scispace - formally typeset
Search or ask a question
Author

Kirill Morozov

Other affiliations: CINVESTAV, Aarhus University, Kyushu University  ...read more
Bio: Kirill Morozov is an academic researcher from University of North Texas. The author has contributed to research in topics: McEliece cryptosystem & Secret sharing. The author has an hindex of 13, co-authored 63 publications receiving 671 citations. Previous affiliations of Kirill Morozov include CINVESTAV & Aarhus University.


Papers
More filters
Journal ArticleDOI
TL;DR: It is formally proved that padding the plaintext with a random bit-string provides the semantic security against chosen plaintext attack (IND-CPA) for the McEliece (and its dual, the Niederreiter) cryptosystems under the standard assumptions.
Abstract: In this paper, we formally prove that padding the plaintext with a random bit-string provides the semantic security against chosen plaintext attack (IND-CPA) for the McEliece (and its dual, the Niederreiter) cryptosystems under the standard assumptions. Such padding has recently been used by Suzuki, Kobara and Imai in the context of RFID security. Our proof relies on the technical result by Katz and Shin from Eurocrypt '05 showing "pseudorandomness" implied by the learning parity with noise (LPN) problem. We do not need the random oracles as opposed to the known generic constructions which, on the other hand, provide a stronger protection as compared to our scheme--against (adaptive) chosen ciphertext attack, i.e., IND-CCA(2). In order to show that the padded version of the cryptosystem remains practical, we provide some estimates for suitable key sizes together with corresponding workload required for successful attack.

124 citations

Book ChapterDOI
08 Sep 2004
TL;DR: If noise—which is inherently present in any physical communication channel—is taken into account, then OT can be realized in an unconditionally secure way for both parties, i.e., even against dishonest players with unlimited computing power.
Abstract: Oblivious transfer (OT) is a cryptographic primitive of central importance, in particular in two- and multi-party computation. There exist various protocols for different variants of OT, but any such realization from scratch can be broken in principle by at least one of the two involved parties if she has sufficient computing power—and the same even holds when the parties are connected by a quantum channel. We show that, on the other hand, if noise—which is inherently present in any physical communication channel—is taken into account, then OT can be realized in an unconditionally secure way for both parties, i.e., even against dishonest players with unlimited computing power. We give the exact condition under which a general noisy channel allows for realizing OT and show that only “trivial” channels, for which OT is obviously impossible to achieve, have to be excluded. Moreover, our realization of OT is efficient: For a security parameter α > 0—an upper bound on the probability that the protocol fails in any way—the required number of uses of the noisy channel is of order O(log(1/ α)2+e) for any e > 0.

113 citations

Proceedings ArticleDOI
01 Oct 2018
TL;DR: Tests showed that the proposed application was successful in addressing the drawbacks of current auction marketplaces, and showed that selling on the application is cheaper than existing online options as well as existing in-person options.
Abstract: Modern centralized online marketplaces such as eBay offer an alternative option for consumers to both sell and purchase goods with relative ease. However, drawbacks to these marketplaces include the platform's ability to block merchants at their own whim, the fees paid to the platform when listing a product and when selling a product, and the lack of privacy of users' data. In this paper, we propose an application that remedies all three of these drawbacks through use of the Ethereum blockchain platform. The application was developed using the Truffle development framework. The application's functions were contained within an Ethereum smart contract, which was then migrated to the Ethereum network. The user's input was read through a web interface and sent to the Ethereum network via the web3.js API. Statistics about the application were gathered on the Rinkeby test network. The application was shown to have an average transaction runtime of 3.8 seconds, and an average gas consumption of 4.6 wei. Contract creation times for the application were shown to be less than a second. A cost analysis of the application was then conducted. The gas consumption of the transactions needed to both buy and sell a product was converted into US dollars, and the gas cost of the application was then compared to the cost to use an online auction marketplace such as eBay as well as an in-person auction house such as Sotheby's. The results showed that selling on the application is cheaper than existing online options as well as existing in-person options. These tests showed that our application was successful in addressing the drawbacks of current auction marketplaces.

69 citations

Book ChapterDOI
19 Feb 2004
TL;DR: It is proved in this paper that any OT protocol that can be constructed based on a PassiveUNC and is secure against a passive adversary can be transformed using a generic “compiler” into an OT protocolbased on a UNC which is secureagainst an active adversary.
Abstract: In a paper from EuroCrypt’99, Damgard, Kilian and Salvail show various positive and negative results on constructing Bit Commitment (BC) and Oblivious Transfer (OT) from Unfair Noisy Channels (UNC), i.e., binary symmetric channels where the error rate is only known to be in a certain interval [γ..δ] and can be chosen adversarily. They also introduce a related primitive called PassiveUNC. We prove in this paper that any OT protocol that can be constructed based on a PassiveUNC and is secure against a passive adversary can be transformed using a generic “compiler” into an OT protocol based on a UNC which is secure against an active adversary. Apart from making positive results easier to prove in general, this also allows correcting a problem in the EuroCrypt’99 paper: There, a positive result was claimed on constructing from UNC an OT that is secure against active cheating. We point out that the proof sketch given for this was incomplete, and we show that a correct proof of a much stronger result follows from our general compilation result and a new technique for transforming between weaker versions of OT with different parameters.

