Subjects -> MATHEMATICS (Total: 1106 journals)
    - APPLIED MATHEMATICS (88 journals)
    - GEOMETRY AND TOPOLOGY (23 journals)
    - MATHEMATICS (815 journals)
    - MATHEMATICS (GENERAL) (45 journals)
    - NUMERICAL ANALYSIS (25 journals)

MATHEMATICS (815 journals)            First | 1 2 3 4 5     

Showing 401 - 538 of 538 Journals sorted alphabetically
Journal of Computational Physics     Hybrid Journal   (Followers: 70)
Journal of Computational Physics : X     Open Access   (Followers: 1)
Journal of Computer Engineering, System and Science (CESS)     Open Access  
Journal of Contemporary Mathematical Analysis     Hybrid Journal  
Journal of Cryptology     Hybrid Journal   (Followers: 3)
Journal of Difference Equations and Applications     Hybrid Journal  
Journal of Differential Equations     Full-text available via subscription   (Followers: 1)
Journal of Discrete Algorithms     Hybrid Journal   (Followers: 4)
Journal of Discrete Mathematics     Open Access   (Followers: 1)
Journal of Dynamics and Differential Equations     Hybrid Journal  
Journal of Engineering Mathematics     Hybrid Journal   (Followers: 2)
Journal of Evolution Equations     Hybrid Journal  
Journal of Experimental Algorithmics     Full-text available via subscription   (Followers: 1)
Journal of Flood Risk Management     Hybrid Journal   (Followers: 13)
Journal of Formalized Reasoning     Open Access   (Followers: 2)
Journal of Function Spaces     Open Access  
Journal of Functional Analysis     Full-text available via subscription   (Followers: 2)
Journal of Geochemical Exploration     Hybrid Journal   (Followers: 1)
Journal of Geological Research     Open Access   (Followers: 1)
Journal of Geovisualization and Spatial Analysis     Hybrid Journal  
Journal of Global Optimization     Hybrid Journal   (Followers: 7)
Journal of Global Research in Mathematical Archives     Open Access   (Followers: 1)
Journal of Group Theory     Hybrid Journal   (Followers: 2)
Journal of Homotopy and Related Structures     Hybrid Journal  
Journal of Honai Math     Open Access  
Journal of Humanistic Mathematics     Open Access   (Followers: 1)
Journal of Hyperbolic Differential Equations     Hybrid Journal  
Journal of Indian Council of Philosophical Research     Hybrid Journal  
Journal of Industrial Mathematics     Open Access   (Followers: 2)
Journal of Inequalities and Applications     Open Access  
Journal of Infrared, Millimeter and Terahertz Waves     Hybrid Journal   (Followers: 2)
Journal of Integrable Systems     Open Access   (Followers: 1)
Journal of K-Theory     Full-text available via subscription  
Journal of Knot Theory and Its Ramifications     Hybrid Journal   (Followers: 1)
Journal of Kufa for Mathematics and Computer     Open Access   (Followers: 1)
Journal of Liquid Chromatography & Related Technologies     Hybrid Journal   (Followers: 7)
Journal of Logical and Algebraic Methods in Programming     Hybrid Journal  
Journal of Manufacturing Systems     Full-text available via subscription   (Followers: 4)
Journal of Mathematical Analysis and Applications     Full-text available via subscription   (Followers: 4)
Journal of mathematical and computational science     Open Access   (Followers: 7)
Journal of Mathematical and Fundamental Sciences     Open Access  
Journal of Mathematical Behavior     Hybrid Journal   (Followers: 2)
Journal of Mathematical Chemistry     Hybrid Journal   (Followers: 3)
Journal of Mathematical Cryptology     Hybrid Journal   (Followers: 1)
Journal of Mathematical Extension     Open Access   (Followers: 3)
Journal of Mathematical Finance     Open Access   (Followers: 9)
Journal of Mathematical Imaging and Vision     Hybrid Journal   (Followers: 6)
Journal of Mathematical Logic     Hybrid Journal   (Followers: 3)
Journal of Mathematical Modelling and Algorithms     Hybrid Journal   (Followers: 1)
Journal of Mathematical Neuroscience     Open Access   (Followers: 10)
Journal of Mathematical Sciences     Hybrid Journal  
Journal of Mathematical Sciences and Applications     Open Access   (Followers: 2)
Journal of Mathematical Sociology     Hybrid Journal   (Followers: 3)
Journal of Mathematics     Open Access  
Journal of Mathematics and Statistics     Open Access   (Followers: 8)
Journal of Mathematics and the Arts     Hybrid Journal   (Followers: 2)
Journal of Mathematics Education at Teachers College     Open Access   (Followers: 2)
Journal of Mathematics in Industry     Open Access  
Journal of Mathematics Research     Open Access   (Followers: 6)
Journal of Metallurgy     Open Access   (Followers: 7)
Journal of Modern Mathematics Frontier     Open Access  
Journal of Multidisciplinary Modeling and Optimization     Open Access  
Journal of Multivariate Analysis     Hybrid Journal   (Followers: 13)
Journal of Natural Sciences and Mathematics Research     Open Access  
Journal of Nonlinear Analysis and Optimization : Theory & Applications     Open Access   (Followers: 4)
Journal of Nonlinear Mathematical Physics     Hybrid Journal   (Followers: 1)
Journal of Nonlinear Science     Hybrid Journal   (Followers: 1)
Journal of Numerical Cognition     Open Access  
Journal of Numerical Mathematics     Hybrid Journal   (Followers: 2)
Journal of Optimization     Open Access   (Followers: 4)
Journal of Peridynamics and Nonlocal Modeling     Hybrid Journal  
Journal of Problem Solving     Open Access   (Followers: 2)
Journal of Progressive Research in Mathematics     Open Access   (Followers: 1)
