_ IACR ePrint 2015/1049まで確認済み、ECCC 2003年分まで確認済み
_ 気になった論文1:Encryption Switching Protocols
, Geoffroy Couteau, Thomas Peters, David Pointcheval, http://eprint.iacr.org/2015/990
We put forth a novel cryptographic primitive: encryption switching protocol (ESP), allowing to switch between two encryption schemes. Intuitively, this two-party protocol converts given ciphertexts from one scheme into ciphertexts of the same messages in the other scheme, for any polynomial number of switches, in any direction. Although ESP is a special kind of two-party computation protocol, it turns out that ESP implies general two-party computation under natural conditions. In particular, our new paradigm is tailored to the evaluation of functions over rings. Indeed, assuming the compatibility of two additively and multiplicatively homomorphic encryption schemes, switching ciphertexts makes it possible to efficiently reconcile the two internal laws. Since no such pair of schemes appeared in the literature, except for the non-interactive case of fully homomorphic encryption which still remains prohibitive in practice, we build the first ElGamal-like encryption scheme over (Zn;x) as a complement to the Paillier encryption scheme over (Zn;+), where n is a strong RSA modulus. Eventually, we also instantiate secure ESP between the two schemes, in front of malicious adversaries. Thanks to a pre-processing step, we manage to get an online communication in terms of group elements which neither depends on the security parameter nor on the modulus n. This makes use of a new technique called refreshable twin-ciphertext pool that is of independent interest.
_ 気になった論文2:Homomorphic evaluation requires depth
, Andrej Bogdanov; Chin Ho Lee, http://eprint.iacr.org/2015/1044
We show that homomorphic evaluation of any non-trivial functionality of sufficiently many inputs with respect to any CPA secure homomorphic encryption scheme cannot be implemented by circuits of polynomial size and constant depth, i.e., in the class $\ac^0$. In contrast, we observe that there exist ordinary public-key encryption schemes of quasipolynomial security in $\ac^0$ assuming noisy parities are exponentially hard to learn. We view this as evidence that homomorphic evaluation is inherently more complex than basic operations in encryption schemes.
_ 気になった論文3:Reconfigurable Cryptography: A flexible approach to long-term security
, Julia Hesse and Dennis Hofheinz and Andy Rupp, http://eprint.iacr.org/2015/1047
We put forward the concept of a reconfigurable cryptosystem. Intuitively, a reconfigurable cryptosystem allows to increase the security of the system at runtime, by changing a single central parameter we call common reference string (CRS). In particular, e.g., a cryptanalytic advance does not necessarily entail a full update of a large public-key infrastructure; only the CRS needs to be updated. In this paper we focus on the reconfigurability of encryption and signature schemes, but we believe that this concept and the developed techniques can also be applied to other kind of cryptosystems.
Besides a security definition, we offer two reconfigurable encryption schemes, and one reconfigurable signature scheme. Our first reconfigurable encryption scheme uses indistinguishability obfuscation (however only in the CRS) to adaptively derive short-term keys from long-term keys. The security of long-term keys can be based on a one-way function, and the security of both the indistinguishability obfuscation and the actual encryption scheme can be increased on-the-fly, by changing the CRS. We stress that our scheme remains secure even if previous short-term secret keys are leaked.
Our second reconfigurable encryption scheme has a similar structure (and similar security properties), but relies on a pairing-friendly group instead of obfuscation. Its security is based on the recently introduced hierarchy of \(k\)-SCasc assumptions. Similar to the \(k\)-Linear assumption, it is known that \(k\)-SCasc implies \((k+1)\)-SCasc, and that this implication is proper in the generic group model. Our system allows to increase \(k\) on-the-fly, just by changing the CRS. In that sense, security can be increased without changing any long-term keys.
We also offer a reconfigurable signature scheme based on the same hierarchy of assumptions.
最近のツッコミ↓