64 citations

Proceedings ArticleDOI
09 Jul 2006
TL;DR: The OT capacity of the erasure channel is computed for the case of honest-but-curious players and, for the fully malicious players, its lower bound is given.
Abstract: One of the most important primitives in two-party distrustful cryptography is oblivious transfer, a complete primitive for two-party computation. Recently introduced, the oblivious transfer capacity of a noisy channel measures an efficiency of information theoretical reductions from 1-out-of-k, l-string oblivious transfer to noisy channels. It is defined as the maximal achievable ratio l/n, where l is the length of the strings which are to be transferred and n is the number of times the noisy channel is invoked. This quantity is unknown in a general case. For discrete memoryless channels, it is known to be non-negligible for honest-but-curious players, but the non-zero rates have not ever been proved achievable in the case of malicious players. Here, we show that in the particular case of the erasure channel, more precise answers can be obtained. We compute the OT capacity of the erasure channel for the case of honest-but-curious players and, for the fully malicious players, we give its lower bound

45 citations


Cited by
More filters
01 Apr 1997
TL;DR: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity.
Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

2,188 citations

Book ChapterDOI
04 Oct 2019
TL;DR: Permission to copy without fee all or part of this material is granted provided that the copies arc not made or distributed for direct commercial advantage.
Abstract: Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.

1,962 citations

Posted Content
TL;DR: A new protocol for non-relativistic strong coin tossing is introduced, which matches the security of the best protocol known to date while using a conceptually different approach to achieve the task.
Abstract: After a general introduction, the thesis is divided into four parts. In the first, we discuss the task of coin tossing, principally in order to highlight the effect different physical theories have on security in a straightforward manner, but, also, to introduce a new protocol for non-relativistic strong coin tossing. This protocol matches the security of the best protocol known to date while using a conceptually different approach to achieve the task. In the second part variable bias coin tossing is introduced. This is a variant of coin tossing in which one party secretly chooses one of two biased coins to toss. It is shown that this can be achieved with unconditional security for a specified range of biases, and with cheat-evident security for any bias. We also discuss two further protocols which are conjectured to be unconditionally secure for any bias. The third section looks at other two-party secure computations for which, prior to our work, protocols and no-go theorems were unknown. We introduce a general model for such computations, and show that, within this model, a wide range of functions are impossible to compute securely. We give explicit cheating attacks for such functions. In the final chapter we discuss the task of expanding a private random string, while dropping the usual assumption that the protocol's user trusts her devices. Instead we assume that all quantum devices are supplied by an arbitrarily malicious adversary. We give two protocols that we conjecture securely perform this task. The first allows a private random string to be expanded by a finite amount, while the second generates an arbitrarily large expansion of such a string.

368 citations

BookDOI
01 Jan 2014
TL;DR: This paper shows the first explicit algorithm which can construct strongly k-secure network coding schemes, and it runs in polynomial time for fixed k.
Abstract: We say that a network coding scheme is strongly 1-secure if a source node s can multicast n field elements {m1, · · · ,mn} to a set of sink nodes {t1, · · · , tq} in such a way that any single edge leaks no information on any S ⊂ {m1, · · · ,mn} with |S| = n − 1, where n = mintimax-flow(s, ti) is the maximum transmission capacity. We also say that a strongly h-secure network coding scheme is strongly (h + 1)secure if any h + 1 edges leak no information on any S ⊂ {m1, · · · ,mn} with |S| = n − (h + 1). In this paper, we show the first explicit algorithm which can construct strongly k-secure network coding schemes. In particular, it runs in polynomial time for fixed k.

263 citations

Book
01 Jan 2011
TL;DR: This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011, and contains 31 papers, presented together with 2 invited talks.
Abstract: This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011. The 31 papers, presented together with 2 invited talks, were carefully reviewed and selected from 167 submissions. The papers are organized in topical sections on lattice-base cryptography, implementation and side channels, homomorphic cryptography, signature schemes, information-theoretic cryptography, symmetric key cryptography, attacks and algorithms, secure computation, composability, key dependent message security, and public key encryption.

238 citations