Security and Cryptography for Networks
13th International Conference, SCN 2022, Amalfi (SA), Italy, September 12-14, 2022, Proceedings
Published on 5. September 2022
XXI, 786 pages
978-3-031-14791-3 (ISBN)
Description
This book constitutes the proceedings of the 13th International Conference on Security and Cryptography for Networks, SCN 2022, held in Amalfi, Italy, in September 2022.
The 33 full papers presented in this volume were carefully reviewed and selected from 101 submissions. They are organized in topical sections: Ciphers, Cryptanalysis, Defenses; Public Key Encryption; Authentication and Signatures, Multiparty Computation; Zero-Knowledge Proofs and Applications.
More details
Series
Edition
1st ed. 2022
Language
English
Place of publication
Cham
Switzerland
Publishing group
Springer International Publishing
Product notice
Reflowable
Illustrations
XXI, 786 p. 166 illus., 55 illus. in color.
File size
23,37 MB
ISBN-13
978-3-031-14791-3 (9783031147913)
DOI
10.1007/978-3-031-14791-3
Schweitzer Classification
Other editions
Additional editions
Clemente Galdi | Stanislaw Jarecki
Security and Cryptography for Networks
13th International Conference, SCN 2022, Amalfi (SA), Italy, September 12-14, 2022, Proceedings
Book
08/2022
Springer
€117.69
Shipment within 15-20 days
Content
- Intro
- Preface
- Organization
- Invited Talks
- How to Do Cryptography Even When Cryptography Doesn't Exist
- From Galactic PCP Theory to Scaling Blockchains with ZK-STARKs
- Contents
- Ciphers, Cryptanalysis, Defenses
- Decoding McEliece with a Hint - Secret Goppa Key Parts Reveal Everything
- 1 Introduction
- 2 Preliminaries
- 3 Some Parts of a Secret Goppa Key Reveal Everything
- 3.1 Key Recovery from ALL Goppa Points
- 3.2 Goppa Polynomial Recovery from only tm+1 Goppa Points
- 3.3 Reconstruction of the Remaining Goppa Points
- 3.4 Full Key Recovery from tm+1 Goppa Points
- 4 Correcting Faulty Goppa Points
- References
- Cost-Asymmetric Memory Hard Password Hashing
- 1 Introduction
- 1.1 Our Contributions
- 1.2 Related Work
- 2 Background and Notations
- 3 Defender's Model
- 4 Attacker's Model
- 4.1 Assumptions of Economics Analysis
- 4.2 Cracking Process
- 4.3 Attacker's Utility
- 4.4 Stackelberg Game
- 5 Computing the Attacker's Optimal Strategy
- 5.1 Marginal Utility
- 5.2 A Superset of the Optimal Checking Sequence
- 5.3 Extension by Concatenation
- 5.4 Local Search in Two Directions
- 5.5 Optimality Test and Globally Optimal Checking Sequence
- 6 Defender's Optimal Strategy
- 7 Experiments
- 7.1 Experiment Setup
- 7.2 Experiment Analysis and Discussion
- 8 Conclusion
- References
- .26em plus .1em minus .1emMemory-Hard Puzzles in the Standard Model with Applications to Memory-Hard Functions and Resource-Bounded Locally Decodable Codes
- 1 Introduction
- 1.1 Our Results
- 1.2 Prior Work
- 2 Technical Overview
- 2.1 Memory-Hard Languages
- 2.2 Memory-Hard Puzzles
- 2.3 Memory-Hard Functions from Memory-Hard Puzzles
- 2.4 Resource-Bounded LDCs from Cryptographic Puzzles
- References
- RAMus- A New Lightweight Block Cipher for RAM Encryption
- 1 Introduction
- 2 Preliminaries
- 3 The 2S-Strategy
- 3.1 Notations
- 3.2 The Round Function
- 4 The Description of RAMus
- 5 Design Rationale
- 6 Security Analysis of RAMus
