---
_id: '7411'
abstract:
- lang: eng
text: "Proofs of sequential work (PoSW) are proof systems where a prover, upon receiving
a statement χ and a time parameter T computes a proof ϕ(χ,T) which is efficiently
and publicly verifiable. The proof can be computed in T sequential steps, but
not much less, even by a malicious party having large parallelism. A PoSW thus
serves as a proof that T units of time have passed since χ\r\n\r\nwas received.\r\n\r\nPoSW
were introduced by Mahmoody, Moran and Vadhan [MMV11], a simple and practical
construction was only recently proposed by Cohen and Pietrzak [CP18].\r\n\r\nIn
this work we construct a new simple PoSW in the random permutation model which
is almost as simple and efficient as [CP18] but conceptually very different. Whereas
the structure underlying [CP18] is a hash tree, our construction is based on skip
lists and has the interesting property that computing the PoSW is a reversible
computation.\r\nThe fact that the construction is reversible can potentially be
used for new applications like constructing proofs of replication. We also show
how to “embed” the sloth function of Lenstra and Weselowski [LW17] into our PoSW
to get a PoSW where one additionally can verify correctness of the output much
more efficiently than recomputing it (though recent constructions of “verifiable
delay functions” subsume most of the applications this construction was aiming
at)."
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Hamza M
full_name: Abusalah, Hamza M
id: 40297222-F248-11E8-B48F-1D18A9856A87
last_name: Abusalah
- first_name: Chethan
full_name: Kamath Hosdurg, Chethan
id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
last_name: Kamath Hosdurg
- first_name: Karen
full_name: Klein, Karen
id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87
last_name: Klein
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Michael
full_name: Walter, Michael
id: 488F98B0-F248-11E8-B48F-1D18A9856A87
last_name: Walter
orcid: 0000-0003-3186-2482
citation:
ama: 'Abusalah HM, Kamath Hosdurg C, Klein K, Pietrzak KZ, Walter M. Reversible
proofs of sequential work. In: Advances in Cryptology – EUROCRYPT 2019.
Vol 11477. Springer International Publishing; 2019:277-291. doi:10.1007/978-3-030-17656-3_10'
apa: 'Abusalah, H. M., Kamath Hosdurg, C., Klein, K., Pietrzak, K. Z., & Walter,
M. (2019). Reversible proofs of sequential work. In Advances in Cryptology
– EUROCRYPT 2019 (Vol. 11477, pp. 277–291). Darmstadt, Germany: Springer International
Publishing. https://doi.org/10.1007/978-3-030-17656-3_10'
chicago: Abusalah, Hamza M, Chethan Kamath Hosdurg, Karen Klein, Krzysztof Z Pietrzak,
and Michael Walter. “Reversible Proofs of Sequential Work.” In Advances in
Cryptology – EUROCRYPT 2019, 11477:277–91. Springer International Publishing,
2019. https://doi.org/10.1007/978-3-030-17656-3_10.
ieee: H. M. Abusalah, C. Kamath Hosdurg, K. Klein, K. Z. Pietrzak, and M. Walter,
“Reversible proofs of sequential work,” in Advances in Cryptology – EUROCRYPT
2019, Darmstadt, Germany, 2019, vol. 11477, pp. 277–291.
ista: Abusalah HM, Kamath Hosdurg C, Klein K, Pietrzak KZ, Walter M. 2019. Reversible
proofs of sequential work. Advances in Cryptology – EUROCRYPT 2019. International
Conference on the Theory and Applications of Cryptographic Techniques, LNCS, vol.
11477, 277–291.
mla: Abusalah, Hamza M., et al. “Reversible Proofs of Sequential Work.” Advances
in Cryptology – EUROCRYPT 2019, vol. 11477, Springer International Publishing,
2019, pp. 277–91, doi:10.1007/978-3-030-17656-3_10.
short: H.M. Abusalah, C. Kamath Hosdurg, K. Klein, K.Z. Pietrzak, M. Walter, in:,
Advances in Cryptology – EUROCRYPT 2019, Springer International Publishing, 2019,
pp. 277–291.
conference:
end_date: 2019-05-23
location: Darmstadt, Germany
name: International Conference on the Theory and Applications of Cryptographic Techniques
start_date: 2019-05-19
date_created: 2020-01-30T09:26:14Z
date_published: 2019-04-24T00:00:00Z
date_updated: 2023-09-06T15:26:06Z
day: '24'
department:
- _id: KrPi
doi: 10.1007/978-3-030-17656-3_10
ec_funded: 1
external_id:
isi:
- '000483516200010'
intvolume: ' 11477'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2019/252
month: '04'
oa: 1
oa_version: Submitted Version
page: 277-291
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication: Advances in Cryptology – EUROCRYPT 2019
publication_identifier:
eissn:
- 1611-3349
isbn:
- '9783030176556'
- '9783030176563'
issn:
- 0302-9743
publication_status: published
publisher: Springer International Publishing
quality_controlled: '1'
scopus_import: '1'
status: public
title: Reversible proofs of sequential work
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 11477
year: '2019'
...
---
_id: '6677'
abstract:
- lang: eng
text: "The Fiat-Shamir heuristic transforms a public-coin interactive proof into
a non-interactive argument, by replacing the verifier with a cryptographic hash
function that is applied to the protocol’s transcript. Constructing hash functions
for which this transformation is sound is a central and long-standing open question
in cryptography.\r\n\r\nWe show that solving the END−OF−METERED−LINE problem is
no easier than breaking the soundness of the Fiat-Shamir transformation when applied
to the sumcheck protocol. In particular, if the transformed protocol is sound,
then any hard problem in #P gives rise to a hard distribution in the class CLS,
which is contained in PPAD. Our result opens up the possibility of sampling moderately-sized
games for which it is hard to find a Nash equilibrium, by reducing the inversion
of appropriately chosen one-way functions to #SAT.\r\n\r\nOur main technical contribution
is a stateful incrementally verifiable procedure that, given a SAT instance over
n variables, counts the number of satisfying assignments. This is accomplished
via an exponential sequence of small steps, each computable in time poly(n). Incremental
verifiability means that each intermediate state includes a sumcheck-based proof
of its correctness, and the proof can be updated and verified in time poly(n)."
article_processing_charge: No
author:
- first_name: Arka Rai
full_name: Choudhuri, Arka Rai
last_name: Choudhuri
- first_name: Pavel
full_name: Hubáček, Pavel
last_name: Hubáček
- first_name: Chethan
full_name: Kamath Hosdurg, Chethan
id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
last_name: Kamath Hosdurg
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Alon
full_name: Rosen, Alon
last_name: Rosen
- first_name: Guy N.
full_name: Rothblum, Guy N.
last_name: Rothblum
citation:
ama: 'Choudhuri AR, Hubáček P, Kamath Hosdurg C, Pietrzak KZ, Rosen A, Rothblum
GN. Finding a Nash equilibrium is no easier than breaking Fiat-Shamir. In: Proceedings
of the 51st Annual ACM SIGACT Symposium on Theory of Computing - STOC 2019.
ACM Press; 2019:1103-1114. doi:10.1145/3313276.3316400'
apa: 'Choudhuri, A. R., Hubáček, P., Kamath Hosdurg, C., Pietrzak, K. Z., Rosen,
A., & Rothblum, G. N. (2019). Finding a Nash equilibrium is no easier than
breaking Fiat-Shamir. In Proceedings of the 51st Annual ACM SIGACT Symposium
on Theory of Computing - STOC 2019 (pp. 1103–1114). Phoenix, AZ, United States:
ACM Press. https://doi.org/10.1145/3313276.3316400'
chicago: Choudhuri, Arka Rai, Pavel Hubáček, Chethan Kamath Hosdurg, Krzysztof Z
Pietrzak, Alon Rosen, and Guy N. Rothblum. “Finding a Nash Equilibrium Is No Easier
than Breaking Fiat-Shamir.” In Proceedings of the 51st Annual ACM SIGACT Symposium
on Theory of Computing - STOC 2019, 1103–14. ACM Press, 2019. https://doi.org/10.1145/3313276.3316400.
ieee: A. R. Choudhuri, P. Hubáček, C. Kamath Hosdurg, K. Z. Pietrzak, A. Rosen,
and G. N. Rothblum, “Finding a Nash equilibrium is no easier than breaking Fiat-Shamir,”
in Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing
- STOC 2019, Phoenix, AZ, United States, 2019, pp. 1103–1114.
ista: 'Choudhuri AR, Hubáček P, Kamath Hosdurg C, Pietrzak KZ, Rosen A, Rothblum
GN. 2019. Finding a Nash equilibrium is no easier than breaking Fiat-Shamir. Proceedings
of the 51st Annual ACM SIGACT Symposium on Theory of Computing - STOC 2019. STOC:
Symposium on Theory of Computing, 1103–1114.'
mla: Choudhuri, Arka Rai, et al. “Finding a Nash Equilibrium Is No Easier than Breaking
Fiat-Shamir.” Proceedings of the 51st Annual ACM SIGACT Symposium on Theory
of Computing - STOC 2019, ACM Press, 2019, pp. 1103–14, doi:10.1145/3313276.3316400.
short: A.R. Choudhuri, P. Hubáček, C. Kamath Hosdurg, K.Z. Pietrzak, A. Rosen, G.N.
Rothblum, in:, Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of
Computing - STOC 2019, ACM Press, 2019, pp. 1103–1114.
conference:
end_date: 2019-06-26
location: Phoenix, AZ, United States
name: 'STOC: Symposium on Theory of Computing'
start_date: 2019-06-23
date_created: 2019-07-24T09:20:53Z
date_published: 2019-06-01T00:00:00Z
date_updated: 2023-09-07T13:15:55Z
day: '01'
department:
- _id: KrPi
doi: 10.1145/3313276.3316400
ec_funded: 1
external_id:
isi:
- '000523199100100'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2019/549
month: '06'
oa: 1
oa_version: Preprint
page: 1103-1114
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing -
STOC 2019
publication_identifier:
isbn:
- '9781450367059'
publication_status: published
publisher: ACM Press
quality_controlled: '1'
related_material:
record:
- id: '7896'
relation: dissertation_contains
status: public
scopus_import: '1'
status: public
title: Finding a Nash equilibrium is no easier than breaking Fiat-Shamir
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
year: '2019'
...
---
_id: '6430'
abstract:
- lang: eng
text: "A proxy re-encryption (PRE) scheme is a public-key encryption scheme that
allows the holder of a key pk to derive a re-encryption key for any other key
\U0001D45D\U0001D458′. This re-encryption key lets anyone transform ciphertexts
under pk into ciphertexts under \U0001D45D\U0001D458′ without having to know the
underlying message, while transformations from \U0001D45D\U0001D458′ to pk should
not be possible (unidirectional). Security is defined in a multi-user setting
against an adversary that gets the users’ public keys and can ask for re-encryption
keys and can corrupt users by requesting their secret keys. Any ciphertext that
the adversary cannot trivially decrypt given the obtained secret and re-encryption
keys should be secure.\r\n\r\nAll existing security proofs for PRE only show selective
security, where the adversary must first declare the users it wants to corrupt.
