ZhengYan Lin,YueXu Zhao

DOI: https://doi.org/10.1007/s11425-012-4449-0

2012-01-01

Science China Mathematics

Abstract:We establish strong invariance principles for sums of stationary ρ-mixing random variables with finite and infinite second moments under weaker mixing rates.Some earlier results are improved.As applications,some results of the law of the iterated logarithm with finite and infinite variance are obtained,also a conjecture raised by Shao in 1993 is solved.

Chun Guo,Yiyuan Luo,Chenyu Xiao,Xiao, Chenyu

DOI: https://doi.org/10.1007/s10623-024-01361-6

IF: 1.4

2024-02-18

Designs Codes and Cryptography

Abstract:We study the Lai–Massey construction defined over bit strings w.r.t. the notion of sequential indifferentiability, which was introduced by Mandal et al. (in: Cramer (ed) TCC 2012, LNCS, Springer, Heidelberg, vol 7194, pp 285–302, 2012) and formalized known-key security of blockcipher structures. We first exhibit a sequential distinguisher against 5-round Lai–Massey structure when the underlying orthomorphism is linear. This enhances a 2011 result of Aumasson. As our main result, we (for the first time) prove sequential indifferentiability for 6-round Lai–Massey constructions (on bit strings) using six independent random round functions.

mathematics, applied,computer science, theory & methods

Le Dong,Danxun Zhang,Wenya Li,Wenling Wu

DOI: https://doi.org/10.1007/s10623-024-01408-8

IF: 1.4

2024-05-08

Designs Codes and Cryptography

Abstract:In this study, we present the first yoyo attack to recover the secret round function of the 4-round Lai-Massey scheme with an affine orthomorphism. We first perform a yoyo attack on 3-round Lai-Massey scheme. However, the original method for constructing plaintext equations is not sufficiently effective. To solve this problem, we partition the ciphertext and plaintext spaces into subsets, which provides a fresh perspective on our yoyo attack. From this perspective, our study presents two improvements. One is that we devise an improved yoyo game in which the established ciphertext pool significantly narrows the search of good pairs compared with random selection, and the inserted filter can eliminate all wrong pairs using simple XOR calculations. Consequently, the yoyo game is advantageous for reducing the complexity of seeking good pairs, and we can avoid the complexity involved in solving equations generated using wrong pairs. The other is that we present a valid method for solving equations, which helps to reduce the number of yoyos required to recover the first-round function. After removing the first round, the look-up tables of the remaining two round functions of the 3-round Lai-Massey scheme can be retrieved by selecting the inputs and accessing the outputs. On the basis of this attack, we mount a yoyo attack on the 4-round Lai-Massey scheme to recover the fourth-round function and then apply the above attack to the remaining three rounds. In general, the complete recovery of the 4-round Lai-Massey scheme requires time complexity O and memory O , where .

mathematics, applied,computer science, theory & methods

Jing Xia,Liuquan Wang,Maosheng Xiong

DOI: https://doi.org/10.48550/arXiv.1308.4499

2013-08-21

Abstract:In this paper we continue to study a question proposed by Babadi and Tarokh \cite{ba2} on the mysterious randomness of Gold sequences. Upon improving their result, we establish the randomness of product of pseudorandom matrices formed from two linear block codes with respect to the empirical spectral distribution, if the dual distance of both codes is at least 5, hence providing an affirmative answer to the question.

Information Theory

Liang Yu

DOI: https://doi.org/10.1016/j.apal.2011.08.006

IF: 0.776

2012-01-01

Annals of Pure and Applied Logic

Abstract:We introduce two methods for characterizing strong randomness notions via Martin-Löf randomness. We apply these methods to investigate Schnorr randomness relative to 0̸′.

Yezhen Liang,Guoqiang Bai

DOI: https://doi.org/10.1109/ICIS.2014.6912137

2014-01-01

Abstract:An effective randomized window-scanning RSA scheme resistant to power analysis is presented in this paper. Unlike the traditional countermeasures such as message blinding or the multiply-always exponentiation scheme, our proposal focuses on randomizing the position information of the exponentiation bits which is a brand new direction for anti-power analysis research. Experimental results show that it works effectively against power analysis with a minimum overhead compared with other countermeasures.

