--- _id: '7411' abstract: - lang: eng text: "Proofs of sequential work (PoSW) are proof systems where a prover, upon receiving a statement χ and a time parameter T computes a proof ϕ(χ,T) which is efficiently and publicly verifiable. The proof can be computed in T sequential steps, but not much less, even by a malicious party having large parallelism. A PoSW thus serves as a proof that T units of time have passed since χ\r\n\r\nwas received.\r\n\r\nPoSW were introduced by Mahmoody, Moran and Vadhan [MMV11], a simple and practical construction was only recently proposed by Cohen and Pietrzak [CP18].\r\n\r\nIn this work we construct a new simple PoSW in the random permutation model which is almost as simple and efficient as [CP18] but conceptually very different. Whereas the structure underlying [CP18] is a hash tree, our construction is based on skip lists and has the interesting property that computing the PoSW is a reversible computation.\r\nThe fact that the construction is reversible can potentially be used for new applications like constructing proofs of replication. We also show how to “embed” the sloth function of Lenstra and Weselowski [LW17] into our PoSW to get a PoSW where one additionally can verify correctness of the output much more efficiently than recomputing it (though recent constructions of “verifiable delay functions” subsume most of the applications this construction was aiming at)." alternative_title: - LNCS article_processing_charge: No author: - first_name: Hamza M full_name: Abusalah, Hamza M id: 40297222-F248-11E8-B48F-1D18A9856A87 last_name: Abusalah - first_name: Chethan full_name: Kamath Hosdurg, Chethan id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87 last_name: Kamath Hosdurg - first_name: Karen full_name: Klein, Karen id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87 last_name: Klein - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 - first_name: Michael full_name: Walter, Michael id: 488F98B0-F248-11E8-B48F-1D18A9856A87 last_name: Walter orcid: 0000-0003-3186-2482 citation: ama: 'Abusalah HM, Kamath Hosdurg C, Klein K, Pietrzak KZ, Walter M. Reversible proofs of sequential work. In: Advances in Cryptology – EUROCRYPT 2019. Vol 11477. Springer International Publishing; 2019:277-291. doi:10.1007/978-3-030-17656-3_10' apa: 'Abusalah, H. M., Kamath Hosdurg, C., Klein, K., Pietrzak, K. Z., & Walter, M. (2019). Reversible proofs of sequential work. In Advances in Cryptology – EUROCRYPT 2019 (Vol. 11477, pp. 277–291). Darmstadt, Germany: Springer International Publishing. https://doi.org/10.1007/978-3-030-17656-3_10' chicago: Abusalah, Hamza M, Chethan Kamath Hosdurg, Karen Klein, Krzysztof Z Pietrzak, and Michael Walter. “Reversible Proofs of Sequential Work.” In Advances in Cryptology – EUROCRYPT 2019, 11477:277–91. Springer International Publishing, 2019. https://doi.org/10.1007/978-3-030-17656-3_10. ieee: H. M. Abusalah, C. Kamath Hosdurg, K. Klein, K. Z. Pietrzak, and M. Walter, “Reversible proofs of sequential work,” in Advances in Cryptology – EUROCRYPT 2019, Darmstadt, Germany, 2019, vol. 11477, pp. 277–291. ista: Abusalah HM, Kamath Hosdurg C, Klein K, Pietrzak KZ, Walter M. 2019. Reversible proofs of sequential work. Advances in Cryptology – EUROCRYPT 2019. International Conference on the Theory and Applications of Cryptographic Techniques, LNCS, vol. 11477, 277–291. mla: Abusalah, Hamza M., et al. “Reversible Proofs of Sequential Work.” Advances in Cryptology – EUROCRYPT 2019, vol. 11477, Springer International Publishing, 2019, pp. 277–91, doi:10.1007/978-3-030-17656-3_10. short: H.M. Abusalah, C. Kamath Hosdurg, K. Klein, K.Z. Pietrzak, M. Walter, in:, Advances in Cryptology – EUROCRYPT 2019, Springer International Publishing, 2019, pp. 277–291. conference: end_date: 2019-05-23 location: Darmstadt, Germany name: International Conference on the Theory and Applications of Cryptographic Techniques start_date: 2019-05-19 date_created: 2020-01-30T09:26:14Z date_published: 2019-04-24T00:00:00Z date_updated: 2023-09-06T15:26:06Z day: '24' department: - _id: KrPi doi: 10.1007/978-3-030-17656-3_10 ec_funded: 1 external_id: isi: - '000483516200010' intvolume: ' 11477' isi: 1 language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2019/252 month: '04' oa: 1 oa_version: Submitted Version page: 277-291 project: - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication: Advances in Cryptology – EUROCRYPT 2019 publication_identifier: eissn: - 1611-3349 isbn: - '9783030176556' - '9783030176563' issn: - 0302-9743 publication_status: published publisher: Springer International Publishing quality_controlled: '1' scopus_import: '1' status: public title: Reversible proofs of sequential work type: conference user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1 volume: 11477 year: '2019' ... --- _id: '6677' abstract: - lang: eng text: "The Fiat-Shamir heuristic transforms a public-coin interactive proof into a non-interactive argument, by replacing the verifier with a cryptographic hash function that is applied to the protocol’s transcript. Constructing hash functions for which this transformation is sound is a central and long-standing open question in cryptography.\r\n\r\nWe show that solving the END−OF−METERED−LINE problem is no easier than breaking the soundness of the Fiat-Shamir transformation when applied to the sumcheck protocol. In particular, if the transformed protocol is sound, then any hard problem in #P gives rise to a hard distribution in the class CLS, which is contained in PPAD. Our result opens up the possibility of sampling moderately-sized games for which it is hard to find a Nash equilibrium, by reducing the inversion of appropriately chosen one-way functions to #SAT.