• J. Cryptol. (IF 1.277) Pub Date : 2021-01-12
Alon Rosen, Gil Segev, Ido Shahaf

We consider the question of whether PPAD hardness can be based on standard cryptographic assumptions, such as the existence of one-way functions or public-key encryption. This question is particularly well-motivated in light of new devastating attacks on obfuscation candidates and their underlying building blocks, which are currently the only known source for PPAD hardness. Central in the study of

更新日期：2021-01-12
• J. Cryptol. (IF 1.277) Pub Date : 2021-01-06
Shai Halevi, Victor Shoup

Gentry’s bootstrapping technique is still the only known method of obtaining fully homomorphic encryption where the system’s parameters do not depend on the complexity of the evaluated functions. Bootstrapping involves a recryption procedure where the scheme’s decryption algorithm is evaluated homomorphically. Prior to this work, there were very few implementations of recryption and fewer still that

更新日期：2021-01-06
• J. Cryptol. (IF 1.277) Pub Date : 2021-01-06
Christian Kaspers, Yue Zhou

Almost perfect nonlinear (APN) functions play an important role in the design of block ciphers as they offer the strongest resistance against differential cryptanalysis. Despite more than 25 years of research, only a limited number of APN functions are known. In this paper, we show that a recent construction by Taniguchi provides at least $$\frac{\varphi (m)}{2}\left\lceil \frac{2^m+1}{3m} \right\rceil 更新日期：2021-01-06 • J. Cryptol. (IF 1.277) Pub Date : 2021-01-06 Shuichi Katsumata, Shota Yamada, Takashi Yamakawa In (STOC, 2008), Gentry, Peikert, and Vaikuntanathan proposed the first identity-based encryption (GPV-IBE) scheme based on a post-quantum assumption, namely the learning with errors assumption. Since their proof was only made in the random oracle model (ROM) instead of the quantum random oracle model (QROM), it remained unclear whether the scheme was truly post-quantum or not. In (CRYPTO, 2012), Zhandry 更新日期：2021-01-06 • J. Cryptol. (IF 1.277) Pub Date : 2021-01-06 Ron D. Rothblum, Adam Sealfon, Katerina Sotiraki Non-interactive zero-knowledge (\(\mathsf {NIZK}$$) is a fundamental primitive that is widely used in the construction of cryptographic schemes and protocols. Our main result is a reduction from constructing $$\mathsf {NIZK}$$ proof systems for all of $$\mathbf {NP}$$ based on $$\mathsf {LWE}$$, to constructing a $$\mathsf {NIZK}$$ proof system for a particular computational problem on lattices, namely

更新日期：2021-01-06
• J. Cryptol. (IF 1.277) Pub Date : 2021-01-06
Mark Zhandry

Public key quantum money can be seen as a version of the quantum no-cloning theorem that holds even when the quantum states can be verified by the adversary. In this work, we investigate quantum lightning, a formalization of “collision-free quantum money” defined by Lutomirski et al. [ICS’10], where no-cloning holds even when the adversary herself generates the quantum state to be cloned. We then study

更新日期：2021-01-06
• J. Cryptol. (IF 1.277) Pub Date : 2020-11-25
Léo Ducas, Yang Yu

Lattice signature schemes generally require particular care when it comes to preventing secret information from leaking through signature transcript. For example, the Goldreich–Goldwasser–Halevi (GGH) signature scheme and the NTRUSign scheme were completely broken by the parallelepiped-learning attack of Nguyen and Regev (Eurocrypt 2006). Several heuristic countermeasures were also shown vulnerable

更新日期：2020-11-27
• J. Cryptol. (IF 1.277) Pub Date : 2020-11-23
Ran Canetti, Benjamin Fuller, Omer Paneth, Leonid Reyzin, Adam Smith

Fuzzy extractors (Dodis et al., in Advances in cryptology—EUROCRYPT 2014, Springer, Berlin, 2014, pp 93–110) convert repeated noisy readings of a secret into the same uniformly distributed key. To eliminate noise, they require an initial enrollment phase that takes the first noisy reading of the secret and produces a nonsecret helper string to be used in subsequent readings. Reusable fuzzy extractors

