Showing papers in "Cryptography and Communications in 2018"
TL;DR: Several classes of binary linear codes with two or three weights are presented andumerical results show that some of the obtained codes are either optimal or near optimal with respect to certain bounds on linear codes.
Abstract: Linear codes with few weights have applications in secret sharing, authentication codes, association schemes, date storage systems, strongly regular graphs and some other fields. In this paper, we present several classes of binary linear codes with two or three weights and study their weight distributions. Two classes of strongly regular graphs are constructed from binary linear codes with two weights. Numerical results show that some of the obtained codes are either optimal or near optimal with respect to certain bounds on linear codes.
45 citations
TL;DR: A complete table for the exact values of LD (n, k) for 1 ≤ k ≤ n ≤ 12 is obtained and bounds on the dimensions of LCD codes with fixed lengths and minimum distances are derived.
Abstract: A linear code with a complementary dual (or An LCD code) is defined to be a linear code C whose dual code C
⊥ satisfies C ∩ C
⊥= $\left \{ \mathbf {0}\right \} $
. Let L
D (n, k) denote the maximum of possible values of d among [n, k, d] binary LCD codes. We give the exact values of L
D (n, k) for k = 2 for all n and some bounds on L
D (n, k) for other cases. From our results and some direct search we obtain a complete table for the exact values of L
D (n, k) for 1 ≤ k ≤ n ≤ 12. As a consequence, we also derive bounds on the dimensions of LCD codes with fixed lengths and minimum distances.
42 citations
TL;DR: In this article, it was suggested to use the inherent unpredictability of blockchains as a source of public randomness, which has been used in lotteries and has been suggested for a number of other applications ranging from smart contracts to election auditing.
Abstract: Trustworthy generation of public random numbers is necessary for the security of a number of cryptographic applications. It was suggested to use the inherent unpredictability of blockchains as a source of public randomness. Entropy from the Bitcoin blockchain in particular has been used in lotteries and has been suggested for a number of other applications ranging from smart contracts to election auditing. In this Arcticle, we analyse this idea and show how an adversary could manipulate these random numbers, even with limited computational power and financial budget.
35 citations
TL;DR: This paper mainly utilizes classical Hermitian self-orthogonal generalized Reed-Solomon codes to construct five new classes of quantum MDS codes with large minimum distance.
Abstract: Quantum maximum-distance-separable (MDS) codes are a significant class of quantum codes. In this paper, we mainly utilize classical Hermitian self-orthogonal generalized Reed-Solomon codes to construct five new classes of quantum MDS codes with large minimum distance.
35 citations
TL;DR: Fifteen new classes of permutation polynomials of the form cx+Trql/q(xa) are presented over finite fields with even characteristic, which explain most of the examples with q = 2k, k > 1, kl < 14 and c∈Fql∗$c\in \mathbb {F}_{q^{l}}^{*}$.
Abstract: Permutation polynomials over finite fields constitute an active research area and have applications in many areas of science and engineering. Particularly, permutation polynomials with few terms are more popular for their simple algebraic form and additional extraordinary properties. Very recently, G. Kyureghyan and M.E. Zieve (2016) studied permutation polynomials over Fqn$\mathbb {F}_{q^{n}}$ of the form x+?Trqn/q(xk)$x+\gamma \text {Tr}_{q^{n}/q}(x^{k})$, where q is odd, and nine classes of permutation polynomials were constructed. In this paper, we present fifteen new classes of permutation polynomials of the form cx+Trql/q(xa)$cx+\text {Tr}_{q^{l}/ q}(x^{a})$ over finite fields with even characteristic, which explain most of the examples with q = 2k, k > 1, kl < 14 and c?Fql?$c\in \mathbb {F}_{q^{l}}^{*}$. Furthermore, we also construct four classes of permutation trinomials.
32 citations
TL;DR: This paper relates statistical properties of code-based countermeasures against side-channel attacks to their efficiency in terms of security, against uni- and multi-variate attacks.
Abstract: Naive implementation of block ciphers are subject to side-channel and fault injection attacks. To deceive side-channel attacks and to detect fault injection attacks, the designer inserts specially crafted error correcting codes in the implementation. The impact of codes on protection against fault injection attacks is well studied: the number of detected faults relates to their minimum distance. However, regarding side-channel attacks, the link between codes and protection efficiency is blurred. In this paper, we relate statistical properties of code-based countermeasures against side-channel attacks to their efficiency in terms of security, against uni- and multi-variate attacks.
