and Gupta (Eurocrypt’14), requires complexity leveraging, inducing an exponential security loss. We present a construction of practically efficient round-optimal blind signatures in the standard model. It is conceptually simple and builds on the recent structure-preserving signatures on equivalence classes (SPSEQ) from Asiacrypt’14. While the traditional notion of blindness follows from standard assumptions, we prove blindness under adversarially chosen keys under an interactive variant of DDH. However, we neither require non-uniform assumptions nor complexity leveraging. We then show how to extend our construction to partially blind signatures and to blind signatures on message vectors, which yield a construction of one-show anonymous credentials à la “anonymous credentials light” (CCS’13) in the standard model. Furthermore, we give the first SPS-EQ construction under noninteractive assumptions and show how SPS-EQ schemes imply conventional structure-preserving signatures, which allows us to apply optimality results for the latter to SPS-EQ.","lang":"eng"}],"oa_version":"Submitted Version","alternative_title":["LNCS"],"scopus_import":1,"main_file_link":[{"url":"https://eprint.iacr.org/2015/626.pdf","open_access":"1"}],"month":"08","intvolume":" 9216","publication_status":"published","language":[{"iso":"eng"}],"volume":9216,"related_material":{"record":[{"relation":"later_version","status":"public","id":"1225"}]},"ec_funded":1,"_id":"1647","type":"conference","conference":{"start_date":"2015-08-16","end_date":"2015-08-20","location":"Santa Barbara, CA, United States","name":"CRYPTO: International Cryptology Conference"},"status":"public","date_updated":"2023-02-21T16:44:51Z","department":[{"_id":"KrPi"}]},{"status":"public","project":[{"call_identifier":"FP7","_id":"258C570E-B435-11E9-9278-68D0E5697425","grant_number":"259668","name":"Provable Security for Physical Cryptography"}],"type":"conference","conference":{"end_date":"2015-05-01","location":"Jerusalem, Israel","start_date":"2015-04-26","name":"ITW 2015: IEEE Information Theory Workshop"},"article_number":"7133163","_id":"1645","department":[{"_id":"KrPi"}],"title":"Secret-key cryptography from ideal primitives: A systematic verview","publist_id":"5506","author":[{"first_name":"Peter","id":"3E0BFE38-F248-11E8-B48F-1D18A9856A87","last_name":"Gazi","full_name":"Gazi, Peter"},{"full_name":"Tessaro, Stefano","last_name":"Tessaro","first_name":"Stefano"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","citation":{"mla":"Gazi, Peter, and Stefano Tessaro. “Secret-Key Cryptography from Ideal Primitives: A Systematic Verview.” 2015 IEEE Information Theory Workshop, 7133163, IEEE, 2015, doi:10.1109/ITW.2015.7133163.","short":"P. Gazi, S. Tessaro, in:, 2015 IEEE Information Theory Workshop, IEEE, 2015.","ieee":"P. Gazi and S. Tessaro, “Secret-key cryptography from ideal primitives: A systematic verview,” in 2015 IEEE Information Theory Workshop, Jerusalem, Israel, 2015.","apa":"Gazi, P., & Tessaro, S. (2015). Secret-key cryptography from ideal primitives: A systematic verview. In 2015 IEEE Information Theory Workshop. Jerusalem, Israel: IEEE. https://doi.org/10.1109/ITW.2015.7133163","ama":"Gazi P, Tessaro S. Secret-key cryptography from ideal primitives: A systematic verview. In: 2015 IEEE Information Theory Workshop. IEEE; 2015. doi:10.1109/ITW.2015.7133163","chicago":"Gazi, Peter, and Stefano Tessaro. “Secret-Key Cryptography from Ideal Primitives: A Systematic Verview.” In 2015 IEEE Information Theory Workshop. IEEE, 2015. https://doi.org/10.1109/ITW.2015.7133163.","ista":"Gazi P, Tessaro S. 2015. Secret-key cryptography from ideal primitives: A systematic verview. 2015 IEEE Information Theory Workshop. ITW 2015: IEEE Information Theory Workshop, 7133163."},"date_updated":"2021-01-12T06:52:13Z","month":"06","quality_controlled":"1","publisher":"IEEE","scopus_import":1,"oa_version":"None","abstract":[{"lang":"eng","text":"Secret-key constructions are often proved secure in a model where one or more underlying components are replaced by an idealized oracle accessible to the attacker. This model gives rise to information-theoretic security analyses, and several advances have been made in this area over the last few years. This paper provides a systematic overview of what is achievable in this model, and how existing works fit into this view."}],"date_published":"2015-06-24T00:00:00Z","doi":"10.1109/ITW.2015.7133163","date_created":"2018-12-11T11:53:13Z","ec_funded":1,"day":"24","language":[{"iso":"eng"}],"publication":"2015 IEEE Information Theory Workshop","publication_status":"published","year":"2015"},{"file":[{"creator":"system","date_updated":"2020-07-14T12:45:08Z","file_size":512071,"date_created":"2018-12-12T10:09:09Z","file_name":"IST-2016-676-v1+1_881.pdf","access_level":"open_access","relation":"main_file","content_type":"application/pdf","checksum":"d1e53203db2d8573a560995ccdffac62","file_id":"4732"}],"language":[{"iso":"eng"}],"publication_status":"published","volume":9453,"ec_funded":1,"oa_version":"Submitted Version","abstract":[{"lang":"eng","text":"HMAC and its variant NMAC are the most popular approaches to deriving a MAC (and more generally, a PRF) from a cryptographic hash function. Despite nearly two decades of research, their exact security still remains far from understood in many different contexts. Indeed, recent works have re-surfaced interest for {\\em generic} attacks, i.e., attacks that treat the compression function of the underlying hash function as a black box.\r\n\r\nGeneric security can be proved in a model where the underlying compression function is modeled as a random function -- yet, to date, the question of proving tight, non-trivial bounds on the generic security of HMAC/NMAC even as a PRF remains a challenging open question.\r\n\r\nIn this paper, we ask the question of whether a small modification to HMAC and NMAC can allow us to exactly characterize the security of the resulting constructions, while only incurring little penalty with respect to efficiency. To this end, we present simple variants of NMAC and HMAC, for which we prove tight bounds on the generic PRF security, expressed in terms of numbers of construction and compression function queries necessary to break the construction. All of our constructions are obtained via a (near) {\\em black-box} modification of NMAC and HMAC, which can be interpreted as an initial step of key-dependent message pre-processing.\r\n\r\nWhile our focus is on PRF security, a further attractive feature of our new constructions is that they clearly defeat all recent generic attacks against properties such as state recovery and universal forgery. These exploit properties of the so-called ``functional graph'' which are not directly accessible in our new constructions. "}],"month":"12","intvolume":" 9453","scopus_import":1,"alternative_title":["LNCS"],"ddc":["004","005"],"date_updated":"2021-01-12T06:52:16Z","department":[{"_id":"KrPi"}],"file_date_updated":"2020-07-14T12:45:08Z","series_title":"Lecture Notes in Computer Science","_id":"1654","status":"public","pubrep_id":"676","type":"conference","conference":{"location":"Auckland, New Zealand","end_date":"2015-12-03","start_date":"2015-11-29","name":"ASIACRYPT: Theory and Application of Cryptology and Information Security"},"day":"30","has_accepted_license":"1","year":"2015","date_published":"2015-12-30T00:00:00Z","doi":"10.1007/978-3-662-48800-3_4","date_created":"2018-12-11T11:53:17Z","page":"85 - 109","quality_controlled":"1","publisher":"Springer","oa":1,"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","citation":{"chicago":"Gazi, Peter, Krzysztof Z Pietrzak, and Stefano Tessaro. “Generic Security of NMAC and HMAC with Input Whitening.” Lecture Notes in Computer Science. Springer, 2015. https://doi.org/10.1007/978-3-662-48800-3_4.","ista":"Gazi P, Pietrzak KZ, Tessaro S. 2015. Generic security of NMAC and HMAC with input whitening. 9453, 85–109.","mla":"Gazi, Peter, et al. Generic Security of NMAC and HMAC with Input Whitening. Vol. 9453, Springer, 2015, pp. 85–109, doi:10.1007/978-3-662-48800-3_4.","apa":"Gazi, P., Pietrzak, K. Z., & Tessaro, S. (2015). Generic security of NMAC and HMAC with input whitening. Presented at the ASIACRYPT: Theory and Application of Cryptology and Information Security, Auckland, New Zealand: Springer. https://doi.org/10.1007/978-3-662-48800-3_4","ama":"Gazi P, Pietrzak KZ, Tessaro S. Generic security of NMAC and HMAC with input whitening. 2015;9453:85-109. doi:10.1007/978-3-662-48800-3_4","short":"P. Gazi, K.Z. Pietrzak, S. Tessaro, 9453 (2015) 85–109.","ieee":"P. Gazi, K. Z. Pietrzak, and S. Tessaro, “Generic security of NMAC and HMAC with input whitening,” vol. 9453. Springer, pp. 85–109, 2015."},"title":"Generic security of NMAC and HMAC with input whitening","author":[{"first_name":"Peter","id":"3E0BFE38-F248-11E8-B48F-1D18A9856A87","full_name":"Gazi, Peter","last_name":"Gazi"},{"id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","first_name":"Krzysztof Z","full_name":"Pietrzak, Krzysztof Z","orcid":"0000-0002-9139-1654","last_name":"Pietrzak"},{"last_name":"Tessaro","full_name":"Tessaro, Stefano","first_name":"Stefano"}],"publist_id":"5496","project":[{"grant_number":"259668","name":"Provable Security for Physical Cryptography","_id":"258C570E-B435-11E9-9278-68D0E5697425","call_identifier":"FP7"}]},{"quality_controlled":"1","publisher":"Springer","oa":1,"has_accepted_license":"1","year":"2015","day":"20","page":"1046 - 1057","doi":"10.1007/978-3-662-47672-7_85","date_published":"2015-06-20T00:00:00Z","date_created":"2018-12-11T11:53:15Z","project":[{"grant_number":"259668","name":"Provable Security for Physical Cryptography","call_identifier":"FP7","_id":"258C570E-B435-11E9-9278-68D0E5697425"}],"citation":{"ista":"Skórski M, Golovnev A, Pietrzak KZ. 2015. Condensed unpredictability . ICALP: Automata, Languages and Programming, LNCS, vol. 9134, 1046–1057.","chicago":"Skórski, Maciej, Alexander Golovnev, and Krzysztof Z Pietrzak. “Condensed Unpredictability ,” 9134:1046–57. Springer, 2015. https://doi.org/10.1007/978-3-662-47672-7_85.","ama":"Skórski M, Golovnev A, Pietrzak KZ. Condensed unpredictability . In: Vol 9134. Springer; 2015:1046-1057. doi:10.1007/978-3-662-47672-7_85","apa":"Skórski, M., Golovnev, A., & Pietrzak, K. Z. (2015). Condensed unpredictability (Vol. 9134, pp. 1046–1057). Presented at the ICALP: Automata, Languages and Programming, Kyoto, Japan: Springer. https://doi.org/10.1007/978-3-662-47672-7_85","short":"M. Skórski, A. Golovnev, K.Z. Pietrzak, in:, Springer, 2015, pp. 1046–1057.","ieee":"M. Skórski, A. Golovnev, and K. Z. Pietrzak, “Condensed unpredictability ,” presented at the ICALP: Automata, Languages and Programming, Kyoto, Japan, 2015, vol. 9134, pp. 1046–1057.","mla":"Skórski, Maciej, et al. Condensed Unpredictability . Vol. 9134, Springer, 2015, pp. 1046–57, doi:10.1007/978-3-662-47672-7_85."