Subjects -> MATHEMATICS (Total: 1118 journals)
    - APPLIED MATHEMATICS (92 journals)
    - GEOMETRY AND TOPOLOGY (23 journals)
    - MATHEMATICS (819 journals)
    - MATHEMATICS (GENERAL) (45 journals)
    - NUMERICAL ANALYSIS (26 journals)
    - PROBABILITIES AND MATH STATISTICS (113 journals)

MATHEMATICS (819 journals)            First | 1 2 3 4 5     

Showing 401 - 538 of 538 Journals sorted alphabetically
Journal of Computational Physics     Hybrid Journal   (Followers: 72)
Journal of Computational Physics : X     Open Access   (Followers: 1)
Journal of Computer Engineering, System and Science (CESS)     Open Access  
Journal of Contemporary Mathematical Analysis     Hybrid Journal  
Journal of Cryptology     Hybrid Journal   (Followers: 6)
Journal of Difference Equations and Applications     Hybrid Journal  
Journal of Differential Equations     Full-text available via subscription   (Followers: 1)
Journal of Discrete Algorithms     Hybrid Journal   (Followers: 4)
Journal of Discrete Mathematics     Open Access   (Followers: 1)
Journal of Dynamics and Differential Equations     Hybrid Journal  
Journal of Engineering Mathematics     Hybrid Journal   (Followers: 2)
Journal of Evolution Equations     Hybrid Journal  
Journal of Experimental Algorithmics     Full-text available via subscription   (Followers: 1)
Journal of Flood Risk Management     Hybrid Journal   (Followers: 15)
Journal of Formalized Reasoning     Open Access   (Followers: 2)
Journal of Function Spaces     Open Access  
Journal of Functional Analysis     Full-text available via subscription   (Followers: 2)
Journal of Geochemical Exploration     Hybrid Journal   (Followers: 3)
Journal of Geological Research     Open Access   (Followers: 1)
Journal of Geovisualization and Spatial Analysis     Hybrid Journal  
Journal of Global Optimization     Hybrid Journal   (Followers: 7)
Journal of Global Research in Mathematical Archives     Open Access   (Followers: 1)
Journal of Group Theory     Hybrid Journal   (Followers: 2)
Journal of Homotopy and Related Structures     Hybrid Journal  
Journal of Honai Math     Open Access  
Journal of Humanistic Mathematics     Open Access   (Followers: 1)
Journal of Hyperbolic Differential Equations     Hybrid Journal  
Journal of Indian Council of Philosophical Research     Hybrid Journal  
Journal of Industrial Mathematics     Open Access   (Followers: 2)
Journal of Inequalities and Applications     Open Access  
Journal of Infrared, Millimeter and Terahertz Waves     Hybrid Journal   (Followers: 3)
Journal of Integrable Systems     Open Access   (Followers: 1)
Journal of K-Theory     Full-text available via subscription  
Journal of Knot Theory and Its Ramifications     Hybrid Journal   (Followers: 2)
Journal of Liquid Chromatography & Related Technologies     Hybrid Journal   (Followers: 7)
Journal of Logical and Algebraic Methods in Programming     Hybrid Journal   (Followers: 1)
Journal of Manufacturing Systems     Full-text available via subscription   (Followers: 4)
Journal of Mathematical Analysis and Applications     Full-text available via subscription   (Followers: 5)
Journal of mathematical and computational science     Open Access   (Followers: 7)
Journal of Mathematical and Fundamental Sciences     Open Access  
Journal of Mathematical Behavior     Hybrid Journal   (Followers: 3)
Journal of Mathematical Chemistry     Hybrid Journal   (Followers: 5)
Journal of Mathematical Cryptology     Hybrid Journal   (Followers: 1)
Journal of Mathematical Extension     Open Access   (Followers: 3)
Journal of Mathematical Finance     Open Access   (Followers: 9)
Journal of Mathematical Imaging and Vision     Hybrid Journal   (Followers: 7)
Journal of Mathematical Logic     Hybrid Journal   (Followers: 3)
Journal of Mathematical Modelling and Algorithms     Hybrid Journal   (Followers: 1)
Journal of Mathematical Neuroscience     Open Access   (Followers: 10)
Journal of Mathematical Sciences     Hybrid Journal  
Journal of Mathematical Sciences and Applications     Open Access   (Followers: 3)
Journal of Mathematical Sociology     Hybrid Journal   (Followers: 3)
Journal of Mathematics     Open Access  
Journal of Mathematics and Statistics     Open Access   (Followers: 8)
Journal of Mathematics and Statistics Studies     Open Access   (Followers: 3)
Journal of Mathematics and the Arts     Hybrid Journal   (Followers: 2)
Journal of Mathematics Education at Teachers College     Open Access   (Followers: 3)
Journal of Mathematics in Industry     Open Access  
Journal of Mathematics Research     Open Access   (Followers: 6)
