Yanqing Yao,Zhoujun Li

DOI: https://doi.org/10.1007/978-3-319-04268-8_10

2014-01-01

Abstract:In the ideal world, cryptographic models take for granted that the secret sources (e.g. secret keys and other secret randomness) are derived from uniform distribution. However, in reality, we may only obtain some 'weak' random sources guaranteed with high unpredictability (e.g. biometric data, physical sources, and secrets with partial leakage). Formally, the security of cryptographic models is measured by the expectation of some function, called 'perfect' expectation in the ideal model and 'weak' expectation in the real model respectively. We propose some elementary inequalities which show that the 'weak' expectation is not much worse than the 'perfect' expectation. Instead of discussing the results based on the min-entropy and collision entropy by Dodis and Yu [TCC 2013], we present how to overcome weak expectations dependent on the Renyi entropy and the expanded computational entropy. We achieve these results via employing the discrete form of the Holder inequality. We also use some techniques to guarantee that the expanded computational entropy is useful in the security model. Thus our results are more general, and we also obtain some results from a computational perspective. The results apply to all 'unpredictability' applications and some indistinguishability applications including CPA-secure symmetric-key encryption schemes, weak Pseudorandom Functions and Weaker Computational Extractors.

Yanqing Yao,Zhoujun Li

DOI: https://doi.org/10.1007/978-3-319-04268-8_10

2014-01-01

Abstract:In the ideal world, cryptographic models take for granted that the secret sources (e.g. secret keys and other secret randomness) are derived from uniform distribution. However, in reality, we may only obtain some ‘weak’ random sources guaranteed with high unpredictability (e.g. biometric data, physical sources, and secrets with partial leakage). Formally, the security of cryptographic models is measured by the expectation of some function, called ‘perfect’ expectation in the ideal model and ‘weak’ expectation in the real model respectively. We propose some elementary inequalities which show that the ‘weak’ expectation is not much worse than the ‘perfect’ expectation. Instead of discussing the results based on the min-entropy and collision entropy by Dodis and Yu [TCC 2013], we present how to overcome weak expectations dependent on the R\(\acute{e}\)nyi entropy and the expanded computational entropy. We achieve these results via employing the discrete form of the H\(\ddot{o}\)lder inequality. We also use some techniques to guarantee that the expanded computational entropy is useful in the security model. Thus our results are more general, and we also obtain some results from a computational perspective. The results apply to all ‘unpredictability’ applications and some indistinguishability applications including CPA-secure symmetric-key encryption schemes, weak Pseudorandom Functions and Weaker Computational Extractors.

Yanqing YAO,Zhoujun LI

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.02.003

2016-01-01

Abstract:Cryptography is a core area in information security. Traditional cryptographic primitives take for granted the availability of perfect random sources. However, in many situations it seems unrealistic to expect a source to be perfectly random, and one must deal with various imperfect sources of randomness. Some well known examples are physical sources, biometric data, secrets with partial leakage, etc. Hence, can cryptographic primitives with imperfect randomness be secure? It has become a frontier and hot research topic in Cryptography. This paper reviews the background, signifi-cance, and the development history of this topic. It also reviews the latest advances of this topic. Namely, some general impossibility results of traditional privacy (e.g., bit extractor, encryption, commitment, secret sharing scheme) and differ-ential privacy under a general imperfect source proposed by Dodis and Yao in CRYPTO 2015. Finally, the paper analyzes the problems worth exploring in this area.

Amir Arqand,Thomas A. Hahn,Ernest Y.-Z. Tan

2024-10-27

Abstract:The entropy accumulation theorem, and its subsequent generalized version, is a powerful tool in the security analysis of many device-dependent and device-independent cryptography protocols. However, it has the drawback that the finite-size bounds it yields are not necessarily optimal, and furthermore it relies on the construction of an affine min-tradeoff function, which can often be challenging to construct optimally in practice. In this work, we address both of these challenges simultaneously by deriving a new entropy accumulation bound. Our bound yields significantly better finite-size performance, and can be computed as an intuitively interpretable convex optimization, without any specification of affine min-tradeoff functions. Furthermore, it can be applied directly at the level of Rényi entropies if desired, yielding fully-Rényi security proofs. Our proof techniques are based on elaborating on a connection between entropy accumulation and the frameworks of quantum probability estimation or $f$-weighted Rényi entropies, and in the process we obtain some new results with respect to those frameworks as well. In particular, those findings imply that our bounds apply to prepare-and-measure protocols without the virtual tomography procedures or repetition-rate restrictions previously required for entropy accumulation.

