147 Hits in 3.3 sec

Improving Practical UC-Secure Commitments Based on the DDH Assumption [chapter]

Eiichiro Fujisaki
2016 Lecture Notes in Computer Science  
At Eurocrypt 2011, Lindell presented practical static and adaptively UC-secure commitment schemes based on the DDH assumption. Later, Blazy et al.  ...  In this paper, we present static and adaptively UC-secure commitment schemes based on the same assumption and further improve the communication and computational complexity, as well as the size of the  ...  Commitment Protocol Adaptive with Erasures Table 1 . 1 Comparison among the UC commitments based on the DDH assumption Schemes Public Communication Computational Rounds Security Parameter Complexity  ... 
doi:10.1007/978-3-319-44618-9_14 fatcat:4txkfu25jverxpaqj4sziyskhm

Non-interactive and Re-usable Universally Composable String Commitments with Adaptive Security [chapter]

Marc Fischlin, Benoît Libert, Mark Manulis
2011 Lecture Notes in Computer Science  
We present the first provably secure constructions of universally composable (UC) commitments (in pairing-friendly groups) that simultaneously combine the key properties of being non-interactive, supporting  ...  commitments to strings (instead of bits only), and offering reusability of the common reference string for multiple commitments.  ...  CRS) and possible reliance on secure erasures, UC-security of commitments is typically based on further hardness assumptions.  ... 
doi:10.1007/978-3-642-25385-0_25 fatcat:x5amq5zz5vgbbhai7rwsxx4zaq

On the Complexity of UC Commitments [chapter]

Juan A. Garay, Yuval Ishai, Ranjit Kumaresan, Hoeteck Wee
2014 Lecture Notes in Computer Science  
Several recent works obtain practical UC commitment protocols in the common reference string (CRS) model under the DDH assumption. These protocols have two main disadvantages.  ...  By plugging in known efficient protocols for UC-secure OT, we get rate-1, computationally efficient UC commitment protocols under a variety of setup assumptions (including the CRS model) and under a variety  ...  An important improvement in concrete efficiency was presented recently by Lindell [28] ; this is achieved for static corruptions based on the DDH assumption in the CRS model. Blazy et al.  ... 
doi:10.1007/978-3-642-55220-5_37 fatcat:dtgdsyr7mngndgzsswbi322coi

Efficient Concurrent Oblivious Transfer in Super-Polynomial-Simulation Security [chapter]

Susumu Kiyoshima, Yoshifumi Manabe, Tatsuaki Okamoto
2012 Lecture Notes in Computer Science  
The security of our protocol is based on the decisional Diffie-Hellman (DDH) assumption. c ≈ Y denote that X and Y are computationally indistinguishable.  ...  In this paper, we show a concurrent oblivious transfer protocol in super-polynomial-simulation (SPS) security.  ...  The security of our protocol is based on the decisional Diffie-Hellman (DDH) assumption. Our Technique. Here, we give a brief overview of our protocol.  ... 
doi:10.1007/978-3-642-34117-5_14 fatcat:mq5hnueae5antd2mj7f4ewlnae

Highly-Efficient Universally-Composable Commitments Based on the DDH Assumption [chapter]

Yehuda Lindell
2011 Lecture Notes in Computer Science  
In this paper, we construct highly efficient UC-secure commitments from the standard DDH assumption, in the common reference string model.  ...  Commitment schemes are a basic building block in many cryptographic constructions, and as such universally composable commitments are of great importance in constructing UC-secure protocols.  ...  We also thank Olivier Blazy, Céline Chevalier, David Pointcheval and Damien Vergnaud (the authors of [27] ) for finding the error in the construction appearing in previous versions of this paper for security  ... 
doi:10.1007/978-3-642-20465-4_25 fatcat:5wmhkuxmf5fbrl5fgkntjsr4ku

Somewhat Non-committing Encryption and Efficient Adaptively Secure Oblivious Transfer [chapter]

Juan A. Garay, Daniel Wichs, Hong-Sheng Zhou
2009 Lecture Notes in Computer Science  
We solve the latter problem by means of a new primitive that we call somewhat non-committing encryption resulting in significant efficiency improvements over the standard method for realizing secure channels  ...  The main difference between adaptive and semi-adaptive security is that semi-adaptive security allows for the case where one party starts out corrupted and the other party becomes corrupted later on, but  ...  We also thank the anonymous referees for their constructive comments.  ... 
doi:10.1007/978-3-642-03356-8_30 fatcat:r6cuynclera67nj22acjec2n44

Practical UC security with a Global Random Oracle

Ran Canetti, Abhishek Jain, Alessandra Scafuro
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
in turns is based on UC-Commitments only.  ...  We show how to construct very efficient protocols in the gRO model, which in most cases improve on the highly efficient known existing solutions in the CRS model.  ...  Acknowledgment We thanks Vassilis Zikas for pointing out ways to improve the presentation of our model.  ... 
doi:10.1145/2660267.2660374 dblp:conf/ccs/Canetti0S14 fatcat:zlix3j3o6ncg3pynvygouwxbwm

Practical Fully Simulatable Oblivious Transfer with Sublinear Communication [chapter]

Bingsheng Zhang, Helger Lipmaa, Cong Wang, Kui Ren
2013 Lecture Notes in Computer Science  
We propose the first fully simulatable adaptive OT with sublinear communication under the DDH assumption in the plain model.  ...  On the other hand, in some applications, the receiver just needs to fetch a small number of documents, so the initialization cost dominates in the entire protocol, especially for 1-outof-N OT.  ...  The second author was supported by Estonian Research Council, the Tiger University Program of the Estonian Information Technology Foundation, and European Union through the European Regional Development  ... 
doi:10.1007/978-3-642-39884-1_8 fatcat:724accjte5cb3pf3lb5mrbudfe

