Filters








44 Hits in 2.6 sec

Reset Indifferentiability and Its Consequences [chapter]

Paul Baecher, Christina Brzuska, Arno Mittelbach
2013 Lecture Notes in Computer Science  
Hence, the impossibility of coming up with a reset-indifferentiable construction transfers to the setting where only one reset is permitted, thereby re-opening the quest for an achievable and meaningful  ...  Finally, we examine weaker notions of reset indifferentiability that, while not being able to allow composition in general, allow composition for a large class of multi-stage games.  ...  Acknowledgements We thank the anonymous reviewers, Pooya Farshim, and Giorgia Azzurra Marson for their valuable comments on preliminary versions of this work.  ... 
doi:10.1007/978-3-642-42033-7_9 fatcat:3w2fnx4rozh4lb44ic4ghgyqrq

Reset Indifferentiability from Weakened Random Oracle Salvages One-Pass Hash Functions [chapter]

Yusuke Naito, Kazuki Yoneyama, Kazuo Ohta
2014 Lecture Notes in Computer Science  
As a result we can prove that C with H U is S-secure by combining the results of Steps 2, 3, and the theorem of Ristenpart et al.  ...  , defined reset indifferentiability, and proved the reset indifferentiability theorem, which is an analogy of the indifferentiability theorem covers all security notions S (= Ss ∪ Sm): F1 r F2 ⇒ ∀C ∈ C  ...  Acknowledgments We thank Arno Mittelbach for pointing out typos of Fig. 7 and Fig. 14.  ... 
doi:10.1007/978-3-319-07536-5_15 fatcat:xcbfitkhg5hgrosb3halchsdqq

Resource-Restricted Indifferentiability [chapter]

Grégory Demay, Peter Gaži, Martin Hirt, Ueli Maurer
2013 Lecture Notes in Computer Science  
This also implies the impossibility of such domain extension in any multi-party setting with potential individual misbehavior by parties (i.e., no central adversary).  ...  In particular, for simulators without memory, even domain extension by a single bit turns out to be impossible.  ...  In particular, they independently gave a proof of the impossibility of single-bit domain extension for the case of simulators without memory.  ... 
doi:10.1007/978-3-642-38348-9_39 fatcat:hfq6n4fckjbzta3csowp2x65sm

Security Definitions for Hash Functions: Combining UCE and Indifferentiability [chapter]

Daniel Jost, Ueli Maurer
2018 Lecture Notes in Computer Science  
This notion formalizes that a family of functions "behaves like a random oracle" for "real-world" protocols while avoiding the general impossibility results.  ...  This result further validates the Merkle-Damgård construction and shows that UCE-like assumptions can serve both as a valid reference point for modular protocol analyses, as well as for the design of hash  ...  They prove that reset indifferentiability is equivalent to indifferentiability with stateless simulators.  ... 
doi:10.1007/978-3-319-98113-0_5 fatcat:rr7ayxvne5a3jj3smumueoem3i

Public-Seed Pseudorandom Permutations [chapter]

Pratik Soni, Stefano Tessaro
2017 Lecture Notes in Computer Science  
To start with, we provide efficient constructions of UCEs from psPRPs for both reset-secure and unpredictable sources, thus showing that most applications of the UCE framework admit instantiations from  ...  We also show a converse of this statement, namely that the five-round Feistel construction yields a psPRP for reset-secure sources when the round function is built from UCEs for reset-secure sources, hence  ...  Acknowledgments We wish to thank John Retterer-Moore for his involvement in an earlier stage of this project. We also thank the EUROCRYPT '17 anonymous reviewers for their insightful feedback.  ... 
doi:10.1007/978-3-319-56614-6_14 fatcat:2d7xhdjlnfedzcsdq22pcqyt24

Open problems in hash function security

Elena Andreeva, Bart Mennink, Bart Preneel
2015 Designs, Codes and Cryptography  
This modular design approach allows for a rigorous security analysis via means of both cryptanalysis and provable security.  ...  Most of existing hash functions are designed to evaluate a compression function with a finite domain in a mode of operation, and the compression function itself is often designed from block ciphers or  ...  However, [81, 107] show that it is impossible to build any hash function which is reset-indifferentiable.  ... 
doi:10.1007/s10623-015-0096-0 fatcat:alir2p5gybgvrbup5jfvjf45te

Salvaging Indifferentiability in a Multi-stage Setting [chapter]

Arno Mittelbach
2014 Lecture Notes in Computer Science  
In this paper we introduce a framework to work with the indifferentiability notion in multi-stage scenarios.  ...  We then show that the CDA game (adaptive or non-adaptive) is unsplittable for any iterative hash function (thereby extending the preliminary results by Ristenpart et al.).  ...  Acknowledgments I thank the anonymous reviewers for valuable comments. This work was supported by CASED (www.cased.de).  ... 
doi:10.1007/978-3-642-55220-5_33 fatcat:ve2gtr5yyvfblkht6igx4vqi5q

Naor-Reingold Goes Public: The Complexity of Known-Key Security [chapter]

