Journal of Mathematical Cryptology最新文献

{"title":"Approximate Voronoi cells for lattices, revisited","authors":"Thijs Laarhoven","doi":"10.1515/jmc-2020-0074","DOIUrl":"https://doi.org/10.1515/jmc-2020-0074","url":null,"abstract":"Abstract We revisit the approximate Voronoi cells approach for solving the closest vector problem with preprocessing (CVPP) on high-dimensional lattices, and settle the open problem of Doulgerakis–Laarhoven–De Weger [PQCrypto, 2019] of determining exact asymptotics on the volume of these Voronoi cells under the Gaussian heuristic. As a result, we obtain improved upper bounds on the time complexity of the randomized iterative slicer when using less than 2 0.076 d + o ( d ) $2^{0.076d + o(d)}$ memory, and we show how to obtain time–memory trade-offs even when using less than 2 0.048 d + o ( d ) $2^{0.048d + o(d)}$ memory. We also settle the open problem of obtaining a continuous trade-off between the size of the advice and the query time complexity, as the time complexity with subexponential advice in our approach scales as d d / 2 + o ( d ) $d^{d/2 + o(d)}$ matching worst-case enumeration bounds, and achieving the same asymptotic scaling as average-case enumeration algorithms for the closest vector problem.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2019-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2020-0074","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44488339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the first fall degree of summation polynomials","authors":"S. Kousidis, A. Wiemers","doi":"10.1515/jmc-2017-0022","DOIUrl":"https://doi.org/10.1515/jmc-2017-0022","url":null,"abstract":"Abstract We improve on the first fall degree bound of polynomial systems that arise from a Weil descent along Semaev’s summation polynomials relevant to the solution of the Elliptic Curve Discrete Logarithm Problem via Gröbner basis algorithms.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2019-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2017-0022","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47465244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Signcryption schemes with insider security in an ideal permutation model","authors":"Tarun Kumar Bansal, Xavier Boyen, J. Pieprzyk","doi":"10.1515/jmc-2018-0006","DOIUrl":"https://doi.org/10.1515/jmc-2018-0006","url":null,"abstract":"Abstract Signcryption aims to provide both confidentiality and authentication of messages more efficiently than performing encryption and signing independently. The “Commit-then-Sign & Encrypt” (CtS&E) method allows to perform encryption and signing in parallel. Parallel execution of cryptographic algorithms decreases the computation time needed to signcrypt messages. CtS&E uses weaker cryptographic primitives in a generic way to achieve a strong security notion of signcryption. Various message pre-processing schemes, also known as message padding, have been used in signcryption as a commitment scheme in CtS&E. Due to its elegance and versatility, the sponge structure turns out to be a useful tool for designing new padding schemes such as SpAEP [T. K. Bansal, D. Chang and S. K. Sanadhya, Sponge based CCA2 secure asymmetric encryption for arbitrary length message, Information Security and Privacy – ACISP 2015, Lecture Notes in Comput. Sci. 9144, Springer, Berlin 2015, 93–106], while offering further avenues for optimization and parallelism in the context of signcryption. In this work, we design a generic and efficient signcryption scheme featuring parallel encryption and signature on top of a sponge-based message-padding underlying structure. Unlike other existing schemes, the proposed scheme also supports arbitrarily long messages. We prove the construction secure when instantiated from weakly secure asymmetric primitives such as a trapdoor one-way encryption and a universal unforgeable signature. With a careful analysis and simple tweaks, we demonstrate how different combinations of weakly secure probabilistic and deterministic encryption and signature schemes can be used to construct a strongly secure signcryption scheme, further broadening the choices of underlying primitives to cover essentially any combination thereof. To the best of our knowledge, this is the first signcryption scheme based on the sponge structure that also offers strong security using weakly secure underlying asymmetric primitives, even deterministic ones, along with the ability to handle long messages, efficiently.