Yuzhu Wang,Xingbo Wang,Mingwu Zhang

DOI: https://doi.org/10.1002/nem.2303

2024-09-22

International Journal of Network Management

Abstract:We proposed and constructed homomorphic witness encryption, which allows evaluating functions over ciphertexts of the same instance without decryption. Furthermore, we show its interesting applications, such as homomorphic time‐lock encryption, multi‐party contract signing, and e‐voting. In witness encryption (WE), an instance x of an NP problem is allowed to be used to encrypt a message, and who holding a witness of the problem can efficiently decrypt the ciphertext. In this work, we put forth the concept of homomorphic witness encryption (HWE), where one can evaluate functions over ciphertexts of the same instance without decrypting them, that is, one can manipulate a set of ciphertexts with messages (M1,⋯,Mn) to obtain the evaluation of f(M1,⋯,Mn) , for any function f . We declare that such homomorphic witness encryption schemes can be generically constructed from indistinguishable obfuscation (iO ) for any classes of functions. Then we propose the instantiate of multiplicatively homomorphic witness encryption (MHWE) and linearly homomorphic witness encryption (LHWE) using an iO , homomorphic encryption for NP problems such as Subset‐Sum and a batch‐processed GS‐proof system, which enables us to evaluate multiplication operations and linear operations over ciphertext. Furthermore, we show the practicality of homomorphic witness encryption by proposing new protocols for applications of interest, such as homomorphic time‐lock encryption, multi‐party contract signing, and e‐voting.

computer science, information systems,telecommunications

Jia Liu,Tibor Jager,Saqib A. Kakvi,Bogdan Warinschi

DOI: https://doi.org/10.1007/s10623-018-0461-x

2018-02-03

Abstract:Time-lock encryption is a method to encrypt a message such that it can only be decrypted after a certain deadline has passed. We propose a novel time-lock encryption scheme, whose main advantage over prior constructions is that even receivers with relatively weak computational resources should immediately be able to decrypt after the deadline, without any interaction with the sender, other receivers, or a trusted third party. We build our time-lock encryption on top of the new concept of computational reference clocks and an extractable witness encryption scheme. We explain how to construct a computational reference clock based on Bitcoin. We show how to achieve constant level of multilinearity for witness encryption by using SNARKs. We propose a new construction of a witness encryption scheme which is of independent interest: our scheme, based on Subset-Sum, achieves extractable security without relying on obfuscation. The scheme employs multilinear maps of arbitrary order and is independent of the implementations of multilinear maps.

Jaouhar Fattahi,Mohamed Mejri

DOI: https://doi.org/10.1109/ECAI.2015.7301205

2018-01-05

Abstract:In this paper, we use the witness-functions to analyze cryptographic protocols for secrecy under nonempty equational theories. The witness-functions are safe metrics used to compute security. An analysis with a witness-function consists in making sure that the security of every atomic message does not decrease during its lifecycle in the protocol. The analysis gets more difficult under nonempty equational theories. Indeed, the intruder can take advantage of the algebraic properties of the cryptographic primitives to derive secrets. These properties arise from the use of mathematical functions, such as multiplication, addition, exclusive-or or modular exponentiation in the cryptosystems and the protocols. Here, we show how to use the witness-functions under nonempty equational theories and we run an analysis on the Needham-Schroeder-Lowe protocol under the cipher homomorphism. This analysis reveals that although this protocol is proved secure under the perfect encryption assumption, its security collapses under the homomorphic primitives. We show how the witness-functions help to illustrate an attack scenario on it and we propose an amended version to fix it.

Cryptography and Security

Lin Chen,Yi-Xin Chen

DOI: https://doi.org/10.1103/PhysRevA.76.022330

IF: 2.971

2007-01-01

Physical Review A

Abstract:We introduce a feasible method of constructing the entanglement witness that detects genuine multiqubit entanglement in the vicinity of a given pure multiqubit state. We illustrate our method in the scenario of constructing the witnesses for the multiqubit states that are most often investigated theoretically and experimentally. It is shown that our method can construct the effective witnesses for experiments. We also investigate the entanglement detection of symmetric states and mixed states.

