2007 IEEE International Test Conference最新文献

{"title":"Broadcast Secret-Sharing, Bounds and Applications","authors":"I. Damgård, Kasper Green Larsen, Sophia Yakoubov","doi":"10.4230/LIPIcs.ITC.2021.10","DOIUrl":"https://doi.org/10.4230/LIPIcs.ITC.2021.10","url":null,"abstract":"Consider a sender S and a group of n recipients. S holds a secret message m of length l bits and the goal is to allow S to create a secret sharing of m with privacy threshold t among the recipients, by broadcasting a single message c to the recipients. Our goal is to do this with information theoretic security in a model with a simple form of correlated randomness. Namely, for each subset A of recipients of size q, S may share a random key with all recipients in A. (The keys shared with different subsets A must be independent.) We call this Broadcast Secret-Sharing (BSS) with parameters l, n, t and q. Our main question is: how large must c be, as a function of the parameters? We show that n−t q l is a lower bound, and we show an upper bound of ( n(t+1) q+t − t)l, matching the lower bound whenever t = 0, or when q = 1 or n − t. When q = n − t, the size of c is exactly l which is clearly minimal. The protocol demonstrating the upper bound in this case requires S to share a key with every subset of size n − t. We show that this overhead cannot be avoided when c has minimal size. We also show that if access is additionally given to an idealized PRG, the lower bound on ciphertext size becomes n−t q λ + l − negl(λ) (where λ is the length of the input to the PRG). The upper bound becomes ( n(t+1) q+t − t)λ + l. BSS can be applied directly to secret-key threshold encryption. We can also consider a setting where the correlated randomness is generated using computationally secure and non-interactive key exchange, where we assume that each recipient has an (independently generated) public key for this purpose. In this model, any protocol for non-interactive secret sharing becomes an ad hoc threshold encryption (ATE) scheme, which is a threshold encryption scheme with no trusted setup beyond a PKI. Our upper bounds imply new ATE schemes, and our lower bound becomes a lower bound on the ciphertext size in any ATE scheme that uses a key exchange functionality and no other cryptographic primitives. 2012 ACM Subject Classification Security and privacy → Information-theoretic techniques","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91515296","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fooling an Unbounded Adversary with a Short Key, Repeatedly: The Honey Encryption Perspective","authors":"Xinze Li, Qiang Tang, Zhenfeng Zhang","doi":"10.4230/LIPIcs.ITC.2021.23","DOIUrl":"https://doi.org/10.4230/LIPIcs.ITC.2021.23","url":null,"abstract":"This article is motivated by the classical results from Shannon that put the simple and elegant one-time pad away from practice: key length has to be as large as message length and the same key could not be used more than once. In particular, we consider encryption algorithm to be defined relative to specific message distributions in order to trade for unconditional security. Such a notion named honey encryption (HE) was originally proposed for achieving best possible security for password based encryption where secrete key may have very small amount of entropy. Exploring message distributions as in HE indeed helps circumvent the classical restrictions on secret keys.We give a new and very simple honey encryption scheme satisfying the unconditional semantic security (for the targeted message distribution) in the standard model (all previous constructions are in the random oracle model, even for message recovery security only). Our new construction can be paired with an extremely simple yet “tighter” analysis, while all previous analyses (even for message recovery security only) were fairly complicated and require stronger assumptions. We also show a concrete instantiation further enables the secret key to be used for encrypting multiple messages. 2012 ACM Subject Classification Security and privacy → Cryptography; Theory of computation → Cryptographic primitives","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86422347","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Post-Compromise Security in Self-Encryption","authors":"Gwangbae Choi, F. Durak, S. Vaudenay","doi":"10.4230/LIPIcs.ITC.2021.25","DOIUrl":"https://doi.org/10.4230/LIPIcs.ITC.2021.25","url":null,"abstract":"In self-encryption, a device encrypts some piece of information for itself to decrypt in the future. We are interested in security of self-encryption when the state occasionally leaks. Applications that use self-encryption include cloud storage, when a client encrypts files to be stored, and in 0-RTT session resumptions, when a server encrypts a resumption key to be kept by the client. Previous works focused on forward security and resistance to replay attacks. In our work, we study post-compromise security (PCS). PCS was achieved in ratcheted instant messaging schemes, at the price of having an inflating state size. An open question was whether state inflation was necessary. In our results, we prove that post-compromise security implies a super-linear state size in terms of the number of active ciphertexts which can still be decrypted. We apply our result to self-encryption for cloud storage, 0-RTT session resumption, and secure messaging. We further show how to construct a secure scheme matching our bound on the state size up to a constant factor. 