},"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","author":[{"last_name":"Skórski","full_name":"Skórski, Maciej","first_name":"Maciej"},{"first_name":"Alexander","full_name":"Golovnev, Alexander","last_name":"Golovnev"},{"first_name":"Krzysztof Z","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","last_name":"Pietrzak","orcid":"0000-0002-9139-1654","full_name":"Pietrzak, Krzysztof Z"}],"publist_id":"5500","title":"Condensed unpredictability ","abstract":[{"text":"We consider the task of deriving a key with high HILL entropy (i.e., being computationally indistinguishable from a key with high min-entropy) from an unpredictable source.\r\n\r\nPrevious to this work, the only known way to transform unpredictability into a key that was ϵ indistinguishable from having min-entropy was via pseudorandomness, for example by Goldreich-Levin (GL) hardcore bits. This approach has the inherent limitation that from a source with k bits of unpredictability entropy one can derive a key of length (and thus HILL entropy) at most k−2log(1/ϵ) bits. In many settings, e.g. when dealing with biometric data, such a 2log(1/ϵ) bit entropy loss in not an option. Our main technical contribution is a theorem that states that in the high entropy regime, unpredictability implies HILL entropy. Concretely, any variable K with |K|−d bits of unpredictability entropy has the same amount of so called metric entropy (against real-valued, deterministic distinguishers), which is known to imply the same amount of HILL entropy. The loss in circuit size in this argument is exponential in the entropy gap d, and thus this result only applies for small d (i.e., where the size of distinguishers considered is exponential in d).\r\n\r\nTo overcome the above restriction, we investigate if it’s possible to first “condense” unpredictability entropy and make the entropy gap small. We show that any source with k bits of unpredictability can be condensed into a source of length k with k−3 bits of unpredictability entropy. Our condenser simply “abuses" the GL construction and derives a k bit key from a source with k bits of unpredicatibily. The original GL theorem implies nothing when extracting that many bits, but we show that in this regime, GL still behaves like a “condenser" for unpredictability. This result comes with two caveats (1) the loss in circuit size is exponential in k and (2) we require that the source we start with has no HILL entropy (equivalently, one can efficiently check if a guess is correct). We leave it as an intriguing open problem to overcome these restrictions or to prove they’re inherent.","lang":"eng"}],"oa_version":"Published Version","alternative_title":["LNCS"],"scopus_import":1,"month":"06","intvolume":" 9134","publication_status":"published","file":[{"relation":"main_file","access_level":"open_access","content_type":"application/pdf","file_id":"4693","checksum":"e808c7eecb631336fc9f9bf2e8d4ecae","creator":"system","file_size":525503,"date_updated":"2020-07-14T12:45:08Z","file_name":"IST-2016-675-v1+1_384.pdf","date_created":"2018-12-12T10:08:32Z"}],"language":[{"iso":"eng"}],"volume":9134,"ec_funded":1,"_id":"1650","type":"conference","conference":{"name":"ICALP: Automata, Languages and Programming","start_date":"2015-07-06","end_date":"2015-07-10","location":"Kyoto, Japan"},"tmp":{"legal_code_url":"https://creativecommons.org/licenses/by/4.0/legalcode","image":"/images/cc_by.png","name":"Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)","short":"CC BY (4.0)"},"status":"public","pubrep_id":"675","date_updated":"2021-01-12T06:52:15Z","ddc":["000","005"],"file_date_updated":"2020-07-14T12:45:08Z","department":[{"_id":"KrPi"}]},{"project":[{"call_identifier":"FP7","_id":"258C570E-B435-11E9-9278-68D0E5697425","name":"Provable Security for Physical Cryptography","grant_number":"259668"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","citation":{"ama":"Baldimtsi F, Chase M, Fuchsbauer G, Kohlweiss M. Anonymous transferable e-cash. In: Public-Key Cryptography - PKC 2015. Vol 9020. Springer; 2015:101-124. doi:10.1007/978-3-662-46447-2_5","apa":"Baldimtsi, F., Chase, M., Fuchsbauer, G., & Kohlweiss, M. (2015). Anonymous transferable e-cash. In Public-Key Cryptography - PKC 2015 (Vol. 9020, pp. 101–124). Gaithersburg, MD, United States: Springer. https://doi.org/10.1007/978-3-662-46447-2_5","ieee":"F. Baldimtsi, M. Chase, G. Fuchsbauer, and M. Kohlweiss, “Anonymous transferable e-cash,” in Public-Key Cryptography - PKC 2015, Gaithersburg, MD, United States, 2015, vol. 9020, pp. 101–124.","short":"F. Baldimtsi, M. Chase, G. Fuchsbauer, M. Kohlweiss, in:, Public-Key Cryptography - PKC 2015, Springer, 2015, pp. 101–124.","mla":"Baldimtsi, Foteini, et al. “Anonymous Transferable E-Cash.” Public-Key Cryptography - PKC 2015, vol. 9020, Springer, 2015, pp. 101–24, doi:10.1007/978-3-662-46447-2_5.","ista":"Baldimtsi F, Chase M, Fuchsbauer G, Kohlweiss M. 2015. Anonymous transferable e-cash. Public-Key Cryptography - PKC 2015. PKC: Public Key Crypography, LNCS, vol. 9020, 101–124.","chicago":"Baldimtsi, Foteini, Melissa Chase, Georg Fuchsbauer, and Markulf Kohlweiss. “Anonymous Transferable E-Cash.” In Public-Key Cryptography - PKC 2015, 9020:101–24. Springer, 2015. https://doi.org/10.1007/978-3-662-46447-2_5."},"title":"Anonymous transferable e-cash","publist_id":"5499","author":[{"first_name":"Foteini","last_name":"Baldimtsi","full_name":"Baldimtsi, Foteini"},{"last_name":"Chase","full_name":"Chase, Melissa","first_name":"Melissa"},{"first_name":"Georg","id":"46B4C3EE-F248-11E8-B48F-1D18A9856A87","last_name":"Fuchsbauer","full_name":"Fuchsbauer, Georg"},{"full_name":"Kohlweiss, Markulf","last_name":"Kohlweiss","first_name":"Markulf"}],"article_processing_charge":"No","acknowledgement":"Work done as an intern in Microsoft Research Redmond and as a student at Brown University, where supported by NSF grant 0964379. Supported by the European Research Council, ERC Starting Grant (259668-PSPC).","publisher":"Springer","quality_controlled":"1","oa":1,"day":"17","publication":"Public-Key Cryptography - PKC 2015","year":"2015","doi":"10.1007/978-3-662-46447-2_5","date_published":"2015-03-17T00:00:00Z","date_created":"2018-12-11T11:53:15Z","page":"101 - 124","_id":"1651","status":"public","type":"conference","conference":{"name":"PKC: Public Key Crypography","start_date":"2015-03-30","location":"Gaithersburg, MD, United States","end_date":"2015-04-01"},"date_updated":"2022-05-23T10:08:37Z","department":[{"_id":"KrPi"}],"oa_version":"Published Version","abstract":[{"text":"Cryptographic e-cash allows off-line electronic transactions between a bank, users and merchants in a secure and anonymous fashion. A plethora of e-cash constructions has been proposed in the literature; however, these traditional e-cash schemes only allow coins to be transferred once between users and merchants. Ideally, we would like users to be able to transfer coins between each other multiple times before deposit, as happens with physical cash. “Transferable” e-cash schemes are the solution to this problem. Unfortunately, the currently proposed schemes are either completely impractical or do not achieve the desirable anonymity properties without compromises, such as assuming the existence of a trusted “judge” who can trace all coins and users in the system. This paper presents the first efficient and fully anonymous transferable e-cash scheme without any trusted third parties. We start by revising the security and anonymity properties of transferable e-cash to capture issues that were previously overlooked. For our construction we use the recently proposed malleable signatures by Chase et al. to allow the secure and anonymous transfer of coins, combined with a new efficient double-spending detection mechanism. Finally, we discuss an instantiation of our construction.","lang":"eng"}],"month":"03","intvolume":" 9020","scopus_import":"1","alternative_title":["LNCS"],"main_file_link":[{"url":"https://doi.org/10.1007/978-3-662-46447-2_5","open_access":"1"}],"language":[{"iso":"eng"}],"publication_identifier":{"isbn":["978-3-662-46446-5"]},"publication_status":"published","volume":9020,"ec_funded":1},{"ec_funded":1,"date_created":"2018-12-11T11:53:16Z","date_published":"2015-06-01T00:00:00Z","doi":"10.1145/2746539.2746622","page":"595 - 603","language":[{"iso":"eng"}],"publication":"Proceedings of the 47th annual ACM symposium on Theory of computing","day":"01","publication_status":"published","year":"2015","month":"06","oa":1,"main_file_link":[{"open_access":"1","url":"http://eprint.iacr.org/2014/238"}],"publisher":"ACM","scopus_import":1,"quality_controlled":"1","oa_version":"Submitted Version","abstract":[{"text":"We develop new theoretical tools for proving lower-bounds on the (amortized) complexity of certain functions in models of parallel computation. We apply the tools to construct a class of functions with high amortized memory complexity in the parallel Random Oracle Model (pROM); a variant of the standard ROM allowing for batches of simultaneous queries. In particular we obtain a new, more robust, type of Memory-Hard Functions (MHF); a security primitive which has recently been gaining acceptance in practice as an effective means of countering brute-force attacks on security relevant functions. Along the way we also demonstrate an important shortcoming of previous definitions of MHFs and give a new definition addressing the problem. The tools we develop represent an adaptation of the powerful pebbling paradigm (initially introduced by Hewitt and Paterson [HP70] and Cook [Coo73]) to a simple and intuitive parallel setting. We define a simple pebbling game Gp over graphs which aims to abstract parallel computation in an intuitive way. As a conceptual contribution we define a measure of pebbling complexity for graphs called cumulative complexity (CC) and show how it overcomes a crucial shortcoming (in the parallel setting) exhibited by more traditional complexity measures used in the past. As a main technical contribution we give an explicit construction of a constant in-degree family of graphs whose CC in Gp approaches maximality to within a polylogarithmic factor for any graph of equal size (analogous to the graphs of Tarjan et. al. [PTC76, LT82] for