J. Sperling,W. Vogel

DOI: https://doi.org/10.1103/PhysRevLett.111.110503

2013-09-18

Abstract:We derive a set of algebraic equations, the so-called multipartite separability eigenvalue equations. Based on their solutions, we introduce a universal method for the construction of multipartite entanglement witnesses. We witness multipartite entanglement of $10^3$ coupled quantum oscillators, by solving our basic equations analytically. This clearly demonstrates the feasibility of our method for studying ultra-high orders of multipartite entanglement in complex quantum systems.

Quantum Physics

Aydin Abadi

2024-06-24

Abstract:To securely transmit sensitive information into the future, Time-Lock Puzzles (TLPs) have been developed. Their applications include scheduled payments, timed commitments, e-voting, and sealed-bid auctions. Homomorphic TLP is a key variant of TLP that enables computation on puzzles from different clients. This allows a solver/server to tackle only a single puzzle encoding the computation's result. However, existing homomorphic TLPs lack support for verifying the correctness of the computation results. We address this limitation by introducing Tempora-Fusion, a TLP that allows a server to perform homomorphic linear combinations of puzzles from different clients while ensuring verification of computation correctness. This scheme avoids asymmetric-key cryptography for verification, thus paving the way for efficient implementations. We discuss our scheme's application in various domains, such as federated learning, scheduled payments in online banking, and e-voting.

Cryptography and Security,Computational Engineering, Finance, and Science,Machine Learning

Aiden R. Rosebush,Alexander C. B. Greenwood,Brian T. Kirby,Li Qian

2024-02-28

Abstract:We propose a support vector machine (SVM) based approach for generating an entanglement witness that requires exponentially less training data than previously proposed methods. SVMs generate hyperplanes represented by a weighted sum of expectation values of local observables whose coefficients are optimized to sum to a positive number for all separable states and a negative number for as many entangled states as possible near a specific target state. Previous SVM-based approaches for entanglement witness generation used large amounts of randomly generated separable states to perform training, a task with considerable computational overhead. Here, we propose a method for orienting the witness hyperplane using only the significantly smaller set of states consisting of the eigenstates of the generalized Pauli matrices and a set of entangled states near the target entangled states. With the orientation of the witness hyperplane set by the SVM, we tune the plane's placement using a differential program that ensures perfect classification accuracy on a limited test set as well as maximal noise tolerance. For $N$ qubits, the SVM portion of this approach requires only $O(6^N)$ training states, whereas an existing method needs $O(2^{4^N})$. We use this method to construct witnesses of 4 and 5 qubit GHZ states with coefficients agreeing with stabilizer formalism witnesses to within 6.5 percent and 1 percent, respectively. We also use the same training states to generate novel 4 and 5 qubit W state witnesses. Finally, we computationally verify these witnesses on small test sets and propose methods for further verification.

Quantum Physics

Aydin Abadi

2024-08-22

Abstract:Time-Lock Puzzles (TLPs) have been developed to securely transmit sensitive information into the future without relying on a trusted third party. Multi-instance TLP is a scalable variant of TLP that enables a server to efficiently find solutions to different puzzles provided by a client at once. Nevertheless, existing multi-instance TLPs lack support for (verifiable) homomorphic computation. To address this limitation, we introduce the "Multi-Instance partially Homomorphic TLP" (MH-TLP), a multi-instance TLP supporting efficient verifiable homomorphic linear combinations of puzzles belonging to a client. It ensures anyone can verify the correctness of computations and solutions. Building on MH-TLP, we further propose the "Multi-instance Multi-client verifiable partially Homomorphic TLP" (MMH-TLP). It not only supports all the features of MH-TLP but also allows for verifiable homomorphic linear combinations of puzzles from different clients. Our schemes refrain from using asymmetric-key cryptography for verification and, unlike most homomorphic TLPs, do not require a trusted third party. A comprehensive cost analysis demonstrates that our schemes scale linearly with the number of clients and puzzles.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Machine Learning

