IACR Cryptol. ePrint Arch.最新文献_第6页

Single trace HQC shared key recovery with SASCA 利用 SASCA 恢复单跟踪 HQC 共享密钥

IACR Cryptol. ePrint Arch. Pub Date : 2024-03-12 DOI: 10.46586/tches.v2024.i2.64-87

Guillaume Goy, Julien Maillard, Philippe Gaborit, Antoine Loiseau

{"title":"Single trace HQC shared key recovery with SASCA","authors":"Guillaume Goy, Julien Maillard, Philippe Gaborit, Antoine Loiseau","doi":"10.46586/tches.v2024.i2.64-87","DOIUrl":"https://doi.org/10.46586/tches.v2024.i2.64-87","url":null,"abstract":"This paper presents practicable single trace attacks against the Hamming Quasi-Cyclic (HQC) Key Encapsulation Mechanism. These attacks are the first Soft Analytical Side-Channel Attacks (SASCA) against code-based cryptography. We mount SASCA based on Belief Propagation (BP) on several steps of HQC’s decapsulation process. Firstly, we target the Reed-Solomon (RS) decoder involved in the HQC publicly known code. We perform simulated attacks under Hamming weight leakage model, and reach excellent accuracies (superior to 0.9) up to a high noise level (σ = 3), thanks to a re-decoding strategy. In a real case attack scenario, on a STM32F407, this attack leads to a perfect success rate. Secondly, we conduct an analogous attack against the RS encoder used during the re-encryption step required by the Fujisaki-Okamoto-like transform. Both in simulation and practical instances, results are satisfactory and this attack represents a threat to the security of HQC. Finally, we analyze the strength of countermeasures based on masking and shuffling strategies. In line with previous SASCA literature targeting Kyber, we show that masking HQC is a limited countermeasure against BP attacks, as well as shuffling countermeasures adapted from Kyber. We evaluate the “full shuffling” strategy which thwarts our attack by introducing sufficient combinatorial complexity. Eventually, we highlight the difficulty of protecting the current RS encoder with a shuffling strategy. A possible countermeasure would be to consider another encoding algorithm for the scheme to support a full shuffling. Since the encoding subroutine is only a small part of the implementation, it would come at a small cost.","PeriodicalId":508905,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"47 4","pages":"1590"},"PeriodicalIF":0.0,"publicationDate":"2024-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140249767","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Decentralized Anonymous IoT Data Sharing with Key-Private Proxy Re-Encryption 利用密钥-私有代理再加密实现分散式匿名物联网数据共享

IACR Cryptol. ePrint Arch. Pub Date : 2024-03-01 DOI: 10.55859/ijiss.1410041

Esra Günsay, Oguz Yayla

引用次数: 0

On Central Primitives for Quantum Cryptography with Classical Communication 论经典通信量子密码学的中心原语

IACR Cryptol. ePrint Arch. Pub Date : 2024-02-27 DOI: 10.48550/arXiv.2402.17715

Kai-Min Chung, Eli Goldin, Matthew Gray

{"title":"On Central Primitives for Quantum Cryptography with Classical Communication","authors":"Kai-Min Chung, Eli Goldin, Matthew Gray","doi":"10.48550/arXiv.2402.17715","DOIUrl":"https://doi.org/10.48550/arXiv.2402.17715","url":null,"abstract":"Recent work has introduced the\"Quantum-Computation Classical-Communication\"(QCCC) (Chung et. al.) setting for cryptography. There has been some evidence that One Way Puzzles (OWPuzz) are the natural central cryptographic primitive for this setting (Khurana and Tomer). For a primitive to be considered central it should have several characteristics. It should be well behaved (which for this paper we will think of as having amplification, combiners, and universal constructions); it should be implied by a wide variety of other primitives; and it should be equivalent to some class of useful primitives. We present combiners, correctness and security amplification, and a universal construction for OWPuzz. Our proof of security amplification uses a new and cleaner version construction of EFI from OWPuzz (in comparison to the result of Khurana and Tomer) that generalizes to weak OWPuzz and is the most technically involved section of the paper. It was previously known that OWPuzz are implied by other primitives of interest including commitments, symmetric key encryption, one way state generators (OWSG), and therefore pseudorandom states (PRS). However we are able to rule out OWPuzz's equivalence to many of these primitives by showing a black box separation between general OWPuzz and a restricted class of OWPuzz (those with efficient verification, which we call EV-OWPuzz). We then show that EV-OWPuzz are also implied by most of these primitives, which separates them from OWPuzz as well. This separation also separates extending PRS from highly compressing PRS answering an open question of Ananth et. al.","PeriodicalId":508905,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"30 6","pages":"356"},"PeriodicalIF":0.0,"publicationDate":"2024-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140425964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Pseudorandom unitaries with non-adaptive security 具有非适应性安全性的伪随机单元体