Journal of Pseudo-Differential Operators and Applications     Hybrid Journal  
Journal of Pure and Applied Algebra     Full-text available via subscription   (Followers: 4)
Journal of Quantitative Analysis in Sports     Hybrid Journal   (Followers: 8)
Journal of Quantitative Linguistics     Hybrid Journal   (Followers: 6)
Journal of Scientific Computing     Hybrid Journal   (Followers: 18)
Journal of Scientific Research     Open Access  
Journal of Symbolic Computation     Hybrid Journal   (Followers: 1)
Journal of the Australian Mathematical Society     Full-text available via subscription  
Journal of the Egyptian Mathematical Society     Open Access  
Journal of the European Mathematical Society     Full-text available via subscription   (Followers: 1)
Journal of the Indian Mathematical Society     Hybrid Journal   (Followers: 1)
Journal of the Institute of Mathematics of Jussieu     Hybrid Journal  
Journal of the London Mathematical Society     Hybrid Journal   (Followers: 2)
Journal of the Nigerian Mathematical Society     Open Access   (Followers: 1)
Journal of Theoretical and Applied Physics     Open Access   (Followers: 8)
Journal of Topology and Analysis     Hybrid Journal  
Journal of Transport and Supply Chain Management     Open Access   (Followers: 15)
Journal of Turbulence     Hybrid Journal   (Followers: 8)
Journal of Uncertainty Analysis and Applications     Open Access  
Journal of Universal Mathematics     Open Access  
Journal of Urban Regeneration & Renewal     Full-text available via subscription   (Followers: 11)
Journal of Water and Land Development     Open Access   (Followers: 3)
JRAMathEdu : Journal of Research and Advances in Mathematics Education     Open Access   (Followers: 4)
JUMLAHKU : Jurnal Matematika Ilmiah STKIP Muhammadiyah Kuningan     Open Access   (Followers: 4)
JURING (Journal for Research in Mathematics Learning)     Open Access   (Followers: 1)
Jurnal Ilmiah AdMathEdu     Open Access  
Jurnal Matematika     Open Access   (Followers: 1)
Jurnal Matematika Integratif     Open Access  
Jurnal Matematika, Sains, Dan Teknologi     Open Access  
Jurnal Natural     Open Access  
Jurnal Pendidikan Matematika Raflesia     Open Access  
Jurnal Penelitian Pembelajaran Matematika Sekolah     Open Access  
Jurnal Penelitian Sains (JPS)     Open Access  
Jurnal Riset Pendidikan Matematika     Open Access  
Jurnal Sains Matematika dan Statistika     Open Access  
Jurnal Tadris Matematika     Open Access  
Jurnal Teknologi dan Sistem Komputer     Open Access  
Kontinu : Jurnal Penelitian Didaktik Matematika     Open Access   (Followers: 3)
Kreano, Jurnal Matematika Kreatif-Inovatif     Open Access   (Followers: 5)
Le Matematiche     Open Access  
Learning and Teaching Mathematics     Full-text available via subscription   (Followers: 7)
Lettera Matematica     Hybrid Journal  
Lietuvos Matematikos Rinkinys     Open Access   (Followers: 3)
Limits : Journal of Mathematics and Its Applications     Open Access   (Followers: 1)
Linear Algebra and its Applications     Full-text available via subscription   (Followers: 22)
Linear and Multilinear Algebra     Hybrid Journal   (Followers: 8)
Lithuanian Mathematical Journal     Hybrid Journal  
LMS Journal of Computation and Mathematics     Free  
Lobachevskii Journal of Mathematics     Open Access  
Logic and Analysis     Hybrid Journal   (Followers: 1)
Logic Journal of the IGPL     Hybrid Journal   (Followers: 1)
Logica Universalis     Hybrid Journal  
manuscripta mathematica     Hybrid Journal  
MaPan : Jurnal Matematika dan Pembelajaran     Open Access  
Marine Genomics     Hybrid Journal   (Followers: 2)
Matemáticas, Educación y Sociedad     Open Access  
Matematicheskie Zametki     Full-text available via subscription  
Matematika     Open Access  
Matematychni Studii     Open Access  
Mathematica Eterna     Open Access  
Mathematica Scandinavica     Full-text available via subscription   (Followers: 1)
Mathematica Slovaca     Hybrid Journal   (Followers: 1)
Mathematical and Computational Forestry & Natural-Resource Sciences     Free  
Mathematical Communications     Open Access  
Mathematical Computation     Open Access   (Followers: 1)
Mathematical Geosciences     Hybrid Journal   (Followers: 3)
Mathematical Journal of Interdisciplinary Sciences     Open Access   (Followers: 1)
Mathematical Medicine and Biology: A Journal of the IMA     Hybrid Journal   (Followers: 1)
Mathematical Methods in the Applied Sciences     Hybrid Journal   (Followers: 4)
Mathematical Methods of Statistics     Hybrid Journal   (Followers: 4)
Mathematical Modelling and Analysis     Open Access   (Followers: 1)
Mathematical Modelling in Civil Engineering     Open Access   (Followers: 5)
Mathematical Modelling of Natural Phenomena     Full-text available via subscription   (Followers: 1)
Mathematical Models and Methods in Applied Sciences     Hybrid Journal   (Followers: 2)
Mathematical Models in Engineering     Open Access   (Followers: 6)
Mathematical Notes     Hybrid Journal  
Mathematical Proceedings of the Cambridge Philosophical Society     Full-text available via subscription   (Followers: 2)
Mathematical Programming Computation     Hybrid Journal   (Followers: 3)
Mathematical Sciences     Open Access  
Mathematical Social Sciences     Hybrid Journal   (Followers: 1)
Mathematical Theory and Modeling     Open Access   (Followers: 13)
Mathematical Thinking and Learning     Hybrid Journal   (Followers: 3)