28 citations
TL;DR: This paper provides generic distinguishers for Plantlet and Fruit with complexity significantly smaller than that of exhaustive key search, and proposes a new design idea for small-state stream ciphers, which might allow to finally achieve full security against TMD tradeoff attacks.
Abstract: Time-memory-data (TMD) tradeoff attacks limit the security level of many classical stream ciphers to the birthday bound. Very recently, a new field of research has emerged, which searches for so-called small-state stream ciphers that try to overcome this limitation. In this paper, existing designs and known analysis of small-state stream ciphers are revisited and new insights on distinguishers and key recovery are derived based on TMD tradeoff attacks. A particular result is the transfer of a generic distinguishing attack suggested in 2007 by Englund et al. to this new class of lightweight ciphers. Our analysis shows that the initial hope of achieving full security against TMD tradeoff attacks by continuously using the secret key has failed. In particular, we provide generic distinguishers for Plantlet and Fruit with complexity significantly smaller than that of exhaustive key search. However, by studying the assumptions underlying the applicability of these attacks, we are able to come up with a new design idea for small-state stream ciphers, which might allow to finally achieve full security against TMD tradeoff attacks. Another contribution of this paper is the first key recovery attack against the most recent version of Fruit. We show that there are at least 264 weak keys, each of which does not provide 80-bit security as promised by designers.
25 citations
TL;DR: The results show that the 2-adic complexity of this class of binary sequences with three-level autocorrelation is large enough to resist the attack of the rational approximation algorithm (RAA) for feedback with carry shift registers (FCSRs).
Abstract: Pseudo-random sequences with good statistical properties, such as low autocorrelation, high linear complexity and large 2-adic complexity, have been used in designing reliable stream ciphers. In this paper, we obtain the exact autocorrelation distribution of a class of binary sequences with three-level autocorrelation and analyze the 2-adic complexity of this class of sequences. Our results show that the 2-adic complexity of such a binary sequence with period N is at least (N + 1) − log2 (N + 1). We further show that it is maximal for infinitely many cases. This indicates that the 2-adic complexity of this class of sequences is large enough to resist the attack of the rational approximation algorithm (RAA) for feedback with carry shift registers (FCSRs).
23 citations
TL;DR: A message authentication scheme based on cryptographically secure cyclic redundancy check (CRC) that detects both random and malicious errors without increasing bandwidth, and uses random instead of irreducible generator polynomials.
Abstract: In this paper, we present a message authentication scheme based on cryptographically secure cyclic redundancy check (CRC). Similarly to previously proposed cryptographically secure CRCs, the presented one detects both random and malicious errors without increasing bandwidth. The main difference from previous approaches is that we use random instead of irreducible generator polynomials. This eliminates the need for irreducibility tests. We provide a detailed quantitative analysis of the achieved security as a function of message and CRC sizes. The results show that the presented scheme is particularly suitable for the authentication of short messages.
22 citations
TL;DR: The exact symbol-pair distance of all cyclic codes of such length is determined and it is shown that the minimum pair-distance of symbol- Pair codes of length pe over Fpm is zero.
Abstract: Symbol-pair codes are proposed to protect against pair errors in symbol-pair read channel. One main task in symbol-pair coding theory is to determine the minimum pair-distance of symbol-pair codes. In this paper, we investigate the symbol-pair distance of cyclic codes of length p
e
over $\phantom {\dot {i}\!}\mathbb {F}_{p^{m}}$
. The exact symbol-pair distance of all cyclic codes of such length is determined.
21 citations
TL;DR: A class of p-ary two-weight linear codes is constructed using a generic construction developed by Ding et al. recently, where p is a prime, and is shown to be optimal or almost optimal in the binary case.
Abstract: Linear codes with few weights have applications in data storage systems, secret sharing schemes, and authentication codes. In this paper, a class of p-ary two-weight linear codes is constructed using a generic construction developed by Ding et al. recently, where p is a prime. Their length and weight distribution are closed-form expressions of Kloosterman sums over prime finite fields, and are completely determined when p = 2 and p = 3. The dual of this class of linear codes is also studied and is shown to be optimal or almost optimal in the binary case.