IACR Cryptol. ePrint Arch. Pub Date : 2024-02-22 DOI: 10.48550/arXiv.2402.14803

Tony Metger, Alexander Poremba, Makrand Sinha, Henry Yuen

引用次数: 2

A New Approach to Generic Lower Bounds: Classical/Quantum MDL, Quantum Factoring, and More 通用下限的新方法：经典/量子 MDL、量子因式分解等

IACR Cryptol. ePrint Arch. Pub Date : 2024-02-17 DOI: 10.48550/arXiv.2402.11269

Minki Hhan

{"title":"A New Approach to Generic Lower Bounds: Classical/Quantum MDL, Quantum Factoring, and More","authors":"Minki Hhan","doi":"10.48550/arXiv.2402.11269","DOIUrl":"https://doi.org/10.48550/arXiv.2402.11269","url":null,"abstract":"This paper studies the limitations of the generic approaches to solving cryptographic problems in classical and quantum settings in various models. - In the classical generic group model (GGM), we find simple alternative proofs for the lower bounds of variants of the discrete logarithm (DL) problem: the multiple-instance DL and one-more DL problems (and their mixture). We also re-prove the unknown-order GGM lower bounds, such as the order finding, root extraction, and repeated squaring. - In the quantum generic group model (QGGM), we study the complexity of variants of the discrete logarithm. We prove the logarithm DL lower bound in the QGGM even for the composite order setting. We also prove an asymptotically tight lower bound for the multiple-instance DL problem. Both results resolve the open problems suggested in a recent work by Hhan, Yamakawa, and Yun. - In the quantum generic ring model we newly suggested, we give the logarithmic lower bound for the order-finding algorithms, an important step for Shor's algorithm. We also give a logarithmic lower bound for a certain generic factoring algorithm outputting relatively small integers, which includes a modified version of Regev's algorithm. - Finally, we prove a lower bound for the basic index calculus method for solving the DL problem in a new idealized group model regarding smooth numbers. The quantum lower bounds in both models allow certain (different) types of classical preprocessing. All of the proofs are significantly simpler than the previous proofs and are through a single tool, the so-called compression lemma, along with linear algebra tools. Our use of this lemma may be of independent interest.","PeriodicalId":508905,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"539 ","pages":"268"},"PeriodicalIF":0.0,"publicationDate":"2024-02-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140453480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-based KEM 携带你的故障：基于侧信道保护的 LWE KEM 的故障传播攻击

IACR Cryptol. ePrint Arch. Pub Date : 2024-01-25 DOI: 10.48550/arXiv.2401.14098

Suparna Kundu, Siddhartha Chowdhury, Sayandeep Saha, A. Karmakar, Debdeep Mukhopadhyay, Ingrid Verbauwhede

{"title":"Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-based KEM","authors":"Suparna Kundu, Siddhartha Chowdhury, Sayandeep Saha, A. Karmakar, Debdeep Mukhopadhyay, Ingrid Verbauwhede","doi":"10.48550/arXiv.2401.14098","DOIUrl":"https://doi.org/10.48550/arXiv.2401.14098","url":null,"abstract":"Post-quantum cryptographic (PQC) algorithms, especially those based on the learning with errors (LWE) problem, have been subjected to several physical attacks in the recent past. Although the attacks broadly belong to two classes – passive side-channel attacks and active fault attacks, the attack strategies vary significantly due to the inherent complexities of such algorithms. Exploring further attack surfaces is, therefore, an important step for eventually securing the deployment of these algorithms. Also, it is mportant to test the robustness of the already proposed countermeasures in this regard. In this work, we propose a new fault attack on side-channel secure masked implementation of LWE-based key-encapsulation mechanisms (KEMs) exploiting fault propagation. The attack typically originates due to an algorithmic modification widely used to enable masking, namely the Arithmetic-to-Boolean (A2B) conversion. We exploit the data dependency of the adder carry chain in A2B and extract sensitive information, albeit masking (of arbitrary order) being present. As a practical demonstration of the exploitability of this information leakage, we show key recovery attacks of Kyber, although the leakage also exists for other schemes like Saber. The attack on Kyber targets the decapsulation module and utilizes Belief Propagation (BP) for key recovery. To the best of our knowledge, it is the first attack exploiting an algorithmic component introduced to ease masking rather than only exploiting the randomness introduced by masking to obtain desired faults (as done by Delvaux [Del22]). Finally, we performed both simulated and electromagnetic (EM) fault-based practical validation of the attack for an open-source first-order secure Kyber implementation running on an STM32 platform.","PeriodicalId":508905,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"56 5","pages":"1674"},"PeriodicalIF":0.0,"publicationDate":"2024-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140496428","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Starlit: Privacy-Preserving Federated Learning to Enhance Financial Fraud Detection 星光通过保护隐私的联合学习加强金融欺诈检测

