Jun Shen,Junde Wu

DOI: https://doi.org/10.1016/s0034-4877(09)90015-5

IF: 0.808

2009-01-01

Reports on Mathematical Physics

Abstract:In this paper, first, we answer affirmatively an open problem which was presented in 2005 by professor Gudder on the sub-sequential effect algebras. That is, we prove that if (E, 0, 1, circle plus, o) is a sequential effect algebra and A is a commutative subset of E, then the sub-sequential effect algebra (A) over bar generated by A is also commutative. Next, we also study the following uniqueness problem: If na = nb = c for some positive integer n >= 2, then under what conditions a = b hold? We prove that if c is a sharp element of E and a vertical bar b, then a = b. We give also two examples to show that neither of the above two conditions can be discarded.

Chun Guo,Dongdai Lin

DOI: https://doi.org/10.1007/s10623-015-0132-0

2015-01-01

Abstract:Iterated Even–Mansour (IEM) scheme consists of a small number r of fixed n-bit permutations separated by \(r+1\) round-key additions. When the permutations are public, independent and random, and a common round key derived from the master key by an idealized non-invertible key derivation (KD) function is used, 5 rounds was proved sufficient to obtain (full) indifferentiability from ideal ciphers by Andreeva et al. (CRYPTO 2013). The KD can be a random oracle, or a Davies-Meyer construction from a random permutation. This work considers such IEM with non-invertible KD in the sequential indifferentiability model of Mandal et al. (TCC 2012). As results, this work shows that in both cases mentioned before, 3 rounds yields sequential indifferentiability from ideal ciphers. As Andreeva et al. has proved 3-round IEM with idealized invertible key derivations not sequentially indifferentiable (by exhibiting an attack), a definitive separation between IEM with invertible key derivations and IEM with non-invertible key derivations is established. This is the most important implication of the results in this work.

Chun Guo,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-662-48800-3_16

2015-01-01

Abstract:Iterated Even-Mansour scheme IEM is a generalization of the basic 1-round proposal ASIACRYPT '91. The scheme can use one key, two keys, or completely independent keys. Most of the published security proofs for IEM against relate-key and chosen-key attacks focus on the case where all the round-keys are derived from a single master key. Whereas results beyond this barrier are relevant to the cryptographic problem whether a secure blockcipher with key-size twice the block-size can be built by mixing two relatively independent keys into IEM and iterating sufficiently many rounds, and this strategy actually has been used in designing blockciphers for a long-time. This work makes the first step towards breaking this barrier and considers IEM with Interleaved Double independent round-keys: $$\\begin{aligned} \\text {IDEM}_rk_1,k_2,m=k_i\\oplus P_r\\ldots k_1\\oplus P_2k_2\\oplus P_1k_1\\oplus m\\ldots , \\end{aligned}$$ where $$i=2$$ when r is odd, and $$i=1$$ when r is even. As results, this work proves that 15 rounds can achieve full indifferentiability from an ideal cipher with $$O{q^{8}}/{2^n}$$ security bound. This work also proves that 7 rounds is sufficient and necessary to achieve sequential-indifferentiability a notion introduced at TCC 2012 with $$O{q^{6}}/{2^n}$$ security bound, so that $$\\text {IDEM}_{7}$$ is already correlation intractable and secure against any attack that exploits evasive relations between its input-output pairs.

Chun Guo,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-662-48800-3_16

2015-01-01

Abstract:Iterated Even-Mansour scheme (IEM) is a generalization of the basic 1-round proposal (ASIACRYPT '91). The scheme can use one key, two keys, or completely independent keys.Most of the published security proofs for IEM against relate-key and chosen-key attacks focus on the case where all the round-keys are derived from a single master key. Whereas results beyond this barrier are relevant to the cryptographic problem whether a secure blockcipher with key-size twice the block-size can be built by mixing two relatively independent keys into IEM and iterating sufficiently many rounds, and this strategy actually has been used in designing blockciphers for a long-time.This work makes the first step towards breaking this barrier and considers IEM with Interleaved Double independent round-keys:IDEMr((k(1), k(2)), m) = k(i) circle plus (P-r( ... k(1) circle plus P-2(k(2) circle plus P-1(k(1) circle plus m)) ...)),where i = 2 when r is odd, and i = 1 when r is even. As results, this work proves that 15 rounds can achieve (full) indifferentiability from an ideal cipher with O(q(8)/2(n)) security bound. This work also proves that 7 rounds is sufficient and necessary to achieve sequential-indifferentiability (a notion introduced at TCC 2012) with O(q(6)/2(n)) security bound, so that IDEM7 is already correlation intractable and secure against any attack that exploits evasive relations between its input-output pairs.

