Cham : , : Springer International Publishing : , : Imprint : Springer, , 2017

3-319-63697-9

1 online resource (XV, 713 p. 95 illus.)

Security and Cryptology ; ; 10403

005.82

Data encryption (Computer science)

Computer communication systems

Computer security

Coding theory

Information theory

Computers and civilization

Software engineering

Cryptology

Computer Communication Networks

Systems and Data Security

Coding and Information Theory

Computers and Society

Software Engineering

Inglese

Intro -- Preface -- Crypto 2017 The 37th IACR International Cryptology Conference -- Contents - Part III -- Authenticated Encryption -- Boosting Authenticated Encryption Robustness with Minimal Modifications -- 1 Introduction -- 1.1 Robust Algorithms -- 1.2 Release of Unverified Plaintext -- 1.3 Contributions -- 2 Related Work -- 3 Preliminaries -- 3.1 Notation -- 3.2 Adversaries and Advantages -- 3.3 Authenticated Encryption Schemes -- 4 Resilience to Nonce Misuse -- 4.1 OCB Attacks -- 4.2 Chosen-Plaintext Confidentiality --

4.3 Authenticity -- 4.4 Chosen-Ciphertext Confidentiality -- 5 Adding RUP Security to Encryption Schemes -- 5.1 Definitions -- 5.2 Generic Construction -- 5.3 GCM-RUP -- A  Algorithm Descriptions -- A.1 OCB -- A.2 GCM -- A.3  ChaCha20+Poly1305 -- B  Formal Security Argument For The Generic Construction -- C  Application to Tor -- C.1 Tor -- C.2  The Crypto-tagging Attack -- C.3  Avoiding the Attack -- References -- ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication -- 1 Introduction -- 2 Preliminaries -- 3 Specification of ZMAC -- 3.1 Overview -- 3.2 Specification of ZHASH for the Case t N -- 3.3 Specification of ZHASH for the Case t > n -- 3.4 Finalization -- 4 The PRF Security of ZMAC -- 4.1 XT Tweak Extension -- 4.2 Collision Probability of ZHASH -- 4.3 PRF Security of Finalization -- 4.4 PRF Security of ZMAC -- 4.5 Other Variants of ZMAC -- 5 Application to Authenticated Encryption: ZAE -- 6 MAC and AE Instances -- 6.1 Handling the Domain Separation of TBC Instances -- 6.2 Efficiency Comparisons -- References -- Message Franking via Committing Authenticated Encryption -- 1 Introduction -- 2 Preliminaries -- 3 Message Franking and End-to-End Encryption -- 4 Committing AEAD -- 5 Are Existing AEAD Schemes Committing? -- 5.1 Committing Encode-then-Encipher -- 5.2 Encrypt-then-MAC.

5.3 MAC-then-Encrypt -- 5.4 Some Non-binding AEAD Schemes -- 6 Composing Commitment and AEAD -- 7 Nonce-Based Committing AEAD and the CEP Construction -- 8 Analysis of CEP -- 9 Related Work -- References -- Key Rotation for Authenticated Encryption -- 1 Introduction -- 2 Updatable AE -- 3 Confidentiality and Integrity for Updatable Encryption -- 3.1 Message Confidentiality -- 3.2 Ciphertext Integrity -- 4 Practical Updatable AE Schemes -- 4.1 Authenticated Encryption -- 4.2 (In-)Security of AE-Hybrid Construction -- 4.3 Improving AE-Hybrid -- 5 Indistinguishability of Re-encryptions -- 6 Revisiting the BLMR Scheme -- 6.1 Negative Result About Provable UP-IND Security of BLMR -- 7 An Updatable AE Scheme with Re-encryption Indistinguishability -- 7.1 Security of ReCrypt -- 7.2 Instantiating the Key-Homomorphic PRF -- 7.3 Implementation and Performance -- 8 Conclusion and Open Problems -- A Bidirectional Updatable AE -- A.1 XOR-KEM: A Bidirectional Updatable AE Scheme -- References -- Public-Key Encryption -- Kurosawa-Desmedt Meets Tight Security -- 1 Introduction -- 2 Preliminaries -- 2.1 Notations -- 2.2 Hash Functions -- 2.3 Prime-Order Groups -- 2.4 Public-Key Encryption -- 2.5 Key Encapsulation Mechanism -- 3 Qualified Proof Systems -- 4 The OR-Proof -- 4.1 Public Parameters and the OR-Languages -- 4.2 A Construction Based on MDDH -- 5 Key Encapsulation Mechanism -- References -- Asymptotically Compact Adaptively Secure Lattice IBEs and Verifiable Random Functions via Generalized Partitioning Techniques -- 1 Introduction -- 1.1 Background -- 1.2 Our Contributions -- 1.3 Related Works -- 2 Technical Overview -- 2.1 A Twist on the Admissible Hash -- 2.2 Our First Lattice IBE -- 2.3 Our First VRF -- 2.4 Other Constructions -- 3 Preliminaries -- 3.1 Cryptographic Primitives -- 3.2 Preliminaries on Lattices and Bilinear Maps -- 4 Partitioning Functions.