Journal of Metallurgy     Open Access   (Followers: 8)
Journal of Modern Mathematics Frontier     Open Access  
Journal of Multidisciplinary Modeling and Optimization     Open Access  
Journal of Multivariate Analysis     Hybrid Journal   (Followers: 13)
Journal of Natural Sciences and Mathematics Research     Open Access  
Journal of Nonlinear Analysis and Optimization : Theory & Applications     Open Access   (Followers: 4)
Journal of Nonlinear Mathematical Physics     Hybrid Journal   (Followers: 2)
Journal of Nonlinear Science     Hybrid Journal   (Followers: 1)
Journal of Numerical Cognition     Open Access   (Followers: 1)
Journal of Numerical Mathematics     Hybrid Journal   (Followers: 2)
Journal of Optimization     Open Access   (Followers: 5)
Journal of Peridynamics and Nonlocal Modeling     Hybrid Journal  
Journal of Problem Solving     Open Access   (Followers: 2)
Journal of Progressive Research in Mathematics     Open Access   (Followers: 5)
Journal of Pseudo-Differential Operators and Applications     Hybrid Journal  
Journal of Pure and Applied Algebra     Full-text available via subscription   (Followers: 4)
Journal of Quantitative Analysis in Sports     Hybrid Journal   (Followers: 9)
Journal of Quantitative Linguistics     Hybrid Journal   (Followers: 6)
Journal of Scientific Computing     Hybrid Journal   (Followers: 18)
Journal of Scientific Research     Open Access  
Journal of Symbolic Computation     Hybrid Journal   (Followers: 2)
Journal of the Australian Mathematical Society     Full-text available via subscription  
Journal of the Egyptian Mathematical Society     Open Access  
Journal of the European Mathematical Society     Full-text available via subscription   (Followers: 2)
Journal of the Indian Mathematical Society     Hybrid Journal   (Followers: 1)
Journal of the Institute of Mathematics of Jussieu     Hybrid Journal  
Journal of the London Mathematical Society     Hybrid Journal   (Followers: 3)
Journal of the Nigerian Mathematical Society     Open Access   (Followers: 1)
Journal of Theoretical and Applied Physics     Open Access   (Followers: 8)
Journal of Topology and Analysis     Hybrid Journal  
Journal of Transport and Supply Chain Management     Open Access   (Followers: 16)
Journal of Turbulence     Hybrid Journal   (Followers: 9)
Journal of Uncertainty Analysis and Applications     Open Access   (Followers: 1)
Journal of Universal Mathematics     Open Access  
Journal of Urban Regeneration & Renewal     Full-text available via subscription   (Followers: 11)
JRAMathEdu : Journal of Research and Advances in Mathematics Education     Open Access   (Followers: 6)
JUMLAHKU : Jurnal Matematika Ilmiah STKIP Muhammadiyah Kuningan     Open Access   (Followers: 2)
JURING (Journal for Research in Mathematics Learning)     Open Access   (Followers: 1)
Jurnal Ilmiah AdMathEdu     Open Access  
Jurnal Matematika     Open Access   (Followers: 1)
Jurnal Matematika Integratif     Open Access  
Jurnal Matematika, Sains, Dan Teknologi     Open Access  
Jurnal Natural     Open Access  
Jurnal Pendidikan Matematika Raflesia     Open Access  
Jurnal Penelitian Pembelajaran Matematika Sekolah     Open Access  
Jurnal Penelitian Sains (JPS)     Open Access  
Jurnal Riset Pendidikan Matematika     Open Access  
Jurnal Sains Matematika dan Statistika     Open Access  
Jurnal Tadris Matematika     Open Access  
Jurnal Teknologi dan Sistem Komputer     Open Access  
Kontinu : Jurnal Penelitian Didaktik Matematika     Open Access   (Followers: 2)
Kreano, Jurnal Matematika Kreatif-Inovatif     Open Access   (Followers: 6)
Le Matematiche     Open Access  
Learning and Teaching Mathematics     Full-text available via subscription   (Followers: 8)
Lettera Matematica     Hybrid Journal  
Lietuvos Matematikos Rinkinys     Open Access   (Followers: 3)
Limits : Journal of Mathematics and Its Applications     Open Access   (Followers: 1)
Linear Algebra and its Applications     Full-text available via subscription   (Followers: 24)
Linear and Multilinear Algebra     Hybrid Journal   (Followers: 8)
Lithuanian Mathematical Journal     Hybrid Journal  
LMS Journal of Computation and Mathematics     Free  
Lobachevskii Journal of Mathematics     Open Access  
Logic and Analysis     Hybrid Journal   (Followers: 1)
Logic Journal of the IGPL     Hybrid Journal   (Followers: 1)
Logica Universalis     Hybrid Journal  
manuscripta mathematica     Hybrid Journal  
MaPan : Jurnal Matematika dan Pembelajaran     Open Access  
Marine Genomics     Hybrid Journal   (Followers: 2)
Matemáticas, Educación y Sociedad     Open Access  
