Characterisations of optimal algebraic manipulation detection codes
|
|
- Jacob Ross
- 5 years ago
- Views:
Transcription
1 Characterisations of optimal algebraic manipulation detection codes M.B. Paterson 1 D.R. Stinson 2 1 David R. Cheriton School of Computer Science, University of Waterloo 2 Department of Economics, Mathematics and Statistics, Birkbeck, University of London Joint Mathematics Meetings, Seattle, January 7, 2016
2 Algebraic Manipulation Detection Codes Cramer, Dodis, Fehr, Padró, Wichs. Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. (Eurocrypt 2008) Source space S with S = m Encoded message space G (additive Abelian group of order n) Encoding rule E maps a source s S to some g G encode: s g
3 Algebraic Manipulation Detection Codes Cramer, Dodis, Fehr, Padró, Wichs. Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. (Eurocrypt 2008) Source space S with S = m Encoded message space G (additive Abelian group of order n) Encoding rule E maps a source s S to some g G encode: s g adversary:? +
4 Algebraic Manipulation Detection Codes Cramer, Dodis, Fehr, Padró, Wichs. Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. (Eurocrypt 2008) Source space S with S = m Encoded message space G (additive Abelian group of order n) Encoding rule E maps a source s S to some g G encode: s g adversary:? + decode: g + s S { }
5 Algebraic Manipulation Detection Codes Cramer, Dodis, Fehr, Padró, Wichs. Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. (Eurocrypt 2008) Source space S with S = m Encoded message space G (additive Abelian group of order n) Encoding rule E maps a source s S to some g G encode: s g adversary:? + Adversary succeeds if s / {s, } decode: g + s S { }
6 Notation For s S, we call A(s) G the set of valid encodings of s. (Note: A(s) A(s ) = if s s.) Set A = {A s s S}, a s = A s, a = s S a s and G A(s 1 ). A(s m ) Let a = s S A(s) be the total number of valid encodings. k-uniform: A(s) = k for all s S k-regular: k-uniform, plus the encoding of s is chosen uniformly from the elements of A(s) (1-regular deterministic encoding)
7 Weak AMD codes Definition 1 (S, G, A, E) is a weak (m, n, ɛ)-amd code if the adversary wins the following game with probability at most ɛ: 1. The adversary chooses G \ {0}. 2. The source s is chosen uniformly at random by the encoder. 3. s is encoded into g A(s) by the function E. 4. The adversary wins if and only if g + A(s ) for some s s.
8 Weak AMD codes Definition 1 (S, G, A, E) is a weak (m, n, ɛ)-amd code if the adversary wins the following game with probability at most ɛ: 1. The adversary chooses G \ {0}. 2. The source s is chosen uniformly at random by the encoder. 3. s is encoded into g A(s) by the function E. 4. The adversary wins if and only if g + A(s ) for some s s. Example 2 S = {s 1, s 2, s 3 }, G = Z 7. A(s 1 ) = {0}, A(s 2 ) = {1}, A(s 3 ) = {3} This is a deterministic weak (3, 7, 1 3 )-AMD code.
9 External Difference Families Ogata, Kurosawa, Stinson, Saido. New combinatorial designs and their applications to authentication codes and secret sharing schemes. (Discrete Mathematics 2004) Definition 3 ((n, m, k, λ)-edf) family A 1, A 2..., A m of m disjoint k-subsets of additive abelian group G (with G = n) such that each nonzero element of G occurs λ times as a difference between elements in different subsets. Example 4 (7, 3, 1, 1)-EDF: {0}, {1}, {3} Z 7 (9, 2, 2, 1)-EDF: {0, 1}, {2, 4} Z 9 (19, 3, 3, 3)-EDF: {1, 7, 11}, {4, 9, 6}, {16, 17, 5} Z 19
10 The random strategy for weak AMD codes Suppose the adversary chooses uniformly at random from G \ {0}. For any g A(s) and for a randomly chosen, the probability that the adversary wins is (a a s )/(n 1). The overall success probability is ( Pr[s] Pr[E(s) = g] a a ) s n 1 s g A(s) = ( Pr[s] a a ) s n 1 s a = n 1 a s (because the sources are equiprobable) m(n 1) s a = n 1 a m(n 1) a(m 1) = m(n 1).
11 The guess strategy for weak AMD codes Suppose the adversary guesses a valid encoding and then chooses a that will succeed whenever that encoding is used. The success probability of this strategy is at least 1/a. Combining the lower bounds for these two strategies gives ɛ 2 m 1 m(n 1). A weak AMD code is R-optimal if the optimal strategy is the random strategy. The code is G-optimal if the optimality strategy is the guess strategy.
