Pub Date : 2022-02-28DOI: 10.1007/978-3-031-15979-4_25
Jelle Don, S. Fehr, Christian Majenz, Christian Schaffner
{"title":"Efficient NIZKs and Signatures from Commit-and-Open Protocols in the QROM","authors":"Jelle Don, S. Fehr, Christian Majenz, Christian Schaffner","doi":"10.1007/978-3-031-15979-4_25","DOIUrl":"https://doi.org/10.1007/978-3-031-15979-4_25","url":null,"abstract":"","PeriodicalId":256404,"journal":{"name":"IACR Cryptology ePrint Archive","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114296151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-02-28DOI: 10.1007/978-3-031-15979-4_18
Maxime Bombar, Alain Couvreur, Thomas Debris-Alazard
{"title":"On Codes and Learning With Errors over Function Fields","authors":"Maxime Bombar, Alain Couvreur, Thomas Debris-Alazard","doi":"10.1007/978-3-031-15979-4_18","DOIUrl":"https://doi.org/10.1007/978-3-031-15979-4_18","url":null,"abstract":"","PeriodicalId":256404,"journal":{"name":"IACR Cryptology ePrint Archive","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127688039","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-01-01DOI: 10.1137/1.9781611977073.99
G. Persiano, Kevin Yeo
We present a lower bound for the static cryptographic data structure problem of single-server private information retrieval (PIR) . PIR considers the setting where a server holds a database of n entries and a client wishes to privately retrieve the i -th entry without revealing the index i to the server. In our work, we focus on PIR with preprocessing where an r -bit hint may be computed in a preprocessing stage and stored by the server to be used to perform private queries in expected time t . We consider the public preprocessing setting of Beimel et al. [JoC, 2004] where the hint is publicly available to everyone including the adversary. We prove that for any single-server computationally secure PIR with preprocessing it must be that tr = Ω( n log n ) when r = Ω(log n ). If r = O (log n ), we show that t = Ω( n ). Our lower bound holds even when the scheme errs with probability 1 /n 2 and the adversary’s distinguishing advantage is 1 /n . Our work improves upon the tr = Ω( n ) lower bound of Beimel et al. [JoC, 2004]. We prove our lower bound in a variant of the cell probe model where only accesses to the memory are charged cost and computation and accesses to the hint are free. Our main technical contribution is a novel use of the cell sampling technique (also known as the incompressibility technique) used to obtain lower bounds on data structures. In previous works, this technique only leveraged the correctness guarantees to prove lower bounds even when used for cryptographic primitives. Our work combines the cell sampling technique with the privacy guarantees of PIR to construct a powerful, polynomial-time adversary that is critical to proving our higher lower bounds.
{"title":"Limits of Preprocessing for Single-Server PIR","authors":"G. Persiano, Kevin Yeo","doi":"10.1137/1.9781611977073.99","DOIUrl":"https://doi.org/10.1137/1.9781611977073.99","url":null,"abstract":"We present a lower bound for the static cryptographic data structure problem of single-server private information retrieval (PIR) . PIR considers the setting where a server holds a database of n entries and a client wishes to privately retrieve the i -th entry without revealing the index i to the server. In our work, we focus on PIR with preprocessing where an r -bit hint may be computed in a preprocessing stage and stored by the server to be used to perform private queries in expected time t . We consider the public preprocessing setting of Beimel et al. [JoC, 2004] where the hint is publicly available to everyone including the adversary. We prove that for any single-server computationally secure PIR with preprocessing it must be that tr = Ω( n log n ) when r = Ω(log n ). If r = O (log n ), we show that t = Ω( n ). Our lower bound holds even when the scheme errs with probability 1 /n 2 and the adversary’s distinguishing advantage is 1 /n . Our work improves upon the tr = Ω( n ) lower bound of Beimel et al. [JoC, 2004]. We prove our lower bound in a variant of the cell probe model where only accesses to the memory are charged cost and computation and accesses to the hint are free. Our main technical contribution is a novel use of the cell sampling technique (also known as the incompressibility technique) used to obtain lower bounds on data structures. In previous works, this technique only leveraged the correctness guarantees to prove lower bounds even when used for cryptographic primitives. Our work combines the cell sampling technique with the privacy guarantees of PIR to construct a powerful, polynomial-time adversary that is critical to proving our higher lower bounds.","PeriodicalId":256404,"journal":{"name":"IACR Cryptology ePrint Archive","volume":"70 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129640492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-01-01DOI: 10.1137/1.9781611977066.22
Charles Bouillaguet, Claire Delaplace, Monika Trimoska
This article discusses a simple deterministic algorithm for solving quadratic Boolean systems which is essentially a special case of more sophisticated methods. The main idea fits in a single sentence: guess enough variables so that the remaining quadratic equations can be solved by linearization (i.e. by considering each remaining monomial as an independent variable and solving the resulting linear system) and restart until the solution is found. Under strong heuristic assumptions, this finds all the solutions of m quadratic polynomials in n variables with Õ ( 2n− √ 2m ) operations. Although the best known algorithms require exponentially less time, the present technique has the advantage of being simpler to describe and easy to implement. In strong contrast with the state-of-the-art, it is also quite efficient in practice.
