---
_id: '1653'
abstract:
- lang: eng
text: "A somewhere statistically binding (SSB) hash, introduced by Hubáček and Wichs
(ITCS ’15), can be used to hash a long string x to a short digest y = H hk (x)
using a public hashing-key hk. Furthermore, there is a way to set up the hash
key hk to make it statistically binding on some arbitrary hidden position i, meaning
that: (1) the digest y completely determines the i’th bit (or symbol) of x so
that all pre-images of y have the same value in the i’th position, (2) it is computationally
infeasible to distinguish the position i on which hk is statistically binding
from any other position i’. Lastly, the hash should have a local opening property
analogous to Merkle-Tree hashing, meaning that given x and y = H hk (x) it should
be possible to create a short proof π that certifies the value of the i’th bit
(or symbol) of x without having to provide the entire input x. A similar primitive
called a positional accumulator, introduced by Koppula, Lewko and Waters (STOC
’15) further supports dynamic updates of the hashed value. These tools, which
are interesting in their own right, also serve as one of the main technical components
in several recent works building advanced applications from indistinguishability
obfuscation (iO).\r\n\r\nThe prior constructions of SSB hashing and positional
accumulators required fully homomorphic encryption (FHE) and iO respectively.
In this work, we give new constructions of these tools based on well studied number-theoretic
assumptions such as DDH, Phi-Hiding and DCR, as well as a general construction
from lossy/injective functions."
alternative_title:
- LNCS
author:
- first_name: Tatsuaki
full_name: Okamoto, Tatsuaki
last_name: Okamoto
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Brent
full_name: Waters, Brent
last_name: Waters
- first_name: Daniel
full_name: Wichs, Daniel
last_name: Wichs
citation:
ama: 'Okamoto T, Pietrzak KZ, Waters B, Wichs D. New realizations of somewhere statistically
binding hashing and positional accumulators. In: Vol 9452. Springer; 2016:121-145.
doi:10.1007/978-3-662-48797-6_6'
apa: 'Okamoto, T., Pietrzak, K. Z., Waters, B., & Wichs, D. (2016). New realizations
of somewhere statistically binding hashing and positional accumulators (Vol. 9452,
pp. 121–145). Presented at the ASIACRYPT: Theory and Application of Cryptology
and Information Security, Auckland, New Zealand: Springer. https://doi.org/10.1007/978-3-662-48797-6_6'
chicago: Okamoto, Tatsuaki, Krzysztof Z Pietrzak, Brent Waters, and Daniel Wichs.
“New Realizations of Somewhere Statistically Binding Hashing and Positional Accumulators,”
9452:121–45. Springer, 2016. https://doi.org/10.1007/978-3-662-48797-6_6.
ieee: 'T. Okamoto, K. Z. Pietrzak, B. Waters, and D. Wichs, “New realizations of
somewhere statistically binding hashing and positional accumulators,” presented
at the ASIACRYPT: Theory and Application of Cryptology and Information Security,
Auckland, New Zealand, 2016, vol. 9452, pp. 121–145.'
ista: 'Okamoto T, Pietrzak KZ, Waters B, Wichs D. 2016. New realizations of somewhere
statistically binding hashing and positional accumulators. ASIACRYPT: Theory and
Application of Cryptology and Information Security, LNCS, vol. 9452, 121–145.'
mla: Okamoto, Tatsuaki, et al. New Realizations of Somewhere Statistically Binding
Hashing and Positional Accumulators. Vol. 9452, Springer, 2016, pp. 121–45,
doi:10.1007/978-3-662-48797-6_6.
short: T. Okamoto, K.Z. Pietrzak, B. Waters, D. Wichs, in:, Springer, 2016, pp.
121–145.
conference:
end_date: 2015-12-03
location: Auckland, New Zealand
name: 'ASIACRYPT: Theory and Application of Cryptology and Information Security'
start_date: 2015-11-29
date_created: 2018-12-11T11:53:16Z
date_published: 2016-01-08T00:00:00Z
date_updated: 2021-01-12T06:52:16Z
day: '08'
ddc:
- '000'
department:
- _id: KrPi
doi: 10.1007/978-3-662-48797-6_6
ec_funded: 1
file:
- access_level: open_access
checksum: a57711cb660c5b17b42bb47275a00180
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:12:05Z
date_updated: 2020-07-14T12:45:08Z
file_id: '4923'
file_name: IST-2016-677-v1+1_869.pdf
file_size: 580088
relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: ' 9452'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Submitted Version
page: 121 - 145
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5497'
pubrep_id: '677'
quality_controlled: '1'
scopus_import: 1
status: public
title: New realizations of somewhere statistically binding hashing and positional
accumulators
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9452
year: '2016'
...
---
_id: '1479'
abstract:
- lang: eng
text: "Most entropy notions H(.) like Shannon or min-entropy satisfy a chain rule
stating that for random variables X,Z, and A we have H(X|Z,A)≥H(X|Z)−|A|. That
is, by conditioning on A the entropy of X can decrease by at most the bitlength
|A| of A. Such chain rules are known to hold for some computational entropy notions
like Yao’s and unpredictability-entropy. For HILL entropy, the computational analogue
of min-entropy, the chain rule is of special interest and has found many applications,
including leakage-resilient cryptography, deterministic encryption, and memory
delegation. These applications rely on restricted special cases of the chain rule.
Whether the chain rule for conditional HILL entropy holds in general was an open
problem for which we give a strong negative answer: we construct joint distributions
(X,Z,A), where A is a distribution over a single bit, such that the HILL entropy
H HILL (X|Z) is large but H HILL (X|Z,A) is basically zero.\r\n\r\nOur counterexample
just makes the minimal assumption that NP⊈P/poly. Under the stronger assumption
that injective one-way function exist, we can make all the distributions efficiently
samplable.\r\n\r\nFinally, we show that some more sophisticated cryptographic
objects like lossy functions can be used to sample a distribution constituting
a counterexample to the chain rule making only a single invocation to the underlying
object."
acknowledgement: "This work was partly funded by the European Research Council under
ERC Starting Grant 259668-PSPC and ERC Advanced Grant 321310-PERCY.\r\n"
author:
- first_name: Stephan
full_name: Krenn, Stephan
id: 329FCCF0-F248-11E8-B48F-1D18A9856A87
last_name: Krenn
orcid: 0000-0003-2835-9093
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Akshay
full_name: Wadia, Akshay
last_name: Wadia
- first_name: Daniel
full_name: Wichs, Daniel
last_name: Wichs
citation:
ama: Krenn S, Pietrzak KZ, Wadia A, Wichs D. A counterexample to the chain rule
for conditional HILL entropy. Computational Complexity. 2016;25(3):567-605.
doi:10.1007/s00037-015-0120-9
apa: Krenn, S., Pietrzak, K. Z., Wadia, A., & Wichs, D. (2016). A counterexample
to the chain rule for conditional HILL entropy. Computational Complexity.
Springer. https://doi.org/10.1007/s00037-015-0120-9
chicago: Krenn, Stephan, Krzysztof Z Pietrzak, Akshay Wadia, and Daniel Wichs. “A
Counterexample to the Chain Rule for Conditional HILL Entropy.” Computational
Complexity. Springer, 2016. https://doi.org/10.1007/s00037-015-0120-9.
ieee: S. Krenn, K. Z. Pietrzak, A. Wadia, and D. Wichs, “A counterexample to the
chain rule for conditional HILL entropy,” Computational Complexity, vol.
25, no. 3. Springer, pp. 567–605, 2016.
ista: Krenn S, Pietrzak KZ, Wadia A, Wichs D. 2016. A counterexample to the chain
rule for conditional HILL entropy. Computational Complexity. 25(3), 567–605.
mla: Krenn, Stephan, et al. “A Counterexample to the Chain Rule for Conditional
HILL Entropy.” Computational Complexity, vol. 25, no. 3, Springer, 2016,
pp. 567–605, doi:10.1007/s00037-015-0120-9.
short: S. Krenn, K.Z. Pietrzak, A. Wadia, D. Wichs, Computational Complexity 25
(2016) 567–605.
date_created: 2018-12-11T11:52:16Z
date_published: 2016-09-01T00:00:00Z
date_updated: 2023-02-23T11:05:09Z
day: '01'
ddc:
- '004'
department:
- _id: KrPi
doi: 10.1007/s00037-015-0120-9
ec_funded: 1
file:
- access_level: open_access
checksum: 7659296174fa75f5f0364f31f46f4bcf
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:13:29Z
date_updated: 2020-07-14T12:44:56Z
file_id: '5012'
file_name: IST-2017-766-v1+1_678.pdf
file_size: 483258
relation: main_file
file_date_updated: 2020-07-14T12:44:56Z
has_accepted_license: '1'
intvolume: ' 25'
issue: '3'
language:
- iso: eng
license: https://creativecommons.org/licenses/by/4.0/
month: '09'
oa: 1
oa_version: Submitted Version
page: 567 - 605
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: Computational Complexity
publication_status: published
publisher: Springer
publist_id: '5715'
pubrep_id: '766'
quality_controlled: '1'
related_material:
record:
- id: '2940'
relation: earlier_version
status: public
scopus_import: 1
status: public
title: A counterexample to the chain rule for conditional HILL entropy
tmp:
image: /images/cc_by.png
legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
short: CC BY (4.0)
type: journal_article
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 25
year: '2016'
...
---
_id: '1229'
abstract:
- lang: eng
text: Witness encryption (WE) was introduced by Garg et al. [GGSW13]. A WE scheme
is defined for some NP language L and lets a sender encrypt messages relative
to instances x. A ciphertext for x can be decrypted using w witnessing x ∈ L,
but hides the message if x ∈ L. Garg et al. construct WE from multilinear maps
and give another construction [GGH+13b] using indistinguishability obfuscation
(iO) for circuits. Due to the reliance on such heavy tools, WE can cur- rently
hardly be implemented on powerful hardware and will unlikely be realizable on
constrained devices like smart cards any time soon. We construct a WE scheme where
encryption is done by simply computing a Naor-Yung ciphertext (two CPA encryptions
and a NIZK proof). To achieve this, our scheme has a setup phase, which outputs
public parameters containing an obfuscated circuit (only required for decryption),
two encryption keys and a common reference string (used for encryption). This
setup need only be run once, and the parame- ters can be used for arbitrary many
encryptions. Our scheme can also be turned into a functional WE scheme, where
a message is encrypted w.r.t. a statement and a function f, and decryption with
a witness w yields f (m, w). Our construction is inspired by the functional encryption
scheme by Garg et al. and we prove (selective) security assuming iO and statistically
simulation-sound NIZK. We give a construction of the latter in bilinear groups
and combining it with ElGamal encryption, our ciphertexts are of size 1.3 kB at
a 128-bit security level and can be computed on a smart card.
acknowledgement: Research supported by the European Research Council, ERC starting grant
(259668-PSPC) and ERC consolidator grant (682815 - TOCNeT).
alternative_title:
- LNCS
author:
- first_name: Hamza M
full_name: Abusalah, Hamza M
id: 40297222-F248-11E8-B48F-1D18A9856A87
last_name: Abusalah
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. Offline witness encryption. In: Vol
9696. Springer; 2016:285-303. doi:10.1007/978-3-319-39555-5_16'
apa: 'Abusalah, H. M., Fuchsbauer, G., & Pietrzak, K. Z. (2016). Offline witness
encryption (Vol. 9696, pp. 285–303). Presented at the ACNS: Applied Cryptography
and Network Security, Guildford, UK: Springer. https://doi.org/10.1007/978-3-319-39555-5_16'
chicago: Abusalah, Hamza M, Georg Fuchsbauer, and Krzysztof Z Pietrzak. “Offline
Witness Encryption,” 9696:285–303. Springer, 2016. https://doi.org/10.1007/978-3-319-39555-5_16.
ieee: 'H. M. Abusalah, G. Fuchsbauer, and K. Z. Pietrzak, “Offline witness encryption,”
presented at the ACNS: Applied Cryptography and Network Security, Guildford, UK,
2016, vol. 9696, pp. 285–303.'
ista: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. 2016. Offline witness encryption.
ACNS: Applied Cryptography and Network Security, LNCS, vol. 9696, 285–303.'
mla: Abusalah, Hamza M., et al. Offline Witness Encryption. Vol. 9696, Springer,
2016, pp. 285–303, doi:10.1007/978-3-319-39555-5_16.
short: H.M. Abusalah, G. Fuchsbauer, K.Z. Pietrzak, in:, Springer, 2016, pp. 285–303.
conference:
end_date: 2016-06-22
location: Guildford, UK
name: 'ACNS: Applied Cryptography and Network Security'
start_date: 2016-06-19
date_created: 2018-12-11T11:50:50Z
date_published: 2016-06-09T00:00:00Z
date_updated: 2023-09-07T12:30:22Z
day: '09'
ddc:
- '005'
- '600'
department:
- _id: KrPi
doi: 10.1007/978-3-319-39555-5_16
ec_funded: 1
file:
- access_level: open_access
checksum: 34fa9ce681da845a1ba945ba3dc57867
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:17:20Z
date_updated: 2020-07-14T12:44:39Z
file_id: '5273'
file_name: IST-2017-765-v1+1_838.pdf
file_size: 515000
relation: main_file
file_date_updated: 2020-07-14T12:44:39Z
has_accepted_license: '1'
intvolume: ' 9696'
language:
- iso: eng
month: '06'
oa: 1
oa_version: Submitted Version
page: 285 - 303
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication_status: published
publisher: Springer
publist_id: '6105'
pubrep_id: '765'
quality_controlled: '1'
related_material:
record:
- id: '83'
relation: dissertation_contains
status: public
scopus_import: 1
status: public
title: Offline witness encryption
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9696
year: '2016'
...
---
_id: '1236'
abstract:
- lang: eng
text: 'A constrained pseudorandom function F: K × X → Y for a family T ⊆ 2X of subsets
of X is a function where for any key k ∈ K and set S ∈ T one can efficiently compute
a constrained key kS which allows to evaluate F (k, ·) on all inputs x ∈ S, while
even given this key, the outputs on all inputs x ∉ S look random. At Asiacrypt’13
Boneh and Waters gave a construction which supports the most general set family
so far. Its keys kc are defined for sets decided by boolean circuits C and enable
evaluation of the PRF on any x ∈ X where C(x) = 1. In their construction the PRF
input length and the size of the circuits C for which constrained keys can be
computed must be fixed beforehand during key generation. We construct a constrained
PRF that has an unbounded input length and whose constrained keys can be defined
for any set recognized by a Turing machine. The only a priori bound we make is
on the description size of the machines. We prove our construction secure assuming
publiccoin differing-input obfuscation. As applications of our constrained PRF
we build a broadcast encryption scheme where the number of potential receivers
need not be fixed at setup (in particular, the length of the keys is independent
of the number of parties) and the first identity-based non-interactive key exchange
protocol with no bound on the number of parties that can agree on a shared key.'
acknowledgement: Supported by the European Research Council, ERC Starting Grant (259668-PSPC).
alternative_title:
- LNCS
author:
- first_name: Hamza M
full_name: Abusalah, Hamza M
id: 40297222-F248-11E8-B48F-1D18A9856A87
last_name: Abusalah
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. Constrained PRFs for unbounded inputs.
In: Vol 9610. Springer; 2016:413-428. doi:10.1007/978-3-319-29485-8_24'
apa: 'Abusalah, H. M., Fuchsbauer, G., & Pietrzak, K. Z. (2016). Constrained
PRFs for unbounded inputs (Vol. 9610, pp. 413–428). Presented at the CT-RSA: Topics
in Cryptology, San Francisco, CA, USA: Springer. https://doi.org/10.1007/978-3-319-29485-8_24'
chicago: Abusalah, Hamza M, Georg Fuchsbauer, and Krzysztof Z Pietrzak. “Constrained
PRFs for Unbounded Inputs,” 9610:413–28. Springer, 2016. https://doi.org/10.1007/978-3-319-29485-8_24.
ieee: 'H. M. Abusalah, G. Fuchsbauer, and K. Z. Pietrzak, “Constrained PRFs for
unbounded inputs,” presented at the CT-RSA: Topics in Cryptology, San Francisco,
CA, USA, 2016, vol. 9610, pp. 413–428.'
ista: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. 2016. Constrained PRFs for unbounded
inputs. CT-RSA: Topics in Cryptology, LNCS, vol. 9610, 413–428.'
mla: Abusalah, Hamza M., et al. Constrained PRFs for Unbounded Inputs. Vol.
9610, Springer, 2016, pp. 413–28, doi:10.1007/978-3-319-29485-8_24.
short: H.M. Abusalah, G. Fuchsbauer, K.Z. Pietrzak, in:, Springer, 2016, pp. 413–428.
conference:
end_date: 2016-03-04
location: San Francisco, CA, USA
name: 'CT-RSA: Topics in Cryptology'
start_date: 2016-02-29
date_created: 2018-12-11T11:50:52Z
date_published: 2016-02-02T00:00:00Z
date_updated: 2023-09-07T12:30:22Z
day: '02'
ddc:
- '005'
- '600'
department:
- _id: KrPi
doi: 10.1007/978-3-319-29485-8_24
ec_funded: 1
file:
- access_level: open_access
checksum: 3851cee49933ae13b1272e516f213e13
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:08:05Z
date_updated: 2020-07-14T12:44:41Z
file_id: '4664'
file_name: IST-2017-764-v1+1_279.pdf
file_size: 495176
relation: main_file
file_date_updated: 2020-07-14T12:44:41Z
has_accepted_license: '1'
intvolume: ' 9610'
language:
- iso: eng
month: '02'
oa: 1
oa_version: Submitted Version
page: 413 - 428
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '6097'
pubrep_id: '764'
quality_controlled: '1'
related_material:
record:
- id: '83'
relation: dissertation_contains
status: public
scopus_import: 1
status: public
title: Constrained PRFs for unbounded inputs
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9610
year: '2016'
...
---
_id: '1235'
abstract:
- lang: eng
text: 'A constrained pseudorandom function (CPRF) F: K×X → Y for a family T of subsets
of χ is a function where for any key k ∈ K and set S ∈ T one can efficiently compute
a short constrained key kS, which allows to evaluate F(k, ·) on all inputs x ∈
S, while the outputs on all inputs x /∈ S look random even given kS. Abusalah
et al. recently constructed the first constrained PRF for inputs of arbitrary
length whose sets S are decided by Turing machines. They use their CPRF to build
broadcast encryption and the first ID-based non-interactive key exchange for an
unbounded number of users. Their constrained keys are obfuscated circuits and
are therefore large. In this work we drastically reduce the key size and define
a constrained key for a Turing machine M as a short signature on M. For this,
we introduce a new signature primitive with constrained signing keys that let
one only sign certain messages, while forging a signature on others is hard even
when knowing the coins for key generation.'
acknowledgement: H. Abusalah—Research supported by the European Research Council,
ERC starting grant (259668-PSPC) and ERC consolidator grant (682815 - TOCNeT).
alternative_title:
- LNCS
author:
- first_name: Hamza M
full_name: Abusalah, Hamza M
id: 40297222-F248-11E8-B48F-1D18A9856A87
last_name: Abusalah
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
citation:
ama: 'Abusalah HM, Fuchsbauer G. Constrained PRFs for unbounded inputs with short
keys. In: Vol 9696. Springer; 2016:445-463. doi:10.1007/978-3-319-39555-5_24'
apa: 'Abusalah, H. M., & Fuchsbauer, G. (2016). Constrained PRFs for unbounded
inputs with short keys (Vol. 9696, pp. 445–463). Presented at the ACNS: Applied
Cryptography and Network Security, Guildford, UK: Springer. https://doi.org/10.1007/978-3-319-39555-5_24'
chicago: Abusalah, Hamza M, and Georg Fuchsbauer. “Constrained PRFs for Unbounded
Inputs with Short Keys,” 9696:445–63. Springer, 2016. https://doi.org/10.1007/978-3-319-39555-5_24.
ieee: 'H. M. Abusalah and G. Fuchsbauer, “Constrained PRFs for unbounded inputs
with short keys,” presented at the ACNS: Applied Cryptography and Network Security,
Guildford, UK, 2016, vol. 9696, pp. 445–463.'
ista: 'Abusalah HM, Fuchsbauer G. 2016. Constrained PRFs for unbounded inputs with
short keys. ACNS: Applied Cryptography and Network Security, LNCS, vol. 9696,
445–463.'
mla: Abusalah, Hamza M., and Georg Fuchsbauer. Constrained PRFs for Unbounded
Inputs with Short Keys. Vol. 9696, Springer, 2016, pp. 445–63, doi:10.1007/978-3-319-39555-5_24.
short: H.M. Abusalah, G. Fuchsbauer, in:, Springer, 2016, pp. 445–463.
conference:
end_date: 2016-06-22
location: Guildford, UK
name: 'ACNS: Applied Cryptography and Network Security'
start_date: 2016-06-19
date_created: 2018-12-11T11:50:52Z
date_published: 2016-01-01T00:00:00Z
date_updated: 2023-09-07T12:30:22Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-319-39555-5_24
ec_funded: 1
intvolume: ' 9696'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2016/279.pdf
month: '01'
oa: 1
oa_version: Submitted Version
page: 445 - 463
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication_status: published
publisher: Springer
publist_id: '6098'
quality_controlled: '1'
related_material:
record:
- id: '83'
relation: dissertation_contains
status: public
scopus_import: 1
status: public
title: Constrained PRFs for unbounded inputs with short keys
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 9696
year: '2016'
...
---
_id: '1474'
abstract:
- lang: eng
text: Cryptographic access control offers selective access to encrypted data via
a combination of key management and functionality-rich cryptographic schemes,
such as attribute-based encryption. Using this approach, publicly available meta-data
may inadvertently leak information on the access policy that is enforced by cryptography,
which renders cryptographic access control unusable in settings where this information
is highly sensitive. We begin to address this problem by presenting rigorous definitions
for policy privacy in cryptographic access control. For concreteness we set our
results in the model of Role-Based Access Control (RBAC), where we identify and
formalize several different flavors of privacy, however, our framework should
serve as inspiration for other models of access control. Based on our insights
we propose a new system which significantly improves on the privacy properties
of state-of-the-art constructions. Our design is based on a novel type of privacy-preserving
attribute-based encryption, which we introduce and show how to instantiate. We
present our results in the context of a cryptographic RBAC system by Ferrara et
al. (CSF'13), which uses cryptography to control read access to files, while write
access is still delegated to trusted monitors. We give an extension of the construction
that permits cryptographic control over write access. Our construction assumes
that key management uses out-of-band channels between the policy enforcer and
the users but eliminates completely the need for monitoring read/write access
to the data.
article_processing_charge: No
author:
- first_name: Anna
full_name: Ferrara, Anna
last_name: Ferrara
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Bin
full_name: Liu, Bin
last_name: Liu
- first_name: Bogdan
full_name: Warinschi, Bogdan
last_name: Warinschi
citation:
ama: 'Ferrara A, Fuchsbauer G, Liu B, Warinschi B. Policy privacy in cryptographic
access control. In: IEEE; 2015:46-60. doi:10.1109/CSF.2015.11'
apa: 'Ferrara, A., Fuchsbauer, G., Liu, B., & Warinschi, B. (2015). Policy privacy
in cryptographic access control (pp. 46–60). Presented at the CSF: Computer Security
Foundations, Verona, Italy: IEEE. https://doi.org/10.1109/CSF.2015.11'
chicago: Ferrara, Anna, Georg Fuchsbauer, Bin Liu, and Bogdan Warinschi. “Policy
Privacy in Cryptographic Access Control,” 46–60. IEEE, 2015. https://doi.org/10.1109/CSF.2015.11.
ieee: 'A. Ferrara, G. Fuchsbauer, B. Liu, and B. Warinschi, “Policy privacy in cryptographic
access control,” presented at the CSF: Computer Security Foundations, Verona,
Italy, 2015, pp. 46–60.'
ista: 'Ferrara A, Fuchsbauer G, Liu B, Warinschi B. 2015. Policy privacy in cryptographic
access control. CSF: Computer Security Foundations, 46–60.'
mla: Ferrara, Anna, et al. Policy Privacy in Cryptographic Access Control.
