• J. Cryptol. (IF 1.277) Pub Date : 2020-08-04
Sandro Coretti, Yevgeniy Dodis, Ueli Maurer, Björn Tackmann, Daniele Venturi

One approach toward basing public-key encryption (PKE) schemes on weak and credible assumptions is to build “stronger” or more general schemes generically from “weaker” or more restricted ones. One particular line of work in this context was initiated by Myers and Shelat (FOCS ’09) and continued by Hohenberger, Lewko, and Waters (Eurocrypt ’12), who provide constructions of multi-bit CCA-secure PKE

更新日期：2020-08-04
• J. Cryptol. (IF 1.277) Pub Date : 2020-07-31

Assuming the existence of one-way functions, we show that there is no polynomial-time differentially private algorithm $${\mathcal {A}}$$ that takes a database $$D\in (\{0,1\}^d)^n$$ and outputs a “synthetic database” $${\hat{D}}$$ all of whose two-way marginals are approximately equal to those of D. (A two-way marginal is the fraction of database rows $$x\in \{0,1\}^d$$ with a given pair of values

更新日期：2020-08-01
• J. Cryptol. (IF 1.277) Pub Date : 2020-07-24
Sebastian Faust, Pratyay Mukherjee, Jesper Buus Nielsen, Daniele Venturi

Non-malleable codes (Dziembowski et al., ICS’10 and J. ACM’18) are a natural relaxation of error correcting/detecting codes with useful applications in cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a message can only leave it unchanged or modify it to the encoding of an unrelated value. This paper introduces continuous non-malleability, a generalization

更新日期：2020-07-25
• J. Cryptol. (IF 1.277) Pub Date : 2020-07-16
Amos Beimel, Yehuda Lindell, Eran Omri, Ilan Orlov

A protocol for computing a functionality is secure if an adversary in this protocol cannot cause more harm than in an ideal computation, where parties give their inputs to a trusted party that returns the output of the functionality to all parties. In particular, in the ideal model, such computation is fair—if the corrupted parties get the output, then the honest parties get the output. Cleve (STOC

更新日期：2020-07-16
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-29
Akiko Inoue, Tetsu Iwata, Kazuhiko Minematsu, Bertram Poettering

We present practical attacks on OCB2. This mode of operation of a blockcipher was designed with the aim to provide particularly efficient and provably secure authenticated encryption services, and since its proposal about 15 years ago it belongs to the top performers in this realm. OCB2 was included in an ISO standard in 2009. An internal building block of OCB2 is the tweakable blockcipher obtained

更新日期：2020-06-30
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-16
Michael Hutter, Erich Wenger

Multi-precision multiplication is one of the most fundamental operations on microprocessors to allow public-key cryptography such as RSA and elliptic curve cryptography. In this paper, we present a novel multiplication technique that increases the performance of multiplication by sophisticated caching of operands. Our method significantly reduces the number of needed load instructions which is usually

更新日期：2020-06-16
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-15
Ralf Küsters, Max Tuengerthal, Daniel Rausch

The universal composability paradigm allows for the modular design and analysis of cryptographic protocols. It has been widely and successfully used in cryptography. However, devising a coherent yet simple and expressive model for universal composability is, as the history of such models shows, highly non-trivial. For example, several partly severe problems have been pointed out in the literature for

更新日期：2020-06-15
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-15
Carmit Hazay, Peter Scholl, Eduardo Soria-Vazquez

In this work, we present two new actively secure, constant-round multi-party computation (MPC) protocols with security against all-but-one corruptions. Our protocols both start with an actively secure MPC protocol, which may have linear round complexity in the depth of the circuit, and compile it into a constant-round protocol based on garbled circuits, with very low overhead. 1. Our first protocol

更新日期：2020-06-15
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-09
Benoît Libert, Moti Yung

In threshold cryptography, private keys are divided into n shares, each one of which is given to a different server in order to avoid single points of failure. In the case of threshold public-key encryption, at least $$t \le n$$ servers need to contribute to the decryption process. A threshold primitive is said robust if no coalition of t malicious servers can prevent remaining honest servers from