\r\n\r\nOur main technical contribution is a stateful incrementally verifiable procedure that, given a SAT instance over n variables, counts the number of satisfying assignments. This is accomplished via an exponential sequence of small steps, each computable in time poly(n). Incremental verifiability means that each intermediate state includes a sumcheck-based proof of its correctness, and the proof can be updated and verified in time poly(n)." article_processing_charge: No author: - first_name: Arka Rai full_name: Choudhuri, Arka Rai last_name: Choudhuri - first_name: Pavel full_name: Hubáček, Pavel last_name: Hubáček - first_name: Chethan full_name: Kamath Hosdurg, Chethan id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87 last_name: Kamath Hosdurg - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 - first_name: Alon full_name: Rosen, Alon last_name: Rosen - first_name: Guy N. full_name: Rothblum, Guy N. last_name: Rothblum citation: ama: 'Choudhuri AR, Hubáček P, Kamath Hosdurg C, Pietrzak KZ, Rosen A, Rothblum GN. Finding a Nash equilibrium is no easier than breaking Fiat-Shamir. In: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing  - STOC 2019. ACM Press; 2019:1103-1114. doi:10.1145/3313276.3316400' apa: 'Choudhuri, A. R., Hubáček, P., Kamath Hosdurg, C., Pietrzak, K. Z., Rosen, A., & Rothblum, G. N. (2019). Finding a Nash equilibrium is no easier than breaking Fiat-Shamir. In Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing  - STOC 2019 (pp. 1103–1114). Phoenix, AZ, United States: ACM Press. https://doi.org/10.1145/3313276.3316400' chicago: Choudhuri, Arka Rai, Pavel Hubáček, Chethan Kamath Hosdurg, Krzysztof Z Pietrzak, Alon Rosen, and Guy N. Rothblum. “Finding a Nash Equilibrium Is No Easier than Breaking Fiat-Shamir.” In Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing  - STOC 2019, 1103–14. ACM Press, 2019. https://doi.org/10.1145/3313276.3316400. ieee: A. R. Choudhuri, P. Hubáček, C. Kamath Hosdurg, K. Z. Pietrzak, A. Rosen, and G. N. Rothblum, “Finding a Nash equilibrium is no easier than breaking Fiat-Shamir,” in Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing  - STOC 2019, Phoenix, AZ, United States, 2019, pp. 1103–1114. ista: 'Choudhuri AR, Hubáček P, Kamath Hosdurg C, Pietrzak KZ, Rosen A, Rothblum GN. 2019. Finding a Nash equilibrium is no easier than breaking Fiat-Shamir. Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing  - STOC 2019. STOC: Symposium on Theory of Computing, 1103–1114.' mla: Choudhuri, Arka Rai, et al. “Finding a Nash Equilibrium Is No Easier than Breaking Fiat-Shamir.” Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing  - STOC 2019, ACM Press, 2019, pp. 1103–14, doi:10.1145/3313276.3316400. short: A.R. Choudhuri, P. Hubáček, C. Kamath Hosdurg, K.Z. Pietrzak, A. Rosen, G.N. Rothblum, in:, Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing  - STOC 2019, ACM Press, 2019, pp. 1103–1114. conference: end_date: 2019-06-26 location: Phoenix, AZ, United States name: 'STOC: Symposium on Theory of Computing' start_date: 2019-06-23 date_created: 2019-07-24T09:20:53Z date_published: 2019-06-01T00:00:00Z date_updated: 2023-09-07T13:15:55Z day: '01' department: - _id: KrPi doi: 10.1145/3313276.3316400 ec_funded: 1 external_id: isi: - '000523199100100' isi: 1 language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2019/549 month: '06' oa: 1 oa_version: Preprint page: 1103-1114 project: - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing - STOC 2019 publication_identifier: isbn: - '9781450367059' publication_status: published publisher: ACM Press quality_controlled: '1' related_material: record: - id: '7896' relation: dissertation_contains status: public scopus_import: '1' status: public title: Finding a Nash equilibrium is no easier than breaking Fiat-Shamir type: conference user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8 year: '2019' ... --- _id: '6430' abstract: - lang: eng text: "A proxy re-encryption (PRE) scheme is a public-key encryption scheme that allows the holder of a key pk to derive a re-encryption key for any other key \U0001D45D\U0001D458′. This re-encryption key lets anyone transform ciphertexts under pk into ciphertexts under \U0001D45D\U0001D458′ without having to know the underlying message, while transformations from \U0001D45D\U0001D458′ to pk should not be possible (unidirectional). Security is defined in a multi-user setting against an adversary that gets the users’ public keys and can ask for re-encryption keys and can corrupt users by requesting their secret keys. Any ciphertext that the adversary cannot trivially decrypt given the obtained secret and re-encryption keys should be secure.\r\n\r\nAll existing security proofs for PRE only show selective security, where the adversary must first declare the users it wants to corrupt. This can be lifted to more meaningful adaptive security by guessing the set of corrupted users among the n users, which loses a factor exponential in Open image in new window , rendering the result meaningless already for moderate Open image in new window .\r\n\r\nJafargholi et al. (CRYPTO’17) proposed a framework that in some cases allows to give adaptive security proofs for schemes which were previously only known to be selectively secure, while avoiding the exponential loss that results from guessing the adaptive choices made by an adversary. We apply their framework to PREs that satisfy some natural additional properties. Concretely, we give a more fine-grained reduction for several unidirectional PREs, proving adaptive security at a much smaller loss. The loss depends on the graph of users whose edges represent the re-encryption keys queried by the adversary. For trees and chains the loss is quasi-polynomial in the size and for general graphs it is exponential in their depth and indegree (instead of their size as for previous reductions). Fortunately, trees and low-depth graphs cover many, if not most, interesting applications.