12 Optimal weak AMD codes Theorem 5 ( A k-regular (n, m, k, λ)-edf. m, n, k(m 1) (n 1) ) -AMD code is equivalent to an Theorem 6 A (G-optimal) weak ( m, n, 1 a) -AMD code is equivalent to an (n, m, k, 1)-BEDF A BEDF is a bounded EDF, i.e., a generalization of EDF where each external difference occurs at most λ times. Theorem 7 A k-regular weak AMD code that is R-optimal and G-optimal is equivalent to an (n, m, k, 1)-EDF.
13 Partitioned external difference families Definition 8 (Partitioned external difference family) Let G be an additive abelian group of order n. An (n, m; c 1,..., c l ; k 1,..., k l ; λ 1,..., λ l )-partitioned external difference family (PEDF) is a set of m = i c i disjoint subsets of G, say A 1,..., A m, such that there are c h subsets of size k h, for 1 h l, and the following multiset equation holds for every h: {i: A i =c h } {j:j i} D(A i, A j ) = λ i (G \ {0}). Notation: D(A 1, A 2 ) = {x y : x A 1, y A 2 }.
14 A PEDF Example 9 Let G = (Z 13, +), A 1 = {0, 1, 4}, A 2 = {3, 5, 10}, A 3 = {2, 6, 7, 9}, A 4 = {8}, A 5 = {11}, A 6 = {12}. It can be verified that A 1,..., A 6 is a (13, 6; 2, 1, 3; 3, 4, 1; 5, 3, 3)-PEDF. As part of the verification, we first compute the occurrence of differences from A 1 to the union of the other A i s: difference frequency Then we compute the occurrence of differences from A 2 to the union of the other A i s: difference frequency Each difference occurs a total of five times in the two lists.
15 Maximal PEDF A PEDF is maximal if the union of the sets A 1,..., A m is the whole group G. Theorem 10 Suppose A 1,..., A m is a partition of G (where G = n) such that there are c h subsets of size k h for 1 h l. Then A 1,..., A m is a (maximal) (n, m; c 1,..., c l ; k 1,..., k l ; λ 1,..., λ l )-PEDF if and only if the subsets of cardinality k h form an (n, k h, c h k h λ h )-difference family in G, for 1 h l. In the previous example, the two sets of size 3 form a (13, 2, 3, 1)-difference family; the set of size 4 is a (13, 1, 4, 1)-difference family; and the three sets of size 1 form a (13, 3, 1, 0)-difference family.
16 Non-regular R-optimal weak AMD codes It is not difficult to see that any PEDF yields an R-optimal weak AMD code. However, there are R-optimal weak AMD codes that do not come from PEDF. Example 11 G = Z 10 A(s 1 ) = {0} A(s 2 ) = {5} A(s 3 ) = {1, 9} A(s 4 ) = {2, 3} Suppose we have equiprobable encodings. = 5: succeeds when the source is s 1 or s 2 so ɛ 5 = = 1 2 = 2: succeeds when the source is s 1, or s 3 when E(s 3 ) = 1, or s 4 when E(s 4 ) = 3 so ɛ 2 = = 1 2 etc. It follows that ɛ = 1/2 for all. For this code, m = 4, n = 10, a = 6, so a(m 1) m(n 1) = = 1 2 and the code is R-optimal.