4.1 Definition -- 4.2 Construction from Admissible Hash Function -- 4.3 Our Construction Based on Modified Admissible Hash Function -- 4.4 Our Construction Based on Affine Functions -- 5 Our IBE Schemes -- 5.1 Compatible Algorithms for Partitioning Functions -- 5.2 Construction -- 5.3 Multi-bit Variant -- 6 Our VRF Scheme Based on FMAH -- 6.1 Construction -- 6.2 A Variant with Short Verification Keys -- 7 Comparisons -- References -- Identity-Based Encryption from Codes with Rank Metric -- 1 Introduction -- 1.1 Code-Based Cryptography -- 1.2 Identity Based Encryption -- 1.3 Hardness of

Problems in Rank Metric -- 1.4 Our Contribution -- 2 Background on Rank Metric and Cryptography -- 2.1 Notation -- 2.2 Definitions -- 2.3 Decoding Rank Codes -- 2.4 Difficult Problem for Rank-Based Cryptography -- 2.5 Complexity of the Rank Decoding Problem -- 3 A New Public Key Encryption -- 3.1 Public-Key Encryption -- 3.2 Description of the Cryptosystem RankPKE -- 3.3 Security -- 4 On the Difficulty of the Rank Support Learning Problem -- 4.1 A Related Problem: The Support Learning Problem -- 4.2 Both Problems Reduce to Linear Algebra When N is Large Enough -- 4.3 Solving the Subspace Problem with Information-Set Decoding -- 4.4 Link Between Rank Support Learning and Decoding over the Rank Metric -- 5 Identity Based Encryption -- 5.1 Trapdoor Functions from RankSign -- 5.2 Scheme -- 5.3 Security -- 6 Parameters -- 6.1 General Parameters for RankSign and RankEnc -- 6.2 Practical Evaluation of the Security -- References -- Stream Ciphers -- Degree Evaluation of NFSR-Based Cryptosystems -- 1 Introduction -- 1.1 Our Contributions -- 1.2 Related Work -- 1.3 Organization -- 2 Preliminaries -- 3 An Iterative Method for Estimating Algebraic Degree of NFSR-Based Cryptosystems -- 4 Applications to Trivium-Like Ciphers -- 4.1 A Brief Description of Trivium-Like Ciphers.

4.2 The Algorithm for Estimation of Degree of Trivium-Like Ciphers -- 4.3 Experimental Results -- 5 Improved Estimation of Degree of Trivium-Like Ciphers -- 6 Conclusions -- A The Full Procedures of DegMul and DegMul -- B The Best Cube Testers -- References -- Cube Attacks on Non-Blackbox Polynomials Based on Division Property -- 1 Introduction -- 2 Preliminaries -- 2.1 Mixed Integer Linear Programming -- 2.2 Cube Attack -- 2.3 Higher-Order Differential Cryptanalysis and Division Property -- 3 How to Analyze Non-Blackbox Polynomials -- 3.1 What Is Guaranteed by Division Property -- 3.2 Superpoly Recovery -- 4 Toward Key Recovery -- 4.1 Evaluating Time Complexity -- 5 Applications -- 5.1 Application to Trivium -- 5.2 Application to Grain128a -- 5.3 Application to ACORN -- 6 Discussions -- 6.1 Validity of Assumptions1 and 2 -- 6.2 Multiple-Bits Recovery only from One Cube -- 6.3 Comparison with Previous Techniques -- 7 Conclusion -- References -- Lattice Crypto -- Middle-Product Learning with Errors -- 1 Introduction -- 2 Background -- 2.1 Probabilities -- 2.2 Polynomials and Structured Matrices -- 2.3 The Polynomial Learning with Errors Problem (PLWE) -- 3 The Middle-Product Learning with Errors Problem -- 3.1 The Middle-Product -- 3.2 Middle-Product Learning with Errors -- 3.3 Hardness of MP-LWE -- 4 Public-Key Encryption from MP-LWE -- References -- All-But-Many Lossy Trapdoor Functions from Lattices and Applications -- 1 Introduction -- 1.1 Our Contribution -- 1.2 Other Related Works -- 2 Preliminaries -- 2.1 Randomness Extractor -- 2.2 Discrete Gaussians -- 2.3 Gadget Matrices -- 2.4 Homomorphic Evaluation Algorithms -- 2.5 Computational Assumptions -- 3 Definitions -- 3.1 Weak Pseudorandom Functions -- 3.2 Chameleon Hash Functions -- 3.3 Lossy Trapdoor Functions -- 3.4 All-But-Many Lossy Trapdoor Functions.