更新日期：2020-11-27
• J. Cryptol. (IF 1.277) Pub Date : 2020-09-23
Katriel Cohn-Gordon, Cas Cremers, Benjamin Dowling, Luke Garratt, Douglas Stebila

The Signal protocol is a cryptographic messaging protocol that provides end-to-end encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among many others, serving well over 1 billion active users. Signal includes several uncommon security properties (such as “future secrecy” or “post-compromise security”), enabled by a technique called ratcheting in which session keys are updated

更新日期：2020-09-23
• J. Cryptol. (IF 1.277) Pub Date : 2020-09-15
Roman Langrehr, Jiaxin Pan

We construct the first tightly secure hierarchical identity-based encryption (HIBE) scheme based on standard assumptions, which solves an open problem from Blazy, Kiltz, and Pan (CRYPTO 2014). At the core of our constructions is a novel randomization technique that enables us to randomize user secret keys for identities with flexible length. The security reductions of previous HIBEs lose at least a

更新日期：2020-09-15
• J. Cryptol. (IF 1.277) Pub Date : 2020-09-09
Benjamin Wesolowski

We construct a verifiable delay function (VDF). A VDF is a function whose evaluation requires running a given number of sequential steps, yet the result can be efficiently verified. They have applications in decentralised systems, such as the generation of trustworthy public randomness in a trustless environment, or resource-efficient blockchains. To construct our VDF, we actually build a trapdoor

更新日期：2020-09-08
• J. Cryptol. (IF 1.277) Pub Date : 2020-08-04
Sandro Coretti, Yevgeniy Dodis, Ueli Maurer, Björn Tackmann, Daniele Venturi

One approach toward basing public-key encryption (PKE) schemes on weak and credible assumptions is to build “stronger” or more general schemes generically from “weaker” or more restricted ones. One particular line of work in this context was initiated by Myers and Shelat (FOCS ’09) and continued by Hohenberger, Lewko, and Waters (Eurocrypt ’12), who provide constructions of multi-bit CCA-secure PKE

更新日期：2020-08-04
• J. Cryptol. (IF 1.277) Pub Date : 2020-07-31

Assuming the existence of one-way functions, we show that there is no polynomial-time differentially private algorithm $${\mathcal {A}}$$ that takes a database $$D\in (\{0,1\}^d)^n$$ and outputs a “synthetic database” $${\hat{D}}$$ all of whose two-way marginals are approximately equal to those of D. (A two-way marginal is the fraction of database rows $$x\in \{0,1\}^d$$ with a given pair of values

更新日期：2020-08-01
• J. Cryptol. (IF 1.277) Pub Date : 2020-07-24
Sebastian Faust, Pratyay Mukherjee, Jesper Buus Nielsen, Daniele Venturi

Non-malleable codes (Dziembowski et al., ICS’10 and J. ACM’18) are a natural relaxation of error correcting/detecting codes with useful applications in cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a message can only leave it unchanged or modify it to the encoding of an unrelated value. This paper introduces continuous non-malleability, a generalization

更新日期：2020-07-25
• J. Cryptol. (IF 1.277) Pub Date : 2020-07-16
Amos Beimel, Yehuda Lindell, Eran Omri, Ilan Orlov

A protocol for computing a functionality is secure if an adversary in this protocol cannot cause more harm than in an ideal computation, where parties give their inputs to a trusted party that returns the output of the functionality to all parties. In particular, in the ideal model, such computation is fair—if the corrupted parties get the output, then the honest parties get the output. Cleve (STOC

更新日期：2020-07-16
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-29
Akiko Inoue, Tetsu Iwata, Kazuhiko Minematsu, Bertram Poettering

We present practical attacks on OCB2. This mode of operation of a blockcipher was designed with the aim to provide particularly efficient and provably secure authenticated encryption services, and since its proposal about 15 years ago it belongs to the top performers in this realm. OCB2 was included in an ISO standard in 2009. An internal building block of OCB2 is the tweakable blockcipher obtained

更新日期：2020-06-30
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-16
Michael Hutter, Erich Wenger

Multi-precision multiplication is one of the most fundamental operations on microprocessors to allow public-key cryptography such as RSA and elliptic curve cryptography. In this paper, we present a novel multiplication technique that increases the performance of multiplication by sophisticated caching of operands. Our method significantly reduces the number of needed load instructions which is usually

