Topics in Cryptology -- CT-RSA 2011
The Cryptographers' Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011, Proceedings
Published on 4. February 2011
XIII, 417 pages
978-3-642-19074-2 (ISBN)
Description
This book constitutes the refereed proceedings of the Cryptographers' Track at the RSA Conference 2011, CT-RSA 2011, held in San Francisco, CA, USA, in February 2011.
The 24 revised full papers presented together with 1 invited lecture were carefully reviewed and selected from 79 submissions. The papers are organized in topical sections on secure two-party computation, cryptographic primitives, side channel attacks, authenticated key agreement, proofs of security, block ciphers, security notions, public-key encryption, crypto tools and parameters, and digital signatures.
The 24 revised full papers presented together with 1 invited lecture were carefully reviewed and selected from 79 submissions. The papers are organized in topical sections on secure two-party computation, cryptographic primitives, side channel attacks, authenticated key agreement, proofs of security, block ciphers, security notions, public-key encryption, crypto tools and parameters, and digital signatures.
More details
Other editions
Additional editions
Aggelos Kiayias
Topics in Cryptology -- CT-RSA 2011
The Cryptographers' Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011, Proceedings
Book
01/2011
1st Edition
Springer
€53.49
Shipment within 5-7 days
Content
- Title Page
- Preface
- Organization
- Table of Contents
- Secure Two-Party Computation
- Secure Set Intersection with Untrusted Hardware Tokens
- Introduction
- Related Work
- Preliminaries
- The Setting for Token-Based Set Intersection Protocols
- Security Models
- Both Parties Trust Token [1]
- Only Issuer Trusts Token: Privacy of B's Input
- Only Issuer Trusts Token: Correctness of B's Output
- Only One Token Trusted: Privacy of A's Input
- References
- Efficient Secure Two-Party Exponentiation
- Introduction
- Our Framework
- Implementation Using Homomorphic Encryption
- Implementation Using Oblivious Transfer
- Conclusion and Future Directions
- References
- Cryptographic Primitives
- A General, Flexible and Efficient Proof of Inclusion and Exclusion
- Introduction
- Security Requirements and the Existing Solutions
- New Inclusion Proof and Exclusion Proof
- Reducing Inclusion Proof and Exclusion Proof to Simpler Proofs
- Specification of the Two Simpler Proofs
- Security Analysis
- Efficiency Optimisation
- Comparison and Conclusion
- References
- Non-interactive Confirmer Signatures
- Introduction
- Undeniable Signatures and Confirmer Signatures
- (Universal) Designated-Verifier Signatures
- Related Work
- Our Contribution
- Non-interactive Model for Confirmer Signatures
- Notations
- Framework
- Security Requirements
- Preliminaries
- Number Theoretic Assumptions
- Cryptographic Building Blocks
- Our Construction
- High Level Idea
- Instantiation
- Discussion
- Concluding Remarks
- References
- Communication-Efficient 2-Round Group Key Establishment from Pairings
- Introduction
- Technical Preliminaries
- Security Model and Security Goals
- Common Reference String
- Bilinear Diffie-Hellman Assumption
- A Pairing-Based Group Key Establishment
- Description of the Protocol
- Security Analysis
- Making Use of a Random Oracle
- Conclusion
- References
- Side Channel Attacks
- Defeating RSA Multiply-Always and Message Blinding Countermeasures
- Introduction
- RSA
- Side Channel Attacks on RSA
- Countermeasures
- Multiply-Always Cross Correlation
- Operation Correlation
- Application to RSA Simulation
- Experimental Results