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2018-0006","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44055852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Exact information ratios for secret sharing on small graphs with girth at least 5","authors":"Károly Harsányi, P. Ligeti","doi":"10.1515/jmc-2018-0024","DOIUrl":"https://doi.org/10.1515/jmc-2018-0024","url":null,"abstract":"Abstract In a secret-sharing scheme, a piece of information – the secret – is distributed among a finite set of participants in such a way that only some predefined coalitions can recover it. The efficiency of the scheme is measured by the amount of information the most heavily loaded participant must remember. This amount is called information ratio, and one of the most interesting problems of this topic is to calculate the exact information ratio of given structures. In this paper, the information ratios of all but one graph-based schemes on 8 or 9 vertices with a girth at least 5 and all graph-based schemes on 10 vertices and 10 edges with a girth at least 5 are determined using two polyhedral combinatoric tools: the entropy method and covering with stars. Beyond the investigation of new graphs, the paper contains a few improvements and corrections of recent results on graphs with 9 vertices. Furthermore, we determine the exact information ratio of a large class of generalized sunlet graphs consisting of some pendant paths attached to a cycle of length at least 5.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2018-0024","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41584372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Frontmatter","authors":"","doi":"10.1515/jmc-2019-frontmatter2","DOIUrl":"https://doi.org/10.1515/jmc-2019-frontmatter2","url":null,"abstract":"","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2019-frontmatter2","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43544712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Generic constructions of PoRs from codes and instantiations","authors":"Julien Lavauzelle, F. Levy-dit-Vehel","doi":"10.1515/jmc-2018-0018","DOIUrl":"https://doi.org/10.1515/jmc-2018-0018","url":null,"abstract":"Abstract In this paper, we show how to construct – from any linear code – a Proof of Retrievability ( 𝖯𝗈𝖱 {mathsf{PoR}} ) which features very low computation complexity on both the client ( 𝖵𝖾𝗋𝗂𝖿𝗂𝖾𝗋 {mathsf{Verifier}} ) and the server ( 𝖯𝗋𝗈𝗏𝖾𝗋 {mathsf{Prover}} ) sides, as well as small client storage (typically 512 bits). We adapt the security model initiated by Juels and Kaliski [PoRs: Proofs of retrievability for large files, Proceedings of the 2007 ACM Conference on Computer and Communications Security—CCS 2007, ACM, New York 2007, 584–597] to fit into the framework of Paterson, Stinson and Upadhyay [A coding theory foundation for the analysis of general unconditionally secure proof-of-retrievability schemes for cloud storage, J. Math. Cryptol. 7 2013, 3, 183–216], from which our construction evolves. We thus provide a rigorous treatment of the security of our generic design; more precisely, we sharply bound the extraction failure of our protocol according to this security model. Next we instantiate our formal construction with codes built from tensor-products as well as with Reed–Muller codes and lifted codes, yielding 𝖯𝗈𝖱 {mathsf{PoR}} s with moderate communication complexity and (server) storage overhead, in addition to the aforementioned features.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2018-0018","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44606736","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hash functions from superspecial genus-2 curves using Richelot isogenies","authors":"W. Castryck, Thomas Decru, Benjamin A. Smith","doi":"10.1515/JMC-2019-0021","DOIUrl":"https://doi.org/10.1515/JMC-2019-0021","url":null,"abstract":"Abstract In 2018 Takashima proposed a version of Charles, Goren and Lauter’s hash function using Richelot isogenies, starting from a genus-2 curve that allows for all subsequent arithmetic to be performed over a quadratic finite field 𝔽p2. In 2019 Flynn and Ti pointed out that Takashima’s hash function is insecure due to the existence of small isogeny cycles. We revisit the construction and show that it can be repaired by imposing a simple restriction, which moreover clarifies the security analysis. The runtime of the resulting hash function is dominated by the extraction of 3 square roots for every block of 3 bits of the message, as compared to one square root per bit in the elliptic curve case; however in our setting the extractions can be parallelized and are done in a finite field whose bit size is reduced by a factor 3. Along the way we argue that the full supersingular isogeny graph is the wrong context in which to study higher-dimensional analogues of Charles, Goren and Lauter’s hash function, and advocate the use of the superspecial subgraph, which is the natural framework in which to view Takashima’s 𝔽p2-friendly starting curve.