Results 1 
8 of
8
PublicKey Cryptosystems Resilient to Key Leakage
"... Most of the work in the analysis of cryptographic schemes is concentrated in abstract adversarial models that do not capture sidechannel attacks. Such attacks exploit various forms of unintended information leakage, which is inherent to almost all physical implementations. Inspired by recent sidec ..."
Abstract

Cited by 61 (6 self)
 Add to MetaCart
(Show Context)
Most of the work in the analysis of cryptographic schemes is concentrated in abstract adversarial models that do not capture sidechannel attacks. Such attacks exploit various forms of unintended information leakage, which is inherent to almost all physical implementations. Inspired by recent sidechannel attacks, especially the “cold boot attacks ” of Halderman et al. (USENIX Security ’08), Akavia, Goldwasser and Vaikuntanathan (TCC ’09) formalized a realistic framework for modeling the security of encryption schemes against a wide class of sidechannel attacks in which adversarially chosen functions of the secret key are leaked. In the setting of publickey encryption, Akavia et al. showed that Regev’s latticebased scheme (STOC ’05) is resilient to any leakage of
Better key sizes (and attacks) for LWEbased encryption
 In CTRSA
, 2011
"... We analyze the concrete security and key sizes of theoretically sound latticebased encryption schemes based on the “learning with errors ” (LWE) problem. Our main contributions are: (1) a new lattice attack on LWE that combines basis reduction with an enumeration algorithm admitting a time/success ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
We analyze the concrete security and key sizes of theoretically sound latticebased encryption schemes based on the “learning with errors ” (LWE) problem. Our main contributions are: (1) a new lattice attack on LWE that combines basis reduction with an enumeration algorithm admitting a time/success tradeoff, which performs better than the simple distinguishing attack considered in prior analyses; (2) concrete parameters and security estimates for an LWEbased cryptosystem that is more compact and efficient than the wellknown schemes from the literature. Our new key sizes are up to 10 times smaller than prior examples, while providing even stronger concrete security levels.
Semihomomorphic encryption and multiparty computation
 In EUROCRYPT, volume 6632 of Lecture Notes in Computer Science
, 2011
"... Abstract. An additivelyhomomorphic encryption scheme enables us to compute linear functions of an encrypted input by manipulating only the ciphertexts. We define the relaxed notion of a semihomomorphic encryption scheme, where the plaintext can be recovered as long as the computed function does not ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
(Show Context)
Abstract. An additivelyhomomorphic encryption scheme enables us to compute linear functions of an encrypted input by manipulating only the ciphertexts. We define the relaxed notion of a semihomomorphic encryption scheme, where the plaintext can be recovered as long as the computed function does not increase the size of the input “too much”. We show that a number of existing cryptosystems are captured by our relaxed notion. In particular, we give examples of semihomomorphic encryption schemes based on lattices, subset sum and factoring. We then demonstrate how semihomomorphic encryption schemes allow us to construct an efficient multiparty computation protocol for arithmetic circuits, UCsecure against a dishonest majority. The protocol consists of a preprocessing phase and an online phase. Neither the inputs nor the function to be computed have to be known during preprocessing. Moreover, the online phase is extremely efficient as it requires no cryptographic operations: the parties only need to exchange additive shares and verify information theoretic MACs. Our contribution is therefore twofold: from a theoretical point of view, we can base multiparty computation on a variety of different assumptions, while on the practical side we offer a protocol with better efficiency than any previous solution. 1
Fully LeakageResilient Signatures
, 2010
"... A signature scheme is fully leakage resilient (Katz and Vaikuntanathan, ASIACRYPT ’09) if it is existentially unforgeable under an adaptive chosenmessage attack even in a setting where an adversary may obtain bounded (yet arbitrary) leakage information on all intermediate values that are used throu ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
A signature scheme is fully leakage resilient (Katz and Vaikuntanathan, ASIACRYPT ’09) if it is existentially unforgeable under an adaptive chosenmessage attack even in a setting where an adversary may obtain bounded (yet arbitrary) leakage information on all intermediate values that are used throughout the lifetime of the system. This is a strong and meaningful notion of security that captures a wide range of sidechannel attacks. One of the main challenges in constructing fully leakageresilient signature schemes is dealing with leakage that may depend on the random bits used by the signing algorithm, and constructions of such schemes are known only in the randomoracle model. Moreover, even in the randomoracle model, known schemes are only resilient to leakage of less than half the length of their signing key. In this paper we construct the first fully leakageresilient signature schemes without random oracles. We present a scheme that is resilient to any leakage of length (1 − o(1))L bits, where L is the length of the signing key. Our approach relies on generic cryptographic primitives, and at the same time admits rather efficient instantiations based on specific numbertheoretic
A toolkit for ringLWE cryptography
 In EUROCRYPT
, 2013