{"title":"A Simple Deterministic Algorithm for Systems of Quadratic Polynomials over 픽2","authors":"Charles Bouillaguet, Claire Delaplace, Monika Trimoska","doi":"10.1137/1.9781611977066.22","DOIUrl":"https://doi.org/10.1137/1.9781611977066.22","url":null,"abstract":"This article discusses a simple deterministic algorithm for solving quadratic Boolean systems which is essentially a special case of more sophisticated methods. The main idea fits in a single sentence: guess enough variables so that the remaining quadratic equations can be solved by linearization (i.e. by considering each remaining monomial as an independent variable and solving the resulting linear system) and restart until the solution is found. Under strong heuristic assumptions, this finds all the solutions of m quadratic polynomials in n variables with Õ ( 2n− √ 2m ) operations. Although the best known algorithms require exponentially less time, the present technique has the advantage of being simpler to describe and easy to implement. In strong contrast with the state-of-the-art, it is also quite efficient in practice.","PeriodicalId":256404,"journal":{"name":"IACR Cryptology ePrint Archive","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134316076","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-01-01DOI: 10.1137/1.9781611977073.98
Gilad Asharov, Ilan Komargodski, Wei-Kai Lin, E. Peserico, E. Shi
An oblivious RAM (ORAM), introduced by Goldreich and Ostrovsky (STOC ’87 and J. ACM ’96), is a technique for hiding RAM’s access pattern. That is, for every input the distribution of the observed locations accessed by the machine is essentially independent of the machine’s secret inputs. Recent progress culminated in a work of Asharov et al. (EUROCRYPT ’20), obtaining an ORAM with (amortized) logarithmic overhead in total work, which is known to be optimal. Oblivious Parallel RAM (OPRAM) is a natural extension of ORAM to the (more realistic) parallel setting where several processors make concurrent accesses to a shared memory. It is known that any OPRAM must incur logarithmic work overhead and for highly parallel RAMs a logarithmic depth blowup (in the balls and bins model). Despite the significant recent advances, there is still a large gap: all existing OPRAM schemes incur a poly-logarithmic overhead either in total work or in depth. Our main result closes the aforementioned gap and provides an essentially optimal OPRAM scheme. Specifically, assuming one-way functions, we show that any Parallel RAM with memory capacity N can be obliviously simulated in space O(N), incurring only O(logN) blowup in (amortized) total work as well as in depth. Our transformation supports all PRAMs in the CRCW mode and the resulting simulation is in the CRCW mode as well. Bar-Ilan University. NTT Research and Hebrew University of Jerusalem. Cornell University. Università degli Studi di Padova. Cornell University and CMU.