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2019-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/JMC-2019-0021","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49534330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Frontmatter","authors":"","doi":"10.1515/jmc-2019-frontmatter1","DOIUrl":"https://doi.org/10.1515/jmc-2019-frontmatter1","url":null,"abstract":"","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2019-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2019-frontmatter1","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43379187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Capitulation of the 2-ideal classes of type (2, 2, 2) of some quartic cyclic number fields","authors":"A. Azizi, I. Jerrari, A. Zekhnini, M. Talbi","doi":"10.1515/jmc-2017-0037","DOIUrl":"https://doi.org/10.1515/jmc-2017-0037","url":null,"abstract":"Abstract Let p ≡ 3 ( mod 4 ) {pequiv 3pmod{4}} and l ≡ 5 ( mod 8 ) {lequiv 5pmod{8}} be different primes such that p l = 1 {frac{p}{l}=1} and 2 p = p l 4 {frac{2}{p}=frac{p}{l}_{4}} . Put k = ℚ ⁢ ( l ) {k=mathbb{Q}(sqrt{l})} , and denote by ϵ its fundamental unit. Set K = k ⁢ ( - 2 ⁢ p ⁢ ϵ ⁢ l ) {K=k(sqrt{-2pepsilonsqrt{l}})} , and let K 2 ( 1 ) {K_{2}^{(1)}} be its Hilbert 2-class field, and let K 2 ( 2 ) {K_{2}^{(2)}} be its second Hilbert 2-class field. The field K is a cyclic quartic number field, and its 2-class group is of type ( 2 , 2 , 2 ) {(2,2,2)} . Our goal is to prove that the length of the 2-class field tower of K is 2, to determine the structure of the 2-group G = Gal ⁡ ( K 2 ( 2 ) / K ) {G=operatorname{Gal}(K_{2}^{(2)}/K)} , and thus to study the capitulation of the 2-ideal classes of K in all its unramified abelian extensions within K 2 ( 1 ) {K_{2}^{(1)}} . Additionally, these extensions are constructed, and their abelian-type invariants are given.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2019-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2017-0037","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46836836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A detailed analysis of the hybrid lattice-reduction and meet-in-the-middle attack","authors":"T. Wunderer","doi":"10.1515/jmc-2016-0044","DOIUrl":"https://doi.org/10.1515/jmc-2016-0044","url":null,"abstract":"Abstract Over the past decade, the hybrid lattice-reduction and meet-in-the middle attack (called hybrid attack) has been used to evaluate the security of many lattice-based cryptographic schemes such as NTRU, NTRU Prime, BLISS and more. However, unfortunately, none of the previous analyses of the hybrid attack is entirely satisfactory: They are based on simplifying assumptions that may distort the security estimates. Such simplifying assumptions include setting probabilities equal to 1, which, for the parameter sets we analyze in this work, are in fact as small as 2 - 80 2^{-80} . Many of these assumptions lead to underestimating the scheme’s security. However, some lead to security overestimates, and without further analysis, it is not clear which is the case. Therefore, the current security estimates against the hybrid attack are not reliable, and the actual security levels of many lattice-based schemes are unclear. In this work, we present an improved runtime analysis of the hybrid attack that is based on more reasonable assumptions. In addition, we reevaluate the security against the hybrid attack for the NTRU, NTRU Prime and R-BinLWEEnc encryption schemes as well as for the BLISS and GLP signature schemes. Our results show that there exist both security over- and underestimates in the literature.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2019-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2016-0044","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43226288","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}