Haotian Wu,Rui Song,Kai Lei,Bin Xiao

DOI: https://doi.org/10.1109/icdcs54860.2022.00118

2022-01-01

Abstract:Verifiable Searchable Symmetric Encryption (SSE) enables reliable search over encrypted, privacy-preserving data on untrusted clouds. Most existing SSE designs only focus on keyword-file search. However, a more difficult but useful search, range search over encrypted numerical values remains unsolved. Moreover, the fairness of search in the mutual distrusted scenario without public verification, where data users may maliciously deny the results after the local result verification, is not well addressed yet. In this paper, we take the first step to study the public verification problem atop the blockchain for encrypted numerical search. We design a novel verifiable SSE scheme named Slicer based on a Succinct Order-Revealing Encryption (SORE) scheme to achieve range search on numerical data. Our search results are verifiable, updated and privacy-preserving by SSE and maintaining the forward security. We illustrate the security and practicality of our design through rigorous analysis and extensive evaluations respectively.

Jiahui Chen,Jianting Ning,Jie Ling,Terry Shue Chien Lau,Yacheng Wang

DOI: https://doi.org/10.1016/j.tcs.2019.12.032

IF: 1.002

2020-01-01

Theoretical Computer Science

Abstract:It is regarded as a difficult task to design a secure MPKC fundamental schemes such as an encryption scheme. In this paper we introduce a new central trapdoor for multivariate quadratic (MQ) public-key cryptosystems that allows for encryption, in contrast to time-tested MQ primitives such as Unbalanced Oil and Vinegar or Rainbow which only allow for signatures. The same as UOV or Rainbow, our construction is single field scheme where the central polynomial system is chosen to have a particular structure that enables efficient inversion. After applying this transformation, the plaintext can be recovered by solving a linear system. Our new central trapdoor can use to replace the broken extension field calculation trapdoor and simple matrix encryption trapdoor, thereafter, we use the minus and plus modifiers to inoculate our scheme against known attacks. It is highlight that our encryption scheme is a good explore in the area of multivariate cryptography. Finally, a straightforward Magma implementation confirms the efficient operation of the public key algorithms.

Changshe Ma,Kefei Chen,Shengli Liu,Dong Zheng

DOI: https://doi.org/10.5220/0002542700480056

2005-01-01

Abstract:The notion of transitive signature, firstly introduced by Micali and Rivest, is a way to digitally sign the vertices and edges of a dynamically growing, transitively closed graph. All the previous proposed transitive signature schemes were constructed from discrete logarithm, factoring, or RSA assumption. In this paper, we introduce two alternative realizations of transitive signature based on bilinear maps. The proposed transitive signature schemes possess the following properties: (i) they are provably secure against adaptive chosen-message attacks in the random oracle model; (ii) there are no need for node certificates in our transitive signature schemes, so the signature algebra is compact; (iii) if using Weil pairing, our signature schemes are more efficient than all previous proposed schemes.

Zheyi Wu,Haolin Liu,Lei Wang

DOI: https://doi.org/10.3390/sym16101347

2024-10-12

Symmetry

Abstract:A time-lock puzzle encapsulates a secret message such that the receiver needs to perform a sequential computation, which takes a specified amount of time, to recover the message. Time-lock puzzles can be used in various scenarios, such as sealed-bid auctions, fair contract signing, and so on. The time required to generate a time-lock puzzle and the time needed to solve it are asymmetric, making the verification of a time-lock puzzle crucial. Before solving the puzzle, the solver needs to verify the validity of the puzzle to avoid computing invalid time-lock puzzles. After the puzzle has been solved, it is essential for a third party to confirm the correctness of the solution. This paper proposes a framework for time-lock puzzles, providing both pre-verification and post-verification functionalities, and outlines the security requirements of this framework. Furthermore, we present a practical construction based on iterated squaring in the RSA group and analyze the security of the specific construction. Finally, we implement this construction in Python and demonstrate its efficiency in different settings when implemented in practice.

multidisciplinary sciences

FY Miao,Y Xiong,SB Yang,XF Wang

IF: 1.019

2006-01-01

Chinese Journal of Electronics

Abstract:Ring signature is a new kind of signer-ambiguous signature, in which the real signer randomly designates a set of possible signers including itself, and generates totally by itself the ring signature only with its private key and public keys of other possible signers. The signature includes no definite information that identifies the real signer. The paper extends the general notion of ring signature and proposes a provable encrypted ring signature scheme. In the scheme, the real signer produces a signer-ambiguous signature with self-provable evidence and can uniquely prove through the evidence that it is the authentic signer if necessary. Furthermore, by an identity-based encryption algorithm from bilinear pairings the ring signature is encrypted to guarantee that only the right verifier can verify the signature. A variant of the scheme is also given in the paper. Analysis shows that the provable encrypted ring signature is confidential, self-provable, signer-ambiguous and secure. The proposed scheme can be applied in many applications such as e-voting, e-commerce etc.