Mathematics and Statistics     Open Access   (Followers: 5)
Mathematics Education Forum Chitwan     Open Access   (Followers: 1)
Mathematics Education Journal     Open Access   (Followers: 1)
Mathematics Education Research Journal     Partially Free   (Followers: 17)
Mathematics in Science and Engineering     Full-text available via subscription  
Mathematics of Control, Signals, and Systems (MCSS)     Hybrid Journal   (Followers: 5)
Mathematics of Quantum and Nano Technologies     Open Access  
Mathématiques et sciences humaines     Open Access   (Followers: 7)
Mathematische Annalen     Hybrid Journal   (Followers: 1)
Mathematische Nachrichten     Hybrid Journal   (Followers: 1)
Mathematische Semesterberichte     Hybrid Journal  
Mathematische Zeitschrift     Hybrid Journal   (Followers: 1)
MathLAB Journal     Open Access   (Followers: 4)
MATI : Mathematical Aspects of Topological Indeces     Open Access  
MATICS     Open Access   (Followers: 2)
Matrix Science Mathematic     Open Access   (Followers: 1)
Measurement Science Review     Open Access   (Followers: 3)
Mediterranean Journal of Mathematics     Hybrid Journal  
Memetic Computing     Hybrid Journal  
Mendel : Soft Computing Journal     Open Access  
Metaheuristics     Hybrid Journal  
Metals and Materials International     Hybrid Journal  
Metascience     Hybrid Journal   (Followers: 1)
Milan Journal of Mathematics     Hybrid Journal  
Mitteilungen der DMV     Hybrid Journal  
MLQ- Mathematical Logic Quarterly     Hybrid Journal   (Followers: 1)
MONA : Matematik- og Naturfagsdidaktik     Hybrid Journal   (Followers: 6)
Monatshefte fur Mathematik     Hybrid Journal  
Moroccan Journal of Pure and Applied Analysis     Open Access   (Followers: 4)
Moscow University Mathematics Bulletin     Hybrid Journal  
MSOR Connections     Open Access   (Followers: 1)
Multiscale Modeling and Simulation     Hybrid Journal   (Followers: 3)
MUST : Journal of Mathematics Education, Science and Technology     Open Access   (Followers: 1)
Nagoya Mathematical Journal     Hybrid Journal  
Nano Research     Hybrid Journal   (Followers: 4)
Nanotechnologies in Russia     Hybrid Journal   (Followers: 1)
Natural Resource Modeling     Hybrid Journal   (Followers: 1)
New Mathematics and Natural Computation     Hybrid Journal  
Nonlinear Analysis : Modelling and Control     Open Access   (Followers: 1)
Nonlinear Analysis : Theory, Methods & Applications     Hybrid Journal   (Followers: 1)
Nonlinear Analysis: Hybrid Systems     Hybrid Journal  
Nonlinear Analysis: Real World Applications     Hybrid Journal   (Followers: 2)
Nonlinear Differential Equations and Applications NoDEA     Hybrid Journal  
Nonlinear Engineering     Open Access  
Nonlinear Oscillations     Hybrid Journal   (Followers: 1)

  First | 1 2 3 4 5     

Similar Journals
Journal Cover
Journal of Cryptology
Journal Prestige (SJR): 0.347
Citation Impact (citeScore): 2
Number of Followers: 3  
  Hybrid Journal Hybrid journal (It can contain Open Access articles)
ISSN (Print) 1432-1378 - ISSN (Online) 0933-2790
Published by Springer-Verlag Homepage  [2626 journals]
  • A Formal Security Analysis of the Signal Messaging Protocol
    • Abstract: The Signal protocol is a cryptographic messaging protocol that provides end-to-end encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among many others, serving well over 1 billion active users. Signal includes several uncommon security properties (such as “future secrecy” or “post-compromise security”), enabled by a technique called ratcheting in which session keys are updated with every message sent. We conduct a formal security analysis of Signal’s initial extended triple Diffie–Hellman (X3DH) key agreement and Double Ratchet protocols as a multi-stage authenticated key exchange protocol. We extract from the implementation a formal description of the abstract protocol and define a security model which can capture the “ratcheting” key update structure as a multi-stage model where there can be a “tree” of stages, rather than just a sequence. We then prove the security of Signal’s key exchange core in our model, demonstrating several standard security properties. We have found no major flaws in the design and hope that our presentation and results can serve as a foundation for other analyses of this widely adopted protocol.
      PubDate: 2020-09-23
  • Tightly Secure Hierarchical Identity-Based Encryption
    • Abstract: Abstract We construct the first tightly secure hierarchical identity-based encryption (HIBE) scheme based on standard assumptions, which solves an open problem from Blazy, Kiltz, and Pan (CRYPTO 2014). At the core of our constructions is a novel randomization technique that enables us to randomize user secret keys for identities with flexible length. The security reductions of previous HIBEs lose at least a factor of Q, which is the number of user secret key queries. Different to that, the security loss of our schemes is only dependent on the security parameter. Our schemes are adaptively secure based on the Matrix Diffie-Hellman assumption, which is a generalization of standard Diffie-Hellman assumptions such as k-Linear. We have two tightly secure constructions, one with constant ciphertext size, and the other with tighter security at the cost of linear ciphertext size. Among other things, our schemes imply the first tightly secure identity-based signature scheme by a variant of the Naor transformation.