Zhifang Zhang,Mulan Liu,Yeow Meng Chee,San Ling,Huaxiong Wang

DOI: https://doi.org/10.1007/978-3-540-89255-7

2008-12-13

Abstract:Strongly multiplicative linear secret sharing schemes (LSSS) have been a powerful tool for constructing secure multiparty computation protocols. However, it remains open whether or not there exist efficient constructions of strongly multiplicative LSSS from general LSSS. In this paper, we propose the new concept of a 3-multiplicative LSSS, and establish its relationship with strongly multiplicative LSSS. More precisely, we show that any 3-multiplicative LSSS is a strongly multiplicative LSSS, but the converse is not true; and that any strongly multiplicative LSSS can be efficiently converted into a 3-multiplicative LSSS. Furthermore, we apply 3-multiplicative LSSS to the computation of unbounded fan-in multiplication, which reduces its round complexity to four (from five of the previous protocol based on strongly multiplicative LSSS). We also give two constructions of 3-multiplicative LSSS from Reed-Muller codes and algebraic geometric codes. We believe that the construction and verification of 3-multiplicative LSSS are easier than those of strongly multiplicative LSSS. This presents a step forward in settling the open problem of efficient constructions of strongly multiplicative LSSS from general LSSS.

Cryptography and Security

Sun-Kai Leung

2024-07-07

Abstract:Assuming a variant of the Hardy--Littlewood prime $k$-tuple conjecture, we compute mixed moments of the number of primes in disjoint short intervals and short progressions respectively. This involves estimating the mean of singular series over any product of lattices, which is of independent interest. As a consequence, we establish the convergence of both sequences of suitably normalized primes to a standard Poisson point process.

Number Theory,Probability

Liu, Feng-Hao

DOI: https://doi.org/10.1007/s10623-024-01523-6

IF: 1.4

2024-11-25

Designs Codes and Cryptography

Abstract:Achieving tight security is a fundamental task in cryptography. While one of the most important purposes of this task is to improve the overall efficiency of a construction (by allowing smaller security parameters), many current lattice-based instantiations do not completely achieve the goal. Particularly, a super-polynomial modulus seems to be necessary in all prior work for (almost) tight schemes that allow the adversary to conduct queries, such as PRF, IBE, and Signatures. As the super-polynomial modulus would affect the noise-to-modulus ratio and thus increase the parameters, this might cancel out the advantages (in efficiency) brought from the tighter analysis. To determine the full power of tight security/analysis in lattices, it is necessary to determine whether the super-polynomial modulus restriction is inherent. In this work, we remove the super-polynomial modulus restriction for many important primitives—PRF, IBE, all-but-many Lossy Trapdoor Functions, and Signatures. The crux relies on an improvement over the framework of Boyen and Li (Asiacrypt 16), and an almost tight reduction from LWE to LWR, which improves prior work by Alwen et al. (Eurocrypt 13), Bogdanov et al. (TCC 16), and Bai et al. (Asiacrypt 15). By combining these two advances, we are able to derive these almost tight schemes under LWE with a polynomial modulus.

mathematics, applied,computer science, theory & methods

Matthew Coudron,Thomas Vidick,Henry Yuen

DOI: https://doi.org/10.48550/arXiv.1305.6626

2013-06-23

Abstract:A recent sequence of works, initially motivated by the study of the nonlocal properties of entanglement, demonstrate that a source of information-theoretically certified randomness can be constructed based only on two simple assumptions: the prior existence of a short random seed and the ability to ensure that two black-box devices do not communicate (i.e. are non-signaling). We call protocols achieving such certified amplification of a short random seed randomness amplifiers. We introduce a simple framework in which we initiate the systematic study of the possibilities and limitations of randomness amplifiers. Our main results include a new, improved analysis of a robust randomness amplifier with exponential expansion, as well as the first upper bounds on the maximum expansion achievable by a broad class of randomness amplifiers. In particular, we show that non-adaptive randomness amplifiers that are robust to noise cannot achieve more than doubly exponential expansion. Finally, we show that a wide class of protocols based on the use of the CHSH game can only lead to (singly) exponential expansion if adversarial devices are allowed the full power of non-signaling strategies. Our upper bound results apply to all known non-adaptive randomness amplifier constructions to date.