Matematicheskie Zametki     Full-text available via subscription  
Matematychni Studii     Open Access  
Mathematica Eterna     Open Access  
Mathematica Scandinavica     Full-text available via subscription   (Followers: 1)
Mathematica Slovaca     Hybrid Journal   (Followers: 1)
Mathematical Analysis and its Contemporary Applications     Open Access  
Mathematical and Computational Forestry & Natural-Resource Sciences     Free  
Mathematical Communications     Open Access  
Mathematical Computation     Open Access   (Followers: 1)
Mathematical Geosciences     Hybrid Journal   (Followers: 4)
Mathematical Journal of Interdisciplinary Sciences     Open Access   (Followers: 1)
Mathematical Medicine and Biology: A Journal of the IMA     Hybrid Journal   (Followers: 2)
Mathematical Methods in the Applied Sciences     Hybrid Journal   (Followers: 5)
Mathematical Methods of Statistics     Hybrid Journal   (Followers: 4)
Mathematical Modelling and Analysis     Open Access   (Followers: 1)
Mathematical Modelling in Civil Engineering     Open Access   (Followers: 5)
Mathematical Modelling of Natural Phenomena     Open Access   (Followers: 2)
Mathematical Models and Methods in Applied Sciences     Hybrid Journal   (Followers: 2)
Mathematical Models in Engineering     Open Access   (Followers: 1)
Mathematical Notes     Hybrid Journal  
Mathematical Proceedings of the Cambridge Philosophical Society     Full-text available via subscription   (Followers: 2)
Mathematical Programming Computation     Hybrid Journal   (Followers: 3)
Mathematical Sciences     Open Access  
Mathematical Social Sciences     Hybrid Journal   (Followers: 1)
Mathematical Theory and Modeling     Open Access   (Followers: 13)
Mathematical Thinking and Learning     Hybrid Journal   (Followers: 4)
Mathematics and Statistics     Open Access   (Followers: 5)
Mathematics Education Forum Chitwan     Open Access   (Followers: 2)
Mathematics Education Journal     Open Access   (Followers: 3)
Mathematics Education Research Journal     Partially Free   (Followers: 20)
Mathematics in Science and Engineering     Full-text available via subscription  
Mathematics of Control, Signals, and Systems (MCSS)     Hybrid Journal   (Followers: 5)
Mathematics of Quantum and Nano Technologies     Open Access  
Mathématiques et sciences humaines     Open Access   (Followers: 6)
Mathematische Annalen     Hybrid Journal   (Followers: 1)
Mathematische Nachrichten     Hybrid Journal   (Followers: 1)
Mathematische Semesterberichte     Hybrid Journal  
Mathematische Zeitschrift     Hybrid Journal   (Followers: 1)
MathLAB Journal     Open Access   (Followers: 5)
MATICS     Open Access   (Followers: 2)
Matrix Science Mathematic     Open Access   (Followers: 1)
Measurement Science Review     Open Access   (Followers: 3)
Mediterranean Journal of Mathematics     Hybrid Journal  
Memetic Computing     Hybrid Journal  
Mendel : Soft Computing Journal     Open Access  
Metaheuristics     Hybrid Journal  
Metals and Materials International     Hybrid Journal  
Metascience     Hybrid Journal   (Followers: 1)
Metrology and Instruments / Метрологія та прилади     Open Access   (Followers: 1)
Milan Journal of Mathematics     Hybrid Journal  
Mitteilungen der DMV     Hybrid Journal  
MLQ- Mathematical Logic Quarterly     Hybrid Journal   (Followers: 1)
MONA : Matematik- og Naturfagsdidaktik     Hybrid Journal   (Followers: 4)
Monatshefte fur Mathematik     Hybrid Journal  
Moroccan Journal of Pure and Applied Analysis     Open Access   (Followers: 4)
Moscow University Mathematics Bulletin     Hybrid Journal  
MSOR Connections     Open Access   (Followers: 1)
Multiscale Modeling and Simulation     Hybrid Journal   (Followers: 4)
MUST : Journal of Mathematics Education, Science and Technology     Open Access   (Followers: 3)
Nagoya Mathematical Journal     Hybrid Journal  
Nano Research     Hybrid Journal   (Followers: 4)
Nanotechnologies in Russia     Hybrid Journal   (Followers: 1)
Natural Resource Modeling     Hybrid Journal   (Followers: 1)
New Mathematics and Natural Computation     Hybrid Journal   (Followers: 1)
Nonlinear Analysis : Modelling and Control     Open Access   (Followers: 1)
Nonlinear Analysis : Theory, Methods & Applications     Hybrid Journal   (Followers: 1)
Nonlinear Analysis: Hybrid Systems     Hybrid Journal  
Nonlinear Analysis: Real World Applications     Hybrid Journal   (Followers: 2)
Nonlinear Differential Equations and Applications NoDEA     Hybrid Journal  
Nonlinear Engineering     Open Access  
Nonlinear Oscillations     Hybrid Journal   (Followers: 1)
North Carolina Journal of Mathematics and Statistics     Open Access  

