Results 1  10
of
1,606
Random Oracles are Practical: A Paradigm for Designing Efficient Protocols
, 1995
"... We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for the ..."
Abstract

Cited by 1643 (75 self)
 Add to MetaCart
for the random oracle model, and then replacing oracle accesses by the computation of an "appropriately chosen" function h. This paradigm yields protocols much more efficient than standard ones while retaining many of the advantages of provable security. We illustrate these gains for problems including
Key Homomorphic PRFs and Their Applications∗
, 2014
"... A pseudorandom function F: K ×X → Y is said to be key homomorphic if given F (k1, x) and F (k2, x) there is an efficient algorithm to compute F (k1 ⊕ k2, x), where ⊕ denotes a group operation on k1 and k2 such as xor. Key homomorphic PRFs are natural objects to study and have a number of interesting ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
secure in the random oracle model. We construct the first provably secure key homomorphic PRFs in the standard model. Our main construction is based on the learning with errors (LWE) problem. In the proof of security we need a variant of LWE where query points are nonuniform and we show
Subspace LWE
"... Abstract. The (decisional) learning with errors problem (LWE) asks to distinguish “noisy ” inner products of a secret vector with random vectors from uniform. In recent years, the LWE problem has found many applications in cryptography. In this paper we introduce (seemingly) much stronger adaptive a ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Abstract. The (decisional) learning with errors problem (LWE) asks to distinguish “noisy ” inner products of a secret vector with random vectors from uniform. In recent years, the LWE problem has found many applications in cryptography. In this paper we introduce (seemingly) much stronger adaptive
Building PRFs from PRPs
 Advances in Cryptology—CRYPTO ’98, LNCS 1462
, 1998
"... . We evaluate constructions for building pseudorandom functions (PRFs) from pseudorandom permutations (PRPs). We present two constructions: a slower construction which preserves the security of the PRP and a faster construction which has less security. One application of our construction is to ..."
Abstract

Cited by 23 (0 self)
 Add to MetaCart
. We evaluate constructions for building pseudorandom functions (PRFs) from pseudorandom permutations (PRPs). We present two constructions: a slower construction which preserves the security of the PRP and a faster construction which has less security. One application of our construction
Better Algorithms for LWE and LWR
"... Abstract. The Learning With Error problem (LWE) is becoming more and more used in cryptography, for instance, in the design of some fully homomorphic encryption schemes. It is thus of primordial importance to find the best algorithms that might solve this problem so that concrete parameters can be p ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
be proposed. The BKW algorithm was proposed by Blum et al. as an algorithm to solve the Learning Parity with Noise problem (LPN), a subproblem of LWE. This algorithm was then adapted to LWE by Albrecht et al. In this paper, we improve the algorithm proposed by Albrecht et al. by using multidimensional Fourier
Improved Constructions of PRFs Secure Against RelatedKey Attacks
, 2014
"... Building cryptographic primitives that are secure against relatedkey attacks (RKAs) is a wellstudied problem by practitioners and theoreticians alike. Practical implementations of block ciphers take into account RKA security to mitigate fault injection attacks. The theoretical study of RKA securit ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
with the BellareCash framework and the LWEand DLINbased PRFs recently constructed by Boneh, Lewi, Montgomery, and Raghunathan (Crypto ’13). As a result, we achieve the first PRFs from lattices secure against an (almost) linear class of relatedkey functions. In addition, we note that our DLINbased PRF (based
Constrained PRFs for Unbounded Inputs
"... A constrained pseudorandom function F: K × X → Y for family of subsets of X is a function where for any key k ∈ K and set S from the family one can efficiently compute a short constrained key kS which allows to evaluate F (k, ·) on all inputs x ∈ S, while given this key, the outputs on all inputs x ..."
Abstract
 Add to MetaCart
A constrained pseudorandom function F: K × X → Y for family of subsets of X is a function where for any key k ∈ K and set S from the family one can efficiently compute a short constrained key kS which allows to evaluate F (k, ·) on all inputs x ∈ S, while given this key, the outputs on all inputs x
Concrete security characterizations of PRFs and PRPs: Reductions and applications
 ADVANCES IN CRYPTOLOGY—ASIACRYPT 2000, LECTURE NOTES IN COMPUTER SCIENCE
, 2000
"... We investigate several alternate characterizations of pseudorandom functions (PRFs) and pseudorandom permutations (PRPs) in a concrete security setting. By analyzing the concrete complexity of the reductions between the standard notions and the alternate ones, we show that the latter, while equivale ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We investigate several alternate characterizations of pseudorandom functions (PRFs) and pseudorandom permutations (PRPs) in a concrete security setting. By analyzing the concrete complexity of the reductions between the standard notions and the alternate ones, we show that the latter, while
RingLWE in polynomial rings
 In Public Key Cryptography
, 2012
"... Abstract. The RingLWE problem, introduced by Lyubashevsky, Peikert, and Regev (Eurocrypt 2010), has been steadily finding many uses in numerous cryptographic applications. Still, the RingLWE problem defined in [LPR10] involves the fractional ideal R ∨ , the dual of the ring R, which is the source ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
, that this transformation is simple and benign. In this work we show that by applying a different, and much simpler transformation, one can transfer the results from [LPR10] into an “easytouse” RingLWE setting (i.e. without the dual ring R ∨), with only a very slight increase in the magnitude of the noise coefficients
On the Complexity of the BKW Algorithm on LWE
"... Abstract. In this paper we present a study of the complexity of the BlumKalaiWasserman (BKW) algorithm when applied to the Learning with Errors (LWE) problem, by providing refined estimates for the data and computational effort requirements for solving concrete instances of the LWE problem. We app ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
apply this refined analysis to suggested parameters for various LWEbased cryptographic schemes from the literature and, as a result, provide new upper bounds for the concrete hardness of these LWEbased schemes. 1
Results 1  10
of
1,606