\r\n\r\nOur results apply e.g. to the bilinear-map based PRE schemes by Ateniese et al. (NDSS’05 and CT-RSA’09), Gentry’s FHE-based scheme (STOC’09) and the LWE-based scheme by Chandran et al. (PKC’14)." alternative_title: - LNCS article_processing_charge: No author: - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Chethan full_name: Kamath Hosdurg, Chethan id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87 last_name: Kamath Hosdurg - first_name: Karen full_name: Klein, Karen id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87 last_name: Klein - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 citation: ama: 'Fuchsbauer G, Kamath Hosdurg C, Klein K, Pietrzak KZ. Adaptively secure proxy re-encryption. In: Vol 11443. Springer Nature; 2019:317-346. doi:10.1007/978-3-030-17259-6_11' apa: 'Fuchsbauer, G., Kamath Hosdurg, C., Klein, K., & Pietrzak, K. Z. (2019). Adaptively secure proxy re-encryption (Vol. 11443, pp. 317–346). Presented at the PKC: Public-Key Cryptograhy, Beijing, China: Springer Nature. https://doi.org/10.1007/978-3-030-17259-6_11' chicago: Fuchsbauer, Georg, Chethan Kamath Hosdurg, Karen Klein, and Krzysztof Z Pietrzak. “Adaptively Secure Proxy Re-Encryption,” 11443:317–46. Springer Nature, 2019. https://doi.org/10.1007/978-3-030-17259-6_11. ieee: 'G. Fuchsbauer, C. Kamath Hosdurg, K. Klein, and K. Z. Pietrzak, “Adaptively secure proxy re-encryption,” presented at the PKC: Public-Key Cryptograhy, Beijing, China, 2019, vol. 11443, pp. 317–346.' ista: 'Fuchsbauer G, Kamath Hosdurg C, Klein K, Pietrzak KZ. 2019. Adaptively secure proxy re-encryption. PKC: Public-Key Cryptograhy, LNCS, vol. 11443, 317–346.' mla: Fuchsbauer, Georg, et al. Adaptively Secure Proxy Re-Encryption. Vol. 11443, Springer Nature, 2019, pp. 317–46, doi:10.1007/978-3-030-17259-6_11. short: G. Fuchsbauer, C. Kamath Hosdurg, K. Klein, K.Z. Pietrzak, in:, Springer Nature, 2019, pp. 317–346. conference: end_date: 2019-04-17 location: Beijing, China name: 'PKC: Public-Key Cryptograhy' start_date: 2019-04-14 date_created: 2019-05-13T08:13:46Z date_published: 2019-04-06T00:00:00Z date_updated: 2023-09-08T11:33:20Z day: '06' department: - _id: KrPi doi: 10.1007/978-3-030-17259-6_11 ec_funded: 1 intvolume: ' 11443' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2018/426 month: '04' oa: 1 oa_version: Preprint page: 317-346 project: - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication_identifier: eissn: - '16113349' isbn: - '9783030172589' issn: - '03029743' publication_status: published publisher: Springer Nature quality_controlled: '1' related_material: record: - id: '10035' relation: dissertation_contains status: public scopus_import: '1' status: public title: Adaptively secure proxy re-encryption type: conference user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1 volume: 11443 year: '2019' ... --- _id: '10286' abstract: - lang: eng text: 'In this paper, we evaluate clock signals generated in ring oscillators and self-timed rings and the way their jitter can be transformed into random numbers. We show that counting the periods of the jittery clock signal produces random numbers of significantly better quality than the methods in which the jittery signal is simply sampled (the case in almost all current methods). Moreover, we use the counter values to characterize and continuously monitor the source of randomness. However, instead of using the widely used statistical variance, we propose to use Allan variance to do so. There are two main advantages: Allan variance is insensitive to low frequency noises such as flicker noise that are known to be autocorrelated and significantly less circuitry is required for its computation than that used to compute commonly used variance. We also show that it is essential to use a differential principle of randomness extraction from the jitter based on the use of two identical oscillators to avoid autocorrelations originating from external and internal global jitter sources and that this fact is valid for both kinds of rings. Last but not least, we propose a method of statistical testing based on high order Markov model to show the reduced dependencies when the proposed randomness extraction is applied.' article_processing_charge: No article_type: original author: - first_name: Elie Noumon full_name: Allini, Elie Noumon last_name: Allini - first_name: Maciej full_name: Skórski, Maciej id: EC09FA6A-02D0-11E9-8223-86B7C91467DD last_name: Skórski - first_name: Oto full_name: Petura, Oto last_name: Petura - first_name: Florent full_name: Bernard, Florent last_name: Bernard - first_name: Marek full_name: Laban, Marek last_name: Laban - first_name: Viktor full_name: Fischer, Viktor last_name: Fischer citation: ama: Allini EN, Skórski M, Petura O, Bernard F, Laban M, Fischer V. Evaluation and monitoring of free running oscillators serving as source of randomness. IACR Transactions on Cryptographic Hardware and Embedded Systems. 