- 6.1 Theoretical Proven Bound
- 6.2 SAT-Based Analysis
- 6.3 The Security of RAMus Against Integral Cryptanalysis and the Division Property Attacks
- 7 Performance
- References
- Higher-Order Masked Saber
- 1 Introduction
- 2 Preliminaries
- 2.1 Notation
- 2.2 Saber
- 2.3 uSaber
- 2.4 Fujisaki-Okamoto Transformation
- 2.5 Higher-Order Masking
- 3 Masking Saber
- 3.1 Arithmetic Operations
- 3.2 Compression
- 3.3 Masked Hashing
- 3.4 Masked Centered Binomial Sampler
- 3.5 Masked Comparison
- 4 Masking uSaber
- 5 Performance Evaluation
- 5.1 Performance Analysis of Comparison Algorithms for Saber
- 5.2 Performance Analysis for Masked Saber Decapsulation
- 5.3 Performance Analysis for Masked uSaber Decapsulation
- 5.4 Comparison with State-of-the-Art
- 6 Conclusions
- References
- Approximate Distance-Comparison-Preserving Symmetric Encryption
- 1 Introduction
- 1.1 Background and Motivation
- 1.2 Our Results
- 1.3 Discussion
- 1.4 Further Related Work
- 2 Preliminaries
- 3 Approximate Distance-Comparison-Preserving Functions and Their Properties
- 3.1 Notions Considered
- 3.2 Accuracy of Nearest Neighbors for -DCP Functions
- 3.3 Impossibility of Ideal Security
- 4 The Scale-and-Perturb (SAP) Scheme
- 4.1 Our Core -DCPE Scheme
- 4.2 Two Preprocessing Algorithms
- 5 Real-or-Replaced Indistinguishability for Neighboring Datasets
- 5.1 -RoR Security Bounds
- 6 Security Against Approximate Frequency-Finding Attacks
- 6.1 Window One-Wayness Security Notion
- 6.2 One-Wayness Bounds
- 6.3 Security Against Freq-Find Adversaries
- 7 Bit Security
- References
- Public Key Encryption
- Key-Policy ABE with Switchable Attributes
- 1 Introduction
- 1.1 Related Work
- 1.2 Contributions
- 2 Preliminaries
- 2.1 Dual Pairing Vector Spaces
- 2.2 Change of Basis
- 2.3 Particular Changes
- 3 Key-Policy ABE with Switchable Attributes
- 3.1 Policy Definition
- 3.2 Labeling of Access-Trees
- 3.3 Switchable Leaves and Attributes
- 3.4 Key-Policy Attribute-Based Encapsulation with Switchable Attributes
- 3.5 Security Notions
- 4 Our SA-KP-ABE Scheme
- 4.1 Description of Our KP-ABE with Switchable Attributes
- 4.2 Del-IND-Security of Our SA-KP-ABE for Encaps
- 4.3 Del-IND-Security of Our SA-KP-ABE for Encaps*
- 4.4 Distinct Indistinguishability Properties
- 4.5 Attribute-Indistinguishability
- 5 Application to Tracing
- 6 Conclusion
- References
- Mix-Nets from Re-randomizable and Replayable CCA-Secure Public-Key Encryption
- 1 Introduction
- 1.1 Our Contribution
- 1.2 Related Work
- 2 Preliminaries
- 3 Definitions
- 4 Mix-Net
- 5 A Concrete Mix-Net Protocol from RCCA-PKE
- 5.1 Split PKE
- 5.2 A Protocol for Verify-then-Decrypt for Verifiable Split PKE
- 5.3 Our Concrete Verifiable Split PKE
- 5.4 Putting All Together
- References
- New and Improved Constructions for Partially Equivocable Public Key Encryption
- 1 Introduction
- 1.1 Our Contributions
- 1.2 Technical Overview
- 2 Preliminaries
- 2.1 Reminders on Standard Assumptions
- 2.2 Non-Committing Encryption
- 3 PEPE Constructions
- 3.1 PEPE from LWE
- 3.2 PEPE from DDH
- 3.3 PEPE from Subgroup Decision
- References
- On Access Control Encryption Without Sanitization
- 1 Introduction
- 2 Our Results
- 2.1 Modeling ACE Without Sanitization
- 2.2 Instantiating ACEnoS and VACE
- 2.3 Concurrent Work
