Designs, Codes and Cryptography最新文献

{"title":"Functional commitments for arbitrary circuits of bounded sizes","authors":"Jinrui Sha, Shengli Liu, Shuai Han","doi":"10.1007/s10623-024-01468-w","DOIUrl":"https://doi.org/10.1007/s10623-024-01468-w","url":null,"abstract":"<p>A functional commitment (FC) scheme enables committing to a vector <span>({textbf{x}})</span> and later producing an opening proof <span>(pi )</span> for a function value <span>(y=f({textbf{x}}))</span> with function <i>f</i> in some function set <span>({mathcal {F}})</span>. Everyone can verify the validity of the opening proof <span>(pi )</span> w.r.t. the function <i>f</i> and the function value <i>y</i>. Up to now, the largest function set is the bounded-depth circuits and achieved by FC schemes in [Peikeit et al. TCC 2021, De Castro et al. TCC 2023, Wee et al. Eurocrypt 2023, Wee et al. Asiacrypt 2023] with the help of the homomorphic encoding and evaluation techniques from lattices. In fact, these FC schemes can hardly support circuits of large depth, due to the fast accumulation of noises in the homomorphic evaluations. For example, if the depth of the circuit is linear to the security parameter <span>(lambda )</span>, then the underlying <span>(textsf {GapSVP}_{gamma })</span> problem will be accompanied with a super-exponentially large parameter <span>(gamma &gt;(lambda log lambda )^{Theta (lambda )})</span> and can be easily solved by the LLL algorithm. In this work, we propose a new FC scheme supporting arbitrary circuits of bounded sizes. We make use of homomorphic encoding and evaluation as well, but we disassemble the circuit gate by gate, process the gates, and reassemble the processed gates to a flattened circuit of logarithm depth <span>(O(log lambda ))</span>. This makes possible for our FC scheme to support arbitrary polynomial-size circuits. Our FC scheme has the common reference string (CRS) growing linear to the size of the circuit. So CRSs of different sizes allow our FC scheme to support circuits of different (bounded) sizes. Just like the recent work on FC schemes [Wee et al. Eurocrypt 2023, Asiacrypt 2023], our FC scheme achieves private opening and target binding based on a falsifiable family of “basis-augmented” SIS assumptions. Our FC scheme has succinct commitment but not succinct opening proof which of course does not support fast verification. To improve the running time of verification, we resort to the non-interactive GKR protocol to outsource the main computation in verification to the proof generation algorithm. As a result, we obtain an improved FC scheme which decreases the computational complexity of verification with a factor <span>(O(lambda ))</span>.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141918778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Involutions of finite abelian groups with explicit constructions on finite fields","authors":"Ruikai Chen, Sihem Mesnager","doi":"10.1007/s10623-024-01474-y","DOIUrl":"https://doi.org/10.1007/s10623-024-01474-y","url":null,"abstract":"<p>In this paper, we study properties and constructions of a general family of involutions of finite abelian groups, especially those of finite fields. The involutions we are interested in have the form <span>(lambda +gcirc tau )</span>, where <span>(lambda )</span> and <span>(tau )</span> are endomorphisms of a finite abelian group and <i>g</i> is an arbitrary map on this group. We present some involutions explicitly written as polynomials for the special cases of multiplicative and additive groups of finite fields.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141973838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An algebraic algorithm for breaking NTRU with multiple keys","authors":"Shi Bai, Hansraj Jangir, Tran Ngo, William Youmans","doi":"10.1007/s10623-024-01473-z","DOIUrl":"https://doi.org/10.1007/s10623-024-01473-z","url":null,"abstract":"<p>We describe a heuristic polynomial-time algorithm for breaking the NTRU problem with multiple keys when given a sufficient number of ring samples. Following the linearization approach of the Arora-Ge algorithm (<i>ICALP ’11</i>), our algorithm constructs a system of linear equations using the public keys. Our main contribution is a kernel reduction technique that extracts the secret vector from a linear space of rank <i>n</i>, where <i>n</i> is the degree of the ring in which NTRU is defined. Compared to the algorithm of Kim-Lee (<i>Designs, Codes and Cryptography, ’23</i>), our algorithm does not require prior knowledge of the Hamming weight of the secret keys. Our algorithm is based on some plausible heuristics. We demonstrate experiments and show that the algorithm works quite well in practice, with close to cryptographic parameters.