- Compressing Visually Identifiable Operations
- Compressing Hidden Operations
- Bounded Pattern Matching
- Key Retrieval
- Conclusion
- References
- Cryptanalysis of CLEFIA Using Differential Methods with Cache Trace Patterns
- Introduction
- The CLEFIA Block Cipher
- Differential Cache-Trace Attacks
- Adapting the Differential Cache-Trace Attack to CLEFIA
- Differential Properties of CLEFIA's F Functions
- Determining RK0 and RK1
- Determining WK0RK2 and WK1RK3
- Determining RK4 and RK5
- Determining RK2 and RK3
- Experimental Results
- Extracting Cache Trace Patterns from Power Profiles
- Countermeasures against Cache Attacks
- Cache Attack Countermeasure for CLEFIA
- Conclusion
- References
- Improving Differential Power Analysis by Elastic Alignment
- Introduction
- Dynamic Time Warping
- Elastic Alignment Using FastDTW
- Experiments
- Conclusions
- References
- DTW Calculation Example
- Invited Talk
- NSA's Role in the Development of DES
- Authenticated Key Agreement
- Designing Efficient Authenticated Key Exchange Resilient to Leakage of Ephemeral Secret Keys
- Introduction
- eCK-Security Model
- Proposed AKE Protocol
- Admissible Polynomials
- Proposed AKE Protocol
- Security
- Comparison
- Conclusion
- References
- Proof of Theorem 1
- Event E1 M*
- Event E2 M*
- Event E3 M*
- Event E4 M*
- Event E5 M*
- Event E6 M*
- Other Cases
- Contributory Password-Authenticated Group Key Exchange with Join Capability
- Introduction
- UC Two-Party PAKE
- UC Group PAKE
- Scheme
- Merging Two Groups
- Implementation Considerations
- References
- Proofs of Security
- Ideal Key Derivation and Encryption in Simulation-Based Security
- Introduction
- Simulation-Based Security
- The General Computational Model
- Notions of Simulation-Based Security
- Composition Theorems
- Our Crypto Functionality
- The Ideal Crypto Functionality
- Realizing the Ideal Crypto Functionality
- Applications to Key Exchange and Secure Channels
- A Criterion for Universally Composable Key Exchange
- Applications to Secure Channels
- Security Analysis of IEEE 802.11i
- The 4-Way Handshake Protocol
- The CCM Protocol
- Related Work
- References
- Beyond Provable Security Verifiable IND-CCA Security of OAEP
- Introduction
- A Primer on Formal Proofs
- The Statement
- The Proof
- Perspectives
- Related Work
- Conclusion
- References
- (Second) Preimage Attacks on Step-Reduced RIPEMD/RIPEMD-128 with a New Local-Collision Approach
- Introduction
- Specifications and Related Works
- RIPEMD Hash Function
- RIPEMD-128 Hash Function
- Meet-in-the-Middle Preimage Attack Framework
- Revisit Sasaki et al.'s Meet-in-the-Middle Preimage Attack Strategies on Double-Branch Hash Functions SA09
- New Observations
- Relax Restriction I: One-Message-Word Local Collision in a Single Branch
- Relax Restriction II: One-Message-Word Local Collisions Spanning the Two Branches
- Our Attack Strategy
- Our Attacks on 47-Step RIPEMD
- The Details of LC1
- The Details of LC2
- Our Pseudo-preimage Attack Procedure
- Complexity Evaluation
- Impact on 47-Step RIPEMD Hash Function
- Our Attacks on Intermediate 36-Step RIPEMD-128
- Conclusion
- References
- Parameters of RIPEMD-128
- MJH: A Faster Alternative to MDC-2
- Introduction
- Preliminaries
- The MJH Hash Functions and Their Security
- The MJH Construction
- Query-Response Cycles and a Modified Adversary
- Graph Representation of the Adversary's Endeavors
- Main Handle and Intuition
- Formal Collision Resistance Proof
- Bounding Small Components
- Decomposing a Collision
- Putting the Pieces Together
- References
- Proof of Lemma 2
- Upper Bounding Pr[D]
- Towards Better Bounds
- Block Ciphers