更新日期：2020-06-16
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-15
Ralf Küsters, Max Tuengerthal, Daniel Rausch

The universal composability paradigm allows for the modular design and analysis of cryptographic protocols. It has been widely and successfully used in cryptography. However, devising a coherent yet simple and expressive model for universal composability is, as the history of such models shows, highly non-trivial. For example, several partly severe problems have been pointed out in the literature for

更新日期：2020-06-15
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-15
Carmit Hazay, Peter Scholl, Eduardo Soria-Vazquez

In this work, we present two new actively secure, constant-round multi-party computation (MPC) protocols with security against all-but-one corruptions. Our protocols both start with an actively secure MPC protocol, which may have linear round complexity in the depth of the circuit, and compile it into a constant-round protocol based on garbled circuits, with very low overhead. 1. Our first protocol

更新日期：2020-06-15
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-09
Benoît Libert, Moti Yung

In threshold cryptography, private keys are divided into n shares, each one of which is given to a different server in order to avoid single points of failure. In the case of threshold public-key encryption, at least $$t \le n$$ servers need to contribute to the decryption process. A threshold primitive is said robust if no coalition of t malicious servers can prevent remaining honest servers from

更新日期：2020-06-09
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-02
Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Essam Ghadafi, Jens Groth

Group signatures allow members of a group to anonymously sign on behalf of the group. Membership is administered by a designated group manager. The group manager can also reveal the identity of a signer if and when needed to enforce accountability and deter abuse. For group signatures to be applicable in practice, they need to support fully dynamic groups, i.e., users may join and leave at any time

更新日期：2020-06-02
• J. Cryptol. (IF 1.277) Pub Date : 2020-05-29
Ralf Küsters, Max Tuengerthal, Daniel Rausch

In frameworks for universal composability, complex protocols can be built from sub-protocols in a modular way using composition theorems. However, as first pointed out and studied by Canetti and Rabin, this modular approach often leads to impractical implementations. For example, when using a functionality for digital signatures within a more complex protocol, parties have to generate new verification

更新日期：2020-05-29
• J. Cryptol. (IF 1.277) Pub Date : 2020-05-12
Paul Bunn; Rafail Ostrovsky

The k-means clustering problem is one of the most explored problems in data mining. With the advent of protocols that have proven to be successful in performing single database clustering, the focus has shifted in recent years to the question of how to extend the single database protocols to a multiple database setting. To date, there have been numerous attempts to create specific multiparty k-means

更新日期：2020-05-12
• J. Cryptol. (IF 1.277) Pub Date : 2020-04-22
Susumu Kiyoshima

Concurrent non-malleable zero-knowledge ($$\mathrm {CNMZK}$$) protocols are zero-knowledge protocols that provides security even when adversaries interact with multiple provers and verifiers simultaneously. It is known that $$\mathrm {CNMZK}$$ arguments for $$\mathcal {NP}$$ can be constructed in the plain model. Furthermore, it was recently shown that statistical$$\mathrm {CNMZK}$$ arguments for $$\mathcal 更新日期：2020-04-22 • J. Cryptol. (IF 1.277) Pub Date : 2020-04-08 Masaud Y. Alhassan; Daniel Günther; Ágnes Kiss; Thomas Schneider A universal circuit (UC) can be programmed to simulate any circuit up to a given size n by specifying its program inputs. It provides elegant solutions in various application scenarios, e.g., for private function evaluation (PFE) and for improving the flexibility of attribute-based encryption schemes. The asymptotic lower bound for the size of a UC is \(\Omega (n\log n)$$, and Valiant (STOC’76) provided

更新日期：2020-04-08
• J. Cryptol. (IF 1.277) Pub Date : 2020-03-05
Ashwin Jha; Mridul Nandi

