Journal of Mathematical Cryptology最新文献

{"title":"Improved cryptanalysis of the AJPS Mersenne based cryptosystem","authors":"J. Coron, Agnese Gini","doi":"10.1515/jmc-2019-0027","DOIUrl":"https://doi.org/10.1515/jmc-2019-0027","url":null,"abstract":"Abstract At Crypto 2018, Aggarwal, Joux, Prakash and Santha (AJPS) described a new public-key encryption scheme based on Mersenne numbers. Shortly after the publication of the cryptosystem, Beunardeau et al. described an attack with complexity 𝓞(22h). In this paper, we describe an improved attack with complexity 𝓞(21.75h).","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":"14 1","pages":"218 - 223"},"PeriodicalIF":1.2,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2019-0027","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42093035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Constructing Cycles in Isogeny Graphs of Supersingular Elliptic Curves","authors":"Guanju Xiao, Lixia Luo, Yingpu Deng","doi":"10.1515/jmc-2020-0029","DOIUrl":"https://doi.org/10.1515/jmc-2020-0029","url":null,"abstract":"Abstract Loops and cycles play an important role in computing endomorphism rings of supersingular elliptic curves and related cryptosystems. For a supersingular elliptic curve E defined over 𝔽p2, if an imaginary quadratic order O can be embedded in End(E) and a prime L splits into two principal ideals in O, we construct loops or cycles in the supersingular L-isogeny graph at the vertices which are next to j(E) in the supersingular ℓ-isogeny graph where ℓ is a prime different from L. Next, we discuss the lengths of these cycles especially for j(E) = 1728 and 0. Finally, we also determine an upper bound on primes p for which there are unexpected 2-cycles if ℓ doesn’t split in O.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":"15 1","pages":"454 - 464"},"PeriodicalIF":1.2,"publicationDate":"2019-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2020-0029","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47143075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the supersingular GPST attack","authors":"Andrea Basso, F. Pazuki","doi":"10.1515/jmc-2021-0020","DOIUrl":"https://doi.org/10.1515/jmc-2021-0020","url":null,"abstract":"Abstract The main attack against static-key supersingular isogeny Diffie–Hellman (SIDH) is the Galbraith–Petit–Shani–Ti (GPST) attack, which also prevents the application of SIDH to other constructions such as non-interactive key-exchange. In this paper, we identify and study a specific assumption on which the GPST attack relies that does not necessarily hold in all circumstances. We show that in some circumstances the attack fails to recover part of the secret key. We also characterize the conditions necessary for the attack to fail and show that it rarely happens in real cases. We give a link with collisions in the Charles-Goren-Lauter (CGL) hash function.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":"16 1","pages":"14 - 19"},"PeriodicalIF":1.2,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42001349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the equivalence of authentication codes and robust (2, 2)-threshold schemes","authors":"Maura B. Paterson, Douglas R Stinson","doi":"10.1515/JMC-2019-0048","DOIUrl":"https://doi.org/10.1515/JMC-2019-0048","url":null,"abstract":"Abstract In this paper, we show a “direct” equivalence between certain authentication codes and robust threshold schemes. It was previously known that authentication codes and robust threshold schemes are closely related to similar types of designs, but direct equivalences had not been considered in the literature. Our new equivalences motivate the consideration of a certain “key-substitution attack.” We study this attack and analyze it in the setting of “dual authentication codes.” We also show how this viewpoint provides a nice way to prove properties and generalizations of some known constructions.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":"15 1","pages":"179 - 196"},"PeriodicalIF":1.2,"publicationDate":"2019-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/JMC-2019-0048","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42256110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing Goldreich, Goldwasser and Halevi’s scheme with intersecting lattices","authors":"Arnaud Sipasseuth, T. Plantard, W. Susilo","doi":"10.1515/jmc-2016-0066","DOIUrl":"https://doi.org/10.1515/jmc-2016-0066","url":null,"abstract":"Abstract We present a technique to enhance the security of the Goldreich, Goldwasser and Halevi (GGH) scheme. The security of GGH has practically been broken by lattice reduction techniques. Those attacks are successful due to the structure of the basis used in the secret key. In this work, we aim to present a new technique to alleviate this problem by modifying the public key which hides the structure of the corresponding private key. We intersect the initial lattice with a random one while keeping the initial lattice as our secret key and use the corresponding result of the intersection as the public key. We show sufficient evidence that this technique will make GGH implementations secure against the aforementioned attacks.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":"13 1","pages":"169 - 196"},"PeriodicalIF":1.2,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2016-0066","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48195137","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Frontmatter","authors":"","doi":"10.1515/jmc-2019-frontmatter3-4","DOIUrl":"https://doi.org/10.1515/jmc-2019-frontmatter3-4","url":null,"abstract":"","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":" ","pages":""},"PeriodicalIF":1.2,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2019-frontmatter3-4","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44545271","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Predicate signatures from pair encodings via dual system proof technique","authors":"M. Nandi, Tapas Pandit","doi":"10.1515/jmc-2017-0007","DOIUrl":"https://doi.org/10.1515/jmc-2017-0007","url":null,"abstract":"Abstract Recently, Attrapadung (Eurocrypt 2014) proposed a generic framework for fully (adaptively) secure predicate encryption (PE) based on a new primitive, called pair encodings. The author shows that if the underlying pair encoding scheme is either perfectly secure or computationally (doubly-selectively) secure, then the PE scheme will be fully secure. Although the pair encodings were solely introduced for PE, we show that these can also be used to construct predicate signatures, a signature analogue of PE. More precisely, we propose a generic construction of predicate signature (PS) from pair encoding schemes. Our construction provides unconditional signer privacy, and unforgeability in the adaptive model. Thereafter, we instantiate many PS schemes with new results, e.g., the first practical PS schemes for regular languages, the first attribute-based signature (ABS) scheme with constant-size signatures in the adaptive model, unbounded ABS with large universes in key-policy flavor, etc.