2012 ACM Subject Classification Security and privacy → Cryptography","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84073943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Technical Program Committee","authors":"C. C. Wit, A. Abate, Pedro Aguilar, Liguo Zhang, Amir Abbaszadeh, Masoud Aguilar Bustos, Luis Tupak, Ahmed, Qadeer Ahmed-Ali, Tarek Ajorlou, Amir Al Janaideh","doi":"10.1109/ITC.2004.172","DOIUrl":"https://doi.org/10.1109/ITC.2004.172","url":null,"abstract":"Mikio Aoyama (Nanzan University) Doo-Hwan Bae (Korea Advanced Institute of Science and Technology) Ricky W.K. Chan (The University of Hong Kong) Dickson K.W. Chiu (Dickson Computer Systems) Dimitra Giannakopoulou (NASA) Paul Grefen (Eindhoven University of Technology) Yanbo Han (Institute of Computing Technology, CAS) Patrick Hung (University of Ontario Institute of Technology) Zhi Jin (Academy of Mathematics and Systems Science, CAS) Ryszard Kowalczyk (Swinburne University of Technology) Bernd Kraemer (Fern University) Shonali Krishnaswamy (Monash University) Francis C.M. Lau (The University of Hong Kong) Minglu Li (Shanghai Jiao Tong University) Chengfei Liu (Swinburne University of Technology) Hong Mei (Peking University) Balasubramaniam Ramesh (Georgia State University) Andreas Ulrich (Siemens) Zhiwei Xu (Institute of Computing Technology, CAS) (Eric Wong (University of Texas, Dallas) Zhaohui Wu (Zhejiang University) Jian Yang (Macquarie University) Y.T. Yu (City University of Hong Kong) Liang-Jie Zhang (IBM T.J. Watson Research Center) Yanchun Zhang (Victoria University of Technology) Hong Zhu (University of Oxford Brookes) CALL FOR PAPERS","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89875912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the Security of Proofs of Sequential Work in a Post-Quantum World","authors":"Jeremiah Blocki, Seunghoon Lee, Samson Zhou","doi":"10.4230/LIPIcs.ITC.2021.22","DOIUrl":"https://doi.org/10.4230/LIPIcs.ITC.2021.22","url":null,"abstract":"A proof of sequential work allows a prover to convince a resource-bounded verifier that the prover invested a substantial amount of sequential time to perform some underlying computation. Proofs of sequential work have many applications including time-stamping, blockchain design, and universally verifiable CPU benchmarks. Mahmoody, Moran, and Vadhan (ITCS 2013) gave the first construction of proofs of sequential work in the random oracle model though the construction relied on expensive depth-robust graphs. In a recent breakthrough, Cohen and Pietrzak (EUROCRYPT 2018) gave a more efficient construction that does not require depth-robust graphs. In each of these constructions, the prover commits to a labeling of a directed acyclic graph $G$ with $N$ nodes and the verifier audits the prover by checking that a small subset of labels are locally consistent, e.g., $L_v = H(L_{v_1},ldots,L_{v_delta})$, where $v_1,ldots,v_delta$ denote the parents of node $v$. Provided that the graph $G$ has certain structural properties (e.g., depth-robustness), the prover must produce a long $mathcal{H}$-sequence to pass the audit with non-negligible probability. An $mathcal{H}$-sequence $x_0,x_1ldots x_T$ has the property that $H(x_i)$ is a substring of $x_{i+1}$ for each $i$, i.e., we can find strings $a_i,b_i$ such that $x_{i+1} = a_i cdot H(x_i) cdot b_i$. In the parallel random oracle model, it is straightforward to argue that any attacker running in sequential time $T-1$ will fail to produce an $mathcal{H}$-sequence of length $T$ except with negligible probability -- even if the attacker submits large batches of random oracle queries in each round. (See the paper for the full abstract.)","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2020-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86921109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"TTTC: Test Technology Technical Council","authors":"Chen-Huan Chiang","doi":"10.1109/ITC.2004.198","DOIUrl":"https://doi.org/10.1109/ITC.2004.198","url":null,"abstract":"PURPOSE: The Test Technology Technical Council is a volunteer professional organization sponsored by the IEEE Computer Society. The goals of TTTC are to contribute to members’ professional development and advancement and to help them solve engineering problems in electronic test, and help advance the state-of-the art. In particular, TTTC aims at facilitating the knowledge flow in an integrated manner, to ensure overall quality in terms of technical excellence, fairness, openness, and equal opportunities.","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80418433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leakage-Resilient Secret Sharing in Non-Compartmentalized Models","authors":"Fuchun Lin, Mahdi Cheraghchi, V. Guruswami, R. Safavi-Naini, Huaxiong Wang","doi":"10.4230/LIPIcs.ITC.2020.7","DOIUrl":"https://doi.org/10.4230/LIPIcs.ITC.2020.7","url":null,"abstract":"","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74738341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"One-One Constrained Pseudorandom Functions","authors":"Naty Peter, Rotem Tsabary, H. Wee","doi":"10.4230/LIPIcs.ITC.2020.13","DOIUrl":"https://doi.org/10.4230/LIPIcs.ITC.2020.13","url":null,"abstract":"We define and study a new cryptographic primitive, named One-One Constrained Pseudorandom Functions. In this model there are two parties, Alice and Bob, that hold a common random string K, where Alice in addition holds a predicate f : [N ] → {0, 1} and Bob in addition holds an input x ∈ [N ]. We then let Alice generate a key Kf based on f and K, and let Bob evaluate a value Kx based on x and K. We consider a third party that sees the values (x, f, Kf ) and the goal is to allow her to reconstruct Kx whenever f(x) = 1, while keeping Kx pseudorandom whenever f(x) = 0. This primitive can be viewed as a relaxation of constrained PRFs, such that there is only a single key query and a single evaluation query. We focus on the information-theoretic setting, where the one-one cPRF has perfect correctness and perfect security. Our main results are as follows. 