IACR Cryptol. ePrint Arch. Pub Date : 2024-01-19 DOI: 10.48550/arXiv.2401.10765

A. Abadi, Bradley Doyle, Francesco Gini, Kieron Guinamard, S. K. Murakonda, Jack Liddell, Paul Mellor, S. Murdoch, Mohammad Naseri, Hector Page, George Theodorakopoulos, Suzanne Weller

{"title":"Starlit: Privacy-Preserving Federated Learning to Enhance Financial Fraud Detection","authors":"A. Abadi, Bradley Doyle, Francesco Gini, Kieron Guinamard, S. K. Murakonda, Jack Liddell, Paul Mellor, S. Murdoch, Mohammad Naseri, Hector Page, George Theodorakopoulos, Suzanne Weller","doi":"10.48550/arXiv.2401.10765","DOIUrl":"https://doi.org/10.48550/arXiv.2401.10765","url":null,"abstract":"Federated Learning (FL) is a data-minimization approach enabling collaborative model training across diverse clients with local data, avoiding direct data exchange. However, state-of-the-art FL solutions to identify fraudulent financial transactions exhibit a subset of the following limitations. They (1) lack a formal security definition and proof, (2) assume prior freezing of suspicious customers' accounts by financial institutions (limiting the solutions' adoption), (3) scale poorly, involving either $O(n^2)$ computationally expensive modular exponentiation (where $n$ is the total number of financial institutions) or highly inefficient fully homomorphic encryption, (4) assume the parties have already completed the identity alignment phase, hence excluding it from the implementation, performance evaluation, and security analysis, and (5) struggle to resist clients' dropouts. This work introduces Starlit, a novel scalable privacy-preserving FL mechanism that overcomes these limitations. It has various applications, such as enhancing financial fraud detection, mitigating terrorism, and enhancing digital health. We implemented Starlit and conducted a thorough performance analysis using synthetic data from a key player in global financial transactions. The evaluation indicates Starlit's scalability, efficiency, and accuracy.","PeriodicalId":508905,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"411 2","pages":"90"},"PeriodicalIF":0.0,"publicationDate":"2024-01-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140502914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Quantum State Obfuscation from Classical Oracles 来自经典奥秘的量子态混淆

IACR Cryptol. ePrint Arch. Pub Date : 2024-01-18 DOI: 10.48550/arXiv.2401.10200

James Bartusek, Zvika Brakerski, V. Vaikuntanathan

{"title":"Quantum State Obfuscation from Classical Oracles","authors":"James Bartusek, Zvika Brakerski, V. Vaikuntanathan","doi":"10.48550/arXiv.2401.10200","DOIUrl":"https://doi.org/10.48550/arXiv.2401.10200","url":null,"abstract":"A major unresolved question in quantum cryptography is whether it is possible to obfuscate arbitrary quantum computation. Indeed, there is much yet to understand about the feasibility of quantum obfuscation even in the classical oracle model, where one is given for free the ability to obfuscate any classical circuit. In this work, we develop a new array of techniques that we use to construct a quantum state obfuscator, a powerful notion formalized recently by Coladangelo and Gunn (arXiv:2311.07794) in their pursuit of better software copy-protection schemes. Quantum state obfuscation refers to the task of compiling a quantum program, consisting of a quantum circuit $C$ with a classical description and an auxiliary quantum state $ket{psi}$, into a functionally-equivalent obfuscated quantum program that hides as much as possible about $C$ and $ket{psi}$. We prove the security of our obfuscator when applied to any pseudo-deterministic quantum program, i.e. one that computes a (nearly) deterministic classical input / classical output functionality. Our security proof is with respect to an efficient classical oracle, which may be heuristically instantiated using quantum-secure indistinguishability obfuscation for classical circuits. Our result improves upon the recent work of Bartusek, Kitagawa, Nishimaki and Yamakawa (STOC 2023) who also showed how to obfuscate pseudo-deterministic quantum circuits in the classical oracle model, but only ones with a completely classical description. Furthermore, our result answers a question of Coladangelo and Gunn, who provide a construction of quantum state indistinguishability obfuscation with respect to a quantum oracle. Indeed, our quantum state obfuscator together with Coladangelo-Gunn gives the first candidate realization of a ``best-possible'' copy-protection scheme for all polynomial-time functionalities.","PeriodicalId":508905,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"38 6","pages":"82"},"PeriodicalIF":0.0,"publicationDate":"2024-01-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140503615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On Hilbert-Poincaré series of affine semi-regular polynomial sequences and related Gröbner bases 论仿射半规则多项式序列的希尔伯特-波因卡列数列及相关格罗布纳基