Pratik Soni, Stefano Tessaro
2018 Lecture Notes in Computer Science  
To do so, we rely on techniques borrowed from Impagliazzo-Rudich-style black-box impossibility proofs for our psPRP result, for which we give what we believe to be the first constructive application, and  ...  Our psPRP result instantiates the round functions in the Naor-Reingold (NR) construction with a secure UCE hash function.  ...  The five-round Feistel construction, with round functions instantiated from a UCE H for reset-secure sources, is a psPRP for reset-secure sources.  ... 
doi:10.1007/978-3-319-78372-7_21 fatcat:7ynancgdffdsrgeiwjr4nohfue

Verified Indifferentiable Hashing into Elliptic Curves [chapter]

Gilles Barthe, Benjamin Grégoire, Sylvain Heraud, Federico Olmedo, Santiago Zanella Béguelin
2012 Lecture Notes in Computer Science  
curves indifferentiable from a random oracle was put forward only recently by Brier et al.  ...  When implementing such systems, and in order for the proof to carry over to the implementation, those mappings must be instantiated with concrete constructions whose behavior does not deviate significantly  ...  points setting bad to true and bad is never reset to false.  ... 
doi:10.1007/978-3-642-28641-4_12 fatcat:7ekrg2x2zbbapleaf6cstpsj3m

Verified indifferentiable hashing into elliptic curves

Gilles Barthe, Benjamin Grégoire, Sylvain Heraud, Federico Olmedo, Santiago Zanella-Béguelin, Pierpaolo Degano, Joshua D. Guttman
2013 Journal of Computer Security  
curves indifferentiable from a random oracle was put forward only recently by Brier et al.  ...  When implementing such systems, and in order for the proof to carry over to the implementation, those mappings must be instantiated with concrete constructions whose behavior does not deviate significantly  ...  points setting bad to true and bad is never reset to false.  ... 
doi:10.3233/jcs-130476 fatcat:a4l4embqnjafvolhwcahvr4v4m

Modeling Random Oracles Under Unpredictable Queries [chapter]

Pooya Farshim, Arno Mittelbach
2016 Lecture Notes in Computer Science  
We show both negative and positive feasibility results for ICEs. On the negative side, we demonstrate ICE attacks on the HMAC and NMAC constructions.  ...  This brings the first result closer to practice by moving away from variable-input-length ROs. Our security proofs employ techniques from indifferentiability in multi-stage settings.  ...  Acknowledgments The authors would like to thank Christina Brzuska for taking part in the early stages of this work. Pooya Farshim was supported in part by grant ANR-14-CE28-0003 (Project EnBid).  ... 
doi:10.1007/978-3-662-52993-5_23 fatcat:wwoqkjlj3zgrhesxmnqnuidodq

KALwEN: a new practical and interoperable key management scheme for body sensor networks

Yee Wei Law, Giorgi Moniava, Zheng Gong, Pieter Hartel, Marimuthu Palaniswami
2010 Security and Communication Networks  
With both formal verification and experimental evaluation, our results should appeal to theorists and practitioners alike.  ...  The challenge is taken on, and the result is KALwEN, a new parameterized key management scheme that combines the best-suited cryptographic techniques in a seamless framework.  ...  The authors thank Hermie Hermens for his input on the use cases; and Bo Zhu and Jacob Andersen for their code and discussion.  ... 
doi:10.1002/sec.256 fatcat:ekgwimspbzgyjlhbf3v6jbfkq4

Indifferentiability of 8-Round Feistel Networks [chapter]

Yuanxi Dai, John Steinberger
2016 Lecture Notes in Computer Science  
This result comes on the heels of (and is part of the same body of work as) a 10-round indifferentiability result for Feistel network recently announced by the same team of authors [10].  ...  We prove that a balanced 8-round Feistel network is indifferentiable from a random permutation.  ...  Recently, and in fact exactly concurrently with [10] , Dachman-Soled et al. [19] have published a 10-round indifferentiability result for Feistel networks as well.  ... 
doi:10.1007/978-3-662-53018-4_4 fatcat:hzbktusm6raxzoqe3tfvl4si2u

Limit cycle walking, running, and skipping of telescopic-legged rimless wheel

Fumihiko Asano, Masashi Suguro
2011 Robotica (Cambridge. Print)  
This is reset at every instant of the stance-leg exchange and is nonnegative.  ...  Accordingly, the positional vector just after impact, q + , must be reset to q + = ⎡ ⎢ ⎢ ⎢ ⎣ 0 0 θ − − α L s L e ⎤ ⎥ ⎥ ⎥ ⎦ . (16) Output following control for telescopic-leg motion We choose L 1 and  ... 
doi:10.1017/s0263574711001226 fatcat:ikxzbzghfjbbjlfwpwpaiakwxa

Instantiating Random Oracles via UCEs [chapter]

Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi
2013 Lecture Notes in Computer Science  
In several cases this results in the first standard-model schemes for these goals.  ...  We can take existing, natural and efficient ROM schemes and show that the instantiated scheme resulting from replacing the RO with a UCE function is secure in the standard model.  ...  We thank the Crypto 2013 PC for their many valuable comments and suggestions. We thank Dan Boneh and Adam O'Neill for their comments.  ... 
doi:10.1007/978-3-642-40084-1_23 fatcat:e76gn6dieve75ghdzzcuofghmu
« Previous Showing results 1 — 15 out of 44 results