IEEE, 2015, pp. 46–60, doi:10.1109/CSF.2015.11.
short: A. Ferrara, G. Fuchsbauer, B. Liu, B. Warinschi, in:, IEEE, 2015, pp. 46–60.
conference:
end_date: 2015-07-17
location: Verona, Italy
name: 'CSF: Computer Security Foundations'
start_date: 2015-07-13
date_created: 2018-12-11T11:52:14Z
date_published: 2015-09-04T00:00:00Z
date_updated: 2021-01-12T06:50:59Z
day: '04'
department:
- _id: KrPi
doi: 10.1109/CSF.2015.11
ec_funded: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://epubs.surrey.ac.uk/808055/
month: '09'
oa: 1
oa_version: Submitted Version
page: 46-60
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: IEEE
publist_id: '5722'
quality_controlled: '1'
status: public
title: Policy privacy in cryptographic access control
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2015'
...
---
_id: '1646'
abstract:
- lang: eng
text: 'A pseudorandom function (PRF) is a keyed function F : K × X → Y where, for
a random key k ∈ K, the function F(k, ·) is indistinguishable from a uniformly
random function, given black-box access. A key-homomorphic PRF has the additional
feature that for any keys k, k'' and any input x, we have F(k+k'', x) = F(k, x)⊕F(k'',
x) for some group operations +,⊕ on K and Y, respectively. A constrained PRF for
a family of setsS ⊆ P(X) has the property that, given any key k and set S ∈ S,
one can efficiently compute a “constrained” key kS that enables evaluation of
F(k, x) on all inputs x ∈ S, while the values F(k, x) for x /∈ S remain pseudorandom
even given kS. In this paper we construct PRFs that are simultaneously constrained
and key homomorphic, where the homomorphic property holds even for constrained
keys. We first show that the multilinear map-based bit-fixing and circuit-constrained
PRFs of Boneh and Waters (Asiacrypt 2013) can be modified to also be keyhomomorphic.
We then show that the LWE-based key-homomorphic PRFs of Banerjee and Peikert (Crypto
2014) are essentially already prefix-constrained PRFs, using a (non-obvious) definition
of constrained keys and associated group operation. Moreover, the constrained
keys themselves are pseudorandom, and the constraining and evaluation functions
can all be computed in low depth. As an application of key-homomorphic constrained
PRFs,we construct a proxy re-encryption schemewith fine-grained access control.
This scheme allows storing encrypted data on an untrusted server, where each file
can be encrypted relative to some attributes, so that only parties whose constrained
keys match the attributes can decrypt. Moreover, the server can re-key (arbitrary
subsets of) the ciphertexts without learning anything about the plaintexts, thus
permitting efficient and finegrained revocation.'
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Abishek
full_name: Banerjee, Abishek
last_name: Banerjee
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Chris
full_name: Peikert, Chris
last_name: Peikert
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Sophie
full_name: Stevens, Sophie
last_name: Stevens
citation:
ama: 'Banerjee A, Fuchsbauer G, Peikert C, Pietrzak KZ, Stevens S. Key-homomorphic
constrained pseudorandom functions. In: 12th Theory of Cryptography Conference.
Vol 9015. Springer Nature; 2015:31-60. doi:10.1007/978-3-662-46497-7_2'
apa: 'Banerjee, A., Fuchsbauer, G., Peikert, C., Pietrzak, K. Z., & Stevens,
S. (2015). Key-homomorphic constrained pseudorandom functions. In 12th Theory
of Cryptography Conference (Vol. 9015, pp. 31–60). Warsaw, Poland: Springer
Nature. https://doi.org/10.1007/978-3-662-46497-7_2'
chicago: Banerjee, Abishek, Georg Fuchsbauer, Chris Peikert, Krzysztof Z Pietrzak,
and Sophie Stevens. “Key-Homomorphic Constrained Pseudorandom Functions.” In 12th
Theory of Cryptography Conference, 9015:31–60. Springer Nature, 2015. https://doi.org/10.1007/978-3-662-46497-7_2.
ieee: A. Banerjee, G. Fuchsbauer, C. Peikert, K. Z. Pietrzak, and S. Stevens, “Key-homomorphic
constrained pseudorandom functions,” in 12th Theory of Cryptography Conference,
Warsaw, Poland, 2015, vol. 9015, pp. 31–60.
ista: 'Banerjee A, Fuchsbauer G, Peikert C, Pietrzak KZ, Stevens S. 2015. Key-homomorphic
constrained pseudorandom functions. 12th Theory of Cryptography Conference. TCC:
Theory of Cryptography Conference, LNCS, vol. 9015, 31–60.'
mla: Banerjee, Abishek, et al. “Key-Homomorphic Constrained Pseudorandom Functions.”
12th Theory of Cryptography Conference, vol. 9015, Springer Nature, 2015,
pp. 31–60, doi:10.1007/978-3-662-46497-7_2.
short: A. Banerjee, G. Fuchsbauer, C. Peikert, K.Z. Pietrzak, S. Stevens, in:, 12th
Theory of Cryptography Conference, Springer Nature, 2015, pp. 31–60.
conference:
end_date: 2015-03-25
location: Warsaw, Poland
name: 'TCC: Theory of Cryptography Conference'
start_date: 2015-03-23
date_created: 2018-12-11T11:53:14Z
date_published: 2015-03-01T00:00:00Z
date_updated: 2022-02-03T08:41:46Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-662-46497-7_2
ec_funded: 1
file:
- access_level: open_access
checksum: 3c5093bda5783c89beaacabf1aa0e60e
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:15:17Z
date_updated: 2020-07-14T12:45:08Z
file_id: '5136'
file_name: IST-2016-679-v1+1_180.pdf
file_size: 450665
relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: ' 9015'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2015/180
month: '03'
oa: 1
oa_version: Submitted Version
page: 31 - 60
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: 12th Theory of Cryptography Conference
publication_identifier:
isbn:
- 978-3-662-46496-0
publication_status: published
publisher: Springer Nature
publist_id: '5505'
pubrep_id: '679'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Key-homomorphic constrained pseudorandom functions
type: conference
user_id: 8b945eb4-e2f2-11eb-945a-df72226e66a9
volume: 9015
year: '2015'
...
---
_id: '1648'
abstract:
- lang: eng
text: Generalized Selective Decryption (GSD), introduced by Panjwani [TCC’07], is
a game for a symmetric encryption scheme Enc that captures the difficulty of proving
adaptive security of certain protocols, most notably the Logical Key Hierarchy
(LKH) multicast encryption protocol. In the GSD game there are n keys k1,...,
kn, which the adversary may adaptively corrupt (learn); moreover, it can ask for
encryptions Encki (kj) of keys under other keys. The adversary’s task is to distinguish
keys (which it cannot trivially compute) from random. Proving the hardness of
GSD assuming only IND-CPA security of Enc is surprisingly hard. Using “complexity
leveraging” loses a factor exponential in n, which makes the proof practically
meaningless. We can think of the GSD game as building a graph on n vertices, where
we add an edge i → j when the adversary asks for an encryption of kj under ki.
If restricted to graphs of depth ℓ, Panjwani gave a reduction that loses only
a factor exponential in ℓ (not n). To date, this is the only non-trivial result
known for GSD. In this paper we give almost-polynomial reductions for large classes
of graphs. Most importantly, we prove the security of the GSD game restricted
to trees losing only a quasi-polynomial factor n3 log n+5. Trees are an important
special case capturing real-world protocols like the LKH protocol. Our new bound
improves upon Panjwani’s on some LKH variants proposed in the literature where
the underlying tree is not balanced. Our proof builds on ideas from the “nested
hybrids” technique recently introduced by Fuchsbauer et al. [Asiacrypt’14] for
proving the adaptive security of constrained PRFs.
alternative_title:
- LNCS
author:
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Zahra
full_name: Jafargholi, Zahra
last_name: Jafargholi
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Fuchsbauer G, Jafargholi Z, Pietrzak KZ. A quasipolynomial reduction for generalized
selective decryption on trees. In: Vol 9215. Springer; 2015:601-620. doi:10.1007/978-3-662-47989-6_29'
apa: 'Fuchsbauer, G., Jafargholi, Z., & Pietrzak, K. Z. (2015). A quasipolynomial
reduction for generalized selective decryption on trees (Vol. 9215, pp. 601–620).
Presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA,
USA: Springer. https://doi.org/10.1007/978-3-662-47989-6_29'
chicago: Fuchsbauer, Georg, Zahra Jafargholi, and Krzysztof Z Pietrzak. “A Quasipolynomial
Reduction for Generalized Selective Decryption on Trees,” 9215:601–20. Springer,
2015. https://doi.org/10.1007/978-3-662-47989-6_29.
ieee: 'G. Fuchsbauer, Z. Jafargholi, and K. Z. Pietrzak, “A quasipolynomial reduction
for generalized selective decryption on trees,” presented at the CRYPTO: International
Cryptology Conference, Santa Barbara, CA, USA, 2015, vol. 9215, pp. 601–620.'
ista: 'Fuchsbauer G, Jafargholi Z, Pietrzak KZ. 2015. A quasipolynomial reduction
for generalized selective decryption on trees. CRYPTO: International Cryptology
Conference, LNCS, vol. 9215, 601–620.'
mla: Fuchsbauer, Georg, et al. A Quasipolynomial Reduction for Generalized Selective
Decryption on Trees. Vol. 9215, Springer, 2015, pp. 601–20, doi:10.1007/978-3-662-47989-6_29.
short: G. Fuchsbauer, Z. Jafargholi, K.Z. Pietrzak, in:, Springer, 2015, pp. 601–620.
conference:
end_date: 2015-08-20
location: Santa Barbara, CA, USA
name: 'CRYPTO: International Cryptology Conference'
start_date: 2015-08-16
date_created: 2018-12-11T11:53:14Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2021-01-12T06:52:14Z
day: '01'
ddc:
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-662-47989-6_29
ec_funded: 1
file:
- access_level: open_access
checksum: 99b76b3263d5082554d0a9cbdeca3a22
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:13:31Z
date_updated: 2020-07-14T12:45:08Z
file_id: '5015'
file_name: IST-2016-674-v1+1_389.pdf
file_size: 505618
relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: ' 9215'
language:
- iso: eng
month: '08'
oa: 1
oa_version: Submitted Version
page: 601 - 620
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5502'
pubrep_id: '674'
quality_controlled: '1'
scopus_import: 1
status: public
title: A quasipolynomial reduction for generalized selective decryption on trees
tmp:
image: /images/cc_by.png
legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
short: CC BY (4.0)
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9215
year: '2015'
...
---
_id: '1649'
abstract:
- lang: eng
text: 'We extend a commitment scheme based on the learning with errors over rings
(RLWE) problem, and present efficient companion zeroknowledge proofs of knowledge.
Our scheme maps elements from the ring (or equivalently, n elements from '
alternative_title:
- LNCS
author:
- first_name: Fabrice
full_name: Benhamouda, Fabrice
last_name: Benhamouda
- first_name: Stephan
full_name: Krenn, Stephan
last_name: Krenn
- first_name: Vadim
full_name: Lyubashevsky, Vadim
last_name: Lyubashevsky
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: Benhamouda F, Krenn S, Lyubashevsky V, Pietrzak KZ. Efficient zero-knowledge
proofs for commitments from learning with errors over rings. 2015;9326:305-325.
doi:10.1007/978-3-319-24174-6_16
apa: 'Benhamouda, F., Krenn, S., Lyubashevsky, V., & Pietrzak, K. Z. (2015).
Efficient zero-knowledge proofs for commitments from learning with errors over
rings. Presented at the ESORICS: European Symposium on Research in Computer Security,
Vienna, Austria: Springer. https://doi.org/10.1007/978-3-319-24174-6_16'
chicago: Benhamouda, Fabrice, Stephan Krenn, Vadim Lyubashevsky, and Krzysztof Z
Pietrzak. “Efficient Zero-Knowledge Proofs for Commitments from Learning with
Errors over Rings.” Lecture Notes in Computer Science. Springer, 2015. https://doi.org/10.1007/978-3-319-24174-6_16.
ieee: F. Benhamouda, S. Krenn, V. Lyubashevsky, and K. Z. Pietrzak, “Efficient zero-knowledge
proofs for commitments from learning with errors over rings,” vol. 9326. Springer,
pp. 305–325, 2015.
ista: Benhamouda F, Krenn S, Lyubashevsky V, Pietrzak KZ. 2015. Efficient zero-knowledge
proofs for commitments from learning with errors over rings. 9326, 305–325.
mla: Benhamouda, Fabrice, et al. Efficient Zero-Knowledge Proofs for Commitments
from Learning with Errors over Rings. Vol. 9326, Springer, 2015, pp. 305–25,
doi:10.1007/978-3-319-24174-6_16.
short: F. Benhamouda, S. Krenn, V. Lyubashevsky, K.Z. Pietrzak, 9326 (2015) 305–325.
conference:
end_date: 2015-09-25
location: Vienna, Austria
name: 'ESORICS: European Symposium on Research in Computer Security'
start_date: 2015-09-21
date_created: 2018-12-11T11:53:15Z
date_published: 2015-01-01T00:00:00Z
date_updated: 2021-01-12T06:52:14Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-319-24174-6_16
ec_funded: 1
file:
- access_level: open_access
checksum: 6eac4a485b2aa644b2d3f753ed0b280b
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:11:28Z
date_updated: 2020-07-14T12:45:08Z
file_id: '4883'
file_name: IST-2016-678-v1+1_889.pdf
file_size: 494239
relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: ' 9326'
language:
- iso: eng
license: https://creativecommons.org/licenses/by-nc/4.0/
month: '01'
oa: 1
oa_version: Published Version
page: 305 - 325
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5501'
pubrep_id: '678'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: Efficient zero-knowledge proofs for commitments from learning with errors over
rings
tmp:
image: /images/cc_by_nc.png
legal_code_url: https://creativecommons.org/licenses/by-nc/4.0/legalcode
name: Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
short: CC BY-NC (4.0)
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9326
year: '2015'
...
---
_id: '1644'
abstract:
- lang: eng
text: Increasing the computational complexity of evaluating a hash function, both
for the honest users as well as for an adversary, is a useful technique employed
for example in password-based cryptographic schemes to impede brute-force attacks,
and also in so-called proofs of work (used in protocols like Bitcoin) to show
that a certain amount of computation was performed by a legitimate user. A natural
approach to adjust the complexity of a hash function is to iterate it c times,
for some parameter c, in the hope that any query to the scheme requires c evaluations
of the underlying hash function. However, results by Dodis et al. (Crypto 2012)
imply that plain iteration falls short of achieving this goal, and designing schemes
which provably have such a desirable property remained an open problem. This paper
formalizes explicitly what it means for a given scheme to amplify the query complexity
of a hash function. In the random oracle model, the goal of a secure query-complexity
amplifier (QCA) scheme is captured as transforming, in the sense of indifferentiability,
a random oracle allowing R queries (for the adversary) into one provably allowing
only r < R queries. Turned around, this means that making r queries to the
scheme requires at least R queries to the actual random oracle. Second, a new
scheme, called collision-free iteration, is proposed and proven to achieve c-fold
QCA for both the honest parties and the adversary, for any fixed parameter c.
alternative_title:
- LNCS
author:
- first_name: Grégory
full_name: Demay, Grégory
last_name: Demay
- first_name: Peter
full_name: Gazi, Peter
id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
last_name: Gazi
- first_name: Ueli
full_name: Maurer, Ueli
last_name: Maurer
- first_name: Björn
full_name: Tackmann, Björn
last_name: Tackmann
citation:
ama: 'Demay G, Gazi P, Maurer U, Tackmann B. Query-complexity amplification for
random oracles. In: Vol 9063. Springer; 2015:159-180. doi:10.1007/978-3-319-17470-9_10'
apa: 'Demay, G., Gazi, P., Maurer, U., & Tackmann, B. (2015). Query-complexity
amplification for random oracles (Vol. 9063, pp. 159–180). Presented at the ICITS:
International Conference on Information Theoretic Security, Lugano, Switzerland:
Springer. https://doi.org/10.1007/978-3-319-17470-9_10'
chicago: Demay, Grégory, Peter Gazi, Ueli Maurer, and Björn Tackmann. “Query-Complexity
Amplification for Random Oracles,” 9063:159–80. Springer, 2015. https://doi.org/10.1007/978-3-319-17470-9_10.
ieee: 'G. Demay, P. Gazi, U. Maurer, and B. Tackmann, “Query-complexity amplification
for random oracles,” presented at the ICITS: International Conference on Information
Theoretic Security, Lugano, Switzerland, 2015, vol. 9063, pp. 159–180.'
ista: 'Demay G, Gazi P, Maurer U, Tackmann B. 2015. Query-complexity amplification
for random oracles. ICITS: International Conference on Information Theoretic Security,
LNCS, vol. 9063, 159–180.'
mla: Demay, Grégory, et al. Query-Complexity Amplification for Random Oracles.
Vol. 9063, Springer, 2015, pp. 159–80, doi:10.1007/978-3-319-17470-9_10.
short: G. Demay, P. Gazi, U. Maurer, B. Tackmann, in:, Springer, 2015, pp. 159–180.
conference:
end_date: 2015-05-05
location: Lugano, Switzerland
name: 'ICITS: International Conference on Information Theoretic Security'
start_date: 2015-05-02
date_created: 2018-12-11T11:53:13Z
date_published: 2015-01-01T00:00:00Z
date_updated: 2021-01-12T06:52:13Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-319-17470-9_10
ec_funded: 1
intvolume: ' 9063'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://eprint.iacr.org/2015/315
month: '01'
oa: 1
oa_version: Submitted Version
page: 159 - 180
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5507'
quality_controlled: '1'
scopus_import: 1
status: public
title: Query-complexity amplification for random oracles
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9063
year: '2015'
...
---
_id: '1647'
abstract:
- lang: eng
text: Round-optimal blind signatures are notoriously hard to construct in the standard
model, especially in the malicious-signer model, where blindness must hold under
adversarially chosen keys. This is substantiated by several impossibility results.
The only construction that can be termed theoretically efficient, by Garg and
Gupta (Eurocrypt’14), requires complexity leveraging, inducing an exponential
security loss. We present a construction of practically efficient round-optimal
blind signatures in the standard model. It is conceptually simple and builds on
the recent structure-preserving signatures on equivalence classes (SPSEQ) from
Asiacrypt’14. While the traditional notion of blindness follows from standard
assumptions, we prove blindness under adversarially chosen keys under an interactive
variant of DDH. However, we neither require non-uniform assumptions nor complexity
leveraging. We then show how to extend our construction to partially blind signatures
and to blind signatures on message vectors, which yield a construction of one-show
anonymous credentials à la “anonymous credentials light” (CCS’13) in the standard
model. Furthermore, we give the first SPS-EQ construction under noninteractive
assumptions and show how SPS-EQ schemes imply conventional structure-preserving
signatures, which allows us to apply optimality results for the latter to SPS-EQ.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Christian
full_name: Hanser, Christian
last_name: Hanser
- first_name: Daniel
full_name: Slamanig, Daniel
last_name: Slamanig
citation:
ama: 'Fuchsbauer G, Hanser C, Slamanig D. Practical round-optimal blind signatures
in the standard model. In: Vol 9216. Springer; 2015:233-253. doi:10.1007/978-3-662-48000-7_12'
apa: 'Fuchsbauer, G., Hanser, C., & Slamanig, D. (2015). Practical round-optimal
blind signatures in the standard model (Vol. 9216, pp. 233–253). Presented at
the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States:
Springer. https://doi.org/10.1007/978-3-662-48000-7_12'
chicago: Fuchsbauer, Georg, Christian Hanser, and Daniel Slamanig. “Practical Round-Optimal
Blind Signatures in the Standard Model,” 9216:233–53. Springer, 2015. https://doi.org/10.1007/978-3-662-48000-7_12.
ieee: 'G. Fuchsbauer, C. Hanser, and D. Slamanig, “Practical round-optimal blind
signatures in the standard model,” presented at the CRYPTO: International Cryptology
Conference, Santa Barbara, CA, United States, 2015, vol. 9216, pp. 233–253.'
ista: 'Fuchsbauer G, Hanser C, Slamanig D. 2015. Practical round-optimal blind signatures
in the standard model. CRYPTO: International Cryptology Conference, LNCS, vol.
9216, 233–253.'
mla: Fuchsbauer, Georg, et al. Practical Round-Optimal Blind Signatures in the
Standard Model. Vol. 9216, Springer, 2015, pp. 233–53, doi:10.1007/978-3-662-48000-7_12.
short: G. Fuchsbauer, C. Hanser, D. Slamanig, in:, Springer, 2015, pp. 233–253.
conference:
end_date: 2015-08-20
location: Santa Barbara, CA, United States
name: 'CRYPTO: International Cryptology Conference'
start_date: 2015-08-16
date_created: 2018-12-11T11:53:14Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2023-02-21T16:44:51Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-662-48000-7_12
ec_funded: 1
intvolume: ' 9216'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2015/626.pdf
month: '08'
oa: 1
oa_version: Submitted Version
page: 233 - 253
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5503'
quality_controlled: '1'
related_material:
record:
- id: '1225'
relation: later_version
status: public
scopus_import: 1
status: public
title: Practical round-optimal blind signatures in the standard model
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9216
year: '2015'
...
---
_id: '1645'
abstract:
- lang: eng
text: Secret-key constructions are often proved secure in a model where one or more
underlying components are replaced by an idealized oracle accessible to the attacker.
This model gives rise to information-theoretic security analyses, and several
advances have been made in this area over the last few years. This paper provides
a systematic overview of what is achievable in this model, and how existing works
fit into this view.
article_number: '7133163'
author:
- first_name: Peter
full_name: Gazi, Peter
id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
last_name: Gazi
- first_name: Stefano
full_name: Tessaro, Stefano
last_name: Tessaro
citation:
ama: 'Gazi P, Tessaro S. Secret-key cryptography from ideal primitives: A systematic
verview. In: 2015 IEEE Information Theory Workshop. IEEE; 2015. doi:10.1109/ITW.2015.7133163'
apa: 'Gazi, P., & Tessaro, S. (2015). Secret-key cryptography from ideal primitives:
A systematic verview. In 2015 IEEE Information Theory Workshop. Jerusalem,
Israel: IEEE. https://doi.org/10.1109/ITW.2015.7133163'
chicago: 'Gazi, Peter, and Stefano Tessaro. “Secret-Key Cryptography from Ideal
Primitives: A Systematic Verview.” In 2015 IEEE Information Theory Workshop.
IEEE, 2015. https://doi.org/10.1109/ITW.2015.7133163.'
ieee: 'P. Gazi and S. Tessaro, “Secret-key cryptography from ideal primitives: A
systematic verview,” in 2015 IEEE Information Theory Workshop, Jerusalem,
Israel, 2015.'
ista: 'Gazi P, Tessaro S. 2015. Secret-key cryptography from ideal primitives: A
systematic verview. 2015 IEEE Information Theory Workshop. ITW 2015: IEEE Information
Theory Workshop, 7133163.'
mla: 'Gazi, Peter, and Stefano Tessaro. “Secret-Key Cryptography from Ideal Primitives:
A Systematic Verview.” 2015 IEEE Information Theory Workshop, 7133163,
IEEE, 2015, doi:10.1109/ITW.2015.7133163.'
short: P. Gazi, S. Tessaro, in:, 2015 IEEE Information Theory Workshop, IEEE, 2015.
conference:
end_date: 2015-05-01
location: Jerusalem, Israel
name: 'ITW 2015: IEEE Information Theory Workshop'
start_date: 2015-04-26
date_created: 2018-12-11T11:53:13Z
date_published: 2015-06-24T00:00:00Z
date_updated: 2021-01-12T06:52:13Z
day: '24'
department:
- _id: KrPi
doi: 10.1109/ITW.2015.7133163
ec_funded: 1
language:
- iso: eng
month: '06'
oa_version: None
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: 2015 IEEE Information Theory Workshop
publication_status: published
publisher: IEEE
publist_id: '5506'
quality_controlled: '1'
scopus_import: 1
status: public
title: 'Secret-key cryptography from ideal primitives: A systematic verview'
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2015'
...
---
_id: '1654'
abstract:
- lang: eng
text: "HMAC and its variant NMAC are the most popular approaches to deriving a MAC
(and more generally, a PRF) from a cryptographic hash function. Despite nearly
two decades of research, their exact security still remains far from understood
in many different contexts. Indeed, recent works have re-surfaced interest for
{\\em generic} attacks, i.e., attacks that treat the compression function of the
underlying hash function as a black box.\r\n\r\nGeneric security can be proved
in a model where the underlying compression function is modeled as a random function
-- yet, to date, the question of proving tight, non-trivial bounds on the generic
security of HMAC/NMAC even as a PRF remains a challenging open question.\r\n\r\nIn
this paper, we ask the question of whether a small modification to HMAC and NMAC
can allow us to exactly characterize the security of the resulting constructions,
while only incurring little penalty with respect to efficiency. To this end, we
present simple variants of NMAC and HMAC, for which we prove tight bounds on the
generic PRF security, expressed in terms of numbers of construction and compression
function queries necessary to break the construction. All of our constructions
are obtained via a (near) {\\em black-box} modification of NMAC and HMAC, which
can be interpreted as an initial step of key-dependent message pre-processing.\r\n\r\nWhile
our focus is on PRF security, a further attractive feature of our new constructions
is that they clearly defeat all recent generic attacks against properties such
as state recovery and universal forgery. These exploit properties of the so-called
``functional graph'' which are not directly accessible in our new constructions. "
alternative_title:
- LNCS
author:
- first_name: Peter
full_name: Gazi, Peter
id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
last_name: Gazi
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Stefano
full_name: Tessaro, Stefano
last_name: Tessaro
citation:
ama: Gazi P, Pietrzak KZ, Tessaro S. Generic security of NMAC and HMAC with input
whitening. 2015;9453:85-109. doi:10.1007/978-3-662-48800-3_4
apa: 'Gazi, P., Pietrzak, K. Z., & Tessaro, S. (2015). Generic security of NMAC
and HMAC with input whitening. Presented at the ASIACRYPT: Theory and Application
of Cryptology and Information Security, Auckland, New Zealand: Springer. https://doi.org/10.1007/978-3-662-48800-3_4'
chicago: Gazi, Peter, Krzysztof Z Pietrzak, and Stefano Tessaro. “Generic Security
of NMAC and HMAC with Input Whitening.” Lecture Notes in Computer Science. Springer,
2015. https://doi.org/10.1007/978-3-662-48800-3_4.
ieee: P. Gazi, K. Z. Pietrzak, and S. Tessaro, “Generic security of NMAC and HMAC
with input whitening,” vol. 9453. Springer, pp. 85–109, 2015.
ista: Gazi P, Pietrzak KZ, Tessaro S. 2015. Generic security of NMAC and HMAC with
input whitening. 9453, 85–109.
mla: Gazi, Peter, et al. Generic Security of NMAC and HMAC with Input Whitening.
Vol. 9453, Springer, 2015, pp. 85–109, doi:10.1007/978-3-662-48800-3_4.
short: P. Gazi, K.Z. Pietrzak, S. Tessaro, 9453 (2015) 85–109.
conference:
end_date: 2015-12-03
location: Auckland, New Zealand
name: 'ASIACRYPT: Theory and Application of Cryptology and Information Security'
start_date: 2015-11-29
date_created: 2018-12-11T11:53:17Z
date_published: 2015-12-30T00:00:00Z
date_updated: 2021-01-12T06:52:16Z
day: '30'
ddc:
- '004'
- '005'
department:
- _id: KrPi
doi: 10.1007/978-3-662-48800-3_4
ec_funded: 1
file:
- access_level: open_access
checksum: d1e53203db2d8573a560995ccdffac62
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:09:09Z
date_updated: 2020-07-14T12:45:08Z
file_id: '4732'
file_name: IST-2016-676-v1+1_881.pdf
file_size: 512071
relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: ' 9453'
language:
- iso: eng
month: '12'
oa: 1
oa_version: Submitted Version
page: 85 - 109
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5496'
pubrep_id: '676'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: Generic security of NMAC and HMAC with input whitening
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9453
year: '2015'
...
---
_id: '1650'
abstract:
- lang: eng
text: "We consider the task of deriving a key with high HILL entropy (i.e., being
computationally indistinguishable from a key with high min-entropy) from an unpredictable
source.\r\n\r\nPrevious to this work, the only known way to transform unpredictability
into a key that was ϵ indistinguishable from having min-entropy was via pseudorandomness,
for example by Goldreich-Levin (GL) hardcore bits. This approach has the inherent
limitation that from a source with k bits of unpredictability entropy one can
derive a key of length (and thus HILL entropy) at most k−2log(1/ϵ) bits. In many
settings, e.g. when dealing with biometric data, such a 2log(1/ϵ) bit entropy
loss in not an option. Our main technical contribution is a theorem that states
that in the high entropy regime, unpredictability implies HILL entropy. Concretely,
any variable K with |K|−d bits of unpredictability entropy has the same amount
of so called metric entropy (against real-valued, deterministic distinguishers),
which is known to imply the same amount of HILL entropy. The loss in circuit size
in this argument is exponential in the entropy gap d, and thus this result only
applies for small d (i.e., where the size of distinguishers considered is exponential
in d).\r\n\r\nTo overcome the above restriction, we investigate if it’s possible
to first “condense” unpredictability entropy and make the entropy gap small. We
show that any source with k bits of unpredictability can be condensed into a source
of length k with k−3 bits of unpredictability entropy. Our condenser simply “abuses"
the GL construction and derives a k bit key from a source with k bits of unpredicatibily.
The original GL theorem implies nothing when extracting that many bits, but we
show that in this regime, GL still behaves like a “condenser" for unpredictability.
This result comes with two caveats (1) the loss in circuit size is exponential
in k and (2) we require that the source we start with has no HILL entropy (equivalently,
one can efficiently check if a guess is correct). We leave it as an intriguing
open problem to overcome these restrictions or to prove they’re inherent."
alternative_title:
- LNCS
author:
- first_name: Maciej
full_name: Skórski, Maciej
last_name: Skórski
- first_name: Alexander
full_name: Golovnev, Alexander
last_name: Golovnev
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Skórski M, Golovnev A, Pietrzak KZ. Condensed unpredictability . In: Vol 9134.
Springer; 2015:1046-1057. doi:10.1007/978-3-662-47672-7_85'
apa: 'Skórski, M., Golovnev, A., & Pietrzak, K. Z. (2015). Condensed unpredictability (Vol.
9134, pp. 1046–1057). Presented at the ICALP: Automata, Languages and Programming,
Kyoto, Japan: Springer. https://doi.org/10.1007/978-3-662-47672-7_85'
chicago: Skórski, Maciej, Alexander Golovnev, and Krzysztof Z Pietrzak. “Condensed
Unpredictability ,” 9134:1046–57. Springer, 2015. https://doi.org/10.1007/978-3-662-47672-7_85.
ieee: 'M. Skórski, A. Golovnev, and K. Z. Pietrzak, “Condensed unpredictability
,” presented at the ICALP: Automata, Languages and Programming, Kyoto, Japan,
2015, vol. 9134, pp. 1046–1057.'
ista: 'Skórski M, Golovnev A, Pietrzak KZ. 2015. Condensed unpredictability . ICALP:
Automata, Languages and Programming, LNCS, vol. 9134, 1046–1057.'
mla: Skórski, Maciej, et al. Condensed Unpredictability . Vol. 9134, Springer,
2015, pp. 1046–57, doi:10.1007/978-3-662-47672-7_85.
short: M. Skórski, A. Golovnev, K.Z. Pietrzak, in:, Springer, 2015, pp. 1046–1057.
conference:
end_date: 2015-07-10
location: Kyoto, Japan
name: 'ICALP: Automata, Languages and Programming'
start_date: 2015-07-06
date_created: 2018-12-11T11:53:15Z
date_published: 2015-06-20T00:00:00Z
date_updated: 2021-01-12T06:52:15Z
day: '20'
ddc:
- '000'
- '005'
department:
- _id: KrPi
doi: 10.1007/978-3-662-47672-7_85
ec_funded: 1
file:
- access_level: open_access
checksum: e808c7eecb631336fc9f9bf2e8d4ecae
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:08:32Z
date_updated: 2020-07-14T12:45:08Z
file_id: '4693'
file_name: IST-2016-675-v1+1_384.pdf
file_size: 525503
relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: ' 9134'
language:
- iso: eng
month: '06'
oa: 1
oa_version: Published Version
page: 1046 - 1057
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5500'
pubrep_id: '675'
quality_controlled: '1'
scopus_import: 1
status: public
title: 'Condensed unpredictability '
tmp:
image: /images/cc_by.png
legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
short: CC BY (4.0)
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9134
year: '2015'
...
---
_id: '1651'
abstract:
- lang: eng
text: Cryptographic e-cash allows off-line electronic transactions between a bank,
users and merchants in a secure and anonymous fashion. A plethora of e-cash constructions
has been proposed in the literature; however, these traditional e-cash schemes
only allow coins to be transferred once between users and merchants. Ideally,
we would like users to be able to transfer coins between each other multiple times
before deposit, as happens with physical cash. “Transferable” e-cash schemes are
the solution to this problem. Unfortunately, the currently proposed schemes are
either completely impractical or do not achieve the desirable anonymity properties
without compromises, such as assuming the existence of a trusted “judge” who can
trace all coins and users in the system. This paper presents the first efficient
and fully anonymous transferable e-cash scheme without any trusted third parties.
We start by revising the security and anonymity properties of transferable e-cash
to capture issues that were previously overlooked. For our construction we use
the recently proposed malleable signatures by Chase et al. to allow the secure
and anonymous transfer of coins, combined with a new efficient double-spending
detection mechanism. Finally, we discuss an instantiation of our construction.
acknowledgement: Work done as an intern in Microsoft Research Redmond and as a student
at Brown University, where supported by NSF grant 0964379. Supported by the European
Research Council, ERC Starting Grant (259668-PSPC).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Foteini
full_name: Baldimtsi, Foteini
last_name: Baldimtsi
- first_name: Melissa
full_name: Chase, Melissa
last_name: Chase
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Markulf
full_name: Kohlweiss, Markulf
last_name: Kohlweiss
citation:
ama: 'Baldimtsi F, Chase M, Fuchsbauer G, Kohlweiss M. Anonymous transferable e-cash.
In: Public-Key Cryptography - PKC 2015. Vol 9020. Springer; 2015:101-124.
doi:10.1007/978-3-662-46447-2_5'
apa: 'Baldimtsi, F., Chase, M., Fuchsbauer, G., & Kohlweiss, M. (2015). Anonymous
transferable e-cash. In Public-Key Cryptography - PKC 2015 (Vol. 9020,
pp. 101–124). Gaithersburg, MD, United States: Springer. https://doi.org/10.1007/978-3-662-46447-2_5'
chicago: Baldimtsi, Foteini, Melissa Chase, Georg Fuchsbauer, and Markulf Kohlweiss.
“Anonymous Transferable E-Cash.” In Public-Key Cryptography - PKC 2015,
9020:101–24. Springer, 2015. https://doi.org/10.1007/978-3-662-46447-2_5.
ieee: F. Baldimtsi, M. Chase, G. Fuchsbauer, and M. Kohlweiss, “Anonymous transferable
e-cash,” in Public-Key Cryptography - PKC 2015, Gaithersburg, MD, United
States, 2015, vol. 9020, pp. 101–124.
ista: 'Baldimtsi F, Chase M, Fuchsbauer G, Kohlweiss M. 2015. Anonymous transferable
e-cash. Public-Key Cryptography - PKC 2015. PKC: Public Key Crypography, LNCS,
vol. 9020, 101–124.'
mla: Baldimtsi, Foteini, et al. “Anonymous Transferable E-Cash.” Public-Key Cryptography
- PKC 2015, vol. 9020, Springer, 2015, pp. 101–24, doi:10.1007/978-3-662-46447-2_5.
short: F. Baldimtsi, M. Chase, G. Fuchsbauer, M. Kohlweiss, in:, Public-Key Cryptography
- PKC 2015, Springer, 2015, pp. 101–124.
conference:
end_date: 2015-04-01
location: Gaithersburg, MD, United States
name: 'PKC: Public Key Crypography'
start_date: 2015-03-30
date_created: 2018-12-11T11:53:15Z
date_published: 2015-03-17T00:00:00Z
date_updated: 2022-05-23T10:08:37Z
day: '17'
department:
- _id: KrPi
doi: 10.1007/978-3-662-46447-2_5
ec_funded: 1
intvolume: ' 9020'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://doi.org/10.1007/978-3-662-46447-2_5
month: '03'
oa: 1
oa_version: Published Version
page: 101 - 124
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: Public-Key Cryptography - PKC 2015
publication_identifier:
isbn:
- 978-3-662-46446-5
publication_status: published
publisher: Springer
publist_id: '5499'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Anonymous transferable e-cash
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9020
year: '2015'
...
---
_id: '1652'
abstract:
- lang: eng
text: We develop new theoretical tools for proving lower-bounds on the (amortized)
complexity of certain functions in models of parallel computation. We apply the
tools to construct a class of functions with high amortized memory complexity
in the parallel Random Oracle Model (pROM); a variant of the standard ROM allowing
for batches of simultaneous queries. In particular we obtain a new, more robust,
type of Memory-Hard Functions (MHF); a security primitive which has recently been
gaining acceptance in practice as an effective means of countering brute-force
attacks on security relevant functions. Along the way we also demonstrate an important
shortcoming of previous definitions of MHFs and give a new definition addressing
the problem. The tools we develop represent an adaptation of the powerful pebbling
paradigm (initially introduced by Hewitt and Paterson [HP70] and Cook [Coo73])
to a simple and intuitive parallel setting. We define a simple pebbling game Gp
over graphs which aims to abstract parallel computation in an intuitive way. As
a conceptual contribution we define a measure of pebbling complexity for graphs
called cumulative complexity (CC) and show how it overcomes a crucial shortcoming
(in the parallel setting) exhibited by more traditional complexity measures used
in the past. As a main technical contribution we give an explicit construction
of a constant in-degree family of graphs whose CC in Gp approaches maximality
to within a polylogarithmic factor for any graph of equal size (analogous to the
graphs of Tarjan et. al. [PTC76, LT82] for sequential pebbling games). Finally,
for a given graph G and related function fG, we derive a lower-bound on the amortized
memory complexity of fG in the pROM in terms of the CC of G in the game Gp.
author:
- first_name: Joel F
full_name: Alwen, Joel F
id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
last_name: Alwen
- first_name: Vladimir
full_name: Serbinenko, Vladimir
last_name: Serbinenko
citation:
ama: 'Alwen JF, Serbinenko V. High parallel complexity graphs and memory-hard functions.
In: Proceedings of the 47th Annual ACM Symposium on Theory of Computing.
ACM; 2015:595-603. doi:10.1145/2746539.2746622'
apa: 'Alwen, J. F., & Serbinenko, V. (2015). High parallel complexity graphs
and memory-hard functions. In Proceedings of the 47th annual ACM symposium
on Theory of computing (pp. 595–603). Portland, OR, United States: ACM. https://doi.org/10.1145/2746539.2746622'
chicago: Alwen, Joel F, and Vladimir Serbinenko. “High Parallel Complexity Graphs
and Memory-Hard Functions.” In Proceedings of the 47th Annual ACM Symposium
on Theory of Computing, 595–603. ACM, 2015. https://doi.org/10.1145/2746539.2746622.
ieee: J. F. Alwen and V. Serbinenko, “High parallel complexity graphs and memory-hard
functions,” in Proceedings of the 47th annual ACM symposium on Theory of computing,
Portland, OR, United States, 2015, pp. 595–603.
ista: 'Alwen JF, Serbinenko V. 2015. High parallel complexity graphs and memory-hard
functions. Proceedings of the 47th annual ACM symposium on Theory of computing.
STOC: Symposium on the Theory of Computing, 595–603.'
mla: Alwen, Joel F., and Vladimir Serbinenko. “High Parallel Complexity Graphs and
Memory-Hard Functions.” Proceedings of the 47th Annual ACM Symposium on Theory
of Computing, ACM, 2015, pp. 595–603, doi:10.1145/2746539.2746622.
short: J.F. Alwen, V. Serbinenko, in:, Proceedings of the 47th Annual ACM Symposium
on Theory of Computing, ACM, 2015, pp. 595–603.
conference:
end_date: 2015-06-17
location: Portland, OR, United States
name: 'STOC: Symposium on the Theory of Computing'
start_date: 2015-06-14
date_created: 2018-12-11T11:53:16Z
date_published: 2015-06-01T00:00:00Z
date_updated: 2021-01-12T06:52:16Z
day: '01'
department:
- _id: KrPi
doi: 10.1145/2746539.2746622
ec_funded: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://eprint.iacr.org/2014/238
month: '06'
oa: 1
oa_version: Submitted Version
page: 595 - 603
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: Proceedings of the 47th annual ACM symposium on Theory of computing
publication_status: published
publisher: ACM
publist_id: '5498'
quality_controlled: '1'
scopus_import: 1
status: public
title: High parallel complexity graphs and memory-hard functions
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2015'
...
---
_id: '1672'
abstract:
- lang: eng
text: Composable notions of incoercibility aim to forbid a coercer from using anything
beyond the coerced parties’ inputs and outputs to catch them when they try to
deceive him. Existing definitions are restricted to weak coercion types, and/or
are not universally composable. Furthermore, they often make too strong assumptions
on the knowledge of coerced parties—e.g., they assume they known the identities
and/or the strategies of other coerced parties, or those of corrupted parties—
which makes them unsuitable for applications of incoercibility such as e-voting,
where colluding adversarial parties may attempt to coerce honest voters, e.g.,
by offering them money for a promised vote, and use their own view to check that
the voter keeps his end of the bargain. In this work we put forward the first
universally composable notion of incoercible multi-party computation, which satisfies
the above intuition and does not assume collusions among coerced parties or knowledge
of the corrupted set. We define natural notions of UC incoercibility corresponding
to standard coercion-types, i.e., receipt-freeness and resistance to full-active
coercion. Importantly, our suggested notion has the unique property that it builds
on top of the well studied UC framework by Canetti instead of modifying it. This
guarantees backwards compatibility, and allows us to inherit results from the
rich UC literature. We then present MPC protocols which realize our notions of
UC incoercibility given access to an arguably minimal setup—namely honestly generate
tamper-proof hardware performing a very simple cryptographic operation—e.g., a
smart card. This is, to our knowledge, the first proposed construction of an MPC
protocol (for more than two parties) that is incoercibly secure and universally
composable, and therefore the first construction of a universally composable receipt-free
e-voting protocol.
acknowledgement: Joël Alwen was supported by the ERC starting grant (259668-PSPC).
Rafail Ostrovsky was supported in part by NSF grants 09165174, 1065276, 1118126
and 1136174, US-Israel BSF grant 2008411, OKAWA Foundation Research Award, IBM Faculty
Research Award, Xerox Faculty Research Award, B. John Garrick Foundation Award,
Teradata Research Award, Lockheed-Martin Corporation Research Award, and the Defense
Advanced Research Projects Agency through the U.S. Office of Naval Research under
Contract N00014 -11 -1-0392. The views expressed are those of the author and do
not reflect the official policy or position of the Department of Defense or the
U.S. Government. Vassilis Zikas was supported in part by the Swiss National Science
Foundation (SNF) via the Ambizione grant PZ00P-2142549.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Joel F
full_name: Alwen, Joel F
id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
last_name: Alwen
- first_name: Rafail
full_name: Ostrovsky, Rafail
last_name: Ostrovsky
- first_name: Hongsheng
full_name: Zhou, Hongsheng
last_name: Zhou
- first_name: Vassilis
full_name: Zikas, Vassilis
last_name: Zikas
citation:
ama: 'Alwen JF, Ostrovsky R, Zhou H, Zikas V. Incoercible multi-party computation
and universally composable receipt-free voting. In: Advances in Cryptology
- CRYPTO 2015. Vol 9216. Lecture Notes in Computer Science. Springer; 2015:763-780.
doi:10.1007/978-3-662-48000-7_37'
apa: 'Alwen, J. F., Ostrovsky, R., Zhou, H., & Zikas, V. (2015). Incoercible
multi-party computation and universally composable receipt-free voting. In Advances
in Cryptology - CRYPTO 2015 (Vol. 9216, pp. 763–780). Santa Barbara, CA, United
States: Springer. https://doi.org/10.1007/978-3-662-48000-7_37'
chicago: Alwen, Joel F, Rafail Ostrovsky, Hongsheng Zhou, and Vassilis Zikas. “Incoercible
Multi-Party Computation and Universally Composable Receipt-Free Voting.” In Advances
in Cryptology - CRYPTO 2015, 9216:763–80. Lecture Notes in Computer Science.
Springer, 2015. https://doi.org/10.1007/978-3-662-48000-7_37.
ieee: J. F. Alwen, R. Ostrovsky, H. Zhou, and V. Zikas, “Incoercible multi-party
computation and universally composable receipt-free voting,” in Advances in
Cryptology - CRYPTO 2015, Santa Barbara, CA, United States, 2015, vol. 9216,
pp. 763–780.
ista: 'Alwen JF, Ostrovsky R, Zhou H, Zikas V. 2015. Incoercible multi-party computation
and universally composable receipt-free voting. Advances in Cryptology - CRYPTO
2015. CRYPTO: International Cryptology ConferenceLecture Notes in Computer Science,
LNCS, vol. 9216, 763–780.'
mla: Alwen, Joel F., et al. “Incoercible Multi-Party Computation and Universally
Composable Receipt-Free Voting.” Advances in Cryptology - CRYPTO 2015,
vol. 9216, Springer, 2015, pp. 763–80, doi:10.1007/978-3-662-48000-7_37.
short: J.F. Alwen, R. Ostrovsky, H. Zhou, V. Zikas, in:, Advances in Cryptology
- CRYPTO 2015, Springer, 2015, pp. 763–780.
conference:
end_date: 2015-08-20
location: Santa Barbara, CA, United States
name: 'CRYPTO: International Cryptology Conference'
start_date: 2015-08-16
date_created: 2018-12-11T11:53:23Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2022-06-07T09:51:55Z
day: '01'
ddc:
- '000'
department:
- _id: KrPi
doi: 10.1007/978-3-662-48000-7_37
ec_funded: 1
file:
- access_level: open_access
checksum: 5b6649e80d1f781a8910f7cce6427f78
content_type: application/pdf
creator: dernst
date_created: 2020-05-15T08:55:29Z
date_updated: 2020-07-14T12:45:11Z
file_id: '7853'
file_name: 2015_CRYPTO_Alwen.pdf
file_size: 397363
relation: main_file
file_date_updated: 2020-07-14T12:45:11Z
has_accepted_license: '1'
intvolume: ' 9216'
language:
- iso: eng
month: '08'
oa: 1
oa_version: Submitted Version
page: 763 - 780
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: Advances in Cryptology - CRYPTO 2015
publication_identifier:
eisbn:
- 978-3-662-48000-7
isbn:
- 978-3-662-47999-5
publication_status: published
publisher: Springer
publist_id: '5476'
quality_controlled: '1'
scopus_import: '1'
series_title: Lecture Notes in Computer Science
status: public
title: Incoercible multi-party computation and universally composable receipt-free
voting
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9216
year: '2015'
...
---
_id: '1669'
abstract:
- lang: eng
text: Computational notions of entropy (a.k.a. pseudoentropy) have found many applications,
including leakage-resilient cryptography, deterministic encryption or memory delegation.
The most important tools to argue about pseudoentropy are chain rules, which quantify
by how much (in terms of quantity and quality) the pseudoentropy of a given random
variable X decreases when conditioned on some other variable Z (think for example
of X as a secret key and Z as information leaked by a side-channel). In this paper
we give a very simple and modular proof of the chain rule for HILL pseudoentropy,
improving best known parameters. Our version allows for increasing the acceptable
length of leakage in applications up to a constant factor compared to the best
previous bounds. As a contribution of independent interest, we provide a comprehensive
study of all known versions of the chain rule, comparing their worst-case strength
and limitations.
alternative_title:
- LNCS
author:
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Maciej
full_name: Skórski, Maciej
last_name: Skórski
citation:
ama: Pietrzak KZ, Skórski M. The chain rule for HILL pseudoentropy, revisited. 2015;9230:81-98.
doi:10.1007/978-3-319-22174-8_5
apa: 'Pietrzak, K. Z., & Skórski, M. (2015). The chain rule for HILL pseudoentropy,
revisited. Presented at the LATINCRYPT: Cryptology and Information Security in
Latin America, Guadalajara, Mexico: Springer. https://doi.org/10.1007/978-3-319-22174-8_5'
chicago: Pietrzak, Krzysztof Z, and Maciej Skórski. “The Chain Rule for HILL Pseudoentropy,
Revisited.” Lecture Notes in Computer Science. Springer, 2015. https://doi.org/10.1007/978-3-319-22174-8_5.
ieee: K. Z. Pietrzak and M. Skórski, “The chain rule for HILL pseudoentropy, revisited,”
vol. 9230. Springer, pp. 81–98, 2015.
ista: Pietrzak KZ, Skórski M. 2015. The chain rule for HILL pseudoentropy, revisited.
9230, 81–98.
mla: Pietrzak, Krzysztof Z., and Maciej Skórski. The Chain Rule for HILL Pseudoentropy,
Revisited. Vol. 9230, Springer, 2015, pp. 81–98, doi:10.1007/978-3-319-22174-8_5.
short: K.Z. Pietrzak, M. Skórski, 9230 (2015) 81–98.
conference:
end_date: 2015-08-26
location: Guadalajara, Mexico
name: 'LATINCRYPT: Cryptology and Information Security in Latin America'
start_date: 2015-08-23
date_created: 2018-12-11T11:53:22Z
date_published: 2015-08-15T00:00:00Z
date_updated: 2021-01-12T06:52:24Z
day: '15'
ddc:
- '005'
department:
- _id: KrPi
doi: 10.1007/978-3-319-22174-8_5
ec_funded: 1
file:
- access_level: open_access
checksum: 8cd4215b83efba720e8cf27c23ff4781
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:18:29Z
date_updated: 2020-07-14T12:45:11Z
file_id: '5351'
file_name: IST-2016-669-v1+1_599.pdf
file_size: 443340
relation: main_file
file_date_updated: 2020-07-14T12:45:11Z
has_accepted_license: '1'
intvolume: ' 9230'
language:
- iso: eng
month: '08'
oa: 1
oa_version: Submitted Version
page: 81 - 98
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5480'
pubrep_id: '669'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: The chain rule for HILL pseudoentropy, revisited
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9230
year: '2015'
...
---
_id: '1671'
abstract:
- lang: eng
text: This paper studies the concrete security of PRFs and MACs obtained by keying
hash functions based on the sponge paradigm. One such hash function is KECCAK,
selected as NIST’s new SHA-3 standard. In contrast to other approaches like HMAC,
the exact security of keyed sponges is not well understood. Indeed, recent security
analyses delivered concrete security bounds which are far from existing attacks.
This paper aims to close this gap. We prove (nearly) exact bounds on the concrete
PRF security of keyed sponges using a random permutation. These bounds are tight
for the most relevant ranges of parameters, i.e., for messages of length (roughly)
l ≤ min{2n/4, 2r} blocks, where n is the state size and r is the desired output
length; and for l ≤ q queries (to the construction or the underlying permutation).
Moreover, we also improve standard-model bounds. As an intermediate step of independent
interest, we prove tight bounds on the PRF security of the truncated CBC-MAC construction,
which operates as plain CBC-MAC, but only returns a prefix of the output.
alternative_title:
- LNCS
author:
- first_name: Peter
full_name: Gazi, Peter
id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
last_name: Gazi
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Stefano
full_name: Tessaro, Stefano
last_name: Tessaro
citation:
ama: 'Gazi P, Pietrzak KZ, Tessaro S. The exact PRF security of truncation: Tight
bounds for keyed sponges and truncated CBC. In: Vol 9215. Springer; 2015:368-387.
doi:10.1007/978-3-662-47989-6_18'
apa: 'Gazi, P., Pietrzak, K. Z., & Tessaro, S. (2015). The exact PRF security
of truncation: Tight bounds for keyed sponges and truncated CBC (Vol. 9215, pp.
368–387). Presented at the CRYPTO: International Cryptology Conference, Santa
Barbara, CA, United States: Springer. https://doi.org/10.1007/978-3-662-47989-6_18'
chicago: 'Gazi, Peter, Krzysztof Z Pietrzak, and Stefano Tessaro. “The Exact PRF
Security of Truncation: Tight Bounds for Keyed Sponges and Truncated CBC,” 9215:368–87.
Springer, 2015. https://doi.org/10.1007/978-3-662-47989-6_18.'
ieee: 'P. Gazi, K. Z. Pietrzak, and S. Tessaro, “The exact PRF security of truncation:
Tight bounds for keyed sponges and truncated CBC,” presented at the CRYPTO: International
Cryptology Conference, Santa Barbara, CA, United States, 2015, vol. 9215, pp.
368–387.'
ista: 'Gazi P, Pietrzak KZ, Tessaro S. 2015. The exact PRF security of truncation:
Tight bounds for keyed sponges and truncated CBC. CRYPTO: International Cryptology
Conference, LNCS, vol. 9215, 368–387.'
mla: 'Gazi, Peter, et al. The Exact PRF Security of Truncation: Tight Bounds
for Keyed Sponges and Truncated CBC. Vol. 9215, Springer, 2015, pp. 368–87,
doi:10.1007/978-3-662-47989-6_18.'
short: P. Gazi, K.Z. Pietrzak, S. Tessaro, in:, Springer, 2015, pp. 368–387.
conference:
end_date: 2015-08-20
location: Santa Barbara, CA, United States
name: 'CRYPTO: International Cryptology Conference'
start_date: 2015-08-16
date_created: 2018-12-11T11:53:23Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2021-01-12T06:52:25Z
day: '01'
ddc:
- '004'
- '005'
department:
- _id: KrPi
doi: 10.1007/978-3-662-47989-6_18
ec_funded: 1
file:
- access_level: open_access
checksum: 17d854227b3b753fd34f5d29e5b5a32e
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:10:38Z
date_updated: 2020-07-14T12:45:11Z
file_id: '4827'
file_name: IST-2016-673-v1+1_053.pdf
file_size: 592296
relation: main_file
file_date_updated: 2020-07-14T12:45:11Z
has_accepted_license: '1'
intvolume: ' 9215'
language:
- iso: eng
month: '08'
oa: 1
oa_version: Submitted Version
page: 368 - 387
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5478'
pubrep_id: '673'
quality_controlled: '1'
scopus_import: 1
status: public
title: 'The exact PRF security of truncation: Tight bounds for keyed sponges and truncated
CBC'
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9215
year: '2015'
...
---
_id: '1668'
abstract:
- lang: eng
text: "We revisit the security (as a pseudorandom permutation) of cascading-based
constructions for block-cipher key-length extension. Previous works typically
considered the extreme case where the adversary is given the entire codebook of
the construction, the only complexity measure being the number qe of queries to
the underlying ideal block cipher, representing adversary’s secret-key-independent
computation. Here, we initiate a systematic study of the more natural case of
an adversary restricted to adaptively learning a number qc of plaintext/ciphertext
pairs that is less than the entire codebook. For any such qc, we aim to determine
the highest number of block-cipher queries qe the adversary can issue without
being able to successfully distinguish the construction (under a secret key) from
a random permutation.\r\nMore concretely, we show the following results for key-length
extension schemes using a block cipher with n-bit blocks and κ-bit keys:\r\nPlain
cascades of length ℓ=2r+1 are secure whenever qcqre≪2r(κ+n), qc≪2κ and qe≪22κ.
The bound for r=1 also applies to two-key triple encryption (as used within Triple
DES).\r\nThe r-round XOR-cascade is secure as long as qcqre≪2r(κ+n), matching
an attack by Gaži (CRYPTO 2013).\r\nWe fully characterize the security of Gaži
and Tessaro’s two-call "
alternative_title:
- LNCS
author:
- first_name: Peter
full_name: Gazi, Peter
id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
last_name: Gazi
- first_name: Jooyoung
full_name: Lee, Jooyoung
last_name: Lee
- first_name: Yannick
full_name: Seurin, Yannick
last_name: Seurin
- first_name: John
full_name: Steinberger, John
last_name: Steinberger
- first_name: Stefano
full_name: Tessaro, Stefano
last_name: Tessaro
citation:
ama: 'Gazi P, Lee J, Seurin Y, Steinberger J, Tessaro S. Relaxing full-codebook
security: A refined analysis of key-length extension schemes. 2015;9054:319-341.
doi:10.1007/978-3-662-48116-5_16'
apa: 'Gazi, P., Lee, J., Seurin, Y., Steinberger, J., & Tessaro, S. (2015).
Relaxing full-codebook security: A refined analysis of key-length extension schemes.
Presented at the FSE: Fast Software Encryption, Istanbul, Turkey: Springer. https://doi.org/10.1007/978-3-662-48116-5_16'
chicago: 'Gazi, Peter, Jooyoung Lee, Yannick Seurin, John Steinberger, and Stefano
Tessaro. “Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension
Schemes.” Lecture Notes in Computer Science. Springer, 2015. https://doi.org/10.1007/978-3-662-48116-5_16.'
ieee: 'P. Gazi, J. Lee, Y. Seurin, J. Steinberger, and S. Tessaro, “Relaxing full-codebook
security: A refined analysis of key-length extension schemes,” vol. 9054. Springer,
pp. 319–341, 2015.'
ista: 'Gazi P, Lee J, Seurin Y, Steinberger J, Tessaro S. 2015. Relaxing full-codebook
security: A refined analysis of key-length extension schemes. 9054, 319–341.'
mla: 'Gazi, Peter, et al. Relaxing Full-Codebook Security: A Refined Analysis
of Key-Length Extension Schemes. Vol. 9054, Springer, 2015, pp. 319–41, doi:10.1007/978-3-662-48116-5_16.'
short: P. Gazi, J. Lee, Y. Seurin, J. Steinberger, S. Tessaro, 9054 (2015) 319–341.
conference:
end_date: 2015-03-11
location: Istanbul, Turkey
name: 'FSE: Fast Software Encryption'
start_date: 2015-03-08
date_created: 2018-12-11T11:53:22Z
date_published: 2015-08-12T00:00:00Z
date_updated: 2020-08-11T10:09:26Z
day: '12'
department:
- _id: KrPi
doi: 10.1007/978-3-662-48116-5_16
ec_funded: 1
intvolume: ' 9054'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://eprint.iacr.org/2015/397
month: '08'
oa: 1
oa_version: Submitted Version
page: 319 - 341
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5481'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: 'Relaxing full-codebook security: A refined analysis of key-length extension
schemes'
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9054
year: '2015'
...
---
_id: '1675'
abstract:
- lang: eng
text: Proofs of work (PoW) have been suggested by Dwork and Naor (Crypto’92) as
protection to a shared resource. The basic idea is to ask the service requestor
to dedicate some non-trivial amount of computational work to every request. The
original applications included prevention of spam and protection against denial
of service attacks. More recently, PoWs have been used to prevent double spending
in the Bitcoin digital currency system. In this work, we put forward an alternative
concept for PoWs - so-called proofs of space (PoS), where a service requestor
must dedicate a significant amount of disk space as opposed to computation. We
construct secure PoS schemes in the random oracle model (with one additional mild
assumption required for the proof to go through), using graphs with high “pebbling
complexity” and Merkle hash-trees. We discuss some applications, including follow-up
work where a decentralized digital currency scheme called Spacecoin is constructed
that uses PoS (instead of wasteful PoW like in Bitcoin) to prevent double spending.
The main technical contribution of this work is the construction of (directed,
loop-free) graphs on N vertices with in-degree O(log logN) such that even if one
places Θ(N) pebbles on the nodes of the graph, there’s a constant fraction of
nodes that needs Θ(N) steps to be pebbled (where in every step one can put a pebble
on a node if all its parents have a pebble).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Stefan
full_name: Dziembowski, Stefan
last_name: Dziembowski
- first_name: Sebastian
full_name: Faust, Sebastian
last_name: Faust
- first_name: Vladimir
full_name: Kolmogorov, Vladimir
id: 3D50B0BA-F248-11E8-B48F-1D18A9856A87
last_name: Kolmogorov
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Dziembowski S, Faust S, Kolmogorov V, Pietrzak KZ. Proofs of space. In: 35th
Annual Cryptology Conference. Vol 9216. Springer; 2015:585-605. doi:10.1007/978-3-662-48000-7_29'
apa: 'Dziembowski, S., Faust, S., Kolmogorov, V., & Pietrzak, K. Z. (2015).
Proofs of space. In 35th Annual Cryptology Conference (Vol. 9216, pp. 585–605).
Santa Barbara, CA, United States: Springer. https://doi.org/10.1007/978-3-662-48000-7_29'
chicago: Dziembowski, Stefan, Sebastian Faust, Vladimir Kolmogorov, and Krzysztof
Z Pietrzak. “Proofs of Space.” In 35th Annual Cryptology Conference, 9216:585–605.
Springer, 2015. https://doi.org/10.1007/978-3-662-48000-7_29.
ieee: S. Dziembowski, S. Faust, V. Kolmogorov, and K. Z. Pietrzak, “Proofs of space,”
in 35th Annual Cryptology Conference, Santa Barbara, CA, United States,
2015, vol. 9216, pp. 585–605.
ista: 'Dziembowski S, Faust S, Kolmogorov V, Pietrzak KZ. 2015. Proofs of space.
35th Annual Cryptology Conference. CRYPTO: International Cryptology Conference,
LNCS, vol. 9216, 585–605.'
mla: Dziembowski, Stefan, et al. “Proofs of Space.” 35th Annual Cryptology Conference,
vol. 9216, Springer, 2015, pp. 585–605, doi:10.1007/978-3-662-48000-7_29.
short: S. Dziembowski, S. Faust, V. Kolmogorov, K.Z. Pietrzak, in:, 35th Annual
Cryptology Conference, Springer, 2015, pp. 585–605.
conference:
end_date: 2015-08-20
location: Santa Barbara, CA, United States
name: 'CRYPTO: International Cryptology Conference'
start_date: 2015-08-16
date_created: 2018-12-11T11:53:24Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2024-03-20T08:31:49Z
day: '01'
department:
- _id: VlKo
- _id: KrPi
doi: 10.1007/978-3-662-48000-7_29
ec_funded: 1
intvolume: ' 9216'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2013/796.pdf
month: '08'
oa: 1
oa_version: Preprint
page: 585 - 605
project:
- _id: 25FBA906-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '616160'
name: 'Discrete Optimization in Computer Vision: Theory and Practice'
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: 35th Annual Cryptology Conference
publication_identifier:
isbn:
- '9783662479995'
issn:
- 0302-9743
publication_status: published
publisher: Springer
publist_id: '5474'
pubrep_id: '671'
quality_controlled: '1'
related_material:
record:
- id: '2274'
relation: earlier_version
status: public
scopus_import: '1'
status: public
title: Proofs of space
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9216
year: '2015'
...
---
_id: '1643'
abstract:
- lang: eng
text: We extend the notion of verifiable random functions (VRF) to constrained VRFs,
which generalize the concept of constrained pseudorandom functions, put forward
by Boneh and Waters (Asiacrypt’13), and independently by Kiayias et al. (CCS’13)
and Boyle et al. (PKC’14), who call them delegatable PRFs and functional PRFs,
respectively. In a standard VRF the secret key sk allows one to evaluate a pseudorandom
function at any point of its domain; in addition, it enables computation of a
non-interactive proof that the function value was computed correctly. In a constrained
VRF from the key sk one can derive constrained keys skS for subsets S of the domain,
which allow computation of function values and proofs only at points in S. After
formally defining constrained VRFs, we derive instantiations from the multilinear-maps-based
constrained PRFs by Boneh and Waters, yielding a VRF with constrained keys for
any set that can be decided by a polynomial-size circuit. Our VRFs have the same
function values as the Boneh-Waters PRFs and are proved secure under the same
hardness assumption, showing that verifiability comes at no cost. Constrained
(functional) VRFs were stated as an open problem by Boyle et al.
alternative_title:
- LNCS
author:
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
citation:
ama: 'Fuchsbauer G. Constrained Verifiable Random Functions . In: Abdalla M, De
Prisco R, eds. SCN 2014. Vol 8642. Springer; 2014:95-114. doi:10.1007/978-3-319-10879-7_7'
apa: 'Fuchsbauer, G. (2014). Constrained Verifiable Random Functions . In M. Abdalla
& R. De Prisco (Eds.), SCN 2014 (Vol. 8642, pp. 95–114). Amalfi, Italy:
Springer. https://doi.org/10.1007/978-3-319-10879-7_7'
chicago: Fuchsbauer, Georg. “Constrained Verifiable Random Functions .” In SCN
2014, edited by Michel Abdalla and Roberto De Prisco, 8642:95–114. Springer,
2014. https://doi.org/10.1007/978-3-319-10879-7_7.
ieee: G. Fuchsbauer, “Constrained Verifiable Random Functions ,” in SCN 2014,
Amalfi, Italy, 2014, vol. 8642, pp. 95–114.
ista: 'Fuchsbauer G. 2014. Constrained Verifiable Random Functions . SCN 2014. SCN:
Security and Cryptography for Networks, LNCS, vol. 8642, 95–114.'
mla: Fuchsbauer, Georg. “Constrained Verifiable Random Functions .” SCN 2014,
edited by Michel Abdalla and Roberto De Prisco, vol. 8642, Springer, 2014, pp.
95–114, doi:10.1007/978-3-319-10879-7_7.
short: G. Fuchsbauer, in:, M. Abdalla, R. De Prisco (Eds.), SCN 2014, Springer,
2014, pp. 95–114.
conference:
end_date: 2014-09-05
location: Amalfi, Italy
name: 'SCN: Security and Cryptography for Networks'
start_date: 2014-09-03
date_created: 2018-12-11T11:53:13Z
date_published: 2014-01-01T00:00:00Z
date_updated: 2021-01-12T06:52:12Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-319-10879-7_7
ec_funded: 1
editor:
- first_name: Michel
full_name: Abdalla, Michel
last_name: Abdalla
- first_name: Roberto
full_name: De Prisco, Roberto
last_name: De Prisco
intvolume: ' 8642'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://eprint.iacr.org/2014/537
month: '01'
oa: 1
oa_version: Submitted Version
page: 95 - 114
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: SCN 2014
publication_status: published
publisher: Springer
publist_id: '5509'
scopus_import: 1
status: public
title: 'Constrained Verifiable Random Functions '
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 8642
year: '2014'
...
---
_id: '1907'
abstract:
- lang: eng
text: 'Most cryptographic security proofs require showing that two systems are indistinguishable.
A central tool in such proofs is that of a game, where winning the game means
provoking a certain condition, and it is shown that the two systems considered
cannot be distinguished unless this condition is provoked. Upper bounding the
probability of winning such a game, i.e., provoking this condition, for an arbitrary
strategy is usually hard, except in the special case where the best strategy for
winning such a game is known to be non-adaptive. A sufficient criterion for ensuring
the optimality of non-adaptive strategies is that of conditional equivalence to
a system, a notion introduced in [1]. In this paper, we show that this criterion
is not necessary to ensure the optimality of non-adaptive strategies by giving
two results of independent interest: 1) the optimality of non-adaptive strategies
is not preserved under parallel composition; 2) in contrast, conditional equivalence
is preserved under parallel composition.'
article_number: '6875125'
author:
- first_name: Grégory
full_name: Demay, Grégory
last_name: Demay
- first_name: Peter
full_name: Gazi, Peter
id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
last_name: Gazi
- first_name: Ueli
full_name: Maurer, Ueli
last_name: Maurer
- first_name: Björn
full_name: Tackmann, Björn
last_name: Tackmann
citation:
ama: 'Demay G, Gazi P, Maurer U, Tackmann B. Optimality of non-adaptive strategies:
The case of parallel games. In: IEEE International Symposium on Information
Theory. IEEE; 2014. doi:10.1109/ISIT.2014.6875125'
apa: 'Demay, G., Gazi, P., Maurer, U., & Tackmann, B. (2014). Optimality of
non-adaptive strategies: The case of parallel games. In IEEE International
Symposium on Information Theory. Honolulu, USA: IEEE. https://doi.org/10.1109/ISIT.2014.6875125'
chicago: 'Demay, Grégory, Peter Gazi, Ueli Maurer, and Björn Tackmann. “Optimality
of Non-Adaptive Strategies: The Case of Parallel Games.” In IEEE International
Symposium on Information Theory. IEEE, 2014. https://doi.org/10.1109/ISIT.2014.6875125.'
ieee: 'G. Demay, P. Gazi, U. Maurer, and B. Tackmann, “Optimality of non-adaptive
strategies: The case of parallel games,” in IEEE International Symposium on
Information Theory, Honolulu, USA, 2014.'
ista: 'Demay G, Gazi P, Maurer U, Tackmann B. 2014. Optimality of non-adaptive strategies:
The case of parallel games. IEEE International Symposium on Information Theory.
IEEE International Symposium on Information Theory Proceedings, 6875125.'
mla: 'Demay, Grégory, et al. “Optimality of Non-Adaptive Strategies: The Case of
Parallel Games.” IEEE International Symposium on Information Theory, 6875125,
IEEE, 2014, doi:10.1109/ISIT.2014.6875125.'
short: G. Demay, P. Gazi, U. Maurer, B. Tackmann, in:, IEEE International Symposium
on Information Theory, IEEE, 2014.
conference:
end_date: 2014-07-04
location: Honolulu, USA
name: IEEE International Symposium on Information Theory Proceedings
start_date: 2014-06-29
date_created: 2018-12-11T11:54:39Z
date_published: 2014-01-01T00:00:00Z
date_updated: 2021-01-12T06:53:59Z
day: '01'
department:
- _id: KrPi
doi: 10.1109/ISIT.2014.6875125
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2014/299
month: '01'
oa: 1
oa_version: Submitted Version
publication: IEEE International Symposium on Information Theory
publication_status: published
publisher: IEEE
publist_id: '5188'
quality_controlled: '1'
scopus_import: 1
status: public
title: 'Optimality of non-adaptive strategies: The case of parallel games'
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
year: '2014'
...
---
_id: '2045'
abstract:
- lang: eng
text: 'We introduce and study a new notion of enhanced chosen-ciphertext security
(ECCA) for public-key encryption. Loosely speaking, in the ECCA security experiment,
the decryption oracle provided to the adversary is augmented to return not only
the output of the decryption algorithm on a queried ciphertext but also of a randomness-recovery
algorithm associated to the scheme. Our results mainly concern the case where
the randomness-recovery algorithm is efficient. We provide constructions of ECCA-secure
encryption from adaptive trapdoor functions as defined by Kiltz et al. (EUROCRYPT
2010), resulting in ECCA encryption from standard number-theoretic assumptions.
We then give two applications of ECCA-secure encryption: (1) We use it as a unifying
concept in showing equivalence of adaptive trapdoor functions and tag-based adaptive
trapdoor functions, resolving an open question of Kiltz et al. (2) We show that
ECCA-secure encryption can be used to securely realize an approach to public-key
encryption with non-interactive opening (PKENO) originally suggested by Damgård
and Thorbek (EUROCRYPT 2007), resulting in new and practical PKENO schemes quite
different from those in prior work. Our results demonstrate that ECCA security
is of both practical and theoretical interest.'
acknowledgement: The second author was supported by EPSRC grant EP/H043454/1.
alternative_title:
- LNCS
author:
- first_name: Dana
full_name: Dachman Soled, Dana
last_name: Dachman Soled
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Payman
full_name: Mohassel, Payman
last_name: Mohassel
- first_name: Adam
full_name: O’Neill, Adam
last_name: O’Neill
citation:
ama: 'Dachman Soled D, Fuchsbauer G, Mohassel P, O’Neill A. Enhanced chosen-ciphertext
security and applications. In: Krawczyk H, ed. Lecture Notes in Computer Science
(Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes
in Bioinformatics). Vol 8383. Springer; 2014:329-344. doi:10.1007/978-3-642-54631-0_19'
apa: 'Dachman Soled, D., Fuchsbauer, G., Mohassel, P., & O’Neill, A. (2014).
Enhanced chosen-ciphertext security and applications. In H. Krawczyk (Ed.), Lecture
Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics) (Vol. 8383, pp. 329–344). Buenos Aires,
Argentina: Springer. https://doi.org/10.1007/978-3-642-54631-0_19'
chicago: Dachman Soled, Dana, Georg Fuchsbauer, Payman Mohassel, and Adam O’Neill.
“Enhanced Chosen-Ciphertext Security and Applications.” In Lecture Notes in
Computer Science (Including Subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, 8383:329–44.
Springer, 2014. https://doi.org/10.1007/978-3-642-54631-0_19.
ieee: D. Dachman Soled, G. Fuchsbauer, P. Mohassel, and A. O’Neill, “Enhanced chosen-ciphertext
security and applications,” in Lecture Notes in Computer Science (including
subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),
Buenos Aires, Argentina, 2014, vol. 8383, pp. 329–344.
ista: 'Dachman Soled D, Fuchsbauer G, Mohassel P, O’Neill A. 2014. Enhanced chosen-ciphertext
security and applications. Lecture Notes in Computer Science (including subseries
Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics).
PKC: Public Key Crypography, LNCS, vol. 8383, 329–344.'
mla: Dachman Soled, Dana, et al. “Enhanced Chosen-Ciphertext Security and Applications.”
Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial
Intelligence and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk,
vol. 8383, Springer, 2014, pp. 329–44, doi:10.1007/978-3-642-54631-0_19.
short: D. Dachman Soled, G. Fuchsbauer, P. Mohassel, A. O’Neill, in:, H. Krawczyk
(Ed.), Lecture Notes in Computer Science (Including Subseries Lecture Notes in
Artificial Intelligence and Lecture Notes in Bioinformatics), Springer, 2014,
pp. 329–344.
conference:
end_date: 2014-03-28
location: Buenos Aires, Argentina
name: 'PKC: Public Key Crypography'
start_date: 2014-03-26
date_created: 2018-12-11T11:55:24Z
date_published: 2014-01-01T00:00:00Z
date_updated: 2021-01-12T06:54:57Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-642-54631-0_19
ec_funded: 1
editor:
- first_name: Hugo
full_name: Krawczyk, Hugo
last_name: Krawczyk
intvolume: ' 8383'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2012/543
month: '01'
oa: 1
oa_version: Submitted Version
page: 329 - 344
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: Lecture Notes in Computer Science (including subseries Lecture Notes
in Artificial Intelligence and Lecture Notes in Bioinformatics)
publication_status: published
publisher: Springer
publist_id: '5006'
quality_controlled: '1'
scopus_import: 1
status: public
title: Enhanced chosen-ciphertext security and applications
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 8383
year: '2014'
...
---
_id: '2047'
abstract:
- lang: eng
text: Following the publication of an attack on genome-wide association studies
(GWAS) data proposed by Homer et al., considerable attention has been given to
developing methods for releasing GWAS data in a privacy-preserving way. Here,
we develop an end-to-end differentially private method for solving regression
problems with convex penalty functions and selecting the penalty parameters by
cross-validation. In particular, we focus on penalized logistic regression with
elastic-net regularization, a method widely used to in GWAS analyses to identify
disease-causing genes. We show how a differentially private procedure for penalized
logistic regression with elastic-net regularization can be applied to the analysis
of GWAS data and evaluate our method’s performance.
acknowledgement: This research was partially supported by BCS- 0941518 to the Department
of Statistics at Carnegie Mellon University.
alternative_title:
- LNCS
author:
- first_name: Fei
full_name: Yu, Fei
last_name: Yu
- first_name: Michal
full_name: Rybar, Michal
id: 2B3E3DE8-F248-11E8-B48F-1D18A9856A87
last_name: Rybar
- first_name: Caroline
full_name: Uhler, Caroline
id: 49ADD78E-F248-11E8-B48F-1D18A9856A87
last_name: Uhler
orcid: 0000-0002-7008-0216
- first_name: Stephen
full_name: Fienberg, Stephen
last_name: Fienberg
citation:
ama: 'Yu F, Rybar M, Uhler C, Fienberg S. Differentially-private logistic regression
for detecting multiple-SNP association in GWAS databases. In: Domingo Ferrer J,
ed. Lecture Notes in Computer Science (Including Subseries Lecture Notes in
Artificial Intelligence and Lecture Notes in Bioinformatics). Vol 8744. Springer;
2014:170-184. doi:10.1007/978-3-319-11257-2_14'
apa: 'Yu, F., Rybar, M., Uhler, C., & Fienberg, S. (2014). Differentially-private
logistic regression for detecting multiple-SNP association in GWAS databases.
In J. Domingo Ferrer (Ed.), Lecture Notes in Computer Science (including subseries
Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
(Vol. 8744, pp. 170–184). Ibiza, Spain: Springer. https://doi.org/10.1007/978-3-319-11257-2_14'
chicago: Yu, Fei, Michal Rybar, Caroline Uhler, and Stephen Fienberg. “Differentially-Private
Logistic Regression for Detecting Multiple-SNP Association in GWAS Databases.”
In Lecture Notes in Computer Science (Including Subseries Lecture Notes in
Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Josep
Domingo Ferrer, 8744:170–84. Springer, 2014. https://doi.org/10.1007/978-3-319-11257-2_14.
ieee: F. Yu, M. Rybar, C. Uhler, and S. Fienberg, “Differentially-private logistic
regression for detecting multiple-SNP association in GWAS databases,” in Lecture
Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics), Ibiza, Spain, 2014, vol. 8744, pp. 170–184.
ista: 'Yu F, Rybar M, Uhler C, Fienberg S. 2014. Differentially-private logistic
regression for detecting multiple-SNP association in GWAS databases. Lecture Notes
in Computer Science (including subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics). PSD: Privacy in Statistical Databases, LNCS,
vol. 8744, 170–184.'
mla: Yu, Fei, et al. “Differentially-Private Logistic Regression for Detecting Multiple-SNP
Association in GWAS Databases.” Lecture Notes in Computer Science (Including
Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),
edited by Josep Domingo Ferrer, vol. 8744, Springer, 2014, pp. 170–84, doi:10.1007/978-3-319-11257-2_14.
short: F. Yu, M. Rybar, C. Uhler, S. Fienberg, in:, J. Domingo Ferrer (Ed.), Lecture
Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics), Springer, 2014, pp. 170–184.
conference:
end_date: 2014-09-19
location: Ibiza, Spain
name: 'PSD: Privacy in Statistical Databases'
start_date: 2014-09-17
date_created: 2018-12-11T11:55:24Z
date_published: 2014-01-01T00:00:00Z
date_updated: 2021-01-12T06:54:57Z
day: '01'
department:
- _id: KrPi
- _id: CaUh
doi: 10.1007/978-3-319-11257-2_14
editor:
- first_name: Josep
full_name: Domingo Ferrer, Josep
last_name: Domingo Ferrer
external_id:
arxiv:
- '1407.8067'
intvolume: ' 8744'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://arxiv.org/abs/1407.8067
month: '01'
oa: 1
oa_version: Submitted Version
page: 170 - 184
project:
- _id: 25636330-B435-11E9-9278-68D0E5697425
grant_number: 11-NSF-1070
name: ROOTS Genome-wide Analysis of Root Traits
publication: Lecture Notes in Computer Science (including subseries Lecture Notes
in Artificial Intelligence and Lecture Notes in Bioinformatics)
publication_status: published
publisher: Springer
publist_id: '5004'
quality_controlled: '1'
scopus_import: 1
status: public
title: Differentially-private logistic regression for detecting multiple-SNP association
in GWAS databases
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 8744
year: '2014'
...
---
_id: '2046'
abstract:
- lang: eng
text: 'We introduce policy-based signatures (PBS), where a signer can only sign
messages conforming to some authority-specified policy. The main requirements
are unforgeability and privacy, the latter meaning that signatures not reveal
the policy. PBS offers value along two fronts: (1) On the practical side, they
allow a corporation to control what messages its employees can sign under the
corporate key. (2) On the theoretical side, they unify existing work, capturing
other forms of signatures as special cases or allowing them to be easily built.
Our work focuses on definitions of PBS, proofs that this challenging primitive
is realizable for arbitrary policies, efficient constructions for specific policies,
and a few representative applications.'
acknowledgement: Part of his work was done while at Bristol University, supported
by EPSRC grant EP/H043454/1.
alternative_title:
- LNCS
author:
- first_name: Mihir
full_name: Bellare, Mihir
last_name: Bellare
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
citation:
ama: 'Bellare M, Fuchsbauer G. Policy-based signatures. In: Krawczyk H, ed. Lecture
Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics). Vol 8383. Springer; 2014:520-537. doi:10.1007/978-3-642-54631-0_30'
apa: 'Bellare, M., & Fuchsbauer, G. (2014). Policy-based signatures. In H. Krawczyk
(Ed.), Lecture Notes in Computer Science (including subseries Lecture Notes
in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8383,
pp. 520–537). Buenos Aires, Argentina: Springer. https://doi.org/10.1007/978-3-642-54631-0_30'
chicago: Bellare, Mihir, and Georg Fuchsbauer. “Policy-Based Signatures.” In Lecture
Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, 8383:520–37.
Springer, 2014. https://doi.org/10.1007/978-3-642-54631-0_30.
ieee: M. Bellare and G. Fuchsbauer, “Policy-based signatures,” in Lecture Notes
in Computer Science (including subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics), Buenos Aires, Argentina, 2014, vol.
8383, pp. 520–537.
ista: 'Bellare M, Fuchsbauer G. 2014. Policy-based signatures. Lecture Notes in
Computer Science (including subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics). PKC: Public Key Crypography, LNCS, vol.
8383, 520–537.'
mla: Bellare, Mihir, and Georg Fuchsbauer. “Policy-Based Signatures.” Lecture
Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence
and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, vol. 8383,
Springer, 2014, pp. 520–37, doi:10.1007/978-3-642-54631-0_30.
short: M. Bellare, G. Fuchsbauer, in:, H. Krawczyk (Ed.), Lecture Notes in Computer
Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture
Notes in Bioinformatics), Springer, 2014, pp. 520–537.
conference:
end_date: 2014-05-28
location: Buenos Aires, Argentina
name: 'PKC: Public Key Crypography'
start_date: 2014-05-26
date_created: 2018-12-11T11:55:24Z
date_published: 2014-01-01T00:00:00Z
date_updated: 2021-01-12T06:54:57Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-642-54631-0_30
ec_funded: 1
editor:
- first_name: Hugo
full_name: Krawczyk, Hugo
last_name: Krawczyk
intvolume: ' 8383'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2013/413
month: '01'
oa: 1
oa_version: Submitted Version
page: 520 - 537
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: Lecture Notes in Computer Science (including subseries Lecture Notes
in Artificial Intelligence and Lecture Notes in Bioinformatics)
publication_status: published
publisher: Springer
publist_id: '5005'
quality_controlled: '1'
scopus_import: 1
status: public
title: Policy-based signatures
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 8383
year: '2014'
...
---
_id: '2185'
abstract:
- lang: eng
text: 'We revisit the classical problem of converting an imperfect source of randomness
into a usable cryptographic key. Assume that we have some cryptographic application
P that expects a uniformly random m-bit key R and ensures that the best attack
(in some complexity class) against P(R) has success probability at most δ. Our
goal is to design a key-derivation function (KDF) h that converts any random source
X of min-entropy k into a sufficiently "good" key h(X), guaranteeing
that P(h(X)) has comparable security δ′ which is ''close'' to δ. Seeded randomness
extractors provide a generic way to solve this problem for all applications P,
with resulting security δ′ = O(δ), provided that we start with entropy k ≥ m +
2 log (1/δ) - O(1). By a result of Radhakrishnan and Ta-Shma, this bound on k
(called the "RT-bound") is also known to be tight in general. Unfortunately,
in many situations the loss of 2 log (1/δ) bits of entropy is unacceptable. This
motivates the study KDFs with less entropy waste by placing some restrictions
on the source X or the application P. In this work we obtain the following new
positive and negative results in this regard: - Efficient samplability of the
source X does not help beat the RT-bound for general applications. This resolves
the SRT (samplable RT) conjecture of Dachman-Soled et al. [DGKM12] in the affirmative,
and also shows that the existence of computationally-secure extractors beating
the RT-bound implies the existence of one-way functions. - We continue in the
line of work initiated by Barak et al. [BDK+11] and construct new information-theoretic
KDFs which beat the RT-bound for large but restricted classes of applications.
Specifically, we design efficient KDFs that work for all unpredictability applications
P (e.g., signatures, MACs, one-way functions, etc.) and can either: (1) extract
all of the entropy k = m with a very modest security loss δ′ = O(δ·log (1/δ)),
or alternatively, (2) achieve essentially optimal security δ′ = O(δ) with a very
modest entropy loss k ≥ m + loglog (1/δ). In comparison, the best prior results
from [BDK+11] for this class of applications would only guarantee δ′ = O(√δ) when
k = m, and would need k ≥ m + log (1/δ) to get δ′ = O(δ). - The weaker bounds
of [BDK+11] hold for a larger class of so-called "square- friendly"
applications (which includes all unpredictability, but also some important indistinguishability,
applications). Unfortunately, we show that these weaker bounds are tight for the
larger class of applications. - We abstract out a clean, information-theoretic
notion of (k,δ,δ′)- unpredictability extractors, which guarantee "induced"
security δ′ for any δ-secure unpredictability application P, and characterize
the parameters achievable for such unpredictability extractors. Of independent
interest, we also relate this notion to the previously-known notion of (min-entropy)
condensers, and improve the state-of-the-art parameters for such condensers.'
alternative_title:
- LNCS
author:
- first_name: Yevgeniy
full_name: Dodis, Yevgeniy
last_name: Dodis
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Daniel
full_name: Wichs, Daniel
last_name: Wichs
citation:
ama: 'Dodis Y, Pietrzak KZ, Wichs D. Key derivation without entropy waste. In: Nguyen
P, Oswald E, eds. Vol 8441. Springer; 2014:93-110. doi:10.1007/978-3-642-55220-5_6'
apa: 'Dodis, Y., Pietrzak, K. Z., & Wichs, D. (2014). Key derivation without
entropy waste. In P. Nguyen & E. Oswald (Eds.) (Vol. 8441, pp. 93–110). Presented
at the EUROCRYPT: Theory and Applications of Cryptographic Techniques, Copenhagen,
Denmark: Springer. https://doi.org/10.1007/978-3-642-55220-5_6'
chicago: Dodis, Yevgeniy, Krzysztof Z Pietrzak, and Daniel Wichs. “Key Derivation
without Entropy Waste.” edited by Phong Nguyen and Elisabeth Oswald, 8441:93–110.
Springer, 2014. https://doi.org/10.1007/978-3-642-55220-5_6.
ieee: 'Y. Dodis, K. Z. Pietrzak, and D. Wichs, “Key derivation without entropy waste,”
presented at the EUROCRYPT: Theory and Applications of Cryptographic Techniques,
Copenhagen, Denmark, 2014, vol. 8441, pp. 93–110.'
ista: 'Dodis Y, Pietrzak KZ, Wichs D. 2014. Key derivation without entropy waste.
EUROCRYPT: Theory and Applications of Cryptographic Techniques, LNCS, vol. 8441,
93–110.'
mla: Dodis, Yevgeniy, et al. Key Derivation without Entropy Waste. Edited
by Phong Nguyen and Elisabeth Oswald, vol. 8441, Springer, 2014, pp. 93–110, doi:10.1007/978-3-642-55220-5_6.
short: Y. Dodis, K.Z. Pietrzak, D. Wichs, in:, P. Nguyen, E. Oswald (Eds.), Springer,
2014, pp. 93–110.
conference:
end_date: 2014-05-15
location: Copenhagen, Denmark
name: 'EUROCRYPT: Theory and Applications of Cryptographic Techniques'
start_date: 2014-05-11
date_created: 2018-12-11T11:56:12Z
date_published: 2014-04-01T00:00:00Z
date_updated: 2021-01-12T06:55:51Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-642-55220-5_6
editor:
- first_name: Phong
full_name: Nguyen, Phong
last_name: Nguyen
- first_name: Elisabeth
full_name: Oswald, Elisabeth
last_name: Oswald
file:
- access_level: open_access
checksum: da1aa01221086083b23c92e547b48ff4
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:08:43Z
date_updated: 2020-07-14T12:45:31Z
file_id: '4705'
file_name: IST-2016-680-v1+1_708.pdf
file_size: 505389
relation: main_file
file_date_updated: 2020-07-14T12:45:31Z
has_accepted_license: '1'
intvolume: ' 8441'
language:
- iso: eng
month: '04'
oa: 1
oa_version: Submitted Version
page: 93 - 110
publication_status: published
publisher: Springer
publist_id: '4795'
pubrep_id: '680'
quality_controlled: '1'
scopus_import: 1
status: public
title: Key derivation without entropy waste
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 8441
year: '2014'
...
---
_id: '2219'
abstract:
- lang: eng
text: Recently, Döttling et al. (ASIACRYPT 2012) proposed the first chosen-ciphertext
(IND-CCA) secure public-key encryption scheme from the learning parity with noise
(LPN) assumption. In this work we give an alternative scheme which is conceptually
simpler and more efficient. At the core of our construction is a trapdoor technique
originally proposed for lattices by Micciancio and Peikert (EUROCRYPT 2012), which
we adapt to the LPN setting. The main technical tool is a new double-trapdoor
mechanism, together with a trapdoor switching lemma based on a computational variant
of the leftover hash lemma.
alternative_title:
- LNCS
author:
- first_name: Eike
full_name: Kiltz, Eike
last_name: Kiltz
- first_name: Daniel
full_name: Masny, Daniel
last_name: Masny
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Kiltz E, Masny D, Pietrzak KZ. Simple chosen-ciphertext security from low
noise LPN. In: Vol 8383. Springer; 2014:1-18. doi:10.1007/978-3-642-54631-0_1'
apa: 'Kiltz, E., Masny, D., & Pietrzak, K. Z. (2014). Simple chosen-ciphertext
security from low noise LPN (Vol. 8383, pp. 1–18). Presented at the IACR: International
Conference on Practice and Theory in Public-Key Cryptography, Springer. https://doi.org/10.1007/978-3-642-54631-0_1'
chicago: Kiltz, Eike, Daniel Masny, and Krzysztof Z Pietrzak. “Simple Chosen-Ciphertext
Security from Low Noise LPN,” 8383:1–18. Springer, 2014. https://doi.org/10.1007/978-3-642-54631-0_1.
ieee: 'E. Kiltz, D. Masny, and K. Z. Pietrzak, “Simple chosen-ciphertext security
from low noise LPN,” presented at the IACR: International Conference on Practice
and Theory in Public-Key Cryptography, 2014, vol. 8383, pp. 1–18.'
ista: 'Kiltz E, Masny D, Pietrzak KZ. 2014. Simple chosen-ciphertext security from
low noise LPN. IACR: International Conference on Practice and Theory in Public-Key
Cryptography, LNCS, vol. 8383, 1–18.'
mla: Kiltz, Eike, et al. Simple Chosen-Ciphertext Security from Low Noise LPN.
Vol. 8383, Springer, 2014, pp. 1–18, doi:10.1007/978-3-642-54631-0_1.
short: E. Kiltz, D. Masny, K.Z. Pietrzak, in:, Springer, 2014, pp. 1–18.
conference:
name: 'IACR: International Conference on Practice and Theory in Public-Key Cryptography'
date_created: 2018-12-11T11:56:24Z
date_published: 2014-03-01T00:00:00Z
date_updated: 2021-01-12T06:56:05Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-642-54631-0_1
intvolume: ' 8383'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2015/401
month: '03'
oa: 1
oa_version: Submitted Version
page: 1 - 18
publication_identifier:
isbn:
- 978-364254630-3
publication_status: published
publisher: Springer
publist_id: '4748'
quality_controlled: '1'
scopus_import: 1
status: public
title: Simple chosen-ciphertext security from low noise LPN
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 8383
year: '2014'
...
---
_id: '2236'
abstract:
- lang: eng
text: Consider a joint distribution (X,A) on a set. We show that for any family
of distinguishers, there exists a simulator such that 1 no function in can distinguish
(X,A) from (X,h(X)) with advantage ε, 2 h is only O(2 3ℓ ε -2) times less efficient
than the functions in. For the most interesting settings of the parameters (in
particular, the cryptographic case where X has superlogarithmic min-entropy, ε
> 0 is negligible and consists of circuits of polynomial size), we can make
the simulator h deterministic. As an illustrative application of our theorem,
we give a new security proof for the leakage-resilient stream-cipher from Eurocrypt'09.
Our proof is simpler and quantitatively much better than the original proof using
the dense model theorem, giving meaningful security guarantees if instantiated
with a standard blockcipher like AES. Subsequent to this work, Chung, Lui and
Pass gave an interactive variant of our main theorem, and used it to investigate
weak notions of Zero-Knowledge. Vadhan and Zheng give a more constructive version
of our theorem using their new uniform min-max theorem.
alternative_title:
- LNCS
author:
- first_name: Dimitar
full_name: Jetchev, Dimitar
last_name: Jetchev
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Jetchev D, Pietrzak KZ. How to fake auxiliary input. In: Lindell Y, ed. Vol
8349. Springer; 2014:566-590. doi:10.1007/978-3-642-54242-8_24'
apa: 'Jetchev, D., & Pietrzak, K. Z. (2014). How to fake auxiliary input. In
Y. Lindell (Ed.) (Vol. 8349, pp. 566–590). Presented at the TCC: Theory of Cryptography
Conference, San Diego, USA: Springer. https://doi.org/10.1007/978-3-642-54242-8_24'
chicago: Jetchev, Dimitar, and Krzysztof Z Pietrzak. “How to Fake Auxiliary Input.”
edited by Yehuda Lindell, 8349:566–90. Springer, 2014. https://doi.org/10.1007/978-3-642-54242-8_24.
ieee: 'D. Jetchev and K. Z. Pietrzak, “How to fake auxiliary input,” presented at
the TCC: Theory of Cryptography Conference, San Diego, USA, 2014, vol. 8349, pp.
566–590.'
ista: 'Jetchev D, Pietrzak KZ. 2014. How to fake auxiliary input. TCC: Theory of
Cryptography Conference, LNCS, vol. 8349, 566–590.'
mla: Jetchev, Dimitar, and Krzysztof Z. Pietrzak. How to Fake Auxiliary Input.
Edited by Yehuda Lindell, vol. 8349, Springer, 2014, pp. 566–90, doi:10.1007/978-3-642-54242-8_24.
short: D. Jetchev, K.Z. Pietrzak, in:, Y. Lindell (Ed.), Springer, 2014, pp. 566–590.
conference:
end_date: 2014-02-26
location: San Diego, USA
name: 'TCC: Theory of Cryptography Conference'
start_date: 2014-02-24
date_created: 2018-12-11T11:56:29Z
date_published: 2014-02-01T00:00:00Z
date_updated: 2021-01-12T06:56:12Z
day: '01'
ddc:
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-642-54242-8_24
ec_funded: 1
editor:
- first_name: Yehuda
full_name: Lindell, Yehuda
last_name: Lindell
file:
- access_level: open_access
checksum: 42960325c29dcd8d832edadcc3ce0045
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:17:21Z
date_updated: 2020-07-14T12:45:34Z
file_id: '5275'
file_name: IST-2016-681-v1+1_869_1_.pdf
file_size: 313528
relation: main_file
file_date_updated: 2020-07-14T12:45:34Z
has_accepted_license: '1'
intvolume: ' 8349'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://repository.ist.ac.at/id/eprint/681
month: '02'
oa: 1
oa_version: Submitted Version
page: 566 - 590
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_identifier:
isbn:
- 978-364254241-1
publication_status: published
publisher: Springer
publist_id: '4725'
pubrep_id: '681'
quality_controlled: '1'
status: public
title: How to fake auxiliary input
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 8349
year: '2014'
...