At CRYPTO ’12, Landecker et al. introduced the cascaded LRW2 (or CLRW2) construction and proved that it is a secure tweakable block cipher up to roughly $$2^{2n/3}$$ queries. Recently, Mennink has presented a distinguishing attack on CLRW2 in $$2n^{1/2}2^{3n/4}$$ queries. In the same paper, he discussed some non-trivial bottlenecks in proving tight security bound, i.e., security up to $$2^{3n/4} 更新日期：2020-03-05 • J. Cryptol. (IF 1.277) Pub Date : 2020-03-04 Patrick Derbez; Léo Perrin NXP Semiconductors and its academic partners challenged the cryptographic community with finding practical attacks on the block cipher they designed, PRINCE. Instead of trying to attack as many rounds as possible using attacks which are usually impractical despite being faster than brute force, the challenge invites cryptographers to find practical attacks and encourages them to actually implement 更新日期：2020-03-04 • J. Cryptol. (IF 1.277) Pub Date : 2020-02-14 Tim Beyne A new approach to invariant subspaces and nonlinear invariants is developed. This results in both theoretical insights and practical attacks on block ciphers. It is shown that, with minor modifications to some of the round constants, Midori-64 has a nonlinear invariant with \(2^{96} + 2^{64}$$ corresponding weak keys. Furthermore, this invariant corresponds to a linear hull with maximal correlation

更新日期：2020-02-14
• J. Cryptol. (IF 1.277) Pub Date : 2020-02-11
Tomer Ashur; Tim Beyne; Vincent Rijmen

Linear cryptanalysis is considered to be one of the strongest techniques in the cryptanalyst’s arsenal. In most cases, Matsui’s Algorithm 2 is used for the key recovery part of the attack. The success rate analysis of this algorithm is based on an assumption regarding the bias of a linear approximation for a wrong key, known as the wrong-key-randomization hypothesis. This hypothesis was refined by

更新日期：2020-02-11
• J. Cryptol. (IF 1.277) Pub Date : 2020-01-22
Felix Wegener; Lauren De Meyer; Amir Moradi

The effort in reducing the area of AES implementations has largely been focused on application-specific integrated circuits (ASICs) in which a tower field construction leads to a small design of the AES S-box. In contrast, a naive implementation of the AES S-box has been the status-quo on field-programmable gate arrays (FPGAs). A similar discrepancy holds for masking schemes—a well-known side-channel

更新日期：2020-01-22
• J. Cryptol. (IF 1.277) Pub Date : 2020-01-06
David A. Basin; Andreas Lochbihler; S. Reza Sefidgar

Game-based proofs are a well-established paradigm for structuring security arguments and simplifying their understanding. We present a novel framework, CryptHOL, for rigorous game-based proofs that is supported by mechanical theorem proving. CryptHOL is based on a new semantic domain with an associated functional programming language for expressing games. We embed our framework in the Isabelle/HOL

更新日期：2020-01-06
• J. Cryptol. (IF 1.277) Pub Date : 2020-01-02
Martin R. Albrecht; Pooya Farshim; Shuai Han; Dennis Hofheinz; Enrique Larraia; Kenneth G. Paterson

We provide constructions of multilinear groups equipped with natural hard problems from indistinguishability obfuscation, homomorphic encryption, and NIZKs. This complements known results on the constructions of indistinguishability obfuscators from multilinear maps in the reverse direction. We provide two distinct, but closely related constructions and show that multilinear analogues of the $${\text 更新日期：2020-01-02 • J. Cryptol. (IF 1.277) Pub Date : 2019-12-02 Bhavana Kanukurthi; Sai Lakshmi Bhavana Obbattu; Sruthi Sekar Non-malleable codes (NMCs), introduced by Dziembowski, Pietrzak and Wichs (ITCS 2010), provide a powerful guarantee in scenarios where the classical notion of error-correcting codes cannot provide any guarantee: a decoded message is either the same or completely independent of the underlying message, regardless of the number of errors introduced into the codeword. Informally, NMCs are defined with 更新日期：2019-12-02 • J. Cryptol. (IF 1.277) Pub Date : 2019-10-15 Qian Guo; Thomas Johansson; Carl Löndahl We present a new algorithm for solving the LPN problem. The algorithm has a similar form as some previous methods, but includes a new key step that makes use of approximations of random words to a nearest codeword in a linear code. It outperforms previous methods for many parameter choices. In particular, we can now solve the \((512,\frac{1}{8})$$ LPN instance with complexity less than $$2^{80}$$ operations

更新日期：2019-10-15
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-30
Nir Bitansky; Ryo Nishimaki; Alain Passelègue; Daniel Wichs

Functional encryption lies at the frontiers of the current research in cryptography; some variants have been shown sufficiently powerful to yield indistinguishability obfuscation (IO), while other variants have been constructed from standard assumptions such as LWE. Indeed, most variants have been classified as belonging to either the former or the latter category. However, one mystery that has remained

