Results 1 
5 of
5
Efficient byzantine agreement with faulty minority
 of Lecture Notes in Computer Science
, 2007
"... Abstract. Byzantine Agreement (BA) among n players allows the players to agree on a value, even when up to t of the players are faulty. In the broadcast variant of BA, one dedicated player holds a message, and all players shall learn this message. In the consensus variant of BA, every player holds ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Byzantine Agreement (BA) among n players allows the players to agree on a value, even when up to t of the players are faulty. In the broadcast variant of BA, one dedicated player holds a message, and all players shall learn this message. In the consensus variant of BA, every player holds (presumably the same) message, and the players shall agree on this message. BA is the probably most important primitive in distributed protocols, hence its efficiency is of particular importance. BA from scratch, i.e., without a trusted setup, is possible only for t < n/3. In this setting, the known BA protocols are highly efficient (O(n2) bits of communication) and provide informationtheoretic security. When a trusted setup is available, then BA is possible for t < n/2 (consensus), respectively for t < n (broadcast). In this setting, only computationally secure BA protocols are reasonably efficient (O(n3κ) bits). When informationtheoretic security is required, the most efficient known BA protocols require O(n17κ) bits of communication per BA, where κ denotes a security parameter. The main reason for this huge communication is that in the informationtheoretic world, parts of the setup are consumed with every invocation to BA, and hence the setup must be refreshed. This refresh operation is highly complex and communicationintensive. In this paper we present BA protocols (both broadcast and consensus) with informationtheoretic security for t < n/2, communicating O(n5κ) bits per BA.
Unconditionally Secure Anonymous Encryption and Group Authentication 1
, 2005
"... Anonymous channels or similar techniques that achieve sender’s anonymity play important roles in many applications, e.g. electronic voting. However, they will be meaningless if cryptographic primitives containing sender’s identity are carelessly used during the transmission. In computationally secur ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Anonymous channels or similar techniques that achieve sender’s anonymity play important roles in many applications, e.g. electronic voting. However, they will be meaningless if cryptographic primitives containing sender’s identity are carelessly used during the transmission. In computationally secure settings, this problem may be easily overcome by using public key encryption and group signatures. However, in an unconditionally secure setting, in which no computational difficulty is assumed, this is not an easy case as such. As the increasing computational power approaches the point where security policy can no longer assume the difficulty of solving factoring or discrete logarithm problems, it must shift its focus to assuring the solvency of unconditionally secure schemes that provide longterm security. The main contribution of this paper is to study the security primitives for the above problem. In this paper, we first define the unconditionally secure asymmetric encryption scheme, which is an encryption scheme with unconditional security and where it is impossible for a receiver to deduce the identity of a sender from the encrypted message. We also investigate tight lower bounds on required memory sizes from an information theoretic viewpoint and show an optimal construction based on polynomials. It is remarkable to see that these bounds are considerably different from those in Shannon’s model of the conventional unconditionally secure symmetric encryption. Other than the polynomialbased scheme,
Information Theoretic Bounds on Authentication Systems in Query Model
, 2006
"... Abstract Authentication codes provide message integrity guarantees in an information theoretic sensewithin a symmetric key setting. Information theoretic bounds on the success probability of an adversary who has access to previously authenticated messages have been derived by Simmons andRosenbaum, a ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract Authentication codes provide message integrity guarantees in an information theoretic sensewithin a symmetric key setting. Information theoretic bounds on the success probability of an adversary who has access to previously authenticated messages have been derived by Simmons andRosenbaum, among others. In this paper we consider a strong attack scenario where the adversary is adaptive and has access to authentication and verification oracles. We derive information theoreticbounds on the success probability of the adversary and on the key size of the code. This brings the study of unconditionally secure authentication systems on a par with the study of computationallysecure ones. We characterize the codes that meet these bounds and compare our result with the earlier ones. Keywords: Unconditional security, authentication system, Acodes, verification oracle. 1 Introduction Unconditionally secure authentication systems provide message integrity when the adversary's computational power is unknown or unlimited. Unconditional security is particularly important when recent advances in quantum computing and prospect of discovery and realization of efficient algorithms for solving `hard ' problems, is taken into account.
doi:10.1093/comjnl/bxh149 Unconditionally Secure Anonymous Encryption and Group Authentication 1
, 2005
"... Anonymous channels or similar techniques that achieve sender’s anonymity play important roles in many applications, e.g. electronic voting. However, they will be meaningless if cryptographic primitives containing sender’s identity are carelessly used during the transmission. In computationally secur ..."
Abstract
 Add to MetaCart
(Show Context)
Anonymous channels or similar techniques that achieve sender’s anonymity play important roles in many applications, e.g. electronic voting. However, they will be meaningless if cryptographic primitives containing sender’s identity are carelessly used during the transmission. In computationally secure settings, this problem may be easily overcome by using public key encryption and group signatures. However, in an unconditionally secure setting, in which no computational difficulty is assumed, this is not an easy case as such. As the increasing computational power approaches the point where security policy can no longer assume the difficulty of solving factoring or discrete logarithm problems, it must shift its focus to assuring the solvency of unconditionally secure schemes that provide longterm security. The main contribution of this paper is to study the security primitives for the above problem. In this paper, we first define the unconditionally secure asymmetric encryption scheme, which is an encryption scheme with unconditional security and where it is impossible for a receiver to deduce the identity of a sender from the encrypted message. We also investigate tight lower bounds on required memory sizes from an information theoretic viewpoint and show an optimal construction based on polynomials. It is remarkable to see that these bounds are considerably different from those in Shannon’s model of the conventional unconditionally secure symmetric encryption. Other than the polynomialbased scheme,
Design and Analysis of InformationTheoretically Secure Authentication Codes with NonUniformly Random Keys
"... The authentication code (Acode) is the one of the most fundamental cryptographic protocols in informationtheoretic cryptography, and it provides informationtheoretic integrity or authenticity, i.e., preventing information from being altered or substituted by the adversary having unbounded computa ..."
Abstract
 Add to MetaCart
(Show Context)
The authentication code (Acode) is the one of the most fundamental cryptographic protocols in informationtheoretic cryptography, and it provides informationtheoretic integrity or authenticity, i.e., preventing information from being altered or substituted by the adversary having unbounded computational powers. In addition, it has a wide range of applications such as multiparty computations and quantum key distribution protocols. The traditional Acode theory states that a good Acode is characterized as an Acode which satises equality of a lower bound on size of secretkeys, i.e., an Acode satisfying K  = ϵ−2, where K  is cardinality of the set of secretkeys and ϵ is the success probability of attacks of the adversary. However, good Acodes imply that secretkeys must be uniformly distributed. Therefore, if a nonuniformly random key is given, we cannot realize a good Acode by using it as a secretkey. Then, a natural question about this is: what is a good Acode having nonuniformly random keys? And, how can we design such a good Acode having nonuniformly random keys? To answer the questions, in this paper, we perform analysis of Acodes having nonuniformly random keys, and show the principle that guides the design for such good Acodes.