2018;2018(3):214-242. doi:10.13154/tches.v2018.i3.214-242 apa: Allini, E. N., Skórski, M., Petura, O., Bernard, F., Laban, M., & Fischer, V. (2018). Evaluation and monitoring of free running oscillators serving as source of randomness. IACR Transactions on Cryptographic Hardware and Embedded Systems. International Association for Cryptologic Research. https://doi.org/10.13154/tches.v2018.i3.214-242 chicago: Allini, Elie Noumon, Maciej Skórski, Oto Petura, Florent Bernard, Marek Laban, and Viktor Fischer. “Evaluation and Monitoring of Free Running Oscillators Serving as Source of Randomness.” IACR Transactions on Cryptographic Hardware and Embedded Systems. International Association for Cryptologic Research, 2018. https://doi.org/10.13154/tches.v2018.i3.214-242. ieee: E. N. Allini, M. Skórski, O. Petura, F. Bernard, M. Laban, and V. Fischer, “Evaluation and monitoring of free running oscillators serving as source of randomness,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 3. International Association for Cryptologic Research, pp. 214–242, 2018. ista: Allini EN, Skórski M, Petura O, Bernard F, Laban M, Fischer V. 2018. Evaluation and monitoring of free running oscillators serving as source of randomness. IACR Transactions on Cryptographic Hardware and Embedded Systems. 2018(3), 214–242. mla: Allini, Elie Noumon, et al. “Evaluation and Monitoring of Free Running Oscillators Serving as Source of Randomness.” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 3, International Association for Cryptologic Research, 2018, pp. 214–42, doi:10.13154/tches.v2018.i3.214-242. short: E.N. Allini, M. Skórski, O. Petura, F. Bernard, M. Laban, V. Fischer, IACR Transactions on Cryptographic Hardware and Embedded Systems 2018 (2018) 214–242. date_created: 2021-11-14T23:01:25Z date_published: 2018-01-01T00:00:00Z date_updated: 2021-11-15T10:48:49Z day: '01' ddc: - '000' department: - _id: KrPi doi: 10.13154/tches.v2018.i3.214-242 file: - access_level: open_access checksum: b816b848f046c48a8357700d9305dce5 content_type: application/pdf creator: cchlebak date_created: 2021-11-15T10:27:29Z date_updated: 2021-11-15T10:27:29Z file_id: '10289' file_name: 2018_IACR_Allini.pdf file_size: 955755 relation: main_file success: 1 file_date_updated: 2021-11-15T10:27:29Z has_accepted_license: '1' intvolume: ' 2018' issue: '3' language: - iso: eng month: '01' oa: 1 oa_version: Published Version page: 214-242 publication: IACR Transactions on Cryptographic Hardware and Embedded Systems publication_identifier: eissn: - 2569-2925 publication_status: published publisher: International Association for Cryptologic Research quality_controlled: '1' scopus_import: '1' status: public title: Evaluation and monitoring of free running oscillators serving as source of randomness tmp: image: /images/cc_by.png legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0) short: CC BY (4.0) type: journal_article user_id: 8b945eb4-e2f2-11eb-945a-df72226e66a9 volume: 2018 year: '2018' ... --- _id: '7407' abstract: - lang: eng text: 'Proofs of space (PoS) [Dziembowski et al., CRYPTO''15] are proof systems where a prover can convince a verifier that he "wastes" disk space. PoS were introduced as a more ecological and economical replacement for proofs of work which are currently used to secure blockchains like Bitcoin. In this work we investigate extensions of PoS which allow the prover to embed useful data into the dedicated space, which later can be recovered. Our first contribution is a security proof for the original PoS from CRYPTO''15 in the random oracle model (the original proof only applied to a restricted class of adversaries which can store a subset of the data an honest prover would store). When this PoS is instantiated with recent constructions of maximally depth robust graphs, our proof implies basically optimal security. As a second contribution we show three different extensions of this PoS where useful data can be embedded into the space required by the prover. Our security proof for the PoS extends (non-trivially) to these constructions. We discuss how some of these variants can be used as proofs of catalytic space (PoCS), a notion we put forward in this work, and which basically is a PoS where most of the space required by the prover can be used to backup useful data. Finally we discuss how one of the extensions is a candidate construction for a proof of replication (PoR), a proof system recently suggested in the Filecoin whitepaper. ' alternative_title: - LIPIcs article_processing_charge: No author: - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 citation: ama: 'Pietrzak KZ. Proofs of catalytic space. In: 10th Innovations in Theoretical Computer Science  Conference (ITCS 2019). Vol 124. Schloss Dagstuhl - Leibniz-Zentrum für Informatik; 2018:59:1-59:25. doi:10.4230/LIPICS.ITCS.2019.59' apa: 'Pietrzak, K. Z. (2018). Proofs of catalytic space. In 10th Innovations in Theoretical Computer Science  Conference (ITCS 2019) (Vol. 124, p. 59:1-59:25). San Diego, CA, United States: Schloss Dagstuhl - Leibniz-Zentrum für Informatik. https://doi.org/10.4230/LIPICS.ITCS.2019.59' chicago: Pietrzak, Krzysztof Z. “Proofs of Catalytic Space.” In 10th Innovations in Theoretical Computer Science  Conference (ITCS 2019), 124:59:1-59:25. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2018. https://doi.org/10.4230/LIPICS.ITCS.2019.59. ieee: K. Z. Pietrzak, “Proofs of catalytic space,” in 10th Innovations in Theoretical Computer Science  Conference (ITCS 2019), San Diego, CA, United States, 2018, vol. 124, p. 59:1-59:25. ista: 'Pietrzak KZ. 2018. Proofs of catalytic space. 10th Innovations in Theoretical Computer Science  Conference (ITCS 2019). ITCS: Innovations in theoretical Computer Science Conference, LIPIcs, vol. 124, 59:1-59:25.' mla: Pietrzak, Krzysztof Z. “Proofs of Catalytic Space.” 