TL;DR: In this paper, Zhou and Wornell proposed a homomorphic encryption scheme and analyzed its security against three attacks: chosen ciphertext key recovery, chosen plaintext decryption, and chosen cipher-text recovery attack.
Abstract: Homomorphic encryption allows to make specific operations on private data which stays encrypted. While applications such as cloud computing require to have a practical solution, the encryption scheme must be secure. In this article, we detail and analyze in-depth the homomorphic encryption scheme proposed by Zhou and Wornell (20). From the analysis of the encryption scheme, we are able to mount three attacks. The first attack enables to recover a secret plaintext message broadcasted to multiple users. The second attack performs a chosen ciphertext key recovery attack. The last attack is a related chosen plaintext decryption attack.
TL;DR: By using the Gray map, five classes of linear codes with two weights over the ring Fq+uFq are obtained and these linear codes are optimal with respect to the Griesmer bound.
Abstract: Linear codes with few weights have applications in secret sharing, authentication codes, association schemes, data storage systems, strongly regular graphs and some other fields. Two-weight linear codes are particularly interesting since they are closely related to finite geometry, combinatorial designs, graph theory. In this paper, we propose five classes of two-Lee-weight codes over the ring $\mathbb {F}_{q}+u\mathbb {F}_{q}$
. By the Gray map, we obtain five classes of linear codes with two weights over $\mathbb {F}_{q}$
and these linear codes are optimal with respect to the Griesmer bound. As applications, we can employ these linear codes to construct secret sharing schemes with nice access structures.
TL;DR: A multi-user security model for general aggregate signature schemes, in contrast to the original “chosen-key” security model of BGLS that is analogous to the single-user setting of a signature scheme is introduced.
Abstract: Traditional single-user security models do not necessarily capture the power of real-world attackers. A scheme that is secure in the single-user setting may not be as secure in the multi-user setting. Inspired by the recent analysis of Schnorr signatures in the multi-user setting, we analyse Boneh-Lynn-Shacham (BLS) signatures and Boneh-Gentry-Lynn-Shacham (BGLS) aggregate signatures in the multi-user setting. We obtain a tight reduction from the security of key-prefixed BLS in the multi-user model to normal BLS in the single-user model. We introduce a multi-user security model for general aggregate signature schemes, in contrast to the original “chosen-key” security model of BGLS that is analogous to the single-user setting of a signature scheme. We obtain a tight reduction from the security of multi-user key-prefixed BGLS to the security of multi-user key-prefixed BLS. Finally, we apply a technique of Katz and Wang to present a tight security reduction from a variant of multi-user key-prefixed BGLS to the computational co-Diffie-Hellman (co-CDH) problem. All of our results for BLS and BGLS use type III pairings.
TL;DR: The Lizard-construction is proposed and analyzed, a new way to build stream ciphers that has an inner state length of only 121 bits and surpasses Grain v1, the most hardware efficient member of the eSTREAM portfolio, in important metrics for lightweight cipher such as chip area and power consumption.
Abstract: Most stream ciphers are vulnerable against generic time-memory-data tradeoff (TMD-TO) attacks, which reduce their effective key length to the birthday bound $n/2$
, where n denotes the inner state length of the underlying keystream generator. This implies the necessity of a comparatively large inner state length for practical stream ciphers (e.g., $n = 288$
and $n = 160$
for the eSTREAM portfolio members Trivium and Grain v1, respectively). In this paper, we propose and analyze the Lizard-construction, a new way to build stream ciphers. We prove a tight $2n/3$
bound on its security against TMD-TO key recovery attacks, where the security lower bound refers to chosen-IV attacks. The security against TMD-TO distinguishing attacks remains at the birthday-bound level $n/2$
. The lower bound refers to a random oracle model which allows to derive formal security results w.r.t. generic TMD-TO attacks. While similar frameworks have already been widely used for analyzing the security of block cipher, MAC, and hash function constructions, to the best of our knowledge this is the first time that such a model is considered in the context of stream ciphers. The security analysis presented in this paper is also of immediate practical relevance as, with the stream cipher Lizard, a first instantiation of our new design principle (which we hence named Lizard-construction) was introduced at FSE 2017. Lizard has an inner state length of only 121 bits and surpasses Grain v1, the most hardware efficient member of the eSTREAM portfolio, in important metrics for lightweight ciphers such as chip area and power consumption.