This can be lifted to more meaningful adaptive security by guessing the set of
corrupted users among the n users, which loses a factor exponential in Open image
in new window , rendering the result meaningless already for moderate Open image
in new window .\r\n\r\nJafargholi et al. (CRYPTO’17) proposed a framework that
in some cases allows to give adaptive security proofs for schemes which were previously
only known to be selectively secure, while avoiding the exponential loss that
results from guessing the adaptive choices made by an adversary. We apply their
framework to PREs that satisfy some natural additional properties. Concretely,
we give a more fine-grained reduction for several unidirectional PREs, proving
adaptive security at a much smaller loss. The loss depends on the graph of users
whose edges represent the re-encryption keys queried by the adversary. For trees
and chains the loss is quasi-polynomial in the size and for general graphs it
is exponential in their depth and indegree (instead of their size as for previous
reductions). Fortunately, trees and low-depth graphs cover many, if not most,
interesting applications.\r\n\r\nOur results apply e.g. to the bilinear-map based
PRE schemes by Ateniese et al. (NDSS’05 and CT-RSA’09), Gentry’s FHE-based scheme
(STOC’09) and the LWE-based scheme by Chandran et al. (PKC’14)."
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Chethan
full_name: Kamath Hosdurg, Chethan
id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
last_name: Kamath Hosdurg
- first_name: Karen
full_name: Klein, Karen
id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87
last_name: Klein
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Fuchsbauer G, Kamath Hosdurg C, Klein K, Pietrzak KZ. Adaptively secure proxy
re-encryption. In: Vol 11443. Springer Nature; 2019:317-346. doi:10.1007/978-3-030-17259-6_11'
apa: 'Fuchsbauer, G., Kamath Hosdurg, C., Klein, K., & Pietrzak, K. Z. (2019).
Adaptively secure proxy re-encryption (Vol. 11443, pp. 317–346). Presented at
the PKC: Public-Key Cryptograhy, Beijing, China: Springer Nature. https://doi.org/10.1007/978-3-030-17259-6_11'
chicago: Fuchsbauer, Georg, Chethan Kamath Hosdurg, Karen Klein, and Krzysztof Z
Pietrzak. “Adaptively Secure Proxy Re-Encryption,” 11443:317–46. Springer Nature,
2019. https://doi.org/10.1007/978-3-030-17259-6_11.
ieee: 'G. Fuchsbauer, C. Kamath Hosdurg, K. Klein, and K. Z. Pietrzak, “Adaptively
secure proxy re-encryption,” presented at the PKC: Public-Key Cryptograhy, Beijing,
China, 2019, vol. 11443, pp. 317–346.'
ista: 'Fuchsbauer G, Kamath Hosdurg C, Klein K, Pietrzak KZ. 2019. Adaptively secure
proxy re-encryption. PKC: Public-Key Cryptograhy, LNCS, vol. 11443, 317–346.'
mla: Fuchsbauer, Georg, et al. Adaptively Secure Proxy Re-Encryption. Vol.
11443, Springer Nature, 2019, pp. 317–46, doi:10.1007/978-3-030-17259-6_11.
short: G. Fuchsbauer, C. Kamath Hosdurg, K. Klein, K.Z. Pietrzak, in:, Springer
Nature, 2019, pp. 317–346.
conference:
end_date: 2019-04-17
location: Beijing, China
name: 'PKC: Public-Key Cryptograhy'
start_date: 2019-04-14
date_created: 2019-05-13T08:13:46Z
date_published: 2019-04-06T00:00:00Z
date_updated: 2023-09-08T11:33:20Z
day: '06'
department:
- _id: KrPi
doi: 10.1007/978-3-030-17259-6_11
ec_funded: 1
intvolume: ' 11443'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2018/426
month: '04'
oa: 1
oa_version: Preprint
page: 317-346
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication_identifier:
eissn:
- '16113349'
isbn:
- '9783030172589'
issn:
- '03029743'
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
related_material:
record:
- id: '10035'
relation: dissertation_contains
status: public
scopus_import: '1'
status: public
title: Adaptively secure proxy re-encryption
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 11443
year: '2019'
...
---
_id: '10286'
abstract:
- lang: eng
text: 'In this paper, we evaluate clock signals generated in ring oscillators and
self-timed rings and the way their jitter can be transformed into random numbers.
We show that counting the periods of the jittery clock signal produces random
numbers of significantly better quality than the methods in which the jittery
signal is simply sampled (the case in almost all current methods). Moreover, we
use the counter values to characterize and continuously monitor the source of
randomness. However, instead of using the widely used statistical variance, we
propose to use Allan variance to do so. There are two main advantages: Allan variance
is insensitive to low frequency noises such as flicker noise that are known to
be autocorrelated and significantly less circuitry is required for its computation
than that used to compute commonly used variance. We also show that it is essential
to use a differential principle of randomness extraction from the jitter based
on the use of two identical oscillators to avoid autocorrelations originating
from external and internal global jitter sources and that this fact is valid for
both kinds of rings. Last but not least, we propose a method of statistical testing
based on high order Markov model to show the reduced dependencies when the proposed
randomness extraction is applied.'
article_processing_charge: No
article_type: original
author:
- first_name: Elie Noumon
full_name: Allini, Elie Noumon
last_name: Allini
- first_name: Maciej
full_name: Skórski, Maciej
id: EC09FA6A-02D0-11E9-8223-86B7C91467DD
last_name: Skórski
- first_name: Oto
full_name: Petura, Oto
last_name: Petura
- first_name: Florent
full_name: Bernard, Florent
last_name: Bernard
- first_name: Marek
full_name: Laban, Marek
last_name: Laban
- first_name: Viktor
full_name: Fischer, Viktor
last_name: Fischer
citation:
ama: Allini EN, Skórski M, Petura O, Bernard F, Laban M, Fischer V. Evaluation and
monitoring of free running oscillators serving as source of randomness. IACR
Transactions on Cryptographic Hardware and Embedded Systems. 2018;2018(3):214-242.
doi:10.13154/tches.v2018.i3.214-242
apa: Allini, E. N., Skórski, M., Petura, O., Bernard, F., Laban, M., & Fischer,
V. (2018). Evaluation and monitoring of free running oscillators serving as source
of randomness. IACR Transactions on Cryptographic Hardware and Embedded Systems.
International Association for Cryptologic Research. https://doi.org/10.13154/tches.v2018.i3.214-242
chicago: Allini, Elie Noumon, Maciej Skórski, Oto Petura, Florent Bernard, Marek
Laban, and Viktor Fischer. “Evaluation and Monitoring of Free Running Oscillators
Serving as Source of Randomness.” IACR Transactions on Cryptographic Hardware
and Embedded Systems. International Association for Cryptologic Research,
2018. https://doi.org/10.13154/tches.v2018.i3.214-242.
ieee: E. N. Allini, M. Skórski, O. Petura, F. Bernard, M. Laban, and V. Fischer,
“Evaluation and monitoring of free running oscillators serving as source of randomness,”
IACR Transactions on Cryptographic Hardware and Embedded Systems, vol.
2018, no. 3. International Association for Cryptologic Research, pp. 214–242,
2018.
ista: Allini EN, Skórski M, Petura O, Bernard F, Laban M, Fischer V. 2018. Evaluation
and monitoring of free running oscillators serving as source of randomness. IACR
Transactions on Cryptographic Hardware and Embedded Systems. 2018(3), 214–242.
mla: Allini, Elie Noumon, et al. “Evaluation and Monitoring of Free Running Oscillators
Serving as Source of Randomness.” IACR Transactions on Cryptographic Hardware
and Embedded Systems, vol. 2018, no. 3, International Association for Cryptologic
Research, 2018, pp. 214–42, doi:10.13154/tches.v2018.i3.214-242.
short: E.N. Allini, M. Skórski, O. Petura, F. Bernard, M. Laban, V. Fischer, IACR
Transactions on Cryptographic Hardware and Embedded Systems 2018 (2018) 214–242.
date_created: 2021-11-14T23:01:25Z
date_published: 2018-01-01T00:00:00Z
date_updated: 2021-11-15T10:48:49Z
day: '01'
ddc:
- '000'
department:
- _id: KrPi
doi: 10.13154/tches.v2018.i3.214-242
file:
- access_level: open_access
checksum: b816b848f046c48a8357700d9305dce5
content_type: application/pdf
creator: cchlebak
date_created: 2021-11-15T10:27:29Z
date_updated: 2021-11-15T10:27:29Z
file_id: '10289'
file_name: 2018_IACR_Allini.pdf
file_size: 955755
relation: main_file
success: 1
file_date_updated: 2021-11-15T10:27:29Z
has_accepted_license: '1'
intvolume: ' 2018'
issue: '3'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Published Version
page: 214-242
publication: IACR Transactions on Cryptographic Hardware and Embedded Systems
publication_identifier:
eissn:
- 2569-2925
publication_status: published
publisher: International Association for Cryptologic Research
quality_controlled: '1'
scopus_import: '1'
status: public
title: Evaluation and monitoring of free running oscillators serving as source of
randomness
tmp:
image: /images/cc_by.png
legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
short: CC BY (4.0)
type: journal_article
user_id: 8b945eb4-e2f2-11eb-945a-df72226e66a9
volume: 2018
year: '2018'
...
---
_id: '7407'
abstract:
- lang: eng
text: 'Proofs of space (PoS) [Dziembowski et al., CRYPTO''15] are proof systems
where a prover can convince a verifier that he "wastes" disk space. PoS were introduced
as a more ecological and economical replacement for proofs of work which are currently
used to secure blockchains like Bitcoin. In this work we investigate extensions
of PoS which allow the prover to embed useful data into the dedicated space, which
later can be recovered. Our first contribution is a security proof for the original
PoS from CRYPTO''15 in the random oracle model (the original proof only applied
to a restricted class of adversaries which can store a subset of the data an honest
prover would store). When this PoS is instantiated with recent constructions of
maximally depth robust graphs, our proof implies basically optimal security. As
a second contribution we show three different extensions of this PoS where useful
data can be embedded into the space required by the prover. Our security proof
for the PoS extends (non-trivially) to these constructions. We discuss how some
of these variants can be used as proofs of catalytic space (PoCS), a notion we
put forward in this work, and which basically is a PoS where most of the space
required by the prover can be used to backup useful data. Finally we discuss how
one of the extensions is a candidate construction for a proof of replication (PoR),
a proof system recently suggested in the Filecoin whitepaper. '
alternative_title:
- LIPIcs
article_processing_charge: No
author:
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Pietrzak KZ. Proofs of catalytic space. In: 10th Innovations in Theoretical
Computer Science Conference (ITCS 2019). Vol 124. Schloss Dagstuhl - Leibniz-Zentrum
für Informatik; 2018:59:1-59:25. doi:10.4230/LIPICS.ITCS.2019.59'
apa: 'Pietrzak, K. Z. (2018). Proofs of catalytic space. In 10th Innovations
in Theoretical Computer Science Conference (ITCS 2019) (Vol. 124, p. 59:1-59:25).
