Constant Ciphertext-Rate Non-committing Encryption from Standard Assumptions.

In this work, we present the first non-committing encryption scheme that achieves ciphertext expansion that is logarithmic in the message length. ... A central tool for constructing adaptively secure protocols is non-committing encryption (Canetti, Feige, Goldreich and Naor, STOC '96). ... Achieving non-interactive (2-round) non-committing encryption with optimal rate (i.e., O(1) ciphertext expansion) remained an open question. ...

doi:10.1007/978-3-662-46494-6_24 fatcat:nkfuoe3evrdbbpnedkfygf6xn4

On the negative side, we show that primitives which require some form of non-malleability (such as digital signatures, message authentication, or non-malleable encryption) cannot be realized with constant ... It was recently shown (Applebaum et al., FOCS 2004) that, under standard cryptographic assumptions, most cryptographic primitives can be realized by functions with constant output locality, namely ones ... This problem was addressed by [4] , who gave a construction of a linear-stretch PRG with (large) constant output locality under a non-standard assumption taken from [1] . ...

doi:10.1007/s00145-009-9039-0 fatcat:bflxo6zcw5g27hbmcspq5doory

We formulate a natural (though non-standard) variant of homomorphic encryption that has a homomorphismextraction property. ... The scheme is based on fully-homomorphic encryption (and no additional assumptions are needed for our succinct argument). (3) In addition, we revisit the problem of non-interactive succinct arguments of ... Their result suggests that non-standard assumptions, such as knowledge (extractability) assumptions may be inherent for constructing succinct non-interactive arguments (even if we were to drop the proof ...

doi:10.1007/978-3-642-32009-5_16 fatcat:je4zuvn23bcfvb5xwzgv3t3zjm

server is committed. ... Our tamper-evident mix network is a type of re-encryption mixnet in which a server proves that the permutation and re-encryption factors that it uses are correctly derived from a random seed to which the ... Therein, each mix server re-encrypts and permutes a list of n input ciphertexts two times, and commits to the ciphertext values inbetween the two rounds. ...

doi:10.1007/11889663_9 fatcat:m3wj3e6x6fbk7hffusb6u7znfa

It is one of the most common cryptographic tasks to prove that two ciphertexts (or commitments) are well-formed and encrypting (or committing to) the same plaintext. ... Complete Non-Malleability. The notion of complete non-malleability (CNM) prohibits adversaries from computing encryptions of related plaintexts under adversarially generated public-keys. ... One primary interest in studying completely non-malleable encryption schemes springs from non-malleable commitments. ...

doi:10.1007/978-3-319-04852-9_5 fatcat:ltbusejyand6fem4crtkn2fwca

We also use a Shamir secret-share packing technique to improve the rate of the underlying error-correcting code. Non-malleable encryption from semantic security. ... We give a new black-box transformation from any semantically secure encryption scheme into a non-malleable one which has a better rate than the best previous work of Coretti et al. (TCC 2016-A). ... For example, there have been black-box constructions of non-malleable commitments [PW09] , set intersection protocols from homomorphic encryptions [DMRY09] , and a CCA2-secure encryption scheme for strings ...

doi:10.1007/s10623-017-0348-2 fatcat:iiz7magfrjcz3pwe6s2scosa4m

Under non-blind detection, which is a reasonable assumption in fingerprinting system, there is still a performance gap with the spread spectrum method. ... Then the seller verifies that the received ciphertext is made from the real fingerprint, and embeds it in his encrypted copy by multiplying those ciphertexts. ... .), ISBN: 978-953-7619-91-6, InTech, Available from: http://www.intechopen.com/books/signal-processing/recent-fingerprinting-techniques-with-cryptographicprotocol ...

doi:10.5772/8522 fatcat:3t6yp336jndhnmkvj3agjuuxoe

We show how to transform any semantically secure encryption scheme into a non-malleable one, with a black-box construction that achieves a quasi-linear blow-up in the size of the ciphertext. ... Our construction departs from the oft-used paradigm of re-encrypting the same message with different keys and then proving consistency of encryption. ... We thank Vinod Vaikuntanathan for sharing his insights on non-malleability, and Oded Goldreich for pointing out [DGR99] , and for other helpful suggestions. ...

doi:10.1007/s00145-017-9254-z fatcat:bkvf747hdvauln3sjcqnq4yde4

Immunity to decryption errors is vital when constructing non-malleable and chosen ciphertext secure encryption schemes via current techniques; in addition, it may help defend against certain cryptanalytic ... We also consider the random oracle model, where we give a simple transformation from a one-way encryption scheme which is error-prone into one that is immune to errors. ... The standard definition of public-key encryption schemes requires perfect correctness. ...

