Cham, Switzerland : , : Springer, , [2022]

©2022

3-031-22301-2

1 online resource (539 pages)

Lecture notes in computer science ; ; Volume 13494

TK5105.59

Computer networks - Security measures

Computer security

Inglese

Includes bibliographical references and index.

Intro -- Preface -- Organization -- Keynote Talks -- Combinatorial Cryptography -- Technical Challenges in Blockchains -- Just About Time -- Contents -- Symmetric-Key Cryptography -- Key Structures: Improved Related-Key Boomerang Attack Against the Full AES-256 -- 1 Introduction -- 2 Preliminaries -- 2.1 Description of AES -- 2.2 Boomerang Attack -- 2.3 Notations -- 3 Key Structures -- 4 Improved Boomerang Attack on AES-256 -- 4.1 Construction of the Key Structure -- 4.2 Boomerang Distinguisher -- 4.3 A Detailed Description of the Attack -- 5 Conclusion -- References -- Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES -- 1 Introduction -- 1.1 Contributions -- 1.2 Follow-Up Works: Truncated Differentials for 5-/6-Round AES -- 2 Preliminary -- 2.1 Advanced Encryption Standard (AES) -- 2.2 Properties of an S-Box -- 3 Probability Distribution for 5-Round AES -- 3.1 Truncated Differentials for 2-Round AES -- 3.2 Multiple-of-8 Property and Mixture Differential Cryptanalysis -- 3.3 Main Result: Probability Distribution for 5-Round AES -- 4 Initial Considerations -- 5 Proof of Theorem4: Sum of Binomial Distributions -- 6 Proof of Theorem4: About the Probabilities p3,p10, p17 -- 6.1 Reduction to the Middle Round -- 6.2 A ``Simpler'' Case: 216 Texts with Two Equal Generating Variables -- 6.3 Generic Case: 232 Texts -- 7 Practical Results for 5-Round AES -- 7.1

Probability Distribution of 5-Round AES over (F2n)44 -- 7.2 Practical Results for 5-Round AES over F2n44 for n{4,8} -- References -- PNB-Focused Differential Cryptanalysis of ChaCha Stream Cipher -- 1 Introduction -- 2 Specification of ChaCha -- 3 Differential Cryptanalysis of ChaCha -- 3.1 Precomputation Phase -- 3.2 Online Phase -- 4 Analysis of PNB -- 4.1 Search for PNB with High Neutral Measures -- 4.2 Experimental Results -- 4.3 Discussion.

5 PNB-Focused Differential Attack -- 5.1 Analysis of Single-Bit Differential Biases -- 5.2 Complexity Estimation -- 6 Related Works -- 7 Conclusion -- References -- Improved Differential Attack on Round-Reduced LEA -- 1 Introduction -- 2 Fu's MILP Model for Differential Characteristics of ARX Ciphers -- 3 Automatic Search for Characteristics and Differentials for Round-Reduced LEA -- 3.1 Differential Property for Modular Addition -- 3.2 Improved Searching Strategy for Long-Round Differential Characteristics -- 4 Application to Round-Reduced LEA -- 4.1 Description of LEA -- 4.2 Characteristics and Differentials of Round-Reduced LEA -- 4.3 Differential Attacks on Round-Reduced LEA -- 5 Conclusion -- References -- Implementing Grover Oracle for Lightweight Block Ciphers Under Depth Constraints -- 1 Introduction -- 1.1 Our Contributions -- 1.2 Organization of the Paper -- 2 Preliminaries -- 2.1 Fault-Tolerant Gate Set -- 2.2 Cost Metrics for Quantum Circuit -- 3 Finding Key for Block Cipher with Grover's Algorithm -- 3.1 Key Search Problem for Block Cipher -- 3.2 Grover's Algorithm -- 3.3 Cost Metrics for Grover's Algorithm with Parallelization -- 3.4 Cost Metrics for Grover's Algorithm with Parallelization Under a Depth Limit -- 4 Quantum Circuit of GIFT -- 4.1 Round Function -- 4.2 Key Schedule and Round Constants -- 5 Quantum Circuit of SKINNY -- 5.1 Round Function -- 6 Quantum Circuit of SATURNIN -- 6.1 Round Function -- 6.2 Key Schedule and Round Constants -- 7 Quantum Resource Estimates for Implementing the Circuits of GIFT, SKINNY, and SATURNIN -- 8 Grover Oracles and Key Search Resource Estimates -- 8.1 Grover Oracle -- 8.2 Cost Estimates for Lightweight Block Cipher Key Search -- 8.3 Cost Estimates for Grover Search Under MAXDEPTH Limit -- 9 Conclusion -- References -- Improved Division Property for Ciphers with Complex Linear Layers.

1 Introduction -- 2 Notations and Division Property -- 3 A Method to Reduce Redundant Division Trails for Complex Linear Layers -- 4 Applications -- 4.1 Application to uBlock-128 -- 4.2 Application to MIBS -- 5 Conclusion -- A  Linear Inequalities for S-Boxes in uBlock-128 -- B  Linear Inequalities for S-Boxes in MIBS -- References -- Fast Skinny-128 SIMD Implementations for Sequential Modes of Operation -- 1 Introduction -- 2 Skinny in Software -- 2.1 The Skinny-128 Tweakable Block Ciphers -- 2.2 Publicly Available Software Implementations -- 3 Optimizing the S-Box Layer -- 3.1 NEON Vector Permute Instructions -- 3.2 S-Box Decomposition -- 4 Other Optimizations -- 4.1 Linear Layer -- 4.2 Tweakey Schedule -- 5 Implementation Results -- 5.1 ARM NEON -- 5.2 Intel Streaming SIMD Extensions -- 6 Conclusion and Future Work -- A  D4444 Decomposition -- B  D4454 Decomposition -- References -- Public-Key Cryptanalysis -- Handle the Traces: Revisiting the Attack on ECDSA with EHNP -- 1 Introduction -- 2 Preliminaries -- 2.1 ECDSA -- 2.2 ECDSA Scalar Multiplication and Side-Channel Attack -- 2.3 EHNP -- 2.4 Lattice -- 3 Framework of EHNP Attack -- 3.1 Preparation -- 3.2 Formulating EHNP -- 3.3 Lattice Basis -- 4 New Analysis of ECDSA-EHNP -- 4.1 New Estimation for "026B30D z"026B30D -- 4.2 Sublattice Analysis -- 4.3 Evaluating the Instance -- 4.4 Short Vectors -- 5 Algorithms -- 5.1 Strategy -- 5.2 The Attack -- 6 Simulation Analysis

-- 6.1 Attacking with 3 Traces -- 6.2 Attacking with More Traces -- 6.3 Handling Errors -- 7 Conclusion -- References -- Hybrid Dual and Meet-LWE Attack -- 1 Introduction -- 1.1 Related Work -- 1.2 Contributions -- 1.3 Roadmap -- 2 Preliminaries -- 2.1 Notations -- 2.2 Lattice and Lattice Reduction -- 2.3 The Learning with Errors Problem -- 2.4 Lemma -- 3 May's Meet-LWE Attack -- 3.1 Ternary-0 -- 3.2 Ternary-1.

4 Hybrid Dual Attacks -- 5 Combine Meet-LWE with Dual Attack -- 5.1 Meet-LWE on Ternary-2 LWE -- 5.2 The Larger Error -- 5.3 Our Attack -- 6 Complexity Estimation and Comparison -- 6.1 Case 1 -- 6.2 Case 2 -- 6.3 Case 3 -- 6.4 Overview -- 7 Conclusion -- References -- Cryptanalysis and Repair of a Gabidulin Code Based Cryptosystem from ACISP 2018 -- 1 Introduction -- 2 Preliminaries -- 2.1 Notations and Basic Concepts -- 2.2 Gabidulin Codes -- 3 Lau-Tan Cryptosystem -- 4 Key Recovery Attack -- 4.1 Further Results About Gabidulin Codes -- 4.2 Recovering the Private T -- 4.3 Finding an Equivalent (S',G') -- 4.4 Complexity of the Attack -- 4.5 Implementation -- 5 A Repair -- 5.1 Description of the Repair -- 5.2 Security Analysis -- 6 Cryptanalysis of Loidreau's Cryptosystem -- 7 Conclusion -- References -- Public-Key Cryptography -- Chosen Ciphertext Secure Keyed Two-Level Homomorphic Encryption -- 1 Introduction -- 1.1 Background -- 1.2 Our Contributions -- 1.3 Related Work -- 1.4 Organization of the Paper -- 2 Preliminaries -- 2.1 Pairings -- 2.2 Notation -- 3 Hash Proof Systems -- 3.1 Construction of HPS Based on Diverse Vector Space -- 3.2 Direct Product of HPS -- 4 Keyed Two-Level Homomorphic Encryption -- 4.1 Syntax and Security Notion -- 4.2 Overview of Our Construction -- 4.3 Construction of Hash Proof System -- 4.4 Concrete Construction of the Proposed Scheme -- 5 Efficiency Evaluations -- References -- Structure-Preserving Linearly Homomorphic Signature with Designated Combiner for Subspace -- 1 Introduction -- 1.1 Our Contribution -- 1.2 Related Work -- 1.3 Organization -- 2 Preliminaries and Definitions -- 2.1 Mathematic Background -- 2.2 The Augmented Basis Vectors -- 2.3 The Formal Definition -- 2.4 Security Model -- 3 Our Construction -- 4 Correctness and Security Analysis -- 4.1 Correctness Analysis -- 4.2 Security Analysis.

5 Theoretical Analysis -- 6 Conclusion -- References -- TIDE: A Novel Approach to Constructing Timed-Release Encryption -- 1 Introduction -- 1.1 Sealed-Bid Auctions -- 1.2 Technical Overview -- 1.3 Related Work -- 1.4 Contributions -- 2 Preliminaries: Assumptions and Number Theory -- 3 Our Construction -- 4 Security -- 5 Conclusion -- References -- Multi-signatures for ECDSA and Its Applications in Blockchain -- 1 Introduction -- 1.1 Motivation -- 1.2 Contribution -- 1.3 Related Work -- 1.4 Paper Organization -- 2 Preliminaries -- 3 Multiplicative-to-Additive Share Conversion Protocol -- 3.1 Definition -- 4 Multi-signatures for ECDSA -- 4.1 Construction -- 4.2 Security Proof -- 5 Instantiating with Class Group -- 5.1 Hard Subgroup Membership Group -- 5.2 CL Encryption for HSM Group -- 5.3 ZK Proof with CL Encryption -- 6 Implementation -- 7 Applications in Blockchain -- 8 Conclusion -- A Definition for Building Blocks -- A.1 ECDSA -- A.2 Additive Homomorphic Encryption -- A.3 Trapdoor Commitment -- B Trapdoor Commitments and Its ZK Proofs -- C Zero-Knowledge Proof for MtA(wc) -- References -- Post-quantum Cryptography -- Fiat-Shamir Signatures Based on Module-NTRU*-12pt -- 1 Introduction -- 1.1 Previous Work -- 1.2 Contributions -- 2 Preliminaries -- 2.1 (Inhomogeneous) Module-NTRU -- 3 Signature Based on iMNTRU in the QROM -- 3.1 A Lossy Identification Scheme -- 4 A BLISS-Like Signature Based on MNTRU -- 4.1 Signature Scheme -- 4.2 Security Proof -- 5

Security Analysis and Parameters -- 5.1 Concrete Instantiation -- References -- Speeding-Up Parallel Computation of Large Smooth-Degree Isogeny Using Precedence-Constrained Scheduling*-12pt -- 1 Introduction -- 2 Preliminaries -- 2.1 SIDH -- 2.2 Large Smooth-Degree Isogeny Computation and Strategies -- 2.3 Single-Processor Setting -- 2.4 Multi-processor Setting.

2.5 Precedence-Constrained Scheduling Algorithms.