Albrecht Petzoldt,Ming-Shing Chen,Jintai Ding,Bo-Yin Yang

DOI: https://doi.org/10.1007/978-3-319-59879-6_12

2017-01-01

Abstract:Multivariate Cryptography, as one of the main candidates for establishing post-quantum cryptosystems, provides strong, efficient and well-understood digital signature schemes such as UOV, Rainbow, and Gui. While Gui provides very short signatures, it is, for efficiency reasons, restricted to very small finite fields, which makes it hard to scale it to higher levels of security and leads to large key sizes.

Lyes Attouche,Mohamed-Amine Baazizi,Dario Colazzo,Giorgio Ghelli,Carlo Sartiani,Stefanie Scherzinger

DOI: https://doi.org/10.14778/3565838.3565852

IF: 2.5

2022-09-01

Proceedings of the VLDB Endowment

Abstract:JSON Schema is a schema language for JSON documents, based on a complex combination of structural operators, Boolean operators (negation included), and recursive variables. The static analysis of JSON Schema documents comprises practically relevant problems, including schema satisfiability, inclusion, and equivalence. These problems can be reduced to witness generation: given a schema, generate an element of the schema --- if it exists --- and report failure otherwise. Schema satisfiability, inclusion, and equivalence have been shown to be decidable. However, no witness generation algorithm has yet been formally described. We contribute a first, direct algorithm for JSON Schema witness generation, and study its effectiveness and efficiency in experiments over several schema collections, including thousands of real-world schemas.

computer science, information systems, theory & methods

Shuichi Katsumata,Yi-Fu Lai,Jason T. LeGrow,Ling Qin

DOI: https://doi.org/10.1007/s10623-024-01441-7

IF: 1.4

2024-07-19

Designs Codes and Cryptography

Abstract:In this paper, we construct the first provably-secure isogeny-based (partially) blind signature scheme. While at a high level the scheme resembles the Schnorr blind signature, our work does not directly follow from that construction, since isogenies do not offer as rich an algebraic structure. Specifically, our protocol does not fit into the linear identification protocol abstraction introduced by Hauck, Kiltz, and Loss (EUROCYRPT'19), which was used to generically construct Schnorr-like blind signatures based on modules such as classical groups and lattices. Consequently, our scheme is provably secure in the random oracle model (ROM) against poly-logarithmically-many concurrent sessions assuming the subexponential hardness of the group action inverse problem. In more detail, our blind signature exploits the quadratic twist of an elliptic curve in an essential way to endow isogenies with a strictly richer structure than abstract group actions (but still more restrictive than modules). The basic scheme has public key size 128 B and signature size 8 KB under the CSIDH-512 parameter sets—these are the smallest among all provably secure post-quantum secure blind signatures. Relying on a new ring variant of the group action inverse problem ( ), we can halve the signature size to 4 KB while increasing the public key size to 512 B. We provide preliminary cryptanalysis of and show that for certain parameter settings, it is essentially as secure as the standard . Finally, we show a novel way to turn our blind signature into a partially blind signature, where we deviate from prior methods since they require hashing into the set of public keys while hiding the corresponding secret key—constructing such a hash function in the isogeny setting remains an open problem.

mathematics, applied,computer science, theory & methods

Jintai Ding

2012-01-01

Abstract:We present first a generalized LWE problem, which is essentially to extend the original LWE to the case of matrices. Then we use this new version of LWE problem, which we call matrix LWE problem to build new cryptographic schemes, which include a new key distribution scheme, a new key exchanges scheme and a new simple identity-based encryption scheme.