Yiyuan Luo,Xuejia Lai,Zheng Gong,Zhongming Wu

2009-01-01

Abstract:At Asiacrypt’99, Vaudenay modified the structure in the IDEA cipher to a new scheme, which they called as the Lai-Massey scheme. It is proved that 3-round Lai-Massey scheme is sufficient for pseudorandomness and 4-round Lai-Massey scheme is sufficient for strong pseudorandomness. But the author didn’t point out whether three rounds and four rounds are necessary for the pseudorandomness and strong pseudorandomness of the Lai-Massey Scheme. In this paper we find a tworound pseudorandomness distinguisher and a three-round strong pseudorandomness distinguisher, thus prove that three rounds is necessary for the pseudorandomness and four rounds is necessary for the strong pseudorandomness.

Yiyuan Luo,Xuejia Lai,Jing Hu

2015-01-01

Journal of information science and engineering

Abstract:In this paper we prove beyond-birthday-bound for the (strong) pseudorandomness of many-round Lai-Massey scheme. Motivated by Hoang and Rogaway's analysis of generalized Feistel networks, we use the coupling technology from Markov chain theory and prove that for any epsilon > 0, with enough rounds, the Lai-Massey scheme is indistinguishable from a uniform random permutation by any computationally unbounded distinguisher making at most q similar to N1-epsilon combined chosen plaintext/ciphertext (CCA) queries, where N is the range size of the round function. Previous works by Vaudenay et al. and Yun et al. only proved the birthday-bound CCA security of Lai-Massey scheme.

Chun Guo,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-662-46494-6_6

2015-01-01

Abstract:Feistel constructions have been shown to be indifferentiable from random permutations at STOC 2011. Whereas how to properly mix the keys into an un-keyed Feistel construction without appealing to domain separation technique to obtain a block cipher which is provably secure against known-key and chosen-key attacks (or to obtain an ideal cipher) remains an open problem. We study this, particularly the basic structure of NSA's SIMON family of block ciphers. SIMON family takes a construction which has the subkey xored into a halve of the state at each round. More clearly, at the i-th round, the state is updated according to (x(i), x(i-1)) -> (x(i-1) circle plus F-i(x(i)) circle plus k(i), x(i)) For such key-alternating Feistel ciphers, we show that 21 rounds are sufficient to achieve indifferentiability from ideal ciphers with 2n-bit blocks and n-bit keys, assuming the n-to-n-bit round functions F-1, ... , F-21 to be random and public and an identical user-provided n-bit key to be applied at each round. This gives an answer to the question mentioned before, which is the first to our knowledge.

Yiyuan Luo,Xuejia Lai,Zheng Gong

DOI: https://doi.org/10.1016/j.ipl.2010.10.012

IF: 0.851

2010-01-01

Information Processing Letters

Abstract:In this paper we find that the two-round (extended) Lai–Massey scheme is not pseudorandom and three-round (extended) Lai–Massey scheme is not strong pseudorandom. Combined with previous work, we prove that three rounds are necessary and sufficient for the pseudorandomness and four rounds are necessary and sufficient for the strong pseudorandomness.