更新日期：2020-06-09
• J. Cryptol. (IF 1.277) Pub Date : 2020-06-02
Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Essam Ghadafi, Jens Groth

Group signatures allow members of a group to anonymously sign on behalf of the group. Membership is administered by a designated group manager. The group manager can also reveal the identity of a signer if and when needed to enforce accountability and deter abuse. For group signatures to be applicable in practice, they need to support fully dynamic groups, i.e., users may join and leave at any time

更新日期：2020-06-02
• J. Cryptol. (IF 1.277) Pub Date : 2020-05-29
Ralf Küsters, Max Tuengerthal, Daniel Rausch

In frameworks for universal composability, complex protocols can be built from sub-protocols in a modular way using composition theorems. However, as first pointed out and studied by Canetti and Rabin, this modular approach often leads to impractical implementations. For example, when using a functionality for digital signatures within a more complex protocol, parties have to generate new verification

更新日期：2020-05-29
• J. Cryptol. (IF 1.277) Pub Date : 2020-05-12
Paul Bunn, Rafail Ostrovsky

The k-means clustering problem is one of the most explored problems in data mining. With the advent of protocols that have proven to be successful in performing single database clustering, the focus has shifted in recent years to the question of how to extend the single database protocols to a multiple database setting. To date, there have been numerous attempts to create specific multiparty k-means

更新日期：2020-05-12
• J. Cryptol. (IF 1.277) Pub Date : 2020-04-22
Susumu Kiyoshima

Concurrent non-malleable zero-knowledge ($$\mathrm {CNMZK}$$) protocols are zero-knowledge protocols that provides security even when adversaries interact with multiple provers and verifiers simultaneously. It is known that $$\mathrm {CNMZK}$$ arguments for $$\mathcal {NP}$$ can be constructed in the plain model. Furthermore, it was recently shown that statistical$$\mathrm {CNMZK}$$ arguments for $$\mathcal 更新日期：2020-04-23 • J. Cryptol. (IF 1.277) Pub Date : 2020-04-08 Masaud Y. Alhassan, Daniel Günther, Ágnes Kiss, Thomas Schneider A universal circuit (UC) can be programmed to simulate any circuit up to a given size n by specifying its program inputs. It provides elegant solutions in various application scenarios, e.g., for private function evaluation (PFE) and for improving the flexibility of attribute-based encryption schemes. The asymptotic lower bound for the size of a UC is \(\Omega (n\log n)$$, and Valiant (STOC’76) provided

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-30
Nir Bitansky, Ryo Nishimaki, Alain Passelègue, Daniel Wichs

Functional encryption lies at the frontiers of the current research in cryptography; some variants have been shown sufficiently powerful to yield indistinguishability obfuscation (IO), while other variants have been constructed from standard assumptions such as LWE. Indeed, most variants have been classified as belonging to either the former or the latter category. However, one mystery that has remained

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2020-02-11
Tomer Ashur, Tim Beyne, Vincent Rijmen

Linear cryptanalysis is considered to be one of the strongest techniques in the cryptanalyst’s arsenal. In most cases, Matsui’s Algorithm 2 is used for the key recovery part of the attack. The success rate analysis of this algorithm is based on an assumption regarding the bias of a linear approximation for a wrong key, known as the wrong-key-randomization hypothesis. This hypothesis was refined by

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-04
Nir Bitansky

Verifiable random functions (VRFs) are pseudorandom functions where the owner of the seed, in addition to computing the function’s value y at any point x, can also generate a non-interactive proof $$\pi$$ that y is correct, without compromising pseudorandomness at other points. Being a natural primitive with a wide range of applications, considerable efforts have been directed toward the construction

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2019-07-09
Dana Dachman-Soled, Nils Fleischhacker, Jonathan Katz, Anna Lysyanskaya, Dominique Schröder