更新日期：2019-09-30
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-26
Itai Dinur; Nathan Keller; Ohad Klein

The distributed discrete logarithm (DDL) problem was introduced by Boyle, Gilboa and Ishai at CRYPTO 2016. A protocol solving this problem was the main tool used in the share conversion procedure of their homomorphic secret sharing (HSS) scheme which allows non-interactive evaluation of branching programs among two parties over shares of secret inputs. Let g be a generator of a multiplicative group

更新日期：2019-09-26
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-26
Achiya Bar-On; Orr Dunkelman; Nathan Keller; Eyal Ronen; Adi Shamir

Determining the security of AES is a central problem in cryptanalysis, but progress in this area had been slow and only a handful of cryptanalytic techniques led to significant advancements. At Eurocrypt 2017 Grassi et al. presented a novel type of distinguisher for AES-like structures, but so far all the published attacks which were based on this distinguisher were inferior to previously known attacks

更新日期：2019-09-26
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-17
Benny Applebaum; Thomas Holenstein; Manoj Mishra; Ofer Shayevitz

Private simultaneous message (PSM) protocols were introduced by Feige, Kilian, and Naor (STOC ’94) as a minimal non-interactive model for information theoretic three-party secure computation. While it is known that every function $$f:\{0,1\}^k\times \{0,1\}^k \rightarrow \{0,1\}$$ admits a PSM protocol with exponential communication of $$2^{k/2}$$ (Beimel et al., TCC ’14), the best known (non-explicit)

更新日期：2019-09-17
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-16
Lucas Kowalczyk; Hoeteck Wee

We present compact attribute-based encryption (ABE) schemes for $${\textsf {NC}}^{1}$$ that are adaptively secure under the k-Lin assumption with polynomial security loss. Our KP-ABE scheme achieves ciphertext size that is linear in the attribute length and independent of the policy size even in the many-use setting, and we achieve an analogous efficiency guarantee for CP-ABE. This resolves the central

更新日期：2019-09-16
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-16
Orr Dunkelman; Nathan Keller; Eran Lambooij; Yu Sasaki

Lilliput-AE is a tweakable block cipher submitted as a candidate to the NIST lightweight cryptography standardization process. It is based upon the lightweight block cipher Lilliput, whose cryptanalysis so far suggests that it has a large security margin. In this note, we present an extremely efficient forgery attack on Lilliput-AE: Given a single arbitrary message of length about $$2^{36}$$ bytes

更新日期：2019-09-16
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-13
Itai Dinur

The FX-construction was proposed in 1996 by Kilian and Rogaway as a generalization of the DESX scheme. The construction increases the security of an n-bit core block cipher with a $$\kappa$$-bit key by using two additional n-bit masking keys. Recently, several concrete instances of the FX-construction were proposed, including PRINCE, PRIDE and MANTIS (presented at ASIACRYPT 2012, CRYPTO 2014 and CRYPTO

更新日期：2019-09-13
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-04
Nir Bitansky

Verifiable random functions (VRFs) are pseudorandom functions where the owner of the seed, in addition to computing the function’s value y at any point x, can also generate a non-interactive proof $$\pi$$ that y is correct, without compromising pseudorandomness at other points. Being a natural primitive with a wide range of applications, considerable efforts have been directed toward the construction

更新日期：2019-09-04
• J. Cryptol. (IF 1.277) Pub Date : 2019-08-08
Felipe G. Lacerda; Joseph M. Renes; Renato Renner

Physical implementations of cryptographic algorithms leak information, which makes them vulnerable to the so-called side-channel attacks. The problem of secure computation in the presence of leakage is generally known as leakage resilience. In this work, we establish a connection between leakage resilience and fault-tolerant quantum computation. We first prove that for a general leakage model, there

更新日期：2019-08-08
• J. Cryptol. (IF 1.277) Pub Date : 2019-07-12
Zhenzhen Bao; Itai Dinur; Jian Guo; Gaëtan Leurent; Lei Wang

Hash combiners are a practical way to make cryptographic hash functions more tolerant to future attacks and compatible with existing infrastructure. A combiner combines two or more hash functions in a way that is hopefully more secure than each of the underlying hash functions, or at least remains secure as long as one of them is secure. Two classical hash combiners are the exclusive-or (XOR) combiner