sequential pebbling games). Finally, for a given graph G and related function fG, we derive a lower-bound on the amortized memory complexity of fG in the pROM in terms of the CC of G in the game Gp.","lang":"eng"}],"department":[{"_id":"KrPi"}],"title":"High parallel complexity graphs and memory-hard functions","author":[{"full_name":"Alwen, Joel F","last_name":"Alwen","first_name":"Joel F","id":"2A8DFA8C-F248-11E8-B48F-1D18A9856A87"},{"last_name":"Serbinenko","full_name":"Serbinenko, Vladimir","first_name":"Vladimir"}],"publist_id":"5498","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","citation":{"ista":"Alwen JF, Serbinenko V. 2015. High parallel complexity graphs and memory-hard functions. Proceedings of the 47th annual ACM symposium on Theory of computing. STOC: Symposium on the Theory of Computing, 595–603.","chicago":"Alwen, Joel F, and Vladimir Serbinenko. “High Parallel Complexity Graphs and Memory-Hard Functions.” In Proceedings of the 47th Annual ACM Symposium on Theory of Computing, 595–603. ACM, 2015. https://doi.org/10.1145/2746539.2746622.","apa":"Alwen, J. F., & Serbinenko, V. (2015). High parallel complexity graphs and memory-hard functions. In Proceedings of the 47th annual ACM symposium on Theory of computing (pp. 595–603). Portland, OR, United States: ACM. https://doi.org/10.1145/2746539.2746622","ama":"Alwen JF, Serbinenko V. High parallel complexity graphs and memory-hard functions. In: Proceedings of the 47th Annual ACM Symposium on Theory of Computing. ACM; 2015:595-603. doi:10.1145/2746539.2746622","ieee":"J. F. Alwen and V. Serbinenko, “High parallel complexity graphs and memory-hard functions,” in Proceedings of the 47th annual ACM symposium on Theory of computing, Portland, OR, United States, 2015, pp. 595–603.","short":"J.F. Alwen, V. Serbinenko, in:, Proceedings of the 47th Annual ACM Symposium on Theory of Computing, ACM, 2015, pp. 595–603.","mla":"Alwen, Joel F., and Vladimir Serbinenko. “High Parallel Complexity Graphs and Memory-Hard Functions.” Proceedings of the 47th Annual ACM Symposium on Theory of Computing, ACM, 2015, pp. 595–603, doi:10.1145/2746539.2746622."},"date_updated":"2021-01-12T06:52:16Z","project":[{"name":"Provable Security for Physical Cryptography","grant_number":"259668","_id":"258C570E-B435-11E9-9278-68D0E5697425","call_identifier":"FP7"}],"status":"public","conference":{"start_date":"2015-06-14","location":"Portland, OR, United States","end_date":"2015-06-17","name":"STOC: Symposium on the Theory of Computing"},"type":"conference","_id":"1652"},{"file_date_updated":"2020-07-14T12:45:11Z","department":[{"_id":"KrPi"}],"ddc":["000"],"date_updated":"2022-06-07T09:51:55Z","status":"public","type":"conference","conference":{"start_date":"2015-08-16","location":"Santa Barbara, CA, United States","end_date":"2015-08-20","name":"CRYPTO: International Cryptology Conference"},"_id":"1672","series_title":"Lecture Notes in Computer Science","volume":9216,"ec_funded":1,"file":[{"file_name":"2015_CRYPTO_Alwen.pdf","date_created":"2020-05-15T08:55:29Z","file_size":397363,"date_updated":"2020-07-14T12:45:11Z","creator":"dernst","file_id":"7853","checksum":"5b6649e80d1f781a8910f7cce6427f78","content_type":"application/pdf","relation":"main_file","access_level":"open_access"}],"language":[{"iso":"eng"}],"publication_identifier":{"isbn":["978-3-662-47999-5"],"eisbn":["978-3-662-48000-7"]},"publication_status":"published","month":"08","intvolume":" 9216","alternative_title":["LNCS"],"scopus_import":"1","oa_version":"Submitted Version","abstract":[{"lang":"eng","text":"Composable notions of incoercibility aim to forbid a coercer from using anything beyond the coerced parties’ inputs and outputs to catch them when they try to deceive him. Existing definitions are restricted to weak coercion types, and/or are not universally composable. Furthermore, they often make too strong assumptions on the knowledge of coerced parties—e.g., they assume they known the identities and/or the strategies of other coerced parties, or those of corrupted parties— which makes them unsuitable for applications of incoercibility such as e-voting, where colluding adversarial parties may attempt to coerce honest voters, e.g., by offering them money for a promised vote, and use their own view to check that the voter keeps his end of the bargain. In this work we put forward the first universally composable notion of incoercible multi-party computation, which satisfies the above intuition and does not assume collusions among coerced parties or knowledge of the corrupted set. We define natural notions of UC incoercibility corresponding to standard coercion-types, i.e., receipt-freeness and resistance to full-active coercion. Importantly, our suggested notion has the unique property that it builds on top of the well studied UC framework by Canetti instead of modifying it. This guarantees backwards compatibility, and allows us to inherit results from the rich UC literature. We then present MPC protocols which realize our notions of UC incoercibility given access to an arguably minimal setup—namely honestly generate tamper-proof hardware performing a very simple cryptographic operation—e.g., a smart card. This is, to our knowledge, the first proposed construction of an MPC protocol (for more than two parties) that is incoercibly secure and universally composable, and therefore the first construction of a universally composable receipt-free e-voting protocol."}],"title":"Incoercible multi-party computation and universally composable receipt-free voting","author":[{"first_name":"Joel F","id":"2A8DFA8C-F248-11E8-B48F-1D18A9856A87","last_name":"Alwen","full_name":"Alwen, Joel F"},{"full_name":"Ostrovsky, Rafail","last_name":"Ostrovsky","first_name":"Rafail"},{"last_name":"Zhou","full_name":"Zhou, Hongsheng","first_name":"Hongsheng"},{"last_name":"Zikas","full_name":"Zikas, Vassilis","first_name":"Vassilis"}],"publist_id":"5476","article_processing_charge":"No","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","citation":{"short":"J.F. Alwen, R. Ostrovsky, H. Zhou, V. Zikas, in:, Advances in Cryptology - CRYPTO 2015, Springer, 2015, pp. 763–780.","ieee":"J. F. Alwen, R. Ostrovsky, H. Zhou, and V. Zikas, “Incoercible multi-party computation and universally composable receipt-free voting,” in Advances in Cryptology - CRYPTO 2015, Santa Barbara, CA, United States, 2015, vol. 9216, pp. 763–780.","apa":"Alwen, J. F., Ostrovsky, R., Zhou, H., & Zikas, V. (2015). Incoercible multi-party computation and universally composable receipt-free voting. In Advances in Cryptology - CRYPTO 2015 (Vol. 9216, pp. 763–780). Santa Barbara, CA, United States: Springer. https://doi.org/10.1007/978-3-662-48000-7_37","ama":"Alwen JF, Ostrovsky R, Zhou H, Zikas V. Incoercible multi-party computation and universally composable receipt-free voting. In: Advances in Cryptology - CRYPTO 2015. Vol 9216. Lecture Notes in Computer Science. Springer; 2015:763-780. doi:10.1007/978-3-662-48000-7_37","mla":"Alwen, Joel F., et al. “Incoercible Multi-Party Computation and Universally Composable Receipt-Free Voting.” Advances in Cryptology - CRYPTO 2015, vol. 9216, Springer, 2015, pp. 763–80, doi:10.1007/978-3-662-48000-7_37.","ista":"Alwen JF, Ostrovsky R, Zhou H, Zikas V. 2015. Incoercible multi-party computation and universally composable receipt-free voting. Advances in Cryptology - CRYPTO 2015. CRYPTO: International Cryptology ConferenceLecture Notes in Computer Science, LNCS, vol. 9216, 763–780.","chicago":"Alwen, Joel F, Rafail Ostrovsky, Hongsheng Zhou, and Vassilis Zikas. “Incoercible Multi-Party Computation and Universally Composable Receipt-Free Voting.” In Advances in Cryptology - CRYPTO 2015, 9216:763–80. Lecture Notes in Computer Science. Springer, 2015. https://doi.org/10.1007/978-3-662-48000-7_37."},"project":[{"call_identifier":"FP7","_id":"258C570E-B435-11E9-9278-68D0E5697425","name":"Provable Security for Physical Cryptography","grant_number":"259668"}],"doi":"10.1007/978-3-662-48000-7_37","date_published":"2015-08-01T00:00:00Z","date_created":"2018-12-11T11:53:23Z","page":"763 - 780","day":"01","publication":"Advances in Cryptology - CRYPTO 2015","has_accepted_license":"1","year":"2015","publisher":"Springer","quality_controlled":"1","oa":1,"acknowledgement":"Joël Alwen was supported by the ERC starting grant (259668-PSPC). Rafail Ostrovsky was supported in part by NSF grants 09165174, 1065276, 1118126 and 1136174, US-Israel BSF grant 2008411, OKAWA Foundation Research Award, IBM Faculty Research Award, Xerox Faculty Research Award, B. John Garrick Foundation Award, Teradata Research Award, Lockheed-Martin Corporation Research Award, and the Defense Advanced Research Projects Agency through the U.S. Office of Naval Research under Contract N00014 -11 -1-0392. The views expressed are those of the author and do not reflect the official policy or position of the Department of Defense or the U.S. Government. Vassilis Zikas was supported in part by the Swiss National Science Foundation (SNF) via the Ambizione grant PZ00P-2142549."},{"publisher":"Springer","quality_controlled":"1","oa":1,"page":"81 - 98","doi":"10.1007/978-3-319-22174-8_5","date_published":"2015-08-15T00:00:00Z","date_created":"2018-12-11T11:53:22Z","has_accepted_license":"1","year":"2015","day":"15","project":[{"_id":"258C570E-B435-11E9-9278-68D0E5697425","call_identifier":"FP7","name":"Provable Security for Physical Cryptography","grant_number":"259668"}],"author":[{"first_name":"Krzysztof Z","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","last_name":"Pietrzak","orcid":"0000-0002-9139-1654","full_name":"Pietrzak, Krzysztof Z"},{"first_name":"Maciej","full_name":"Skórski, Maciej","last_name":"Skórski"}],"publist_id":"5480","title":"The chain rule for HILL pseudoentropy, revisited","citation":{"ista":"Pietrzak KZ, Skórski M. 2015. The chain rule for HILL pseudoentropy, revisited. 9230, 81–98.","chicago":"Pietrzak, Krzysztof Z, and Maciej Skórski. “The Chain Rule for HILL Pseudoentropy, Revisited.” Lecture Notes in Computer Science. Springer, 2015. https://doi.org/10.1007/978-3-319-22174-8_5.","short":"K.Z. Pietrzak, M. Skórski, 9230 (2015) 81–98.","ieee":"K. Z. Pietrzak and M. Skórski, “The chain rule for HILL pseudoentropy, revisited,” vol. 9230. Springer, pp. 81–98, 2015.","ama":"Pietrzak KZ, Skórski M. The chain rule for HILL pseudoentropy, revisited. 