A recent line of work has explored the use of physically unclonable functions (PUFs) for secure computation, with the goals of (1) achieving universal composability without additional setup and/or (2) obtaining unconditional security (i.e., avoiding complexity-theoretic assumptions). Initial work assumed that all PUFs, even those created by an attacker, are honestly generated. Subsequently, researchers

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2019-06-12
Ilan Komargodski, Gil Segev

Private-key functional encryption enables fine-grained access to symmetrically encrypted data. Although private-key functional encryption (supporting an unbounded number of keys and ciphertexts) seems significantly weaker than its public-key variant, its known realizations all rely on public-key functional encryption. At the same time, however, up until recently it was not known to imply any public-key

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2020-01-06
David A. Basin, Andreas Lochbihler, S. Reza Sefidgar

Game-based proofs are a well-established paradigm for structuring security arguments and simplifying their understanding. We present a novel framework, CryptHOL, for rigorous game-based proofs that is supported by mechanical theorem proving. CryptHOL is based on a new semantic domain with an associated functional programming language for expressing games. We embed our framework in the Isabelle/HOL

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2020-03-05
Ashwin Jha, Mridul Nandi

At CRYPTO ’12, Landecker et al. introduced the cascaded LRW2 (or CLRW2) construction and proved that it is a secure tweakable block cipher up to roughly $$2^{2n/3}$$ queries. Recently, Mennink has presented a distinguishing attack on CLRW2 in $$2n^{1/2}2^{3n/4}$$ queries. In the same paper, he discussed some non-trivial bottlenecks in proving tight security bound, i.e., security up to $$2^{3n/4} 更新日期：2020-04-23 • J. Cryptol. (IF 1.277) Pub Date : 2020-03-04 Patrick Derbez, Léo Perrin NXP Semiconductors and its academic partners challenged the cryptographic community with finding practical attacks on the block cipher they designed, PRINCE. Instead of trying to attack as many rounds as possible using attacks which are usually impractical despite being faster than brute force, the challenge invites cryptographers to find practical attacks and encourages them to actually implement 更新日期：2020-04-23 • J. Cryptol. (IF 1.277) Pub Date : 2020-02-14 Tim Beyne A new approach to invariant subspaces and nonlinear invariants is developed. This results in both theoretical insights and practical attacks on block ciphers. It is shown that, with minor modifications to some of the round constants, Midori-64 has a nonlinear invariant with \(2^{96} + 2^{64}$$ corresponding weak keys. Furthermore, this invariant corresponds to a linear hull with maximal correlation

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2020-01-22
Felix Wegener, Lauren De Meyer, Amir Moradi

The effort in reducing the area of AES implementations has largely been focused on application-specific integrated circuits (ASICs) in which a tower field construction leads to a small design of the AES S-box. In contrast, a naive implementation of the AES S-box has been the status-quo on field-programmable gate arrays (FPGAs). A similar discrepancy holds for masking schemes—a well-known side-channel

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2020-01-02
Martin R. Albrecht, Pooya Farshim, Shuai Han, Dennis Hofheinz, Enrique Larraia, Kenneth G. Paterson