IACR Cryptol. ePrint Arch. Pub Date : 2024-01-15 DOI: 10.48550/arXiv.2401.07768

Momonari Kudo, Kazuhiro Yokoyama

{"title":"On Hilbert-Poincaré series of affine semi-regular polynomial sequences and related Gröbner bases","authors":"Momonari Kudo, Kazuhiro Yokoyama","doi":"10.48550/arXiv.2401.07768","DOIUrl":"https://doi.org/10.48550/arXiv.2401.07768","url":null,"abstract":"Gr\"{o}bner bases are nowadays central tools for solving various problems in commutative algebra and algebraic geometry. A typical use of Gr\"{o}bner bases is the multivariate polynomial system solving, which enables us to construct algebraic attacks against post-quantum cryptographic protocols. Therefore, the determination of the complexity of computing Gr\"{o}bner bases is very important both in theory and in practice: One of the most important cases is the case where input polynomials compose an (overdetermined) affine semi-regular sequence. The first part of this paper aims to present a survey on Gr\"{o}bner basis computation and its complexity. In the second part, we shall give an explicit formula on the (truncated) Hilbert-Poincar'{e} series associated to the homogenization of an affine semi-regular sequence. Based on the formula, we also study (reduced) Gr\"{o}bner bases of the ideals generated by an affine semi-regular sequence and its homogenization. Some of our results are considered to give mathematically rigorous proofs of the correctness of methods for computing Gr\"{o}bner bases of the ideal generated by an affine semi-regular sequence.","PeriodicalId":508905,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"3 3","pages":"86"},"PeriodicalIF":0.0,"publicationDate":"2024-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140507651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

PQCMC: Post-Quantum Cryptography McEliece-Chen Implicit Certificate Scheme PQCMC：后量子密码学麦克利什-陈隐含证书计划

IACR Cryptol. ePrint Arch. Pub Date : 2024-01-03 DOI: 10.48550/arXiv.2401.13691

Abel C. H. Chen

{"title":"PQCMC: Post-Quantum Cryptography McEliece-Chen Implicit Certificate Scheme","authors":"Abel C. H. Chen","doi":"10.48550/arXiv.2401.13691","DOIUrl":"https://doi.org/10.48550/arXiv.2401.13691","url":null,"abstract":"In recent years, the elliptic curve Qu-Vanstone (ECQV) implicit certificate scheme has found application in security credential management systems (SCMS) and secure vehicle-to-everything (V2X) communication to issue pseudonymous certificates. However, the vulnerability of elliptic-curve cryptography (ECC) to polynomial-time attacks posed by quantum computing raises concerns. In order to enhance resistance against quantum computing threats, various post-quantum cryptography methods have been adopted as standard (e.g. Dilithium) or candidate standard methods (e.g. McEliece cryptography), but state of the art has proven to be challenging to implement implicit certificates using lattice-based cryptography methods. Therefore, this study proposes a post-quantum cryptography McEliece-Chen (PQCMC) based on an efficient random invertible matrix generation method to issue pseudonymous certificates with less computation time. The study provides mathematical models to validate the key expansion process for implicit certificates. Furthermore, comprehensive security evaluations and discussions are conducted to demonstrate that distinct implicit certificates can be linked to the same end entity. In experiments, a comparison is conducted between the certificate length and computation time to evaluate the performance of the proposed PQCMC. This study demonstrates the viability of the implicit certificate scheme based on PQC as a means of countering quantum computing threats.","PeriodicalId":508905,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"291 3","pages":"1657"},"PeriodicalIF":0.0,"publicationDate":"2024-01-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140514456","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0