2015;9230:81-98. doi:10.1007/978-3-319-22174-8_5","apa":"Pietrzak, K. Z., & Skórski, M. (2015). The chain rule for HILL pseudoentropy, revisited. Presented at the LATINCRYPT: Cryptology and Information Security in Latin America, Guadalajara, Mexico: Springer. https://doi.org/10.1007/978-3-319-22174-8_5","mla":"Pietrzak, Krzysztof Z., and Maciej Skórski. The Chain Rule for HILL Pseudoentropy, Revisited. Vol. 9230, Springer, 2015, pp. 81–98, doi:10.1007/978-3-319-22174-8_5."},"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","alternative_title":["LNCS"],"scopus_import":1,"month":"08","intvolume":" 9230","abstract":[{"lang":"eng","text":"Computational notions of entropy (a.k.a. pseudoentropy) have found many applications, including leakage-resilient cryptography, deterministic encryption or memory delegation. The most important tools to argue about pseudoentropy are chain rules, which quantify by how much (in terms of quantity and quality) the pseudoentropy of a given random variable X decreases when conditioned on some other variable Z (think for example of X as a secret key and Z as information leaked by a side-channel). In this paper we give a very simple and modular proof of the chain rule for HILL pseudoentropy, improving best known parameters. Our version allows for increasing the acceptable length of leakage in applications up to a constant factor compared to the best previous bounds. As a contribution of independent interest, we provide a comprehensive study of all known versions of the chain rule, comparing their worst-case strength and limitations."}],"oa_version":"Submitted Version","volume":9230,"ec_funded":1,"publication_status":"published","file":[{"date_updated":"2020-07-14T12:45:11Z","file_size":443340,"creator":"system","date_created":"2018-12-12T10:18:29Z","file_name":"IST-2016-669-v1+1_599.pdf","content_type":"application/pdf","access_level":"open_access","relation":"main_file","file_id":"5351","checksum":"8cd4215b83efba720e8cf27c23ff4781"}],"language":[{"iso":"eng"}],"type":"conference","conference":{"name":"LATINCRYPT: Cryptology and Information Security in Latin America","start_date":"2015-08-23","location":"Guadalajara, Mexico","end_date":"2015-08-26"},"status":"public","pubrep_id":"669","series_title":"Lecture Notes in Computer Science","_id":"1669","file_date_updated":"2020-07-14T12:45:11Z","department":[{"_id":"KrPi"}],"date_updated":"2021-01-12T06:52:24Z","ddc":["005"]},{"date_published":"2015-08-01T00:00:00Z","doi":"10.1007/978-3-662-47989-6_18","date_created":"2018-12-11T11:53:23Z","page":"368 - 387","day":"01","has_accepted_license":"1","year":"2015","quality_controlled":"1","publisher":"Springer","oa":1,"title":"The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC","publist_id":"5478","author":[{"first_name":"Peter","id":"3E0BFE38-F248-11E8-B48F-1D18A9856A87","last_name":"Gazi","full_name":"Gazi, Peter"},{"last_name":"Pietrzak","orcid":"0000-0002-9139-1654","full_name":"Pietrzak, Krzysztof Z","first_name":"Krzysztof Z","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87"},{"first_name":"Stefano","last_name":"Tessaro","full_name":"Tessaro, Stefano"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","citation":{"chicago":"Gazi, Peter, Krzysztof Z Pietrzak, and Stefano Tessaro. “The Exact PRF Security of Truncation: Tight Bounds for Keyed Sponges and Truncated CBC,” 9215:368–87. Springer, 2015. https://doi.org/10.1007/978-3-662-47989-6_18.","ista":"Gazi P, Pietrzak KZ, Tessaro S. 2015. The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC. CRYPTO: International Cryptology Conference, LNCS, vol. 9215, 368–387.","mla":"Gazi, Peter, et al. The Exact PRF Security of Truncation: Tight Bounds for Keyed Sponges and Truncated CBC. Vol. 9215, Springer, 2015, pp. 368–87, doi:10.1007/978-3-662-47989-6_18.","apa":"Gazi, P., Pietrzak, K. Z., & Tessaro, S. (2015). The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC (Vol. 9215, pp. 368–387). Presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States: Springer. https://doi.org/10.1007/978-3-662-47989-6_18","ama":"Gazi P, Pietrzak KZ, Tessaro S. The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC. In: Vol 9215. Springer; 2015:368-387. doi:10.1007/978-3-662-47989-6_18","ieee":"P. Gazi, K. Z. Pietrzak, and S. Tessaro, “The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC,” presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States, 2015, vol. 9215, pp. 368–387.","short":"P. Gazi, K.Z. Pietrzak, S. Tessaro, in:, Springer, 2015, pp. 368–387."},"project":[{"call_identifier":"FP7","_id":"258C570E-B435-11E9-9278-68D0E5697425","name":"Provable Security for Physical Cryptography","grant_number":"259668"}],"volume":9215,"ec_funded":1,"file":[{"access_level":"open_access","relation":"main_file","content_type":"application/pdf","checksum":"17d854227b3b753fd34f5d29e5b5a32e","file_id":"4827","creator":"system","date_updated":"2020-07-14T12:45:11Z","file_size":592296,"date_created":"2018-12-12T10:10:38Z","file_name":"IST-2016-673-v1+1_053.pdf"}],"language":[{"iso":"eng"}],"publication_status":"published","month":"08","intvolume":" 9215","alternative_title":["LNCS"],"scopus_import":1,"oa_version":"Submitted Version","abstract":[{"lang":"eng","text":"This paper studies the concrete security of PRFs and MACs obtained by keying hash functions based on the sponge paradigm. One such hash function is KECCAK, selected as NIST’s new SHA-3 standard. In contrast to other approaches like HMAC, the exact security of keyed sponges is not well understood. Indeed, recent security analyses delivered concrete security bounds which are far from existing attacks. This paper aims to close this gap. We prove (nearly) exact bounds on the concrete PRF security of keyed sponges using a random permutation. These bounds are tight for the most relevant ranges of parameters, i.e., for messages of length (roughly) l ≤ min{2n/4, 2r} blocks, where n is the state size and r is the desired output length; and for l ≤ q queries (to the construction or the underlying permutation). Moreover, we also improve standard-model bounds. As an intermediate step of independent interest, we prove tight bounds on the PRF security of the truncated CBC-MAC construction, which operates as plain CBC-MAC, but only returns a prefix of the output."}],"file_date_updated":"2020-07-14T12:45:11Z","department":[{"_id":"KrPi"}],"ddc":["004","005"],"date_updated":"2021-01-12T06:52:25Z","status":"public","pubrep_id":"673","type":"conference","conference":{"name":"CRYPTO: International Cryptology Conference","start_date":"2015-08-16","location":"Santa Barbara, CA, United States","end_date":"2015-08-20"},"_id":"1671"},{"title":"Relaxing full-codebook security: A refined analysis of key-length extension schemes","publist_id":"5481","author":[{"full_name":"Gazi, Peter","last_name":"Gazi","id":"3E0BFE38-F248-11E8-B48F-1D18A9856A87","first_name":"Peter"},{"first_name":"Jooyoung","last_name":"Lee","full_name":"Lee, Jooyoung"},{"last_name":"Seurin","full_name":"Seurin, Yannick","first_name":"Yannick"},{"last_name":"Steinberger","full_name":"Steinberger, John","first_name":"John"},{"last_name":"Tessaro","full_name":"Tessaro, Stefano","first_name":"Stefano"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","citation":{"mla":"Gazi, Peter, et al. Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes. Vol. 9054, Springer, 2015, pp. 319–41, doi:10.1007/978-3-662-48116-5_16.","ieee":"P. Gazi, J. Lee, Y. Seurin, J. Steinberger, and S. Tessaro, “Relaxing full-codebook security: A refined analysis of key-length extension schemes,” vol. 9054. Springer, pp. 319–341, 2015.","short":"P. Gazi, J. Lee, Y. Seurin, J. Steinberger, S. Tessaro, 9054 (2015) 319–341.","apa":"Gazi, P., Lee, J., Seurin, Y., Steinberger, J., & Tessaro, S. (2015). Relaxing full-codebook security: A refined analysis of key-length extension schemes. Presented at the FSE: Fast Software Encryption, Istanbul, Turkey: Springer. https://doi.org/10.1007/978-3-662-48116-5_16","ama":"Gazi P, Lee J, Seurin Y, Steinberger J, Tessaro S. Relaxing full-codebook security: A refined analysis of key-length extension schemes. 2015;9054:319-341. doi:10.1007/978-3-662-48116-5_16","chicago":"Gazi, Peter, Jooyoung Lee, Yannick Seurin, John Steinberger, and Stefano Tessaro. “Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes.” Lecture Notes in Computer Science. Springer, 2015. https://doi.org/10.1007/978-3-662-48116-5_16.","ista":"Gazi P, Lee J, Seurin Y, Steinberger J, Tessaro S. 2015. Relaxing full-codebook security: A refined analysis of key-length extension schemes. 9054, 319–341."},"project":[{"grant_number":"259668","name":"Provable Security for Physical Cryptography","_id":"258C570E-B435-11E9-9278-68D0E5697425","call_identifier":"FP7"}],"date_created":"2018-12-11T11:53:22Z","date_published":"2015-08-12T00:00:00Z","doi":"10.1007/978-3-662-48116-5_16","page":"319 - 341","day":"12","year":"2015","oa":1,"publisher":"Springer","quality_controlled":"1","department":[{"_id":"KrPi"}],"date_updated":"2020-08-11T10:09:26Z","status":"public","conference":{"name":"FSE: Fast Software Encryption","location":"Istanbul, Turkey","end_date":"2015-03-11","start_date":"2015-03-08"},"type":"conference","series_title":"Lecture Notes in Computer Science","_id":"1668","ec_funded":1,"volume":9054,"language":[{"iso":"eng"}],"publication_status":"published","intvolume":" 9054","month":"08","main_file_link":[{"open_access":"1","url":"http://eprint.iacr.org/2015/397"}],"alternative_title":["LNCS"],"scopus_import":1,"oa_version":"Submitted Version","abstract":[{"lang":"eng","text":"We revisit the security (as a pseudorandom permutation) of cascading-based constructions for block-cipher key-length extension. Previous works typically considered the extreme case where the adversary is given the entire codebook of the construction, the only complexity measure being the number qe of queries to the underlying ideal block cipher, representing adversary’s secret-key-independent computation. Here, we initiate a systematic study of the more natural case of an adversary restricted to adaptively learning a number qc of plaintext/ciphertext pairs that is less than the entire codebook. For any such qc, we aim to determine the highest number of block-cipher queries qe the adversary can issue without being able to successfully distinguish the construction (under a secret key) from a random permutation.\r\nMore concretely, we show the following results for key-length extension schemes using a block cipher with n-bit blocks and κ-bit keys:\r\nPlain cascades of length ℓ=2r+1 are secure whenever qcqre≪2r(κ+n), qc≪2κ and qe≪22κ. The bound for r=1 also applies to two-key triple encryption (as used within Triple DES).\r\nThe r-round XOR-cascade is secure as long as qcqre≪2r(κ+n), matching an attack by Gaži (CRYPTO 2013).