      PubDate: 2020-09-15
  • Efficient Verifiable Delay Functions
    • Abstract: Abstract We construct a verifiable delay function (VDF). A VDF is a function whose evaluation requires running a given number of sequential steps, yet the result can be efficiently verified. They have applications in decentralised systems, such as the generation of trustworthy public randomness in a trustless environment, or resource-efficient blockchains. To construct our VDF, we actually build a trapdoor VDF. A trapdoor VDF is essentially a VDF which can be evaluated efficiently by parties who know a secret (the trapdoor). By setting up this scheme in a way that the trapdoor is unknown (not even by the party running the setup, so that there is no need for a trusted setup environment), we obtain a simple VDF. Our construction is based on groups of unknown order such as an RSA group or the class group of an imaginary quadratic field. The output of our construction is very short (the result and the proof of correctness are each a single element of the group), and the verification of correctness is very efficient.
      PubDate: 2020-09-09
  • Non-malleable Encryption: Simpler, Shorter, Stronger
    • Abstract: Abstract One approach toward basing public-key encryption (PKE) schemes on weak and credible assumptions is to build “stronger” or more general schemes generically from “weaker” or more restricted ones. One particular line of work in this context was initiated by Myers and Shelat (FOCS ’09) and continued by Hohenberger, Lewko, and Waters (Eurocrypt ’12), who provide constructions of multi-bit CCA-secure PKE from single-bit CCA-secure PKE. It is well known that encrypting each bit of a plaintext string independently is not CCA-secure—the resulting scheme is malleable. We therefore investigate whether this malleability can be dealt with using the conceptually simple approach of applying a suitable non-malleable code (Dziembowski et al., ICS ’10) to the plaintext and subsequently encrypting the resulting codeword bit by bit. We find that an attacker’s ability to ask multiple decryption queries requires that the underlying code be continuously non-malleable (Faust et al., TCC ’14). Since, as we show, this flavor of non-malleability can only be achieved if the code is allowed to “self-destruct,” the resulting scheme inherits this property and therefore only achieves a weaker variant of CCA security. We formalize this new notion of so-called indistinguishability under self-destruct attacks (IND-SDA) as CCA security with the restriction that the decryption oracle stops working once the attacker submits an invalid ciphertext. We first show that the above approach based on non-malleable codes yields a solution to the problem of domain extension for IND-SDA-secure PKE, provided that the underlying code is continuously non-malleable against (a reduced form of) bit-wise tampering. Then, we prove that the code of Dziembowski et al. is actually already continuously non-malleable against bit-wise tampering. We further investigate the notion of security under self-destruct attacks and combine IND-SDA security with non-malleability under chosen-ciphertext attacks (NM-CPA) to obtain the strictly stronger notion of non-malleability under self-destruct attacks (NM-SDA). We show that NM-SDA security can be obtained from basic IND-CPA security by means of a black-box construction based on the seminal work by Choi et al. (TCC ’08). Finally, we provide a domain extension technique for building a multi-bit NM-SDA scheme from a single-bit NM-SDA scheme. To achieve this goal, we define and construct a novel type of continuous non-malleable code, called secret-state NMC, since, as we show, standard continuous NMCs are insufficient for the natural “encode-then-encrypt-bit-by-bit” approach to work.
      PubDate: 2020-08-04
  • PCPs and the Hardness of Generating Synthetic Data
    • Abstract: Abstract Assuming the existence of one-way functions, we show that there is no polynomial-time differentially private algorithm \({\mathcal {A}}\) that takes a database \(D\in (\{0,1\}^d)^n\) and outputs a “synthetic database” \({\hat{D}}\) all of whose two-way marginals are approximately equal to those of D. (A two-way marginal is the fraction of database rows \(x\in \{0,1\}^d\) with a given pair of values in a given pair of columns.) This answers a question of Barak et al. (PODS ‘07), who gave an algorithm running in time \(\mathrm {poly}(n,2^d)\) . Our proof combines a construction of hard-to-sanitize databases based on digital signatures (by Dwork et al., STOC ‘09) with encodings based on the PCP theorem. We also present both negative and positive results for generating “relaxed” synthetic data, where the fraction of rows in D satisfying a predicate c are estimated by applying c to each row of \({\hat{D}}\) and aggregating the results in some way.
      PubDate: 2020-07-31
  • Continuously Non-malleable Codes in the Split-State Model
    • Abstract: Abstract Non-malleable codes (Dziembowski et al., ICS’10 and J. ACM’18) are a natural relaxation of error correcting/detecting codes with useful applications in cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a message can only leave it unchanged or modify it to the encoding of an unrelated value. This paper introduces continuous non-malleability, a generalization of standard non-malleability where the adversary is allowed to tamper continuously with the same encoding. This is in contrast to the standard definition of non-malleable codes, where the adversary can only tamper a single time. The only restriction is that after the first invalid codeword is ever generated, a special self-destruct mechanism is triggered and no further tampering is allowed; this restriction can easily be shown to be necessary. We focus on the split-state model, where an encoding consists of two parts and the tampering functions can be arbitrary as long as they act independently on each part. Our main contributions are outlined below. We show that continuous non-malleability in the split-state model is impossible without relying on computational assumptions. We construct a computationally secure split-state code satisfying continuous non-malleability in the common reference string (CRS) model. Our scheme can be instantiated assuming the existence of collision-resistant hash functions and (doubly enhanced) trapdoor permutations, but we also give concrete instantiations based on standard number-theoretic assumptions. We revisit the application of non-malleable codes to protecting arbitrary cryptographic primitives against related-key attacks. Previous applications of non-malleable codes in this setting required perfect erasures and the adversary to be restricted in memory. We show that continuously non-malleable codes allow to avoid these restrictions.