San Diego, CA, United States: Schloss Dagstuhl - Leibniz-Zentrum für Informatik.
https://doi.org/10.4230/LIPICS.ITCS.2019.59'
chicago: Pietrzak, Krzysztof Z. “Proofs of Catalytic Space.” In 10th Innovations
in Theoretical Computer Science Conference (ITCS 2019), 124:59:1-59:25. Schloss
Dagstuhl - Leibniz-Zentrum für Informatik, 2018. https://doi.org/10.4230/LIPICS.ITCS.2019.59.
ieee: K. Z. Pietrzak, “Proofs of catalytic space,” in 10th Innovations in Theoretical
Computer Science Conference (ITCS 2019), San Diego, CA, United States, 2018,
vol. 124, p. 59:1-59:25.
ista: 'Pietrzak KZ. 2018. Proofs of catalytic space. 10th Innovations in Theoretical
Computer Science Conference (ITCS 2019). ITCS: Innovations in theoretical Computer
Science Conference, LIPIcs, vol. 124, 59:1-59:25.'
mla: Pietrzak, Krzysztof Z. “Proofs of Catalytic Space.” 10th Innovations in
Theoretical Computer Science Conference (ITCS 2019), vol. 124, Schloss Dagstuhl
- Leibniz-Zentrum für Informatik, 2018, p. 59:1-59:25, doi:10.4230/LIPICS.ITCS.2019.59.
short: K.Z. Pietrzak, in:, 10th Innovations in Theoretical Computer Science Conference
(ITCS 2019), Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2018, p. 59:1-59:25.
conference:
end_date: 2019-01-12
location: San Diego, CA, United States
name: 'ITCS: Innovations in theoretical Computer Science Conference'
start_date: 2019-01-10
date_created: 2020-01-30T09:16:05Z
date_published: 2018-12-31T00:00:00Z
date_updated: 2021-01-12T08:13:26Z
day: '31'
ddc:
- '000'
department:
- _id: KrPi
doi: 10.4230/LIPICS.ITCS.2019.59
ec_funded: 1
file:
- access_level: open_access
checksum: 5cebb7f7849a3beda898f697d755dd96
content_type: application/pdf
creator: dernst
date_created: 2020-02-04T08:17:52Z
date_updated: 2020-07-14T12:47:57Z
file_id: '7443'
file_name: 2018_LIPIcs_Pietrzak.pdf
file_size: 822884
relation: main_file
file_date_updated: 2020-07-14T12:47:57Z
has_accepted_license: '1'
intvolume: ' 124'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2018/194
month: '12'
oa: 1
oa_version: Published Version
page: 59:1-59:25
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication: 10th Innovations in Theoretical Computer Science Conference (ITCS 2019)
publication_identifier:
isbn:
- 978-3-95977-095-8
issn:
- 1868-8969
publication_status: published
publisher: Schloss Dagstuhl - Leibniz-Zentrum für Informatik
quality_controlled: '1'
scopus_import: 1
status: public
title: Proofs of catalytic space
tmp:
image: /images/cc_by.png
legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
short: CC BY (4.0)
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 124
year: '2018'
...
---
_id: '83'
abstract:
- lang: eng
text: "A proof system is a protocol between a prover and a verifier over a common
input in which an honest prover convinces the verifier of the validity of true
statements. Motivated by the success of decentralized cryptocurrencies, exemplified
by Bitcoin, the focus of this thesis will be on proof systems which found applications
in some sustainable alternatives to Bitcoin, such as the Spacemint and Chia cryptocurrencies.
In particular, we focus on proofs of space and proofs of sequential work.\r\nProofs
of space (PoSpace) were suggested as more ecological, economical, and egalitarian
alternative to the energy-wasteful proof-of-work mining of Bitcoin. However, the
state-of-the-art constructions of PoSpace are based on sophisticated graph pebbling
lower bounds, and are therefore complex. Moreover, when these PoSpace are used
in cryptocurrencies like Spacemint, miners can only start mining after ensuring
that a commitment to their space is already added in a special transaction to
the blockchain. Proofs of sequential work (PoSW) are proof systems in which a
prover, upon receiving a statement x and a time parameter T, computes a proof
which convinces the verifier that T time units had passed since x was received.
Whereas Spacemint assumes synchrony to retain some interesting Bitcoin dynamics,
Chia requires PoSW with unique proofs, i.e., PoSW in which it is hard to come
up with more than one accepting proof for any true statement. In this thesis we
construct simple and practically-efficient PoSpace and PoSW. When using our PoSpace
in cryptocurrencies, miners can start mining on the fly, like in Bitcoin, and
unlike current constructions of PoSW, which either achieve efficient verification
of sequential work, or faster-than-recomputing verification of correctness of
proofs, but not both at the same time, ours achieve the best of these two worlds."
alternative_title:
- ISTA Thesis
article_processing_charge: No
author:
- first_name: Hamza M
full_name: Abusalah, Hamza M
id: 40297222-F248-11E8-B48F-1D18A9856A87
last_name: Abusalah
citation:
ama: Abusalah HM. Proof systems for sustainable decentralized cryptocurrencies.
2018. doi:10.15479/AT:ISTA:TH_1046
apa: Abusalah, H. M. (2018). Proof systems for sustainable decentralized cryptocurrencies.
Institute of Science and Technology Austria. https://doi.org/10.15479/AT:ISTA:TH_1046
chicago: Abusalah, Hamza M. “Proof Systems for Sustainable Decentralized Cryptocurrencies.”
Institute of Science and Technology Austria, 2018. https://doi.org/10.15479/AT:ISTA:TH_1046.
ieee: H. M. Abusalah, “Proof systems for sustainable decentralized cryptocurrencies,”
Institute of Science and Technology Austria, 2018.
ista: Abusalah HM. 2018. Proof systems for sustainable decentralized cryptocurrencies.
Institute of Science and Technology Austria.
mla: Abusalah, Hamza M. Proof Systems for Sustainable Decentralized Cryptocurrencies.
Institute of Science and Technology Austria, 2018, doi:10.15479/AT:ISTA:TH_1046.
short: H.M. Abusalah, Proof Systems for Sustainable Decentralized Cryptocurrencies,
Institute of Science and Technology Austria, 2018.
date_created: 2018-12-11T11:44:32Z
date_published: 2018-09-05T00:00:00Z
date_updated: 2023-09-07T12:30:23Z
day: '05'
ddc:
- '004'
degree_awarded: PhD
department:
- _id: KrPi
doi: 10.15479/AT:ISTA:TH_1046
ec_funded: 1
file:
- access_level: open_access
checksum: c4b5f7d111755d1396787f41886fc674
content_type: application/pdf
creator: dernst
date_created: 2019-04-09T06:43:41Z
date_updated: 2020-07-14T12:48:11Z
file_id: '6245'
file_name: 2018_Thesis_Abusalah.pdf
file_size: 876241
relation: main_file
- access_level: closed
checksum: 0f382ac56b471c48fd907d63eb87dafe
content_type: application/x-gzip
creator: dernst
date_created: 2019-04-09T06:43:41Z
date_updated: 2020-07-14T12:48:11Z
file_id: '6246'
file_name: 2018_Thesis_Abusalah_source.tar.gz
file_size: 2029190
relation: source_file
file_date_updated: 2020-07-14T12:48:11Z
has_accepted_license: '1'
language:
- iso: eng
month: '09'
oa: 1
oa_version: Published Version
page: '59'
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication_identifier:
issn:
- 2663-337X
publication_status: published
publisher: Institute of Science and Technology Austria
publist_id: '7971'
pubrep_id: '1046'
related_material:
record:
- id: '1229'
relation: part_of_dissertation
status: public
- id: '1235'
relation: part_of_dissertation
status: public
- id: '1236'
relation: part_of_dissertation
status: public
- id: '559'
relation: part_of_dissertation
status: public
status: public
supervisor:
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
title: Proof systems for sustainable decentralized cryptocurrencies
type: dissertation
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
year: '2018'
...
---
_id: '108'
abstract:
- lang: eng
text: Universal hashing found a lot of applications in computer science. In cryptography
the most important fact about universal families is the so called Leftover Hash
Lemma, proved by Impagliazzo, Levin and Luby. In the language of modern cryptography
it states that almost universal families are good extractors. In this work we
provide a somewhat surprising characterization in the opposite direction. Namely,
every extractor with sufficiently good parameters yields a universal family on
a noticeable fraction of its inputs. Our proof technique is based on tools from
extremal graph theory applied to the \'collision graph\' induced by the extractor,
and may be of independent interest. We discuss possible applications to the theory
of randomness extractors and non-malleable codes.
alternative_title:
- ISIT Proceedings
article_processing_charge: No
author:
- first_name: Marciej
full_name: Obremski, Marciej
last_name: Obremski
- first_name: Maciej
full_name: Skorski, Maciej
id: EC09FA6A-02D0-11E9-8223-86B7C91467DD
last_name: Skorski
citation:
ama: 'Obremski M, Skórski M. Inverted leftover hash lemma. In: Vol 2018. IEEE; 2018.
doi:10.1109/ISIT.2018.8437654'
apa: 'Obremski, M., & Skórski, M. (2018). Inverted leftover hash lemma (Vol.
2018). Presented at the ISIT: International Symposium on Information Theory, Vail,
CO, USA: IEEE. https://doi.org/10.1109/ISIT.2018.8437654'
chicago: Obremski, Marciej, and Maciej Skórski. “Inverted Leftover Hash Lemma,”
Vol. 2018. IEEE, 2018. https://doi.org/10.1109/ISIT.2018.8437654.
ieee: 'M. Obremski and M. Skórski, “Inverted leftover hash lemma,” presented at
the ISIT: International Symposium on Information Theory, Vail, CO, USA, 2018,
vol. 2018.'
ista: 'Obremski M, Skórski M. 2018. Inverted leftover hash lemma. ISIT: International
Symposium on Information Theory, ISIT Proceedings, vol. 2018.'
mla: Obremski, Marciej, and Maciej Skórski. Inverted Leftover Hash Lemma.
Vol. 2018, IEEE, 2018, doi:10.1109/ISIT.2018.8437654.
short: M. Obremski, M. Skórski, in:, IEEE, 2018.
conference:
end_date: 2018-06-22
location: Vail, CO, USA
name: 'ISIT: International Symposium on Information Theory'
start_date: '2018-06-17 '
date_created: 2018-12-11T11:44:40Z
date_published: 2018-08-16T00:00:00Z
date_updated: 2023-09-13T08:23:18Z
day: '16'
department:
- _id: KrPi
doi: 10.1109/ISIT.2018.8437654
external_id:
isi:
- '000448139300368'
intvolume: ' 2018'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2017/507
month: '08'
oa: 1
oa_version: Submitted Version
publication_status: published
publisher: IEEE
publist_id: '7946'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Inverted leftover hash lemma
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 2018
year: '2018'
...
---
_id: '107'
abstract:
- lang: eng
text: 'We introduce the notion of “non-malleable codes” which relaxes the notion
of error correction and error detection. Informally, a code is non-malleable if
the message contained in a modified codeword is either the original message, or
a completely unrelated value. In contrast to error correction and error detection,
non-malleability can be achieved for very rich classes of modifications. We construct
an efficient code that is non-malleable with respect to modifications that affect
each bit of the codeword arbitrarily (i.e., leave it untouched, flip it, or set
it to either 0 or 1), but independently of the value of the other bits of the
codeword. Using the probabilistic method, we also show a very strong and general
statement: there exists a non-malleable code for every “small enough” family F
of functions via which codewords can be modified. Although this probabilistic
method argument does not directly yield efficient constructions, it gives us efficient
non-malleable codes in the random-oracle model for very general classes of tampering
functions—e.g., functions where every bit in the tampered codeword can depend
arbitrarily on any 99% of the bits in the original codeword. As an application
of non-malleable codes, we show that they provide an elegant algorithmic solution
to the task of protecting functionalities implemented in hardware (e.g., signature
cards) against “tampering attacks.” In such attacks, the secret state of a physical
system is tampered, in the hopes that future interaction with the modified system
will reveal some secret information. This problem was previously studied in the
work of Gennaro et al. in 2004 under the name “algorithmic tamper proof security”
(ATP). We show that non-malleable codes can be used to achieve important improvements
over the prior work. In particular, we show that any functionality can be made
secure against a large class of tampering attacks, simply by encoding the secret
state with a non-malleable code while it is stored in memory.'
article_number: '20'
article_processing_charge: No
article_type: original
author:
- first_name: Stefan
full_name: Dziembowski, Stefan
last_name: Dziembowski
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Daniel
full_name: Wichs, Daniel
last_name: Wichs
citation:
ama: Dziembowski S, Pietrzak KZ, Wichs D. Non-malleable codes. Journal of the
ACM. 2018;65(4). doi:10.1145/3178432
apa: Dziembowski, S., Pietrzak, K. Z., & Wichs, D. (2018). Non-malleable codes.