\r\nWe fully characterize the security of Gaži and Tessaro’s two-call "}]},{"publication_status":"published","publication_identifier":{"issn":["0302-9743"],"isbn":["9783662479995"]},"language":[{"iso":"eng"}],"ec_funded":1,"related_material":{"record":[{"id":"2274","status":"public","relation":"earlier_version"}]},"volume":9216,"abstract":[{"lang":"eng","text":"Proofs of work (PoW) have been suggested by Dwork and Naor (Crypto’92) as protection to a shared resource. The basic idea is to ask the service requestor to dedicate some non-trivial amount of computational work to every request. The original applications included prevention of spam and protection against denial of service attacks. More recently, PoWs have been used to prevent double spending in the Bitcoin digital currency system. In this work, we put forward an alternative concept for PoWs - so-called proofs of space (PoS), where a service requestor must dedicate a significant amount of disk space as opposed to computation. We construct secure PoS schemes in the random oracle model (with one additional mild assumption required for the proof to go through), using graphs with high “pebbling complexity” and Merkle hash-trees. We discuss some applications, including follow-up work where a decentralized digital currency scheme called Spacecoin is constructed that uses PoS (instead of wasteful PoW like in Bitcoin) to prevent double spending. The main technical contribution of this work is the construction of (directed, loop-free) graphs on N vertices with in-degree O(log logN) such that even if one places Θ(N) pebbles on the nodes of the graph, there’s a constant fraction of nodes that needs Θ(N) steps to be pebbled (where in every step one can put a pebble on a node if all its parents have a pebble)."}],"oa_version":"Preprint","main_file_link":[{"url":"https://eprint.iacr.org/2013/796.pdf","open_access":"1"}],"alternative_title":["LNCS"],"scopus_import":"1","intvolume":" 9216","month":"08","date_updated":"2024-03-20T08:31:49Z","department":[{"_id":"VlKo"},{"_id":"KrPi"}],"_id":"1675","conference":{"start_date":"2015-08-16","end_date":"2015-08-20","location":"Santa Barbara, CA, United States","name":"CRYPTO: International Cryptology Conference"},"type":"conference","pubrep_id":"671","status":"public","year":"2015","publication":"35th Annual Cryptology Conference","day":"01","page":"585 - 605","date_created":"2018-12-11T11:53:24Z","date_published":"2015-08-01T00:00:00Z","doi":"10.1007/978-3-662-48000-7_29","oa":1,"quality_controlled":"1","publisher":"Springer","citation":{"chicago":"Dziembowski, Stefan, Sebastian Faust, Vladimir Kolmogorov, and Krzysztof Z Pietrzak. “Proofs of Space.” In 35th Annual Cryptology Conference, 9216:585–605. Springer, 2015. https://doi.org/10.1007/978-3-662-48000-7_29.","ista":"Dziembowski S, Faust S, Kolmogorov V, Pietrzak KZ. 2015. Proofs of space. 35th Annual Cryptology Conference. CRYPTO: International Cryptology Conference, LNCS, vol. 9216, 585–605.","mla":"Dziembowski, Stefan, et al. “Proofs of Space.” 35th Annual Cryptology Conference, vol. 9216, Springer, 2015, pp. 585–605, doi:10.1007/978-3-662-48000-7_29.","ama":"Dziembowski S, Faust S, Kolmogorov V, Pietrzak KZ. Proofs of space. In: 35th Annual Cryptology Conference. Vol 9216. Springer; 2015:585-605. doi:10.1007/978-3-662-48000-7_29","apa":"Dziembowski, S., Faust, S., Kolmogorov, V., & Pietrzak, K. Z. (2015). Proofs of space. In 35th Annual Cryptology Conference (Vol. 9216, pp. 585–605). Santa Barbara, CA, United States: Springer. https://doi.org/10.1007/978-3-662-48000-7_29","ieee":"S. Dziembowski, S. Faust, V. Kolmogorov, and K. Z. Pietrzak, “Proofs of space,” in 35th Annual Cryptology Conference, Santa Barbara, CA, United States, 2015, vol. 9216, pp. 585–605.","short":"S. Dziembowski, S. Faust, V. Kolmogorov, K.Z. Pietrzak, in:, 35th Annual Cryptology Conference, Springer, 2015, pp. 585–605."},"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","article_processing_charge":"No","author":[{"first_name":"Stefan","full_name":"Dziembowski, Stefan","last_name":"Dziembowski"},{"first_name":"Sebastian","last_name":"Faust","full_name":"Faust, Sebastian"},{"id":"3D50B0BA-F248-11E8-B48F-1D18A9856A87","first_name":"Vladimir","full_name":"Kolmogorov, Vladimir","last_name":"Kolmogorov"},{"id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","first_name":"Krzysztof Z","last_name":"Pietrzak","full_name":"Pietrzak, Krzysztof Z","orcid":"0000-0002-9139-1654"}],"publist_id":"5474","title":"Proofs of space","project":[{"grant_number":"616160","name":"Discrete Optimization in Computer Vision: Theory and Practice","_id":"25FBA906-B435-11E9-9278-68D0E5697425","call_identifier":"FP7"},{"name":"Provable Security for Physical Cryptography","grant_number":"259668","_id":"258C570E-B435-11E9-9278-68D0E5697425","call_identifier":"FP7"}]},{"publisher":"Springer","oa":1,"doi":"10.1007/978-3-319-10879-7_7","date_published":"2014-01-01T00:00:00Z","date_created":"2018-12-11T11:53:13Z","page":"95 - 114","day":"01","publication":"SCN 2014","year":"2014","project":[{"_id":"258C570E-B435-11E9-9278-68D0E5697425","call_identifier":"FP7","grant_number":"259668","name":"Provable Security for Physical Cryptography"}],"editor":[{"first_name":"Michel","last_name":"Abdalla","full_name":"Abdalla, Michel"},{"first_name":"Roberto","full_name":"De Prisco, Roberto","last_name":"De Prisco"}],"title":"Constrained Verifiable Random Functions ","author":[{"last_name":"Fuchsbauer","full_name":"Fuchsbauer, Georg","first_name":"Georg","id":"46B4C3EE-F248-11E8-B48F-1D18A9856A87"}],"publist_id":"5509","user_id":"4435EBFC-F248-11E8-B48F-1D18A9856A87","citation":{"chicago":"Fuchsbauer, Georg. “Constrained Verifiable Random Functions .” In SCN 2014, edited by Michel Abdalla and Roberto De Prisco, 8642:95–114. Springer, 2014. https://doi.org/10.1007/978-3-319-10879-7_7.","ista":"Fuchsbauer G. 2014. Constrained Verifiable Random Functions . SCN 2014. SCN: Security and Cryptography for Networks, LNCS, vol. 8642, 95–114.","mla":"Fuchsbauer, Georg. “Constrained Verifiable Random Functions .” SCN 2014, edited by Michel Abdalla and Roberto De Prisco, vol. 8642, Springer, 2014, pp. 95–114, doi:10.1007/978-3-319-10879-7_7.","short":"G. Fuchsbauer, in:, M. Abdalla, R. De Prisco (Eds.), SCN 2014, Springer, 2014, pp. 95–114.","ieee":"G. Fuchsbauer, “Constrained Verifiable Random Functions ,” in SCN 2014, Amalfi, Italy, 2014, vol. 8642, pp. 95–114.","ama":"Fuchsbauer G. Constrained Verifiable Random Functions . In: Abdalla M, De Prisco R, eds. SCN 2014. Vol 8642. Springer; 2014:95-114. doi:10.1007/978-3-319-10879-7_7","apa":"Fuchsbauer, G. (2014). Constrained Verifiable Random Functions . In M. Abdalla & R. De Prisco (Eds.), SCN 2014 (Vol. 8642, pp. 95–114). Amalfi, Italy: Springer. https://doi.org/10.1007/978-3-319-10879-7_7"},"month":"01","intvolume":" 8642","alternative_title":["LNCS"],"scopus_import":1,"main_file_link":[{"url":"http://eprint.iacr.org/2014/537","open_access":"1"}],"oa_version":"Submitted Version","abstract":[{"text":"We extend the notion of verifiable random functions (VRF) to constrained VRFs, which generalize the concept of constrained pseudorandom functions, put forward by Boneh and Waters (Asiacrypt’13), and independently by Kiayias et al. (CCS’13) and Boyle et al. (PKC’14), who call them delegatable PRFs and functional PRFs, respectively. In a standard VRF the secret key sk allows one to evaluate a pseudorandom function at any point of its domain; in addition, it enables computation of a non-interactive proof that the function value was computed correctly. In a constrained VRF from the key sk one can derive constrained keys skS for subsets S of the domain, which allow computation of function values and proofs only at points in S. After formally defining constrained VRFs, we derive instantiations from the multilinear-maps-based constrained PRFs by Boneh and Waters, yielding a VRF with constrained keys for any set that can be decided by a polynomial-size circuit. Our VRFs have the same function values as the Boneh-Waters PRFs and are proved secure under the same hardness assumption, showing that verifiability comes at no cost. Constrained (functional) VRFs were stated as an open problem by Boyle et al.","lang":"eng"}],"volume":8642,"ec_funded":1,"language":[{"iso":"eng"}],"publication_status":"published","status":"public","type":"conference","conference":{"name":"SCN: Security and Cryptography for Networks","end_date":"2014-09-05","location":"Amalfi, Italy","start_date":"2014-09-03"},"_id":"1643","department":[{"_id":"KrPi"}],"date_updated":"2021-01-12T06:52:12Z"},{"article_number":"6875125","_id":"1907","status":"public","type":"conference","conference":{"start_date":"2014-06-29","end_date":"2014-07-04","location":"Honolulu, USA","name":"IEEE International Symposium on Information Theory Proceedings"},"user_id":"4435EBFC-F248-11E8-B48F-1D18A9856A87","date_updated":"2021-01-12T06:53:59Z","citation":{"mla":"Demay, Grégory, et al. “Optimality of Non-Adaptive Strategies: The Case of Parallel Games.” IEEE International Symposium on Information Theory, 6875125, IEEE, 2014, doi:10.1109/ISIT.2014.6875125.","apa":"Demay, G., Gazi, P., Maurer, U., & Tackmann, B. (2014). Optimality of non-adaptive strategies: The case of parallel games. In IEEE International Symposium on Information Theory. Honolulu, USA: IEEE. https://doi.org/10.1109/ISIT.2014.6875125","ama":"Demay G, Gazi P, Maurer U, Tackmann B. Optimality of non-adaptive strategies: The case of parallel games. In: IEEE International Symposium on Information Theory. IEEE; 2014. doi:10.1109/ISIT.2014.6875125","ieee":"G. Demay, P. Gazi, U. Maurer, and B. Tackmann, “Optimality of non-adaptive strategies: The case of parallel games,” in IEEE International Symposium on Information Theory, Honolulu, USA, 2014.","short":"G. Demay, P. Gazi, U. Maurer, B. Tackmann, in:, IEEE International Symposium on Information Theory, IEEE, 2014.","chicago":"Demay, Grégory, Peter Gazi, Ueli Maurer, and Björn Tackmann. “Optimality of Non-Adaptive Strategies: The Case of Parallel Games.” In IEEE International Symposium on Information Theory. IEEE, 2014. https://doi.org/10.1109/ISIT.2014.6875125.","ista":"Demay G, Gazi P, Maurer U, Tackmann B. 2014. Optimality of non-adaptive strategies: The case of parallel games. IEEE International Symposium on Information Theory. IEEE International Symposium on Information Theory Proceedings, 6875125."