IACR Cryptol. ePrint Arch.最新文献_第2页

Anonymous Complaint Aggregation for Secure Messaging 匿名投诉汇总，实现安全信息传递

IACR Cryptol. ePrint Arch. Pub Date : 2024-07-01 DOI: 10.56553/popets-2024-0078

Connor Bell, Saba Eskandarian

{"title":"Anonymous Complaint Aggregation for Secure Messaging","authors":"Connor Bell, Saba Eskandarian","doi":"10.56553/popets-2024-0078","DOIUrl":"https://doi.org/10.56553/popets-2024-0078","url":null,"abstract":"Private messaging platforms provide strong protection against platform eavesdropping, but malicious users can use privacy as cover for spreading abuse and misinformation. In an attempt to identify the sources of misinformation on private platforms, researchers have proposed mechanisms to trace back the source of a user-reported message (CCS '19,'21). Unfortunately, the threat model considered by initial proposals allowed a single user to compromise the privacy of another user whose legitimate content the reporting user did not like. More recent work has attempted to mitigate this side effect by requiring a threshold number of users to report a message before its origins can be identified (NDSS '22). However, the state of the art scheme requires the introduction of new probabilistic data structures and only achieves a \"fuzzy\" threshold guarantee. Moreover, false positives, where the source of an unreported message is identified, are possible. \u0000\u0000 This paper introduces a new threshold source tracking technique that allows a private messaging platform, with the cooperation of a third-party moderator, to operate a threshold reporting scheme with exact thresholds and no false positives. Unlike prior work, our techniques require no modification of the message delivery process for a standard source tracking scheme, affecting only the abuse reporting procedure, and do not require tuning of probabilistic data structures.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"31 4","pages":"455"},"PeriodicalIF":0.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141693662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SublonK: Sublinear Prover PlonK SublonK：次线性箴言 PlonK

IACR Cryptol. ePrint Arch. Pub Date : 2024-07-01 DOI: 10.56553/popets-2024-0080

A. Choudhuri, Sanjam Garg, Aarushi Goel, Sruthi Sekar, Rohit Sinha

{"title":"SublonK: Sublinear Prover PlonK","authors":"A. Choudhuri, Sanjam Garg, Aarushi Goel, Sruthi Sekar, Rohit Sinha","doi":"10.56553/popets-2024-0080","DOIUrl":"https://doi.org/10.56553/popets-2024-0080","url":null,"abstract":"We propose SublonK --- a new succinct non-interactive argument of knowledge (SNARK). SublonK is the first SNARK that achieves both a constant proof size and prover runtime that grows only with the size of the ``active part'' of the executed circuit (i.e., *sub-linear* in the size of the entire circuit) while being *black-box in cryptography*. For instance, consider circuits encoding conditional execution, where only a fraction of the circuit is exercised by the input. For such circuits, the prover runtime in SublonK grows only with the exercised execution path. Our new construction builds on PlonK [Gabizon-Williamson-Ciobotaru, EPRINT'19], a popular state-of-the-art practical zkSNARK, and preserves all its great features --- constant size proofs, constant time proof verification, a circuit-independent universal setup, and support for custom gates and lookup gates. Our techniques are useful for a wide range of applications that involve a circuit executing k steps, where at each step, a (possibly different) s-sized segment is executed from a choice of n segments. Our prover cost for such circuits is O(ks(log (ks) + log(n))). Finally, we show that our improvements are not purely asymptotic. Specifically, we demonstrate the concrete efficiency of SublonK using zkRollups as an example application. Based on our implementation, for parameter choices derived from rollup contracts on Ethereum, n =8, k = 128, s= 2^{16}, the SublonK prover is approximately 4.8x faster than the PlonK prover, and proofs in SublonK are 2.4KB and can be verified in under 50ms.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"66 1","pages":"902"},"PeriodicalIF":0.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141691041","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 7