      PubDate: 2020-07-24
  • $${\varvec{1/p}}$$ 1 / p -Secure Multiparty Computation without an Honest
           Majority and the Best of Both Worlds
    • Abstract: Abstract A protocol for computing a functionality is secure if an adversary in this protocol cannot cause more harm than in an ideal computation, where parties give their inputs to a trusted party that returns the output of the functionality to all parties. In particular, in the ideal model, such computation is fair—if the corrupted parties get the output, then the honest parties get the output. Cleve (STOC 1986) proved that, in general, fairness is not possible without an honest majority. To overcome this impossibility, Gordon and Katz (Eurocrypt 2010) suggested a relaxed definition—1/p-secure computation—which guarantees partial fairness. For two parties, they constructed 1/p-secure protocols for functionalities for which the size of either their domain or their range is polynomial (in the security parameter). Gordon and Katz ask whether their results can be extended to multiparty protocols. We study 1/p-secure protocols in the multiparty setting for general functionalities. Our main result is constructions of 1/p-secure protocols that are resilient against any number of corrupted parties provided that the number of parties is constant and the size of the range of the functionality is at most polynomial (in the security parameter \({n}\) ). If fewer than 2/3 of the parties are corrupted, the size of the domain of each party is constant, and the functionality is deterministic, then our protocols are efficient even when the number of parties is \(\log \log {n}\) . On the negative side, we show that when the number of parties is super-constant, 1/p-secure protocols are not possible when the size of the domain of each party is polynomial. Thus, our feasibility results for 1/p-secure computation are essentially tight. We further motivate our results by constructing protocols with stronger guarantees: If in the execution of the protocol there is a majority of honest parties, then our protocols provide full security. However, if only a minority of the parties are honest, then our protocols are 1/p-secure. Thus, our protocols provide the best of both worlds, where the 1/p-security is only a fall-back option if there is no honest majority.
      PubDate: 2020-07-16
  • Blockcipher-Based Authenticated Encryption: How Small Can We Go'
    • Abstract: Abstract This paper presents a lightweight blockcipher-based authenticated encryption mode mainly focusing on minimizing the implementation size, i.e., hardware gates or working memory on software. The mode is called \(\textsf {COFB}\), for COmbined FeedBack. \(\textsf {COFB}\) uses an n-bit blockcipher as the underlying primitive and relies on the use of a nonce for security. In addition to the state required for executing the underlying blockcipher, \(\textsf {COFB}\) needs only n / 2 bits state as a mask. Till date, for all existing constructions in which masks have been applied, at least n bit masks have been used. Thus, we have shown the possibility of reducing the size of a mask without degrading the security level much. Moreover, it requires one blockcipher call to process one input block. We show \(\textsf {COFB}\) is provably secure up to \(O(2^{n/2}/n)\) queries which is almost up to the standard birthday bound. We first present an idealized mode \(\textsf {iCOFB}\) along with the details of its provable security analysis. Next, we extend the construction to the practical mode COFB. We instantiate COFB with two 128-bit blockciphers, AES-128 and GIFT-128, and present their implementation results on FPGAs. We present two implementations, with and without CAESAR hardware API. When instantiated with AES-128 and implemented without CAESAR hardware API, COFB achieves only a few more than 1000 Look-Up-Tables (LUTs) while maintaining almost the same level of provable security as standard AES-based AE, such as GCM. When instantiated with GIFT-128, COFB performs much better in hardware area. It consumes less than 1000 LUTs while maintaining the same security level. However, when implemented with CAESAR hardware API, there are significant overheads both in hardware area and in throughput. COFB with AES-128 achieves about 1475 LUTs. COFB with GIFT-128 achieves a few more than 1000 LUTs. Though there are overheads, still both these figures show competitive implementation results compared to other authenticated encryption constructions.
      PubDate: 2020-07-01
  • Generic Attacks on Hash Combiners
    • Abstract: Abstract Hash combiners are a practical way to make cryptographic hash functions more tolerant to future attacks and compatible with existing infrastructure. A combiner combines two or more hash functions in a way that is hopefully more secure than each of the underlying hash functions, or at least remains secure as long as one of them is secure. Two classical hash combiners are the exclusive-or (XOR) combiner \( \mathcal {H}_1(M) \oplus \mathcal {H}_2(M) \) and the concatenation combiner \( \mathcal {H}_1(M) \Vert \mathcal {H}_2(M) \). Both of them process the same message using the two underlying hash functions in parallel. Apart from parallel combiners, there are also cascade constructions sequentially calling the underlying hash functions to process the message repeatedly, such as Hash-Twice \(\mathcal {H}_2(\mathcal {H}_1(IV, M), M)\) and the Zipper hash \(\mathcal {H}_2(\mathcal {H}_1(IV, M), \overleftarrow{M})\), where \(\overleftarrow{M}\) is the reverse of the message M. In this work, we study the security of these hash combiners by devising the best-known generic attacks. The results show that the security of most of the combiners is not as high as commonly believed. We summarize our attacks and their computational complexities (ignoring the polynomial factors) as follows:Several generic preimage attacks on the XOR combiner:A first attack with a best-case complexity of \( 2^{5n/6} \) obtained for messages of length \( 2^{n/3} \). It relies on a novel technical tool named interchange structure. It is applicable for combiners whose underlying hash functions follow the Merkle–Damgård construction or the HAIFA framework.A second attack with a best-case complexity of \( 2^{2n/3} \) obtained for messages of length \( 2^{n/2} \). It exploits properties of functional graphs of random mappings. It achieves a significant improvement over the first attack but is only applicable when the underlying hash functions use the Merkle–Damgård construction.An improvement upon the second attack with a best-case complexity of \( 2^{5n/8} \) obtained for messages of length \( 2^{5n/8} \). It further exploits properties of functional graphs of random mappings and uses longer messages. These attacks show a rather surprising result: regarding preimage resistance, the sum of two n-bit narrow-pipe hash functions following the considered constructions can never provide n-bit security.A generic second-preimage attack on the concatenation combiner of two Merkle–Damgård hash functions. This attack finds second preimages faster than \( 2^n \) for challenges longer than \( 2^{2n/7} \) and has a best-case complexity of \( 2^{3n/4} \) obtained for challenges of length \( 2^{3n/4} \). It also exploits properties of functional graphs of random mappings.The first generic second-preimage attack on the Zipper hash with underlying hash functions following the Merkle–Damgård construction. The best-case complexity is \( 2^{3n/5} \), obtained for challenge messages of length \( 2^{2n/5} \).An improved generic second-preimage attack on Hash-Twice with underlying hash functions following the Merkle–Damgård construction. The best-case complexity is