10th Innovations in Theoretical Computer Science  Conference (ITCS 2019), vol. 124, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2018, p. 59:1-59:25, doi:10.4230/LIPICS.ITCS.2019.59. short: K.Z. Pietrzak, in:, 10th Innovations in Theoretical Computer Science  Conference (ITCS 2019), Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2018, p. 59:1-59:25. conference: end_date: 2019-01-12 location: San Diego, CA, United States name: 'ITCS: Innovations in theoretical Computer Science Conference' start_date: 2019-01-10 date_created: 2020-01-30T09:16:05Z date_published: 2018-12-31T00:00:00Z date_updated: 2021-01-12T08:13:26Z day: '31' ddc: - '000' department: - _id: KrPi doi: 10.4230/LIPICS.ITCS.2019.59 ec_funded: 1 file: - access_level: open_access checksum: 5cebb7f7849a3beda898f697d755dd96 content_type: application/pdf creator: dernst date_created: 2020-02-04T08:17:52Z date_updated: 2020-07-14T12:47:57Z file_id: '7443' file_name: 2018_LIPIcs_Pietrzak.pdf file_size: 822884 relation: main_file file_date_updated: 2020-07-14T12:47:57Z has_accepted_license: '1' intvolume: ' 124' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2018/194 month: '12' oa: 1 oa_version: Published Version page: 59:1-59:25 project: - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication: 10th Innovations in Theoretical Computer Science Conference (ITCS 2019) publication_identifier: isbn: - 978-3-95977-095-8 issn: - 1868-8969 publication_status: published publisher: Schloss Dagstuhl - Leibniz-Zentrum für Informatik quality_controlled: '1' scopus_import: 1 status: public title: Proofs of catalytic space tmp: image: /images/cc_by.png legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0) short: CC BY (4.0) type: conference user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 volume: 124 year: '2018' ... --- _id: '83' abstract: - lang: eng text: "A proof system is a protocol between a prover and a verifier over a common input in which an honest prover convinces the verifier of the validity of true statements. Motivated by the success of decentralized cryptocurrencies, exemplified by Bitcoin, the focus of this thesis will be on proof systems which found applications in some sustainable alternatives to Bitcoin, such as the Spacemint and Chia cryptocurrencies. In particular, we focus on proofs of space and proofs of sequential work.\r\nProofs of space (PoSpace) were suggested as more ecological, economical, and egalitarian alternative to the energy-wasteful proof-of-work mining of Bitcoin. However, the state-of-the-art constructions of PoSpace are based on sophisticated graph pebbling lower bounds, and are therefore complex. Moreover, when these PoSpace are used in cryptocurrencies like Spacemint, miners can only start mining after ensuring that a commitment to their space is already added in a special transaction to the blockchain. Proofs of sequential work (PoSW) are proof systems in which a prover, upon receiving a statement x and a time parameter T, computes a proof which convinces the verifier that T time units had passed since x was received. Whereas Spacemint assumes synchrony to retain some interesting Bitcoin dynamics, Chia requires PoSW with unique proofs, i.e., PoSW in which it is hard to come up with more than one accepting proof for any true statement. In this thesis we construct simple and practically-efficient PoSpace and PoSW. When using our PoSpace in cryptocurrencies, miners can start mining on the fly, like in Bitcoin, and unlike current constructions of PoSW, which either achieve efficient verification of sequential work, or faster-than-recomputing verification of correctness of proofs, but not both at the same time, ours achieve the best of these two worlds." alternative_title: - ISTA Thesis article_processing_charge: No author: - first_name: Hamza M full_name: Abusalah, Hamza M id: 40297222-F248-11E8-B48F-1D18A9856A87 last_name: Abusalah citation: ama: Abusalah HM. Proof systems for sustainable decentralized cryptocurrencies. 2018. doi:10.15479/AT:ISTA:TH_1046 apa: Abusalah, H. M. (2018). Proof systems for sustainable decentralized cryptocurrencies. Institute of Science and Technology Austria. https://doi.org/10.15479/AT:ISTA:TH_1046 chicago: Abusalah, Hamza M. “Proof Systems for Sustainable Decentralized Cryptocurrencies.” Institute of Science and Technology Austria, 2018. https://doi.org/10.15479/AT:ISTA:TH_1046. ieee: H. M. Abusalah, “Proof systems for sustainable decentralized cryptocurrencies,” Institute of Science and Technology Austria, 2018. ista: Abusalah HM. 2018. Proof systems for sustainable decentralized cryptocurrencies. Institute of Science and Technology Austria. mla: Abusalah, Hamza M. Proof Systems for Sustainable Decentralized Cryptocurrencies. Institute of Science and Technology Austria, 2018, doi:10.15479/AT:ISTA:TH_1046. short: H.M. Abusalah, Proof Systems for Sustainable Decentralized Cryptocurrencies, Institute of Science and Technology Austria, 2018. date_created: 2018-12-11T11:44:32Z date_published: 2018-09-05T00:00:00Z date_updated: 2023-09-07T12:30:23Z day: '05' ddc: - '004' degree_awarded: PhD department: - _id: KrPi doi: 10.15479/AT:ISTA:TH_1046 ec_funded: 1 file: - access_level: open_access checksum: c4b5f7d111755d1396787f41886fc674 content_type: application/pdf creator: dernst date_created: 2019-04-09T06:43:41Z date_updated: 2020-07-14T12:48:11Z file_id: '6245' file_name: 2018_Thesis_Abusalah.pdf file_size: 876241 relation: main_file - access_level: closed checksum: 0f382ac56b471c48fd907d63eb87dafe content_type: application/x-gzip creator: dernst date_created: 2019-04-09T06:43:41Z date_updated: 2020-07-14T12:48:11Z file_id: '6246' file_name: 2018_Thesis_Abusalah_source.tar.gz file_size: 2029190 relation: source_file file_date_updated: 2020-07-14T12:48:11Z has_accepted_license: '1' language: - iso: eng month: '09' oa: 1 oa_version: Published Version page: '59' project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication_identifier: issn: - 2663-337X publication_status: published publisher: Institute of Science and Technology Austria publist_id: '7971' pubrep_id: '1046' related_material: record: - id: '1229' relation: part_of_dissertation status: public - id: '1235' relation: part_of_dissertation status: public - id: '1236' relation: part_of_dissertation status: public - id: '559' relation: part_of_dissertation status: public status: public supervisor: - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 title: Proof systems for sustainable decentralized cryptocurrencies type: dissertation user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1 year: '2018' ... --- _id: '108' abstract: - lang: eng text: Universal hashing found a lot of applications in computer science. In cryptography the most important fact about universal families is the so called Leftover Hash Lemma, proved by Impagliazzo, Levin and Luby. In the language of modern cryptography it states that almost universal families are good extractors. In this work we provide a somewhat surprising characterization in the opposite direction. Namely, every extractor with sufficiently good parameters yields a universal family on a noticeable fraction of its inputs. Our proof technique is based on tools from extremal graph theory applied to the \'collision graph\' induced by the extractor, and may be of independent interest. We discuss possible applications to the theory of randomness extractors and non-malleable codes. alternative_title: - ISIT Proceedings article_processing_charge: No author: - first_name: Marciej full_name: Obremski, Marciej last_name: Obremski - first_name: Maciej full_name: Skorski, Maciej id: EC09FA6A-02D0-11E9-8223-86B7C91467DD last_name: Skorski citation: ama: 'Obremski M, Skórski M. Inverted leftover hash lemma. In: Vol 2018. IEEE; 2018. doi:10.1109/ISIT.2018.8437654' apa: 'Obremski, M., & Skórski, M. (2018). Inverted leftover hash lemma (Vol. 2018). Presented at the ISIT: International Symposium on Information Theory, Vail, CO, USA: IEEE. https://doi.org/10.1109/ISIT.2018.8437654' chicago: Obremski, Marciej, and Maciej Skórski. “Inverted Leftover Hash Lemma,” Vol. 2018. IEEE, 2018. https://doi.org/10.1109/ISIT.2018.8437654. ieee: 'M. Obremski and M. Skórski, “Inverted leftover hash lemma,” presented at the ISIT: International Symposium on Information Theory, Vail, CO, USA, 2018, vol. 2018.' ista: 'Obremski M, Skórski M. 2018. Inverted leftover hash lemma. ISIT: International Symposium on Information Theory, ISIT Proceedings, vol. 2018.' mla: Obremski, Marciej, and Maciej Skórski. Inverted Leftover Hash Lemma. Vol. 2018, IEEE, 2018, doi:10.1109/ISIT.2018.8437654. short: M. Obremski, M. Skórski, in:, IEEE, 2018. conference: end_date: 2018-06-22 location: Vail, CO, USA name: 'ISIT: International Symposium on Information Theory' start_date: '2018-06-17 ' date_created: 2018-12-11T11:44:40Z date_published: 2018-08-16T00:00:00Z date_updated: 2023-09-13T08:23:18Z day: '16' department: - _id: KrPi doi: 10.1109/ISIT.2018.8437654 external_id: isi: - '000448139300368' intvolume: ' 2018' isi: 1 language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2017/507 month: '08' oa: 1 oa_version: Submitted Version publication_status: published publisher: IEEE publist_id: '7946' quality_controlled: '1' scopus_import: '1' status: public title: Inverted leftover hash lemma type: conference user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1 volume: 2018 year: '2018' ... --- _id: '107' abstract: - lang: eng text: 'We introduce the notion of “non-malleable codes” which relaxes the notion of error correction and error detection. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message, or a completely unrelated value. In contrast to error correction and error detection, non-malleability can be achieved for very rich classes of modifications. We construct an efficient code that is non-malleable with respect to modifications that affect each bit of the codeword arbitrarily (i.e., leave it untouched, flip it, or set it to either 0 or 1), but independently of the value of the other bits of the codeword. Using the probabilistic method, we also show a very strong and general statement: there exists a non-malleable code for every “small enough” family F of functions via which codewords can be modified. Although this probabilistic method argument does not directly yield efficient constructions, it gives us efficient non-malleable codes in the random-oracle model for very general classes of tampering functions—e.g., functions where every bit in the tampered codeword can depend arbitrarily on any 99% of the bits in the original codeword. As an application of non-malleable codes, we show that they provide an elegant algorithmic solution to the task of protecting functionalities implemented in hardware (e.g., signature cards) against “tampering attacks.” In such attacks, the secret state of a physical system is tampered, in the hopes that future interaction with the modified system will reveal some secret information. This problem was previously studied in the work of Gennaro et al. in 2004 under the name “algorithmic tamper proof security” (ATP). We show that non-malleable codes can be used to achieve important improvements over the prior work. In particular, we show that any functionality can be made secure against a large class of tampering attacks, simply by encoding the secret state with a non-malleable code while it is stored in memory.' article_number: '20' article_processing_charge: No article_type: original author: - first_name: Stefan full_name: Dziembowski, Stefan last_name: Dziembowski - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 - first_name: Daniel full_name: Wichs, Daniel last_name: Wichs citation: ama: Dziembowski S, Pietrzak KZ, Wichs D. Non-malleable codes. Journal of the ACM. 2018;65(4). doi:10.1145/3178432 apa: Dziembowski, S., Pietrzak, K. Z., & Wichs, D. (2018). Non-malleable codes. Journal of the ACM. ACM. https://doi.org/10.1145/3178432 