Maiara F. Bollauf,Hsuan-Yin Lin,Øyvind Ytrehus

2024-02-13

Abstract:Recently, a design criterion depending on a lattice's volume and theta series, called the secrecy gain, was proposed to quantify the secrecy-goodness of the applied lattice code for the Gaussian wiretap channel. To address the secrecy gain of Construction $\text{A}_4$ lattices from formally self-dual $\mathbb{Z}_4$-linear codes, i.e., codes for which the symmetrized weight enumerator (swe) coincides with the swe of its dual, we present new constructions of $\mathbb{Z}_4$-linear codes which are formally self-dual with respect to the swe. For even lengths, formally self-dual $\mathbb{Z}_4$-linear codes are constructed from nested binary codes and double circulant matrices. For odd lengths, a novel construction called odd extension from double circulant codes is proposed. Moreover, the concepts of Type I/II formally self-dual codes/unimodular lattices are introduced. Next, we derive the theta series of the formally unimodular lattices obtained by Construction $\text{A}_4$ from formally self-dual $\mathbb{Z}_4$-linear codes and describe a universal approach to determine their secrecy gains. The secrecy gain of Construction $\text{A}_4$ formally unimodular lattices obtained from formally self-dual $\mathbb{Z}_4$-linear codes is investigated, both for even and odd dimensions. Numerical evidence shows that for some parameters, Construction $\text{A}_4$ lattices can achieve a higher secrecy gain than the best-known formally unimodular lattices from the literature. Results concerning the flatness factor, another security criterion widely considered in the Gaussian wiretap channel, are also discussed.

Information Theory

Li-Ping Wang,Harald Niederreiter

DOI: https://doi.org/10.1016/j.ffa.2005.03.005

IF: 1.655

2006-01-01

Finite Fields and Their Applications

Abstract:Recent developments in stream ciphers point towards an interest in word-based or vectorized stream ciphers. Such stream ciphers suggest the study of the joint linear complexity of multisequences. In this paper, using the first author's multisequence linear feedback shift-register synthesis algorithm based on a lattice basis reduction algorithm in function fields, we present a method to determine the value of Nn(m)(L), the number of m-fold multisequences of length n over a finite field Fq with nth joint linear complexity L. Furthermore, a closed-form expression for Nn(m)(L) and formulas for the expected value of the joint linear complexity and its variance are given when m=2.

Chun Guo,Lei Wang,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-031-30634-1_14

2023-01-01

Abstract:Virtually all modern blockciphers are iterated. In this paper, we ask: to construct a secure iterated blockcipher “non-trivially”, how many calls to random functions and permutations are necessary? When security means indistinguishability from a random permutation, optimality is achieved by the Even-Mansour scheme using 1 call to a public permutation. We seek for the arguably strongest security indifferentiability from an ideal cipher, a notion introduced by Maurer et al. (TCC 2004) and popularized by Coron et al. (JoC, 2014). We provide the first generic negative result/lower bounds: when the key is not too short, no iterated blockcipher making 3 calls is (statistically) indifferentiable. This proves optimality for a 4-call positive result of Guo et al. (Eprint 2016). Furthermore, using 1 or 2 calls, even indifferentiable iterated blockciphers with polynomial $$\text {keyspace}$$ are impossible. To prove this, we develop an abstraction of idealized iterated blockciphers and establish various basic properties, and apply Extremal Graph Theory results to prove the existence of certain (generalized) non-random properties such as the boomerang and yoyo.

Bang-Zhu Shen,Mao-Sheng Li

2024-06-17

Abstract:Quantum nonlocality is a significant feature in quantum information theory, prompting recent investigations into the potential reuse of post-measurement states to uncover nonlocality among sequentially measuring observers. While prior studies primarily focused on bipartite or tripartite systems and observers with one chain, such as multiple Bobs with a single Alice or multiple Charlies with a single Alice and Bob, our work extends beyond this framework. We explore sequential nonlocality in systems comprising more parties and observer chains. Our findings reveal that in $n$-partite systems, regardless of whether it is a single-chain or double-chain scenario, there exist unbounded sequential observers capable of detecting nonlocality through violations of the Mermin inequality. In contrast to the conjecture that sequential Bell nonlocality cannot manifest with multiple Alices and Bobs in bipartite systems (i.e., the double-chain setting)[Phys. Rev. A 104, L060201 (2021)], our results suggest that increasing the number of subsystems may enable more observer chains to detect nonlocality alongside single observers. Our study advances research on sequential nonlocality, providing valuable insights into its detection across diverse scenarios.