Journal of the ACM. ACM. https://doi.org/10.1145/3178432
chicago: Dziembowski, Stefan, Krzysztof Z Pietrzak, and Daniel Wichs. “Non-Malleable
Codes.” Journal of the ACM. ACM, 2018. https://doi.org/10.1145/3178432.
ieee: S. Dziembowski, K. Z. Pietrzak, and D. Wichs, “Non-malleable codes,” Journal
of the ACM, vol. 65, no. 4. ACM, 2018.
ista: Dziembowski S, Pietrzak KZ, Wichs D. 2018. Non-malleable codes. Journal of
the ACM. 65(4), 20.
mla: Dziembowski, Stefan, et al. “Non-Malleable Codes.” Journal of the ACM,
vol. 65, no. 4, 20, ACM, 2018, doi:10.1145/3178432.
short: S. Dziembowski, K.Z. Pietrzak, D. Wichs, Journal of the ACM 65 (2018).
date_created: 2018-12-11T11:44:40Z
date_published: 2018-08-01T00:00:00Z
date_updated: 2023-09-13T09:05:17Z
day: '01'
department:
- _id: KrPi
doi: 10.1145/3178432
ec_funded: 1
external_id:
isi:
- '000442938200004'
intvolume: ' 65'
isi: 1
issue: '4'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2009/608
month: '08'
oa: 1
oa_version: Preprint
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
- _id: 258C570E-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '259668'
name: Provable Security for Physical Cryptography
publication: Journal of the ACM
publication_status: published
publisher: ACM
publist_id: '7947'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Non-malleable codes
type: journal_article
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 65
year: '2018'
...
---
_id: '193'
abstract:
- lang: eng
text: 'We show attacks on five data-independent memory-hard functions (iMHF) that
were submitted to the password hashing competition (PHC). Informally, an MHF is
a function which cannot be evaluated on dedicated hardware, like ASICs, at significantly
lower hardware and/or energy cost than evaluating a single instance on a standard
single-core architecture. Data-independent means the memory access pattern of
the function is independent of the input; this makes iMHFs harder to construct
than data-dependent ones, but the latter can be attacked by various side-channel
attacks. Following [Alwen-Blocki''16], we capture the evaluation of an iMHF as
a directed acyclic graph (DAG). The cumulative parallel pebbling complexity of
this DAG is a measure for the hardware cost of evaluating the iMHF on an ASIC.
Ideally, one would like the complexity of a DAG underlying an iMHF to be as close
to quadratic in the number of nodes of the graph as possible. Instead, we show
that (the DAGs underlying) the following iMHFs are far from this bound: Rig.v2,
TwoCats and Gambit each having an exponent no more than 1.75. Moreover, we show
that the complexity of the iMHF modes of the PHC finalists Pomelo and Lyra2 have
exponents at most 1.83 and 1.67 respectively. To show this we investigate a combinatorial
property of each underlying DAG (called its depth-robustness. By establishing
upper bounds on this property we are then able to apply the general technique
of [Alwen-Block''16] for analyzing the hardware costs of an iMHF.'
acknowledgement: Leonid Reyzin was supported in part by IST Austria and by US NSF
grants 1012910, 1012798, and 1422965; this research was performed while he was visiting
IST Austria.
article_processing_charge: No
author:
- first_name: Joel F
full_name: Alwen, Joel F
id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
last_name: Alwen
- first_name: Peter
full_name: Gazi, Peter
last_name: Gazi
- first_name: Chethan
full_name: Kamath Hosdurg, Chethan
id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
last_name: Kamath Hosdurg
- first_name: Karen
full_name: Klein, Karen
id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87
last_name: Klein
- first_name: Georg F
full_name: Osang, Georg F
id: 464B40D6-F248-11E8-B48F-1D18A9856A87
last_name: Osang
orcid: 0000-0002-8882-5116
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Lenoid
full_name: Reyzin, Lenoid
last_name: Reyzin
- first_name: Michal
full_name: Rolinek, Michal
id: 3CB3BC06-F248-11E8-B48F-1D18A9856A87
last_name: Rolinek
- first_name: Michal
full_name: Rybar, Michal
id: 2B3E3DE8-F248-11E8-B48F-1D18A9856A87
last_name: Rybar
citation:
ama: 'Alwen JF, Gazi P, Kamath Hosdurg C, et al. On the memory hardness of data
independent password hashing functions. In: Proceedings of the 2018 on Asia
Conference on Computer and Communication Security. ACM; 2018:51-65. doi:10.1145/3196494.3196534'
apa: 'Alwen, J. F., Gazi, P., Kamath Hosdurg, C., Klein, K., Osang, G. F., Pietrzak,
K. Z., … Rybar, M. (2018). On the memory hardness of data independent password
hashing functions. In Proceedings of the 2018 on Asia Conference on Computer
and Communication Security (pp. 51–65). Incheon, Republic of Korea: ACM. https://doi.org/10.1145/3196494.3196534'
chicago: Alwen, Joel F, Peter Gazi, Chethan Kamath Hosdurg, Karen Klein, Georg F
Osang, Krzysztof Z Pietrzak, Lenoid Reyzin, Michal Rolinek, and Michal Rybar.
“On the Memory Hardness of Data Independent Password Hashing Functions.” In Proceedings
of the 2018 on Asia Conference on Computer and Communication Security, 51–65.
ACM, 2018. https://doi.org/10.1145/3196494.3196534.
ieee: J. F. Alwen et al., “On the memory hardness of data independent password
hashing functions,” in Proceedings of the 2018 on Asia Conference on Computer
and Communication Security, Incheon, Republic of Korea, 2018, pp. 51–65.
ista: 'Alwen JF, Gazi P, Kamath Hosdurg C, Klein K, Osang GF, Pietrzak KZ, Reyzin
L, Rolinek M, Rybar M. 2018. On the memory hardness of data independent password
hashing functions. Proceedings of the 2018 on Asia Conference on Computer and
Communication Security. ASIACCS: Asia Conference on Computer and Communications
Security , 51–65.'
mla: Alwen, Joel F., et al. “On the Memory Hardness of Data Independent Password
Hashing Functions.” Proceedings of the 2018 on Asia Conference on Computer
and Communication Security, ACM, 2018, pp. 51–65, doi:10.1145/3196494.3196534.
short: J.F. Alwen, P. Gazi, C. Kamath Hosdurg, K. Klein, G.F. Osang, K.Z. Pietrzak,
L. Reyzin, M. Rolinek, M. Rybar, in:, Proceedings of the 2018 on Asia Conference
on Computer and Communication Security, ACM, 2018, pp. 51–65.
conference:
end_date: 2018-06-08
location: Incheon, Republic of Korea
name: 'ASIACCS: Asia Conference on Computer and Communications Security '
start_date: 2018-06-04
date_created: 2018-12-11T11:45:07Z
date_published: 2018-06-01T00:00:00Z
date_updated: 2023-09-13T09:13:12Z
day: '01'
department:
- _id: KrPi
- _id: HeEd
- _id: VlKo
doi: 10.1145/3196494.3196534
ec_funded: 1
external_id:
isi:
- '000516620100005'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2016/783
month: '06'
oa: 1
oa_version: Submitted Version
page: 51 - 65
project:
- _id: 25FBA906-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '616160'
name: 'Discrete Optimization in Computer Vision: Theory and Practice'
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication: Proceedings of the 2018 on Asia Conference on Computer and Communication
Security
publication_status: published
publisher: ACM
publist_id: '7723'
quality_controlled: '1'
scopus_import: '1'
status: public
title: On the memory hardness of data independent password hashing functions
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
year: '2018'
...
---
_id: '300'
abstract:
- lang: eng
text: We introduce a formal quantitative notion of “bit security” for a general
type of cryptographic games (capturing both decision and search problems), aimed
at capturing the intuition that a cryptographic primitive with k-bit security
is as hard to break as an ideal cryptographic function requiring a brute force
attack on a k-bit key space. Our new definition matches the notion of bit security
commonly used by cryptographers and cryptanalysts when studying search (e.g.,
key recovery) problems, where the use of the traditional definition is well established.
However, it produces a quantitatively different metric in the case of decision
(indistinguishability) problems, where the use of (a straightforward generalization
of) the traditional definition is more problematic and leads to a number of paradoxical
situations or mismatches between theoretical/provable security and practical/common
sense intuition. Key to our new definition is to consider adversaries that may
explicitly declare failure of the attack. We support and justify the new definition
by proving a number of technical results, including tight reductions between several
standard cryptographic problems, a new hybrid theorem that preserves bit security,
and an application to the security analysis of indistinguishability primitives
making use of (approximate) floating point numbers. This is the first result showing
that (standard precision) 53-bit floating point numbers can be used to achieve
100-bit security in the context of cryptographic primitives with general indistinguishability-based
security definitions. Previous results of this type applied only to search problems,
or special types of decision problems.
acknowledgement: Research supported in part by the Defense Advanced Research Projects
Agency (DARPA) and the U.S. Army Research Office under the SafeWare program. Opinions,
findings and conclusions or recommendations expressed in this material are those
of the author(s) and do not necessarily reflect the views, position or policy of
the Government. The second author was also supported by the European Research Council,
ERC consolidator grant (682815 - TOCNeT).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Daniele
full_name: Micciancio, Daniele
last_name: Micciancio
- first_name: Michael
full_name: Walter, Michael
id: 488F98B0-F248-11E8-B48F-1D18A9856A87
last_name: Walter
orcid: 0000-0003-3186-2482
citation:
ama: 'Micciancio D, Walter M. On the bit security of cryptographic primitives. In:
Vol 10820. Springer; 2018:3-28. doi:10.1007/978-3-319-78381-9_1'
apa: 'Micciancio, D., & Walter, M. (2018). On the bit security of cryptographic
primitives (Vol. 10820, pp. 3–28). Presented at the Eurocrypt: Advances in Cryptology,
Tel Aviv, Israel: Springer. https://doi.org/10.1007/978-3-319-78381-9_1'
chicago: Micciancio, Daniele, and Michael Walter. “On the Bit Security of Cryptographic
Primitives,” 10820:3–28. Springer, 2018. https://doi.org/10.1007/978-3-319-78381-9_1.
ieee: 'D. Micciancio and M. Walter, “On the bit security of cryptographic primitives,”
presented at the Eurocrypt: Advances in Cryptology, Tel Aviv, Israel, 2018, vol.
10820, pp. 3–28.'
ista: 'Micciancio D, Walter M. 2018. On the bit security of cryptographic primitives.