Quantum Physics

Marcus Huber,Marcin Pawlowski

DOI: https://doi.org/10.1103/PhysRevA.88.032309

2013-09-11

Abstract:We show that in device independent quantum key distribution protocols the privacy of randomness is of crucial importance. For sublinear test sample sizes even the slightest guessing probability by an eavesdropper will completely compromise security. We show that a combined attack exploiting test sample and measurement choices compromises the security even with a linear size test sample and otherwise device independent security considerations. We explicitly derive the sample size needed to retrieve security as a function of the randomness quality. We demonstrate that exploiting features of genuinely higher dimensional systems one can reduce this weakness and provide device independent security more robust against weak randomness sources.

Quantum Physics

Julien Béguinot,Olivier Rioul

2024-01-30

Abstract:We leverage the Gibbs inequality and its natural generalization to Rényi entropies to derive closed-form parametric expressions of the optimal lower bounds of $\rho$th-order guessing entropy (guessing moment) of a secret taking values on a finite set, in terms of the Rényi-Arimoto $\alpha$-entropy. This is carried out in an non-asymptotic regime when side information may be available. The resulting bounds yield a theoretical solution to a fundamental problem in side-channel analysis: Ensure that an adversary will not gain much guessing advantage when the leakage information is sufficiently weakened by proper countermeasures in a given cryptographic implementation. Practical evaluation for classical leakage models show that the proposed bounds greatly improve previous ones for analyzing the capability of an adversary to perform side-channel attacks.

Information Theory

Eldon Chung

2024-06-24

Abstract:In this thesis, we study extensions of statistical cryptographic primitives. In particular we study leakage-resilient secret sharing, non-malleable extractors, and immunized ideal one-way functions. The thesis is divided into three main chapters. In the first chapter, we show that 2-out-of-2 leakage resilient (and also non-malleable) secret sharing requires randomness sources that are also extractable. This rules out the possibility of using min-entropic sources. In the second, we introduce collision-resistant seeded extractors and show that any seeded extractor can be made collision resistant at a small overhead in seed length. We then use it to give a two-source non-malleable extractor with entropy rate 0.81 in one source and polylogarithmic in the other. The non-malleable extractor lead to the first statistical privacy amplification protocol against memory tampering adversaries. In the final chapter, we study the hardness of the data structure variant of the 3SUM problem which is motivated by a recent construction to immunise random oracles against pre-processing adversaries. We give worst-case data structure hardness for the 3SUM problem matching known barriers in data structures for adaptive adversaries. We also give a slightly stronger lower bound in the case of non-adaptivity. Lastly, we give a novel result in the bit-probe setting.

Cryptography and Security

Furui Zhan,Zixiang Zhao,Yuhua Chen,Nianmin Yao

DOI: https://doi.org/10.1016/j.comcom.2019.02.001

IF: 5.047

2019-01-01

Computer Communications

Abstract:As a promising way for establishing secret keys, physical layer key generation has been broadly studied, which typically extracts secret keys with wireless channel characteristics. The existing schemes proved that temporal channel variations, channel reciprocity and spatial de-correlation of wireless channel greatly affected the performance of physical layer key generation. In this paper, the application of collision entropy (Rényi’s quadratic entropy) for improving physical layer key generation is discussed. Specifically, after collecting sufficient channel measurements, a channel measurement evaluation mechanism based on collision entropy is implemented to determine the adequacy of these measurements. Consequently, some consecutive measurements with smaller collision entropies are dropped and the reserved measurements are applied as input of the following process. Based on the evaluation mechanism, an adaptive and efficient key generation scheme is proposed. The proposed scheme consists of five components: channel probing, the evaluation mechanism, the adaptive quantization, information reconciliation and privacy amplification. To validate this scheme, several experiments in real environments are conducted. Different from the existing schemes, the received signal strength (RSS) measurements derived by heterogeneous devices are used as channel measurements. The results show that: (1) compared with homogeneous devices, RSS sequences of heterogeneous devices have more discrepancies and these discrepancies make key generation more challenging; (2) the proposed evaluation mechanism can effectively reduce bit mismatch rate and enhance the efficiency of information reconciliation; (3) compared with other schemes, the proposed key generation scheme can efficiently generate shared secret keys between heterogeneous transceivers in real environments.