Quantum Physics

Kaifeng Xiao,Xinjian Chen,Hongbo Li,Jianye Huang,Willy Susilo,Qiong Huang

DOI: https://doi.org/10.1016/j.ins.2023.120015

IF: 8.1

2023-01-01

Information Sciences

Abstract:In hospital information systems, large volumes of electronic diagnostic records (EDRs) take up most of the storage space. While cloud server providers can reduce the local storage burden on hospitals and provide data-sharing services, the potential threat of sensitive data leakage and non-traceability of diagnoses prevents hospitals from uploading patients' diagnostic records to remote cloud servers directly. Therefore, to address security and traceability issues, we propose a new construction of post-quantum secure signcryption scheme with a designated equality test based on lattices (LB-SCDET) in this paper. Our LB-SCDET scheme allows a designated tester to perform equality tests on signcrypt-ciphertexts of EDRs without leaking what the EDRs actually are. Compared to the recent LB-SCET scheme proposed by Le et al., our LB-SCDET scheme implements a designated mechanism and is secure against offline message recovery attacks (OMRA). The comparison shows that our scheme enjoys a higher level of security, albeit the ciphertext size is slightly larger. Finally, we prove the scheme to be secure under the hardness of the Learning-with-Errors problem and unidirectionality of the Short-Integer-Solution problem. To be of independent interest, we show that the LB-SCET scheme fails to achieve the claimed IND-CCA security.

Florian J. Curchod,Mafalda L. Almeida,Antonio Acín

DOI: https://doi.org/10.1088/1367-2630/aaff2d

2018-08-31

Abstract:Local measurements acting on entangled quantum states give rise to a rich correlation structure in the multipartite scenario. We introduce a versatile technique to build families of Bell inequalities witnessing different notions of multipartite nonlocality for any number of parties. The idea behind our method is simple: a known Bell inequality satisfying certain constraints, for example the Clauser-Horne-Shimony-Holt inequality, serves as the $seed$ to build new families of inequalities for more parties. The constructed inequalities have a clear operational meaning, capturing an essential feature of multipartite correlations: their violation implies that numerous subgroups of parties violate the inequality chosen as seed. The more multipartite nonlocal the correlations, the more subgroups can violate the seed. We illustrate our construction using different seeds and designing Bell inequalities to detect $m$-way nonlocal multipartite correlations, in particular, $genuine$ $multipartite$ $nonlocal$ correlations -- the strongest notion of multipartite nonlocality. For one of our inequalities we prove analytically that a large class of pure states that are genuine multipartite entangled exhibit genuine multipartite nonlocality for any number of parties, even for some states that are almost product. We also provide numerical evidence that this family is violated by all genuine multipartite entangled pure states of three and four qubits. Our results make us conjecture that this family of Bell inequalities can be used to prove the equivalence between genuine multipartite pure-state entanglement and nonlocality for any number of parties.

Quantum Physics

Minglei Liu,Ce Zhu

DOI: https://doi.org/10.1109/TSP.2009.2016873

IF: 4.875

2009-01-01

IEEE Transactions on Signal Processing

Abstract:In this paper, we investigate the design of symmetric entropy-constrained multiple description lattice vector quantization (MDLVQ), more specifically, MDLVQ index assignment. We consider a fine lattice containing clean similar sublattices with S-similarity. Due to the S-similarity of the sublattices, an M-fraction lattice can be used to regularly partition the fine lattice with smaller Voronoi cells than a sublattice does. With the partition, the MDLVQ index assignment design can be translated into a transportation problem in operations research. Both greedy and general algorithms are developed to pursue optimality of the index assignment. Under high-resolution assumption, we compare the proposed schemes with other relevant techniques in terms of optimality and complexity. Following our index assignment design, we also obtain an asymptotical close-form expression of k-description side distortion. Simulation results on coding different sources of Gaussian, speech and image are presented to validate the effectiveness of the proposed schemes.