  First | 1 2 3 4 5     

Similar Journals
Journal Cover
Journal of Cryptology
Journal Prestige (SJR): 0.347
Citation Impact (citeScore): 2
Number of Followers: 6  
 
  Hybrid Journal Hybrid journal (It can contain Open Access articles)
ISSN (Print) 1432-1378 - ISSN (Online) 0933-2790
Published by Springer-Verlag Homepage  [2658 journals]
  • A Cryptographic Analysis of the TLS 1.3 Handshake Protocol

    • Free pre-print version: Loading...

      Abstract: We analyze the handshake protocol of the Transport Layer Security (TLS) protocol, version 1.3. We address both the full TLS 1.3 handshake (the one round-trip time mode, with signatures for authentication and (elliptic curve) Diffie–Hellman ephemeral ((EC)DHE) key exchange), and the abbreviated resumption/“PSK” mode which uses a pre-shared key for authentication (with optional (EC)DHE key exchange and zero round-trip time key establishment). Our analysis in the reductionist security framework uses a multi-stage key exchange security model, where each of the many session keys derived in a single TLS 1.3 handshake is tagged with various properties (such as unauthenticated versus unilaterally authenticated versus mutually authenticated, whether it is intended to provide forward security, how it is used in the protocol, and whether the key is protected against replay attacks). We show that these TLS 1.3 handshake protocol modes establish session keys with their desired security properties under standard cryptographic assumptions.
      PubDate: 2021-07-30
       
  • The Design and Evolution of OCB

    • Free pre-print version: Loading...

      Abstract: We describe OCB3, the final version of OCB, a blockcipher mode for authenticated encryption (AE). We prove the construction secure, up to the birthday bound, assuming its underlying blockcipher is secure as a strong-PRP. We study the scheme’s software performance, comparing its speed, on multiple platforms, to a variety of other AE schemes. We reflect on the history and development of the mode.
      PubDate: 2021-07-27
       
  • Decomposable Obfuscation: A Framework for Building Applications of
           Obfuscation from Polynomial Hardness

    • Free pre-print version: Loading...

      Abstract: There is some evidence that indistinguishability obfuscation (iO) requires either exponentially many assumptions or (sub)exponentially hard assumptions, and indeed, all known ways of building obfuscation suffer one of these two limitations. As such, any application built from iO suffers from these limitations as well. However, for most applications, such limitations do not appear to be inherent to the application, just the approach using iO. Indeed, several recent works have shown how to base applications of iO instead on functional encryption (FE), which can in turn be based on the polynomial hardness of just a few assumptions. However, these constructions are quite complicated and recycle a lot of similar techniques. In this work, we unify the results of previous works in the form of a weakened notion of obfuscation, called decomposable obfuscation. We show (1) how to build decomposable obfuscation from functional encryption and (2) how to build a variety of applications from decomposable obfuscation, including all of the applications already known from FE. The construction in (1) hides most of the difficult techniques in the prior work, whereas the constructions in (2) are much closer to the comparatively simple constructions from iO. As such, decomposable obfuscation represents a convenient new platform for obtaining more applications from polynomial hardness.
      PubDate: 2021-07-06
       
  • High-Performance Multi-party Computation for Binary Circuits Based on
           Oblivious Transfer

    • Free pre-print version: Loading...

      Abstract: We present a unified view of the two-party and multi-party computation protocols based on oblivious transfer first outlined in Nielsen et al. (CRYPTO 2012) and Larraia et al. (CRYPTO 2014). We present a number of modifications and improvements to these earlier presentations, as well as full proofs of the entire protocol. Improvements include a unified pre-processing and online MAC methodology, mechanisms to pass between different MAC variants and fixing a minor bug in the protocol of Larraia et al. in relation to a selective failure attack. It also fixes a minor bug in Nielsen et al. resulting from using Jensen’s inequality in the wrong direction in an analysis.
      PubDate: 2021-06-30
      DOI: 10.1007/s00145-021-09403-1
       
  • Ascon v1.2: Lightweight Authenticated Encryption and Hashing

    • Free pre-print version: Loading...

      Abstract: Authenticated encryption satisfies the basic need for authenticity and confidentiality in our information infrastructure. In this paper, we provide the specification of Ascon-128 and Ascon-128a. Both authenticated encryption algorithms provide efficient authenticated encryption on resource-constrained devices and on high-end CPUs. Furthermore, they have been selected as the “primary choice” for lightweight authenticated encryption in the final portfolio of the CAESAR competition. In addition, we specify the hash function Ascon-Hash, and the extendable output function Ascon-Xof. Moreover, we complement the specification by providing a detailed overview of existing cryptanalysis and implementation results.
      PubDate: 2021-06-22
      DOI: 10.1007/s00145-021-09398-9
       
  • Translating the Discrete Logarithm Problem on Jacobians of Genus 3
           Hyperelliptic Curves with $$(\ell ,\ell ,\ell )$$ ( ℓ , ℓ , ℓ )
           -Isogenies

    • Free pre-print version: Loading...

      Abstract: We give an algorithm to compute \((\ell ,\ell ,\ell )\) -isogenies from the Jacobians of genus three hyperelliptic curves to the Jacobians of non-hyperelliptic curves over a finite field of characteristic different from 2 in time \(\tilde{O}(\ell ^3)\) , where \(\ell \) is an odd prime which is coprime to the characteristic. An important application is to reduce the discrete logarithm problem in the Jacobian of a hyperelliptic curve to the corresponding problem in the Jacobian of a non-hyperelliptic curve.
      PubDate: 2021-06-15
      DOI: 10.1007/s00145-021-09401-3
       
  • The Deoxys AEAD Family

    • Free pre-print version: Loading...

