IACR Cryptol. ePrint Arch.最新文献_第10页

Digital signature schemes using non-square matrices or scrap automorphisms 使用非方阵或碎片自同构的数字签名方案

IACR Cryptol. ePrint Arch. Pub Date : 2023-06-15 DOI: 10.48550/arXiv.2306.08927

Jiale Chen, D. Grigoriev, V. Shpilrain

引用次数: 1

Enforcing Data Geolocation Policies in Public Clouds using Trusted Computing 使用可信计算在公共云中实施数据地理位置策略

IACR Cryptol. ePrint Arch. Pub Date : 2023-06-14 DOI: 10.48550/arXiv.2306.17171

Zair Abbas, Mudassar Aslam

引用次数: 0

Information Bounds and Convergence Rates for Side-Channel Security Evaluators 边信道安全评估器的信息边界和收敛速率

IACR Cryptol. ePrint Arch. Pub Date : 2023-06-09 DOI: 10.46586/tches.v2023.i3.522-569

Loïc Masure, Gaëtan Cassiers, J. Hendrickx, François-Xavier Standaert

{"title":"Information Bounds and Convergence Rates for Side-Channel Security Evaluators","authors":"Loïc Masure, Gaëtan Cassiers, J. Hendrickx, François-Xavier Standaert","doi":"10.46586/tches.v2023.i3.522-569","DOIUrl":"https://doi.org/10.46586/tches.v2023.i3.522-569","url":null,"abstract":"Current side-channel evaluation methodologies exhibit a gap between inefficient tools offering strong theoretical guarantees and efficient tools only offering heuristic (sometimes case-specific) guarantees. Profiled attacks based on the empirical leakage distribution correspond to the first category. Bronchain et al. showed at Crypto 2019 that they allow bounding the worst-case security level of an implementation, but the bounds become loose as the leakage dimensionality increases. Template attacks and machine learning models are examples of the second category. In view of the increasing popularity of such parametric tools in the literature, a natural question is whether the information they can extract can be bounded.In this paper, we first show that a metric conjectured to be useful for this purpose, the hypothetical information, does not offer such a general bound. It only does when the assumptions exploited by a parametric model match the true leakage distribution. We therefore introduce a new metric, the training information, that provides the guarantees that were conjectured for the hypothetical information for practically-relevant models. We next initiate a study of the convergence rates of profiled side-channel distinguishers which clarifies, to the best of our knowledge for the first time, the parameters that influence the complexity of a profiling. On the one hand, the latter has practical consequences for evaluators as it can guide them in choosing the appropriate modeling tool depending on the implementation (e.g., protected or not) and contexts (e.g., granting them access to the countermeasures’ randomness or not). It also allows anticipating the amount of measurements needed to guarantee a sufficient model quality. On the other hand, our results connect and exhibit differences between side-channel analysis and statistical learning theory.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"97 1","pages":"490"},"PeriodicalIF":0.0,"publicationDate":"2023-06-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85319394","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 6

Efficient Algorithms for Large Prime Characteristic Fields and Their Application to Bilinear Pairings and Supersingular Isogeny-Based Protocols 大素数特征域的高效算法及其在双线性配对和超奇异等同性协议中的应用

IACR Cryptol. ePrint Arch. Pub Date : 2023-06-09 DOI: 10.46586/tches.v2023.i3.445-472

P. Longa

{"title":"Efficient Algorithms for Large Prime Characteristic Fields and Their Application to Bilinear Pairings and Supersingular Isogeny-Based Protocols","authors":"P. Longa","doi":"10.46586/tches.v2023.i3.445-472","DOIUrl":"https://doi.org/10.46586/tches.v2023.i3.445-472","url":null,"abstract":"We propose a novel approach that generalizes interleaved modular multiplication algorithms for the computation of sums of products over large prime fields. This operation has widespread use and is at the core of many cryptographic applications. The method reformulates the widely used lazy reduction technique, crucially avoiding the need for storage and computation of “double-precision” operations. Moreover, it can be easily adapted to the different methods that exist to compute modular multiplication, producing algorithms that are significantly more efficient and memory-friendly. We showcase the performance of the proposed approach in the computation of multiplication over an extension field Fpk , and demonstrate its impact with record-breaking implementations of bilinear pairings. Specifically, we accomplish a full optimal ate pairing computation over the popular BLS12-381 curve, designed for the 128-bit security level, in under half a millisecond on a 3.2GHz Intel Coffee Lake processor, which is about 1.40× faster than the state-of-the-art. Similarly, we perform the same computation over the BLS24-509 curve, targeting the 192-bit security level, in ~ 2.6 milliseconds, achieving a speedup of more than 1.30x. We also report a significant impact on other applications, including protocols based on supersingular isogenies.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"59 1","pages":"367"},"PeriodicalIF":0.0,"publicationDate":"2023-06-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84180341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 8