4 All-But-Many Lossy Trapdoor Function from LWE -- 4.1 Basic LTF from [10] -- 4.2 Our Construction of ABM-LTF -- 4.3 Correctness -- 4.4 Parameter Selections -- 4.5 Security Proofs -- 5 IND-SO-CCA2 Secure PKE from Lattices -- 5.1 Definition of IND-SO-CCA2 Security -- 5.2 Construction of IND-SO-CCA2 PKE -- 5.3 Security Proof -- 5.4 Tightly Secure IND-CCA2 PKE -- 6 Conclusion -- References -- All-But-Many Lossy Trapdoor Functions and Selective Opening Chosen-Ciphertext Security from LWE -- 1 Introduction -- 1.1 Our Results -- 1.2 Our Techniques -- 1.3 Related Work -- 2 Background -- 2.1

Randomness Extraction -- 2.2 Reminders on Lattices -- 2.3 The Learning with Errors Problem -- 2.4 Lossy Trapdoor Functions -- 2.5 All-But-Many Lossy Trapdoor Functions -- 2.6 Selective-Opening Chosen-Ciphertext Security -- 3 An All-But-Many Lossy Trapdoor Function from LWE -- 3.1 An LWE-Based Lossy Trapdoor Function -- 3.2 An All-But-Many Lossy Trapdoor Function from LWE -- 3.3 Joint Use of Lossy and All-But-Many Functions -- 4 Selective Opening Chosen-Ciphertext Security -- 4.1 Description -- 4.2 Indistinguishability-Based (IND-SO-CCA2) Security -- 4.3 Achieving Simulation-Based (SIM-SO-CCA2) Security -- References -- Amortization with Fewer Equations for Proving Knowledge of Small Secrets -- 1 Introduction -- 1.1 Prior Work -- 1.2 Our Results -- 1.3 Paper Organization -- 2 Preliminaries -- 2.1 Notation -- 2.2 Homomorphic OWF -- 2.3 Rejection Sampling and the Normal Distribution -- 2.4 Zero-Knowledge Proofs of Knowledge -- 2.5 Imperfect Proof of Knowledge and a Compiler -- 3 Warmup Construction -- 4 Amortized Proof for f(xi)=yi with Fewer Equations -- 5 Proving f(xi)=2yi with Even Fewer Equations -- 6 Proof Size -- References -- Leakage and Subversion -- Private Multiplication over Finite Fields -- 1 Introduction -- 1.1 Our Problem -- 1.2 Related Work.

1.3 Our Contributions.

The three volume-set, LNCS 10401, LNCS 10402, and LNCS 10403, constitutes the refereed proceedings of the 37th Annual International Cryptology Conference, CRYPTO 2017, held in Santa Barbara, CA, USA, in August 2017. The 72 revised full papers presented were carefully reviewed and selected from 311 submissions. The papers are organized in the following topical sections: functional encryption; foundations; two-party computation; bitcoin; multiparty computation; award papers; obfuscation; conditional disclosure of secrets; OT and ORAM; quantum; hash functions; lattices; signatures; block ciphers; authenticated encryption; public-key encryption, stream ciphers, lattice crypto; leakage and subversion; symmetric-key crypto, and real-world crypto.