TL;DR: In this article, two methods to construct quantum codes from matrix product codes are provided and applied to obtain numerous new quantum codes, some of them have better parameters than current quantum codes available.
Abstract: Quantum error-correcting codes are studied from classical matrix product codes point of view. Two methods to construct quantum codes from matrix product codes are provided. These constructions are applied to obtain numerous new quantum codes, some of them have better parameters than current quantum codes available.
TL;DR: A complete characterization of all good integers is given and the average dimension of the hulls of abelian codes is given together with some upper and lower bounds.
Abstract: A class of good integers has been introduced by P. Moree in 1997 together with the characterization of good odd integers. Such integers have shown to have nice number theoretical properties and wide applications. In this paper, a complete characterization of all good integers is given. Two subclasses of good integers are introduced, namely, oddly-good and evenly-good integers. The characterization and properties of good integers in these two subclasses are determined. As applications, good integers and oddly-good integers are applied in the study of the hulls of abelian codes. The average dimension of the hulls of abelian codes is given together with some upper and lower bounds.
TL;DR: A method to determine a state belonging to each cycle and a generic algorithm to find all conjugate pairs shared by any pair of cycles are given and an estimate of the number of resulting sequences is given.
Abstract: We study a class of Linear Feedback Shift Registers (LFSRs) with characteristic polynomial f(x) = p(x)q(x) where p(x) and q(x) are distinct irreducible polynomials in 𝔽2[x]. Important properties of the LFSRs, such as the cycle structure and the adjacency graph, are derived. A method to determine a state belonging to each cycle and a generic algorithm to find all conjugate pairs shared by any pair of cycles are given. The process explicitly determines the edges and their labels in the adjacency graph. The results are then combined with the cycle joining method to efficiently construct a new class of de Bruijn sequences. An estimate of the number of resulting sequences is given. In some cases, using cyclotomic numbers, we can determine the number exactly.
TL;DR: The “arbitrary degree” version of Karatsuba is re-visited and it is shown that the cost of this little-known variant has been over-estimated in the past.
Abstract: There are a variety of ways of applying the Karatsuba idea to multi-digit multiplication. These apply particularly well in the context where digits do not use the full word-length of the computer, so that partial products can be safely accumulated without fear of overflow. Here we re-visit the “arbitrary degree” version of Karatsuba and show that the cost of this little-known variant has been over-estimated in the past. We also attempt to definitively answer the question as to the cross-over point where Karatsuba performs better than the classic method.
TL;DR: This paper defines formally an extension of single server SSE to multiserver and instantiate provably secure schemes that provide the above feature, and studies leakages under the new setting of non-colluding and colluding servers.
Abstract: Searchable Symmetric Encryption (SSE) allows a user to store encrypted documents on server(s) and later efficiently searches these documents in a private manner. So far most existing works have focused on a single storage server. Therefore in this paper we consider the natural extension of SSE to multiple servers. We believe it is of practical interest, given that a user may choose to distribute documents to various cloud storage that are now readily available. The main benefit compared to a single server scheme is that a server can be set to hold only subset of encrypted documents/blocks. A server learns only content of documents/blocks that it stores in the event of successful leakage attack or ciphertext cryptanalysis, provided servers do not collude. We define formally an extension of single server SSE to multiserver and instantiate provably secure schemes that provide the above feature. Our main scheme hides total number of documents and document size even after retrieval, achieving less leakages compared to prior work, while maintaining sublinear search time for each server. We further study leakages under the new setting of non-colluding and colluding servers.
TL;DR: In this article, the authors revisited Dai et al.'s proof and found a non-trivial gap in the proof for two specific cases and state the general case as an assumption whose proof is essential for the completeness of the proof.