doi:10.1007/978-3-540-24676-3_21 fatcat:t6ze3waifraxxj7mrwjt5yact4

and 2-linear assumptions. . ... We present distributed public key encryption (DPKE) and distributed identity based encryption (DIBE) schemes that are secure against continual memory leakage, under the Bilinear Decisional Diffie-Hellman ... We define the kLin and matrix kLin assumptions for k ≥ 1 a constant. ...

doi:10.1145/2332432.2332462 dblp:conf/podc/AkaviaGH12 fatcat:zmzonp4yxvanvbm6pxuzqrony4

Our approach builds on the homomorphic encryption approach proposed by Adnostic [42] , but uses new cryptographic proof techniques to efficiently report billions of ad impressions a day using an additively ... Computational PIR (cPIR), does so solely with cryptographic assumptions and without assuming non-cooperating parties. ... We first force the prover to commit to the ciphertext vector C1, . . . , CN where each ciphertext is the Elgamal encryption of an encoded message in G. ...

doi:10.1145/2976749.2978407 dblp:conf/ccs/0001LM16 fatcat:tnxqmedeprfjfbrxaquvcj4lme

We present a variant of pNE called NTRUCCA, that is IND-CCA2 secure in the standard model assuming the hardness of worst-case problems in ideal lattices, and only incurs a constant factor overhead in ciphertext ... To our knowledge, our result gives the rst IND-CCA2 secure variant of NTRUEncrypt in the standard model, based on standard cryptographic assumptions. ... a one-time signature or commitment scheme. ...

doi:10.1007/978-3-642-30057-8_21 fatcat:5pcdq34otjbexajswvgq5gyi64

On the positive side, we show that, under reasonable assumptions, computational primitives like commitment schemes, public-key encryption, oblivious transfer, and general secure two-party computation can ... a full (non-black-box) access to the field. ... We will later (Section 9) show that APRG with polynomial stretch can be constructed based on the RLC assumption (with constant rate and constant noise rate). ...

doi:10.1145/3046675 fatcat:qhxd4yf32nck5ldmkyxot5lwxy

We present a 2-round protocol to prove knowledge of a plaintext corresponding to a given ciphertext. ... To illustrate the merit of this relaxed proof of knowledge property, we use our result to construct a secure multi-party computation protocol for evaluating a function f in the standard model using only ... By the security of the commitment scheme (here we are using our encryption scheme as a simple commitment scheme), the probability that there is a ciphertext c i,j that is ever decommitted to in two distinct ...

doi:10.1007/978-3-642-36594-2_23 fatcat:uqboiem2ijbsff2utlxmbd74la

We introduce a new technique that allows to give a zeroknowledge proof that a committed vector has Hamming weight bounded by a given constant. ... The proof has unconditional soundness and is very compact: It has size independent of the length of the committed string, and for large fields, it has size corresponding to a constant number of commitments ... One slightly non-standard detail is that given the i'th row {[Π i,j ]} j=1,... ...

doi:10.1007/978-3-319-76581-5_18 fatcat:x5ubojvqyjefdax4nhi3bhnrqy

Non-committing Encryption from Φ-hiding [chapter]

Preserved Fulltext

Cryptography with Constant Input Locality

Preserved Fulltext

Succinct Arguments from Multi-prover Interactive Proofs and Their Efficiency Benefits [chapter]

Preserved Fulltext

Auditable Privacy: On Tamper-Evident Mix Networks [chapter]

Preserved Fulltext

Practical Dual-Receiver Encryption [chapter]

Preserved Fulltext

Improved, black-box, non-malleable encryption from semantic security

Preserved Fulltext

Recent Fingerprinting Techniques with Cryptographic Protocol [chapter]

Preserved Fulltext

A Black-Box Construction of Non-malleable Encryption from Semantically Secure Encryption

Preserved Fulltext

Immunizing Encryption Schemes from Decryption Errors [chapter]

Preserved Fulltext

Distributed public key schemes secure against continual leakage

Preserved Fulltext

A Protocol for Privately Reporting Ad Impressions at Scale

Preserved Fulltext

NTRUCCA: How to Strengthen NTRUEncrypt to Chosen-Ciphertext Security in the Standard Model [chapter]

Preserved Fulltext

Arithmetic Cryptography

Preserved Fulltext

Black-Box Proof of Knowledge of Plaintext and Multiparty Computation with Low Communication Overhead [chapter]

Preserved Fulltext

Compact Zero-Knowledge Proofs of Small Hamming Weight [chapter]

Preserved Fulltext