      PubDate: 2020-07-01
  • An Optimal Distributed Discrete Log Protocol with Applications to
           Homomorphic Secret Sharing
    • Abstract: Abstract The distributed discrete logarithm (DDL) problem was introduced by Boyle, Gilboa and Ishai at CRYPTO 2016. A protocol solving this problem was the main tool used in the share conversion procedure of their homomorphic secret sharing (HSS) scheme which allows non-interactive evaluation of branching programs among two parties over shares of secret inputs. Let g be a generator of a multiplicative group \({\mathbb {G}}\). Given a random group element \(g^{x}\) and an unknown integer \(b \in [-M,M]\) for a small M, two parties A and B (that cannot communicate) successfully solve DDL if \(A(g^{x}) - B(g^{x+b}) = b\). Otherwise, the parties err. In the DDL protocol of Boyle et al., A and B run in time T and have error probability that is roughly linear in M / T. Since it has a significant impact on the HSS scheme’s performance, a major open problem raised by Boyle et al. was to reduce the error probability as a function of T. In this paper we devise a new DDL protocol that substantially reduces the error probability to \(O(M \cdot T^{-2})\). Our new protocol improves the asymptotic evaluation time complexity of the HSS scheme by Boyle et al. on branching programs of size S from \(O(S^2)\) to \(O(S^{3/2})\). We further show that our protocol is optimal up to a constant factor for all relevant cryptographic group families, unless one can solve the discrete logarithm problem in a short interval of length R in time \(o(\sqrt{R})\). Our DDL protocol is based on a new type of random walk that is composed of several iterations in which the expected step length gradually increases. We believe that this random walk is of independent interest and will find additional applications.
      PubDate: 2020-07-01
  • Compact Adaptively Secure ABE for $${\textsf {NC}}^{1}$$NC1 from k -Lin
    • Abstract: Abstract We present compact attribute-based encryption (ABE) schemes for \({\textsf {NC}}^{1}\) that are adaptively secure under the k-Lin assumption with polynomial security loss. Our KP-ABE scheme achieves ciphertext size that is linear in the attribute length and independent of the policy size even in the many-use setting, and we achieve an analogous efficiency guarantee for CP-ABE. This resolves the central open problem posed by Lewko and Waters (CRYPTO 2011). Previous adaptively secure constructions either impose an attribute “one-use restriction” (or the ciphertext size grows with the policy size) or require q-type assumptions.
      PubDate: 2020-07-01
  • A Practical Forgery Attack on Lilliput-AE
    • Abstract: Abstract Lilliput-AE is a tweakable block cipher submitted as a candidate to the NIST lightweight cryptography standardization process. It is based upon the lightweight block cipher Lilliput, whose cryptanalysis so far suggests that it has a large security margin. In this note, we present an extremely efficient forgery attack on Lilliput-AE: Given a single arbitrary message of length about \(2^{36}\) bytes, we can instantly produce another valid message that leads to the same tag, along with the corresponding ciphertext. The attack uses a weakness in the tweakey schedule of Lilliput-AE which leads to the existence of a related-tweak differential characteristic with probability 1 in the underlying block cipher. The weakness we exploit, which does not exist in Lilliput, demonstrates the potential security risk in using a very simple tweakey schedule in which the same part of the key/tweak is reused in every round, even when round constants are employed to prevent slide attacks. Following this attack, the Lilliput-AE submission to NIST was tweaked.
      PubDate: 2020-07-01
  • Multi-theorem Preprocessing NIZKs from Lattices
    • Abstract: Abstract Non-interactive zero-knowledge (NIZK) proofs are fundamental to modern cryptography. Numerous NIZK constructions are known in both the random oracle and the common reference string (CRS) models. In the CRS model, there exist constructions from several classes of cryptographic assumptions such as trapdoor permutations, pairings, and indistinguishability obfuscation. However, at the time of the initial publication of this work, we did not have constructions of NIZKs from standard lattice assumptions. In this work, we take an initial step toward constructing multi-theorem NIZKs for general \(\mathsf {NP}\) languages from standard lattice assumptions by considering a relaxation to the preprocessing model and a new model we call the designated-prover model. In the preprocessing model, a setup algorithm generates secret proving and verification keys for the prover and the verifier, respectively. In the designated-prover model, the proving key is secret, but the verification key is public. In both settings, the proving key is used to construct proofs and the verification key is used to check proofs. Finally, in the multi-theorem setting, both the proving and verification keys should be reusable for an unbounded number of theorems without compromising soundness or zero-knowledge. Previous constructions of NIZKs in the preprocessing model that rely on weaker assumptions like one-way functions or oblivious transfer are only secure in a single-theorem setting. Thus, constructing multi-theorem NIZKs in these relaxed models does not seem to be inherently easier than constructing them in the CRS model. In this work, we first construct a multi-theorem preprocessing NIZK argument from context-hiding homomorphic signatures. In fact, the construction is a designated-prover NIZK. We also show that using homomorphic commitments, we can get statistically sound proofs in the preprocessing and designated-prover models. Together with lattice-based instantiations of homomorphic signatures and commitments, we obtain the first multi-theorem NIZKs in the preprocessing and designated-prover models from standard lattice assumptions. Finally, we show how to generalize our construction to obtain a universally composable NIZK (UC-NIZK) in the preprocessing model from standard lattice assumptions. Our UC-NIZK relies on a simple preprocessing protocol based on a new primitive we call blind homomorphic signatures.