- 2.4 Future Directions
- 3 Access Control Encryption Without Sanitization
- 4 Linear ACE Without Sanitizer from PKE
- 5 Compact ACE from Hybrid Encryption
- 6 Game-Specific Obfuscation
- 7 ACE with Ciphertext Verifiability
- 7.1 Ciphertext Verifiability
- 7.2 VACE from Game Specific Obfuscation
- 7.3 No Secret Write Rule of VACE
- References
- Watermarkable Public Key Encryption with Efficient Extraction Under Standard Assumptions
- 1 Introduction
- 1.1 Our Contribution
- 1.2 Technical Overview of Our Construction
- 1.3 Relations to Prior Work
- 2 Preliminaries
- 3 Watermarkable Public Key Encryption
- 4 Our Watermarkable PKE Scheme
- 5 Security Analysis
- 5.1 Encryption Correctness and IND-CPA Security
- 5.2 Extraction Correctness
- 5.3 Proving Unremovability and Unforgeability Properties
- References
- Authentication and Signatures
- A Provably Secure, Lightweight Protocol for Anonymous Authentication
- 1 Introduction
- 1.1 Our Contributions
- 1.2 Outline of the Paper
- 2 Model and Definitions
- 2.1 Preliminaries
- 2.2 Desynchronization Resilience
- 2.3 Mutual Authentication
- 2.4 Tag Anonymity
- 3 Protocol Description
- 4 Proofs of Security
- 4.1 Mutual Authentication
- 4.2 Desynchronization Resilience
- 4.3 Tag Anonymity
- References
- Anonymous Authenticated Communication
- 1 Introduction
- 1.1 Background and Motivation
- 1.2 Related Work
- 1.3 Contributions
- 1.4 Outline
- 2 Preliminaries
- 2.1 Notation
- 2.2 Constructive Cryptography
- 2.3 Anonymous and Authentic Resources
- 3 Achieving Anonymous Authenticity
- 3.1 Game-Based Security of Bilateral Signatures
- 3.2 Composable Security of Bilateral Signatures
- 4 Achieving De-anonymizable Authenticity
- 4.1 Game-Based Security of Partial Signatures
- 4.2 Composable Security of Partial Signatures
- 5 Achieving Receiver-Side Anonymous Authenticity
- 5.1 Game-Based Security of Ring Signatures
- 5.2 Composable Security of Ring Signatures
- 6 Concluding Remarks and Future Work
- References
- Credential Transparency System
- 1 Introduction
- 1.1 Definitional Framework for Diverse Credential Systems
- 2 Credential Transparency System (CTS)
- 2.1 Security Properties
- 3 CTS Construction
- 3.1 Overview of Our Construction
- 3.2 Construction Description
- 3.3 Simulation Algorithms
- 4 Security Proof
- 4.1 Intuition for the Proof of Soundness
- 4.2 Intuition for the Proof of Privacy
- References
- Cumulatively All-Lossy-But-One Trapdoor Functions from Standard Assumptions
- 1 Introduction
- 1.1 Our Contributions
- 1.2 Technical Overview
- 1.3 Related Work
- 2 Background
- 2.1 Cumulatively All-Lossy-But-One Trapdoor Functions
- 2.2 Lattices
- 2.3 Composite Residuosity
- 3 Cumulatively All-Lossy-But-One Trapdoor Functions
- 3.1 Relaxed CALBO-TDFs from LWE
- 3.2 CALBO-TDFs from DCR
- References
- On the Related-Key Attack Security of Authenticated Encryption Schemes
- 1 Introduction
- 1.1 Our Contribution
- 1.2 Related Work
- 2 Preliminaries
- 2.1 Notation
- 2.2 Primitives
- 2.3 Security Notions Against Related-Key Attacks
- 3 RKA Security Notions for Nonce-Based AEAD
- 3.1 Nonce Selection
- 3.2 RKA-Security Notions for AEAD Schemes
- 3.3 RKA-Security Against Nonce Misuse
- 3.4 RKA-Security Notions for Encryption
- 4 RKA Security of the N1, N2, and N3 Constructions