\u0000</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-08-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141915205","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards a classification of permutation binomials of the form $$x^i+ax$$ over $${mathbb {F}}_{2^n}$$","authors":"Yi Li, Xiutao Feng, Qiang Wang","doi":"10.1007/s10623-024-01462-2","DOIUrl":"https://doi.org/10.1007/s10623-024-01462-2","url":null,"abstract":"<p>Permutation polynomials with few terms (especially permutation binomials) attract many people due to their simple algebraic structure. Despite the great interests in the study of permutation binomials, a complete characterization of permutation binomials is still unknown. Let <span>(q=2^n)</span> for a positive integer <i>n</i>. In this paper, we start classifying permutation binomials of the form <span>(x^i+ax)</span> over <span>({mathbb {F}}_{q})</span> in terms of their indices. After carrying out an exhaustive search of these permutation binomials over <span>({mathbb {F}}_{2^n})</span> for <i>n</i> up to 12, we gave three new infinite classes of permutation binomials over <span>({mathbb {F}}_{q^2})</span>, <span>({mathbb {F}}_{q^3})</span>, and <span>({mathbb {F}}_{q^4})</span> respectively, for <span>(q=2^n)</span> with arbitrary positive integer <i>n</i>. In particular, these binomials over <span>({mathbb {F}}_{q^3})</span> have relatively large index <span>(frac{q^2+q+1}{3})</span>. As an application, we can completely explain all the permutation binomials of the form <span>(x^i+ax)</span> over <span>({mathbb {F}}_{2^n})</span> for <span>(nle 8)</span>. Moreover, we prove that there does not exist permutation binomials of the form <span>(x^{2q^3+2q^2+2q+3}+ax)</span> over <span>({mathbb {F}}_{q^4})</span> such that <span>(ain {mathbb {F}}_{q^4}^*)</span> and <span>(n=2,m)</span> with <span>(mge 2)</span>.\u0000</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141909300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reduction for block-transitive t- $$(k^2,k,lambda )$$ designs","authors":"Haiyan Guan, Shenglin Zhou","doi":"10.1007/s10623-024-01477-9","DOIUrl":"https://doi.org/10.1007/s10623-024-01477-9","url":null,"abstract":"<p>In this paper, we study block-transitive automorphism groups of <i>t</i>-<span>((k^2,k,lambda ))</span> designs. We prove that a block-transitive automorphism group <i>G</i> of a <i>t</i>-<span>((k^2,k,lambda ))</span> design must be point-primitive, and <i>G</i> is either an affine group or an almost simple group. Moreover, the nontrivial <i>t</i>-<span>((k^2,k,lambda ))</span> designs admitting block-transitive automorphism groups of almost simple type with sporadic socle and alternating socle are classified.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141909308","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Nontrivial t-designs in polar spaces exist for all t","authors":"Charlene Weiß","doi":"10.1007/s10623-024-01471-1","DOIUrl":"https://doi.org/10.1007/s10623-024-01471-1","url":null,"abstract":"<p>A finite classical polar space of rank <i>n</i> consists of the totally isotropic subspaces of a finite vector space over <span>(mathbb {F}_q)</span> equipped with a nondegenerate form such that <i>n</i> is the maximal dimension of such a subspace. A <i>t</i>-<span>((n,k,lambda ))</span> design in a finite classical polar space of rank <i>n</i> is a collection <i>Y</i> of totally isotropic <i>k</i>-spaces such that each totally isotropic <i>t</i>-space is contained in exactly <span>(lambda )</span> members of <i>Y</i>. Nontrivial examples are currently only known for <span>(tle 2)</span>. We show that <i>t</i>-<span>((n,k,lambda ))</span> designs in polar spaces exist for all <i>t</i> and <i>q</i> provided that <span>(k&gt;frac{21}{2}t)</span> and <i>n</i> is sufficiently large enough. The proof is based on a probabilistic method by Kuperberg, Lovett, and Peled, and it is thus nonconstructive.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141904645","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cryptanalysis of a key exchange protocol based on a modified tropical structure","authors":"Huawei Huang, Changgen Peng, Lunzhi Deng","doi":"10.1007/s10623-024-01469-9","DOIUrl":"https://doi.org/10.1007/s10623-024-01469-9","url":null,"abstract":"<p>This article analyzes a key exchange protocol based on a modified tropical structure proposed by Ahmed et al. in 2023. It is shown that the modified tropical semiring is isomorphic to the <span>(2times 2)</span> tropical circular matrix semiring. Therefore, matrices in this modified tropical semiring can be represented as tropical matrices, and the key exchange protocol is actually based on the tropical matrix semiring. Tropical irreducible matrices exhibit almost linear periodic property. Efficient algorithms for calculating the linear period and defect of irreducible matrices are designed. Based on the public information of the protocol, the equivalent private key can be computed and then the shared key is easily obtained. The analysis shows that the key exchange protocol based on this modified tropical structure is not secure.