"... Recent advances in lattice cryptography, mainly stemming from the development of ringbased primitives such as ringLWE, have made it possible to design cryptographic schemes whose efficiency is competitive with that of more traditional numbertheoretic ones, along with entirely new applications lik ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Recent advances in lattice cryptography, mainly stemming from the development of ringbased primitives such as ringLWE, have made it possible to design cryptographic schemes whose efficiency is competitive with that of more traditional numbertheoretic ones, along with entirely new applications like fully homomorphic encryption. Unfortunately, realizing the full potential of ringbased cryptography has so far been hindered by a lack of practical algorithms and analytical tools for working in this context. As a result, most previous works have focused on very special classes of rings such as poweroftwo cyclotomics, which significantly restricts the possible applications. We bridge this gap by introducing a toolkit of fast, modular algorithms and analytical techniques that can be used in a wide variety of ringbased cryptographic applications, particularly those built around ringLWE. Our techniques yield applications that work in arbitrary cyclotomic rings, with no loss in their underlying worstcase hardness guarantees, and very little loss in computational efficiency, relative to poweroftwo cyclotomics. To demonstrate the toolkit’s applicability, we develop a few illustrative applications: two variant publickey cryptosystems, and a “somewhat homomorphic ” symmetric encryption scheme. Both apply to arbitrary cyclotomics, have tight parameters, and very efficient implementations. 1
Outsourced Pattern Matching
"... Abstract. In secure delegatable computation, computationally weak devices (or clients) wish to outsource their computation and data to an untrusted server in the cloud. While most earlier work considers the general question of how to securely outsource any computation to the cloud server, we focus o ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In secure delegatable computation, computationally weak devices (or clients) wish to outsource their computation and data to an untrusted server in the cloud. While most earlier work considers the general question of how to securely outsource any computation to the cloud server, we focus on concrete and important functionalities and give the first protocol for the pattern matching problem in the cloud. Loosely speaking, this problem considers a text T that is outsourced to the cloud S by a client CT. In a query phase, clients C1,...,Cl runanefficientprotocol with the server S and the client CT in order to learn the positions at which a pattern of length m matches the text (and nothing beyond that). This is called the outsourced pattern matching problem and is highly motivated in the context of delegatable computing since it offers storage alternatives for massive databases that contain confidential data (e.g., health related data about patient history). Our constructions offer simulationbased security in the presence of semihonest and malicious adversaries (in the random oracle model) and limit the communication in the query phase to O(m) bits plus the number of occurrences — which is optimal. In contrast to generic solutions for delegatable computation, our schemes do not rely on fully homomorphic encryption but instead uses novel ideas for solving pattern matching, based on efficiently solvable instances of the subset sum problem. 1
Automata, Languages and Programming—ICALP 2013. This is the full version. Outsourced Pattern Matching
, 2014
"... In secure delegatable computation, computationally weak devices (or clients) wish to outsource their computation and data to an untrusted server in the cloud. While most earlier work considers the general question of how to securely outsource any computation to the cloud server, we focus on concret ..."
Abstract
 Add to MetaCart
(Show Context)
In secure delegatable computation, computationally weak devices (or clients) wish to outsource their computation and data to an untrusted server in the cloud. While most earlier work considers the general question of how to securely outsource any computation to the cloud server, we focus on concrete and important functionalities and give the first protocol for the pattern matching problem in the cloud. Loosely speaking, this problem considers a text T that is outsourced to the cloud S by a sender SEN. In a query phase, receivers REC1,...,RECl run an efficient protocol with the server S and the sender SEN in order to learn the positions at which a pattern of length m matches the text (and nothing beyond that). This is called the outsourced pattern matching problem which is highly motivated in the context of delegatable computing since it offers storage alternatives for massive databases that contain confidential data (e.g., health related data about patient history). Our constructions are simulationbased secure in the presence of semihonest and malicious adversaries (in the random oracle model) and limit the communication in the query phase toO(m) bits plus the number of occurrences—which is optimal. In contrast to generic solutions for delegatable computation, our schemes do not rely on fully homomorphic encryption but instead use novel ideas for solving pattern
Quantum algorithms for the subsetsum problem
"... Abstract. This paper introduces a subsetsum algorithm with heuristic asymptotic cost exponent below 0.25. The new algorithm combines the 2010 HowgraveGraham–Joux subsetsum algorithm with a new streamlined data structure for quantum walks on Johnson graphs. ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. This paper introduces a subsetsum algorithm with heuristic asymptotic cost exponent below 0.25. The new algorithm combines the 2010 HowgraveGraham–Joux subsetsum algorithm with a new streamlined data structure for quantum walks on Johnson graphs.