Julian Erhard,Manuel Bentele,Matthias Heizmann,Dominik Klumpp,Simmo Saan,Frank Schüssele,Michael Schwarz,Helmut Seidl,Sarah Tilscher,Vesal Vojdani

2024-11-26

Abstract:Static analyzers are typically complex tools and thus prone to contain bugs themselves. To increase the trust in the verdict of such tools, witnesses encode key reasoning steps underlying the verdict in an exchangeable format, enabling independent validation of the reasoning by other tools. For the correctness of concurrent programs, no agreed-upon witness format exists -- in no small part due to the divide between the semantics considered by analyzers, ranging from interleaving to thread-modular approaches, making it challenging to exchange information. We propose a format that leverages the well-known notion of ghosts to embed the claims a tool makes about a program into a modified program with ghosts, such that the validity of a witness can be decided by analyzing this program. Thus, the validity of witnesses with respect to the interleaving and the thread-modular semantics coincides. Further, thread-modular invariants computed by an abstract interpreter can naturally be expressed in the new format using ghost statements. We evaluate the approach by generating such ghost witnesses for a subset of concurrent programs from the SV-COMP benchmark suite, and pass them to a model checker. It can confirm 75% of these witnesses -- indicating that ghost witnesses can bridge the semantic divide between interleaving and thread-modular approaches.

Programming Languages

Andrea Coladangelo,Jiahui Liu,Qipeng Liu,Mark Zhandry

DOI: https://doi.org/10.48550/arXiv.2107.05692

2022-07-15

Abstract:In this work, we study a generalization of hidden subspace states to hidden coset states (first introduced by Aaronson and Christiano [STOC '12]). This notion was considered independently by Vidick and Zhang [Eurocrypt '21], in the context of proofs of quantum knowledge from quantum money schemes. We explore unclonable properties of coset states and several applications: - We show that assuming indistinguishability obfuscation (iO), hidden coset states possess a certain direct product hardness property, which immediately implies a tokenized signature scheme in the plain model. Previously, it was known only relative to an oracle, from a work of Ben-David and Sattath [QCrypt '17]. - Combining a tokenized signature scheme with extractable witness encryption, we give a construction of an unclonable decryption scheme in the plain model. The latter primitive was recently proposed by Georgiou and Zhandry [ePrint '20], who gave a construction relative to a classical oracle. - We conjecture that coset states satisfy a certain natural (information-theoretic) monogamy-of-entanglement property. Assuming this conjecture is true, we remove the requirement for extractable witness encryption in our unclonable decryption construction, by relying instead on compute-and-compare obfuscation for the class of unpredictable distributions. This conjecture was later proved by Culf and Vidick in a follow-up work. - Finally, we give a construction of a copy-protection scheme for pseudorandom functions (PRFs) in the plain model. Our scheme is secure either assuming iO, OWF, and extractable witness encryption, or assuming iO, OWF, compute-and-compare obfuscation for the class of unpredictable distributions, and the conjectured monogamy property mentioned above. This is the first example of a copy-protection scheme with provable security in the plain model for a class of functions that is not evasive.

Cryptography and Security,Quantum Physics

Qinghua Hu,Chunxiang Xu,Wanpeng Li

DOI: https://doi.org/10.1109/trustcom60117.2023.00118

2024-01-01

Abstract:The utilization of the broadband subliminal channel allows a sender to covertly transmit a message to a receiver through digital signatures. This method requires the sender to relinquish the signing key to the receiver. As a result, the receiver has the ability to employ the signing key to sign any data on behalf of the sender without the sender’s knowledge or consent. Meanwhile, difficulties may arise if the sender is unwilling to disclose the signing key to the receiver. In this paper, we propose a broadband subliminal channel that can be used in digital signature schemes (e.g., DSA, ECDSA, ElGamal, and Schnorr) without disclosing the signing key to the receiver. As it writes the message on a digital signature, we call it WMoS. We first implement WMoS in the Elliptic Curve Digital Signature Algorithm (ECDSA). We then provide the security proof to show that signatures generated in WMoS have the same security level as standard ECDSA signatures. Moreover, we discuss the variants of WMoS in ECDSA and use them to construct applications. Furthermore, we use the implementation of WMoS to generate a signature for an Ethereum transaction to demonstrate its feasibility. We also evaluate the efficiency of WMoS in ECDSA, and the results show that WMoS in ECDSA can generate a signature as efficiently as the standard ECDSA.