Eurocrypt: Advances in Cryptology, LNCS, vol. 10820, 3–28.'
mla: Micciancio, Daniele, and Michael Walter. On the Bit Security of Cryptographic
Primitives. Vol. 10820, Springer, 2018, pp. 3–28, doi:10.1007/978-3-319-78381-9_1.
short: D. Micciancio, M. Walter, in:, Springer, 2018, pp. 3–28.
conference:
end_date: 2018-05-03
location: Tel Aviv, Israel
name: 'Eurocrypt: Advances in Cryptology'
start_date: 2018-04-29
date_created: 2018-12-11T11:45:42Z
date_published: 2018-03-31T00:00:00Z
date_updated: 2023-09-13T09:12:04Z
day: '31'
department:
- _id: KrPi
doi: 10.1007/978-3-319-78381-9_1
ec_funded: 1
external_id:
isi:
- '000517097500001'
intvolume: ' 10820'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2018/077
month: '03'
oa: 1
oa_version: Submitted Version
page: 3 - 28
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication_status: published
publisher: Springer
publist_id: '7581'
quality_controlled: '1'
scopus_import: '1'
status: public
title: On the bit security of cryptographic primitives
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 10820
year: '2018'
...
---
_id: '302'
abstract:
- lang: eng
text: At ITCS 2013, Mahmoody, Moran and Vadhan [MMV13] introduce and construct publicly
verifiable proofs of sequential work, which is a protocol for proving that one
spent sequential computational work related to some statement. The original motivation
for such proofs included non-interactive time-stamping and universally verifiable
CPU benchmarks. A more recent application, and our main motivation, are blockchain
designs, where proofs of sequential work can be used – in combination with proofs
of space – as a more ecological and economical substitute for proofs of work which
are currently used to secure Bitcoin and other cryptocurrencies. The construction
proposed by [MMV13] is based on a hash function and can be proven secure in the
random oracle model, or assuming inherently sequential hash-functions, which is
a new standard model assumption introduced in their work. In a proof of sequential
work, a prover gets a “statement” χ, a time parameter N and access to a hash-function
H, which for the security proof is modelled as a random oracle. Correctness requires
that an honest prover can make a verifier accept making only N queries to H, while
soundness requires that any prover who makes the verifier accept must have made
(almost) N sequential queries to H. Thus a solution constitutes a proof that N
time passed since χ was received. Solutions must be publicly verifiable in time
at most polylogarithmic in N. The construction of [MMV13] is based on “depth-robust”
graphs, and as a consequence has rather poor concrete parameters. But the major
drawback is that the prover needs not just N time, but also N space to compute
a proof. In this work we propose a proof of sequential work which is much simpler,
more efficient and achieves much better concrete bounds. Most importantly, the
space required can be as small as log (N) (but we get better soundness using slightly
more memory than that). An open problem stated by [MMV13] that our construction
does not solve either is achieving a “unique” proof, where even a cheating prover
can only generate a single accepting proof. This property would be extremely useful
for applications to blockchains.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Bram
full_name: Cohen, Bram
last_name: Cohen
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Cohen B, Pietrzak KZ. Simple proofs of sequential work. In: Vol 10821. Springer;
2018:451-467. doi:10.1007/978-3-319-78375-8_15'
apa: 'Cohen, B., & Pietrzak, K. Z. (2018). Simple proofs of sequential work
(Vol. 10821, pp. 451–467). Presented at the Eurocrypt: Advances in Cryptology,
Tel Aviv, Israel: Springer. https://doi.org/10.1007/978-3-319-78375-8_15'
chicago: Cohen, Bram, and Krzysztof Z Pietrzak. “Simple Proofs of Sequential Work,”
10821:451–67. Springer, 2018. https://doi.org/10.1007/978-3-319-78375-8_15.
ieee: 'B. Cohen and K. Z. Pietrzak, “Simple proofs of sequential work,” presented
at the Eurocrypt: Advances in Cryptology, Tel Aviv, Israel, 2018, vol. 10821,
pp. 451–467.'
ista: 'Cohen B, Pietrzak KZ. 2018. Simple proofs of sequential work. Eurocrypt:
Advances in Cryptology, LNCS, vol. 10821, 451–467.'
mla: Cohen, Bram, and Krzysztof Z. Pietrzak. Simple Proofs of Sequential Work.
Vol. 10821, Springer, 2018, pp. 451–67, doi:10.1007/978-3-319-78375-8_15.
short: B. Cohen, K.Z. Pietrzak, in:, Springer, 2018, pp. 451–467.
conference:
end_date: 2018-05-03
location: Tel Aviv, Israel
name: 'Eurocrypt: Advances in Cryptology'
start_date: 2018-04-29
date_created: 2018-12-11T11:45:42Z
date_published: 2018-05-29T00:00:00Z
date_updated: 2023-09-18T09:29:33Z
day: '29'
department:
- _id: KrPi
doi: 10.1007/978-3-319-78375-8_15
ec_funded: 1
external_id:
isi:
- '000517098700015'
intvolume: ' 10821'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2018/183.pdf
month: '05'
oa: 1
oa_version: Submitted Version
page: 451 - 467
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication_status: published
publisher: Springer
publist_id: '7579'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Simple proofs of sequential work
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 10821
year: '2018'
...
---
_id: '298'
abstract:
- lang: eng
text: "Memory-hard functions (MHF) are functions whose evaluation cost is dominated
by memory cost. MHFs are egalitarian, in the sense that evaluating them on dedicated
hardware (like FPGAs or ASICs) is not much cheaper than on off-the-shelf hardware
(like x86 CPUs). MHFs have interesting cryptographic applications, most notably
to password hashing and securing blockchains.\r\n\r\nAlwen and Serbinenko [STOC’15]
define the cumulative memory complexity (cmc) of a function as the sum (over all
time-steps) of the amount of memory required to compute the function. They advocate
that a good MHF must have high cmc. Unlike previous notions, cmc takes into account
that dedicated hardware might exploit amortization and parallelism. Still, cmc
has been critizised as insufficient, as it fails to capture possible time-memory
trade-offs; as memory cost doesn’t scale linearly, functions with the same cmc
could still have very different actual hardware cost.\r\n\r\nIn this work we address
this problem, and introduce the notion of sustained-memory complexity, which requires
that any algorithm evaluating the function must use a large amount of memory for
many steps. We construct functions (in the parallel random oracle model) whose
sustained-memory complexity is almost optimal: our function can be evaluated using
n steps and O(n/log(n)) memory, in each step making one query to the (fixed-input
length) random oracle, while any algorithm that can make arbitrary many parallel
queries to the random oracle, still needs Ω(n/log(n)) memory for Ω(n) steps.\r\n\r\nAs
has been done for various notions (including cmc) before, we reduce the task of
constructing an MHFs with high sustained-memory complexity to proving pebbling
lower bounds on DAGs. Our main technical contribution is the construction is a
family of DAGs on n nodes with constant indegree with high “sustained-space complexity”,
meaning that any parallel black-pebbling strategy requires Ω(n/log(n)) pebbles
for at least Ω(n) steps.\r\n\r\nAlong the way we construct a family of maximally
“depth-robust” DAGs with maximum indegree O(logn) , improving upon the construction
of Mahmoody et al. [ITCS’13] which had maximum indegree O(log2n⋅"
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Joel F
full_name: Alwen, Joel F
id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
last_name: Alwen
- first_name: Jeremiah
full_name: Blocki, Jeremiah
last_name: Blocki
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Alwen JF, Blocki J, Pietrzak KZ. Sustained space complexity. In: Vol 10821.
Springer; 2018:99-130. doi:10.1007/978-3-319-78375-8_4'
apa: 'Alwen, J. F., Blocki, J., & Pietrzak, K. Z. (2018). Sustained space complexity
(Vol. 10821, pp. 99–130). Presented at the Eurocrypt 2018: Advances in Cryptology,
Tel Aviv, Israel: Springer. https://doi.org/10.1007/978-3-319-78375-8_4'
chicago: Alwen, Joel F, Jeremiah Blocki, and Krzysztof Z Pietrzak. “Sustained Space
Complexity,” 10821:99–130. Springer, 2018. https://doi.org/10.1007/978-3-319-78375-8_4.
ieee: 'J. F. Alwen, J. Blocki, and K. Z. Pietrzak, “Sustained space complexity,”
presented at the Eurocrypt 2018: Advances in Cryptology, Tel Aviv, Israel, 2018,
vol. 10821, pp. 99–130.'
ista: 'Alwen JF, Blocki J, Pietrzak KZ. 2018. Sustained space complexity. Eurocrypt
2018: Advances in Cryptology, LNCS, vol. 10821, 99–130.'
mla: Alwen, Joel F., et al. Sustained Space Complexity. Vol. 10821, Springer,
2018, pp. 99–130, doi:10.1007/978-3-319-78375-8_4.
short: J.F. Alwen, J. Blocki, K.Z. Pietrzak, in:, Springer, 2018, pp. 99–130.
conference:
end_date: 2018-05-03
location: Tel Aviv, Israel
name: 'Eurocrypt 2018: Advances in Cryptology'
start_date: 2018-04-29
date_created: 2018-12-11T11:45:41Z
date_published: 2018-03-31T00:00:00Z
date_updated: 2023-09-19T09:59:30Z
day: '31'
department:
- _id: KrPi
doi: 10.1007/978-3-319-78375-8_4
ec_funded: 1
external_id:
arxiv:
- '1705.05313'
isi:
- '000517098700004'
intvolume: ' 10821'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://arxiv.org/abs/1705.05313
month: '03'
oa: 1
oa_version: Preprint
page: 99 - 130
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication_status: published
publisher: Springer
publist_id: '7583'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Sustained space complexity
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 10821
year: '2018'
...
---
_id: '5980'
abstract:
- lang: eng
text: The problem of private set-intersection (PSI) has been traditionally treated
as an instance of the more general problem of multi-party computation (MPC). Consequently,
in order to argue security, or compose these protocols one has to rely on the
general theory that was developed for the purpose of MPC. The pursuit of efficient
protocols, however, has resulted in designs that exploit properties pertaining
to PSI. In almost all practical applications where a PSI protocol is deployed,
it is expected to be executed multiple times, possibly on related inputs. In this
work we initiate a dedicated study of PSI in the multi-interaction (MI) setting.
In this model a server sets up the common system parameters and executes set-intersection
multiple times with potentially different clients. We discuss a few attacks that
arise when protocols are naïvely composed in this manner and, accordingly, craft
security definitions for the MI setting and study their inter-relation. Finally,
we suggest a set of protocols that are MI-secure, at the same time almost as efficient
as their parent, stand-alone, protocols.
article_processing_charge: No
author:
- first_name: Sanjit
full_name: Chatterjee, Sanjit
last_name: Chatterjee
- first_name: Chethan
full_name: Kamath Hosdurg, Chethan
id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
last_name: Kamath Hosdurg
- first_name: Vikas
full_name: Kumar, Vikas
last_name: Kumar
citation:
ama: Chatterjee S, Kamath Hosdurg C, Kumar V. Private set-intersection with common
set-up. American Institute of Mathematical Sciences. 2018;12(1):17-47.
doi:10.3934/amc.2018002
apa: Chatterjee, S., Kamath Hosdurg, C., & Kumar, V. (2018). Private set-intersection
with common set-up. American Institute of Mathematical Sciences. AIMS.
https://doi.org/10.3934/amc.2018002
chicago: Chatterjee, Sanjit, Chethan Kamath Hosdurg, and Vikas Kumar. “Private Set-Intersection
with Common Set-Up.” American Institute of Mathematical Sciences. AIMS,
2018. https://doi.org/10.3934/amc.2018002.
ieee: S. Chatterjee, C. Kamath Hosdurg, and V. Kumar, “Private set-intersection
with common set-up,” American Institute of Mathematical Sciences, vol.