PROLEAD_SW - Probing-Based Software Leakage Detection for ARM Binaries PROLEAD_SW -基于探测的ARM二进制文件软件泄漏检测

IACR Cryptol. ePrint Arch. Pub Date : 2023-06-09 DOI: 10.46586/tches.v2023.i3.391-421

Jannik Zeitschner, Nicolai Müller, A. Moradi

{"title":"PROLEAD_SW - Probing-Based Software Leakage Detection for ARM Binaries","authors":"Jannik Zeitschner, Nicolai Müller, A. Moradi","doi":"10.46586/tches.v2023.i3.391-421","DOIUrl":"https://doi.org/10.46586/tches.v2023.i3.391-421","url":null,"abstract":"A decisive contribution to the all-embracing protection of cryptographic software, especially on embedded devices, is the protection against Side-Channel Analysis (SCA) attacks. Masking countermeasures can usually be integrated into the software during the design phase. In theory, this should provide reliable protection against such physical attacks. However, the correct application of masking is a non-trivial task that often causes even experts to make mistakes. In addition to human-caused errors, micro-architectural Central Processing Unit (CPU) effects can lead even a seemingly theoretically correct implementation to fail to satisfy the desired level of security in practice. This originates from different components of< the underlying CPU which complicates the tracing of leakage back to a particular source and hence avoids making general and device-independent statements about its security.PROLEAD has recently been presented at CHES 2022 and has originally been developed as a simulation-based tool to evaluate masked hardware designs. In this work, we adapt PROLEAD for the evaluation of masked software, and enable the transfer of the already known benefits of PROLEAD into the software world. These include (1) evaluation of larger designs compared to the state of the art, e.g. a full Advanced Encryption Standard (AES) masked implementation, and (2) formal verification under our new generic leakage model for CPUs. Concretely, we formalize leakages, observed across different CPU architectures, into a generic abstraction model that includes all these leakages and is therefore independent of a specific CPU design. Our resulting tool PROLEAD_SW allows to provide a formal statement on the security based on the derived generic model. As a concrete result, using PROLEAD_SW we evaluated the security of several publicly available masked software implementations in our new generic leakage model and reveal multiple vulnerabilities.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"17 1","pages":"34"},"PeriodicalIF":0.0,"publicationDate":"2023-06-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90879915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Differentially Private Selection from Secure Distributed Computing 基于安全分布式计算的差分私有选择

IACR Cryptol. ePrint Arch. Pub Date : 2023-06-07 DOI: 10.48550/arXiv.2306.04564

I. Damgaard, Hannah Keller, Boel Nelson, Claudio Orlandi, R. Pagh

{"title":"Differentially Private Selection from Secure Distributed Computing","authors":"I. Damgaard, Hannah Keller, Boel Nelson, Claudio Orlandi, R. Pagh","doi":"10.48550/arXiv.2306.04564","DOIUrl":"https://doi.org/10.48550/arXiv.2306.04564","url":null,"abstract":"Given a collection of vectors $x^{(1)},dots,x^{(n)} in {0,1}^d$, the selection problem asks to report the index of an\"approximately largest\"entry in $x=sum_{j=1}^n x^{(j)}$. Selection abstracts a host of problems--in machine learning it can be used for hyperparameter tuning, feature selection, or to model empirical risk minimization. We study selection under differential privacy, where a released index guarantees privacy for each vectors. Though selection can be solved with an excellent utility guarantee in the central model of differential privacy, the distributed setting lacks solutions. Specifically, strong privacy guarantees with high utility are offered in high trust settings, but not in low trust settings. For example, in the popular shuffle model of distributed differential privacy, there are strong lower bounds suggesting that the utility of the central model cannot be obtained. In this paper we design a protocol for differentially private selection in a trust setting similar to the shuffle model--with the crucial difference that our protocol tolerates corrupted servers while maintaining privacy. Our protocol uses techniques from secure multi-party computation (MPC) to implement a protocol that: (i) has utility on par with the best mechanisms in the central model, (ii) scales to large, distributed collections of high-dimensional vectors, and (iii) uses $kgeq 3$ servers that collaborate to compute the result, where the differential privacy holds assuming an honest majority. Since general-purpose MPC techniques are not sufficiently scalable, we propose a novel application of integer secret sharing, and evaluate the utility and efficiency of our protocol theoretically and empirically. Our protocol is the first to demonstrate that large-scale differentially private selection is possible in a distributed setting.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"23 1","pages":"894"},"PeriodicalIF":0.0,"publicationDate":"2023-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78154052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Correlated Pseudorandomness from the Hardness of Quasi-Abelian Decoding 拟阿贝尔译码硬度的相关伪随机性