Quantum Physics

Yong Wang,Zhuo Liu,Leo Yu Zhang,Fabio Pareschi,Gianluca Setti,Guanrong Chen

DOI: https://doi.org/10.1109/tcyb.2021.3129808

IF: 11.8

2021-01-01

IEEE Transactions on Cybernetics

Abstract:Applying the chaos theory for secure digital communications is promising and it is well acknowledged that in such applications the underlying chaotic systems should be carefully chosen. However, the requirements imposed on the chaotic systems are usually heuristic, without theoretic guarantee for the resultant communication scheme. Among all the primitives for secure communications, it is well accepted that (pseudo) random numbers are most essential. Taking the well-studied 2-D coupled map lattice (2D CML) as an example, this article performs a theoretical study toward pseudorandom number generation with the 2D CML. In so doing, an analytical expression of the Lyapunov exponent (LE) spectrum of the 2D CML is first derived. Using the LEs, one can configure system parameters to ensure the 2D CML only exhibits complex dynamic behavior, and then collect pseudorandom numbers from the system orbits. Moreover, based on the observation that least significant bit distributes more evenly in the (pseudo) random distribution, an extraction algorithm E is developed with the property that when applied to the orbits of the 2D CML, it can squeeze uniform bits. In implementation, if fixed-point arithmetic is used in binary format with a precision of z bits after the radix point, E can ensure that the deviation of the squeezed bits is bounded by 2^-z . Further simulation results demonstrate that the new method not only guides the 2D CML model to exhibit complex dynamic behavior but also generates uniformly distributed independent bits with good efficiency. In particular, the squeezed pseudorandom bits can pass both NIST 800-22 and TestU01 test suites in various settings. This study thereby provides a theoretical basis for effectively applying the 2D CML to secure communications.

automation & control systems,computer science, cybernetics, artificial intelligence

Shaoxuan Zhang,Chun Guo,Qingju Wang

DOI: https://doi.org/10.1049/2024/9991841

2024-09-15

IET Information Security

Abstract:We study quantum superposition attacks against permutation‐based pseudorandom cryptographic schemes. We first extend Kuwakado and Morii's attack against the Even–Mansour cipher and exhibit key recovery attacks against a large class of pseudorandom schemes based on a single call to an n‐bit permutation, with polynomial O(n) (or O(n2), if the concrete cost of Hadamard transform is also taken in) quantum steps. We then consider TPPR schemes, namely, two permutation‐based pseudorandom cryptographic schemes. Using the improved Grover‐meet‐Simon method, we show that the keys of a wide class of TPPR schemes can be recovered with O(n) superposition queries (the complexity of the original is O(n2n/2)) and O(n2n/2) quantum steps. We also exhibit subclasses of "degenerated" TPPR schemes that lack certain internal operations and exhibit more efficient key recovery attacks using either the Simon's algorithm or collision searching algorithm. Further, using the all‐subkeys‐recovery idea of Isobe and Shibutani, our results give rise to key recovery attacks against several recently proposed permutation‐based PRFs, as well as the two‐round Even–Mansour ciphers with generic key schedule functions and their tweakable variants. From a constructive perspective, our results establish new quantum Q2 security upper bounds for two permutation‐based pseudorandom schemes as well as sound design choices.