17 Thank you! Combinatorial Characterizations of Algebraic Manipulation Detection Codes Involving Generalized Difference Families Maura B. Paterson, Douglas R. Stinson
Optimal algebraic manipulation detection codes and difference families
Optimal algebraic manipulation detection codes and difference families Douglas R. Stinson David R. Cheriton School of Computer Science, University of Waterloo Southeastern Conference, Boca Raton, March
More informationExistence and Non-existence Results for Strong External Difference Families
Existence and Non-existence Results for Strong External Difference Families Sophie Huczynska School of Mathematics and Statistics, University of St Andrews, St Andrews, Scotland, U.K. sh70@st-andrews.ac.uk
More informationNew polynomials for strong algebraic manipulation detection codes 1
Fifteenth International Workshop on Algebraic and Combinatorial Coding Theory June 18-24, 2016, Albena, Bulgaria pp. 7 12 New polynomials for strong algebraic manipulation detection codes 1 Maksim Alekseev
More informationBOSTON UNIVERSITY GRADUATE SCHOOL OF ARTS AND SCIENCES AN IMPROVED ROBUST FUZZY EXTRACTOR
BOSTON UNIVERSITY GRADUATE SCHOOL OF ARTS AND SCIENCES AN IMPROVED ROBUST FUZZY EXTRACTOR by BHAVANA KANUKURTHI B.E., Anna University, 2005 Submitted in partial fulfillment of the requirements for the
More informationDetection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors
Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors February 1, 2008 Ronald Cramer 1,2, Yevgeniy Dodis 3, Serge Fehr 2, Carles Padró 4, and Daniel Wichs
More informationSimple and Asymptotically Optimal t-cheater Identifiable Secret Sharing Scheme
Simple and Asymptotically Optimal t-cheater Identifiable Secret Sharing Scheme Ashish Choudhury Applied Statistics Unit Indian Statistical Institute Kolkata India partho31@gmail.com, partho 31@yahoo.co.in
More informationDetection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors
Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer 1,2, Yevgeniy Dodis 3, Serge Fehr 2, Carles Padró 4, and Daniel Wichs 3 1 Mathematical
More informationLecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography
CS 7880 Graduate Cryptography September 10, 2015 Lecture 1: Perfect Secrecy and Statistical Authentication Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Definition of perfect secrecy One-time
More informationA method for constructing splitting (v,c u, ) BIBDs. Stela Zhelezova Institute of Mathematics and Informatics, BAS
A method for constructing splitting (v,c u, ) BIBDs Stela Zhelezova Institute of Mathematics and Informatics, BAS Motivation T O m = e(s) a model of G.J.Simmons, 1982 R 3-splitting (2,7,7) A-code (S,M,E)
More informationA Unified Approach to Combinatorial Key Predistribution Schemes for Sensor Networks
A Unified Approach to Combinatorial Key Predistribution Schemes for Sensor Networks Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo 3rd Biennial Canadian Discrete
More informationShannon s noisy-channel theorem
Shannon s noisy-channel theorem Information theory Amon Elders Korteweg de Vries Institute for Mathematics University of Amsterdam. Tuesday, 26th of Januari Amon Elders (Korteweg de Vries Institute for
More informationOptimal Algebraic Manipulation Detection Codes in the Constant-Error Model
Optimal Algebraic Manipulation Detection Codes in the Constant-Error Model Ronald Cramer 1, Carles Padró 2, and Chaoping Xing 3 1 CWI, Amsterdam & Mathematical Institute, Leiden University 2 Universitat
More informationLecture 2: Perfect Secrecy and its Limitations
CS 4501-6501 Topics in Cryptography 26 Jan 2018 Lecture 2: Perfect Secrecy and its Limitations Lecturer: Mohammad Mahmoody Scribe: Mohammad Mahmoody 1 Introduction Last time, we informally defined encryption
More informationOptimal Algebraic Manipulation Detection Codes in the Constant-Error Model
Optimal Algebraic Manipulation Detection Codes in the Constant-Error Model Ronald Cramer Carles Padró Chaoping Xing October 6, 2014 Abstract Algebraic manipulation detection (AMD) codes, introduced at
More informationA Combinatorial Approach to Key Predistribution. for Distributed Sensor Networks
A Combinatorial Approach to Key Predistribution for Distributed Sensor Networks Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo and Jooyoung Lee National Security
More informationLecture 4: Perfect Secrecy: Several Equivalent Formulations
Cryptology 18 th August 015 Lecture 4: Perfect Secrecy: Several Equivalent Formulations Instructor: Goutam Paul Scribe: Arka Rai Choudhuri 1 Notation We shall be using the following notation for this lecture,
More informationDesign of Strongly Secure Communication and Computation Channels by Nonlinear Error Detecting Codes
1 Design of Strongly Secure Communication and Computation Channels by Nonlinear Error Detecting Codes Mark Karpovsky, Life Fellow, IEEE, Zhen Wang Abstract The security of communication or computational
More informationAdditional Constructions to Solve the Generalized Russian Cards Problem using Combinatorial Designs
Additional Constructions to Solve the Generalized Russian Cards Problem using Combinatorial Designs Colleen M. Swanson Computer Science & Engineering Division University of Michigan Ann Arbor, MI 48109,
More informationOutline. Provable Security in the Computational Model. III Signatures. Public-Key Encryption. Outline. David Pointcheval.