1. A Lower Bound. We show that in the information-theoretic setting, any one-one cPRF for punctured predicates is of exponential complexity (and thus the lower bound meets the upper bound that is given by a trivial construction). This stands in contrast with the well known GGM-based punctured PRF from OWF, which is in particular a one-one cPRF. This also implies a similar lower bound for all NC1. 2. New Constructions. On the positive side, we present efficient information-theoretic constructions of one-one cPRFs for a few other predicate families, such as equality predicates, inner-product predicates, and subset predicates. We also show a generic AND composition lemma that preserves complexity. 3. An Amplification to standard cPRF. We show that all of our one-one cPRF constructions can be amplified to a standard (single-key) cPRF via any key-homomorphic PRF that supports linear computations. More generally, we suggest a new framework that we call the double-key model which allows to construct constrained PRFs via key-homomorphic PRFs. 4. Relation to CDS. We show that one-one constrained PRFs imply conditional disclosure of secrets (CDS) protocols. We believe that this simple model can be used to better understand constrained PRFs and related cryptographic primitives, and that further applications of one-one constrained PRFs and our doublekey model will be found in the future, in addition to those we show in this paper. 2012 ACM Subject Classification Security and privacy → Information-theoretic techniques; Theory of computation → Cryptographic primitives","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79568054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"d-Multiplicative Secret Sharing for Multipartite Adversary Structures","authors":"Reo Eriguchi, N. Kunihiro","doi":"10.4230/LIPIcs.ITC.2020.2","DOIUrl":"https://doi.org/10.4230/LIPIcs.ITC.2020.2","url":null,"abstract":"Secret sharing schemes are said to be d-multiplicative if the i-th shares of any d secrets s(j), j ∈ [d] can be converted into an additive share of the product ∏ j∈[d] s (j). d-Multiplicative secret sharing is a central building block of multiparty computation protocols with minimum number of rounds which are unconditionally secure against possibly non-threshold adversaries. It is known that d-multiplicative secret sharing is possible if and only if no d forbidden subsets covers the set of all the n players or, equivalently, it is private with respect to an adversary structure of type Qd. However, the only known method to achieve d-multiplicativity for any adversary structure of type Qd is based on CNF secret sharing schemes, which are not efficient in general in that the information ratios are exponential in n. In this paper, we explicitly construct a d-multiplicative secret sharing scheme for any `-partite adversary structure of type Qd whose information ratio is O(n`+1). Our schemes are applicable to the class of all the `-partite adversary structures, which is much wider than that of the threshold ones. Furthermore, our schemes achieve information ratios which are polynomial in n if ` is constant and hence are more efficient than CNF schemes. In addition, based on the standard embedding of `-partite adversary structures into R, we introduce a class of `-partite adversary structures of type Qd with good geometric properties and show that there exist more efficient d-multiplicative secret sharing schemes for adversary structures in that family than the above general construction. The family of adversary structures is a natural generalization of that of the threshold ones and includes some adversary structures which arise in real-world scenarios. 2012 ACM Subject Classification Security and privacy → Information-theoretic techniques","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88998193","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The power of synergy in differential privacy: Combining a small curator with local randomizers","authors":"A. Beimel, A. Korolova, Kobbi Nissim, Or Sheffet, Uri Stemmer","doi":"10.4230/LIPIcs.ITC.2020.14","DOIUrl":"https://doi.org/10.4230/LIPIcs.ITC.2020.14","url":null,"abstract":"Motivated by the desire to bridge the utility gap between local and trusted curator models of differential privacy for practical applications, we initiate the theoretical study of a hybrid model introduced by \"Blender\" [Avent et al., USENIX Security '17], in which differentially private protocols of n agents that work in the local-model are assisted by a differentially private curator that has access to the data of m additional users. We focus on the regime where m << n and study the new capabilities of this (m,n)-hybrid model. We show that, despite the fact that the hybrid model adds no significant new capabilities for the basic task of simple hypothesis-testing, there are many other tasks (under a wide range of parameters) that can be solved in the hybrid model yet cannot be solved either by the curator or by the local-users separately. Moreover, we exhibit additional tasks where at least one round of interaction between the curator and the local-users is necessary -- namely, no hybrid model protocol without such interaction can solve these tasks. Taken together, our results show that the combination of the local model with a small curator can become part of a promising toolkit for designing and implementing differential privacy.","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81111799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}