We provide constructions of multilinear groups equipped with natural hard problems from indistinguishability obfuscation, homomorphic encryption, and NIZKs. This complements known results on the constructions of indistinguishability obfuscators from multilinear maps in the reverse direction. We provide two distinct, but closely related constructions and show that multilinear analogues of the $${\text 更新日期：2020-04-23 • J. Cryptol. (IF 1.277) Pub Date : 2019-03-27 Steven D. Galbraith, Christophe Petit, Javier Silva We present signature schemes whose security relies on computational assumptions relating to isogeny graphs of supersingular elliptic curves. We give two schemes, both of them based on interactive identification protocols. The first identification protocol is due to De Feo, Jao and Plût. The second one, and the main contribution of the paper, makes novel use of an algorithm of Kohel, Lauter, Petit and 更新日期：2020-04-23 • J. Cryptol. (IF 1.277) Pub Date : 2019-02-07 Carmit Hazay, Muthuramakrishnan Venkitasubramaniam Ishai, Kushilevitz, Ostrovsky and Sahai (STOC 2007; SIAM J Comput 39(3):1121–1152, 2009) introduced the powerful “MPC-in-the-head” technique that provided a general transformation of information-theoretic MPC protocols secure against passive adversaries to a ZK proof in a “black-box” way. In this work, we extend this technique and provide a generic transformation of any semi-honest secure two-party 更新日期：2020-04-23 • J. Cryptol. (IF 1.277) Pub Date : 2019-04-25 Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, Malika Izabachène This work describes a fast fully homomorphic encryption scheme over the torus (TFHE) that revisits, generalizes and improves the fully homomorphic encryption (FHE) based on GSW and its ring variants. The simplest FHE schemes consist in bootstrapped binary gates. In this gate bootstrapping mode, we show that the scheme FHEW of Ducas and Micciancio (Eurocrypt, 2015) can be expressed only in terms of 更新日期：2020-04-23 • J. Cryptol. (IF 1.277) Pub Date : 2018-11-27 Dana Dachman-Soled, Feng-Hao Liu, Elaine Shi, Hong-Sheng Zhou Non-malleable codes, introduced as a relaxation of error-correcting codes by Dziembowski, Pietrzak, and Wichs (ICS ’10), provide the security guarantee that the message contained in a tampered codeword is either the same as the original message or is set to an unrelated value. Various applications of non-malleable codes have been discovered, and one of the most significant applications among these 更新日期：2020-04-23 • J. Cryptol. (IF 1.277) Pub Date : 2019-10-15 Qian Guo, Thomas Johansson, Carl Löndahl We present a new algorithm for solving the LPN problem. The algorithm has a similar form as some previous methods, but includes a new key step that makes use of approximations of random words to a nearest codeword in a linear code. It outperforms previous methods for many parameter choices. In particular, we can now solve the \((512,\frac{1}{8})$$ LPN instance with complexity less than $$2^{80}$$ operations

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2019-02-13
Jian Guo, Guohong Liao, Guozhen Liu, Meicheng Liu, Kexin Qiao, Ling Song

The Keccak hash function is the winner of the SHA-3 competition (2008–2012) and became the SHA-3 standard of NIST in 2015. In this paper, we focus on practical collision attacks against round-reduced SHA-3 and some Keccak variants. Following the framework developed by Dinur et al. at FSE 2012 where 4-round collisions were found by combining 3-round differential trails and 1-round connectors, we extend

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2019-03-15
Adi Akavia, Rio LaVigne, Tal Moran

A distributed computation in which nodes are connected by a partial communication graph is called topology hiding if it does not reveal information about the graph beyond what is revealed by the output of the function. Previous results have shown that topology-hiding computation protocols exist for graphs of constant degree and logarithmic diameter in the number of nodes (Moran–Orlov–Richelson, TCC’15;

更新日期：2020-04-23
• J. Cryptol. (IF 1.277) Pub Date : 2019-12-02
Bhavana Kanukurthi, Sai Lakshmi Bhavana Obbattu, Sruthi Sekar

Non-malleable codes (NMCs), introduced by Dziembowski, Pietrzak and Wichs (ITCS 2010), provide a powerful guarantee in scenarios where the classical notion of error-correcting codes cannot provide any guarantee: a decoded message is either the same or completely independent of the underlying message, regardless of the number of errors introduced into the codeword. Informally, NMCs are defined with

更新日期：2019-12-02
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-26
Itai Dinur, Nathan Keller, Ohad Klein

The distributed discrete logarithm (DDL) problem was introduced by Boyle, Gilboa and Ishai at CRYPTO 2016. A protocol solving this problem was the main tool used in the share conversion procedure of their homomorphic secret sharing (HSS) scheme which allows non-interactive evaluation of branching programs among two parties over shares of secret inputs. Let g be a generator of a multiplicative group

更新日期：2019-09-26
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-26
Achiya Bar-On, Orr Dunkelman, Nathan Keller, Eyal Ronen, Adi Shamir

Determining the security of AES is a central problem in cryptanalysis, but progress in this area had been slow and only a handful of cryptanalytic techniques led to significant advancements. At Eurocrypt 2017 Grassi et al. presented a novel type of distinguisher for AES-like structures, but so far all the published attacks which were based on this distinguisher were inferior to previously known attacks

更新日期：2019-09-26
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-17
Benny Applebaum, Thomas Holenstein, Manoj Mishra, Ofer Shayevitz

Private simultaneous message (PSM) protocols were introduced by Feige, Kilian, and Naor (STOC ’94) as a minimal non-interactive model for information theoretic three-party secure computation. While it is known that every function $$f:\{0,1\}^k\times \{0,1\}^k \rightarrow \{0,1\}$$ admits a PSM protocol with exponential communication of $$2^{k/2}$$ (Beimel et al., TCC ’14), the best known (non-explicit)

更新日期：2019-09-17
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-16
Lucas Kowalczyk, Hoeteck Wee

We present compact attribute-based encryption (ABE) schemes for $${\textsf {NC}}^{1}$$ that are adaptively secure under the k-Lin assumption with polynomial security loss. Our KP-ABE scheme achieves ciphertext size that is linear in the attribute length and independent of the policy size even in the many-use setting, and we achieve an analogous efficiency guarantee for CP-ABE. This resolves the central

更新日期：2019-09-16
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-16
Orr Dunkelman, Nathan Keller, Eran Lambooij, Yu Sasaki

Lilliput-AE is a tweakable block cipher submitted as a candidate to the NIST lightweight cryptography standardization process. It is based upon the lightweight block cipher Lilliput, whose cryptanalysis so far suggests that it has a large security margin. In this note, we present an extremely efficient forgery attack on Lilliput-AE: Given a single arbitrary message of length about $$2^{36}$$ bytes

更新日期：2019-09-16
• J. Cryptol. (IF 1.277) Pub Date : 2019-09-13
Itai Dinur

The FX-construction was proposed in 1996 by Kilian and Rogaway as a generalization of the DESX scheme. The construction increases the security of an n-bit core block cipher with a $$\kappa$$-bit key by using two additional n-bit masking keys. Recently, several concrete instances of the FX-construction were proposed, including PRINCE, PRIDE and MANTIS (presented at ASIACRYPT 2012, CRYPTO 2014 and CRYPTO

更新日期：2019-09-13
• J. Cryptol. (IF 1.277) Pub Date : 2019-07-12
Zhenzhen Bao, Itai Dinur, Jian Guo, Gaëtan Leurent, Lei Wang

Hash combiners are a practical way to make cryptographic hash functions more tolerant to future attacks and compatible with existing infrastructure. A combiner combines two or more hash functions in a way that is hopefully more secure than each of the underlying hash functions, or at least remains secure as long as one of them is secure. Two classical hash combiners are the exclusive-or (XOR) combiner

更新日期：2019-07-12
• J. Cryptol. (IF 1.277) Pub Date : 2019-05-17
Avik Chakraborti, Tetsu Iwata, Kazuhiko Minematsu, Mridul Nandi

This paper presents a lightweight blockcipher-based authenticated encryption mode mainly focusing on minimizing the implementation size, i.e., hardware gates or working memory on software. The mode is called $$\textsf {COFB}$$, for COmbined FeedBack. $$\textsf {COFB}$$ uses an n-bit blockcipher as the underlying primitive and relies on the use of a nonce for security. In addition to the state required

更新日期：2019-05-17
• J. Cryptol. (IF 1.277) Pub Date : 2019-04-26
Sam Kim, David J. Wu

Non-interactive zero-knowledge (NIZK) proofs are fundamental to modern cryptography. Numerous NIZK constructions are known in both the random oracle and the common reference string (CRS) models. In the CRS model, there exist constructions from several classes of cryptographic assumptions such as trapdoor permutations, pairings, and indistinguishability obfuscation. However, at the time of the initial

更新日期：2019-04-26
Contents have been reproduced by permission of the publishers.

down
wechat
bug