Provable Security in the Computational Model III Signatures David Pointcheval Ecole normale supérieure, CNRS & INRI Public-Key Encryption Signatures 2 dvanced Security for Signature dvanced Security Notions
More informationEssentially Optimal Robust Secret Sharing with Maximal Corruptions
Essentially Optimal Robust Secret Sharing with Maximal Corruptions Allison Bishop 1, Valerio Pastro 1, Rajmohan Rajaraman 2, and Daniel Wichs 2 1 Columbia University 2 Northeastern University November
More informationQ B (pk, sk) Gen x u M pk y Map pk (x) return [B(pk, y)? = x]. (m, s) A O h
MTAT.07.003 Cryptology II Spring 2012 / Exercise session?? / Example Solution Exercise (FRH in RO model). Show that the full domain hash signature is secure against existential forgeries in the random
More informationExtractors and the Leftover Hash Lemma
6.889 New Developments in Cryptography March 8, 2011 Extractors and the Leftover Hash Lemma Instructors: Shafi Goldwasser, Yael Kalai, Leo Reyzin, Boaz Barak, and Salil Vadhan Lecturer: Leo Reyzin Scribe:
More informationExample 1. The sample space of an experiment where we flip a pair of coins is denoted by:
Chapter 8 Probability 8. Preliminaries Definition (Sample Space). A Sample Space, Ω, is the set of all possible outcomes of an experiment. Such a sample space is considered discrete if Ω has finite cardinality.
More informationStrongly Unforgeable Signatures Based on Computational Diffie-Hellman
Strongly Unforgeable Signatures Based on Computational Diffie-Hellman Dan Boneh 1, Emily Shen 1, and Brent Waters 2 1 Computer Science Department, Stanford University, Stanford, CA {dabo,emily}@cs.stanford.edu
More informationOptimal Ramp Schemes and Related Combinatorial Objects
Optimal Ramp Schemes and Related Combinatorial Objects Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo BCC 2017, Glasgow, July 3 7, 2017 1 / 18 (t, n)-threshold Schemes
More informationA Lower Bound on the Key Length of Information-Theoretic Forward-Secure Storage Schemes
A Lower Bound on the Key Length of Information-Theoretic Forward-Secure Storage Schemes Stefan Dziembowski Department of Computer Science University of Rome, La Sapienza Abstract. Forward-Secure Storage
More informationASPECIAL case of the general key agreement scenario defined
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL 49, NO 4, APRIL 2003 839 Secret-Key Agreement Over Unauthenticated Public Channels Part III: Privacy Amplification Ueli Maurer, Fellow, IEEE, and Stefan Wolf
More informationOn the Classification of Splitting (v, u c, ) BIBDs
BULGARIAN ACADEMY OF SCIENCES CYBERNETICS AND INFORMATION TECHNOLOGIES Volume 18, No 5 Special Thematic Issue on Optimal Codes and Related Topics Sofia 2018 Print ISSN: 1311-9702; Online ISSN: 1314-4081
More informationA New Paradigm of Hybrid Encryption Scheme
A New Paradigm of Hybrid Encryption Scheme Kaoru Kurosawa 1 and Yvo Desmedt 2 1 Ibaraki University, Japan kurosawa@cis.ibaraki.ac.jp 2 Dept. of Computer Science, University College London, UK, and Florida
More informationarxiv: v2 [cs.cr] 8 Aug 2008
An Improved Robust Fuzzy Extractor Bhavana Kanukurthi and Leonid Reyzin Boston University Computer Science http://cs-people.bu.edu/bhavanak, http://www.cs.bu.edu/ reyzin arxiv:0807.0799v2 [cs.cr] 8 Aug
More informationHierarchical Simple Games: Weightedness and Structural Characterization
Hierarchical Simple Games: Weightedness and Structural Characterization Tatiana Gvozdeva, Ali Hameed and Arkadii Slinko Department of Mathematics, The University of Auckland, Private Bag 92019, Auckland,
More informationProofs of Retrievability via Fountain Code
Proofs of Retrievability via Fountain Code Sumanta Sarkar and Reihaneh Safavi-Naini Department of Computer Science, University of Calgary, Canada Foundations and Practice of Security October 25, 2012 Outsourcing
More informationSecure Multiparty Computation from Graph Colouring
Secure Multiparty Computation from Graph Colouring Ron Steinfeld Monash University July 2012 Ron Steinfeld Secure Multiparty Computation from Graph Colouring July 2012 1/34 Acknowledgements Based on joint
More informationCombinatorial Batch Codes and Transversal Matroids
Combinatorial Batch Codes and Transversal Matroids Richard A. Brualdi, Kathleen P. Kiernan, Seth A. Meyer, Michael W. Schroeder Department of Mathematics University of Wisconsin Madison, WI 53706 {brualdi,kiernan,smeyer,schroede}@math.wisc.edu
More informationHey! You Can t Do That With My Code!