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141880329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The classifications of o-monomials and of 2-to-1 binomials are equivalent","authors":"Lukas Kölsch, Gohar Kyureghyan","doi":"10.1007/s10623-024-01463-1","DOIUrl":"https://doi.org/10.1007/s10623-024-01463-1","url":null,"abstract":"<p>We observe that on the binary finite fields the classification of 2-to-1 binomials is equivalent to the classification of o-monomials, which is a well-studied and elusive problem in finite geometry. This connection implies a complete classification of 2-to-1 binomials <span>(b=x^d+ux^e)</span> for a large set of values of (<i>d</i>, <i>e</i>). Further, we show that a number of the known infinite families of 2-to-1 maps can be traced back to o-polynomials or to difference maps of APN maps. We also provide some connections between 2-to-1 maps and hyperovals in non-desarguesian planes.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141857605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Compact FE for unbounded attribute-weighted sums for logspace from SXDH","authors":"Pratish Datta, Tapas Pal, Katsuyuki Takashima","doi":"10.1007/s10623-024-01432-8","DOIUrl":"https://doi.org/10.1007/s10623-024-01432-8","url":null,"abstract":"<p>This paper presents the <i>first</i> functional encryption <span>((textsf{FE}))</span> scheme for the attribute-weighted sum functionality that supports the <i>uniform</i> model of computation. In such an <span>FE</span> scheme, encryption takes as input a pair of attributes (<i>x</i>, <i>z</i>) where <i>x</i> is public and <i>z</i> is private. A secret key corresponds to some weight function <i>f</i>, and decryption recovers the weighted sum <i>f</i>(<i>x</i>)<i>z</i>. In our scheme, both the public and private attributes can be of arbitrary polynomial lengths that are not fixed at system setup. The weight functions are modelled as <span>(text {Logspace Turing machines})</span>. Prior schemes could only support non-uniform Logspace. The proposed scheme is proven <i>adaptively simulation</i> secure under the well-studied symmetric external Diffie–Hellman assumption against an arbitrary polynomial number of secret key queries both before and after the challenge ciphertext. This is the best possible security notion that could be achieved for <span>FE</span>. On the technical side, our contributions lie in extending the techniques of Lin and Luo [EUROCRYPT 2020] devised for indistinguishability-based payload hiding attribute-based encryption for uniform Logspace access policies and the “three-slot reduction” technique for simulation-secure attribute-hiding <span>FE</span> for non-uniform Logspace devised by Datta and Pal [ASIACRYPT 2021] to the context of simulation-secure attribute-hiding <span>FE</span> for uniform Logspace.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141768461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"$$textsf {TOPAS}$$ 2-pass key exchange with full perfect forward secrecy and optimal communication complexity","authors":"Sven Schäge","doi":"10.1007/s10623-024-01429-3","DOIUrl":"https://doi.org/10.1007/s10623-024-01429-3","url":null,"abstract":"<p>We present Transmission optimal protocol with active security (<span>(textsf {TOPAS})</span>), the first key agreement protocol with optimal communication complexity (message size and number of rounds) that provides security against fully active adversaries. The size of the protocol messages and the computational costs to generate them are comparable to the basic Diffie-Hellman protocol over elliptic curves (which is well-known to only provide security against passive adversaries). Session keys are indistinguishable from random keys—even under reflection and key compromise impersonation attacks. What makes <span>(textsf {TOPAS})</span>stand out is that it also features a security proof of full perfect forward secrecy (PFS), where the attacker can <i>actively</i> modify messages sent to or from the test-session. The proof of full PFS relies on two new extraction-based security assumptions. It is well-known that existing implicitly-authenticated 2-message protocols like <span>(textsf {HMQV})</span>cannot achieve this strong form of (full) security against active attackers (Krawczyk, Crypto’05). This makes <span>(textsf {TOPAS})</span>the first key agreement protocol with full security against active attackers that works in prime-order groups while having optimal message size. We also present a variant of our protocol, <span>(textsf {TOPAS+})</span>, which, under the Strong Diffie-Hellman assumption, provides better computational efficiency in the key derivation phase. Finally, we present a third protocol termed <span>(textsf {FACTAS})</span>(for factoring-based protocol with active security) which has the same strong security properties as <span>(textsf {TOPAS})</span>and <span>(textsf {TOPAS+})</span>but whose security is solely based on the factoring assumption in groups of composite order (except for the proof of full PFS).</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141768458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}