---
_id: '2852'
abstract:
- lang: eng
text: A robust combiner for hash functions takes two candidate implementations and
constructs a hash function which is secure as long as at least one of the candidates
is secure. So far, hash function combiners only aim at preserving a single property
such as collision-resistance or pseudorandomness. However, when hash functions
are used in protocols like TLS they are often required to provide several properties
simultaneously. We therefore put forward the notion of robust multi-property combiners
and elaborate on different definitions for such combiners. We then propose a combiner
that provably preserves (target) collision-resistance, pseudorandomness, and being
a secure message authentication code. This combiner satisfies the strongest notion
we propose, which requires that the combined function satisfies every security
property which is satisfied by at least one of the underlying hash function. If
the underlying hash functions have output length n, the combiner has output length
2 n. This basically matches a known lower bound for black-box combiners for collision-resistance
only, thus the other properties can be achieved without penalizing the length
of the hash values. We then propose a combiner which also preserves the property
of being indifferentiable from a random oracle, slightly increasing the output
length to 2 n+ω(log n). Moreover, we show how to augment our constructions in
order to make them also robust for the one-wayness property, but in this case
require an a priory upper bound on the input length.
author:
- first_name: Marc
full_name: Fischlin, Marc
last_name: Fischlin
- first_name: Anja
full_name: Lehmann, Anja
last_name: Lehmann
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: Fischlin M, Lehmann A, Pietrzak KZ. Robust multi-property combiners for hash
functions. Journal of Cryptology. 2014;27(3):397-428. doi:10.1007/s00145-013-9148-7
apa: Fischlin, M., Lehmann, A., & Pietrzak, K. Z. (2014). Robust multi-property
combiners for hash functions. Journal of Cryptology. Springer. https://doi.org/10.1007/s00145-013-9148-7
chicago: Fischlin, Marc, Anja Lehmann, and Krzysztof Z Pietrzak. “Robust Multi-Property
Combiners for Hash Functions.” Journal of Cryptology. Springer, 2014. https://doi.org/10.1007/s00145-013-9148-7.
ieee: M. Fischlin, A. Lehmann, and K. Z. Pietrzak, “Robust multi-property combiners
for hash functions,” Journal of Cryptology, vol. 27, no. 3. Springer, pp.
397–428, 2014.
ista: Fischlin M, Lehmann A, Pietrzak KZ. 2014. Robust multi-property combiners
for hash functions. Journal of Cryptology. 27(3), 397–428.
mla: Fischlin, Marc, et al. “Robust Multi-Property Combiners for Hash Functions.”
Journal of Cryptology, vol. 27, no. 3, Springer, 2014, pp. 397–428, doi:10.1007/s00145-013-9148-7.
short: M. Fischlin, A. Lehmann, K.Z. Pietrzak, Journal of Cryptology 27 (2014) 397–428.
date_created: 2018-12-11T11:59:56Z
date_published: 2014-07-01T00:00:00Z
date_updated: 2023-02-23T11:17:53Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/s00145-013-9148-7
intvolume: ' 27'
issue: '3'
language:
- iso: eng
month: '07'
oa_version: None
page: 397 - 428
publication: Journal of Cryptology
publication_status: published
publisher: Springer
publist_id: '3940'
quality_controlled: '1'
related_material:
record:
- id: '3225'
relation: earlier_version
status: public
scopus_import: 1
status: public
title: Robust multi-property combiners for hash functions
type: journal_article
user_id: 3FFCCD3A-F248-11E8-B48F-1D18A9856A87
volume: 27
year: '2014'
...
---
_id: '2082'
abstract:
- lang: eng
text: 'NMAC is a mode of operation which turns a fixed input-length keyed hash function
f into a variable input-length function. A practical single-key variant of NMAC
called HMAC is a very popular and widely deployed message authentication code
(MAC). Security proofs and attacks for NMAC can typically be lifted to HMAC. NMAC
was introduced by Bellare, Canetti and Krawczyk [Crypto''96], who proved it to
be a secure pseudorandom function (PRF), and thus also a MAC, assuming that (1)
f is a PRF and (2) the function we get when cascading f is weakly collision-resistant.
Unfortunately, HMAC is typically instantiated with cryptographic hash functions
like MD5 or SHA-1 for which (2) has been found to be wrong. To restore the provable
guarantees for NMAC, Bellare [Crypto''06] showed its security based solely on
the assumption that f is a PRF, albeit via a non-uniform reduction. - Our first
contribution is a simpler and uniform proof for this fact: If f is an ε-secure
PRF (against q queries) and a δ-non-adaptively secure PRF (against q queries),
then NMAC f is an (ε+ℓqδ)-secure PRF against q queries of length at most ℓ blocks
each. - We then show that this ε+ℓqδ bound is basically tight. For the most interesting
case where ℓqδ ≥ ε we prove this by constructing an f for which an attack with
advantage ℓqδ exists. This also violates the bound O(ℓε) on the PRF-security of
NMAC recently claimed by Koblitz and Menezes. - Finally, we analyze the PRF-security
of a modification of NMAC called NI [An and Bellare, Crypto''99] that differs
mainly by using a compression function with an additional keying input. This avoids
the constant rekeying on multi-block messages in NMAC and allows for a security
proof starting by the standard switch from a PRF to a random function, followed
by an information-theoretic analysis. We carry out such an analysis, obtaining
a tight ℓq2/2 c bound for this step, improving over the trivial bound of ℓ2q2/2c.
The proof borrows combinatorial techniques originally developed for proving the
security of CBC-MAC [Bellare et al., Crypto''05].'
alternative_title:
- LNCS
author:
- first_name: Peter
full_name: Gazi, Peter
id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
last_name: Gazi
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Michal
full_name: Rybar, Michal
id: 2B3E3DE8-F248-11E8-B48F-1D18A9856A87
last_name: Rybar
citation:
ama: 'Gazi P, Pietrzak KZ, Rybar M. The exact PRF-security of NMAC and HMAC. In:
Garay J, Gennaro R, eds. Vol 8616. Springer; 2014:113-130. doi:10.1007/978-3-662-44371-2_7'
apa: 'Gazi, P., Pietrzak, K. Z., & Rybar, M. (2014). The exact PRF-security
of NMAC and HMAC. In J. Garay & R. Gennaro (Eds.) (Vol. 8616, pp. 113–130).
Presented at the CRYPTO: International Cryptology Conference, Santa Barbara, USA:
Springer. https://doi.org/10.1007/978-3-662-44371-2_7'
chicago: Gazi, Peter, Krzysztof Z Pietrzak, and Michal Rybar. “The Exact PRF-Security
of NMAC and HMAC.” edited by Juan Garay and Rosario Gennaro, 8616:113–30. Springer,
2014. https://doi.org/10.1007/978-3-662-44371-2_7.
ieee: 'P. Gazi, K. Z. Pietrzak, and M. Rybar, “The exact PRF-security of NMAC and
HMAC,” presented at the CRYPTO: International Cryptology Conference, Santa Barbara,
USA, 2014, vol. 8616, no. 1, pp. 113–130.'
ista: 'Gazi P, Pietrzak KZ, Rybar M. 2014. The exact PRF-security of NMAC and HMAC.
CRYPTO: International Cryptology Conference, LNCS, vol. 8616, 113–130.'
mla: Gazi, Peter, et al. The Exact PRF-Security of NMAC and HMAC. Edited
by Juan Garay and Rosario Gennaro, vol. 8616, no. 1, Springer, 2014, pp. 113–30,
doi:10.1007/978-3-662-44371-2_7.
short: P. Gazi, K.Z. Pietrzak, M. Rybar, in:, J. Garay, R. Gennaro (Eds.), Springer,
2014, pp. 113–130.
conference:
end_date: 2014-08-21
location: Santa Barbara, USA
name: 'CRYPTO: International Cryptology Conference'
start_date: 2014-08-17
date_created: 2018-12-11T11:55:36Z
date_published: 2014-01-01T00:00:00Z
date_updated: 2023-09-07T12:02:27Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-662-44371-2_7
ec_funded: 1
editor:
- first_name: Juan
full_name: Garay, Juan
last_name: Garay
- first_name: Rosario
full_name: Gennaro, Rosario
last_name: Gennaro
file:
- access_level: open_access
checksum: dab6ab36a5f6af94f2b597e6404ed11d
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:13:17Z
date_updated: 2020-07-14T12:45:28Z
file_id: '4999'
file_name: IST-2016-682-v1+1_578.pdf
file_size: 492310
relation: main_file
file_date_updated: 2020-07-14T12:45:28Z
has_accepted_license: '1'
intvolume: ' 8616'
issue: '1'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Submitted Version
page: 113 - 130
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '4955'
pubrep_id: '682'
quality_controlled: '1'
related_material:
record:
- id: '838'
relation: dissertation_contains
status: public
status: public
title: The exact PRF-security of NMAC and HMAC
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 8616
year: '2014'
...
---
_id: '2259'
abstract:
- lang: eng
text: "The learning with rounding (LWR) problem, introduced by Banerjee, Peikert
and Rosen at EUROCRYPT ’12, is a variant of learning with errors (LWE), where
one replaces random errors with deterministic rounding. The LWR problem was shown
to be as hard as LWE for a setting of parameters where the modulus and modulus-to-error
ratio are super-polynomial. In this work we resolve the main open problem and
give a new reduction that works for a larger range of parameters, allowing for
a polynomial modulus and modulus-to-error ratio. In particular, a smaller modulus
gives us greater efficiency, and a smaller modulus-to-error ratio gives us greater
security, which now follows from the worst-case hardness of GapSVP with polynomial
(rather than super-polynomial) approximation factors.\r\n\r\nAs a tool in the
reduction, we show that there is a “lossy mode” for the LWR problem, in which
LWR samples only reveal partial information about the secret. This property gives
us several interesting new applications, including a proof that LWR remains secure
with weakly random secrets of sufficient min-entropy, and very simple constructions
of deterministic encryption, lossy trapdoor functions and reusable extractors.\r\n\r\nOur
approach is inspired by a technique of Goldwasser et al. from ICS ’10, which implicitly
showed the existence of a “lossy mode” for LWE. By refining this technique, we
also improve on the parameters of that work to only requiring a polynomial (instead
of super-polynomial) modulus and modulus-to-error ratio.\r\n"
alternative_title:
- LNCS
author:
- first_name: Joel F
full_name: Alwen, Joel F
id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
last_name: Alwen
- first_name: Stephan
full_name: Krenn, Stephan
id: 329FCCF0-F248-11E8-B48F-1D18A9856A87
last_name: Krenn
orcid: 0000-0003-2835-9093
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Daniel
full_name: Wichs, Daniel
last_name: Wichs
citation:
ama: 'Alwen JF, Krenn S, Pietrzak KZ, Wichs D. Learning with rounding, revisited:
New reduction properties and applications. 2013;8042(1):57-74. doi:10.1007/978-3-642-40041-4_4'
apa: 'Alwen, J. F., Krenn, S., Pietrzak, K. Z., & Wichs, D. (2013). Learning
with rounding, revisited: New reduction properties and applications. Presented
at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United
States: Springer. https://doi.org/10.1007/978-3-642-40041-4_4'
chicago: 'Alwen, Joel F, Stephan Krenn, Krzysztof Z Pietrzak, and Daniel Wichs.
“Learning with Rounding, Revisited: New Reduction Properties and Applications.”
Lecture Notes in Computer Science. Springer, 2013. https://doi.org/10.1007/978-3-642-40041-4_4.'
ieee: 'J. F. Alwen, S. Krenn, K. Z. Pietrzak, and D. Wichs, “Learning with rounding,
revisited: New reduction properties and applications,” vol. 8042, no. 1. Springer,
pp. 57–74, 2013.'
ista: 'Alwen JF, Krenn S, Pietrzak KZ, Wichs D. 2013. Learning with rounding, revisited:
New reduction properties and applications. 8042(1), 57–74.'
mla: 'Alwen, Joel F., et al. Learning with Rounding, Revisited: New Reduction
Properties and Applications. Vol. 8042, no. 1, Springer, 2013, pp. 57–74,
doi:10.1007/978-3-642-40041-4_4.'
short: J.F. Alwen, S. Krenn, K.Z. Pietrzak, D. Wichs, 8042 (2013) 57–74.
conference:
end_date: 2013-08-22
location: Santa Barbara, CA, United States
name: 'CRYPTO: International Cryptology Conference'
start_date: 2013-08-18
date_created: 2018-12-11T11:56:37Z
date_published: 2013-01-01T00:00:00Z
date_updated: 2021-01-12T06:56:21Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-642-40041-4_4
ec_funded: 1
file:
- access_level: open_access
checksum: 16d428408a806b8e49eecc607deab115
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:11:55Z
date_updated: 2020-07-14T12:45:35Z
file_id: '4912'
file_name: IST-2016-684-v1+1_098.pdf
file_size: 587898
relation: main_file
file_date_updated: 2020-07-14T12:45:35Z
has_accepted_license: '1'
intvolume: ' 8042'
issue: '1'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Published Version
page: 57 - 74
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '4687'
pubrep_id: '684'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: 'Learning with rounding, revisited: New reduction properties and applications'
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 8042
year: '2013'
...
---
_id: '2258'
abstract:
- lang: eng
text: "In a digital signature scheme with message recovery, rather than transmitting
the message m and its signature σ, a single enhanced signature τ is transmitted.
The verifier is able to recover m from τ and at the same time verify its authenticity.
The two most important parameters of such a scheme are its security and overhead
|τ| − |m|. A simple argument shows that for any scheme with “n bits security”
|τ| − |m| ≥ n, i.e., the overhead is lower bounded by the security parameter n.
Currently, the best known constructions in the random oracle model are far from
this lower bound requiring an overhead of n + logq h , where q h is the number
of queries to the random oracle. In this paper we give a construction which basically
matches the n bit lower bound. We propose a simple digital signature scheme with
n + o(logq h ) bits overhead, where q h denotes the number of random oracle queries.\r\n\r\nOur
construction works in two steps. First, we propose a signature scheme with message
recovery having optimal overhead in a new ideal model, the random invertible function
model. Second, we show that a four-round Feistel network with random oracles as
round functions is tightly “public-indifferentiable” from a random invertible
function. At the core of our indifferentiability proof is an almost tight upper
bound for the expected number of edges of the densest “small” subgraph of a random
Cayley graph, which may be of independent interest.\r\n"
alternative_title:
- LNCS
author:
- first_name: Eike
full_name: Kiltz, Eike
last_name: Kiltz
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Mario
full_name: Szegedy, Mario
last_name: Szegedy
citation:
ama: Kiltz E, Pietrzak KZ, Szegedy M. Digital signatures with minimal overhead from
indifferentiable random invertible functions. 2013;8042:571-588. doi:10.1007/978-3-642-40041-4_31
apa: 'Kiltz, E., Pietrzak, K. Z., & Szegedy, M. (2013). Digital signatures with
minimal overhead from indifferentiable random invertible functions. Presented
at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United
States: Springer. https://doi.org/10.1007/978-3-642-40041-4_31'
chicago: Kiltz, Eike, Krzysztof Z Pietrzak, and Mario Szegedy. “Digital Signatures
with Minimal Overhead from Indifferentiable Random Invertible Functions.” Lecture
Notes in Computer Science. Springer, 2013. https://doi.org/10.1007/978-3-642-40041-4_31.
ieee: E. Kiltz, K. Z. Pietrzak, and M. Szegedy, “Digital signatures with minimal
overhead from indifferentiable random invertible functions,” vol. 8042. Springer,
pp. 571–588, 2013.
ista: Kiltz E, Pietrzak KZ, Szegedy M. 2013. Digital signatures with minimal overhead
from indifferentiable random invertible functions. 8042, 571–588.
mla: Kiltz, Eike, et al. Digital Signatures with Minimal Overhead from Indifferentiable
Random Invertible Functions. Vol. 8042, Springer, 2013, pp. 571–88, doi:10.1007/978-3-642-40041-4_31.
short: E. Kiltz, K.Z. Pietrzak, M. Szegedy, 8042 (2013) 571–588.
conference:
end_date: 2013-08-22
location: Santa Barbara, CA, United States
name: 'CRYPTO: International Cryptology Conference'
start_date: 2013-08-18
date_created: 2018-12-11T11:56:37Z
date_published: 2013-01-01T00:00:00Z
date_updated: 2021-01-12T06:56:21Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-642-40041-4_31
ec_funded: 1
file:
- access_level: open_access
checksum: 18a3f602cb41de184dc0e16a0e907633
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:09:20Z
date_updated: 2020-07-14T12:45:35Z
file_id: '4744'
file_name: IST-2016-685-v1+1_658.pdf
file_size: 493175
relation: main_file
file_date_updated: 2020-07-14T12:45:35Z
has_accepted_license: '1'
intvolume: ' 8042'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Submitted Version
page: 571 - 588
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '4688'
pubrep_id: '685'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: Digital signatures with minimal overhead from indifferentiable random invertible
functions
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 8042
year: '2013'
...
---
_id: '2260'
abstract:
- lang: eng
text: "Direct Anonymous Attestation (DAA) is one of the most complex cryptographic
protocols deployed in practice. It allows an embedded secure processor known as
a Trusted Platform Module (TPM) to attest to the configuration of its host computer
without violating the owner’s privacy. DAA has been standardized by the Trusted
Computing Group and ISO/IEC.\r\n\r\nThe security of the DAA standard and all existing
schemes is analyzed in the random-oracle model. We provide the first constructions
of DAA in the standard model, that is, without relying on random oracles. Our
constructions use new building blocks, including the first efficient signatures
of knowledge in the standard model, which have many applications beyond DAA.\r\n"
alternative_title:
- LNCS
author:
- first_name: David
full_name: Bernhard, David
last_name: Bernhard
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Essam
full_name: Ghadafi, Essam
last_name: Ghadafi
citation:
ama: Bernhard D, Fuchsbauer G, Ghadafi E. Efficient signatures of knowledge and
DAA in the standard model. 2013;7954:518-533. doi:10.1007/978-3-642-38980-1_33
apa: 'Bernhard, D., Fuchsbauer, G., & Ghadafi, E. (2013). Efficient signatures
of knowledge and DAA in the standard model. Presented at the ACNS: Applied Cryptography
and Network Security, Banff, AB, Canada: Springer. https://doi.org/10.1007/978-3-642-38980-1_33'
chicago: Bernhard, David, Georg Fuchsbauer, and Essam Ghadafi. “Efficient Signatures
of Knowledge and DAA in the Standard Model.” Lecture Notes in Computer Science.
Springer, 2013. https://doi.org/10.1007/978-3-642-38980-1_33.
ieee: D. Bernhard, G. Fuchsbauer, and E. Ghadafi, “Efficient signatures of knowledge
and DAA in the standard model,” vol. 7954. Springer, pp. 518–533, 2013.
ista: Bernhard D, Fuchsbauer G, Ghadafi E. 2013. Efficient signatures of knowledge
and DAA in the standard model. 7954, 518–533.
mla: Bernhard, David, et al. Efficient Signatures of Knowledge and DAA in the
Standard Model. Vol. 7954, Springer, 2013, pp. 518–33, doi:10.1007/978-3-642-38980-1_33.
short: D. Bernhard, G. Fuchsbauer, E. Ghadafi, 7954 (2013) 518–533.
conference:
end_date: 2013-06-28
location: Banff, AB, Canada
name: 'ACNS: Applied Cryptography and Network Security'
start_date: 2013-06-25
date_created: 2018-12-11T11:56:37Z
date_published: 2013-06-01T00:00:00Z
date_updated: 2020-08-11T10:09:44Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-642-38980-1_33
intvolume: ' 7954'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://eprint.iacr.org/2012/475
month: '06'
oa: 1
oa_version: Submitted Version
page: 518 - 533
publication_status: published
publisher: Springer
publist_id: '4686'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: Efficient signatures of knowledge and DAA in the standard model
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 7954
year: '2013'
...
---
_id: '2291'
abstract:
- lang: eng
text: "Cryptographic access control promises to offer easily distributed trust and
broader applicability, while reducing reliance on low-level online monitors. Traditional
implementations of cryptographic access control rely on simple cryptographic primitives
whereas recent endeavors employ primitives with richer functionality and security
guarantees. Worryingly, few of the existing cryptographic access-control schemes
come with precise guarantees, the gap between the policy specification and the
implementation being analyzed only informally, if at all. In this paper we begin
addressing this shortcoming. Unlike prior work that targeted ad-hoc policy specification,
we look at the well-established Role-Based Access Control (RBAC) model, as used
in a typical file system. In short, we provide a precise syntax for a computational
version of RBAC, offer rigorous definitions for cryptographic policy enforcement
of a large class of RBAC security policies, and demonstrate that an implementation
based on attribute-based encryption meets our security notions. We view our main
contribution as being at the conceptual level. Although we work with RBAC for
concreteness, our general methodology could guide future research for uses of
cryptography in other access-control models. \r\n"
author:
- first_name: Anna
full_name: Ferrara, Anna
last_name: Ferrara
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Bogdan
full_name: Warinschi, Bogdan
last_name: Warinschi
citation:
ama: 'Ferrara A, Fuchsbauer G, Warinschi B. Cryptographically enforced RBAC. In:
IEEE; 2013:115-129. doi:10.1109/CSF.2013.15'
apa: 'Ferrara, A., Fuchsbauer, G., & Warinschi, B. (2013). Cryptographically
enforced RBAC (pp. 115–129). Presented at the CSF: Computer Security Foundations,
New Orleans, LA, United States: IEEE. https://doi.org/10.1109/CSF.2013.15'
chicago: Ferrara, Anna, Georg Fuchsbauer, and Bogdan Warinschi. “Cryptographically
Enforced RBAC,” 115–29. IEEE, 2013. https://doi.org/10.1109/CSF.2013.15.
ieee: 'A. Ferrara, G. Fuchsbauer, and B. Warinschi, “Cryptographically enforced
RBAC,” presented at the CSF: Computer Security Foundations, New Orleans, LA, United
States, 2013, pp. 115–129.'
ista: 'Ferrara A, Fuchsbauer G, Warinschi B. 2013. Cryptographically enforced RBAC.
CSF: Computer Security Foundations, 115–129.'
mla: Ferrara, Anna, et al. Cryptographically Enforced RBAC. IEEE, 2013, pp.
115–29, doi:10.1109/CSF.2013.15.
short: A. Ferrara, G. Fuchsbauer, B. Warinschi, in:, IEEE, 2013, pp. 115–129.
conference:
end_date: 2013-09-28
location: New Orleans, LA, United States
name: 'CSF: Computer Security Foundations'
start_date: 2013-09-26
date_created: 2018-12-11T11:56:48Z
date_published: 2013-09-01T00:00:00Z
date_updated: 2021-01-12T06:56:34Z
day: '01'
department:
- _id: KrPi
doi: 10.1109/CSF.2013.15
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://eprint.iacr.org/2013/492
month: '09'
oa: 1
oa_version: Submitted Version
page: 115 - 129
publication_status: published
publisher: IEEE
publist_id: '4637'
quality_controlled: '1'
scopus_import: 1
status: public
title: Cryptographically enforced RBAC
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2013'
...