12, no. 1. AIMS, pp. 17–47, 2018.
ista: Chatterjee S, Kamath Hosdurg C, Kumar V. 2018. Private set-intersection with
common set-up. American Institute of Mathematical Sciences. 12(1), 17–47.
mla: Chatterjee, Sanjit, et al. “Private Set-Intersection with Common Set-Up.” American
Institute of Mathematical Sciences, vol. 12, no. 1, AIMS, 2018, pp. 17–47,
doi:10.3934/amc.2018002.
short: S. Chatterjee, C. Kamath Hosdurg, V. Kumar, American Institute of Mathematical
Sciences 12 (2018) 17–47.
date_created: 2019-02-13T13:49:41Z
date_published: 2018-02-01T00:00:00Z
date_updated: 2023-09-19T14:27:59Z
day: '01'
department:
- _id: KrPi
doi: 10.3934/amc.2018002
external_id:
isi:
- '000430950400002'
intvolume: ' 12'
isi: 1
issue: '1'
language:
- iso: eng
month: '02'
oa_version: None
page: 17-47
publication: American Institute of Mathematical Sciences
publication_status: published
publisher: AIMS
quality_controlled: '1'
scopus_import: '1'
status: public
title: Private set-intersection with common set-up
type: journal_article
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 12
year: '2018'
...
---
_id: '6941'
abstract:
- lang: eng
text: "Bitcoin has become the most successful cryptocurrency ever deployed, and
its most distinctive feature is that it is decentralized. Its underlying protocol
(Nakamoto consensus) achieves this by using proof of work, which has the drawback
that it causes the consumption of vast amounts of energy to maintain the ledger.
Moreover, Bitcoin mining dynamics have become less distributed over time.\r\n\r\nTowards
addressing these issues, we propose SpaceMint, a cryptocurrency based on proofs
of space instead of proofs of work. Miners in SpaceMint dedicate disk space rather
than computation. We argue that SpaceMint’s design solves or alleviates several
of Bitcoin’s issues: most notably, its large energy consumption. SpaceMint also
rewards smaller miners fairly according to their contribution to the network,
thus incentivizing more distributed participation.\r\n\r\nThis paper adapts proof
of space to enable its use in cryptocurrency, studies the attacks that can arise
against a Bitcoin-like blockchain that uses proof of space, and proposes a new
blockchain format and transaction types to address these attacks. Our prototype
shows that initializing 1 TB for mining takes about a day (a one-off setup cost),
and miners spend on average just a fraction of a second per block mined. Finally,
we provide a game-theoretic analysis modeling SpaceMint as an extensive game (the
canonical game-theoretic notion for games that take place over time) and show
that this stylized game satisfies a strong equilibrium notion, thereby arguing
for SpaceMint ’s stability and consensus."
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Sunoo
full_name: Park, Sunoo
last_name: Park
- first_name: Albert
full_name: Kwon, Albert
last_name: Kwon
- first_name: Georg
full_name: Fuchsbauer, Georg
id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
last_name: Fuchsbauer
- first_name: Peter
full_name: Gazi, Peter
id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
last_name: Gazi
- first_name: Joel F
full_name: Alwen, Joel F
id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
last_name: Alwen
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Park S, Kwon A, Fuchsbauer G, Gazi P, Alwen JF, Pietrzak KZ. SpaceMint: A
cryptocurrency based on proofs of space. In: 22nd International Conference
on Financial Cryptography and Data Security. Vol 10957. Springer Nature; 2018:480-499.
doi:10.1007/978-3-662-58387-6_26'
apa: 'Park, S., Kwon, A., Fuchsbauer, G., Gazi, P., Alwen, J. F., & Pietrzak,
K. Z. (2018). SpaceMint: A cryptocurrency based on proofs of space. In 22nd
International Conference on Financial Cryptography and Data Security (Vol.
10957, pp. 480–499). Nieuwpoort, Curacao: Springer Nature. https://doi.org/10.1007/978-3-662-58387-6_26'
chicago: 'Park, Sunoo, Albert Kwon, Georg Fuchsbauer, Peter Gazi, Joel F Alwen,
and Krzysztof Z Pietrzak. “SpaceMint: A Cryptocurrency Based on Proofs of Space.”
In 22nd International Conference on Financial Cryptography and Data Security,
10957:480–99. Springer Nature, 2018. https://doi.org/10.1007/978-3-662-58387-6_26.'
ieee: 'S. Park, A. Kwon, G. Fuchsbauer, P. Gazi, J. F. Alwen, and K. Z. Pietrzak,
“SpaceMint: A cryptocurrency based on proofs of space,” in 22nd International
Conference on Financial Cryptography and Data Security, Nieuwpoort, Curacao,
2018, vol. 10957, pp. 480–499.'
ista: 'Park S, Kwon A, Fuchsbauer G, Gazi P, Alwen JF, Pietrzak KZ. 2018. SpaceMint:
A cryptocurrency based on proofs of space. 22nd International Conference on Financial
Cryptography and Data Security. FC: Financial Cryptography and Data Security,
LNCS, vol. 10957, 480–499.'
mla: 'Park, Sunoo, et al. “SpaceMint: A Cryptocurrency Based on Proofs of Space.”
22nd International Conference on Financial Cryptography and Data Security,
vol. 10957, Springer Nature, 2018, pp. 480–99, doi:10.1007/978-3-662-58387-6_26.'
short: S. Park, A. Kwon, G. Fuchsbauer, P. Gazi, J.F. Alwen, K.Z. Pietrzak, in:,
22nd International Conference on Financial Cryptography and Data Security, Springer
Nature, 2018, pp. 480–499.
conference:
end_date: 2018-03-02
location: Nieuwpoort, Curacao
name: 'FC: Financial Cryptography and Data Security'
start_date: 2018-02-26
date_created: 2019-10-14T06:35:38Z
date_published: 2018-12-07T00:00:00Z
date_updated: 2023-09-19T15:02:13Z
day: '07'
department:
- _id: KrPi
doi: 10.1007/978-3-662-58387-6_26
ec_funded: 1
external_id:
isi:
- '000540656400026'
intvolume: ' 10957'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2015/528
month: '12'
oa: 1
oa_version: Submitted Version
page: 480-499
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication: 22nd International Conference on Financial Cryptography and Data Security
publication_identifier:
eissn:
- 1611-3349
isbn:
- '9783662583869'
- '9783662583876'
issn:
- 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: 'SpaceMint: A cryptocurrency based on proofs of space'
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 10957
year: '2018'
...
---
_id: '1175'
abstract:
- lang: eng
text: We study space complexity and time-space trade-offs with a focus not on peak
memory usage but on overall memory consumption throughout the computation. Such
a cumulative space measure was introduced for the computational model of parallel
black pebbling by [Alwen and Serbinenko ’15] as a tool for obtaining results in
cryptography. We consider instead the non- deterministic black-white pebble game
and prove optimal cumulative space lower bounds and trade-offs, where in order
to minimize pebbling time the space has to remain large during a significant fraction
of the pebbling. We also initiate the study of cumulative space in proof complexity,
an area where other space complexity measures have been extensively studied during
the last 10–15 years. Using and extending the connection between proof complexity
and pebble games in [Ben-Sasson and Nordström ’08, ’11] we obtain several strong
cumulative space results for (even parallel versions of) the resolution proof
system, and outline some possible future directions of study of this, in our opinion,
natural and interesting space measure.
alternative_title:
- LIPIcs
author:
- first_name: Joel F
full_name: Alwen, Joel F
id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
last_name: Alwen
- first_name: Susanna
full_name: De Rezende, Susanna
last_name: De Rezende
- first_name: Jakob
full_name: Nordstrom, Jakob
last_name: Nordstrom
- first_name: Marc
full_name: Vinyals, Marc
last_name: Vinyals
citation:
ama: 'Alwen JF, De Rezende S, Nordstrom J, Vinyals M. Cumulative space in black-white
pebbling and resolution. In: Papadimitriou C, ed. Vol 67. Schloss Dagstuhl - Leibniz-Zentrum
für Informatik; 2017:38:1-38-21. doi:10.4230/LIPIcs.ITCS.2017.38'
apa: 'Alwen, J. F., De Rezende, S., Nordstrom, J., & Vinyals, M. (2017). Cumulative
space in black-white pebbling and resolution. In C. Papadimitriou (Ed.) (Vol.
67, p. 38:1-38-21). Presented at the ITCS: Innovations in Theoretical Computer
Science, Berkeley, CA, United States: Schloss Dagstuhl - Leibniz-Zentrum für Informatik.
https://doi.org/10.4230/LIPIcs.ITCS.2017.38'
chicago: Alwen, Joel F, Susanna De Rezende, Jakob Nordstrom, and Marc Vinyals. “Cumulative
Space in Black-White Pebbling and Resolution.” edited by Christos Papadimitriou,
67:38:1-38-21. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2017. https://doi.org/10.4230/LIPIcs.ITCS.2017.38.
ieee: 'J. F. Alwen, S. De Rezende, J. Nordstrom, and M. Vinyals, “Cumulative space
in black-white pebbling and resolution,” presented at the ITCS: Innovations in
Theoretical Computer Science, Berkeley, CA, United States, 2017, vol. 67, p. 38:1-38-21.'
ista: 'Alwen JF, De Rezende S, Nordstrom J, Vinyals M. 2017. Cumulative space in
black-white pebbling and resolution. ITCS: Innovations in Theoretical Computer
Science, LIPIcs, vol. 67, 38:1-38-21.'
mla: Alwen, Joel F., et al. Cumulative Space in Black-White Pebbling and Resolution.
Edited by Christos Papadimitriou, vol. 67, Schloss Dagstuhl - Leibniz-Zentrum
für Informatik, 2017, p. 38:1-38-21, doi:10.4230/LIPIcs.ITCS.2017.38.
short: J.F. Alwen, S. De Rezende, J. Nordstrom, M. Vinyals, in:, C. Papadimitriou
(Ed.), Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2017, p. 38:1-38-21.
conference:
end_date: 2017-01-11
location: Berkeley, CA, United States
name: 'ITCS: Innovations in Theoretical Computer Science'
start_date: 2017-01-09
date_created: 2018-12-11T11:50:33Z
date_published: 2017-01-01T00:00:00Z
date_updated: 2021-01-12T06:48:51Z
day: '01'
ddc:
- '005'
- '600'
department:
- _id: KrPi
doi: 10.4230/LIPIcs.ITCS.2017.38
editor:
- first_name: Christos
full_name: Papadimitriou, Christos
last_name: Papadimitriou
file:
- access_level: open_access
checksum: dbc94810be07c2fb1945d5c2a6130e6c
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:17:11Z
date_updated: 2020-07-14T12:44:37Z
file_id: '5263'
file_name: IST-2018-927-v1+1_LIPIcs-ITCS-2017-38.pdf
file_size: 557769
relation: main_file
file_date_updated: 2020-07-14T12:44:37Z
has_accepted_license: '1'
intvolume: ' 67'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Published Version
page: 38:1-38-21
publication_identifier:
issn:
- '18688969'
publication_status: published
publisher: Schloss Dagstuhl - Leibniz-Zentrum für Informatik
publist_id: '6179'
pubrep_id: '927'
quality_controlled: '1'
scopus_import: 1
status: public
title: Cumulative space in black-white pebbling and resolution
tmp:
image: /images/cc_by.png
legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
short: CC BY (4.0)
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 67
year: '2017'
...