Hey! You Can t Do That With My Code! Department of Mathematical Sciences and Department of Computer Science Worcester Polytechnic Institute CIMPA-UNESCO-PHILIPPINES Research Summer School UP Diliman, July
More informationLecture 24: Goldreich-Levin Hardcore Predicate. Goldreich-Levin Hardcore Predicate
Lecture 24: : Intuition A One-way Function: A function that is easy to compute but hard to invert (efficiently) Hardcore-Predicate: A secret bit that is hard to compute Theorem (Goldreich-Levin) If f :
More informationWeakly Secure Data Exchange with Generalized Reed Solomon Codes
Weakly Secure Data Exchange with Generalized Reed Solomon Codes Muxi Yan, Alex Sprintson, and Igor Zelenko Department of Electrical and Computer Engineering, Texas A&M University Department of Mathematics,
More informationApplications of the Lopsided Lovász Local Lemma Regarding Hypergraphs
Regarding Hypergraphs Ph.D. Dissertation Defense April 15, 2013 Overview The Local Lemmata 2-Coloring Hypergraphs with the Original Local Lemma Counting Derangements with the Lopsided Local Lemma Lopsided
More informationDetection of Cheaters in Non-interactive Polynomial Evaluation
Detection of Cheaters in Non-interactive Polynomial Evaluation Maki Yoshida 1 and Satoshi Obana 2 1 Osaka University, Japan 2 Hosei University, Japan Abstract. In this paper, we consider both theoretical
More informationLecture 18: Shanon s Channel Coding Theorem. Lecture 18: Shanon s Channel Coding Theorem
Channel Definition (Channel) A channel is defined by Λ = (X, Y, Π), where X is the set of input alphabets, Y is the set of output alphabets and Π is the transition probability of obtaining a symbol y Y
More informationA Threshold of ln(n) for approximating set cover
A Threshold of ln(n) for approximating set cover October 20, 2009 1 The k-prover proof system There is a single verifier V and k provers P 1, P 2,..., P k. Binary code with k codewords, each of length
More informationA Unified Approach to Combinatorial Key Predistribution Schemes for Sensor Networks
A Unified Approach to Combinatorial Key Predistribution Schemes for Sensor Networks Maura B. Paterson Department of Economics, Mathematics and Statistics Birkbeck, University of London Malet Street, London
More informationBlock Ciphers/Pseudorandom Permutations
Block Ciphers/Pseudorandom Permutations Definition: Pseudorandom Permutation is exactly the same as a Pseudorandom Function, except for every key k, F k must be a permutation and it must be indistinguishable
More informationOn the Limitations of Computational Fuzzy Extractors
On the Limitations of Computational Fuzzy Extractors Kenji Yasunaga Kosuke Yuzawa March 15, 2018 Abstract We present a negative result of fuzzy extractors with computational security. Specifically, we
More informationA new look at an old construction: constructing (simple) 3-designs from resolvable 2-designs
A new look at an old construction: constructing (simple) 3-designs from resolvable 2-designs Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L
More informationImproving the trade-o between storage and communication in broadcast encryption schemes
Discrete Applied Mathematics 143 (2004) 213 220 www.elsevier.com/locate/dam Improving the trade-o between storage and communication in broadcast encryption schemes Carles Padro, Ignacio Gracia, Sebastia
More informationBounds on the Threshold Gap in Secret Sharing and its Applications
Bounds on the Threshold Gap in Secret Sharing and its Applications Ignacio Cascudo Ronald Cramer Chaoping Xing Abstract We consider the class of secret sharing schemes where there is no a priori bound
More informationUnconditionally Secure Signature Schemes Revisited
Unconditionally Secure Signature Schemes Revisited Colleen M. Swanson and Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, Canada N2L 3G1 c2swanso,dstinson@uwaterloo.ca
More informationLecture 1. 1 Introduction. 2 Secret Sharing Schemes (SSS) G Exposure-Resilient Cryptography 17 January 2007
G22.3033-013 Exposure-Resilient Cryptography 17 January 2007 Lecturer: Yevgeniy Dodis Lecture 1 Scribe: Marisa Debowsky 1 Introduction The issue at hand in this course is key exposure: there s a secret
More informationUniversal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption Ronald Cramer Victor Shoup October 12, 2001 Abstract We present several new and fairly practical public-key
More informationLattice Cryptography
CSE 06A: Lattice Algorithms and Applications Winter 01 Instructor: Daniele Micciancio Lattice Cryptography UCSD CSE Many problems on point lattices are computationally hard. One of the most important hard
More informationLecture 1. Chapter 1. (Part I) Material Covered in This Lecture: Chapter 1, Chapter 2 ( ). 1. What is Statistics?
Lecture 1 (Part I) Material Covered in This Lecture: Chapter 1, Chapter 2 (2.1 --- 2.6). Chapter 1 1. What is Statistics? 2. Two definitions. (1). Population (2). Sample 3. The objective of statistics.