更新日期：2019-07-12
• J. Cryptol. (IF 1.277) Pub Date : 2019-07-09
Dana Dachman-Soled; Nils Fleischhacker; Jonathan Katz; Anna Lysyanskaya; Dominique Schröder

A recent line of work has explored the use of physically unclonable functions (PUFs) for secure computation, with the goals of (1) achieving universal composability without additional setup and/or (2) obtaining unconditional security (i.e., avoiding complexity-theoretic assumptions). Initial work assumed that all PUFs, even those created by an attacker, are honestly generated. Subsequently, researchers

更新日期：2019-07-09
• J. Cryptol. (IF 1.277) Pub Date : 2019-06-12
Ilan Komargodski; Gil Segev

Private-key functional encryption enables fine-grained access to symmetrically encrypted data. Although private-key functional encryption (supporting an unbounded number of keys and ciphertexts) seems significantly weaker than its public-key variant, its known realizations all rely on public-key functional encryption. At the same time, however, up until recently it was not known to imply any public-key

更新日期：2019-06-12
• J. Cryptol. (IF 1.277) Pub Date : 2019-05-22
Carmit Hazay; Muthuramakrishnan Venkitasubramaniam

Katz and Ostrovsky (Crypto 2004) proved that five rounds are necessary for stand-alone general black-box constructions of secure two-party protocols and at least four rounds are necessary if only one party needs to receive the output. Recently, Ostrovsky, Richelson and Scafuro (Crypto 2015) proved optimality of this result by showing how to realize stand-alone, secure two-party computation under general

更新日期：2019-05-22
• J. Cryptol. (IF 1.277) Pub Date : 2019-05-17
Avik Chakraborti; Tetsu Iwata; Kazuhiko Minematsu; Mridul Nandi

This paper presents a lightweight blockcipher-based authenticated encryption mode mainly focusing on minimizing the implementation size, i.e., hardware gates or working memory on software. The mode is called $$\textsf {COFB}$$, for COmbined FeedBack. $$\textsf {COFB}$$ uses an n-bit blockcipher as the underlying primitive and relies on the use of a nonce for security. In addition to the state required

更新日期：2019-05-17
• J. Cryptol. (IF 1.277) Pub Date : 2019-05-08
Carmit Hazay; Muthuramakrishnan Venkitasubramaniam

In this work, we study the intrinsic complexity of black-box Universally Composable (UC) secure computation based on general assumptions. We present a thorough study in various corruption modelings while focusing on achieving security in the common reference string (CRS) model. Our results involve the following: Static UC secure computation. Designing the first static UC oblivious transfer protocol

更新日期：2019-05-08
• J. Cryptol. (IF 1.277) Pub Date : 2019-04-26
Yehuda Lindell; Benny Pinkas; Nigel P. Smart; Avishay Yanai

Recently, there has been huge progress in the field of concretely efficient secure computation, even while providing security in the presence of malicious adversaries. This is especially the case in the two-party setting, where constant-round protocols exist that remain fast even over slow networks. However, in the multi-party setting, all concretely efficient fully secure protocols, such as SPDZ,

更新日期：2019-04-26
• J. Cryptol. (IF 1.277) Pub Date : 2019-04-26
Sam Kim; David J. Wu

Non-interactive zero-knowledge (NIZK) proofs are fundamental to modern cryptography. Numerous NIZK constructions are known in both the random oracle and the common reference string (CRS) models. In the CRS model, there exist constructions from several classes of cryptographic assumptions such as trapdoor permutations, pairings, and indistinguishability obfuscation. However, at the time of the initial

更新日期：2019-04-26
• J. Cryptol. (IF 1.277) Pub Date : 2019-04-25
Ilaria Chillotti; Nicolas Gama; Mariya Georgieva; Malika Izabachène

This work describes a fast fully homomorphic encryption scheme over the torus (TFHE) that revisits, generalizes and improves the fully homomorphic encryption (FHE) based on GSW and its ring variants. The simplest FHE schemes consist in bootstrapped binary gates. In this gate bootstrapping mode, we show that the scheme FHEW of Ducas and Micciancio (Eurocrypt, 2015) can be expressed only in terms of