---
_id: '605'
abstract:
- lang: eng
text: 'Position based cryptography (PBC), proposed in the seminal work of Chandran,
Goyal, Moriarty, and Ostrovsky (SIAM J. Computing, 2014), aims at constructing
cryptographic schemes in which the identity of the user is his geographic position.
Chandran et al. construct PBC schemes for secure positioning and position-based
key agreement in the bounded-storage model (Maurer, J. Cryptology, 1992). Apart
from bounded memory, their security proofs need a strong additional restriction
on the power of the adversary: he cannot compute joint functions of his inputs.
Removing this assumption is left as an open problem. We show that an answer to
this question would resolve a long standing open problem in multiparty communication
complexity: finding a function that is hard to compute with low communication
complexity in the simultaneous message model, but easy to compute in the fully
adaptive model. On a more positive side: we also show some implications in the
other direction, i.e.: we prove that lower bounds on the communication complexity
of certain multiparty problems imply existence of PBC primitives. Using this result
we then show two attractive ways to “bypass” our hardness result: the first uses
the random oracle model, the second weakens the locality requirement in the bounded-storage
model to online computability. The random oracle construction is arguably one
of the simplest proposed so far in this area. Our results indicate that constructing
improved provably secure protocols for PBC requires a better understanding of
multiparty communication complexity. This is yet another example where negative
results in one area (in our case: lower bounds in multiparty communication complexity)
can be used to construct secure cryptographic schemes.'
alternative_title:
- LNCS
author:
- first_name: Joshua
full_name: Brody, Joshua
last_name: Brody
- first_name: Stefan
full_name: Dziembowski, Stefan
last_name: Dziembowski
- first_name: Sebastian
full_name: Faust, Sebastian
last_name: Faust
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Brody J, Dziembowski S, Faust S, Pietrzak KZ. Position based cryptography
and multiparty communication complexity. In: Kalai Y, Reyzin L, eds. Vol 10677.
Springer; 2017:56-81. doi:10.1007/978-3-319-70500-2_3'
apa: 'Brody, J., Dziembowski, S., Faust, S., & Pietrzak, K. Z. (2017). Position
based cryptography and multiparty communication complexity. In Y. Kalai &
L. Reyzin (Eds.) (Vol. 10677, pp. 56–81). Presented at the TCC: Theory of Cryptography
Conference, Baltimore, MD, United States: Springer. https://doi.org/10.1007/978-3-319-70500-2_3'
chicago: Brody, Joshua, Stefan Dziembowski, Sebastian Faust, and Krzysztof Z Pietrzak.
“Position Based Cryptography and Multiparty Communication Complexity.” edited
by Yael Kalai and Leonid Reyzin, 10677:56–81. Springer, 2017. https://doi.org/10.1007/978-3-319-70500-2_3.
ieee: 'J. Brody, S. Dziembowski, S. Faust, and K. Z. Pietrzak, “Position based cryptography
and multiparty communication complexity,” presented at the TCC: Theory of Cryptography
Conference, Baltimore, MD, United States, 2017, vol. 10677, pp. 56–81.'
ista: 'Brody J, Dziembowski S, Faust S, Pietrzak KZ. 2017. Position based cryptography
and multiparty communication complexity. TCC: Theory of Cryptography Conference,
LNCS, vol. 10677, 56–81.'
mla: Brody, Joshua, et al. Position Based Cryptography and Multiparty Communication
Complexity. Edited by Yael Kalai and Leonid Reyzin, vol. 10677, Springer,
2017, pp. 56–81, doi:10.1007/978-3-319-70500-2_3.
short: J. Brody, S. Dziembowski, S. Faust, K.Z. Pietrzak, in:, Y. Kalai, L. Reyzin
(Eds.), Springer, 2017, pp. 56–81.
conference:
end_date: 2017-11-15
location: Baltimore, MD, United States
name: 'TCC: Theory of Cryptography Conference'
start_date: 2017-11-12
date_created: 2018-12-11T11:47:27Z
date_published: 2017-11-05T00:00:00Z
date_updated: 2021-01-12T08:05:53Z
day: '05'
department:
- _id: KrPi
doi: 10.1007/978-3-319-70500-2_3
ec_funded: 1
editor:
- first_name: Yael
full_name: Kalai, Yael
last_name: Kalai
- first_name: Leonid
full_name: Reyzin, Leonid
last_name: Reyzin
intvolume: ' 10677'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2016/536
month: '11'
oa: 1
oa_version: Submitted Version
page: 56 - 81
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication_identifier:
isbn:
- 978-331970499-9
publication_status: published
publisher: Springer
publist_id: '7200'
quality_controlled: '1'
scopus_import: 1
status: public
title: Position based cryptography and multiparty communication complexity
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 10677
year: '2017'
...
---
_id: '609'
abstract:
- lang: eng
text: Several cryptographic schemes and applications are based on functions that
are both reasonably efficient to compute and moderately hard to invert, including
client puzzles for Denial-of-Service protection, password protection via salted
hashes, or recent proof-of-work blockchain systems. Despite their wide use, a
definition of this concept has not yet been distilled and formalized explicitly.
Instead, either the applications are proven directly based on the assumptions
underlying the function, or some property of the function is proven, but the security
of the application is argued only informally. The goal of this work is to provide
a (universal) definition that decouples the efforts of designing new moderately
hard functions and of building protocols based on them, serving as an interface
between the two. On a technical level, beyond the mentioned definitions, we instantiate
the model for four different notions of hardness. We extend the work of Alwen
and Serbinenko (STOC 2015) by providing a general tool for proving security for
the first notion of memory-hard functions that allows for provably secure applications.
The tool allows us to recover all of the graph-theoretic techniques developed
for proving security under the older, non-composable, notion of security used
by Alwen and Serbinenko. As an application of our definition of moderately hard
functions, we prove the security of two different schemes for proofs of effort
(PoE). We also formalize and instantiate the concept of a non-interactive proof
of effort (niPoE), in which the proof is not bound to a particular communication
context but rather any bit-string chosen by the prover.
alternative_title:
- LNCS
author:
- first_name: Joel F
full_name: Alwen, Joel F
id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
last_name: Alwen
- first_name: Björn
full_name: Tackmann, Björn
last_name: Tackmann
citation:
ama: 'Alwen JF, Tackmann B. Moderately hard functions: Definition, instantiations,
and applications. In: Kalai Y, Reyzin L, eds. Vol 10677. Springer; 2017:493-526.
doi:10.1007/978-3-319-70500-2_17'
apa: 'Alwen, J. F., & Tackmann, B. (2017). Moderately hard functions: Definition,
instantiations, and applications. In Y. Kalai & L. Reyzin (Eds.) (Vol. 10677,
pp. 493–526). Presented at the TCC: Theory of Cryptography, Baltimore, MD, United
States: Springer. https://doi.org/10.1007/978-3-319-70500-2_17'
chicago: 'Alwen, Joel F, and Björn Tackmann. “Moderately Hard Functions: Definition,
Instantiations, and Applications.” edited by Yael Kalai and Leonid Reyzin, 10677:493–526.
Springer, 2017. https://doi.org/10.1007/978-3-319-70500-2_17.'
ieee: 'J. F. Alwen and B. Tackmann, “Moderately hard functions: Definition, instantiations,
and applications,” presented at the TCC: Theory of Cryptography, Baltimore, MD,
United States, 2017, vol. 10677, pp. 493–526.'
ista: 'Alwen JF, Tackmann B. 2017. Moderately hard functions: Definition, instantiations,
and applications. TCC: Theory of Cryptography, LNCS, vol. 10677, 493–526.'
mla: 'Alwen, Joel F., and Björn Tackmann. Moderately Hard Functions: Definition,
Instantiations, and Applications. Edited by Yael Kalai and Leonid Reyzin,
vol. 10677, Springer, 2017, pp. 493–526, doi:10.1007/978-3-319-70500-2_17.'
short: J.F. Alwen, B. Tackmann, in:, Y. Kalai, L. Reyzin (Eds.), Springer, 2017,
pp. 493–526.
conference:
end_date: 2017-11-15
location: Baltimore, MD, United States
name: 'TCC: Theory of Cryptography'
start_date: 2017-11-12
date_created: 2018-12-11T11:47:28Z
date_published: 2017-11-05T00:00:00Z
date_updated: 2021-01-12T08:06:04Z
day: '05'
department:
- _id: KrPi
doi: 10.1007/978-3-319-70500-2_17
editor:
- first_name: Yael
full_name: Kalai, Yael
last_name: Kalai
- first_name: Leonid
full_name: Reyzin, Leonid
last_name: Reyzin
intvolume: ' 10677'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2017/945
month: '11'
oa: 1
oa_version: Submitted Version
page: 493 - 526
publication_identifier:
isbn:
- 978-331970499-9
publication_status: published
publisher: Springer
publist_id: '7196'
quality_controlled: '1'
scopus_import: 1
status: public
title: 'Moderately hard functions: Definition, instantiations, and applications'
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 10677
year: '2017'
...
---
_id: '635'
abstract:
- lang: eng
text: Memory-hard functions (MHFs) are hash algorithms whose evaluation cost is
dominated by memory cost. As memory, unlike computation, costs about the same
across different platforms, MHFs cannot be evaluated at significantly lower cost
on dedicated hardware like ASICs. MHFs have found widespread applications including
password hashing, key derivation, and proofs-of-work. This paper focuses on scrypt,
a simple candidate MHF designed by Percival, and described in RFC 7914. It has
been used within a number of cryptocurrencies (e.g., Litecoin and Dogecoin) and
has been an inspiration for Argon2d, one of the winners of the recent password-hashing
competition. Despite its popularity, no rigorous lower bounds on its memory complexity
are known. We prove that scrypt is optimally memory-hard, i.e., its cumulative
memory complexity (cmc) in the parallel random oracle model is Ω(n2w), where w
and n are the output length and number of invocations of the underlying hash function,
respectively. High cmc is a strong security target for MHFs introduced by Alwen
and Serbinenko (STOC’15) which implies high memory cost even for adversaries who
can amortize the cost over many evaluations and evaluate the underlying hash functions
many times in parallel. Our proof is the first showing optimal memory-hardness
for any MHF. Our result improves both quantitatively and qualitatively upon the
recent work by Alwen et al. (EUROCRYPT’16) who proved a weaker lower bound of
Ω(n2w/ log2 n) for a restricted class of adversaries.
alternative_title:
- LNCS
author:
- first_name: Joel F
full_name: Alwen, Joel F
id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
last_name: Alwen
- first_name: Binchi
full_name: Chen, Binchi
last_name: Chen
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Leonid
full_name: Reyzin, Leonid
last_name: Reyzin
- first_name: Stefano
full_name: Tessaro, Stefano
last_name: Tessaro
citation:
ama: 'Alwen JF, Chen B, Pietrzak KZ, Reyzin L, Tessaro S. Scrypt is maximally memory
hard. In: Coron J-S, Buus Nielsen J, eds. Vol 10212. Springer; 2017:33-62. doi:10.1007/978-3-319-56617-7_2'
apa: 'Alwen, J. F., Chen, B., Pietrzak, K. Z., Reyzin, L., & Tessaro, S. (2017).
Scrypt is maximally memory hard. In J.-S. Coron & J. Buus Nielsen (Eds.) (Vol.