IACR Cryptol. ePrint Arch. Pub Date : 2023-06-06 DOI: 10.48550/arXiv.2306.03488

Maxime Bombar, Geoffroy Couteau, Alain Couvreur, Clément Ducros

{"title":"Correlated Pseudorandomness from the Hardness of Quasi-Abelian Decoding","authors":"Maxime Bombar, Geoffroy Couteau, Alain Couvreur, Clément Ducros","doi":"10.48550/arXiv.2306.03488","DOIUrl":"https://doi.org/10.48550/arXiv.2306.03488","url":null,"abstract":"Secure computation often benefits from the use of correlated randomness to achieve fast, non-cryptographic online protocols. A recent paradigm put forth by Boyle $textit{et al.}$ (CCS 2018, Crypto 2019) showed how pseudorandom correlation generators (PCG) can be used to generate large amounts of useful forms of correlated (pseudo)randomness, using minimal interactions followed solely by local computations, yielding silent secure two-party computation protocols (protocols where the preprocessing phase requires almost no communication). An additional property called programmability allows to extend this to build N-party protocols. However, known constructions for programmable PCG's can only produce OLE's over large fields, and use rather new splittable Ring-LPN assumption. In this work, we overcome both limitations. To this end, we introduce the quasi-abelian syndrome decoding problem (QA-SD), a family of assumptions which generalises the well-established quasi-cyclic syndrome decoding assumption. Building upon QA-SD, we construct new programmable PCG's for OLE's over any field $mathbb{F}_q$ with $q>2$. Our analysis also sheds light on the security of the ring-LPN assumption used in Boyle $textit{et al.}$ (Crypto 2020). Using our new PCG's, we obtain the first efficient N-party silent secure computation protocols for computing general arithmetic circuit over $mathbb{F}_q$ for any $q>2$.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"38 1","pages":"845"},"PeriodicalIF":0.0,"publicationDate":"2023-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86413993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Inferring Bivariate Polynomials for Homomorphic Encryption Application 推断二元多项式在同态加密中的应用

IACR Cryptol. ePrint Arch. Pub Date : 2023-06-05 DOI: 10.3390/cryptography7020031

Diana Maimuţ, G. Teşeleanu

引用次数: 0

Network Agnostic MPC with Statistical Security 具有统计安全性的网络不可知MPC

IACR Cryptol. ePrint Arch. Pub Date : 2023-06-02 DOI: 10.48550/arXiv.2306.01401

Ananya Appan, Ashish Choudhury

{"title":"Network Agnostic MPC with Statistical Security","authors":"Ananya Appan, Ashish Choudhury","doi":"10.48550/arXiv.2306.01401","DOIUrl":"https://doi.org/10.48550/arXiv.2306.01401","url":null,"abstract":"We initiate the study of the network agnostic MPC protocols with statistical security. Network agnostic protocols give the best possible security guarantees irrespective of the underlying network type. We consider the general-adversary model, where the adversary is characterized by an adversary structure which enumerates all possible candidate subsets of corrupt parties. The $mathcal{Q}^{(k)}$ condition enforces that the union of no $k$ subsets from the adversary structure covers the party set. Given an unconditionally-secure PKI setup, known statistically-secure synchronous MPC protocols are secure against adversary structures satisfying the $mathcal{Q}^{(2)}$ condition. Known statistically-secure asynchronous MPC protocols can tolerate $mathcal{Q}^{(3)}$ adversary structures. Fix a set of $n$ parties $mathcal{P} = {P_1, ... ,P_n}$ and adversary structures $mathcal{Z}_s$ and $mathcal{Z}_a$, satisfying the $mathcal{Q}^{(2)}$ and $mathcal{Q}^{(3)}$ conditions respectively, where $mathcal{Z}_a subset mathcal{Z}_s$. Then, given an unconditionally-secure PKI, we ask whether it is possible to design a statistically-secure MPC protocol resilient against $mathcal{Z}_s$ and $mathcal{Z}_a$ in a synchronous and an asynchronous network respectively if the parties in $mathcal{P}$ are unaware of the network type. We show that it is possible iff $mathcal{Z}_s$ and $mathcal{Z}_a$ satisfy the $mathcal{Q}^{(2,1)}$ condition, meaning that the union of any two subsets from $mathcal{Z}_s$ and any one subset from $mathcal{Z}_a$ is a proper subset of $mathcal{P}$. We design several important network agnostic building blocks with the $mathcal{Q}^{(2,1)}$ condition, such as Byzantine broadcast, Byzantine agreement, information checking protocol, verifiable secret-sharing and secure multiplication protocol, whose complexity is polynomial in $n$ and $|mathcal{Z}_s|$.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"34 1","pages":"820"},"PeriodicalIF":0.0,"publicationDate":"2023-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89383116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Undetectable Watermarks for Language Models 语言模型的不可检测水印

IACR Cryptol. ePrint Arch. Pub Date : 2023-05-25 DOI: 10.48550/arXiv.2306.09194

Miranda Christ, S. Gunn, Or Zamir

引用次数: 26