computer science, information systems, theory & methods

Lijie Chen,Roei Tell

DOI: https://doi.org/10.1137/22m1475491

2024-12-05

SIAM Journal on Computing

Abstract:SIAM Journal on Computing, Ahead of Print. We propose a new approach to the hardness-to-randomness framework and to the [math] conjecture. Classical results rely on nonuniform hardness assumptions to construct derandomization algorithms that work in the worst case, or rely on uniform hardness assumptions to construct derandomization algorithms that work only in the average case. In both types of results, the derandomization algorithm is "black-box" and uses the standard approach based on pseudorandom generators (PRGs). In this work we present results that closely relate new and natural uniform hardness assumptions to worst-case derandomization of [math], where the algorithms underlying the latter derandomization are non-black-box. In our main result, we show that [math] if the following holds: There exists a multi-output function computable by logspace-uniform circuits of polynomial size and depth [math] that cannot be computed by uniform probabilistic algorithms in time [math], for some universal constant [math], on almost all inputs. The required failure on "almost all inputs" is stronger than the standard requirement of failing on one input of each length; however, the same assumption without the depth restriction on [math] is necessary for the conclusion. This suggests a potential equivalence between worst-case derandomization of [math] of any form (i.e., not necessarily by a black-box algorithm) and the existence of efficiently computable functions that are hard for probabilistic algorithms on almost all inputs. In our second result, we introduce a new and uniform hardness-to-randomness tradeoff for the setting of superfast average-case derandomization; prior to this work, superfast average-case derandomization was known only under nonuniform hardness assumptions. In an extreme instantiation of our new tradeoff, under appealing uniform hardness assumptions and if one-way functions exist, we show that for every polynomial [math] and constant [math] it holds that [math], where the "[math]" prefix means that no polynomial-time algorithm can find, with nonnegligible probability, an input on which the deterministic simulation errs. Technically, our approach is to design targeted PRGs and hitting-set generators (HSGs), as introduced by Goldreich [In a world of [math], in Studies in Complexity and Cryptography, Lecture Notes in Comput. Sci. 6650, Springer, 2011, pp. 191–232]. Our targeted PRGs/HSGs "produce randomness from the input," as suggested by Goldreich and Wigderson [Proceedings of the 6th International Workshop on Randomization and Approximation Techniques in Computer Science (RANDOM), 2002, pp. 209–223], and our analysis of these targeted PRGs/HSGs relies on non-black-box versions of the reconstruction procedure of Impagliazzo and Wigderson [Proceedings of the 39th Annual IEEE Symposium on Foundations of Computer Science (FOCS), 1998, pp. 734–743]. Our main reconstruction procedure crucially relies on the ideas underlying the proof system of Goldwasser, Kalai, and Rothblum [J. ACM, 62 (2015), 27].

computer science, theory & methods,mathematics, applied

Jiahong Wu,Nan Liu,Wei Kang

2023-12-10

Abstract:In this paper, we consider the case that sharing many secrets among a set of participants using the threshold schemes. All secrets are assumed to be statistically independent and the weak secure condition is focused on. Under such circumstances we investigate the infimum of the (average) information ratio and the (average) randomness ratio for any structure pair which consists of the number of the participants and the threshold values of all secrets. For two structure pairs such that the two numbers of the participants are the same and the two arrays of threshold values have the subset relationship, two leading corollaries are proved following two directions. More specifically, the bound related to the lengths of shares, secrets and randomness for the complex structure pair can be truncated for the simple one; and the linear schemes for the simple structure pair can be combined independently to be a multiple threshold scheme for the complex one. The former corollary is useful for the converse part and the latter one is helpful for the achievability part. Three new bounds special for the case that the number of secrets corresponding to the same threshold value $ t $ is lager than $ t $ and two novel linear schemes modified from the Vandermonde matrix for two similar cases are presented. Then come the optimal results for the average information ratio, the average randomness ratio and the randomness ratio. We introduce a tiny example to show that there exists another type of bound that may be crucial for the information ratio, to which we only give optimal results in three cases.

Information Theory

Haijian Zhou,Ping Luo,Daoshun Wang,Yiqi Dai

DOI: https://doi.org/10.1007/978-3-540-79499-8_32

2008-01-01

Abstract:The Lu-Lee public key cryptosystem and Adiga-Shankar's modification are considered to be insecure with cryptanalysis by integer linear programing, since only 2 or 3 unknown message blocks are used in the modular linear equation for encryption procedure. Unfortunately integer linear programming algorithms falls in trouble with more unknowns. In this paper we present a probabilistic algorithm for cryptanalysis of general Lu-Lee type systems with nmessage blocks. The new algorithm is base on lattice reduction and succeeds to break Lu-Lee type systems with up to 68 message blocks.

Jing Yang,Qian Guo,Thomas Johansson,Michael Lentmaier

DOI: https://doi.org/10.48550/arXiv.2103.02668

2021-03-04

Abstract:Local pseudorandom generators are a class of fundamental cryptographic primitives having very broad applications in theoretical cryptography. Following Couteau et al.'s work in ASIACRYPT 2018, this paper further studies the concrete security of one important class of local pseudorandom generators, i.e., Goldreich's pseudorandom generators. Our first attack is of the guess-and-determine type. Our result significantly improves the state-of-the-art algorithm proposed by Couteau et al., in terms of both asymptotic and concrete complexity, and breaks all the challenge parameters they proposed. For instance, for a parameter set suggested for 128 bits of security, we could solve the instance faster by a factor of about $2^{61}$, thereby destroying the claimed security completely. Our second attack further exploits the extremely sparse structure of the predicate $P_5$ and combines ideas from iterative decoding. This novel attack, named guess-and-decode, substantially improves the guess-and-determine approaches for cryptographic-relevant parameters. All the challenge parameter sets proposed in Couteau et al.'s work in ASIACRYPT 2018 aiming for 80-bit (128-bit) security levels can be solved in about $2^{58}$ ($2^{78}$) operations. We suggest new parameters for achieving 80-bit (128-bit) security with respect to our attacks. We also extend the attack to other promising predicates and investigate their resistance.