- 4.1 N1 - Instantiation of Encrypt-and-MAC
- 4.2 N2 - Instantiation of Encrypt-then-MAC
- 4.3 N3 - Instantiation of MAC-then-Encrypt
- 5 RKA Nonce-Misuse-Resistant AEAD
- References
- The State of the Union: Union-Only Signatures for Data Aggregation
- 1 Introduction
- 2 Syntax
- 3 Security Definitions
- 3.1 Notation
- 3.2 Unforgeability
- 3.3 History Hiding
- 4 A UOS Scheme
- 4.1 Initial Construction
- 4.2 Secure Variant from Groups of Unknown Order
- 4.3 Secure Variant from Lattices
- 4.4 Security Analysis
- 5 Performance
- 6 Conclusion
- References
- Traceable Constant-Size Multi-authority Credentials
- 1 Introduction
- 1.1 Our Contributions
- 1.2 Related Work
- 1.3 Comparison of Different ABC Systems
- 2 Preliminaries
- 3 Multi-authority Anonymous Credentials
- 3.1 Definition
- 3.2 Security Model
- 4 Anonymous Credentials from New Primitives
- 4.1 Anonymous Ephemeral Identities
- 4.2 Tag-Based Signatures
- 4.3 Anonymous Credential from EphemerId and RT-Sign
- 5 Constructions
- 5.1 Aggregate Signatures with Randomizable Tags
- 5.2 Constructions
- 6 Traceable Anonymous Credentials
- 6.1 Traceable EphemerId
- 6.2 Traceable Anonymous Credentials
- References
- Multiparty Computation
- 3-Party Distributed ORAM from Oblivious Set Membership
- 1 Introduction
- 2 Prior Work
- 3 Preliminaries
- 4 SISO-PRPs
- 5 Construction Overview
- 6 Set Membership
- 7 3-Party Oblivious Set Membership Protocol
- 7.1 3 Party Oblivious Set Membership for Small n
- 8 (3, 1)-Secure Oblivious Hash Table
- 9 Hierarchical ORAM
- References
- Finding One Common Item, Privately
- 1 Introduction
- 1.1 Related Work
- 1.2 Our Results
- 2 Preliminaries
- 2.1 Decisional Diffie-Hellman Assumption
- 2.2 Secure Two-Party Computation
- 2.3 Symmetric-Key Encryption
- 2.4 Order-Revealing Encryption
- 3 Finding a Random Item of the Intersection
- 3.1 Warmup: Cardinality-Only Protocol and Blind Exponentiation
- 3.2 Choosing a Random Item
- 4 Finding the Best Item According to a Unilateral Rank
- 4.1 Intersection Protocol
- 5 Finding the Best Item According to a Combined Score
- 5.1 2-Blind Exponentiation
- 5.2 Intersection Protocol
- References
- mrNISC from LWE with Polynomial Modulus
- 1 Introduction
- 1.1 Our Contribution
- 1.2 Technical Overview
- 2 Preliminaries
- 2.1 Learning with Errors
- 2.2 (Leveled) Fully Homomorphic Encryption
- 2.3 Multiparty Reusable Non-interactive Secure Computation
- 3 Our Transformation
- 3.1 Putting Everything Together
- References
- On Sufficient Oracles for Secure Computation with Identifiable Abort
- 1 Introduction
- 1.1 Our Contribution
- 1.2 Subsequent Work
- 1.3 Technical Overview
- 1.4 Notation
- 2 Secure Multiparty Computation (MPC) Definitions
- 3 Unanimously Identifiable Secret Sharing with Public and Private Shares
- 4 Bootstrapping MPC with Identifiable Abort
- 4.1 Protocol
- 5 Building UISSwPPS
- 5.1 Building Blocks
- 5.2 Construction
- References
- Prio+: Privacy Preserving Aggregate Statistics via Boolean Shares
- 1 Introduction
- 2 Technical Overview
- 3 Preliminaries
- 4 Necessary Primitives
- 5 The Non-robust SUM Scheme
- 6 Protecting Correctness
- 7 Complex Statistics
- 8 Share Conversion
- 9 Security
- 10 Practical Evaluation
- 10.1 Data: SUM
- 10.2 Data: MAX
- 10.3 Data: linReg