---
_id: '2940'
abstract:
- lang: eng
text: "A chain rule for an entropy notion H(.) states that the entropy H(X) of a
variable X decreases by at most l if conditioned on an l-bit string A, i.e., H(X|A)>=
H(X)-l. More generally, it satisfies a chain rule for conditional entropy if H(X|Y,A)>=
H(X|Y)-l.\r\n\r\nAll natural information theoretic entropy notions we are aware
of (like Shannon or min-entropy) satisfy some kind of chain rule for conditional
entropy. Moreover, many computational entropy notions (like Yao entropy, unpredictability
entropy and several variants of HILL entropy) satisfy the chain rule for conditional
entropy, though here not only the quantity decreases by l, but also the quality
of the entropy decreases exponentially in l. However, for \r\nthe standard notion
of conditional HILL entropy (the computational equivalent of min-entropy) the
existence of such a rule was unknown so far.\r\n\r\nIn this paper, we prove that
for conditional HILL entropy no meaningful chain rule exists, assuming the existence
of one-way permutations: there exist distributions X,Y,A, where A is a distribution
over a single bit, but $H(X|Y)>>H(X|Y,A)$, even if we simultaneously allow
for a massive degradation in the quality of the entropy.\r\n\r\nThe idea underlying
our construction is based on a surprising connection between the chain rule for
HILL entropy and deniable encryption. "
alternative_title:
- LNCS
author:
- first_name: Stephan
full_name: Krenn, Stephan
id: 329FCCF0-F248-11E8-B48F-1D18A9856A87
last_name: Krenn
orcid: 0000-0003-2835-9093
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Akshay
full_name: Wadia, Akshay
last_name: Wadia
citation:
ama: 'Krenn S, Pietrzak KZ, Wadia A. A counterexample to the chain rule for conditional
HILL entropy, and what deniable encryption has to do with it. In: Sahai A, ed.
Vol 7785. Springer; 2013:23-39. doi:10.1007/978-3-642-36594-2_2'
apa: 'Krenn, S., Pietrzak, K. Z., & Wadia, A. (2013). A counterexample to the
chain rule for conditional HILL entropy, and what deniable encryption has to do
with it. In A. Sahai (Ed.) (Vol. 7785, pp. 23–39). Presented at the TCC: Theory
of Cryptography Conference, Tokyo, Japan: Springer. https://doi.org/10.1007/978-3-642-36594-2_2'
chicago: Krenn, Stephan, Krzysztof Z Pietrzak, and Akshay Wadia. “A Counterexample
to the Chain Rule for Conditional HILL Entropy, and What Deniable Encryption Has
to Do with It.” edited by Amit Sahai, 7785:23–39. Springer, 2013. https://doi.org/10.1007/978-3-642-36594-2_2.
ieee: 'S. Krenn, K. Z. Pietrzak, and A. Wadia, “A counterexample to the chain rule
for conditional HILL entropy, and what deniable encryption has to do with it,”
presented at the TCC: Theory of Cryptography Conference, Tokyo, Japan, 2013, vol.
7785, pp. 23–39.'
ista: 'Krenn S, Pietrzak KZ, Wadia A. 2013. A counterexample to the chain rule for
conditional HILL entropy, and what deniable encryption has to do with it. TCC:
Theory of Cryptography Conference, LNCS, vol. 7785, 23–39.'
mla: Krenn, Stephan, et al. A Counterexample to the Chain Rule for Conditional
HILL Entropy, and What Deniable Encryption Has to Do with It. Edited by Amit
Sahai, vol. 7785, Springer, 2013, pp. 23–39, doi:10.1007/978-3-642-36594-2_2.
short: S. Krenn, K.Z. Pietrzak, A. Wadia, in:, A. Sahai (Ed.), Springer, 2013, pp.
23–39.
conference:
end_date: 2013-03-06
location: Tokyo, Japan
name: 'TCC: Theory of Cryptography Conference'
start_date: 2013-03-03
date_created: 2018-12-11T12:00:27Z
date_published: 2013-01-29T00:00:00Z
date_updated: 2023-02-23T10:00:43Z
day: '29'
ddc:
- '000'
department:
- _id: KrPi
doi: 10.1007/978-3-642-36594-2_2
ec_funded: 1
editor:
- first_name: Amit
full_name: Sahai, Amit
last_name: Sahai
file:
- access_level: open_access
checksum: beb0cc1c0579da2d2e84394230a5da78
content_type: application/pdf
creator: dernst
date_created: 2019-01-22T14:11:11Z
date_updated: 2020-07-14T12:45:54Z
file_id: '5875'
file_name: 2013_LNCS_Krenn.pdf
file_size: 414823
relation: main_file
file_date_updated: 2020-07-14T12:45:54Z
has_accepted_license: '1'
intvolume: ' 7785'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Submitted Version
page: 23 - 39
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '3795'
quality_controlled: '1'
related_material:
record:
- id: '1479'
relation: later_version
status: public
scopus_import: 1
status: public
title: A counterexample to the chain rule for conditional HILL entropy, and what deniable
encryption has to do with it
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 7785
year: '2013'
...
---
_id: '502'
abstract:
- lang: eng
text: 'Blind signatures allow users to obtain signatures on messages hidden from
the signer; moreover, the signer cannot link the resulting message/signature pair
to the signing session. This paper presents blind signature schemes, in which
the number of interactions between the user and the signer is minimal and whose
blind signatures are short. Our schemes are defined over bilinear groups and are
proved secure in the common-reference-string model without random oracles and
under standard assumptions: CDH and the decision-linear assumption. (We also give
variants over asymmetric groups based on similar assumptions.) The blind signatures
are Waters signatures, which consist of 2 group elements. Moreover, we instantiate
partially blind signatures, where the message consists of a part hidden from the
signer and a commonly known public part, and schemes achieving perfect blindness.
We propose new variants of blind signatures, such as signer-friendly partially
blind signatures, where the public part can be chosen by the signer without prior
agreement, 3-party blind signatures, as well as blind signatures on multiple aggregated
messages provided by independent sources. We also extend Waters signatures to
non-binary alphabets by proving a new result on the underlying hash function. '
author:
- first_name: Olivier
full_name: Blazy, Olivier
last_name: Blazy
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: David
full_name: Pointcheval, David
last_name: Pointcheval
- first_name: Damien
full_name: Vergnaud, Damien
last_name: Vergnaud
citation:
ama: Blazy O, Fuchsbauer G, Pointcheval D, Vergnaud D. Short blind signatures. Journal
of Computer Security. 2013;21(5):627-661. doi:10.3233/JCS-130477
apa: Blazy, O., Fuchsbauer, G., Pointcheval, D., & Vergnaud, D. (2013). Short
blind signatures. Journal of Computer Security. IOS Press. https://doi.org/10.3233/JCS-130477
chicago: Blazy, Olivier, Georg Fuchsbauer, David Pointcheval, and Damien Vergnaud.
“Short Blind Signatures.” Journal of Computer Security. IOS Press, 2013.
https://doi.org/10.3233/JCS-130477.
ieee: O. Blazy, G. Fuchsbauer, D. Pointcheval, and D. Vergnaud, “Short blind signatures,”
Journal of Computer Security, vol. 21, no. 5. IOS Press, pp. 627–661, 2013.
ista: Blazy O, Fuchsbauer G, Pointcheval D, Vergnaud D. 2013. Short blind signatures.
Journal of Computer Security. 21(5), 627–661.
mla: Blazy, Olivier, et al. “Short Blind Signatures.” Journal of Computer Security,
vol. 21, no. 5, IOS Press, 2013, pp. 627–61, doi:10.3233/JCS-130477.
short: O. Blazy, G. Fuchsbauer, D. Pointcheval, D. Vergnaud, Journal of Computer
Security 21 (2013) 627–661.
date_created: 2018-12-11T11:46:50Z
date_published: 2013-11-22T00:00:00Z
date_updated: 2021-01-12T08:01:09Z
day: '22'
department:
- _id: KrPi
doi: 10.3233/JCS-130477
intvolume: ' 21'
issue: '5'
language:
- iso: eng
month: '11'
oa_version: None
page: 627 - 661
publication: Journal of Computer Security
publication_status: published
publisher: IOS Press
publist_id: '7318'
quality_controlled: '1'
scopus_import: 1
status: public
title: Short blind signatures
type: journal_article
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 21
year: '2013'
...
---
_id: '2274'
abstract:
- lang: eng
text: "Proofs of work (PoW) have been suggested by Dwork and Naor (Crypto'92) as
protection to a shared resource. The basic idea is to ask the service requestor
to dedicate some non-trivial amount of computational work to every request. The
original applications included prevention of spam and protection against denial
of service attacks. More recently, PoWs have been used to prevent double spending
in the Bitcoin digital currency system.\r\n\r\nIn this work, we put forward an
alternative concept for PoWs -- so-called proofs of space (PoS), where a service
requestor must dedicate a significant amount of disk space as opposed to computation.
We construct secure PoS schemes in the random oracle model, using graphs with
high "pebbling complexity" and Merkle hash-trees. "
author:
- first_name: Stefan
full_name: Dziembowski, Stefan
last_name: Dziembowski
- first_name: Sebastian
full_name: Faust, Sebastian
last_name: Faust
- first_name: Vladimir
full_name: Kolmogorov, Vladimir
id: 3D50B0BA-F248-11E8-B48F-1D18A9856A87
last_name: Kolmogorov
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: Dziembowski S, Faust S, Kolmogorov V, Pietrzak KZ. Proofs of Space.
IST Austria; 2013.
apa: Dziembowski, S., Faust, S., Kolmogorov, V., & Pietrzak, K. Z. (2013). Proofs
of Space. IST Austria.
chicago: Dziembowski, Stefan, Sebastian Faust, Vladimir Kolmogorov, and Krzysztof
Z Pietrzak. Proofs of Space. IST Austria, 2013.
ieee: S. Dziembowski, S. Faust, V. Kolmogorov, and K. Z. Pietrzak, Proofs of
Space. IST Austria, 2013.
ista: Dziembowski S, Faust S, Kolmogorov V, Pietrzak KZ. 2013. Proofs of Space,
IST Austria,p.
mla: Dziembowski, Stefan, et al. Proofs of Space. IST Austria, 2013.
short: S. Dziembowski, S. Faust, V. Kolmogorov, K.Z. Pietrzak, Proofs of Space,
IST Austria, 2013.
date_created: 2018-12-11T11:56:42Z
date_published: 2013-11-28T00:00:00Z
date_updated: 2024-03-20T08:31:49Z
day: '28'
ddc:
- '530'
department:
- _id: VlKo
- _id: KrPi
file:
- access_level: open_access
checksum: 37b61637b62fc079d9141c59d9f1a94f
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:16:11Z
date_updated: 2020-07-14T12:45:36Z
file_id: '5197'
file_name: IST-2016-671-v1+1_796.pdf
file_size: 405870
relation: main_file
file_date_updated: 2020-07-14T12:45:36Z
has_accepted_license: '1'
language:
- iso: eng
month: '11'
oa: 1
oa_version: Published Version
publication_status: published
publisher: IST Austria
publist_id: '4670'
pubrep_id: '671'
related_material:
record:
- id: '1675'
relation: later_version
status: public
scopus_import: 1
status: public
title: Proofs of Space
type: report
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2013'
...
---
_id: '2048'
abstract:
- lang: eng
text: Leakage resilient cryptography attempts to incorporate side-channel leakage
into the black-box security model and designs cryptographic schemes that are provably
secure within it. Informally, a scheme is leakage-resilient if it remains secure
even if an adversary learns a bounded amount of arbitrary information about the
schemes internal state. Unfortunately, most leakage resilient schemes are unnecessarily
complicated in order to achieve strong provable security guarantees. As advocated
by Yu et al. [CCS’10], this mostly is an artefact of the security proof and in
practice much simpler construction may already suffice to protect against realistic
side-channel attacks. In this paper, we show that indeed for simpler constructions
leakage-resilience can be obtained when we aim for relaxed security notions where
the leakage-functions and/or the inputs to the primitive are chosen non-adaptively.
For example, we show that a three round Feistel network instantiated with a leakage
resilient PRF yields a leakage resilient PRP if the inputs are chosen non-adaptively
(This complements the result of Dodis and Pietrzak [CRYPTO’10] who show that if
a adaptive queries are allowed, a superlogarithmic number of rounds is necessary.)
We also show that a minor variation of the classical GGM construction gives a
leakage resilient PRF if both, the leakage-function and the inputs, are chosen
non-adaptively.
acknowledgement: "Sebastian Faust acknowledges support from the Danish National Research
Foundation and The National Science Foundation of China (under the grant 61061130540)
for the Sino-Danish Center for the Theory of Interactive Computation, within part
of this work was performed; and from the CFEM research center, supported by the
Danish Strategic Research Council. \r\nSupported by the European Research Council/ERC
Starting Grant 259668-PSPC.\r\n"
alternative_title:
- LNCS
author:
- first_name: Sebastian
full_name: Faust, Sebastian
last_name: Faust
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Joachim
full_name: Schipper, Joachim
id: 7BE863D4-E9CF-11E9-9EDB-90527418172C
last_name: Schipper
citation:
ama: 'Faust S, Pietrzak KZ, Schipper J. Practical leakage-resilient symmetric cryptography.
In: Conference Proceedings CHES 2012. Vol 7428. Springer; 2012:213-232.
doi:10.1007/978-3-642-33027-8_13'
apa: 'Faust, S., Pietrzak, K. Z., & Schipper, J. (2012). Practical leakage-resilient
symmetric cryptography. In Conference proceedings CHES 2012 (Vol. 7428,
pp. 213–232). Leuven, Belgium: Springer. https://doi.org/10.1007/978-3-642-33027-8_13'
chicago: Faust, Sebastian, Krzysztof Z Pietrzak, and Joachim Schipper. “Practical
Leakage-Resilient Symmetric Cryptography.” In Conference Proceedings CHES
2012, 7428:213–32. Springer, 2012. https://doi.org/10.1007/978-3-642-33027-8_13.
ieee: S. Faust, K. Z. Pietrzak, and J. Schipper, “Practical leakage-resilient symmetric
cryptography,” in Conference proceedings CHES 2012, Leuven, Belgium, 2012,
vol. 7428, pp. 213–232.
ista: 'Faust S, Pietrzak KZ, Schipper J. 2012. Practical leakage-resilient symmetric
cryptography. Conference proceedings CHES 2012. CHES: Cryptographic Hardware
and Embedded Systems, LNCS, vol. 7428, 213–232.'
mla: Faust, Sebastian, et al. “Practical Leakage-Resilient Symmetric Cryptography.”
Conference Proceedings CHES 2012, vol. 7428, Springer, 2012, pp. 213–32,
doi:10.1007/978-3-642-33027-8_13.
short: S. Faust, K.Z. Pietrzak, J. Schipper, in:, Conference Proceedings CHES 2012,
Springer, 2012, pp. 213–232.
conference:
end_date: 2012-09-12
location: Leuven, Belgium
name: 'CHES: Cryptographic Hardware and Embedded Systems'
start_date: 2012-09-09
date_created: 2018-12-11T11:55:25Z
date_published: 2012-09-01T00:00:00Z
date_updated: 2021-01-12T06:54:58Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-642-33027-8_13
ec_funded: 1
intvolume: ' 7428'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://www.iacr.org/archive/ches2012/74280211/74280211.pdf
month: '09'
oa: 1
oa_version: Preprint
page: 213 - 232
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: ' Conference proceedings CHES 2012'
publication_status: published
publisher: Springer
publist_id: '5003'
quality_controlled: '1'
scopus_import: 1
status: public
title: Practical leakage-resilient symmetric cryptography
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 7428
year: '2012'
...
---
_id: '2049'
abstract:
- lang: eng
text: "We propose a new authentication protocol that is provably secure based on
a ring variant of the learning parity with noise (LPN) problem. The protocol follows
the design principle of the LPN-based protocol from Eurocrypt’11 (Kiltz et al.),
and like it, is a two round protocol secure against active attacks. Moreover,
our protocol has small communication complexity and a very small footprint which
makes it applicable in scenarios that involve low-cost, resource-constrained devices.\r\n\r\nPerformance-wise,
our protocol is more efficient than previous LPN-based schemes, such as the many
variants of the Hopper-Blum (HB) protocol and the aforementioned protocol from
Eurocrypt’11. Our implementation results show that it is even comparable to the
standard challenge-and-response protocols based on the AES block-cipher. Our basic
protocol is roughly 20 times slower than AES, but with the advantage of having
10 times smaller code size. Furthermore, if a few hundred bytes of non-volatile
memory are available to allow the storage of some off-line pre-computations, then
the online phase of our protocols is only twice as slow as AES.\r\n"
acknowledgement: "Supported by the European Research Council / ERC Starting Grant
(259668- PSPC)\r\nWe would like to thank the anonymous referees of this confer-
ence and those of the ECRYPT Workshop on Lightweight Cryptography for very useful
comments, and in particular for the suggestion that the scheme is somewhat vulnerable
to a man-in-the-middle attack whenever an adversary observes two reader challenges
that are the same. We hope that the attack we described in Appendix A corresponds
to what the reviewer had in mind. We also thank Tanja Lange for pointing us to the
pa- per of [Kir11] and for discussions of some of her recent work. "
alternative_title:
- LNCS
author:
- first_name: Stefan
full_name: Heyse, Stefan
last_name: Heyse
- first_name: Eike
full_name: Kiltz, Eike
last_name: Kiltz
- first_name: Vadim
full_name: Lyubashevsky, Vadim
last_name: Lyubashevsky
- first_name: Christof
full_name: Paar, Christof
last_name: Paar
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Heyse S, Kiltz E, Lyubashevsky V, Paar C, Pietrzak KZ. Lapin: An efficient
authentication protocol based on ring-LPN. In: Conference Proceedings FSE
2012. Vol 7549. Springer; 2012:346-365. doi:10.1007/978-3-642-34047-5_20'
apa: 'Heyse, S., Kiltz, E., Lyubashevsky, V., Paar, C., & Pietrzak, K. Z. (2012).
Lapin: An efficient authentication protocol based on ring-LPN. In Conference
proceedings FSE 2012 (Vol. 7549, pp. 346–365). Washington, DC, USA: Springer.
https://doi.org/10.1007/978-3-642-34047-5_20'
chicago: 'Heyse, Stefan, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, and Krzysztof
Z Pietrzak. “Lapin: An Efficient Authentication Protocol Based on Ring-LPN.” In
Conference Proceedings FSE 2012, 7549:346–65. Springer, 2012. https://doi.org/10.1007/978-3-642-34047-5_20.'
ieee: 'S. Heyse, E. Kiltz, V. Lyubashevsky, C. Paar, and K. Z. Pietrzak, “Lapin:
An efficient authentication protocol based on ring-LPN,” in Conference proceedings
FSE 2012, Washington, DC, USA, 2012, vol. 7549, pp. 346–365.'
ista: 'Heyse S, Kiltz E, Lyubashevsky V, Paar C, Pietrzak KZ. 2012. Lapin: An efficient
authentication protocol based on ring-LPN. Conference proceedings FSE 2012. FSE:
Fast Software Encryption, LNCS, vol. 7549, 346–365.'
mla: 'Heyse, Stefan, et al. “Lapin: An Efficient Authentication Protocol Based on
Ring-LPN.” Conference Proceedings FSE 2012, vol. 7549, Springer, 2012,
pp. 346–65, doi:10.1007/978-3-642-34047-5_20.'
short: S. Heyse, E. Kiltz, V. Lyubashevsky, C. Paar, K.Z. Pietrzak, in:, Conference
Proceedings FSE 2012, Springer, 2012, pp. 346–365.
conference:
end_date: 2012-03-21
location: Washington, DC, USA
name: 'FSE: Fast Software Encryption'
start_date: 2012-03-19
date_created: 2018-12-11T11:55:25Z
date_published: 2012-03-01T00:00:00Z
date_updated: 2021-01-12T06:54:58Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-642-34047-5_20
ec_funded: 1
intvolume: ' 7549'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://www.iacr.org/archive/fse2012/75490350/75490350.pdf
month: '03'
oa: 1
oa_version: Preprint
page: 346 - 365
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: ' Conference proceedings FSE 2012'
publication_status: published
publisher: Springer
publist_id: '5002'
quality_controlled: '1'
scopus_import: 1
status: public
title: 'Lapin: An efficient authentication protocol based on ring-LPN'
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 7549
year: '2012'
...
---
_id: '2937'
abstract:
- lang: eng
text: Developers building cryptography into security-sensitive applications face
a daunting task. Not only must they understand the security guarantees delivered
by the constructions they choose, they must also implement and combine them correctly
and efficiently. Cryptographic compilers free developers from this task by turning
high-level specifications of security goals into efficient implementations. Yet,
trusting such tools is hard as they rely on complex mathematical machinery and
claim security properties that are subtle and difficult to verify. In this paper
we present ZKCrypt, an optimizing cryptographic compiler achieving an unprecedented
level of assurance without sacrificing practicality for a comprehensive class
of cryptographic protocols, known as Zero-Knowledge Proofs of Knowledge. The pipeline
of ZKCrypt integrates purpose-built verified compilers and verifying compilers
producing formal proofs in the CertiCrypt framework. By combining the guarantees
delivered by each stage, ZKCrypt provides assurance that the output implementation
securely realizes the abstract proof goal given as input. We report on the main
characteristics of ZKCrypt, highlight new definitions and concepts at its foundations,
and illustrate its applicability through a representative example of an anonymous
credential system.
acknowledgement: This work was partially funded by National Funds through the FCT
- Fundação para a Ciência e a Tecnologia (Portuguese Foundation for Science and
Technology) within project ENI-AC/2224/2009, by ENIAC Joint Undertaking under grant
agreement number 120224, European Projects FP7-256980 NESSoS and FP7-229599 AMAROUT,
Spanish National project TIN2009-14599 DESAFIOS 10, and Madrid Regional project
S2009TIC-1465 PROMETIDOS.
author:
- first_name: José
full_name: Almeida, José
last_name: Almeida
- first_name: Manuel
full_name: Barbosa, Manuel
last_name: Barbosa
- first_name: Endre
full_name: Bangerter, Endre
last_name: Bangerter
- first_name: Gilles
full_name: Barthe, Gilles
last_name: Barthe
- first_name: Stephan
full_name: Krenn, Stephan
id: 329FCCF0-F248-11E8-B48F-1D18A9856A87
last_name: Krenn
orcid: 0000-0003-2835-9093
- first_name: Santiago
full_name: Béguelin, Santiago
last_name: Béguelin
citation:
ama: 'Almeida J, Barbosa M, Bangerter E, Barthe G, Krenn S, Béguelin S. Full proof
cryptography: Verifiable compilation of efficient zero-knowledge protocols. In:
Proceedings of the 2012 ACM Conference on Computer and Communications Security.
ACM; 2012:488-500. doi:10.1145/2382196.2382249'
apa: 'Almeida, J., Barbosa, M., Bangerter, E., Barthe, G., Krenn, S., & Béguelin,
S. (2012). Full proof cryptography: Verifiable compilation of efficient zero-knowledge
protocols. In Proceedings of the 2012 ACM conference on Computer and communications
security (pp. 488–500). Raleigh, NC, USA: ACM. https://doi.org/10.1145/2382196.2382249'
chicago: 'Almeida, José, Manuel Barbosa, Endre Bangerter, Gilles Barthe, Stephan
Krenn, and Santiago Béguelin. “Full Proof Cryptography: Verifiable Compilation
of Efficient Zero-Knowledge Protocols.” In Proceedings of the 2012 ACM Conference
on Computer and Communications Security, 488–500. ACM, 2012. https://doi.org/10.1145/2382196.2382249.'
ieee: 'J. Almeida, M. Barbosa, E. Bangerter, G. Barthe, S. Krenn, and S. Béguelin,
“Full proof cryptography: Verifiable compilation of efficient zero-knowledge protocols,”
in Proceedings of the 2012 ACM conference on Computer and communications security,
Raleigh, NC, USA, 2012, pp. 488–500.'
ista: 'Almeida J, Barbosa M, Bangerter E, Barthe G, Krenn S, Béguelin S. 2012. Full
proof cryptography: Verifiable compilation of efficient zero-knowledge protocols.
Proceedings of the 2012 ACM conference on Computer and communications security.