      PubDate: 2020-07-01
  • Improved Key Recovery Attacks on Reduced-Round AES with Practical Data and
           Memory Complexities
    • Abstract: Abstract Determining the security of AES is a central problem in cryptanalysis, but progress in this area had been slow and only a handful of cryptanalytic techniques led to significant advancements. At Eurocrypt 2017 Grassi et al. presented a novel type of distinguisher for AES-like structures, but so far all the published attacks which were based on this distinguisher were inferior to previously known attacks in their complexity. In this paper we combine the technique of Grassi et al. with several other techniques in a novel way to obtain the best known key recovery attack on 5-round AES in the single-key model, reducing its overall complexity from about \(2^{32}\) to less than \(2^{22}\). Extending our techniques to 7-round AES, we obtain the best known attacks on reduced-round AES-192 which use practical amounts of data and memory, breaking the record for such attacks which was obtained in 2000 by the classical Square attack. In addition, we use our techniques to improve the Gilbert–Minier attack (2000) on 7-round AES, reducing its memory complexity from \(2^{80}\) to \(2^{40}\).
      PubDate: 2020-07-01
  • Statistical Concurrent Non-Malleable Zero-Knowledge from One-Way Functions
    • Abstract: Abstract Concurrent non-malleable zero-knowledge (\(\mathrm {CNMZK}\)) protocols are zero-knowledge protocols that provides security even when adversaries interact with multiple provers and verifiers simultaneously. It is known that \(\mathrm {CNMZK}\) arguments for \(\mathcal {NP}\) can be constructed in the plain model. Furthermore, it was recently shown that statistical\(\mathrm {CNMZK}\) arguments for \(\mathcal {NP}\) can also be constructed in the plain model. However, although the former requires only the existence of one-way functions, the latter requires the DDH assumption. In this paper, we construct a statistical \(\mathrm {CNMZK}\) argument for \(\mathcal {NP}\) assuming only the existence of one-way functions. The security is proven via black-box simulation, and the round complexity is \(\mathsf {poly}(n)\). Under the existence of collision-resistant hash functions, the round complexity is reduced to \(\omega (\log n)\), which is essentially optimal for black-box concurrent zero-knowledge protocols.
      PubDate: 2020-04-22
  • Efficient and Scalable Universal Circuits
    • Abstract: Abstract A universal circuit (UC) can be programmed to simulate any circuit up to a given size n by specifying its program inputs. It provides elegant solutions in various application scenarios, e.g., for private function evaluation (PFE) and for improving the flexibility of attribute-based encryption schemes. The asymptotic lower bound for the size of a UC is \(\Omega (n\log n)\), and Valiant (STOC’76) provided two theoretical constructions, the so-called 2-way and 4-way UCs (i.e., recursive constructions with 2 and 4 substructures), with asymptotic sizes \({\sim }\,5n\log _2n\) and \({\sim }\,4.75n\log _2n\), respectively. In this article, we present and extend our results published in (Kiss and Schneider EUROCRYPT’16) and (Günther et al. ASIACRYPT’17). We validate the practicality of Valiant’s UCs by realizing the 2-way and 4-way UCs in our modular open-source implementation. We also provide an example implementation for PFE using these size-optimized UCs. We propose a 2/4-hybrid approach that combines the 2-way and the 4-way UCs in order to minimize the size of the resulting UC. We realize that the bottleneck in universal circuit generation and programming becomes the memory consumption of the program since the whole structure of size \({\mathcal {O}}(n\log n)\) is handled by the algorithms in memory. In this work, we overcome this by designing novel scalable algorithms for the UC generation and programming. Both algorithms use only \({\mathcal {O}}(n)\) memory at any point in time. We prove the practicality of our scalable design with a scalable proof-of-concept implementation for generating Valiant’s 4-way UC. We note that this can be extended to work with optimized building blocks analogously. Moreover, we substantially improve the size of our UCs by including and implementing the recent optimization of Zhao et al. (ASIACRYPT’19) that reduces the asymptotic size of the 4-way UC to \({\sim }\,4.5n\log _2n\). Furthermore, we include their optimization in the implementation of our 2/4-hybrid UC which yields the smallest UC construction known so far.