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":"13 1","pages":"197 - 228"},"PeriodicalIF":1.2,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2017-0007","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47501047","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the quantum attacks against schemes relying on the hardness of finding a short generator of an ideal in ℚ(𝜁2𝑠 )","authors":"Jean-François Biasse, F. Song","doi":"10.1515/jmc-2015-0046","DOIUrl":"https://doi.org/10.1515/jmc-2015-0046","url":null,"abstract":"Abstract A family of ring-based cryptosystems, including the multilinear maps of Garg, Gentry and Halevi [Candidate multilinear maps from ideal lattices, Advances in Cryptology—EUROCRYPT 2013, Lecture Notes in Comput. Sci. 7881, Springer, Heidelberg 2013, 1–17] and the fully homomorphic encryption scheme of Smart and Vercauteren [Fully homomorphic encryption with relatively small key and ciphertext sizes, Public Key Cryptography—PKC 2010, Lecture Notes in Comput. Sci. 6056, Springer, Berlin 2010, 420–443], are based on the hardness of finding a short generator of a principal ideal (short-PIP) in a number field typically in ℚ ⁢ ( ζ 2 s ) {mathbb{Q}(zeta_{2^{s}})} . In this paper, we present a polynomial-time quantum algorithm for recovering a generator of a principal ideal in ℚ ⁢ ( ζ 2 s ) {mathbb{Q}(zeta_{2^{s}})} , and we recall how this can be used to attack the schemes relying on the short-PIP in ℚ ⁢ ( ζ 2 s ) {mathbb{Q}(zeta_{2^{s}})} by using the work of Cramer et al. [R. Cramer, L. Ducas, C. Peikert and O. Regev, Recovering short generators of principal ideals in cyclotomic rings, IACR Cryptology ePrint Archive 2015, https://eprint.iacr.org/2015/313], which is derived from observations of Campbell, Groves and Shepherd [SOLILOQUY, a cautionary tale]. We put this attack into perspective by reviewing earlier attempts at providing an efficient quantum algorithm for solving the PIP in ℚ ⁢ ( ζ 2 s ) {mathbb{Q}(zeta_{2^{s}})} . The assumption that short-PIP is hard was challenged by Campbell, Groves and Shepherd. They proposed an approach for solving short-PIP that proceeds in two steps: first they sketched a quantum algorithm for finding an arbitrary generator (not necessarily short) of the input principal ideal. Then they suggested that it is feasible to compute a short generator efficiently from the generator in step 1. Cramer et al. validated step 2 of the approach by giving a detailed analysis. In this paper, we focus on step 1, and we show that step 1 can run in quantum polynomial time if we use an algorithm for the continuous hidden subgroup problem (HSP) due to Eisenträger et al. [K. Eisenträger, S. Hallgren, A. Kitaev and F. Song, A quantum algorithm for computing the unit group of an arbitrary degree number field, Proceedings of the 2014 ACM Symposium on Theory of Computing—STOC’14, ACM, New York 2014, 293–302].","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":"13 1","pages":"151 - 168"},"PeriodicalIF":1.2,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2015-0046","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48297022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Secret sharing and duality","authors":"L. Csirmaz","doi":"10.1515/JMC-2019-0045","DOIUrl":"https://doi.org/10.1515/JMC-2019-0045","url":null,"abstract":"Abstract Secret sharing is an important building block in cryptography. All explicit secret sharing schemes which are known to have optimal complexity are multi-linear, thus are closely related to linear codes. The dual of such a linear scheme, in the sense of duality of linear codes, gives another scheme for the dual access structure. These schemes have the same complexity, namely the largest share size relative to the secret size is the same. It is a long-standing open problem whether this fact is true in general: the complexity of any access structure is the same as the complexity of its dual. We give a partial answer to this question. An almost perfect scheme allows negligible errors, both in the recovery and in the independence. There exists an almost perfect ideal scheme on 174 participants whose complexity is strictly smaller than that of its dual.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":"15 1","pages":"157 - 173"},"PeriodicalIF":1.2,"publicationDate":"2019-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/JMC-2019-0045","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41758884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Approximate Voronoi cells for lattices, revisited","authors":"Thijs Laarhoven","doi":"10.1515/jmc-2020-0074","DOIUrl":"https://doi.org/10.1515/jmc-2020-0074","url":null,"abstract":"Abstract We revisit the approximate Voronoi cells approach for solving the closest vector problem with preprocessing (CVPP) on high-dimensional lattices, and settle the open problem of Doulgerakis–Laarhoven–De Weger [PQCrypto, 2019] of determining exact asymptotics on the volume of these Voronoi cells under the Gaussian heuristic. As a result, we obtain improved upper bounds on the time complexity of the randomized iterative slicer when using less than 2 0.076 d + o ( d ) $2^{0.076d + o(d)}$ memory, and we show how to obtain time–memory trade-offs even when using less than 2 0.048 d + o ( d ) $2^{0.048d + o(d)}$ memory. We also settle the open problem of obtaining a continuous trade-off between the size of the advice and the query time complexity, as the time complexity with subexponential advice in our approach scales as d d / 2 + o ( d ) $d^{d/2 + o(d)}$ matching worst-case enumeration bounds, and achieving the same asymptotic scaling as average-case enumeration algorithms for the closest vector problem.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":"15 1","pages":"60 - 71"},"PeriodicalIF":1.2,"publicationDate":"2019-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1515/jmc-2020-0074","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44488339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}