Post-quantum Universal Composable OT Based on Key Exchange

Hangchao Ding, Han Jiang, Qiuliang Xu
2020 IEEE Access  
We construct a universal composable framework for two-message oblivious transfer protocols based on lattice-assumption.  ...  We instantiate Hash Function as SPHF, which can be more secure in practical application and can achieve full-simulatable in security proof.  ...  They constructed a two round protocol based on DDH assumption, whose security proof wasn't based on random oracles [10] .  ... 
doi:10.1109/access.2020.3014165 fatcat:37j3hz2nardupa4fyphcbtsnmq

Practical Adaptive Oblivious Transfer from Simple Assumptions [chapter]

Matthew Green, Susan Hohenberger
2011 Lecture Notes in Computer Science  
All prior protocols in the standard model either do not meet our efficiency requirements or require dynamic "q-based" assumptions.  ...  of having the same view of the database, (2) execute transfers in time independent of the size of the database, and (3) satisfy a strong notion of security under a simple assumption in the standard model  ...  It was based on the Decision Linear and q-Hidden LRSW assumptions, in the asymmetric setting. The latter assumption implies that DDH must hold in both G 1 and G 2 .  ... 
doi:10.1007/978-3-642-19571-6_21 fatcat:zmkpoyydvzfnfdvebzwli5unme

Efficiency-Improved Fully Simulatable Adaptive OT under the DDH Assumption [chapter]

Kaoru Kurosawa, Ryo Nojima, Le Trieu Phong
2010 Lecture Notes in Computer Science  
At Asiacrypt 2009, Kurosawa and Nojima showed a fully simulatable adaptive oblivious transfer (OT) protocol under the DDH assumption in the standard model.  ...  However, Green and Hohenberger pointed out that the communication cost of each transfer phase is O(n), where n is the number of the sender's messages.  ...  We stress that all the above schemes rely on dynamic assumptions (namely, the q-based assumptions in Table 1 where q may depend on n, the number of messages in OT).  ... 
doi:10.1007/978-3-642-15317-4_12 fatcat:6n52xedcvradli7x5ychktmioe

Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces [chapter]

Charanjit S. Jutla, Arnab Roy
2013 Lecture Notes in Computer Science  
Our construction can be based on any k-linear assumption, and in particular under the eXternal Diffie Hellman (XDH) assumption our proofs are even competitive with Random-Oracle based Σ-protocol NIZK proofs  ...  Our techniques also lead to the shortest known (ciphertext) fully secure identity based encryption (IBE) scheme under standard static assumptions (SXDH).  ...  For starters, based on [11] , our system yields an adaptive UC-secure commitment scheme (in the erasure model) that has only four group elements as commitment, and another four as opening (under the DLIN  ... 
doi:10.1007/978-3-642-42033-7_1 fatcat:p56yevlgyrfrnh4kb42lqlrbjy

Implicit Zero-Knowledge Arguments and Applications to the Malicious Setting [chapter]

Fabrice Benhamouda, Geoffroy Couteau, David Pointcheval, Hoeteck Wee
2015 Lecture Notes in Computer Science  
As an application of iZK, we improve upon the round-efficiency of existing protocols for securely computing inner product under the DDH assumption.  ...  Our main technical contribution is a construction of efficient two-flow iZK and SSiZK protocols for a large class of languages under the (plain) DDH assumption in cyclic groups in the common reference  ...  This work was supported in part by the CFM Foundation, ANR-14-CE28-0003 (Project EnBid), and the European Research Council under the European Community's Seventh Framework Programme (FP7/2007 -2013 .  ... 
doi:10.1007/978-3-662-48000-7_6 fatcat:c4t4q6oc75hidczekkwurl6siu

Removing Erasures with Explainable Hash Proof Systems [chapter]

Michel Abdalla, Fabrice Benhamouda, David Pointcheval
2017 Lecture Notes in Computer Science  
As an important side contribution, we also propose a new commitment scheme based on DDH, which leads to the construction of the first one-round PAKE adaptively secure under plain DDH without pairing, assuming  ...  Next, we demonstrate that this new tool generically leads to efficient PAKE and OT protocols that are secure against semi-adaptive adversaries without erasures in the Universal Composability (UC) framework  ...  Acknowledgments This work was supported in part by the French ANR-12-INSE-0014 SIMPATIC Project, the CFM Foundation, and the European Research Council under the European Community's Seventh Framework Programme  ... 
doi:10.1007/978-3-662-54365-8_7 fatcat:qak4wib37nd4zlqonf42drbofa

One-Sided Adaptively Secure Two-Party Computation [chapter]

Carmit Hazay, Arpita Patra
2014 Lecture Notes in Computer Science  
Furthermore, general two-party protocols require a number of NCE calls that is dependent both on the circuit size and the security parameter.  ...  In this paper we study the two-party setting in which at most one of the parties is adaptively corrupted, which we believe is the right security notion in the two-party setting.  ...  Finally, we discuss two instantiations of ZK PoK based on the DDH and QR assumptions. Constant round one-sided secure computation.  ... 
doi:10.1007/978-3-642-54242-8_16 fatcat:dtfougkw3nhojilbl7u4mbjrf4
« Previous Showing results 1 — 15 out of 147 results