更新日期：2019-04-25
• J. Cryptol. (IF 1.277) Pub Date : 2019-04-23
Carmit Hazay; Avishay Yanai

The random-access memory model of computation allows program constant-time memory lookup and is more applicable in practice today, covering many important algorithms. This is in contrast to the classic setting of secure 2-party computation (2PC) that mostly follows the approach for which the desired functionality must be represented as a Boolean circuit. In this work, we design the first constant-round

更新日期：2019-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2019-04-08
Gilles Brassard; Peter Høyer; Kassem Kalach; Marc Kaplan; Sophie Laplante; Louis Salvail

In 1974, Ralph Merkle proposed the first unclassified protocol for secure communications over insecure channels. When legitimate communicating parties are willing to spend an amount of computational effort proportional to some parameter N, an eavesdropper cannot break into their communication without spending a time proportional to $$N^2$$, which is quadratically more than the legitimate effort. In a

更新日期：2019-04-08
• J. Cryptol. (IF 1.277) Pub Date : 2019-04-04
Sabyasachi Karati; Palash Sarkar

This work considers the problem of fast and secure scalar multiplication using curves of genus one defined over a field of prime order. Previous work by Gaudry and Lubicz (Finite Fields Appl 15(2):246–260, 2009) had suggested the use of the associated Kummer line to speed up scalar multiplication. In the present work, we explore this idea in detail. The first task is to obtain an elliptic curve in

更新日期：2019-04-04
• J. Cryptol. (IF 1.277) Pub Date : 2019-03-27
Steven D. Galbraith; Christophe Petit; Javier Silva

We present signature schemes whose security relies on computational assumptions relating to isogeny graphs of supersingular elliptic curves. We give two schemes, both of them based on interactive identification protocols. The first identification protocol is due to De Feo, Jao and Plût. The second one, and the main contribution of the paper, makes novel use of an algorithm of Kohel, Lauter, Petit and

更新日期：2019-03-27
• J. Cryptol. (IF 1.277) Pub Date : 2019-03-15
Adi Akavia; Rio LaVigne; Tal Moran

A distributed computation in which nodes are connected by a partial communication graph is called topology hiding if it does not reveal information about the graph beyond what is revealed by the output of the function. Previous results have shown that topology-hiding computation protocols exist for graphs of constant degree and logarithmic diameter in the number of nodes (Moran–Orlov–Richelson, TCC’15;

更新日期：2019-03-15
• J. Cryptol. (IF 1.277) Pub Date : 2019-02-13
Jian Guo; Guohong Liao; Guozhen Liu; Meicheng Liu; Kexin Qiao; Ling Song

The Keccak hash function is the winner of the SHA-3 competition (2008–2012) and became the SHA-3 standard of NIST in 2015. In this paper, we focus on practical collision attacks against round-reduced SHA-3 and some Keccak variants. Following the framework developed by Dinur et al. at FSE 2012 where 4-round collisions were found by combining 3-round differential trails and 1-round connectors, we extend

更新日期：2019-02-13
• J. Cryptol. (IF 1.277) Pub Date : 2019-02-12
Estuardo Alpirez Bock; Joppe W. Bos; Chris Brzuska; Charles Hubain; Wil Michiels; Cristofaro Mune; Eloi Sanfelix Gonzalez; Philippe Teuwen; Alexander Treff

Despite the fact that all current scientific white-box approaches of standardized cryptographic primitives have been publicly broken, these attacks require knowledge of the internal data representation used by the implementation. In practice, the level of implementation knowledge required is only attainable through significant reverse-engineering efforts. In this paper, we describe new approaches to

更新日期：2019-02-12
• J. Cryptol. (IF 1.277) Pub Date : 2019-02-07
Carmit Hazay; Muthuramakrishnan Venkitasubramaniam

Ishai, Kushilevitz, Ostrovsky and Sahai (STOC 2007; SIAM J Comput 39(3):1121–1152, 2009) introduced the powerful “MPC-in-the-head” technique that provided a general transformation of information-theoretic MPC protocols secure against passive adversaries to a ZK proof in a “black-box” way. In this work, we extend this technique and provide a generic transformation of any semi-honest secure two-party

更新日期：2019-02-07
Contents have been reproduced by permission of the publishers.

down
wechat
bug