},"department":[{"_id":"KrPi"}],"title":"Optimality of non-adaptive strategies: The case of parallel games","publist_id":"5188","author":[{"last_name":"Demay","full_name":"Demay, Grégory","first_name":"Grégory"},{"last_name":"Gazi","full_name":"Gazi, Peter","id":"3E0BFE38-F248-11E8-B48F-1D18A9856A87","first_name":"Peter"},{"first_name":"Ueli","full_name":"Maurer, Ueli","last_name":"Maurer"},{"first_name":"Björn","full_name":"Tackmann, Björn","last_name":"Tackmann"}],"oa_version":"Submitted Version","abstract":[{"text":"Most cryptographic security proofs require showing that two systems are indistinguishable. A central tool in such proofs is that of a game, where winning the game means provoking a certain condition, and it is shown that the two systems considered cannot be distinguished unless this condition is provoked. Upper bounding the probability of winning such a game, i.e., provoking this condition, for an arbitrary strategy is usually hard, except in the special case where the best strategy for winning such a game is known to be non-adaptive. A sufficient criterion for ensuring the optimality of non-adaptive strategies is that of conditional equivalence to a system, a notion introduced in [1]. In this paper, we show that this criterion is not necessary to ensure the optimality of non-adaptive strategies by giving two results of independent interest: 1) the optimality of non-adaptive strategies is not preserved under parallel composition; 2) in contrast, conditional equivalence is preserved under parallel composition.","lang":"eng"}],"month":"01","publisher":"IEEE","scopus_import":1,"quality_controlled":"1","oa":1,"main_file_link":[{"url":"https://eprint.iacr.org/2014/299","open_access":"1"}],"day":"01","language":[{"iso":"eng"}],"publication":"IEEE International Symposium on Information Theory","publication_status":"published","year":"2014","doi":"10.1109/ISIT.2014.6875125","date_published":"2014-01-01T00:00:00Z","date_created":"2018-12-11T11:54:39Z"},{"_id":"2045","type":"conference","conference":{"location":"Buenos Aires, Argentina","end_date":"2014-03-28","start_date":"2014-03-26","name":"PKC: Public Key Crypography"},"status":"public","date_updated":"2021-01-12T06:54:57Z","department":[{"_id":"KrPi"}],"abstract":[{"text":"We introduce and study a new notion of enhanced chosen-ciphertext security (ECCA) for public-key encryption. Loosely speaking, in the ECCA security experiment, the decryption oracle provided to the adversary is augmented to return not only the output of the decryption algorithm on a queried ciphertext but also of a randomness-recovery algorithm associated to the scheme. Our results mainly concern the case where the randomness-recovery algorithm is efficient. We provide constructions of ECCA-secure encryption from adaptive trapdoor functions as defined by Kiltz et al. (EUROCRYPT 2010), resulting in ECCA encryption from standard number-theoretic assumptions. We then give two applications of ECCA-secure encryption: (1) We use it as a unifying concept in showing equivalence of adaptive trapdoor functions and tag-based adaptive trapdoor functions, resolving an open question of Kiltz et al. (2) We show that ECCA-secure encryption can be used to securely realize an approach to public-key encryption with non-interactive opening (PKENO) originally suggested by Damgård and Thorbek (EUROCRYPT 2007), resulting in new and practical PKENO schemes quite different from those in prior work. Our results demonstrate that ECCA security is of both practical and theoretical interest.","lang":"eng"}],"oa_version":"Submitted Version","alternative_title":["LNCS"],"scopus_import":1,"main_file_link":[{"open_access":"1","url":"https://eprint.iacr.org/2012/543"}],"month":"01","intvolume":" 8383","publication_status":"published","language":[{"iso":"eng"}],"volume":8383,"ec_funded":1,"project":[{"call_identifier":"FP7","_id":"258C570E-B435-11E9-9278-68D0E5697425","name":"Provable Security for Physical Cryptography","grant_number":"259668"}],"citation":{"ieee":"D. Dachman Soled, G. Fuchsbauer, P. Mohassel, and A. O’Neill, “Enhanced chosen-ciphertext security and applications,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Buenos Aires, Argentina, 2014, vol. 8383, pp. 329–344.","short":"D. Dachman Soled, G. Fuchsbauer, P. Mohassel, A. O’Neill, in:, H. Krawczyk (Ed.), Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer, 2014, pp. 329–344.","ama":"Dachman Soled D, Fuchsbauer G, Mohassel P, O’Neill A. Enhanced chosen-ciphertext security and applications. In: Krawczyk H, ed. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol 8383. Springer; 2014:329-344. doi:10.1007/978-3-642-54631-0_19","apa":"Dachman Soled, D., Fuchsbauer, G., Mohassel, P., & O’Neill, A. (2014). Enhanced chosen-ciphertext security and applications. In H. Krawczyk (Ed.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8383, pp. 329–344). Buenos Aires, Argentina: Springer. https://doi.org/10.1007/978-3-642-54631-0_19","mla":"Dachman Soled, Dana, et al. “Enhanced Chosen-Ciphertext Security and Applications.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, vol. 8383, Springer, 2014, pp. 329–44, doi:10.1007/978-3-642-54631-0_19.","ista":"Dachman Soled D, Fuchsbauer G, Mohassel P, O’Neill A. 2014. Enhanced chosen-ciphertext security and applications. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PKC: Public Key Crypography, LNCS, vol. 8383, 329–344.","chicago":"Dachman Soled, Dana, Georg Fuchsbauer, Payman Mohassel, and Adam O’Neill. “Enhanced Chosen-Ciphertext Security and Applications.” In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, 8383:329–44. Springer, 2014. https://doi.org/10.1007/978-3-642-54631-0_19."},"user_id":"4435EBFC-F248-11E8-B48F-1D18A9856A87","publist_id":"5006","author":[{"first_name":"Dana","last_name":"Dachman Soled","full_name":"Dachman Soled, Dana"},{"last_name":"Fuchsbauer","full_name":"Fuchsbauer, Georg","first_name":"Georg","id":"46B4C3EE-F248-11E8-B48F-1D18A9856A87"},{"full_name":"Mohassel, Payman","last_name":"Mohassel","first_name":"Payman"},{"last_name":"O’Neill","full_name":"O’Neill, Adam","first_name":"Adam"}],"editor":[{"first_name":"Hugo","full_name":"Krawczyk, Hugo","last_name":"Krawczyk"}],"title":"Enhanced chosen-ciphertext security and applications","acknowledgement":"The second author was supported by EPSRC grant EP/H043454/1.","quality_controlled":"1","publisher":"Springer","oa":1,"year":"2014","day":"01","publication":"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)","page":"329 - 344","doi":"10.1007/978-3-642-54631-0_19","date_published":"2014-01-01T00:00:00Z","date_created":"2018-12-11T11:55:24Z"},{"day":"01","publication":"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)","year":"2014","date_published":"2014-01-01T00:00:00Z","doi":"10.1007/978-3-319-11257-2_14","date_created":"2018-12-11T11:55:24Z","page":"170 - 184","acknowledgement":"This research was partially supported by BCS- 0941518 to the Department of Statistics at Carnegie Mellon University.","publisher":"Springer","quality_controlled":"1","oa":1,"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","citation":{"chicago":"Yu, Fei, Michal Rybar, Caroline Uhler, and Stephen Fienberg. “Differentially-Private Logistic Regression for Detecting Multiple-SNP Association in GWAS Databases.” In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Josep Domingo Ferrer, 8744:170–84. Springer, 2014. https://doi.org/10.1007/978-3-319-11257-2_14.","ista":"Yu F, Rybar M, Uhler C, Fienberg S. 2014. Differentially-private logistic regression for detecting multiple-SNP association in GWAS databases. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PSD: Privacy in Statistical Databases, LNCS, vol. 8744, 170–184.","mla":"Yu, Fei, et al. “Differentially-Private Logistic Regression for Detecting Multiple-SNP Association in GWAS Databases.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Josep Domingo Ferrer, vol. 8744, Springer, 2014, pp. 170–84, doi:10.1007/978-3-319-11257-2_14.","apa":"Yu, F., Rybar, M., Uhler, C., & Fienberg, S. (2014). Differentially-private logistic regression for detecting multiple-SNP association in GWAS databases. In J. Domingo Ferrer (Ed.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8744, pp. 170–184). Ibiza, Spain: Springer. https://doi.org/10.1007/978-3-319-11257-2_14","ama":"Yu F, Rybar M, Uhler C, Fienberg S. Differentially-private logistic regression for detecting multiple-SNP association in GWAS databases. In: Domingo Ferrer J, ed. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol 8744. Springer; 2014:170-184. doi:10.1007/978-3-319-11257-2_14","short":"F. Yu, M. Rybar, C. Uhler, S. Fienberg, in:, J. Domingo Ferrer (Ed.), Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer, 2014, pp. 170–184.","ieee":"F. Yu, M. Rybar, C. Uhler, and S. Fienberg, “Differentially-private logistic regression for detecting multiple-SNP association in GWAS databases,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Ibiza, Spain, 2014, vol. 8744, pp. 170–184."},"title":"Differentially-private logistic regression for detecting multiple-SNP association in GWAS databases","editor":[{"full_name":"Domingo Ferrer, Josep","last_name":"Domingo Ferrer","first_name":"Josep"}],"publist_id":"5004","author":[{"last_name":"Yu","full_name":"Yu, Fei","first_name":"Fei"},{"last_name":"Rybar","full_name":"Rybar, Michal","id":"2B3E3DE8-F248-11E8-B48F-1D18A9856A87","first_name":"Michal"},{"last_name":"Uhler","full_name":"Uhler, Caroline","orcid":"0000-0002-7008-0216","first_name":"Caroline","id":"49ADD78E-F248-11E8-B48F-1D18A9856A87"},{"full_name":"Fienberg, Stephen","last_name":"Fienberg","first_name":"Stephen"}],"external_id":{"arxiv":["1407.8067"]},"project":[{"grant_number":"11-NSF-1070","name":"ROOTS Genome-wide Analysis of Root Traits","_id":"25636330-B435-11E9-9278-68D0E5697425"}],"language":[{"iso":"eng"}],"publication_status":"published","volume":8744,"oa_version":"Submitted Version","abstract":[{"text":"Following the publication of an attack on genome-wide association studies (GWAS) data proposed by Homer et al., considerable attention has been given to developing methods for releasing GWAS data in a privacy-preserving way. Here, we develop an end-to-end differentially private method for solving regression problems with convex penalty functions and selecting the penalty parameters by cross-validation. In particular, we focus on penalized logistic regression with elastic-net regularization, a method widely used to in GWAS analyses to identify disease-causing genes. We show how a differentially private procedure for penalized logistic regression with elastic-net regularization can be applied to the analysis of GWAS data and evaluate our method’s performance.","lang":"eng"}],"month":"01","intvolume":" 8744","alternative_title":["LNCS"],"scopus_import":1,"main_file_link":[{"url":"http://arxiv.org/abs/1407.8067","open_access":"1"}],"date_updated":"2021-01-12T06:54:57Z","department":[{"_id":"KrPi"},{"_id":"CaUh"}],"_id":"2047","status":"public","type":"conference","conference":{"start_date":"2014-09-17","end_date":"2014-09-19","location":"Ibiza, Spain","name":"PSD: Privacy in Statistical Databases"}},{"project":[{"call_identifier":"FP7","_id":"258C570E-B435-11E9-9278-68D0E5697425","name":"Provable Security for Physical Cryptography","grant_number":"259668"}],"title":"Policy-based signatures","editor":[{"first_name":"Hugo","full_name":"Krawczyk, Hugo","last_name":"Krawczyk"}],"publist_id":"5005","author":[{"first_name":"Mihir","full_name":"Bellare, Mihir","last_name":"Bellare"},{"full_name":"Fuchsbauer, Georg","last_name":"Fuchsbauer","id":"46B4C3EE-F248-11E8-B48F-1D18A9856A87","first_name":"Georg"}],"user_id":"4435EBFC-F248-11E8-B48F-1D18A9856A87","citation":{"ista":"Bellare M, Fuchsbauer G. 2014. Policy-based signatures. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PKC: Public Key Crypography, LNCS, vol. 8383, 520–537.","chicago":"Bellare, Mihir, and Georg Fuchsbauer. “Policy-Based Signatures.” In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, 8383:520–37. Springer, 2014. https://doi.org/10.1007/978-3-642-54631-0_30.","ieee":"M. Bellare and G. Fuchsbauer, “Policy-based signatures,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Buenos Aires, Argentina, 2014, vol. 8383, pp. 520–537.","short":"M. Bellare, G. Fuchsbauer, in:, H. Krawczyk (Ed.), Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer, 2014, pp. 520–537.","apa":"Bellare, M., & Fuchsbauer, G. (2014). Policy-based signatures. In H. Krawczyk (Ed.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8383, pp. 520–537). Buenos Aires, Argentina: Springer. https://doi.org/10.1007/978-3-642-54631-0_30","ama":"Bellare M, Fuchsbauer G. Policy-based signatures. In: Krawczyk H, ed. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol 8383. Springer; 2014:520-537. doi:10.1007/978-3-642-54631-0_30","mla":"Bellare, Mihir, and Georg Fuchsbauer. “Policy-Based Signatures.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, vol. 8383, Springer, 2014, pp. 520–37, doi:10.1007/978-3-642-54631-0_30."},"oa":1,"quality_controlled":"1","publisher":"Springer","acknowledgement":"Part of his work was done while at Bristol University, supported by EPSRC grant EP/H043454/1.","date_created":"2018-12-11T11:55:24Z","date_published":"2014-01-01T00:00:00Z","doi":"10.1007/978-3-642-54631-0_30","page":"520 - 537","publication":"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)","day":"01","year":"2014","status":"public","conference":{"name":"PKC: Public Key Crypography","end_date":"2014-05-28","location":"Buenos Aires, Argentina","start_date":"2014-05-26"},"type":"conference","_id":"2046","department":[{"_id":"KrPi"}],"date_updated":"2021-01-12T06:54:57Z","intvolume":" 8383","month":"01","main_file_link":[{"open_access":"1","url":"https://eprint.iacr.org/2013/413"}],"alternative_title":["LNCS"],"scopus_import":1,"oa_version":"Submitted Version","abstract":[{"text":"We introduce policy-based signatures (PBS), where a signer can only sign messages conforming to some authority-specified policy. The main requirements are unforgeability and privacy, the latter meaning that signatures not reveal the policy. PBS offers value along two fronts: (1) On the practical side, they allow a corporation to control what messages its employees can sign under the corporate key. (2) On the theoretical side, they unify existing work, capturing other forms of signatures as special cases or allowing them to be easily built. Our work focuses on definitions of PBS, proofs that this challenging primitive is realizable for arbitrary policies, efficient constructions for specific policies, and a few representative applications.","lang":"eng"}],"ec_funded":1,"volume":8383,"language":[{"iso":"eng"}],"publication_status":"published"},{"user_id":"4435EBFC-F248-11E8-B48F-1D18A9856A87","citation":{"ista":"Dodis Y, Pietrzak KZ, Wichs D. 2014. Key derivation without entropy waste. EUROCRYPT: Theory and Applications of Cryptographic Techniques, LNCS, vol. 8441, 93–110.","chicago":"Dodis, Yevgeniy, Krzysztof Z Pietrzak, and Daniel Wichs. “Key Derivation without Entropy Waste.” edited by Phong Nguyen and Elisabeth Oswald, 8441:93–110. Springer, 2014. https://doi.org/10.1007/978-3-642-55220-5_6.","ieee":"Y. Dodis, K. Z. Pietrzak, and D. Wichs, “Key derivation without entropy waste,” presented at the EUROCRYPT: Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, 2014, vol. 8441, pp. 93–110.","short":"Y. Dodis, K.Z. Pietrzak, D. Wichs, in:, P. Nguyen, E. Oswald (Eds.), Springer, 2014, pp. 93–110.","ama":"Dodis Y, Pietrzak KZ, Wichs D. Key derivation without entropy waste. In: Nguyen P, Oswald E, eds. Vol 8441. Springer; 2014:93-110. doi:10.1007/978-3-642-55220-5_6","apa":"Dodis, Y., Pietrzak, K. Z., & Wichs, D. (2014). Key derivation without entropy waste. In P. Nguyen & E. Oswald (Eds.) (Vol. 8441, pp. 93–110). Presented at the EUROCRYPT: Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark: Springer. https://doi.org/10.1007/978-3-642-55220-5_6","mla":"Dodis, Yevgeniy, et al. Key Derivation without Entropy Waste. Edited by Phong Nguyen and Elisabeth Oswald, vol. 8441, Springer, 2014, pp. 93–110, doi:10.1007/978-3-642-55220-5_6."},"editor":[{"full_name":"Nguyen, Phong","last_name":"Nguyen","first_name":"Phong"},{"last_name":"Oswald","full_name":"Oswald, Elisabeth","first_name":"Elisabeth"}],"title":"Key derivation without entropy waste","publist_id":"4795","author":[{"first_name":"Yevgeniy","last_name":"Dodis","full_name":"Dodis, Yevgeniy"},{"id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","first_name":"Krzysztof Z","orcid":"0000-0002-9139-1654","full_name":"Pietrzak, Krzysztof Z","last_name":"Pietrzak"},{"last_name":"Wichs","full_name":"Wichs, Daniel","first_name":"Daniel"}],"day":"01","has_accepted_license":"1","year":"2014","date_published":"2014-04-01T00:00:00Z","doi":"10.1007/978-3-642-55220-5_6","date_created":"2018-12-11T11:56:12Z","page":"93 - 110","quality_controlled":"1","publisher":"Springer","oa":1,"ddc":["000","004"],"date_updated":"2021-01-12T06:55:51Z","file_date_updated":"2020-07-14T12:45:31Z","department":[{"_id":"KrPi"}],"_id":"2185","status":"public","pubrep_id":"680","type":"conference","conference":{"name":"EUROCRYPT: Theory and Applications of Cryptographic Techniques","start_date":"2014-05-11","end_date":"2014-05-15","location":"Copenhagen, Denmark"},"file":[{"relation":"main_file","access_level":"open_access","content_type":"application/pdf","checksum":"da1aa01221086083b23c92e547b48ff4","file_id":"4705","creator":"system","file_size":505389,"date_updated":"2020-07-14T12:45:31Z","file_name":"IST-2016-680-v1+1_708.pdf","date_created":"2018-12-12T10:08:43Z"}],"language":[{"iso":"eng"}],"publication_status":"published","volume":8441,"oa_version":"Submitted Version","abstract":[{"text":"We revisit the classical problem of converting an imperfect source of randomness into a usable cryptographic key. Assume that we have some cryptographic application P that expects a uniformly random m-bit key R and ensures that the best attack (in some complexity class) against P(R) has success probability at most δ. Our goal is to design a key-derivation function (KDF) h that converts any random source X of min-entropy k into a sufficiently "good" key h(X), guaranteeing that P(h(X)) has comparable security δ′ which is 'close' to δ. Seeded randomness extractors provide a generic way to solve this problem for all applications P, with resulting security δ′ = O(δ), provided that we start with entropy k ≥ m + 2 log (1/δ) - O(1). By a result of Radhakrishnan and Ta-Shma, this bound on k (called the "RT-bound") is also known to be tight in general. Unfortunately, in many situations the loss of 2 log (1/δ) bits of entropy is unacceptable. This motivates the study KDFs with less entropy waste by placing some restrictions on the source X or the application P. In this work we obtain the following new positive and negative results in this regard: - Efficient samplability of the source X does not help beat the RT-bound for general applications. This resolves the SRT (samplable RT) conjecture of Dachman-Soled et al. [DGKM12] in the affirmative, and also shows that the existence of computationally-secure extractors beating the RT-bound implies the existence of one-way functions. - We continue in the line of work initiated by Barak et al. [BDK+11] and construct new information-theoretic KDFs which beat the RT-bound for large but restricted classes of applications. Specifically, we design efficient KDFs that work for all unpredictability applications P (e.g., signatures, MACs, one-way functions, etc.) and can either: (1) extract all of the entropy k = m with a very modest security loss δ′ = O(δ·log (1/δ)), or alternatively, (2) achieve essentially optimal security δ′ = O(δ) with a very modest entropy loss k ≥ m + loglog (1/δ). In comparison, the best prior results from [BDK+11] for this class of applications would only guarantee δ′ = O(√δ) when k = m, and would need k ≥ m + log (1/δ) to get δ′ = O(δ). - The weaker bounds of [BDK+11] hold for a larger class of so-called "square- friendly" applications (which includes all unpredictability, but also some important indistinguishability, applications). Unfortunately, we show that these weaker bounds are tight for the larger class of applications. - We abstract out a clean, information-theoretic notion of (k,δ,δ′)- unpredictability extractors, which guarantee "induced" security δ′ for any δ-secure unpredictability application P, and characterize the parameters achievable for such unpredictability extractors. Of independent interest, we also relate this notion to the previously-known notion of (min-entropy) condensers, and improve the state-of-the-art parameters for such condensers.","lang":"eng"}],"month":"04","intvolume":" 8441","scopus_import":1,"alternative_title":["LNCS"]},{"date_published":"2014-03-01T00:00:00Z","doi":"10.1007/978-3-642-54631-0_1","date_created":"2018-12-11T11:56:24Z","page":"1 - 18","day":"01","year":"2014","quality_controlled":"1","publisher":"Springer","oa":1,"title":"Simple chosen-ciphertext security from low noise LPN","author":[{"first_name":"Eike","last_name":"Kiltz","full_name":"Kiltz, Eike"},{"first_name":"Daniel","last_name":"Masny","full_name":"Masny, Daniel"},{"id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","first_name":"Krzysztof Z","orcid":"0000-0002-9139-1654","full_name":"Pietrzak, Krzysztof Z","last_name":"Pietrzak"}],"publist_id":"4748","user_id":"4435EBFC-F248-11E8-B48F-1D18A9856A87","citation":{"chicago":"Kiltz, Eike, Daniel Masny, and Krzysztof Z Pietrzak. “Simple Chosen-Ciphertext Security from Low Noise LPN,” 8383:1–18. Springer, 2014. https://doi.org/10.1007/978-3-642-54631-0_1.","ista":"Kiltz E, Masny D, Pietrzak KZ. 2014. Simple chosen-ciphertext security from low noise LPN. IACR: International Conference on Practice and Theory in Public-Key Cryptography, LNCS, vol. 8383, 1–18.","mla":"Kiltz, Eike, et al. Simple Chosen-Ciphertext Security from Low Noise LPN. Vol. 8383, Springer, 2014, pp. 1–18, doi:10.1007/978-3-642-54631-0_1.","apa":"Kiltz, E., Masny, D., & Pietrzak, K. Z. (2014). Simple chosen-ciphertext security from low noise LPN (Vol. 8383, pp. 1–18). Presented at the IACR: International Conference on Practice and Theory in Public-Key Cryptography, Springer. https://doi.org/10.1007/978-3-642-54631-0_1","ama":"Kiltz E, Masny D, Pietrzak KZ. Simple chosen-ciphertext security from low noise LPN. In: Vol 8383. Springer; 2014:1-18. doi:10.1007/978-3-642-54631-0_1","ieee":"E. Kiltz, D. Masny, and K. Z. Pietrzak, “Simple chosen-ciphertext security from low noise LPN,” presented at the IACR: International Conference on Practice and Theory in Public-Key Cryptography, 2014, vol. 8383, pp. 1–18.","short":"E. Kiltz, D. Masny, K.Z. Pietrzak, in:, Springer, 2014, pp. 1–18."