chicago: Dziembowski, Stefan, Krzysztof Z Pietrzak, and Daniel Wichs. “Non-Malleable Codes.” Journal of the ACM. ACM, 2018. https://doi.org/10.1145/3178432. ieee: S. Dziembowski, K. Z. Pietrzak, and D. Wichs, “Non-malleable codes,” Journal of the ACM, vol. 65, no. 4. ACM, 2018. ista: Dziembowski S, Pietrzak KZ, Wichs D. 2018. Non-malleable codes. Journal of the ACM. 65(4), 20. mla: Dziembowski, Stefan, et al. “Non-Malleable Codes.” Journal of the ACM, vol. 65, no. 4, 20, ACM, 2018, doi:10.1145/3178432. short: S. Dziembowski, K.Z. Pietrzak, D. Wichs, Journal of the ACM 65 (2018). date_created: 2018-12-11T11:44:40Z date_published: 2018-08-01T00:00:00Z date_updated: 2023-09-13T09:05:17Z day: '01' department: - _id: KrPi doi: 10.1145/3178432 ec_funded: 1 external_id: isi: - '000442938200004' intvolume: ' 65' isi: 1 issue: '4' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2009/608 month: '08' oa: 1 oa_version: Preprint project: - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication: Journal of the ACM publication_status: published publisher: ACM publist_id: '7947' quality_controlled: '1' scopus_import: '1' status: public title: Non-malleable codes type: journal_article user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1 volume: 65 year: '2018' ... --- _id: '193' abstract: - lang: eng text: 'We show attacks on five data-independent memory-hard functions (iMHF) that were submitted to the password hashing competition (PHC). Informally, an MHF is a function which cannot be evaluated on dedicated hardware, like ASICs, at significantly lower hardware and/or energy cost than evaluating a single instance on a standard single-core architecture. Data-independent means the memory access pattern of the function is independent of the input; this makes iMHFs harder to construct than data-dependent ones, but the latter can be attacked by various side-channel attacks. Following [Alwen-Blocki''16], we capture the evaluation of an iMHF as a directed acyclic graph (DAG). The cumulative parallel pebbling complexity of this DAG is a measure for the hardware cost of evaluating the iMHF on an ASIC. Ideally, one would like the complexity of a DAG underlying an iMHF to be as close to quadratic in the number of nodes of the graph as possible. Instead, we show that (the DAGs underlying) the following iMHFs are far from this bound: Rig.v2, TwoCats and Gambit each having an exponent no more than 1.75. Moreover, we show that the complexity of the iMHF modes of the PHC finalists Pomelo and Lyra2 have exponents at most 1.83 and 1.67 respectively. To show this we investigate a combinatorial property of each underlying DAG (called its depth-robustness. By establishing upper bounds on this property we are then able to apply the general technique of [Alwen-Block''16] for analyzing the hardware costs of an iMHF.' acknowledgement: Leonid Reyzin was supported in part by IST Austria and by US NSF grants 1012910, 1012798, and 1422965; this research was performed while he was visiting IST Austria. article_processing_charge: No author: - first_name: Joel F full_name: Alwen, Joel F id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87 last_name: Alwen - first_name: Peter full_name: Gazi, Peter last_name: Gazi - first_name: Chethan full_name: Kamath Hosdurg, Chethan id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87 last_name: Kamath Hosdurg - first_name: Karen full_name: Klein, Karen id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87 last_name: Klein - first_name: Georg F full_name: Osang, Georg F id: 464B40D6-F248-11E8-B48F-1D18A9856A87 last_name: Osang orcid: 0000-0002-8882-5116 - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 - first_name: Lenoid full_name: Reyzin, Lenoid last_name: Reyzin - first_name: Michal full_name: Rolinek, Michal id: 3CB3BC06-F248-11E8-B48F-1D18A9856A87 last_name: Rolinek - first_name: Michal full_name: Rybar, Michal id: 2B3E3DE8-F248-11E8-B48F-1D18A9856A87 last_name: Rybar citation: ama: 'Alwen JF, Gazi P, Kamath Hosdurg C, et al. On the memory hardness of data independent password hashing functions. In: Proceedings of the 2018 on Asia Conference on Computer and Communication Security. ACM; 2018:51-65. doi:10.1145/3196494.3196534' apa: 'Alwen, J. F., Gazi, P., Kamath Hosdurg, C., Klein, K., Osang, G. F., Pietrzak, K. Z., … Rybar, M. (2018). On the memory hardness of data independent password hashing functions. In Proceedings of the 2018 on Asia Conference on Computer and Communication Security (pp. 51–65). Incheon, Republic of Korea: ACM. https://doi.org/10.1145/3196494.3196534' chicago: Alwen, Joel F, Peter Gazi, Chethan Kamath Hosdurg, Karen Klein, Georg F Osang, Krzysztof Z Pietrzak, Lenoid Reyzin, Michal Rolinek, and Michal Rybar. “On the Memory Hardness of Data Independent Password Hashing Functions.” In Proceedings of the 2018 on Asia Conference on Computer and Communication Security, 51–65. ACM, 2018. https://doi.org/10.1145/3196494.3196534. ieee: J. F. Alwen et al., “On the memory hardness of data independent password hashing functions,” in Proceedings of the 2018 on Asia Conference on Computer and Communication Security, Incheon, Republic of Korea, 2018, pp. 51–65. ista: 'Alwen JF, Gazi P, Kamath Hosdurg C, Klein K, Osang GF, Pietrzak KZ, Reyzin L, Rolinek M, Rybar M. 2018. On the memory hardness of data independent password hashing functions. Proceedings of the 2018 on Asia Conference on Computer and Communication Security. ASIACCS: Asia Conference on Computer and Communications Security , 51–65.' mla: Alwen, Joel F., et al. “On the Memory Hardness of Data Independent Password Hashing Functions.” Proceedings of the 2018 on Asia Conference on Computer and Communication Security, ACM, 2018, pp. 51–65, doi:10.1145/3196494.3196534. short: J.F. Alwen, P. Gazi, C. Kamath Hosdurg, K. Klein, G.F. Osang, K.Z. Pietrzak, L. Reyzin, M. Rolinek, M. Rybar, in:, Proceedings of the 2018 on Asia Conference on Computer and Communication Security, ACM, 2018, pp. 51–65. conference: end_date: 2018-06-08 location: Incheon, Republic of Korea name: 'ASIACCS: Asia Conference on Computer and Communications Security ' start_date: 2018-06-04 date_created: 2018-12-11T11:45:07Z date_published: 2018-06-01T00:00:00Z date_updated: 2023-09-13T09:13:12Z day: '01' department: - _id: KrPi - _id: HeEd - _id: VlKo doi: 10.1145/3196494.3196534 ec_funded: 1 external_id: isi: - '000516620100005' isi: 1 language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2016/783 month: '06' oa: 1 oa_version: Submitted Version page: 51 - 65 project: - _id: 25FBA906-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '616160' name: 'Discrete Optimization in Computer Vision: Theory and Practice' - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication: Proceedings of the 2018 on Asia Conference on Computer and Communication Security publication_status: published publisher: ACM publist_id: '7723' quality_controlled: '1' scopus_import: '1' status: public title: On the memory hardness of data independent password hashing functions type: conference user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1 year: '2018' ... --- _id: '300' abstract: - lang: eng text: We introduce a formal quantitative notion of “bit security” for a general type of cryptographic games (capturing both decision and search problems), aimed at capturing the intuition that a cryptographic primitive with k-bit security is as hard to break as an ideal cryptographic function requiring a brute force attack on a k-bit key space. Our new definition matches the notion of bit security commonly used by cryptographers and cryptanalysts when studying search (e.g., key recovery) problems, where the use of the traditional definition is well established. However, it produces a quantitatively different metric in the case of decision (indistinguishability) problems, where the use of (a straightforward generalization of) the traditional definition is more problematic and leads to a number of paradoxical situations or mismatches between theoretical/provable security and practical/common sense intuition. Key to our new definition is to consider adversaries that may explicitly declare failure of the attack. We support and justify the new definition by proving a number of technical results, including tight reductions between several standard cryptographic problems, a new hybrid theorem that preserves bit security, and an application to the security analysis of indistinguishability primitives making use of (approximate) floating point numbers. This is the first result showing that (standard precision) 53-bit floating point numbers can be used to achieve 100-bit security in the context of cryptographic primitives with general indistinguishability-based security definitions. Previous results of this type applied only to search problems, or special types of decision problems. acknowledgement: Research supported in part by the Defense Advanced Research Projects Agency (DARPA) and the U.S. Army Research Office under the SafeWare program. Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views, position or policy of the Government. The second author was also supported by the European Research Council, ERC consolidator grant (682815 - TOCNeT). alternative_title: - LNCS article_processing_charge: No author: - first_name: Daniele full_name: Micciancio, Daniele last_name: Micciancio - first_name: Michael full_name: Walter, Michael id: 488F98B0-F248-11E8-B48F-1D18A9856A87 last_name: Walter orcid: 0000-0003-3186-2482 citation: ama: 'Micciancio D, Walter M. On the bit security of cryptographic primitives. In: Vol 10820. Springer; 2018:3-28. doi:10.1007/978-3-319-78381-9_1' apa: 'Micciancio, D., & Walter, M. (2018). On the bit security of cryptographic primitives (Vol. 10820, pp. 3–28). Presented at the Eurocrypt: Advances in Cryptology, Tel Aviv, Israel: Springer. https://doi.org/10.1007/978-3-319-78381-9_1' chicago: Micciancio, Daniele, and Michael Walter. “On the Bit Security of Cryptographic Primitives,” 10820:3–28. Springer, 2018. https://doi.org/10.1007/978-3-319-78381-9_1. ieee: 'D. Micciancio and M. Walter, “On the bit security of cryptographic primitives,” presented at the Eurocrypt: Advances in Cryptology, Tel Aviv, Israel, 2018, vol. 10820, pp. 3–28.' ista: 'Micciancio D, Walter M. 2018. On the bit security of cryptographic primitives. Eurocrypt: Advances in Cryptology, LNCS, vol. 10820, 3–28.' mla: Micciancio, Daniele, and Michael Walter. On the Bit Security of Cryptographic Primitives. Vol. 10820, Springer, 2018, pp. 3–28, doi:10.1007/978-3-319-78381-9_1. short: D. Micciancio, M. Walter, in:, Springer, 2018, pp. 3–28. conference: end_date: 2018-05-03 location: Tel Aviv, Israel name: 'Eurocrypt: Advances in Cryptology' start_date: 2018-04-29 date_created: 2018-12-11T11:45:42Z date_published: 2018-03-31T00:00:00Z date_updated: 2023-09-13T09:12:04Z day: '31' department: - _id: KrPi doi: 10.1007/978-3-319-78381-9_1 ec_funded: 1 external_id: isi: - '000517097500001' intvolume: ' 10820' isi: 1 language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2018/077 month: '03' oa: 1 oa_version: Submitted Version page: 3 - 28 project: - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication_status: published publisher: Springer publist_id: '7581' quality_controlled: '1' scopus_import: '1' status: public title: On the bit security of cryptographic primitives type: conference user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1 volume: 10820 year: '2018' ...