      PubDate: 2020-04-08
  • Tight Security of Cascaded LRW2
    • Abstract: Abstract At CRYPTO ’12, Landecker et al. introduced the cascaded LRW2 (or CLRW2) construction and proved that it is a secure tweakable block cipher up to roughly \( 2^{2n/3} \) queries. Recently, Mennink has presented a distinguishing attack on CLRW2 in \( 2n^{1/2}2^{3n/4} \) queries. In the same paper, he discussed some non-trivial bottlenecks in proving tight security bound, i.e., security up to \( 2^{3n/4} \) queries. Subsequently, he proved security up to \( 2^{3n/4} \) queries for a variant of CLRW2 using 4-wise independent AXU assumption and the restriction that each tweak value occurs at most \( 2^{n/4} \) times. Moreover, his proof relies on a version of mirror theory which is yet to be publicly verified. In this paper, we resolve the bottlenecks in Mennink’s approach and prove that the original CLRW2 is indeed a secure tweakable block cipher up to roughly \( 2^{3n/4} \) queries. To do so, we develop two new tools: First, we give a probabilistic result that provides improved bound on the joint probability of some special collision events, and second, we present a variant of Patarin’s mirror theory in tweakable permutation settings with a self-contained and concrete proof. Both these results are of generic nature and can be of independent interests. To demonstrate the applicability of these tools, we also prove tight security up to roughly \( 2^{3n/4} \) queries for a variant of DbHtS, called DbHtS-p, that uses two independent universal hash functions.
      PubDate: 2020-03-05
  • Meet-in-the-Middle Attacks and Structural Analysis of Round-Reduced PRINCE
    • Abstract: Abstract NXP Semiconductors and its academic partners challenged the cryptographic community with finding practical attacks on the block cipher they designed, PRINCE. Instead of trying to attack as many rounds as possible using attacks which are usually impractical despite being faster than brute force, the challenge invites cryptographers to find practical attacks and encourages them to actually implement them. In this paper, we present new attacks on round-reduced PRINCE including the ones which won the challenge in the 4-, 6- and 8-round categories—the highest for which winners were identified. Our first attacks rely on a meet-in-the-middle approach and break up to ten rounds of the cipher. We also describe heuristic methods we used to find practical SAT-based and differential attacks. Finally, we also present an analysis of the cycle structure of the internal rounds of PRINCE leading both to a low complexity distinguisher for 4-round PRINCE-core and an alternative representation of the cipher valid in particular contexts and which highlights, in these cases, a poor diffusion.
      PubDate: 2020-03-04
  • Spin Me Right Round Rotational Symmetry for FPGA-Specific AES: Extended
    • Abstract: Abstract The effort in reducing the area of AES implementations has largely been focused on application-specific integrated circuits (ASICs) in which a tower field construction leads to a small design of the AES S-box. In contrast, a naive implementation of the AES S-box has been the status-quo on field-programmable gate arrays (FPGAs). A similar discrepancy holds for masking schemes—a well-known side-channel analysis countermeasure—which are commonly optimized to achieve minimal area in ASICs. In this paper, we demonstrate a representation of the AES S-box exploiting rotational symmetry which leads to a 50% reduction in the area footprint on FPGA devices. We present new AES implementations which improve on the state-of-the-art and explore various trade-offs between area and latency. For instance, at the cost of increasing 4.5 times the latency, one of our design variants requires 25% less look-up tables (LUTs) than the smallest known AES on Xilinx FPGAs by Sasdrich and Güneysu at ASAP 2016. We further explore the protection of such implementations against side-channel attacks. We introduce a generic methodology for masking any n-bit Boolean functions of degree t with protection order d. The methodology is exact for first-order and heuristic for higher orders. Its application to our new construction of the AES S-box allows us to improve previous results and introduce the smallest first-order masked AES implementation on Xilinx FPGAs, to date.
      PubDate: 2020-01-22
  • Multilinear Maps from Obfuscation
    • Abstract: Abstract We provide constructions of multilinear groups equipped with natural hard problems from indistinguishability obfuscation, homomorphic encryption, and NIZKs. This complements known results on the constructions of indistinguishability obfuscators from multilinear maps in the reverse direction. We provide two distinct, but closely related constructions and show that multilinear analogues of the \({\text {DDH}} \) assumption hold for them. Our first construction is symmetric and comes with a \(\kappa \)-linear map \(\mathbf{e }: {{\mathbb {G}}}^\kappa \longrightarrow {\mathbb {G}}_T\) for prime-order groups \({\mathbb {G}}\) and \({\mathbb {G}}_T\). To establish the hardness of the \(\kappa \)-linear \({\text {DDH}} \) problem, we rely on the existence of a base group for which the \(\kappa \)-strong \({\text {DDH}} \) assumption holds. Our second construction is for the asymmetric setting, where \(\mathbf{e }: {\mathbb {G}}_1 \times \cdots \times {\mathbb {G}}_{\kappa } \longrightarrow {\mathbb {G}}_T\) for a collection of \(\kappa +1\) prime-order groups \({\mathbb {G}}_i\) and \({\mathbb {G}}_T\), and relies only on the 1-strong \({\text {DDH}} \) assumption in its base group. In both constructions, the linearity \(\kappa \) can be set to any arbitrary but a priori fixed polynomial value in the security parameter. We rely on a number of powerful tools in our constructions: probabilistic indistinguishability obfuscation, dual-mode NIZK proof systems (with perfect soundness, witness-indistinguishability, and zero knowledge), and additively homomorphic encryption for the group \(\mathbb {Z}_N^{+}\). At a high level, we enable “bootstrapping” multilinear assumptions from their simpler counterparts in standard cryptographic groups and show the equivalence of PIO and multilinear maps under the existence of the aforementioned primitives.
      PubDate: 2020-01-02
School of Mathematical and Computer Sciences
Heriot-Watt University
Edinburgh, EH14 4AS, UK
Tel: +00 44 (0)131 4513762

Your IP address:
Home (Search)
About JournalTOCs
News (blog, publications)
JournalTOCs on Twitter   JournalTOCs on Facebook

JournalTOCs © 2009-