      Abstract: We present the Deoxys family of authenticated encryption schemes, which consists of Deoxys-I and Deoxys-II. Both are nonce-based authenticated encryption schemes with associated data and have either 128- or 256-bit keys. Deoxys-I is similar to OCB: It is single-pass but insecure when nonces are repeated; in contrast, Deoxys-II is nonce-misuse resistant. Deoxys-II was selected as first choice in the final portfolio of the CAESAR competition for the defense-in-depth category. Deoxys uses a new family of tweakable block ciphers as internal primitive, Deoxys-TBC, which follows the TWEAKEY framework (Jean, Nikolić, and Peyrin, ASIACRYPT 2014) and relies on the AES round function. Our benchmarks indicate that Deoxys does not sacrifice efficiency for security and performs very well both in software (e.g., Deoxys-I efficiency is similar to AES-GCM) and hardware.
      PubDate: 2021-06-10
      DOI: 10.1007/s00145-021-09397-w
       
  • On the Tight Security of TLS 1.3: Theoretically Sound Cryptographic
           Parameters for Real-World Deployments

    • Free pre-print version: Loading...

      Abstract: We consider the theoretically sound selection of cryptographic parameters, such as the size of algebraic groups or RSA keys, for TLS 1.3 in practice. While prior works gave security proofs for TLS 1.3, their security loss is quadratic in the total number of sessions across all users, which due to the pervasive use of TLS is huge. Therefore, in order to deploy TLS 1.3 in a theoretically sound way, it would be necessary to compensate this loss with unreasonably large parameters that would be infeasible for practical use at large scale. Hence, while these previous works show that in principle the design of TLS 1.3 is secure in an asymptotic sense, they do not yet provide any useful concrete security guarantees for real-world parameters used in practice. In this work, we provide a new security proof for the cryptographic core of TLS 1.3 in the random oracle model, which reduces the security of TLS 1.3 tightly (that is, with constant security loss) to the (multi-user) security of its building blocks. For some building blocks, such as the symmetric record layer encryption scheme, we can then rely on prior work to establish tight security. For others, such as the RSA-PSS digital signature scheme currently used in TLS 1.3, we obtain at least a linear loss in the number of users, independent of the number of sessions, which is much easier to compensate with reasonable parameters. Our work also shows that by replacing the RSA-PSS scheme with a tightly secure scheme (e.g., in a future TLS version), one can obtain the first fully tightly secure TLS protocol. Our results enable a theoretically sound selection of parameters for TLS 1.3, even in large-scale settings with many users and sessions per user.
      PubDate: 2021-06-04
      DOI: 10.1007/s00145-021-09388-x
       
  • Adaptively Secure Distributed PRFs from $$\textsf {LWE}$$ LWE

    • Free pre-print version: Loading...

      Abstract: In distributed pseudorandom functions (DPRFs), a PRF secret key SK is secret shared among N servers so that each server can locally compute a partial evaluation of the PRF on some input X. A combiner that collects t partial evaluations can then reconstruct the evaluation F(SK, X) of the PRF under the initial secret key. So far, all non-interactive constructions in the standard model are based on lattice assumptions. One caveat is that they are only known to be secure in the static corruption setting, where the adversary chooses the servers to corrupt at the very beginning of the game, before any evaluation query. In this work, we construct the first fully non-interactive adaptively secure DPRF in the standard model. Our construction is proved secure under the \(\textsf {LWE}\) assumption against adversaries that may adaptively decide which servers they want to corrupt. We also extend our construction in order to achieve robustness against malicious adversaries.
      PubDate: 2021-06-02
      DOI: 10.1007/s00145-021-09393-0
       
  • Watermarking Cryptographic Functionalities from Standard Lattice
           Assumptions

    • Free pre-print version: Loading...

      Abstract: A software watermarking scheme allows one to embed a “mark” into a program without significantly altering the behavior of the program. Moreover, it should be difficult to remove the watermark without destroying the functionality of the program. Recently, Cohen et al. (STOC 2016) and Boneh et al. (PKC 2017) showed how to watermark cryptographic functions such as pseudorandom functions (PRFs) using indistinguishability obfuscation. Notably, in their constructions, the watermark remains intact even against arbitrary removal strategies. A natural question is whether we can build watermarking schemes from standard assumptions that achieve this strong mark-unremovability property. We give the first construction of a watermarkable family of PRFs that satisfies this strong mark-unremovability property from standard lattice assumptions (namely, the learning with errors (LWE) and the one-dimensional short integer solution (SIS) problems). As part of our construction, we introduce a new cryptographic primitive called a translucent PRF. We then give a concrete construction of a translucent PRF family from standard lattice assumptions, which in turn yields a watermarkable family of PRFs from the same assumptions.
      PubDate: 2021-05-26
      DOI: 10.1007/s00145-021-09391-2
       
  • Selfie: reflections on TLS 1.3 with PSK

    • Free pre-print version: Loading...