More informationOn The Security of The ElGamal Encryption Scheme and Damgård s Variant
On The Security of The ElGamal Encryption Scheme and Damgård s Variant J. Wu and D.R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, ON, Canada {j32wu,dstinson}@uwaterloo.ca
More informationNon-Malleable Coding Against Bit-wise and Split-State Tampering
Non-Malleable Coding Against Bit-wise and Split-State Tampering MAHDI CHERAGHCHI CSAIL MIT Cambridge, MA 02139 VENKATESAN GURUSWAMI Computer Science Department Carnegie Mellon University Pittsburgh, PA
More informationThe Method of Types and Its Application to Information Hiding
The Method of Types and Its Application to Information Hiding Pierre Moulin University of Illinois at Urbana-Champaign www.ifp.uiuc.edu/ moulin/talks/eusipco05-slides.pdf EUSIPCO Antalya, September 7,
More informationA Fuzzy Sketch with Trapdoor
A Fuzzy Sketch with Trapdoor Julien Bringer 1, Hervé Chabanne 1, Quoc Dung Do 2 1 SAGEM Défense Sécurité, 2 Ecole Polytechnique, ENST Paris. Abstract In 1999, Juels and Wattenberg introduce an effective
More informationEfficient Constructions of Deterministic Encryption from Hybrid Encryption and Code-Based PKE
Efficient Constructions of Deterministic Encryption from Hybrid Encryption and Code-Based PKE Yang Cui 1,2, Kirill Morozov 1, Kazukuni Kobara 1,2, and Hideki Imai 1,2 1 Research Center for Information
More informationA Strong Identity Based Key-Insulated Cryptosystem
A Strong Identity Based Key-Insulated Cryptosystem Jin Li 1, Fangguo Zhang 2,3, and Yanming Wang 1,4 1 School of Mathematics and Computational Science, Sun Yat-sen University, Guangzhou, 510275, P.R.China
More informationLECTURE 15. Last time: Feedback channel: setting up the problem. Lecture outline. Joint source and channel coding theorem
LECTURE 15 Last time: Feedback channel: setting up the problem Perfect feedback Feedback capacity Data compression Lecture outline Joint source and channel coding theorem Converse Robustness Brain teaser
More informationMathematics for Cryptography
Mathematics for Cryptography Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G1, Canada March 15, 2016 1 Groups and Modular Arithmetic 1.1
More informationNetwork coding for multicast relation to compression and generalization of Slepian-Wolf
Network coding for multicast relation to compression and generalization of Slepian-Wolf 1 Overview Review of Slepian-Wolf Distributed network compression Error exponents Source-channel separation issues
More informationSome results on the existence of t-all-or-nothing transforms over arbitrary alphabets
Some results on the existence of t-all-or-nothing transforms over arbitrary alphabets Navid Nasr Esfahani, Ian Goldberg and Douglas R. Stinson David R. Cheriton School of Computer Science University of
More informationLinear-Time Non-Malleable Codes in the Bit-Wise Independent Tampering Model
Linear-Time Non-Malleable Codes in the Bit-Wise Independent Tampering Model Ronald Cramer 1, Ivan Damgård 2, Nico Döttling 3, Irene Giacomelli 4, and Chaoping Xing 5 1 CWI Amsterdam & Leiden University,
More informationA New Variation of Hat Guessing Games
A New Variation of Hat Guessing Games Tengyu Ma 1, Xiaoming Sun 1, and Huacheng Yu 1 Institute for Theoretical Computer Science Tsinghua University, Beijing, China Abstract. Several variations of hat guessing
More informationLinear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions
Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions Ronald Cramer 1,2, Ivan Bjerre Damgård 3, Nico Döttling, 3, Serge Fehr 1, and Gabriele Spini 1,2,4 1 CWI Amsterdam
More informationRobust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets
Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets Yevgeniy Dodis Bhavana Kanukurthi Jonathan Katz Leonid Reyzin Adam Smith Abstract Consider two parties holding samples from correlated
More informationPerfectly-Secret Encryption
Perfectly-Secret Encryption CSE 5351: Introduction to Cryptography Reading assignment: Read Chapter 2 You may sip proofs, but are encouraged to read some of them. 1 Outline Definition of encryption schemes
More information10 Concrete candidates for public key crypto
10 Concrete candidates for public key crypto In the previous lecture we talked about public key cryptography and saw the Diffie Hellman system and the DSA signature scheme. In this lecture, we will see
More informationLecture 7. Union bound for reducing M-ary to binary hypothesis testing
Lecture 7 Agenda for the lecture M-ary hypothesis testing and the MAP rule Union bound for reducing M-ary to binary hypothesis testing Introduction of the channel coding problem 7.1 M-ary hypothesis testing
More informationCorrecting Localized Deletions Using Guess & Check Codes
55th Annual Allerton Conference on Communication, Control, and Computing Correcting Localized Deletions Using Guess & Check Codes Salim El Rouayheb Rutgers University Joint work with Serge Kas Hanna and
More informationExtending Brickell-Davenport Theorem to Non-Perfect Secret Sharing Schemes
Extending Brickell-Davenport Theorem to Non-Perfect Secret Sharing Schemes Oriol Farràs 1 and Carles Padró 2 1 Universitat Rovira i Virgili, Tarragona, Catalonia, Spain 2 Nanyang Technological University,
More informationSolutions for week 1, Cryptography Course - TDA 352/DIT 250
Solutions for week, Cryptography Course - TDA 352/DIT 250 In this weekly exercise sheet: you will use some historical ciphers, the OTP, the definition of semantic security and some combinatorial problems.