Cryptography and Security,Information Theory

Yong Wang,Zhaolong Liu,Jianbin Ma,Haiyuan He

DOI: https://doi.org/10.1007/s11071-015-2488-0

IF: 5.741

2015-11-19

Nonlinear Dynamics

Abstract:In order to overcome the disadvantages of logistic map in designing chaos-based cipher, the piecewise logistic map (PLM) is presented. Some properties related to cryptography of the PLM, such as ergodicity, Lyapunov exponent, and bifurcation, are analyzed and compared with the logistic map. From the view of cryptography, the PLM owns better properties than the logistic map. Then, a novel pseudorandom number generator (PRNG) based on the PLM is proposed. Since the cryptographic properties of the PLM are enhanced, the presented PRNG achieves a trade-off between efficiency and security. Both performance analysis and simulation test confirm that our scheme is simple, secure, and efficient, with high potential to be adopted as a stream cipher for secure communication.

engineering, mechanical,mechanics

Ruoyu Ding,Chi Cheng,Yue Qin,Yue Qin Qin

DOI: https://doi.org/10.1109/jsyst.2022.3161264

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:To improve the security of mobile networks in the postquantum era, Dabra et al. recently proposed a lattice-based anonymous password-authenticated key exchange (LBA-PAKE) protocol for mobile devices. Especially, LBA-PAKE is claimed to support the key reuse. However, we find that LBA-PAKE is still vulnerable to the signal leakage attack when the master key is reused. We propose two strategies to reduce the needed number of queries in our attack. Compared to the method of Bindel et al., our method reduces the required queries by more than 75%. Our experiments show that breaking LBA-PAKE needs less than 2 min. Through analysis of why LBA-PAKE fails in their security proof, we further propose an improved protocol without incurring extra computation costs. The formal security analysis shows that our improved scheme supports all features of LBA-PAKE while thwarting the signal leakage attack. Moreover, the implementation of our improved protocol demonstrates its efficiency in mobile networks.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Yakov Shalunov

2024-06-28

Abstract:Efficient derandomization has long been a goal in complexity theory, and a major recent result by Yanyi Liu and Rafael Pass identifies a new class of hardness assumption under which it is possible to perform time-bounded derandomization efficiently: that of ''leakage-resilient hardness.'' They identify a specific form of this assumption which is $\textit{equivalent}$ to $\mathsf{prP} = \mathsf{prBPP}$. In this paper, we pursue an equivalence to derandomization of $\mathsf{prBP{\cdot}L}$ (logspace promise problems with two-way randomness) through techniques analogous to Liu and Pass. We are able to obtain an equivalence between a similar ''leakage-resilient hardness'' assumption and a slightly stronger statement than derandomization of $\mathsf{prBP{\cdot}L}$, that of finding ''non-no'' instances of ''promise search problems.''

Computational Complexity

Hung-Min Sun,Mu-En Wu,Ron Steinfeld,Jian Guo,Huaxiong Wang

DOI: https://doi.org/10.1007/978-3-540-89641-8_4

2008-01-01

Abstract:LSBS-RSA denotes an RSA system with modulus primes, p and q , sharing a large number of least significant bits. In ISC 2007 , Zhao and Qi analyzed the security of short exponent LSBS-RSA. They claimed that short exponent LSBS-RSA is much more vulnerable to the lattice attack than the standard RSA. In this paper, we further raise the security boundary of the Zhao-Qi attack by considering another polynomial. Our improvemet supports the result of analogue Fermat factoring on LSBS-RSA, which claims that p and q cannot share more than $\frac{n}{4}$ least significant bits, where n is the bit-length of pq . In conclusion, it is a trade-off between the number of sharing bits and the security level in LSBS-RSA. One should be more careful when using LSBS-RSA with short exponents.