      Abstract: TLS 1.3 allows two parties to establish a shared session key from an out-of-band agreed pre-shared key (PSK). The PSK is used to mutually authenticate the parties, under the assumption that it is not shared with others. This allows the parties to skip the certificate verification steps, saving bandwidth, communication rounds, and latency. In this paper, we identify a vulnerability in this specific TLS 1.3 option by showing a new “reflection attack” that we call “Selfie.” This attack uses the fact that TLS does not mandate explicit authentication of the server and the client, and leverages it to break the protocol’s mutual authentication property. We explain the root cause of this TLS 1.3 vulnerability, provide a fully detailed demonstration of a Selfie attack using the TLS implementation of OpenSSL, and propose mitigation. The Selfie attack is the first attack on TLS 1.3 after its official release in 2018. It is surprising because it uncovers an interesting gap in the existing TLS 1.3 models that the security proofs rely on. We explain the gap in these model assumptions and show how it affects the proofs in this case.
      PubDate: 2021-05-25
      DOI: 10.1007/s00145-021-09387-y
       
  • Introduction to the Special Issue on TLS 1.3

    • Free pre-print version: Loading...

      PubDate: 2021-05-24
      DOI: 10.1007/s00145-021-09386-z
       
  • Fine-Grained Cryptography Revisited

    • Free pre-print version: Loading...

      Abstract: Fine-grained cryptographic primitives are secure against adversaries with bounded resources and can be computed by honest users with less resources than the adversaries. In this paper, we revisit the results by Degwekar, Vaikuntanathan, and Vasudevan in Crypto 2016 on fine-grained cryptography and show constructions of three key fundamental fine-grained cryptographic primitives: one-way permutation families, hash proof systems (which in turn implies a public-key encryption scheme against chosen chiphertext attacks), and trapdoor one-way functions. All of our constructions are computable in \(\textsf {NC}^1\) and secure against (non-uniform) \(\textsf {NC}^1\) circuits under the widely believed worst-case assumption \(\textsf {NC}^1\subsetneq {\oplus \textsf {L/poly}}\) .
      PubDate: 2021-05-24
      DOI: 10.1007/s00145-021-09390-3
       
  • Secure Communication Channel Establishment: TLS 1.3 (over TCP Fast Open)
           versus QUIC

    • Free pre-print version: Loading...

      Abstract: Secure channel establishment protocols such as Transport Layer Security (TLS) are some of the most important cryptographic protocols, enabling the encryption of Internet traffic. Reducing latency (the number of interactions between parties before encrypted data can be transmitted) in such protocols has become an important design goal to improve user experience. The most important protocols addressing this goal are TLS 1.3, the latest TLS version standardized in 2018 to replace the widely deployed TLS 1.2, and Quick UDP Internet Connections (QUIC), a secure transport protocol from Google that is implemented in the Chrome browser. There have been a number of formal security analyses for TLS 1.3 and QUIC, but their security, when layered with their underlying transport protocols, cannot be easily compared. Our work is the first to thoroughly compare the security and availability properties of these protocols. Toward this goal, we develop novel security models that permit “layered” security analysis. In addition to the standard goals of server authentication and data confidentiality and integrity, we consider the goals of IP spoofing prevention, key exchange packet integrity, secure channel header integrity, and reset authentication, which capture a range of practical threats not usually taken into account by existing security models that focus mainly on the cryptographic cores of the protocols. Equipped with our new models we provide a detailed comparison of three low-latency layered protocols: TLS 1.3 over TCP Fast Open (TFO), QUIC over UDP, and QUIC[TLS] (a new design for QUIC that uses TLS 1.3 key exchange) over UDP. In particular, we show that TFO’s cookie mechanism does provably achieve the security goal of IP spoofing prevention. Additionally, we find several new availability attacks that manipulate the early key exchange packets without being detected by the communicating parties. By including packet-level attacks in our analysis, our results shed light on how the reliability, flow control, and congestion control of the above layered protocols compare, in adversarial settings. We hope that our models will help protocol designers in their future protocol analyses and that our results will help practitioners better understand the advantages and limitations of secure channel establishment protocols.
      PubDate: 2021-05-24
      DOI: 10.1007/s00145-021-09389-w
       
  • Simple and Generic Constructions of Succinct Functional Encryption

    • Free pre-print version: Loading...