10212, pp. 33–62). Presented at the EUROCRYPT: Theory and Applications of Cryptographic
Techniques, Paris, France: Springer. https://doi.org/10.1007/978-3-319-56617-7_2'
chicago: Alwen, Joel F, Binchi Chen, Krzysztof Z Pietrzak, Leonid Reyzin, and Stefano
Tessaro. “Scrypt Is Maximally Memory Hard.” edited by Jean-Sébastien Coron and
Jesper Buus Nielsen, 10212:33–62. Springer, 2017. https://doi.org/10.1007/978-3-319-56617-7_2.
ieee: 'J. F. Alwen, B. Chen, K. Z. Pietrzak, L. Reyzin, and S. Tessaro, “Scrypt
is maximally memory hard,” presented at the EUROCRYPT: Theory and Applications
of Cryptographic Techniques, Paris, France, 2017, vol. 10212, pp. 33–62.'
ista: 'Alwen JF, Chen B, Pietrzak KZ, Reyzin L, Tessaro S. 2017. Scrypt is maximally
memory hard. EUROCRYPT: Theory and Applications of Cryptographic Techniques, LNCS,
vol. 10212, 33–62.'
mla: Alwen, Joel F., et al. Scrypt Is Maximally Memory Hard. Edited by Jean-Sébastien
Coron and Jesper Buus Nielsen, vol. 10212, Springer, 2017, pp. 33–62, doi:10.1007/978-3-319-56617-7_2.
short: J.F. Alwen, B. Chen, K.Z. Pietrzak, L. Reyzin, S. Tessaro, in:, J.-S. Coron,
J. Buus Nielsen (Eds.), Springer, 2017, pp. 33–62.
conference:
end_date: 2017-05-04
location: Paris, France
name: 'EUROCRYPT: Theory and Applications of Cryptographic Techniques'
start_date: 2017-04-30
date_created: 2018-12-11T11:47:37Z
date_published: 2017-01-01T00:00:00Z
date_updated: 2021-01-12T08:07:10Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-319-56617-7_2
ec_funded: 1
editor:
- first_name: Jean-Sébastien
full_name: Coron, Jean-Sébastien
last_name: Coron
- first_name: Jesper
full_name: Buus Nielsen, Jesper
last_name: Buus Nielsen
intvolume: ' 10212'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2016/989
month: '01'
oa: 1
oa_version: Submitted Version
page: 33 - 62
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication_identifier:
isbn:
- 978-331956616-0
publication_status: published
publisher: Springer
publist_id: '7154'
quality_controlled: '1'
scopus_import: 1
status: public
title: Scrypt is maximally memory hard
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 10212
year: '2017'
...
---
_id: '640'
abstract:
- lang: eng
text: 'Data-independent Memory Hard Functions (iMHFS) are finding a growing number
of applications in security; especially in the domain of password hashing. An
important property of a concrete iMHF is specified by fixing a directed acyclic
graph (DAG) Gn on n nodes. The quality of that iMHF is then captured by the following
two pebbling complexities of Gn: – The parallel cumulative pebbling complexity
Π∥cc(Gn) must be as high as possible (to ensure that the amortized cost of computing
the function on dedicated hardware is dominated by the cost of memory). – The
sequential space-time pebbling complexity Πst(Gn) should be as close as possible
to Π∥cc(Gn) (to ensure that using many cores in parallel and amortizing over many
instances does not give much of an advantage). In this paper we construct a family
of DAGs with best possible parameters in an asymptotic sense, i.e., where Π∥cc(Gn)
= Ω(n2/ log(n)) (which matches a known upper bound) and Πst(Gn) is within a constant
factor of Π∥cc(Gn). Our analysis relies on a new connection between the pebbling
complexity of a DAG and its depth-robustness (DR) – a well studied combinatorial
property. We show that high DR is sufficient for high Π∥cc. Alwen and Blocki (CRYPTO’16)
showed that high DR is necessary and so, together, these results fully characterize
DAGs with high Π∥cc in terms of DR. Complementing these results, we provide new
upper and lower bounds on the Π∥cc of several important candidate iMHFs from the
literature. We give the first lower bounds on the memory hardness of the Catena
and Balloon Hashing functions in a parallel model of computation and we give the
first lower bounds of any kind for (a version) of Argon2i. Finally we describe
a new class of pebbling attacks improving on those of Alwen and Blocki (CRYPTO’16).
By instantiating these attacks we upperbound the Π∥cc of the Password Hashing
Competition winner Argon2i and one of the Balloon Hashing functions by O (n1.71).
We also show an upper bound of O(n1.625) for the Catena functions and the two
remaining Balloon Hashing functions.'
alternative_title:
- LNCS
author:
- first_name: Joel F
full_name: Alwen, Joel F
id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
last_name: Alwen
- first_name: Jeremiah
full_name: Blocki, Jeremiah
last_name: Blocki
- first_name: Krzysztof Z
full_name: Pietrzak, Krzysztof Z
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
citation:
ama: 'Alwen JF, Blocki J, Pietrzak KZ. Depth-robust graphs and their cumulative
memory complexity. In: Coron J-S, Buus Nielsen J, eds. Vol 10212. Springer; 2017:3-32.
doi:10.1007/978-3-319-56617-7_1'
apa: 'Alwen, J. F., Blocki, J., & Pietrzak, K. Z. (2017). Depth-robust graphs
and their cumulative memory complexity. In J.-S. Coron & J. Buus Nielsen (Eds.)
(Vol. 10212, pp. 3–32). Presented at the EUROCRYPT: Theory and Applications of
Cryptographic Techniques, Paris, France: Springer. https://doi.org/10.1007/978-3-319-56617-7_1'
chicago: Alwen, Joel F, Jeremiah Blocki, and Krzysztof Z Pietrzak. “Depth-Robust
Graphs and Their Cumulative Memory Complexity.” edited by Jean-Sébastien Coron
and Jesper Buus Nielsen, 10212:3–32. Springer, 2017. https://doi.org/10.1007/978-3-319-56617-7_1.
ieee: 'J. F. Alwen, J. Blocki, and K. Z. Pietrzak, “Depth-robust graphs and their
cumulative memory complexity,” presented at the EUROCRYPT: Theory and Applications
of Cryptographic Techniques, Paris, France, 2017, vol. 10212, pp. 3–32.'
ista: 'Alwen JF, Blocki J, Pietrzak KZ. 2017. Depth-robust graphs and their cumulative
memory complexity. EUROCRYPT: Theory and Applications of Cryptographic Techniques,
LNCS, vol. 10212, 3–32.'
mla: Alwen, Joel F., et al. Depth-Robust Graphs and Their Cumulative Memory Complexity.
Edited by Jean-Sébastien Coron and Jesper Buus Nielsen, vol. 10212, Springer,
2017, pp. 3–32, doi:10.1007/978-3-319-56617-7_1.
short: J.F. Alwen, J. Blocki, K.Z. Pietrzak, in:, J.-S. Coron, J. Buus Nielsen (Eds.),
Springer, 2017, pp. 3–32.
conference:
end_date: 2017-05-04
location: Paris, France
name: 'EUROCRYPT: Theory and Applications of Cryptographic Techniques'
start_date: 2017-04-30
date_created: 2018-12-11T11:47:39Z
date_published: 2017-04-01T00:00:00Z
date_updated: 2021-01-12T08:07:22Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-319-56617-7_1
ec_funded: 1
editor:
- first_name: Jean-Sébastien
full_name: Coron, Jean-Sébastien
last_name: Coron
- first_name: Jesper
full_name: Buus Nielsen, Jesper
last_name: Buus Nielsen
intvolume: ' 10212'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2016/875
month: '04'
oa: 1
oa_version: Submitted Version
page: 3 - 32
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
call_identifier: H2020
grant_number: '682815'
name: Teaching Old Crypto New Tricks
publication_identifier:
isbn:
- 978-331956616-0
publication_status: published
publisher: Springer
publist_id: '7148'
quality_controlled: '1'
scopus_import: 1
status: public
title: Depth-robust graphs and their cumulative memory complexity
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 10212
year: '2017'
...
---
_id: '648'
abstract:
- lang: eng
text: 'Pseudoentropy has found a lot of important applications to cryptography and
complexity theory. In this paper we focus on the foundational problem that has
not been investigated so far, namely by how much pseudoentropy (the amount seen
by computationally bounded attackers) differs from its information-theoretic counterpart
(seen by unbounded observers), given certain limits on attacker’s computational
power? We provide the following answer for HILL pseudoentropy, which exhibits
a threshold behavior around the size exponential in the entropy amount:– If the
attacker size (s) and advantage () satisfy s (formula presented) where k is the
claimed amount of pseudoentropy, then the pseudoentropy boils down to the information-theoretic
smooth entropy. – If s (formula presented) then pseudoentropy could be arbitrarily
bigger than the information-theoretic smooth entropy. Besides answering the posted
question, we show an elegant application of our result to the complexity theory,
namely that it implies the clas-sical result on the existence of functions hard
to approximate (due to Pippenger). In our approach we utilize non-constructive
techniques: the duality of linear programming and the probabilistic method.'
alternative_title:
- LNCS
author:
- first_name: Maciej
full_name: Skórski, Maciej
id: EC09FA6A-02D0-11E9-8223-86B7C91467DD
last_name: Skórski
citation:
ama: 'Skórski M. On the complexity of breaking pseudoentropy. In: Jäger G, Steila
S, eds. Vol 10185. Springer; 2017:600-613. doi:10.1007/978-3-319-55911-7_43'
apa: 'Skórski, M. (2017). On the complexity of breaking pseudoentropy. In G. Jäger
& S. Steila (Eds.) (Vol. 10185, pp. 600–613). Presented at the TAMC: Theory
and Applications of Models of Computation, Bern, Switzerland: Springer. https://doi.org/10.1007/978-3-319-55911-7_43'
chicago: Skórski, Maciej. “On the Complexity of Breaking Pseudoentropy.” edited
by Gerhard Jäger and Silvia Steila, 10185:600–613. Springer, 2017. https://doi.org/10.1007/978-3-319-55911-7_43.
ieee: 'M. Skórski, “On the complexity of breaking pseudoentropy,” presented at the
TAMC: Theory and Applications of Models of Computation, Bern, Switzerland, 2017,
vol. 10185, pp. 600–613.'
ista: 'Skórski M. 2017. On the complexity of breaking pseudoentropy. TAMC: Theory
and Applications of Models of Computation, LNCS, vol. 10185, 600–613.'
mla: Skórski, Maciej. On the Complexity of Breaking Pseudoentropy. Edited
by Gerhard Jäger and Silvia Steila, vol. 10185, Springer, 2017, pp. 600–13, doi:10.1007/978-3-319-55911-7_43.
short: M. Skórski, in:, G. Jäger, S. Steila (Eds.), Springer, 2017, pp. 600–613.
conference:
end_date: 2017-04-22
location: Bern, Switzerland
name: 'TAMC: Theory and Applications of Models of Computation'
start_date: 2017-04-20
date_created: 2018-12-11T11:47:42Z
date_published: 2017-04-01T00:00:00Z
date_updated: 2021-01-12T08:07:39Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-319-55911-7_43
editor:
- first_name: Gerhard
full_name: Jäger, Gerhard
last_name: Jäger
- first_name: Silvia
full_name: Steila, Silvia
last_name: Steila
intvolume: ' 10185'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2016/1186.pdf
month: '04'
oa: 1
oa_version: Submitted Version
page: 600 - 613
publication_identifier:
isbn:
- 978-331955910-0
publication_status: published
publisher: Springer
publist_id: '7125'
quality_controlled: '1'
scopus_import: 1
status: public
title: On the complexity of breaking pseudoentropy
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 10185
year: '2017'
...