More informationSecure Sketch for Multi-Sets
Secure Sketch for Multi-Sets Ee-Chien Chang Vadym Fedyukovych Qiming Li March 15, 2006 Abstract Given the original set X where X = s, a sketch P is computed from X and made public. From another set Y where
More informationLecture 15: Privacy Amplification against Active Attackers
Randomness in Cryptography April 25, 2013 Lecture 15: Privacy Amplification against Active Attackers Lecturer: Yevgeniy Dodis Scribe: Travis Mayberry 1 Last Time Previously we showed that we could construct
More informationLecture 14: Cryptographic Hash Functions
CSE 599b: Cryptography (Winter 2006) Lecture 14: Cryptographic Hash Functions 17 February 2006 Lecturer: Paul Beame Scribe: Paul Beame 1 Hash Function Properties A hash function family H = {H K } K K is
More informationThe Spammed Code Offset Method
The Spammed Code Offset Method Boris Škorić and Niels de Vreede Abstract Helper data schemes are a security primitive used for privacy-preserving biometric databases and Physical Unclonable Functions.
More informationHoney Encryption Beyond Message Recovery Security
Honey Encryption Beyond Message Recovery Security Joseph Jaeger Thomas Ristenpart Qiang Tang February 23, 2016 Abstract Juels and Ristenpart introduced honey encryption (HE) and showed how to achieve message
More informationFour-state Non-malleable Codes with Explicit Constant Rate
Four-state Non-malleable Codes with Explicit Constant Rate Bhavana Kanukurthi Sai Lakshmi Bhavana Obbattu Sruthi Sekar Indian Institute Of Science, Bangalore Abstract. Non-malleable codes (NMCs), introduced
More informationNotes for Lecture A can repeat step 3 as many times as it wishes. We will charge A one unit of time for every time it repeats step 3.
COS 533: Advanced Cryptography Lecture 2 (September 18, 2017) Lecturer: Mark Zhandry Princeton University Scribe: Mark Zhandry Notes for Lecture 2 1 Last Time Last time, we defined formally what an encryption
More informationApplications of Galois Geometries to Coding Theory and Cryptography
Applications of Galois Geometries to Coding Theory and Cryptography Ghent University Dept. of Mathematics Krijgslaan 281 - Building S22 9000 Ghent Belgium Albena, July 1, 2013 1. Affine spaces 2. Projective
More informationPrivacy Amplification with Asymptotically Optimal Entropy Loss
Privacy Amplification with Asymptotically Optimal Entropy Loss ABSTRACT Nishanth Chandran Department of Computer Science UCLA nishanth@cs.ucla.edu Rafail Ostrovsky Department of Computer Science and Mathematics
More informationAlternating nonzero automata
Alternating nonzero automata Application to the satisfiability of CTL [,, P >0, P =1 ] Hugo Gimbert, joint work with Paulin Fournier LaBRI, Université de Bordeaux ANR Stoch-MC 06/07/2017 Control and verification
More informationLecture 3: Error Correcting Codes
CS 880: Pseudorandomness and Derandomization 1/30/2013 Lecture 3: Error Correcting Codes Instructors: Holger Dell and Dieter van Melkebeek Scribe: Xi Wu In this lecture we review some background on error
More informationSecure Modulo Zero-Sum Randomness as Cryptographic Resource
Secure Modulo Zero-Sum Randomness as Cryptographic Resource Masahito Hayashi 12 and Takeshi Koshiba 3 1 Graduate School of Mathematics, Nagoya University masahito@math.nagoya-u.ac.jp 2 Centre for Quantum
More informationNon-Malleable Coding Against Bit-wise and Split-State Tampering
Non-Malleable Coding Against Bit-wise and Split-State Tampering Mahdi Cheraghchi 1 and Venkatesan Guruswami 2 1 CSAIL, Massachusetts Institute of Technology mahdi@csail.mit.edu 2 Computer Science Department,
More informationSequential Equilibria of Multi-Stage Games with Infinite Sets of Types and Actions
Sequential Equilibria of Multi-Stage Games with Infinite Sets of Types and Actions by Roger B. Myerson and Philip J. Reny* Draft notes October 2011 http://home.uchicago.edu/~preny/papers/bigseqm.pdf Abstract:
More informationIntroduction Long transparent proofs The real PCP theorem. Real Number PCPs. Klaus Meer. Brandenburg University of Technology, Cottbus, Germany