CCS: Computer and Communications Security, 488–500.'
mla: 'Almeida, José, et al. “Full Proof Cryptography: Verifiable Compilation of
Efficient Zero-Knowledge Protocols.” Proceedings of the 2012 ACM Conference
on Computer and Communications Security, ACM, 2012, pp. 488–500, doi:10.1145/2382196.2382249.'
short: J. Almeida, M. Barbosa, E. Bangerter, G. Barthe, S. Krenn, S. Béguelin, in:,
Proceedings of the 2012 ACM Conference on Computer and Communications Security,
ACM, 2012, pp. 488–500.
conference:
end_date: 2012-10-18
location: Raleigh, NC, USA
name: 'CCS: Computer and Communications Security'
start_date: 2012-10-16
date_created: 2018-12-11T12:00:26Z
date_published: 2012-10-01T00:00:00Z
date_updated: 2021-01-12T07:39:53Z
day: '01'
department:
- _id: KrPi
doi: 10.1145/2382196.2382249
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2012/258
month: '10'
oa: 1
oa_version: Submitted Version
page: 488 - 500
publication: Proceedings of the 2012 ACM conference on Computer and communications
security
publication_status: published
publisher: ACM
publist_id: '3798'
quality_controlled: '1'
scopus_import: 1
status: public
title: 'Full proof cryptography: Verifiable compilation of efficient zero-knowledge
protocols'
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
year: '2012'
...
---
_id: '2974'
abstract:
- lang: eng
text: "We construct a perfectly binding string commitment scheme whose security
is based on the learning parity with noise (LPN) assumption, or equivalently,
the hardness of decoding random linear codes. Our scheme not only allows for a
simple and efficient zero-knowledge proof of knowledge for committed values (essentially
a Σ-protocol), but also for such proofs showing any kind of relation amongst committed
values, i.e. proving that messages m_0,...,m_u, are such that m_0=C(m_1,...,m_u)
for any circuit C.\r\n\r\nTo get soundness which is exponentially small in a security
parameter t, and when the zero-knowledge property relies on the LPN problem with
secrets of length l, our 3 round protocol has communication complexity O(t|C|l
log(l)) and computational complexity of O(t|C|l) bit operations. The hidden constants
are small, and the computation consists mostly of computing inner products of
bit-vectors."
acknowledgement: "We are grateful to Petros Mol for helpful discussions on the reduction
for the hardness of the xLPN problem.\r\n"
alternative_title:
- LNCS
author:
- first_name: Abhishek
full_name: Jain, Abhishek
last_name: Jain
- first_name: Stephan
full_name: Krenn, Stephan
id: 329FCCF0-F248-11E8-B48F-1D18A9856A87
last_name: Krenn
orcid: 0000-0003-2835-9093
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Aris
full_name: Tentes, Aris
last_name: Tentes
citation:
ama: 'Jain A, Krenn S, Pietrzak KZ, Tentes A. Commitments and efficient zero knowledge
proofs from learning parity with noise. In: Wang X, Sako K, eds. Vol 7658. Springer;
2012:663-680. doi:10.1007/978-3-642-34961-4_40'
apa: 'Jain, A., Krenn, S., Pietrzak, K. Z., & Tentes, A. (2012). Commitments
and efficient zero knowledge proofs from learning parity with noise. In X. Wang
& K. Sako (Eds.) (Vol. 7658, pp. 663–680). Presented at the ASIACRYPT: Theory
and Application of Cryptology and Information Security, Beijing, China: Springer.
https://doi.org/10.1007/978-3-642-34961-4_40'
chicago: Jain, Abhishek, Stephan Krenn, Krzysztof Z Pietrzak, and Aris Tentes. “Commitments
and Efficient Zero Knowledge Proofs from Learning Parity with Noise.” edited by
Xiaoyun Wang and Kazue Sako, 7658:663–80. Springer, 2012. https://doi.org/10.1007/978-3-642-34961-4_40.
ieee: 'A. Jain, S. Krenn, K. Z. Pietrzak, and A. Tentes, “Commitments and efficient
zero knowledge proofs from learning parity with noise,” presented at the ASIACRYPT:
Theory and Application of Cryptology and Information Security, Beijing, China,
2012, vol. 7658, pp. 663–680.'
ista: 'Jain A, Krenn S, Pietrzak KZ, Tentes A. 2012. Commitments and efficient zero
knowledge proofs from learning parity with noise. ASIACRYPT: Theory and Application
of Cryptology and Information Security, LNCS, vol. 7658, 663–680.'
mla: Jain, Abhishek, et al. Commitments and Efficient Zero Knowledge Proofs from
Learning Parity with Noise. Edited by Xiaoyun Wang and Kazue Sako, vol. 7658,
Springer, 2012, pp. 663–80, doi:10.1007/978-3-642-34961-4_40.
short: A. Jain, S. Krenn, K.Z. Pietrzak, A. Tentes, in:, X. Wang, K. Sako (Eds.),
Springer, 2012, pp. 663–680.
conference:
end_date: 2012-12-06
location: Beijing, China
name: 'ASIACRYPT: Theory and Application of Cryptology and Information Security'
start_date: 2012-12-02
date_created: 2018-12-11T12:00:38Z
date_published: 2012-12-01T00:00:00Z
date_updated: 2021-01-12T07:40:11Z
day: '01'
ddc:
- '004'
- '005'
department:
- _id: KrPi
doi: 10.1007/978-3-642-34961-4_40
ec_funded: 1
editor:
- first_name: Xiaoyun
full_name: Wang, Xiaoyun
last_name: Wang
- first_name: Kazue
full_name: Sako, Kazue
last_name: Sako
file:
- access_level: open_access
checksum: ab879537385efc4cb4203e7ef0fea17b
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:14:00Z
date_updated: 2020-07-14T12:45:58Z
file_id: '5048'
file_name: IST-2016-721-v1+1_513.pdf
file_size: 482570
relation: main_file
file_date_updated: 2020-07-14T12:45:58Z
has_accepted_license: '1'
intvolume: ' 7658'
language:
- iso: eng
month: '12'
oa: 1
oa_version: Submitted Version
page: 663 - 680
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '3730'
pubrep_id: '721'
scopus_import: 1
status: public
title: Commitments and efficient zero knowledge proofs from learning parity with noise
tmp:
image: /images/cc_by.png
legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
short: CC BY (4.0)
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 7658
year: '2012'
...
---
_id: '3250'
abstract:
- lang: eng
text: The Learning Parity with Noise (LPN) problem has recently found many applications
in cryptography as the hardness assumption underlying the constructions of "provably
secure" cryptographic schemes like encryption or authentication protocols.
Being provably secure means that the scheme comes with a proof showing that the
existence of an efficient adversary against the scheme implies that the underlying
hardness assumption is wrong. LPN based schemes are appealing for theoretical
and practical reasons. On the theoretical side, LPN based schemes offer a very
strong security guarantee. The LPN problem is equivalent to the problem of decoding
random linear codes, a problem that has been extensively studied in the last half
century. The fastest known algorithms run in exponential time and unlike most
number-theoretic problems used in cryptography, the LPN problem does not succumb
to known quantum algorithms. On the practical side, LPN based schemes are often
extremely simple and efficient in terms of code-size as well as time and space
requirements. This makes them prime candidates for light-weight devices like RFID
tags, which are too weak to implement standard cryptographic primitives like the
AES block-cipher. This talk will be a gentle introduction to provable security
using simple LPN based schemes as examples. Starting from pseudorandom generators
and symmetric key encryption, over secret-key authentication protocols, and, if
time admits, touching on recent constructions of public-key identification, commitments
and zero-knowledge proofs.
alternative_title:
- LNCS
author:
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Pietrzak KZ. Cryptography from learning parity with noise. In: Vol 7147. Springer;
2012:99-114. doi:10.1007/978-3-642-27660-6_9'
apa: 'Pietrzak, K. Z. (2012). Cryptography from learning parity with noise (Vol.
7147, pp. 99–114). Presented at the SOFSEM: Current Trends in Theory and Practice
of Computer Science, Špindlerův Mlýn, Czech Republic: Springer. https://doi.org/10.1007/978-3-642-27660-6_9'
chicago: Pietrzak, Krzysztof Z. “Cryptography from Learning Parity with Noise,”
7147:99–114. Springer, 2012. https://doi.org/10.1007/978-3-642-27660-6_9.
ieee: 'K. Z. Pietrzak, “Cryptography from learning parity with noise,” presented
at the SOFSEM: Current Trends in Theory and Practice of Computer Science, Špindlerův
Mlýn, Czech Republic, 2012, vol. 7147, pp. 99–114.'
ista: 'Pietrzak KZ. 2012. Cryptography from learning parity with noise. SOFSEM:
Current Trends in Theory and Practice of Computer Science, LNCS, vol. 7147, 99–114.'
mla: Pietrzak, Krzysztof Z. Cryptography from Learning Parity with Noise.
Vol. 7147, Springer, 2012, pp. 99–114, doi:10.1007/978-3-642-27660-6_9.
short: K.Z. Pietrzak, in:, Springer, 2012, pp. 99–114.
conference:
end_date: 2012-01-27
location: Špindlerův Mlýn, Czech Republic
name: 'SOFSEM: Current Trends in Theory and Practice of Computer Science'
start_date: 2012-01-21
date_created: 2018-12-11T12:02:15Z
date_published: 2012-02-19T00:00:00Z
date_updated: 2021-01-12T07:42:07Z
day: '19'
department:
- _id: KrPi
doi: 10.1007/978-3-642-27660-6_9
intvolume: ' 7147'
language:
- iso: eng
month: '02'
oa_version: None
page: 99 - 114
publication_status: published
publisher: Springer
publist_id: '3407'
quality_controlled: '1'
scopus_import: 1
status: public
title: Cryptography from learning parity with noise
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 7147
year: '2012'
...
---
_id: '3282'
abstract:
- lang: eng
text: 'Traditionally, symmetric-key message authentication codes (MACs) are easily
built from pseudorandom functions (PRFs). In this work we propose a wide variety
of other approaches to building efficient MACs, without going through a PRF first.
In particular, unlike deterministic PRF-based MACs, where each message has a unique
valid tag, we give a number of probabilistic MAC constructions from various other
primitives/assumptions. Our main results are summarized as follows: We show several
new probabilistic MAC constructions from a variety of general assumptions, including
CCA-secure encryption, Hash Proof Systems and key-homomorphic weak PRFs. By instantiating
these frameworks under concrete number theoretic assumptions, we get several schemes
which are more efficient than just using a state-of-the-art PRF instantiation
under the corresponding assumption. For probabilistic MACs, unlike deterministic
ones, unforgeability against a chosen message attack (uf-cma ) alone does not
imply security if the adversary can additionally make verification queries (uf-cmva
). We give an efficient generic transformation from any uf-cma secure MAC which
is "message-hiding" into a uf-cmva secure MAC. This resolves the main
open problem of Kiltz et al. from Eurocrypt''11; By using our transformation on
their constructions, we get the first efficient MACs from the LPN assumption.
While all our new MAC constructions immediately give efficient actively secure,
two-round symmetric-key identification schemes, we also show a very simple, three-round
actively secure identification protocol from any weak PRF. In particular, the
resulting protocol is much more efficient than the trivial approach of building
a regular PRF from a weak PRF. © 2012 International Association for Cryptologic
Research.'
acknowledgement: Supported by the European Research Council under the European Union’s
Seventh Framework Programme (FP7/2007-2013) / ERC Starting Grant (259668-PSPC)
alternative_title:
- LNCS
author:
- first_name: Yevgeniy
full_name: Dodis, Yevgeniy
last_name: Dodis
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Eike
full_name: Kiltz, Eike
last_name: Kiltz
- first_name: Daniel
full_name: Wichs, Daniel
last_name: Wichs
citation:
ama: 'Dodis Y, Pietrzak KZ, Kiltz E, Wichs D. Message authentication, revisited.
In: Vol 7237. Springer; 2012:355-374. doi:10.1007/978-3-642-29011-4_22'
apa: 'Dodis, Y., Pietrzak, K. Z., Kiltz, E., & Wichs, D. (2012). Message authentication,
revisited (Vol. 7237, pp. 355–374). Presented at the EUROCRYPT: Theory and Applications
of Cryptographic Techniques, Cambridge, UK: Springer. https://doi.org/10.1007/978-3-642-29011-4_22'
chicago: Dodis, Yevgeniy, Krzysztof Z Pietrzak, Eike Kiltz, and Daniel Wichs. “Message
Authentication, Revisited,” 7237:355–74. Springer, 2012. https://doi.org/10.1007/978-3-642-29011-4_22.
ieee: 'Y. Dodis, K. Z. Pietrzak, E. Kiltz, and D. Wichs, “Message authentication,
revisited,” presented at the EUROCRYPT: Theory and Applications of Cryptographic
Techniques, Cambridge, UK, 2012, vol. 7237, pp. 355–374.'
ista: 'Dodis Y, Pietrzak KZ, Kiltz E, Wichs D. 2012. Message authentication, revisited.
EUROCRYPT: Theory and Applications of Cryptographic Techniques, LNCS, vol. 7237,
355–374.'
mla: Dodis, Yevgeniy, et al. Message Authentication, Revisited. Vol. 7237,
Springer, 2012, pp. 355–74, doi:10.1007/978-3-642-29011-4_22.
short: Y. Dodis, K.Z. Pietrzak, E. Kiltz, D. Wichs, in:, Springer, 2012, pp. 355–374.
conference:
end_date: 2012-04-19
location: Cambridge, UK
name: 'EUROCRYPT: Theory and Applications of Cryptographic Techniques'
start_date: 2012-04-15
date_created: 2018-12-11T12:02:27Z
date_published: 2012-03-10T00:00:00Z
date_updated: 2021-01-12T07:42:22Z
day: '10'
ddc:
- '000'
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-642-29011-4_22
ec_funded: 1
file:
- access_level: open_access
checksum: 8557c17a8c2586d06ebfe62d934f5c5f
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:14:23Z
date_updated: 2020-07-14T12:46:06Z
file_id: '5074'
file_name: IST-2016-686-v1+1_059.pdf
file_size: 372292
relation: main_file
file_date_updated: 2020-07-14T12:46:06Z
has_accepted_license: '1'
intvolume: ' 7237'
language:
- iso: eng
month: '03'
oa: 1
oa_version: Submitted Version
page: 355 - 374
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '3364'
pubrep_id: '686'
quality_controlled: '1'
status: public
title: Message authentication, revisited
tmp:
image: /images/cc_by.png
legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
short: CC BY (4.0)
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 7237
year: '2012'
...
---
_id: '3280'
abstract:
- lang: eng
text: 'The (decisional) learning with errors problem (LWE) asks to distinguish "noisy"
inner products of a secret vector with random vectors from uniform. The learning
parities with noise problem (LPN) is the special case where the elements of the
vectors are bits. In recent years, the LWE and LPN problems have found many applications
in cryptography. In this paper we introduce a (seemingly) much stronger adaptive
assumption, called "subspace LWE" (SLWE), where the adversary can learn
the inner product of the secret and random vectors after they were projected into
an adaptively and adversarially chosen subspace. We prove that, surprisingly,
the SLWE problem mapping into subspaces of dimension d is almost as hard as LWE
using secrets of length d (the other direction is trivial.) This result immediately
implies that several existing cryptosystems whose security is based on the hardness
of the LWE/LPN problems are provably secure in a much stronger sense than anticipated.
As an illustrative example we show that the standard way of using LPN for symmetric
CPA secure encryption is even secure against a very powerful class of related
key attacks. '
acknowledgement: Supported by the European Research Council under the European Union’s
Seventh Framework Programme (FP7/2007-2013) / ERC Starting Grant (259668-PSPC).
alternative_title:
- LNCS
author:
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Pietrzak KZ. Subspace LWE. In: Vol 7194. Springer; 2012:548-563. doi:10.1007/978-3-642-28914-9_31'
apa: 'Pietrzak, K. Z. (2012). Subspace LWE (Vol. 7194, pp. 548–563). Presented at
the TCC: Theory of Cryptography Conference, Taormina, Sicily, Italy: Springer.
https://doi.org/10.1007/978-3-642-28914-9_31'
chicago: Pietrzak, Krzysztof Z. “Subspace LWE,” 7194:548–63. Springer, 2012. https://doi.org/10.1007/978-3-642-28914-9_31.
ieee: 'K. Z. Pietrzak, “Subspace LWE,” presented at the TCC: Theory of Cryptography
Conference, Taormina, Sicily, Italy, 2012, vol. 7194, pp. 548–563.'
ista: 'Pietrzak KZ. 2012. Subspace LWE. TCC: Theory of Cryptography Conference,
LNCS, vol. 7194, 548–563.'
mla: Pietrzak, Krzysztof Z. Subspace LWE. Vol. 7194, Springer, 2012, pp.
548–63, doi:10.1007/978-3-642-28914-9_31.
short: K.Z. Pietrzak, in:, Springer, 2012, pp. 548–563.
conference:
end_date: 2012-03-21
location: Taormina, Sicily, Italy
name: 'TCC: Theory of Cryptography Conference'
start_date: 2012-03-19
date_created: 2018-12-11T12:02:26Z
date_published: 2012-05-04T00:00:00Z
date_updated: 2021-01-12T07:42:21Z
day: '04'
department:
- _id: KrPi
doi: 10.1007/978-3-642-28914-9_31
ec_funded: 1
intvolume: ' 7194'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://www.iacr.org/archive/tcc2012/71940166/71940166.pdf
month: '05'
oa: 1
oa_version: Submitted Version
page: 548 - 563
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '3366'
quality_controlled: '1'
status: public
title: Subspace LWE
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 7194
year: '2012'
...
---
_id: '3281'
abstract:
- lang: eng
text: 'We consider the problem of amplifying the "lossiness" of functions.
We say that an oracle circuit C*: {0,1} m → {0,1}* amplifies relative lossiness
from ℓ/n to L/m if for every function f:{0,1} n → {0,1} n it holds that 1 If f
is injective then so is C f. 2 If f has image size of at most 2 n-ℓ, then C f
has image size at most 2 m-L. The question is whether such C* exists for L/m ≫
ℓ/n. This problem arises naturally in the context of cryptographic "lossy
functions," where the relative lossiness is the key parameter. We show that
for every circuit C* that makes at most t queries to f, the relative lossiness
of C f is at most L/m ≤ ℓ/n + O(log t)/n. In particular, no black-box method making
a polynomial t = poly(n) number of queries can amplify relative lossiness by more
than an O(logn)/n additive term. We show that this is tight by giving a simple
construction (cascading with some randomization) that achieves such amplification.'
acknowledgement: "We would like to thank Oded Goldreich and Omer Rein- gold for discussions
at an early stage of this project, and Scott Aaronson for clarifications regarding
the collision problem.\r\n"
alternative_title:
- LNCS
author:
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Alon
full_name: Rosen, Alon
last_name: Rosen
- first_name: Gil
full_name: Segev, Gil
last_name: Segev
citation:
ama: 'Pietrzak KZ, Rosen A, Segev G. Lossy functions do not amplify well. In: Vol
7194. Springer; 2012:458-475. doi:10.1007/978-3-642-28914-9_26'
apa: 'Pietrzak, K. Z., Rosen, A., & Segev, G. (2012). Lossy functions do not
amplify well (Vol. 7194, pp. 458–475). Presented at the TCC: Theory of Cryptography
Conference, Taormina, Sicily, Italy: Springer. https://doi.org/10.1007/978-3-642-28914-9_26'
chicago: Pietrzak, Krzysztof Z, Alon Rosen, and Gil Segev. “Lossy Functions Do Not
Amplify Well,” 7194:458–75. Springer, 2012. https://doi.org/10.1007/978-3-642-28914-9_26.
ieee: 'K. Z. Pietrzak, A. Rosen, and G. Segev, “Lossy functions do not amplify well,”
presented at the TCC: Theory of Cryptography Conference, Taormina, Sicily, Italy,
2012, vol. 7194, pp. 458–475.'
ista: 'Pietrzak KZ, Rosen A, Segev G. 2012. Lossy functions do not amplify well.
TCC: Theory of Cryptography Conference, LNCS, vol. 7194, 458–475.'
mla: Pietrzak, Krzysztof Z., et al. Lossy Functions Do Not Amplify Well.
Vol. 7194, Springer, 2012, pp. 458–75, doi:10.1007/978-3-642-28914-9_26.
short: K.Z. Pietrzak, A. Rosen, G. Segev, in:, Springer, 2012, pp. 458–475.
conference:
end_date: 2012-03-21
location: Taormina, Sicily, Italy
name: 'TCC: Theory of Cryptography Conference'
start_date: 2012-03-19
date_created: 2018-12-11T12:02:26Z
date_published: 2012-05-04T00:00:00Z
date_updated: 2021-01-12T07:42:22Z
day: '04'
department:
- _id: KrPi
doi: 10.1007/978-3-642-28914-9_26
intvolume: ' 7194'
language:
- iso: eng
main_file_link:
- url: http://www.iacr.org/archive/tcc2012/tcc2012-index.html
month: '05'
oa_version: None
page: 458 - 475
publication_status: published
publisher: Springer
publist_id: '3365'
quality_controlled: '1'
status: public
title: Lossy functions do not amplify well
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 7194
year: '2012'
...
---
_id: '3279'
abstract:
- lang: eng
text: "We show a hardness-preserving construction of a PRF from any length doubling
PRG which improves upon known constructions whenever we can put a non-trivial
upper bound q on the number of queries to the PRF. Our construction requires only
O(logq) invocations to the underlying PRG with each query. In comparison, the
number of invocations by the best previous hardness-preserving construction (GGM
using Levin's trick) is logarithmic in the hardness of the PRG. For example, starting
from an exponentially secure PRG {0,1} n → {0,1} 2n, we get a PRF which is exponentially
secure if queried at most q = exp(√n)times and where each invocation of the PRF
requires Θ(√n) queries to the underlying PRG. This is much less than the Θ(n)
required by known constructions. \r\n"
acknowledgement: Supported by the European Research Council under the European Union’s
Seventh Framework Programme (FP7/2007-2013) / ERC Starting Grant (259668-PSPC)
alternative_title:
- LNCS
author:
- first_name: Abhishek
full_name: Jain, Abhishek
last_name: Jain
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Aris
full_name: Tentes, Aris
last_name: Tentes
citation:
ama: 'Jain A, Pietrzak KZ, Tentes A. Hardness preserving constructions of pseudorandom
functions. In: Vol 7194. Springer; 2012:369-382. doi:10.1007/978-3-642-28914-9_21'
apa: 'Jain, A., Pietrzak, K. Z., & Tentes, A. (2012). Hardness preserving constructions
of pseudorandom functions (Vol. 7194, pp. 369–382). Presented at the TCC: Theory
of Cryptography Conference, Taormina, Sicily, Italy: Springer. https://doi.org/10.1007/978-3-642-28914-9_21'
chicago: Jain, Abhishek, Krzysztof Z Pietrzak, and Aris Tentes. “Hardness Preserving
Constructions of Pseudorandom Functions,” 7194:369–82. Springer, 2012. https://doi.org/10.1007/978-3-642-28914-9_21.
ieee: 'A. Jain, K. Z. Pietrzak, and A. Tentes, “Hardness preserving constructions
of pseudorandom functions,” presented at the TCC: Theory of Cryptography Conference,
Taormina, Sicily, Italy, 2012, vol. 7194, pp. 369–382.'
ista: 'Jain A, Pietrzak KZ, Tentes A. 2012. Hardness preserving constructions of
pseudorandom functions. TCC: Theory of Cryptography Conference, LNCS, vol. 7194,
369–382.'
mla: Jain, Abhishek, et al. Hardness Preserving Constructions of Pseudorandom
Functions. Vol. 7194, Springer, 2012, pp. 369–82, doi:10.1007/978-3-642-28914-9_21.
short: A. Jain, K.Z. Pietrzak, A. Tentes, in:, Springer, 2012, pp. 369–382.
conference:
end_date: 2012-03-21
location: Taormina, Sicily, Italy
name: 'TCC: Theory of Cryptography Conference'
start_date: 2012-03-19
date_created: 2018-12-11T12:02:25Z
date_published: 2012-05-04T00:00:00Z
date_updated: 2021-01-12T07:42:21Z
day: '04'
department:
- _id: KrPi
doi: 10.1007/978-3-642-28914-9_21
ec_funded: 1
intvolume: ' 7194'
language:
- iso: eng
main_file_link:
- url: http://www.iacr.org/archive/tcc2012/tcc2012-index.html
month: '05'
oa_version: None
page: 369 - 382
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '3367'
quality_controlled: '1'
scopus_import: 1
status: public
title: Hardness preserving constructions of pseudorandom functions
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 7194
year: '2012'
...