      Abstract: We propose simple generic constructions of succinct functional encryption. Our key tool is strong exponentially efficient indistinguishability obfuscator (SXIO), which is the same as indistinguishability obfuscator (IO) except that the size of an obfuscated circuit and the running time of an obfuscator are slightly smaller than that of a brute-force canonicalizer that outputs the entire truth table of a circuit to be obfuscated. A “compression factor” of SXIO indicates how much SXIO compresses the brute-force canonicalizer. In this study, we propose a significantly simple framework to construct succinct functional encryption via SXIO and show that SXIO is powerful enough to achieve cutting-edge cryptography. In particular, we propose the following constructions: Single-key weakly succinct secret-key functional encryption (SKFE) is constructed from SXIO (even with a bad compression factor) and one-way functions. Single-key weakly succinct public-key functional encryption (PKFE) is constructed from SXIO with a good compression factor and public-key encryption. Single-key weakly succinct PKFE is constructed from SXIO (even with a bad compression factor) and identity-based encryption. Our new framework has side benefits. Our constructions do not rely on any number theoretic or lattice assumptions such as decisional Diffie–Hellman and learning with errors assumptions. Moreover, all security reductions incur only polynomial security loss. Known constructions of weakly succinct SKFE or PKFE from SXIO with polynomial security loss rely on number theoretic or lattice assumptions. As corollaries of our results, relationships among SXIO, a few variants of SKFE, and a variant of randomized encoding are discovered.
      PubDate: 2021-05-24
      DOI: 10.1007/s00145-021-09396-x
       
  • Modeling for Three-Subset Division Property without Unknown Subset

    • Free pre-print version: Loading...

      Abstract: A division property is a generic tool to search for integral distinguishers, and automatic tools such as MILP or SAT/SMT allow us to evaluate the propagation efficiently. In the application to stream ciphers, it enables us to estimate the security of cube attacks theoretically, and it leads to the best key-recovery attacks against well-known stream ciphers. However, it was reported that some of the key-recovery attacks based on the division property degenerate to distinguishing attacks due to the inaccuracy of the division property. Three-subset division property (without unknown subset) is a promising method to solve this inaccuracy problem, and a new algorithm using automatic tools for the three-subset division property was recently proposed at Asiacrypt2019. In this paper, we first show that this state-of-the-art algorithm is not always efficient and we cannot improve the existing key-recovery attacks. Then, we focus on the three-subset division property without unknown subset and propose another new efficient algorithm using automatic tools. Our algorithm is more efficient than existing algorithms, and it can improve existing key-recovery attacks. In the application to Trivium, we show a 842-round key-recovery attack. We also show that a 855-round key-recovery attack, which was proposed at CRYPTO2018, has a critical flaw and does not work. As a result, our 842-round attack becomes the best key-recovery attack. In the application to Grain-128AEAD, we show that the known 184-round key-recovery attack degenerates to a distinguishing attack. Then, the distinguishing attacks are improved up to 189 rounds, and we also show the best key-recovery attack against 190 rounds. In the application to ACORN, we prove that the 772-round key-recovery attack at ISC2019 is in fact a constant-sum distinguisher. We then give new key-recovery attacks mounting to 773-, 774- and 775-round ACORN. We verify the current best key-recovery attack on 892-round Kreyvium and recover the exact superpoly. We further propose a new attack mounting to 893 rounds.
      PubDate: 2021-05-20
      DOI: 10.1007/s00145-021-09383-2
       
  • A Formal Analysis of Prefetching in Profiled Cache-Timing Attacks on Block
           Ciphers

    • Free pre-print version: Loading...

      Abstract: Formally bounding side-channel leakage is important to bridge the gap between theory and practice in cryptography. However, bounding side-channel leakages is difficult because leakage in a cryptosystem could be from several sources. Moreover, the amount of leakage from a source may vary depending on the implementation of the cipher and the form of attack. To formally analyze the security of a cryptosystem, it is therefore essential to consider each source of leakage independently. This paper considers data prefetching, which is used in most modern day cache memories to reduce miss penalty. We build a framework that would help computer architects theoretically gauge the impact of a data prefetcher in time-driven cache attacks early in the design phase. The framework computes leakage due to the prefetcher using a metric that is based on the Kullback–Leibler transformation. We use the framework to analyze two commonly used prefetching algorithms, namely sequential and arbitrary-stride prefetching. These form the basis of several other prefetching algorithms. We also demonstrate its use by designing a new prefetching algorithm called even–odd prefetcher that does not have leakage in time-driven cache attacks.
      PubDate: 2021-05-20
      DOI: 10.1007/s00145-021-09394-z
       
  • Session Resumption Protocols and Efficient Forward Security for TLS 1.3
           0-RTT

    • Free pre-print version: Loading...