- 10.4 Data: Offline Pre-computation
- 11 Conclusions and Future Work
- References
- Scooby: Improved Multi-party Homomorphic Secret Sharing Based on FHE
- 1 Introduction
- 1.1 Our Contribution
- 2 Preliminaries
- 2.1 Homomorphic Secret Sharing
- 2.2 Spooky Encryption
- 3 Homomorphic Encryption with Decryption to Shares (HEDS)
- 3.1 Multi-input HSS from HEDS Encryption
- 4 Linear-Decryption Based FHE
- 4.1 Two-Party Distributed Decryption: Type lsb
- 5 Scooby: Multi-party HEDS from LD-Based FHE
- 5.1 HEDS Key Generation
- 5.2 Security Assumption
- 5.3 From 2-party to n-party HEDS
- 5.4 BGV Parameters Supporting Scooby
- 6 Multi-party HEDS from Weaker Assumptions
- 6.1 Scrappy: HEDS from Standard FHE + HSS for NC1
- 6.2 Shaggy: Bootstrapping HEDS to More Parties
- References
- Streaming and Unbalanced PSI from Function Secret Sharing
- 1 Introduction
- 1.1 Our Contribution
- 1.2 Notation and PSI Models
- 1.3 Outline
- 2 Background
- 2.1 Private Set Intersection
- 2.2 Function Secret Sharing
- 3 Baseline Solution
- 3.1 The One-Shot Case
- 3.2 Baseline Streaming Unbalanced PSI
- 4 Unbalanced PSI-WCA with Greedy Scheduling
- 4.1 Overview
- 4.2 The Greedy Scheduling Approach
- 4.3 Protocol Description
- 4.4 Queueing One-Shot PSI Protocol
- 5 Analyzing Expected Wait Times Under Greedy Scheduling
- 5.1 Streaming and Bucketing
- 5.2 Setting
- 5.3 Results
- 6 Implementation and Benchmarks
- References
- Zero-Knowledge Proofs and Applications
- Black-Box Anonymous Commit-and-Prove
- 1 Introduction
- 1.1 Our Contribution
- 2 Our Techniques
- 3 Definitions
- 3.1 Partially Openable Commitment Scheme
- 3.2 Linkable Anonymous Commit-and-Prove System
- 4 Ingredients
- 4.1 Ingredient 1. Partially Openable Commitment Scheme
- 4.2 Ingredient 2. MPC-in-the-Head for or Relation
- 5 Black-Box Anonymous Commit-and-Prove
- 6 A Concrete Instantiation for Proof of Equality: RORequal
- 6.1 Security Proof
- References
- Efficient Proof of RAM Programs from Any Public-Coin Zero-Knowledge System
- 1 Introduction
- 1.1 Contribution
- 1.2 Additional Related Work
- 1.3 Technical Overview
- 2 Preliminaries
- 2.1 MPC-in-the-Head
- 2.2 RAM-Based Computation
- 3 Arithmetic Circuit for ZK Verification of Array Access
- 3.1 Constant Overhead Equality Check
- 3.2 Permutation Check
- 3.3 Amortized Constant Overhead Bound Test
- 3.4 Putting Everything Together
- 4 Zero-Knowledge Proof of Array Access
- 4.1 FZKin and FZKArray Functionalities
- 4.2 ZKArray Protocol
- 4.3 Realizing FZK-RAM
- 5 Realizing FZKin with Limbo
- 6 Implementation Results
- 6.1 Performance
- References
- Inner Product Functional Commitments with Constant-Size Public Parameters and Openings
- 1 Introduction
- 1.1 Our Contributions
- 1.2 Other Related Work
- 2 Preliminaries
- 2.1 Functional Commitments
- 2.2 Groups of Unknown Order
- 2.3 Arguments of Knowledge
- 2.4 Succinct Proofs of Exponentiation
- 3 Our Functional Commitment for Binary Inner Products
- 3.1 Functional VCs for Binary Linear Functions from Range Proofs
- 3.2 Security
- 3.3 Instantiation
- 3.4 Efficiency
- 4 Our FC for Inner Products over the Integers
- 4.1 Our Lifting to FC for Integer Inner Products with Logarithmic-Size Openings
- 4.2 Our Lifting to FC for Integer Inner Products with Constant-Size Openings