Abstract: Very recently (in CRYPTO 2017) Dai, Hoang, and Tessaro have introduced the Chi-square method (χ2 method) which can be applied to obtain an upper bound on the statistical distance between two joint probability distributions. The authors have applied this method to prove the pseudorandom function security (PRF-security) of sum of two random permutations. In this work, we revisit their proof and find a non-trivial gap in the proof. We plug this gap for two specific cases and state the general case as an assumption whose proof is essential for the completeness of the proof by Dai et al.. A complete, correct, and transparent proof of the full security of the sum of two random permutations construction is much desirable, especially due to its importance and two decades old legacy. The proposed χ2 method seems to have potential for application to similar problems, where a similar gap may creep into a proof. These considerations motivate us to communicate our observation in a formal way. On the positive side, we provide a very simple proof of the PRF-security of the truncated random permutation construction (a method to construct PRF from a random permutation) using the χ2 method. We note that a proof of the PRF-security due to Stam is already known for this construction in a purely statistical context. However, the use of the χ2 method makes the proof much simpler.
TL;DR: This work studies the pseudorandomness of automatic sequences in terms of well-distribution and correlation measure of order 2 and detects non-random behavior which can be derived from the functional equations satisfied by their generating functions or from their generating finite automatons.
Abstract: We study the pseudorandomness of automatic sequences in terms of well-distribution and correlation measure of order 2. We detect non-random behavior which can be derived either from the functional equations satisfied by their generating functions or from their generating finite automatons, respectively.
TL;DR: There are several approaches to construct cyclic codes over finite fields, including the generator matrix approach, the generator polynomial approach, and the generating idempotent approach.
Abstract: Due to their efficient encoding and decoding algorithms, cyclic codes, a subclass of linear codes, have applications in communication systems, consumer electronics, and data storage systems. There are several approaches to constructing all cyclic codes over finite fields, including the generator matrix approach, the generator polynomial approach, and the generating idempotent approach. Another one is a sequence approach, which has been intensively investigated in the past decade. The objective of this paper is to survey the progress in this direction in the past decade. Many open problems are also presented in this paper.
TL;DR: It is shown that when p = 3 or 5, f(x) is a permutation trinomial of Fq2 if and only if k is even and that for p = 5 the permutations trinomials proposed here are new in the sense that they are not multiplicative equivalent to previously known ones of similar form.
Abstract: Permutation polynomials over finite fields are an interesting subject due to their important applications in the areas of mathematics and engineering. In this paper, we investigate the trinomial f(x) = x
(p−1)q+1 + x
p
q
− x
q+(p−1) over the finite field $\mathbb {F}_{q^{2}}$
, where p is an odd prime and q = p
k
with k being a positive integer. It is shown that when p = 3 or 5, f(x) is a permutation trinomial of $\mathbb {F}_{q^{2}}$
if and only if k is even. This property is also true for a more general class of polynomials g(x) = x
(q+1)l+(p−1)q+1 + x
(q+1)l + p
q
− x
(q+1)l + q+(p−1), where l is a nonnegative integer and $\gcd (2l+p,q-1)=1$
. Moreover, we also show that for p = 5 the permutation trinomials f(x) proposed here are new in the sense that they are not multiplicative equivalent to previously known ones of similar form.
TL;DR: It is shown that MIA coincides with the maximum likelihood expression when leakage probabilities are replaced by online estimated probabilities, and that the calculation of MIA is lighter that the computation of themaximum likelihood.
Abstract: The best possible side-channel attack maximizes the success rate and would correspond to a maximum likelihood (ML) distinguisher if the leakage probabilities were totally known or accurately estimated in a profiling phase. When profiling is unavailable, however, it is not clear whether Mutual Information Analysis (MIA), Correlation Power Analysis (CPA), or Linear Regression Analysis (LRA) would be the most successful in a given scenario. In this paper, we show that MIA coincides with the maximum likelihood expression when leakage probabilities are replaced by online estimated probabilities. Moreover, we show that the calculation of MIA is lighter that the computation of the maximum likelihood. We then exhibit two case-studies where MIA outperforms CPA. One case is when the leakage model is known but the noise is not Gaussian. The second case is when the leakage model is partially unknown and the noise is Gaussian. In the latter scenario MIA is more efficient than LRA of any order.
TL;DR: This paper proposes a generic method to construct ZDB functions on generic algebraic rings and retrieves some existing Z DB functions in a much simpler way.
Abstract: Zero-difference balanced (ZDB) function plays an important role in communication field. In this paper, we propose a generic method to construct ZDB functions on generic algebraic rings. Using this method, we construct many new ZDB functions and retrieve some existing ZDB functions in a much simpler way. Moreover, new applications of the constructed ZDB functions, such as constructing optimal constant weight codes and optimal frequency-hopping sequences, are presented.