Secure Range-Searching Using Copy-And-Recurse 使用复制和递归功能进行安全范围搜索

IACR Cryptol. ePrint Arch. Pub Date : 2024-07-01 DOI: 10.56553/popets-2024-0096

Eyal Kushnir, Guy Moshkowich, Hayim Shaul

{"title":"Secure Range-Searching Using Copy-And-Recurse","authors":"Eyal Kushnir, Guy Moshkowich, Hayim Shaul","doi":"10.56553/popets-2024-0096","DOIUrl":"https://doi.org/10.56553/popets-2024-0096","url":null,"abstract":"Range searching is the problem of preprocessing a set of points P, such that given a query range gamma we can efficiently compute some function f(P cap gamma). For example, in a 1 dimensional range counting query, P is a set of numbers, gamma is a segment and we need to count how many numbers of P are in gamma. In higher dimensions, P is a set of d dimensional points and the query range is some volume in R^d. In general, we want to compute more than just counting, for example, the average of P cap gamma. Range searching has applications in databases where some SELECT queries can be translated to range queries. It had received a lot of attention in computational geometry where a data structure called partition tree was shown to solve range queries in time sub-linear in |P| using space only linear in |P|. In this paper we consider partition trees under FHE where we answer range queries without learning the value of the points or the parameters of the range. We show how partition trees can be securely traversed with O(t n^{1-1/d+epsilon} + n^{1+epsilon}) operations, where n=|P|, t is the number of operations needed to compare to gamma and epsilon>0 is a parameter. When the ranges are axis-parallel hyper-boxes the running time is O(t n^epsilon + n log^{d-1} n). As far as we know, this is the first non-trivial bound on range searching under FHE and it improves over the naive solution that needs O(t n) operations. Our algorithms are independent of the encryption scheme but as an example we implemented them using the CKKS FHE scheme. Our experiments show that for databases of sizes 2^{23} and 2^{25}, our algorithms run x2.8 and x4.7 (respectively) faster than the naive algorithm. The improvement of our algorithm comes from a method we call copy-and-recurse. With it we efficiently traverse a r-ary tree (where each inner node has r children) that also has the property that at most xi of them need to be recursed into when traversing the tree. We believe this method is interesting in its own and can be used to improve traversals in other tree-like structures.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"5 20","pages":"983"},"PeriodicalIF":0.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141699274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Further Improvements of the Estimation of Key Enumeration with Applications to Solving LWE 进一步改进密钥枚举估算并应用于解决 LWE 问题

IACR Cryptol. ePrint Arch. Pub Date : 2024-06-13 DOI: 10.1007/s12095-024-00722-1

Alessandro Budroni, Erik Mårtensson

引用次数: 0

Assessing the quality of Random Number Generators through Neural Networks 通过神经网络评估随机数生成器的质量

IACR Cryptol. ePrint Arch. Pub Date : 2024-06-11 DOI: 10.1088/2632-2153/ad56fb

José Luis Crespo, Javier González-Villa, Jaime Gutierrez, Angel Valle

{"title":"Assessing the quality of Random Number Generators through Neural Networks","authors":"José Luis Crespo, Javier González-Villa, Jaime Gutierrez, Angel Valle","doi":"10.1088/2632-2153/ad56fb","DOIUrl":"https://doi.org/10.1088/2632-2153/ad56fb","url":null,"abstract":"\u0000 In this paper we address the use of Neural Networks (NN) for the assessment of the quality and hence safety of several Random Number Generators (RNGs), focusing both on the vulnerability of classical Pseudo Random Number Generators (PRNGs), such as Linear Congruential Generators (LCGs) and the RC4 algorithm, and extending our analysis to non-conventional data sources, such as Quantum Random Number Generators (QRNGs) based on Vertical-Cavity Surface-Emitting Laser (VCSEL). Among the results found, we have classified the generators based on the capability of the NN to distinguish between the RNG and a Golden Standard RNG (GSRNG). We show that sequences from simple PRNGs like LCGs and RC4 can be distinguished from the GSRNG. We also show that sequences from LCG on elliptic curves and VCSEL-based QRNG can not be distinguished from the GSRNG even with the biggest long-short term memory or convolutional neural networks that we have considered. We underline the fundamental role of design decisions in enhancing the safety of RNGs. The influence of network architecture design and associated hyper-parameters variations was also explored. We show that longer sequence lengths and convolutional neural networks are more effective for discriminating RNGs against the GSRNG. Moreover, in the prediction domain, the proposed model is able to deftly distinguish between the raw data of our QRNG and data from the GSRNG exhibiting a cross-entropy error of 0.52 on the test data-set used. All these findings reveal the potential of NNs to enhance the security of RNGs, while highlighting the robustness of certain QRNGs, in particular the VCSEL-based variants, for high-quality random number generation applications.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"10 5","pages":"578"},"PeriodicalIF":0.0,"publicationDate":"2024-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141359186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On the Concrete Security of LWE with Small Secret 论小秘密 LWE 的具体安全性

IACR Cryptol. ePrint Arch. Pub Date : 2024-06-07 DOI: 10.1007/s44007-024-00111-3

Hao Chen, Lynn Chua, K. Lauter, Yongsoo Song

引用次数: 9

Lightweight Asynchronous Verifiable Secret Sharing with Optimal Resilience 具有最佳复原能力的轻量级异步可验证秘密共享