Yu Yu,François-Xavier Standaert

DOI: https://doi.org/10.1007/978-3-642-36095-4_15

2013-01-01

Abstract:One of the main challenges in leakage-resilient cryptography is to obtain proofs of security against side-channel attacks, under realistic assumptions and for efficient constructions. In a recent work from CHES 2012, Faust et al. proposed new designs of stream ciphers and pseudorandom functions for this purpose. Yet, a remaining limitation of these constructions is that they require large amounts of public randomness to be proven leakage-resilient. In this paper, we show that tweaked designs with minimum randomness requirements can be proven leakage-resilient in minicrypt. That is, either these constructions are secure, or we are able to construct public-key cryptographic primitives from symmetric-key building blocks and their leakage functions (which is very unlikely). Hence, our results improve the practical relevance of two important leakage-resilient pseudorandom objects.

Hajiabadi, Mohammad,Khazaei, Shahram,Vahdani, Behzad

DOI: https://doi.org/10.1007/s00145-024-09515-4

2024-08-23

Journal of Cryptology

Abstract:It is well-known that randomness is essential for secure cryptography. The randomness used in cryptographic primitives is not necessarily recoverable even by the party who can, e.g., decrypt or recover the underlying secret/message. Several cryptographic primitives that support randomness recovery have turned out useful in various applications. In this paper, we study randomness recoverable secret sharing schemes (RR-SSS), in both information-theoretic and computational settings and provide two results. First, we show that while every access structure admits a perfect RR-SSS, there are very simple access structures (e.g., in monotone ) that do not admit efficient perfect (or even statistical) RR-SSS. Second, we show that the existence of efficient computational RR-SSS for certain access structures in monotone implies the existence of one-way functions. This stands in sharp contrast to (non-RR) SSS schemes for which no such results are known. RR-SSS plays a key role in making advanced attributed-based encryption schemes randomness recoverable, which in turn have applications in the context of designated-verifier non-interactive zero knowledge.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Andrew Chi-chih Yao

DOI: https://doi.org/10.1109/sfcs.1986.25

1986-01-01

Abstract:In this paper we introduce a new tool for controlling the knowl­ edge transfer process in cryptographic protocol design. It is applied to solve a general class of problems which include most of the two-party cryptographic problems in the literature. -- -_.- Specifically, we show how two parties A and B can interactively generate a random integer N =p' q such that its secret, i.e., the prime factors (p, q), is hidden from either party individually but is recoverab~~ jointly if desired. This can be utilized to give a protocol for two parties with private values i and j to compute any polynomially computable functions f(i,j) and g(i,j) with minimal knowledge transfer and a strong fairness property. As a special case, A and B can exchange a pair of secrets SA, SB, e.g. the factorizatio~ of an integer and a Hamiltonian circuit in a graph, in such a way that SA becomes computable by Bwhen and only when SB becomes computable by A. All these results are proved assuming only that the problem of factoring large intergers is computationally intractable. Abstract

Rong Wang,H. F. Chau

2024-06-21

Abstract:In quantum Shannon theory, various kinds of quantum entropies are used to characterize the capacities of noisy physical systems. Among them, min-entropy and its smooth version attract wide interest especially in the field of quantum cryptography as they can be used to bound the information obtained by an adversary. However, calculating the exact value or non-trivial bounds of min-entropy are extremely difficult because the composite system dimension may scale exponentially with the dimension of its subsystem. Here, we develop a one-shot lower bound calculation technique for the min-entropy of a classical-quantum state that is applicable to both finite and infinite dimensional reduced quantum states. Moreover, we show our technique is of practical interest in at least two situations. First, it gives an alternative tight finite-data analysis for the well-known BB84 quantum key distribution protocol. More importantly, it provides a security proof for a novel source-independent continuous-variable quantum random number generation protocol. These show the effectiveness and wide applicability of our approach.