- Online Ciphers from Tweakable Blockciphers
- Introduction
- Preliminaries
- Online Ciphers Achieving CPA-Security
- Online Ciphers Achieving CCA-Security
- Online Ciphers for Arbitrary-Length Strings
- Instantiating the Schemes
- References
- Meet-in-the-Middle Attacks on Reduced-Round XTEA
- Introduction
- Notation and Conventions
- Description of XTEA
- Motivational Observation
- Attacks on 15 Rounds of XTEA
- Attacks on 23 Rounds of XTEA
- Conclusions and Open Problems
- References
- Countermeasures
- Illustration of the Attack on Rounds 16-38
- Randomness of the Inner-Round Subkeys in the 15-Round Attacks
- Security Notions
- Expedient Non-malleability Notions for Hash Functions
- Introduction
- Preliminary Definitions
- Defining Non-malleability
- Simulation-Based Non-malleability
- Game-Based Non-malleability
- Relations between Simulation-Based and -Non-malleability
- Constructions
- Application
- References
- Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols
- Introduction
- Contributions and Outline
- Related Work
- Weaknesses in Existing Definitions
- Strong Client Puzzles
- Client Puzzles
- Strong Puzzle Difficulty
- A Strongly-Difficult Interactive Client Puzzle Based on Hash Functions
- Hashcash Is a Strongly-Difficult Non-interactive Client Puzzle
- Denial-of-Service Resistance of Protocols
- Building DoS-Resistant Protocols from Client Puzzles
- Conclusion
- References
- Public-Key Encryption
- On Shortening Ciphertexts: New Constructionsfor Compact Public Key and Stateful Encryption Schemes
- Introduction
- Preliminaries
- Our Compact Public Key Encryption Scheme
- Our Compact Stateful Public Key Encryption Scheme
- Comparisons
- Conclusion
- References
- Proof of Theorem 2
- Better Key Sizes (and Attacks) for LWE-Based Encryption
- Introduction
- Our Contributions
- Related Work
- Preliminaries
- LWE-Based Encryption
- Lattice Decoding Attacks
- Basis Reduction and Experiments
- Basis Reduction for q-ary Lattices
- Extrapolating BKZ Runtimes
- Cryptosystem Parameters
- References
- Crypto Tools and Parameters
- Binary Huff Curves
- Introduction
- Binary Huff Curves
- Unified Point Addition
- Differential Point Addition
- Generalized Binary Huff Curves
- Conclusion
- References
- A Variant of the F4 Algorithm
- Introduction
- The F4 Variant
- Description of the Algorithm
- Additional Features
- Analysis of the Algorithm and Complexity
- Similar Systems
- Change of Characteristic
- Precomputation Correctness
- Complexity
- Applications
- Index Calculus
- Hybrid Approach
- MinRank
- Katsura Benchmarks
- Conclusion
- References
- Pseudo-code
- The Precomputation
- F4Remake
- Attribute-Based Signatures
- Introduction
- Preliminaries
- Groups with Bilinear Pairings
- Monotone Span Programs
- Non-interactive Proofs
- Attribute-Based Signatures: Definitions and Security
- Constructing ABS Schemes
- Credential Bundles
- A Framework for ABS
- Practical Instantiation 1
- Practical Instantiation 2
- Practical Instantiation 3
- Multiple Attribute-Authorities
- Applications
- References
- Digital Signatures
- Sub-linear Size Traceable Ring Signatures without Random Oracles
- Introduction
- Traceable Ring Signatures
- Related Work
- Our Results
- Definitions: Traceable Ring Signatures
- (Sender-Anonymous) Bulletin Board Model
- Preliminaries
- NIWI Proofs
- The First Proposal
- The Full-Fledged Scheme
- The Second Proposal
- Conclusions
- References
- Security Requirements of Traceable Ring Signature
- Sub-linear Size NIWI proof for L1L
- NIWI Protocol Such That Same I Is Used in Two NIWI Proofs for L(1,l)
- Note: Insider Attacks on Linkable Ring Signature
- Author Index