TL;DR: This work proposes POEx, a beyond-birthday-bound-secure on-line cipher which employs one call to a tweakable block cipher and onecall to a 2n-bit universal hash function per message block which builds upon the recently proposed XTX tweak extender by Iwata and Minematsu.
Abstract: On-line ciphers are convenient building blocks for realizing efficient single- pass encryption. In particular, the trend to limit the consequences of nonce reuses rendered them popular in recent authenticated encryption schemes. While encryption schemes, such as POE, COPE, or the ciphers within ElmE/ElmD concentrated on efficiency, their security guarantees and that of all earlier on-line ciphers is limited by the birthday bound, and so are those of the AE schemes built upon them. This work proposes POEx, a beyond-birthday-bound-secure on-line cipher which employs one call to a tweakable block cipher and one call to a 2n-bit universal hash function per message block. POEx builds upon the recently proposed XTX tweak extender by Iwata and Minematsu. We prove the security of our construction and discuss possible instantiations.
TL;DR: A 1–1 correspondence is proved between perfect sequences of length n over Q8 ∪ qQ8 with q = (1 + i + j + k)/2, and (4n, 2, 4 n, 2n)-relative difference sets in Cn × Q8 with forbidden subgroup C2; here Cm is a cyclic group of order m.
Abstract: Perfect sequences over general quaternions were introduced in 2009 by Kuznetsov. The existence of perfect sequences of increasing lengths over the basic quaternions Q
8 = {±1, ±i, ±j, ±k} was established in 2012 by Barrera Acevedo and Hall. The aim of this paper is to prove a 1–1 correspondence between perfect sequences of length n over Q
8 ∪ q
Q
8 with q = (1 + i + j + k)/2, and (4n, 2, 4n, 2n)-relative difference sets in C
n
× Q
8 with forbidden subgroup C
2; here C
m
is a cyclic group of order m. We show that if n = p
a
+ 1 for a prime p and integer a ≥ 0 with n ≡ 2 mod 4, then there exists a (4n, 2, 4n, 2n)-relative different set in C
n
× Q
8 with forbidden subgroup C
2. Lastly, we show that every perfect sequence of length n over Q
8 ∪ q Q
8 yields a Hadamard matrix of order 4n (and a quaternionic Hadamard matrix of order n over Q
8 ∪ q Q
8).
TL;DR: A set of matrices over a finite alphabet where all possible overlaps between any two matrices are forbidden is defined and the asymptotic cardinality of the set is analyzed according to the parameters related to the construction of the matrices.
Abstract: We define a set of matrices over a finite alphabet where all possible overlaps between any two matrices are forbidden. The set is also enumerated by providing some recurrences counting particular classes of restricted words. Moreover, we analyze the asymptotic cardinality of the set according to the parameters related to the construction of the matrices.
TL;DR: This paper proposes XTC which achieves OSPRP security of O(max(nσ2−n, σ22−(n + t))) where t is the tweak size and n is the block size and presents an impossibility result for t > n which can be of independent interest.
Abstract: Recently, Andreeva et al. showed that online ciphers are actually equivalent to arbitrary tweak length (ATL) tweakable block ciphers (TBCs). Within this result they gave a security preserving generic conversion from ATL TBCs to online ciphers. XTX by Minematsu and Iwata is a nice way of extending the tweak space of any fixed tweak length (FTL) TBC using a pAXU hash function. By combining the previous two methods one can get a FTL TBC based online cipher with security in the order of σ2e where σ is the total number of blocks in all queries, and e is the pAXU bound of the underlying hash function. In this paper we show that there are genuine practical issues which render it almost impossible to get full security using this approach. We then observe that a recent online enciphering scheme called POEx by Forler et al. is actually an implicit example of this approach. We show a flaw in the analysis of POEx which results in a birthday bound attack and invalidates the beyond-the-birthday bound OSPRP security claim. We take a slightly different approach then the one just mentioned and propose XTC which achieves OSPRP security of O(max(nσ2−n, σ22−(n + t))) where t is the tweak size and n is the block size. While doing so we present an impossibility result for t > n which can be of independent interest.