Quantum Physics

Utkarsh Gupta,Hessam Mahdavifar

2024-05-08

Abstract:Secret sharing is an instrumental tool for sharing secret keys in distributed systems. In a classical threshold setting, this involves a dealer who has a secret/key, a set of parties/users to which shares of the secret are sent, and a threshold on the number of users whose presence is needed in order to recover the secret. In secret sharing, secure links with no leakage are often assumed between the involved parties. However, when the users are nodes in a communication network and all the links are physical links, e.g., wireless, such assumptions are not valid anymore. In order to study this critical problem, we propose a statistical leakage model of secret sharing, where some noisy versions of all the secret shares might be independently leaked to an adversary. We then study the resilience of the seminal Shamir's secret sharing scheme with statistical leakage, and bound certain measures of security (i.e., semantic security, mutual information security), given other parameters of the system including the amount of leakage from each secret share. We show that for an extreme scenario of Shamir's scheme, in particular when the underlying field characteristic is $2$, the security of each bit of the secret against leakage improves exponentially with the number of users. To the best of our knowledge, this is the first attempt towards understanding secret sharing under general statistical noisy leakage.

Information Theory

Andrew Chi-Chih Yao

DOI: https://doi.org/10.1109/sfcs.1986.25

1986-01-01

Abstract:In this paper we introduce a new tool for controlling the knowledge transfer process in cryptographic protocol design. It is applied to solve a general class of problems which include most of the two-party cryptographic problems in the literature. Specifically, we show how two parties A and B can interactively generate a random integer N = pċq such that its secret, i.e., the prime factors (p, q), is hidden from either party individually but is recoverable jointly if desired. This can be utilized to give a protocol for two parties with private values i and j to compute any polynomially computable functions f(i,j) and g(i,j) with minimal knowledge transfer and a strong fairness property. As a special case, A and B can exchange a pair of secrets sA, sB, e.g. the factorization of an integer and a Hamiltonian circuit in a graph, in such a way that sA becomes computable by B when and only when sB becomes computable by A. All these results are proved assuming only that the problem of factoring large intergers is computationally intractable.

Puwen Wei,Xiaoyun Wang,Yuliang Zheng

DOI: https://doi.org/10.1016/j.compeleceng.2012.02.001

2009-01-01

Abstract:In this paper, we report our success in identifying an efficient public key encryption scheme whose formal security proof does not require a random oracle. Specifically, we focus our attention on a universal hash based public key encryption scheme proposed by Zheng and Seberry at Crypto'92. Although Zheng and Seberry's encryption scheme is very simple and efficient, its reductionist security proof has not been provided. We show how to tweak the Zheng-Seberry scheme so that the resultant scheme not only preserves the efficiency of the original scheme but also admits provable security against adaptive chosen ciphertext attack without random oracle. For the security proof, our first attempt is based on a strong assumption called the oracle Diffie-Hellman^+ assumption. This is followed by a more challenging proof that employs a weaker assumption called the adaptive decisional Diffie-Hellman assumption, which is in alignment with adaptively secure assumptions advocated by Pandey, Pass and Vaikuntanathan.