IACR Cryptol. ePrint Arch. Pub Date : 2024-06-06 DOI: 10.1007/s00145-024-09505-6

V. Shoup, N. Smart

引用次数: 12

Universal Gaussian Elimination Hardware for Cryptographic Purposes 用于加密的通用高斯消除硬件

IACR Cryptol. ePrint Arch. Pub Date : 2024-05-22 DOI: 10.1007/s13389-024-00355-3

Jingwei Hu, Wen Wang, K. Gaj, Donglong Chen, Huaxiong Wang

引用次数: 1

Building PRFs from TPRPs: Beyond the Block and the Tweak Length Bounds 从 TPRPs 建立 PRF：超越区块和调整长度界限

IACR Cryptol. ePrint Arch. Pub Date : 2024-03-01 DOI: 10.46586/tosc.v2024.i1.35-70

Won-Seok Choi, Jooyoung Lee

{"title":"Building PRFs from TPRPs: Beyond the Block and the Tweak Length Bounds","authors":"Won-Seok Choi, Jooyoung Lee","doi":"10.46586/tosc.v2024.i1.35-70","DOIUrl":"https://doi.org/10.46586/tosc.v2024.i1.35-70","url":null,"abstract":"A secure n-bit tweakable block cipher (TBC) using t-bit tweaks can be modeled as a tweakable uniform random permutation, where each tweak defines an independent random n-bit permutation. When an input to this tweakable permutation is fixed, it can be viewed as a perfectly secure t-bit random function. On the other hand, when a tweak is fixed, it can be viewed as a perfectly secure n-bit random permutation, and it is well known that the sum of two random permutations is pseudorandom up to 2n queries.A natural question is whether one can construct a pseudorandom function (PRF) beyond the block and the tweak length bounds using a small number of calls to the underlying tweakable permutations. A straightforward way of constructing a PRF from tweakable permutations is to xor the outputs from two tweakable permutations with c bits of the input to each permutation fixed. Using the multi-user security of the sum of two permutations, one can prove that the (t + n − c)-to-n bit PRF is secure up to 2n+c queries.In this paper, we propose a family of PRF constructions based on tweakable permutations, dubbed XoTPc, achieving stronger security than the straightforward construction. XoTPc is parameterized by c, giving a (t + n − c)-to-n bit PRF. When t < 3n and c = t/3 , XoTPt/3 becomes an (n + 2t/3 )-to-n bit pseudorandom function, which is secure up to 2n+2t/3 queries. It provides security beyond the block and the tweak length bounds, making two calls to the underlying tweakable permutations. In order to prove the security of XoTPc, we extend Mirror theory to q ≫ 2n, where q is the number of equations. From a practical point of view, our construction can be used to construct TBC-based MAC finalization functions and CTR-type encryption modes with stronger provable security compared to existing schemes.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"33 5","pages":"918"},"PeriodicalIF":0.0,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140084180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Constructing Committing and Leakage-Resilient Authenticated Encryption 构建具有提交和防泄漏能力的验证加密

IACR Cryptol. ePrint Arch. Pub Date : 2024-03-01 DOI: 10.46586/tosc.v2024.i1.497-528

Patrick Struck, Maximiliane Weishäupl

{"title":"Constructing Committing and Leakage-Resilient Authenticated Encryption","authors":"Patrick Struck, Maximiliane Weishäupl","doi":"10.46586/tosc.v2024.i1.497-528","DOIUrl":"https://doi.org/10.46586/tosc.v2024.i1.497-528","url":null,"abstract":"The main goal of this work is to construct authenticated encryption (AE) hat is both committing and leakage-resilient. As a first approach for this we consider generic composition as a well-known method for constructing AE schemes. While the leakage resilience of generic composition schemes has already been analyzed by Barwell et al. (Asiacrypt’17), for committing security this is not the case. We fill this gap by providing a separate analysis of the generic composition paradigms with respect to committing security, giving both positive and negative results: By means of a concrete attack, we show that Encrypt-then-MAC is not committing. Furthermore, we prove that Encrypt-and-MAC is committing, given that the underlying schemes satisfy security notions we introduce for this purpose. We later prove these new notions achievable by providing schemes that satisfy them. MAC-then-Encrypt turns out to be more difficult due to the fact that the tag is not outputted alongside the ciphertext as it is done for the other two composition methods. Nevertheless, we give a detailed heuristic analysis of MAC-then-Encrypt with respect to committing security, leaving a definite result as an open task for future work. Our results, in combination with the fact that only Encrypt-then-MAC yields leakage-resilient AE schemes, show that one cannot obtain AE schemes that are both committing and leakage-resilient via generic composition. As a second approach for constructing committing and leakage-resilient AE, we develop a generic transformation that turns an arbitrary AE scheme into one that fulfills both properties. The transformation relies on a keyed function that is both binding, i.e., it is hard to find key-input pairs that result in the same output, and leakage-resilient pseudorandom.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"81 24","pages":"190"},"PeriodicalIF":0.0,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140085082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0