{"title":"Optimal Oblivious Parallel RAM","authors":"Gilad Asharov, Ilan Komargodski, Wei-Kai Lin, E. Peserico, E. Shi","doi":"10.1137/1.9781611977073.98","DOIUrl":"https://doi.org/10.1137/1.9781611977073.98","url":null,"abstract":"An oblivious RAM (ORAM), introduced by Goldreich and Ostrovsky (STOC ’87 and J. ACM ’96), is a technique for hiding RAM’s access pattern. That is, for every input the distribution of the observed locations accessed by the machine is essentially independent of the machine’s secret inputs. Recent progress culminated in a work of Asharov et al. (EUROCRYPT ’20), obtaining an ORAM with (amortized) logarithmic overhead in total work, which is known to be optimal. Oblivious Parallel RAM (OPRAM) is a natural extension of ORAM to the (more realistic) parallel setting where several processors make concurrent accesses to a shared memory. It is known that any OPRAM must incur logarithmic work overhead and for highly parallel RAMs a logarithmic depth blowup (in the balls and bins model). Despite the significant recent advances, there is still a large gap: all existing OPRAM schemes incur a poly-logarithmic overhead either in total work or in depth. Our main result closes the aforementioned gap and provides an essentially optimal OPRAM scheme. Specifically, assuming one-way functions, we show that any Parallel RAM with memory capacity N can be obliviously simulated in space O(N), incurring only O(logN) blowup in (amortized) total work as well as in depth. Our transformation supports all PRAMs in the CRCW mode and the resulting simulation is in the CRCW mode as well. Bar-Ilan University. NTT Research and Hebrew University of Jerusalem. Cornell University. Università degli Studi di Padova. Cornell University and CMU.","PeriodicalId":256404,"journal":{"name":"IACR Cryptology ePrint Archive","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129340163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-14DOI: 10.1007/978-3-031-07082-2_17
G. Alagic, Chen-Ming Bai, Jonathan Katz, Christian Majenz
{"title":"Post-Quantum Security of the Even-Mansour Cipher","authors":"G. Alagic, Chen-Ming Bai, Jonathan Katz, Christian Majenz","doi":"10.1007/978-3-031-07082-2_17","DOIUrl":"https://doi.org/10.1007/978-3-031-07082-2_17","url":null,"abstract":"","PeriodicalId":256404,"journal":{"name":"IACR Cryptology ePrint Archive","volume":"9 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116923112","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-22DOI: 10.1007/978-3-030-91424-0_11
Ziaur Rahman, X. Yi, I. Khalil, M. Sumi
{"title":"Chaos and Logistic Map based Key Generation Technique for AES-driven IoT Security","authors":"Ziaur Rahman, X. Yi, I. Khalil, M. Sumi","doi":"10.1007/978-3-030-91424-0_11","DOIUrl":"https://doi.org/10.1007/978-3-030-91424-0_11","url":null,"abstract":"","PeriodicalId":256404,"journal":{"name":"IACR Cryptology ePrint Archive","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132102328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-04DOI: 10.1137/1.9781611977554.ch150
Hao Chung, E. Shi
In blockchains such as Bitcoin and Ethereum, users compete in a transaction fee auction to get their transactions confirmed in the next block. A line of recent works set forth the desiderata for a"dream"transaction fee mechanism (TFM), and explored whether such a mechanism existed. A dream TFM should satisfy 1) user incentive compatibility (UIC), i.e., truthful bidding should be a user's dominant strategy; 2) miner incentive compatibility (MIC), i.e., the miner's dominant strategy is to faithfully implement the prescribed mechanism; and 3) miner-user side contract proofness (SCP), i.e., no coalition of the miner and one or more user(s) can increase their joint utility by deviating from the honest behavior. The weakest form of SCP is called 1-SCP, where we only aim to provide resilience against the collusion of the miner and a single user. Sadly, despite the various attempts, to the best of knowledge, no existing mechanism can satisfy all three properties in all situations. Since the TFM departs from classical mechanism design in modeling and assumptions, to date, our understanding of the design space is relatively little. In this paper, we further unravel the mathematical structure of transaction fee mechanism design by proving the following results: - Can we have a dream TFM? - Rethinking the incentive compatibility notions. - Do the new design elements make a difference?
{"title":"Foundations of Transaction Fee Mechanism Design","authors":"Hao Chung, E. Shi","doi":"10.1137/1.9781611977554.ch150","DOIUrl":"https://doi.org/10.1137/1.9781611977554.ch150","url":null,"abstract":"In blockchains such as Bitcoin and Ethereum, users compete in a transaction fee auction to get their transactions confirmed in the next block. A line of recent works set forth the desiderata for a\"dream\"transaction fee mechanism (TFM), and explored whether such a mechanism existed. A dream TFM should satisfy 1) user incentive compatibility (UIC), i.e., truthful bidding should be a user's dominant strategy; 2) miner incentive compatibility (MIC), i.e., the miner's dominant strategy is to faithfully implement the prescribed mechanism; and 3) miner-user side contract proofness (SCP), i.e., no coalition of the miner and one or more user(s) can increase their joint utility by deviating from the honest behavior. The weakest form of SCP is called 1-SCP, where we only aim to provide resilience against the collusion of the miner and a single user. Sadly, despite the various attempts, to the best of knowledge, no existing mechanism can satisfy all three properties in all situations. Since the TFM departs from classical mechanism design in modeling and assumptions, to date, our understanding of the design space is relatively little. In this paper, we further unravel the mathematical structure of transaction fee mechanism design by proving the following results: - Can we have a dream TFM? - Rethinking the incentive compatibility notions. - Do the new design elements make a difference?","PeriodicalId":256404,"journal":{"name":"IACR Cryptology ePrint Archive","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127151175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: