LEADER 13275nam  22008415  450 
001 9910482982303321
005 20230111090043.0
010   $a3-319-63697-9
024 7 $a10.1007/978-3-319-63697-9
035   $a(CKB)3710000001631251
035   $a(DE-He213)978-3-319-63697-9
035   $a(MiAaPQ)EBC6302880
035   $a(MiAaPQ)EBC5595576
035   $a(Au-PeEL)EBL5595576
035   $a(OCoLC)1001286943
035   $a(PPN)203849892
035   $a(EXLCZ)993710000001631251
100   $a20170801d2017      u|         0
101 0 $aeng
135   $aurnn#008mamaa
181   $ctxt$2rdacontent
182   $cc$2rdamedia
183   $acr$2rdacarrier
200 10$aAdvances in Cryptology ? CRYPTO 2017 $e37th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 20?24, 2017, Proceedings, Part III /$fedited by Jonathan Katz, Hovav Shacham
205   $a1st ed. 2017.
210  1$aCham :$cSpringer International Publishing :$cImprint: Springer,$d2017.
215   $a1 online resource (XV, 713 p. 95 illus.)
225 1 $aSecurity and Cryptology ;$v10403
311 1 $a3-319-63696-0 
327   $aIntro -- Preface -- Crypto 2017 The 37th IACR International Cryptology Conference -- Contents - Part III -- Authenticated Encryption -- Boosting Authenticated Encryption Robustness with Minimal Modifications -- 1 Introduction -- 1.1 Robust Algorithms -- 1.2 Release of Unverified Plaintext -- 1.3 Contributions -- 2 Related Work -- 3 Preliminaries -- 3.1 Notation -- 3.2 Adversaries and Advantages -- 3.3 Authenticated Encryption Schemes -- 4 Resilience to Nonce Misuse -- 4.1 OCB Attacks -- 4.2 Chosen-Plaintext Confidentiality -- 4.3 Authenticity -- 4.4 Chosen-Ciphertext Confidentiality -- 5 Adding RUP Security to Encryption Schemes -- 5.1 Definitions -- 5.2 Generic Construction -- 5.3 GCM-RUP -- A  Algorithm Descriptions -- A.1 OCB -- A.2 GCM -- A.3  ChaCha20+Poly1305 -- B  Formal Security Argument For The Generic Construction -- C  Application to Tor -- C.1 Tor -- C.2  The Crypto-tagging Attack -- C.3  Avoiding the Attack -- References -- ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication -- 1 Introduction -- 2 Preliminaries -- 3 Specification of ZMAC -- 3.1 Overview -- 3.2 Specification of ZHASH for the Case t N -- 3.3 Specification of ZHASH for the Case t > n -- 3.4 Finalization -- 4 The PRF Security of ZMAC -- 4.1 XT Tweak Extension -- 4.2 Collision Probability of ZHASH -- 4.3 PRF Security of Finalization -- 4.4 PRF Security of ZMAC -- 4.5 Other Variants of ZMAC -- 5 Application to Authenticated Encryption: ZAE -- 6 MAC and AE Instances -- 6.1 Handling the Domain Separation of TBC Instances -- 6.2 Efficiency Comparisons -- References -- Message Franking via Committing Authenticated Encryption -- 1 Introduction -- 2 Preliminaries -- 3 Message Franking and End-to-End Encryption -- 4 Committing AEAD -- 5 Are Existing AEAD Schemes Committing? -- 5.1 Committing Encode-then-Encipher -- 5.2 Encrypt-then-MAC.
327   $a5.3 MAC-then-Encrypt -- 5.4 Some Non-binding AEAD Schemes -- 6 Composing Commitment and AEAD -- 7 Nonce-Based Committing AEAD and the CEP Construction -- 8 Analysis of CEP -- 9 Related Work -- References -- Key Rotation for Authenticated Encryption -- 1 Introduction -- 2 Updatable AE -- 3 Confidentiality and Integrity for Updatable Encryption -- 3.1 Message Confidentiality -- 3.2 Ciphertext Integrity -- 4 Practical Updatable AE Schemes -- 4.1 Authenticated Encryption -- 4.2 (In-)Security of AE-Hybrid Construction -- 4.3 Improving AE-Hybrid -- 5 Indistinguishability of Re-encryptions -- 6 Revisiting the BLMR Scheme -- 6.1 Negative Result About Provable UP-IND Security of BLMR -- 7 An Updatable AE Scheme with Re-encryption Indistinguishability -- 7.1 Security of ReCrypt -- 7.2 Instantiating the Key-Homomorphic PRF -- 7.3 Implementation and Performance -- 8 Conclusion and Open Problems -- A Bidirectional Updatable AE -- A.1 XOR-KEM: A Bidirectional Updatable AE Scheme -- References -- Public-Key Encryption -- Kurosawa-Desmedt Meets Tight Security -- 1 Introduction -- 2 Preliminaries -- 2.1 Notations -- 2.2 Hash Functions -- 2.3 Prime-Order Groups -- 2.4 Public-Key Encryption -- 2.5 Key Encapsulation Mechanism -- 3 Qualified Proof Systems -- 4 The OR-Proof -- 4.1 Public Parameters and the OR-Languages -- 4.2 A Construction Based on MDDH -- 5 Key Encapsulation Mechanism -- References -- Asymptotically Compact Adaptively Secure Lattice IBEs and Verifiable Random Functions via Generalized Partitioning Techniques -- 1 Introduction -- 1.1 Background -- 1.2 Our Contributions -- 1.3 Related Works -- 2 Technical Overview -- 2.1 A Twist on the Admissible Hash -- 2.2 Our First Lattice IBE -- 2.3 Our First VRF -- 2.4 Other Constructions -- 3 Preliminaries -- 3.1 Cryptographic Primitives -- 3.2 Preliminaries on Lattices and Bilinear Maps -- 4 Partitioning Functions.
327   $a4.1 Definition -- 4.2 Construction from Admissible Hash Function -- 4.3 Our Construction Based on Modified Admissible Hash Function -- 4.4 Our Construction Based on Affine Functions -- 5 Our IBE Schemes -- 5.1 Compatible Algorithms for Partitioning Functions -- 5.2 Construction -- 5.3 Multi-bit Variant -- 6 Our VRF Scheme Based on FMAH -- 6.1 Construction -- 6.2 A Variant with Short Verification Keys -- 7 Comparisons -- References -- Identity-Based Encryption from Codes with Rank Metric -- 1 Introduction -- 1.1 Code-Based Cryptography -- 1.2 Identity Based Encryption -- 1.3 Hardness of Problems in Rank Metric -- 1.4 Our Contribution -- 2 Background on Rank Metric and Cryptography -- 2.1 Notation -- 2.2 Definitions -- 2.3 Decoding Rank Codes -- 2.4 Difficult Problem for Rank-Based Cryptography -- 2.5 Complexity of the Rank Decoding Problem -- 3 A New Public Key Encryption -- 3.1 Public-Key Encryption -- 3.2 Description of the Cryptosystem RankPKE -- 3.3 Security -- 4 On the Difficulty of the Rank Support Learning Problem -- 4.1 A Related Problem: The Support Learning Problem -- 4.2 Both Problems Reduce to Linear Algebra When N is Large Enough -- 4.3 Solving the Subspace Problem with Information-Set Decoding -- 4.4 Link Between Rank Support Learning and Decoding over the Rank Metric -- 5 Identity Based Encryption -- 5.1 Trapdoor Functions from RankSign -- 5.2 Scheme -- 5.3 Security -- 6 Parameters -- 6.1 General Parameters for RankSign and RankEnc -- 6.2 Practical Evaluation of the Security -- References -- Stream Ciphers -- Degree Evaluation of NFSR-Based Cryptosystems -- 1 Introduction -- 1.1 Our Contributions -- 1.2 Related Work -- 1.3 Organization -- 2 Preliminaries -- 3 An Iterative Method for Estimating Algebraic Degree of NFSR-Based Cryptosystems -- 4 Applications to Trivium-Like Ciphers -- 4.1 A Brief Description of Trivium-Like Ciphers.
327   $a4.2 The Algorithm for Estimation of Degree of Trivium-Like Ciphers -- 4.3 Experimental Results -- 5 Improved Estimation of Degree of Trivium-Like Ciphers -- 6 Conclusions -- A The Full Procedures of DegMul and DegMul -- B The Best Cube Testers -- References -- Cube Attacks on Non-Blackbox Polynomials Based on Division Property -- 1 Introduction -- 2 Preliminaries -- 2.1 Mixed Integer Linear Programming -- 2.2 Cube Attack -- 2.3 Higher-Order Differential Cryptanalysis and Division Property -- 3 How to Analyze Non-Blackbox Polynomials -- 3.1 What Is Guaranteed by Division Property -- 3.2 Superpoly Recovery -- 4 Toward Key Recovery -- 4.1 Evaluating Time Complexity -- 5 Applications -- 5.1 Application to Trivium -- 5.2 Application to Grain128a -- 5.3 Application to ACORN -- 6 Discussions -- 6.1 Validity of Assumptions1 and 2 -- 6.2 Multiple-Bits Recovery only from One Cube -- 6.3 Comparison with Previous Techniques -- 7 Conclusion -- References -- Lattice Crypto -- Middle-Product Learning with Errors -- 1 Introduction -- 2 Background -- 2.1 Probabilities -- 2.2 Polynomials and Structured Matrices -- 2.3 The Polynomial Learning with Errors Problem (PLWE) -- 3 The Middle-Product Learning with Errors Problem -- 3.1 The Middle-Product -- 3.2 Middle-Product Learning with Errors -- 3.3 Hardness of MP-LWE -- 4 Public-Key Encryption from MP-LWE -- References -- All-But-Many Lossy Trapdoor Functions from Lattices and Applications -- 1 Introduction -- 1.1 Our Contribution -- 1.2 Other Related Works -- 2 Preliminaries -- 2.1 Randomness Extractor -- 2.2 Discrete Gaussians -- 2.3 Gadget Matrices -- 2.4 Homomorphic Evaluation Algorithms -- 2.5 Computational Assumptions -- 3 Definitions -- 3.1 Weak Pseudorandom Functions -- 3.2 Chameleon Hash Functions -- 3.3 Lossy Trapdoor Functions -- 3.4 All-But-Many Lossy Trapdoor Functions.
327   $a4 All-But-Many Lossy Trapdoor Function from LWE -- 4.1 Basic LTF from [10] -- 4.2 Our Construction of ABM-LTF -- 4.3 Correctness -- 4.4 Parameter Selections -- 4.5 Security Proofs -- 5 IND-SO-CCA2 Secure PKE from Lattices -- 5.1 Definition of IND-SO-CCA2 Security -- 5.2 Construction of IND-SO-CCA2 PKE -- 5.3 Security Proof -- 5.4 Tightly Secure IND-CCA2 PKE -- 6 Conclusion -- References -- All-But-Many Lossy Trapdoor Functions and Selective Opening Chosen-Ciphertext Security from LWE -- 1 Introduction -- 1.1 Our Results -- 1.2 Our Techniques -- 1.3 Related Work -- 2 Background -- 2.1 Randomness Extraction -- 2.2 Reminders on Lattices -- 2.3 The Learning with Errors Problem -- 2.4 Lossy Trapdoor Functions -- 2.5 All-But-Many Lossy Trapdoor Functions -- 2.6 Selective-Opening Chosen-Ciphertext Security -- 3 An All-But-Many Lossy Trapdoor Function from LWE -- 3.1 An LWE-Based Lossy Trapdoor Function -- 3.2 An All-But-Many Lossy Trapdoor Function from LWE -- 3.3 Joint Use of Lossy and All-But-Many Functions -- 4 Selective Opening Chosen-Ciphertext Security -- 4.1 Description -- 4.2 Indistinguishability-Based (IND-SO-CCA2) Security -- 4.3 Achieving Simulation-Based (SIM-SO-CCA2) Security -- References -- Amortization with Fewer Equations for Proving Knowledge of Small Secrets -- 1 Introduction -- 1.1 Prior Work -- 1.2 Our Results -- 1.3 Paper Organization -- 2 Preliminaries -- 2.1 Notation -- 2.2 Homomorphic OWF -- 2.3 Rejection Sampling and the Normal Distribution -- 2.4 Zero-Knowledge Proofs of Knowledge -- 2.5 Imperfect Proof of Knowledge and a Compiler -- 3 Warmup Construction -- 4 Amortized Proof for f(xi)=yi with Fewer Equations -- 5 Proving f(xi)=2yi with Even Fewer Equations -- 6 Proof Size -- References -- Leakage and Subversion -- Private Multiplication over Finite Fields -- 1 Introduction -- 1.1 Our Problem -- 1.2 Related Work.
327   $a1.3 Our Contributions.
330   $aThe three volume-set, LNCS 10401, LNCS 10402, and LNCS 10403, constitutes the refereed proceedings of the 37th Annual International Cryptology Conference, CRYPTO 2017, held in Santa Barbara, CA, USA, in August 2017. The 72 revised full papers presented were carefully reviewed and selected from 311 submissions. The papers are organized in the following topical sections: functional encryption; foundations; two-party computation; bitcoin; multiparty computation; award papers; obfuscation; conditional disclosure of secrets; OT and ORAM; quantum; hash functions; lattices; signatures; block ciphers; authenticated encryption; public-key encryption, stream ciphers, lattice crypto; leakage and subversion; symmetric-key crypto, and real-world crypto.
410  0$aSecurity and Cryptology ;$v10403
606   $aData encryption (Computer science)
606   $aComputer communication systems
606   $aComputer security
606   $aCoding theory
606   $aInformation theory
606   $aComputers and civilization
606   $aSoftware engineering
606   $aCryptology$3https://scigraph.springernature.com/ontologies/product-market-codes/I28020
606   $aComputer Communication Networks$3https://scigraph.springernature.com/ontologies/product-market-codes/I13022
606   $aSystems and Data Security$3https://scigraph.springernature.com/ontologies/product-market-codes/I28060
606   $aCoding and Information Theory$3https://scigraph.springernature.com/ontologies/product-market-codes/I15041
606   $aComputers and Society$3https://scigraph.springernature.com/ontologies/product-market-codes/I24040
606   $aSoftware Engineering$3https://scigraph.springernature.com/ontologies/product-market-codes/I14029
615  0$aData encryption (Computer science).
615  0$aComputer communication systems.
615  0$aComputer security.
615  0$aCoding theory.
615  0$aInformation theory.
615  0$aComputers and civilization.
615  0$aSoftware engineering.
615 14$aCryptology.
615 24$aComputer Communication Networks.
615 24$aSystems and Data Security.
615 24$aCoding and Information Theory.
615 24$aComputers and Society.
615 24$aSoftware Engineering.
676   $a005.82
702   $aKatz$b Jonathan$f1974-$4edt$4http://id.loc.gov/vocabulary/relators/edt
702   $aShacham$b Hovav$4edt$4http://id.loc.gov/vocabulary/relators/edt
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
906   $aBOOK
912   $a9910482982303321
996   $aAdvances in Cryptology ? CRYPTO 2017$92808709
997   $aUNINA