Santaló s Summer School, Part 3, July, 2012 joint work with Martijn Baartse (work supported by DFG, GZ:ME 1424/7-1) Outline 1 Introduction 2 Long transparent proofs for NP R 3 The real PCP theorem First
More informationReducing the Share Size in Robust Secret Sharing
Alfonso Cevallos Manzano Reducing the Share Size in Robust Secret Sharing Master s Thesis, defended on October 18, 2011 Thesis Advisors: Ronald Cramer (CWI & UL) Serge Fehr (CWI) Mathematisch Instituut
More information1/p-Secure Multiparty Computation without an Honest Majority and the Best of Both Worlds
1/p-Secure Multiparty Computation without an Honest Majority and the Best of Both Worlds Amos Beimel Department of Computer Science Ben Gurion University Be er Sheva, Israel Eran Omri Department of Computer
More informationUnconditionally-Secure Robust Secret Sharing with Compact Shares
Unconditionally-Secure Robust Secret Sharing with Compact Shares Alfonso Cevallos 1, Serge Fehr 2, Rafail Ostrovsky 3, and Yuval Rabani 4 1 Mathematical Institute, Leiden University, The Netherlands alfonsoc@gmail.com
More informationRandomized Algorithms. Lecture 4. Lecturer: Moni Naor Scribe by: Tamar Zondiner & Omer Tamuz Updated: November 25, 2010
Randomized Algorithms Lecture 4 Lecturer: Moni Naor Scribe by: Tamar Zondiner & Omer Tamuz Updated: November 25, 2010 1 Pairwise independent hash functions In the previous lecture we encountered two families
More information2 Message authentication codes (MACs)
CS276: Cryptography October 1, 2015 Message Authentication Codes and CCA2 Instructor: Alessandro Chiesa Scribe: David Field 1 Previous lecture Last time we: Constructed a CPA-secure encryption scheme from
More informationOn Perfect and Adaptive Security in Exposure-Resilient Cryptography. Yevgeniy Dodis, New York University Amit Sahai, Princeton Adam Smith, MIT
On Perfect and Adaptive Security in Exposure-Resilient Cryptography Yevgeniy Dodis, New York University Amit Sahai, Princeton Adam Smith, MIT 1 Problem: Partial Key Exposure Alice needs to store a cryptographic
More informationOn the query complexity of counterfeiting quantum money
On the query complexity of counterfeiting quantum money Andrew Lutomirski December 14, 2010 Abstract Quantum money is a quantum cryptographic protocol in which a mint can produce a state (called a quantum
More informationType-based Proxy Re-encryption and its Construction
Type-based Proxy Re-encryption and its Construction Qiang Tang Faculty of EWI, University of Twente, the Netherlands q.tang@utwente.nl Abstract. Recently, the concept of proxy re-encryption has been shown
More informationLattice Cryptography
CSE 206A: Lattice Algorithms and Applications Winter 2016 Lattice Cryptography Instructor: Daniele Micciancio UCSD CSE Lattice cryptography studies the construction of cryptographic functions whose security
More informationSchnorr Signature. Schnorr Signature. October 31, 2012
. October 31, 2012 Table of contents Salient Features Preliminaries Security Proofs Random Oracle Heuristic PKS and its Security Models Hardness Assumption The Construction Oracle Replay Attack Security
More informationModern symmetric-key Encryption
Modern symmetric-key Encryption Citation I would like to thank Claude Crepeau for allowing me to use his slide from his crypto course to mount my course. Some of these slides are taken directly from his
More informationThe expansion of random regular graphs
The expansion of random regular graphs David Ellis Introduction Our aim is now to show that for any d 3, almost all d-regular graphs on {1, 2,..., n} have edge-expansion ratio at least c d d (if nd is
More informationRecitation 6. Randomization. 6.1 Announcements. RandomLab has been released, and is due Monday, October 2. It s worth 100 points.
Recitation 6 Randomization 6.1 Announcements RandomLab has been released, and is due Monday, October 2. It s worth 100 points. FingerLab will be released after Exam I, which is going to be on Wednesday,
More information