- 5 Our FC for Inner Products Mod p
- References
- MyOPE: Malicious SecuritY for Oblivious Polynomial Evaluation
- 1 Introduction
- 1.1 Oblivious Polynomial Evaluation
- 1.2 Inner-Product Arguments over Rings
- 1.3 Related Work
- 1.4 Our Contribution
- 1.5 Technical Overview
- 2 Preliminaries
- 2.1 MyOPE: Verifiable OPE
- 2.2 Building Blocks
- 2.3 Secure Encoding Schemes
- 3 Verifiable Commitments
- 4 Inner Product Arguments
- 4.1 Description of Our Ring-IPA
- 4.2 Inner Product Arguments with Privacy
- 4.3 Verifiability of the Committed Ciphertext
- 5 Verifiable OPE with Privacy
- 5.1 Complete Protocol
- 5.2 Security Remarks
- 5.3 FHE Security Analysis
- 5.4 Succinctness
- References
- NIWI and New Notions of Extraction for Algebraic Languages
- 1 Introduction
- 1.1 Our Contributions
- 1.2 Technical Overview
- 2 Preliminaries
- 2.1 Bilinear Groups
- 2.2 Algebraic Languages
- 2.3 Non-interactive Zero-knowledge Arguments
- 2.4 From -protocols to NIZKs
- 2.5 Cryptographic Assumptions
- 3 NIWI Proof in the Plain Model
- 4 Partial Extractability for the CH Framework
- 4.1 Strong f-extractability
- 5 Full Extractability for the CH Framework
- 5.1 Semantic Extractor
- 5.2 Impossibility of Semantic Knowledge Soundness for CH-NIZK
- References
- Succinct Attribute-Based Signatures for Bounded-Size Circuits by Combining Algebraic and Arithmetic Proofs
- 1 Introduction
- 1.1 Our Contribution
- 1.2 Difficulty and Our Technique
- 1.3 Related Work
- 2 Preliminary
- 3 Constrained SNARKs
- 3.1 Technical Overview
- 3.2 Syntax and Security Definitions of Constrained SNARKs
- 3.3 Constrained SNARKs for QAPs and Prefix Constraints
- 3.4 Security
- 4 Succinct Attribute-Based Signatures for Bounded-Size Circuits
- 4.1 Construction
- 4.2 Security
- 4.3 Instantiation
- References
- What Makes Fiat-Shamir zkSNARKs (Updatable SRS) Simulation Extractable?
- 1 Introduction
- 1.1 Our Contributions
- 1.2 Technical Overview
- 1.3 Related Work
- 2 Definitions and Lemmas for Multi-message SRS-Based Protocols
- 2.1 Updatable SRS Setup Ceremonies
- 2.2 Multi-message Fiat-Shamir Compiled Provers and Verifiers
- 2.3 Trapdoor-Less Zero-Knowledge (TLZK)
- 2.4 Updatable Simulation Extractability (USE)
- 2.5 Unique Response (UR) Protocols
- 2.6 Rewinding-Based Knowledge Soundness (RBKS)
- 3 Simulation Extractability-The General Result
- 4 Concrete SNARKs Preliminaries
- 4.1 Algebraic Group Model
- 4.2 Dlog Assumptions in Standard and Updatable Setting
- 5 Non-malleability of Plonk
- 5.1 Plonk Protocol Description
- 5.2 Simulation Extractability of Plonk
- References
- Zero-Knowledge for Homomorphic Key-Value Commitments with Applications to Privacy-Preserving Ledgers
- 1 Introduction
- 1.1 Applications of Our Work
- 1.2 Technical Overview
- 1.3 Related Work
- 2 Notation and Preliminaries
- 3 Key-Value Commitments
- 3.1 Construction
- 4 Arguments on Key-Value Commitments (Doubly-Private Setting)
- 4.1 Arguments for Circuits over Committed Key-Value Maps
- 4.2 Construction with Intermediate Key-Tags
- 4.3 How to Instantiate the Subprotocols in 5283361En33FiglPrint.eps
- 5 Improvements in Practice: Offline/Online Stages
- 6 Experimental Evaluation
- 7 Application: Multi-type QuisQuis
- 7.1 Multi-type QuisQuis: Syntax
- 7.2 Construction
- References
- Author Index