      Abstract: The TLS 1.3 0-RTT mode enables a client reconnecting to a server to send encrypted application-layer data in “0-RTT” (“zero round-trip time”), without the need for a prior interactive handshake. This fundamentally requires the server to reconstruct the previous session’s encryption secrets upon receipt of the client’s first message. The standard techniques to achieve this are session caches or, alternatively, session tickets. The former provides forward security and resistance against replay attacks, but requires a large amount of server-side storage. The latter requires negligible storage, but provides no forward security and is known to be vulnerable to replay attacks. In this paper, we first formally define session resumption protocols as an abstract perspective on mechanisms like session caches and session tickets. We give a new generic construction that provably provides forward security and replay resilience, based on puncturable pseudorandom functions (PPRFs). We show that our construction can immediately be used in TLS 1.3 0-RTT and deployed unilaterally by servers, without requiring any changes to clients or the protocol. To this end, we present a generic composition of our new construction with TLS 1.3 and prove its security. This yields the first construction that achieves forward security for all messages, including the 0-RTT data. We then describe two new constructions of PPRFs, which are particularly suitable for use for forward-secure and replay-resilient session resumption in TLS 1.3. The first construction is based on the strong RSA assumption. Compared to standard session caches, for “128-bit security” it reduces the required server storage by a factor of almost 20, when instantiated in a way such that key derivation and puncturing together are cheaper on average than one full exponentiation in an RSA group. Hence, a 1 GB session cache can be replaced with only about 51 MBs of storage, which significantly reduces the amount of secure memory required. For larger security parameters or in exchange for more expensive computations, even larger storage reductions are achieved. The second construction combines a standard binary tree PPRF with a new “domain extension” technique. For a reasonable choice of parameters, this reduces the required storage by a factor of up to 5 compared to a standard session cache. It employs only symmetric cryptography, is suitable for high-traffic scenarios, and can serve thousands of tickets per second.
      PubDate: 2021-05-18
      DOI: 10.1007/s00145-021-09385-0
       
  • Round-Optimal Secure Multi-party Computation

    • Free pre-print version: Loading...

      Abstract: Secure multi-party computation (MPC) is a central cryptographic task that allows a set of mutually distrustful parties to jointly compute some function of their private inputs where security should hold in the presence of an active (i.e. malicious) adversary that can corrupt any number of parties. Despite extensive research, the precise round complexity of this “standard-bearer” cryptographic primitive, under polynomial-time hardness assumptions, is unknown. Recently, Garg, Mukherjee, Pandey and Polychroniadou, in Eurocrypt 2016 demonstrated that the round complexity of any MPC protocol relying on black-box proofs of security in the plain model must be at least four. Following this work, independently Ananth, Choudhuri and Jain, CRYPTO 2017 and Brakerski, Halevi, and Polychroniadou, TCC 2017 made progress towards solving this question and constructed four-round protocols based on the DDH and LWE assumptions, respectively, albeit with super-polynomial hardness. More recently, Ciampi, Ostrovsky, Siniscalchi and Visconti in TCC 2017 closed the gap for two-party protocols by constructing a four-round protocol from polynomial-time assumptions, concretely, trapdoor permutations. In another work, Ciampi, Ostrovsky, Siniscalchi and Visconti TCC 2017 showed how to design a four-round multi-party protocol for the specific case of multi-party coin-tossing based on one-way functions. In this work, we resolve this question by designing a four-round actively secure multi-party (two or more parties) protocol for general functionalities under standard polynomial-time hardness assumptions with a black-box proof of security, specifically, under the assumptions LWE, DDH, QR and DCR.
      PubDate: 2021-05-13
      DOI: 10.1007/s00145-021-09382-3
       
  • Is There an Oblivious RAM Lower Bound for Online Reads'

    • Free pre-print version: Loading...

      Abstract: Oblivious RAM (ORAM), introduced by Goldreich (STOC 1987) and Ostrovsky (STOC 1990), can be used to read and write to memory in a way that hides which locations are being accessed. The best known ORAM schemes have an \(O(\log n)\) overhead per access, where \(n\) is the data size. The work of Goldreich and Ostrovsky (JACM 1996) gave a lower bound, showing that this is optimal for ORAM schemes that operate in a “balls and bins” model, where memory blocks can only be shuffled between different locations but not manipulated otherwise (and the server is used solely as remote storage). The lower bound even extends to weaker settings such as offline ORAM, where all of the accesses to be performed need to be specified ahead of time, and read-only ORAM, which only allows reads but not writes. But can we get lower bounds for general ORAM, beyond “balls and bins”' The work of Boyle and Naor (ITCS 2016) shows that this is unlikely in the offline setting. In particular, they construct an offline ORAM with \(o(\log n)\) overhead assuming the existence of small sorting circuits. Although we do not have instantiations of the latter, ruling them out would require proving new circuit lower bounds. On the other hand, the recent work of Larsen and Nielsen (CRYPTO 2018) shows that there indeed is an \(\Omega (\log n)\) lower bound for general online ORAM. This still leaves the question open for online read-only ORAM or for read/write ORAM where we want very small overhead for the read operations. In this work, we show that a lower bound in these settings is also unlikely. In particular, our main result is a construction of online ORAM, in which the server is used solely as remote storage, where reads (but not writes) have an \(o(\log n)\) overhead, assuming the existence of small sorting circuits as well as very good locally decodable codes (LDCs). Although we do not have instantiations of either of these with the required parameters, ruling them out is beyond current lower bounds.
      PubDate: 2021-05-11
      DOI: 10.1007/s00145-021-09392-1
       
 
JournalTOCs
School of Mathematical and Computer Sciences
Heriot-Watt University
Edinburgh, EH14 4AS, UK
Email: journaltocs@hw.ac.uk
Tel: +00 44 (0)131 4513762
 


Your IP address: 3.236.84.188
 
Home (Search)
API
About JournalTOCs
News (blog, publications)
JournalTOCs on Twitter   JournalTOCs on Facebook

JournalTOCs © 2009-