Carmit Hazay,Muthuramakrishnan Venkitasubramaniam,Mor Weiss

DOI: https://doi.org/10.1007/s00145-024-09524-3

2024-11-01

Journal of Cryptology

Abstract:Leakage-resilient cryptography aims to protect cryptographic primitives from so-called "side channel attacks" that exploit their physical implementation to learn their input or secret state. Starting from the works of Ishai, Sahai and Wagner (CRYPTO'03) and Micali and Reyzin (TCC'04), most works on leakage-resilient cryptography either focus on protecting general computations, such as circuits or multiparty computation protocols, or on specific non-interactive primitives such as storage, encryption, and signatures. This work focuses on leakage resilience for the middle ground, namely for distributed and interactive cryptographic primitives. Our main technical contribution is designing the first secret sharing scheme that is equivocal , resists adaptive probing of a constant fraction of bits from each share, while incurs only a constant blowup in share size. Equivocation is a strong leakage-resilience guarantee, recently introduced by Hazay et al. (ITC, 2021). Our construction is obtained via a general compiler which we introduce, that transforms any secret sharing scheme into an equivocal scheme against adaptive leakage. An attractive feature of our compiler is that it respects additive reconstruction; namely, if the original scheme has additive reconstruction, then the transformed scheme has linear reconstruction. We extend our compiler to a general paradigm for protecting distributed primitives against leakage and show its applicability to various primitives, including secret sharing, verifiable secret sharing, function secret sharing, distributed encryption and signatures, and distributed zero-knowledge proofs. For each of these primitives, our paradigm transforms any construction of the primitive into a scheme that resists adaptive party corruptions, as well as adaptive probing leakage of a constant fraction of bits in each share when the share is stored in memory (but not when it is used in computations). Moreover, the transformation incurs only a constant blowup in the share size and respects additive reconstruction—an important feature for several of these primitives, such as function secret sharing and distributed encryption.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Yuxin Deng,Catuscia Palamidessi Jun Pang

2005-01-01

Abstract:Anonymity means that the identity of the user performing a certain action is maintained secret. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically. In this paper we propose a notion of weak probabilistic anonymity, where weak refers to the fact that some amount of probabilistic information may be revealed by the protocol. This information can be used by an observer to infer the likeliness that the action has been performed by a certain user. The aim of this work is to study the degree of anonymity that the protocol can still ensure, despite the leakage of information. We illustrate our ideas by using the example of the dining cryptographers with biased coins. We consider both the cases of nondeterministic and probabilistic users. Correspondingly, we propose two notions of weak anonymity and we investigate their respective dependencies on the biased factor of the coins.

Liang Jin,Xiaoyan Hu,Jiangxing Wu

DOI: https://doi.org/10.1051/sands/2023004

2023-01-01

Abstract:In this paper, we propose a conjecture that endogenous security without any prior knowledge is similar to perfect secrecy without any prior knowledge. To prove the conjecture, we first establish a cryptography model of instinct function security to transform the security problem in the network domain into an encryption problem in the cryptographic domain. Then, we inherit and apply the established ideas and means of the Perfect Secrecy, and propose the concept, definition and corollaries of the perfect instinct function security (PIFS) corresponding to the Perfect Secrecy. Furthermore, we take the DHR system as a concrete implementation of PIFS and propose the DHR Perfect Security Theorem corresponding to Shannon’s Perfect Secrecy Theorem. Finally, we prove that the DHR satisfying the "One-Time Reconstruction" constraint is the sufficient and necessary condition to achieve perfect security. This means that the existence of PIFS is also proven. The analysis shows that any reconfigurable system can be encrypted by its construct and that the PIFS converts the one-way transparent superiority of the attacker into a double-blind problem for both the attacker and the defender, which leads to that the attacker is impossible to obtain useful construction information from the attacks and unable to find a better way than blind trial-and-error or brute-force attacks. Since the attackers are required to have the new powerful ability to crack the structure cryptogram, the threshold of cyber security is raised to at least the same level as cryptogram deciphering, thereafter the ubiquitous cyber threats are destined to be significantly reduced.

Jan Bouda,Marcin Pawlowski,Matej Pivoluska,Martin Plesch

DOI: https://doi.org/10.1103/PhysRevA.90.032313

2014-03-14

Abstract:Expansion and amplification of weak randomness plays a crucial role in many security protocols. Using quantum devices, such procedure is possible even without trusting the devices used, by utilizing correlations between outcomes of parts of the devices. We show here how to extract random bits with an arbitrarily low bias from a single arbitrarily weak min-entropy source in a device independent setting. To do this we use Mermin devices that exhibit super-classical correlations. Number of devices used scales polynomially in the length of the random sequence $n$. Our protocol is robust, it can tolerate devices that malfunction with a probability dropping polynomially in $n$ at the cost of a minor increase of the number of devices used.

Quantum Physics