},"volume":8383,"language":[{"iso":"eng"}],"publication_identifier":{"isbn":["978-364254630-3"]},"publication_status":"published","month":"03","intvolume":" 8383","scopus_import":1,"alternative_title":["LNCS"],"main_file_link":[{"url":"https://eprint.iacr.org/2015/401","open_access":"1"}],"oa_version":"Submitted Version","abstract":[{"text":"Recently, Döttling et al. (ASIACRYPT 2012) proposed the first chosen-ciphertext (IND-CCA) secure public-key encryption scheme from the learning parity with noise (LPN) assumption. In this work we give an alternative scheme which is conceptually simpler and more efficient. At the core of our construction is a trapdoor technique originally proposed for lattices by Micciancio and Peikert (EUROCRYPT 2012), which we adapt to the LPN setting. The main technical tool is a new double-trapdoor mechanism, together with a trapdoor switching lemma based on a computational variant of the leftover hash lemma.","lang":"eng"}],"department":[{"_id":"KrPi"}],"date_updated":"2021-01-12T06:56:05Z","status":"public","type":"conference","conference":{"name":"IACR: International Conference on Practice and Theory in Public-Key Cryptography"},"_id":"2219"},{"project":[{"call_identifier":"FP7","_id":"258C570E-B435-11E9-9278-68D0E5697425","name":"Provable Security for Physical Cryptography","grant_number":"259668"}],"publist_id":"4725","author":[{"first_name":"Dimitar","last_name":"Jetchev","full_name":"Jetchev, Dimitar"},{"first_name":"Krzysztof Z","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","full_name":"Pietrzak, Krzysztof Z","orcid":"0000-0002-9139-1654","last_name":"Pietrzak"}],"title":"How to fake auxiliary input","editor":[{"first_name":"Yehuda","last_name":"Lindell","full_name":"Lindell, Yehuda"}],"citation":{"mla":"Jetchev, Dimitar, and Krzysztof Z. Pietrzak. How to Fake Auxiliary Input. Edited by Yehuda Lindell, vol. 8349, Springer, 2014, pp. 566–90, doi:10.1007/978-3-642-54242-8_24.","short":"D. Jetchev, K.Z. Pietrzak, in:, Y. Lindell (Ed.), Springer, 2014, pp. 566–590.","ieee":"D. Jetchev and K. Z. Pietrzak, “How to fake auxiliary input,” presented at the TCC: Theory of Cryptography Conference, San Diego, USA, 2014, vol. 8349, pp. 566–590.","ama":"Jetchev D, Pietrzak KZ. How to fake auxiliary input. In: Lindell Y, ed. Vol 8349. Springer; 2014:566-590. doi:10.1007/978-3-642-54242-8_24","apa":"Jetchev, D., & Pietrzak, K. Z. (2014). How to fake auxiliary input. In Y. Lindell (Ed.) (Vol. 8349, pp. 566–590). Presented at the TCC: Theory of Cryptography Conference, San Diego, USA: Springer. https://doi.org/10.1007/978-3-642-54242-8_24","chicago":"Jetchev, Dimitar, and Krzysztof Z Pietrzak. “How to Fake Auxiliary Input.” edited by Yehuda Lindell, 8349:566–90. Springer, 2014. https://doi.org/10.1007/978-3-642-54242-8_24.","ista":"Jetchev D, Pietrzak KZ. 2014. How to fake auxiliary input. TCC: Theory of Cryptography Conference, LNCS, vol. 8349, 566–590."},"user_id":"4435EBFC-F248-11E8-B48F-1D18A9856A87","publisher":"Springer","quality_controlled":"1","oa":1,"page":"566 - 590","doi":"10.1007/978-3-642-54242-8_24","date_published":"2014-02-01T00:00:00Z","date_created":"2018-12-11T11:56:29Z","has_accepted_license":"1","year":"2014","day":"01","type":"conference","conference":{"end_date":"2014-02-26","location":"San Diego, USA","start_date":"2014-02-24","name":"TCC: Theory of Cryptography Conference"},"status":"public","pubrep_id":"681","_id":"2236","department":[{"_id":"KrPi"}],"file_date_updated":"2020-07-14T12:45:34Z","date_updated":"2021-01-12T06:56:12Z","ddc":["004"],"alternative_title":["LNCS"],"main_file_link":[{"url":"https://repository.ist.ac.at/id/eprint/681","open_access":"1"}],"month":"02","intvolume":" 8349","abstract":[{"text":"Consider a joint distribution (X,A) on a set. We show that for any family of distinguishers, there exists a simulator such that 1 no function in can distinguish (X,A) from (X,h(X)) with advantage ε, 2 h is only O(2 3ℓ ε -2) times less efficient than the functions in. For the most interesting settings of the parameters (in particular, the cryptographic case where X has superlogarithmic min-entropy, ε > 0 is negligible and consists of circuits of polynomial size), we can make the simulator h deterministic. As an illustrative application of our theorem, we give a new security proof for the leakage-resilient stream-cipher from Eurocrypt'09. Our proof is simpler and quantitatively much better than the original proof using the dense model theorem, giving meaningful security guarantees if instantiated with a standard blockcipher like AES. Subsequent to this work, Chung, Lui and Pass gave an interactive variant of our main theorem, and used it to investigate weak notions of Zero-Knowledge. Vadhan and Zheng give a more constructive version of our theorem using their new uniform min-max theorem.","lang":"eng"}],"oa_version":"Submitted Version","volume":8349,"ec_funded":1,"publication_identifier":{"isbn":["978-364254241-1"]},"publication_status":"published","file":[{"file_size":313528,"date_updated":"2020-07-14T12:45:34Z","creator":"system","file_name":"IST-2016-681-v1+1_869_1_.pdf","date_created":"2018-12-12T10:17:21Z","content_type":"application/pdf","relation":"main_file","access_level":"open_access","file_id":"5275","checksum":"42960325c29dcd8d832edadcc3ce0045"}],"language":[{"iso":"eng"}]},{"publist_id":"3940","author":[{"first_name":"Marc","full_name":"Fischlin, Marc","last_name":"Fischlin"},{"full_name":"Lehmann, Anja","last_name":"Lehmann","first_name":"Anja"},{"id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","first_name":"Krzysztof Z","last_name":"Pietrzak","orcid":"0000-0002-9139-1654","full_name":"Pietrzak, Krzysztof Z"}],"department":[{"_id":"KrPi"}],"title":"Robust multi-property combiners for hash functions","date_updated":"2023-02-23T11:17:53Z","citation":{"ista":"Fischlin M, Lehmann A, Pietrzak KZ. 2014. Robust multi-property combiners for hash functions. Journal of Cryptology. 27(3), 397–428.","chicago":"Fischlin, Marc, Anja Lehmann, and Krzysztof Z Pietrzak. “Robust Multi-Property Combiners for Hash Functions.” Journal of Cryptology. Springer, 2014. https://doi.org/10.1007/s00145-013-9148-7.","short":"M. Fischlin, A. Lehmann, K.Z. Pietrzak, Journal of Cryptology 27 (2014) 397–428.","ieee":"M. Fischlin, A. Lehmann, and K. Z. Pietrzak, “Robust multi-property combiners for hash functions,” Journal of Cryptology, vol. 27, no. 3. Springer, pp. 397–428, 2014.","ama":"Fischlin M, Lehmann A, Pietrzak KZ. Robust multi-property combiners for hash functions. Journal of Cryptology. 2014;27(3):397-428. doi:10.1007/s00145-013-9148-7","apa":"Fischlin, M., Lehmann, A., & Pietrzak, K. Z. (2014). Robust multi-property combiners for hash functions. Journal of Cryptology. Springer. https://doi.org/10.1007/s00145-013-9148-7","mla":"Fischlin, Marc, et al. “Robust Multi-Property Combiners for Hash Functions.” Journal of Cryptology, vol. 27, no. 3, Springer, 2014, pp. 397–428, doi:10.1007/s00145-013-9148-7."},"user_id":"3FFCCD3A-F248-11E8-B48F-1D18A9856A87","type":"journal_article","status":"public","_id":"2852","page":"397 - 428","volume":27,"doi":"10.1007/s00145-013-9148-7","issue":"3","date_published":"2014-07-01T00:00:00Z","related_material":{"record":[{"id":"3225","status":"public","relation":"earlier_version"}]},"date_created":"2018-12-11T11:59:56Z","publication_status":"published","year":"2014","day":"01","publication":"Journal of Cryptology","language":[{"iso":"eng"}],"publisher":"Springer","quality_controlled":"1","scopus_import":1,"month":"07","intvolume":" 27","abstract":[{"text":"A robust combiner for hash functions takes two candidate implementations and constructs a hash function which is secure as long as at least one of the candidates is secure. So far, hash function combiners only aim at preserving a single property such as collision-resistance or pseudorandomness. However, when hash functions are used in protocols like TLS they are often required to provide several properties simultaneously. We therefore put forward the notion of robust multi-property combiners and elaborate on different definitions for such combiners. We then propose a combiner that provably preserves (target) collision-resistance, pseudorandomness, and being a secure message authentication code. This combiner satisfies the strongest notion we propose, which requires that the combined function satisfies every security property which is satisfied by at least one of the underlying hash function. If the underlying hash functions have output length n, the combiner has output length 2 n. This basically matches a known lower bound for black-box combiners for collision-resistance only, thus the other properties can be achieved without penalizing the length of the hash values. We then propose a combiner which also preserves the property of being indifferentiable from a random oracle, slightly increasing the output length to 2 n+ω(log n). Moreover, we show how to augment our constructions in order to make them also robust for the one-wayness property, but in this case require an a priory upper bound on the input length.","lang":"eng"}],"oa_version":"None"}]