John Baldwin,James Freitag,Scott Mutchnik

2024-10-03

Abstract:We introduce some properties describing dependence in indiscernible sequences: $F_{ind}$ and its dual $F_{Mb}$, the definable Morley property, and $n$-resolvability. Applying these properties, we establish the following results: We show that the degree of nonminimality introduced by Freitag and Moosa, which is closely related to $F_{ind}$ (equal in $\mathrm{DCF}_{0}$), may take on any positive integer value in an $\omega$-stable theory, answering a question of Freitag, Jaoui, and Moosa. Proving a conjecture of Koponen, we show that every simple theory with quantifier elimination in a finite relational language has finite rank and is one-based. The arguments closely rely on finding types $q$ with $F_{Mb}(q) = \infty$, and on $n$-resolvability. We prove some variants of the simple Kim-forking conjecture, a generalization of the stable forking conjecture to $\mathrm{NSOP}_{1}$ theories. We show a global analogue of the simple Kim-forking conjecture with infinitely many variables holds in every $\mathrm{NSOP}_{1}$ theory, and show that Kim-forking with a realization of a type $p$ with $\mathrm{F}_{Mb}(p) < \infty$ satisfies a finite-variable version of this result. We then show, in a low $\mathrm{NSOP}_{1}$ theory or when $p$ is isolated, if $p \in S(C)$ has the definable Morley property for Kim-independence, Kim-forking with realizations of $p$ gives a nontrivial instance of the simple Kim-forking conjecture itself. In particular, when $F_{Mb}(p) < \infty$ and $|S^{F_{Mb}(p) + 1}(C)| < \infty$, Kim-forking with realizations of $p$ gives us a nontrivial instance of the simple Kim-forking conjecture. We show that the quantity $F_{Mb}$, motivated in simple and $\mathrm{NSOP}_{1}$ theories by the above results, is in fact nontrivial even in stable theories.

Logic

Bao-Hong Li,Hongping Zhao,Jiacheng Li

DOI: https://doi.org/10.1145/3424978.3425018

2020-01-01

Abstract:We present a lattice-based concurrent signature construction as a post-quantum solution to fair exchange of digital signatures. Our construction has the following two desirable features: (1) it is adaptively secure in the standard model, that is, its security does not rely on the random oracle assumption, and (2) it achieves anonymity, a stronger security notion than ambiguity. That is, before the release of the keystone, from a third party's point of view, a signature in our construction could be generated by anyone, not just limited to two parties involved in the exchange. We obtain these results by applying a novel idea to the lattice-based signatures due to Boyen.

Qi Cheng,Jun Zhang,Jincheng Zhuang

DOI: https://doi.org/10.1007/s10623-021-00973-6

2021-11-24

Abstract:The Learning-With-Errors (LWE) problem (and its variants including Ring-LWE and Module-LWE), whose security are based on hard ideal lattice problems, has proven to be a promising primitive with diverse applications in cryptography. For the sake of expanding sources for constructing LWE, we study the LWE problem on group rings in this work. One can regard the Ring-LWE on cyclotomic integers as a special case when the underlying group is cyclic, while our proposal utilizes non-commutative groups. In particular, we show how to build public key encryption schemes from dihedral group rings, while maintaining the efficiency of the Ring-LWE. We prove that the PKC system is semantically secure, by providing a reduction from the SIVP problem of group ring ideal lattice to the decisional group ring LWE problem. It turns out that irreducible representations of groups play important roles here. We believe that the introduction of the representation view point enriches the tool set for studying the Ring-LWE problem.

Momeng Liu,Yupu Hu,Qiqi Lai,Shanshan Zhang,Huiwen Jia,Wen Gao,Baocang Wang

DOI: https://doi.org/10.1049/2024/5513292

2024-02-15

IET Information Security

Abstract:Universal composability (UC) is a primary security flavor for designing oblivious transfer (OT) due to its advantage of arbitrary composition. However, the study of UC-secure OT over lattices is still far behind compared with constructions over prequantum assumptions. Relying on the learning with errors (LWE) assumption, Quach proposes a dual-mode encryption scheme (SCN’20) for deriving a two-round OT whose security is provably UC-secure in the common reference string (CRS) model. Due to its use of a randomized rounding function proposed by Benhamouda et al. (PKC’18), this OT can only be limited to transmitting single-bit messages. Therefore, conducting trivial repetitions of Quach’s OT when transmitting multibit strings would be very costly. In this work, we put forward a modified dual-mode encryption cryptosystem under the decisional LWE assumption, from which we can derive a UC-secure string OT with both full-fledged dual-mode security and better efficiency on transmitting strings. The key technique we adopt is a key reconciliation scheme proposed by Jiang et al. (PKC’20), which is utilized to extend the single-bit symmetric encryption key (produced by the aforementioned rounding function) to a multibit case. Through a comprehensive performance analysis, we demonstrate that our proposal can indeed strike a balance between security and efficiency.

computer science, information systems, theory & methods