---
_id: '1231'
abstract:
- lang: eng
  text: 'We study the time-and memory-complexities of the problem of computing labels
    of (multiple) randomly selected challenge-nodes in a directed acyclic graph. The
    w-bit label of a node is the hash of the labels of its parents, and the hash function
    is modeled as a random oracle. Specific instances of this problem underlie both
    proofs of space [Dziembowski et al. CRYPTO’15] as well as popular memory-hard
    functions like scrypt. As our main tool, we introduce the new notion of a probabilistic
    parallel entangled pebbling game, a new type of combinatorial pebbling game on
    a graph, which is closely related to the labeling game on the same graph. As a
    first application of our framework, we prove that for scrypt, when the underlying
    hash function is invoked n times, the cumulative memory complexity (CMC) (a notion
    recently introduced by Alwen and Serbinenko (STOC’15) to capture amortized memory-hardness
    for parallel adversaries) is at least Ω(w · (n/ log(n))2). This bound holds for
    adversaries that can store many natural functions of the labels (e.g., linear
    combinations), but still not arbitrary functions thereof. We then introduce and
    study a combinatorial quantity, and show how a sufficiently small upper bound
    on it (which we conjecture) extends our CMC bound for scrypt to hold against arbitrary
    adversaries. We also show that such an upper bound solves the main open problem
    for proofs-of-space protocols: namely, establishing that the time complexity of
    computing the label of a random node in a graph on n nodes (given an initial kw-bit
    state) reduces tightly to the time complexity for black pebbling on the same graph
    (given an initial k-node pebbling).'
acknowledgement: "Joël Alwen, Chethan Kamath, and Krzysztof Pietrzak’s research is
  partially supported by an ERC starting grant (259668-PSPC). Vladimir Kolmogorov
  is partially supported by an ERC consolidator grant (616160-DOICV). Binyi Chen was
  partially supported by NSF grants CNS-1423566 and CNS-1514526, and a gift from the
  Gareatis Foundation. Stefano Tessaro was partially supported by NSF grants CNS-1423566,
  CNS-1528178, a Hellman Fellowship, and the Glen and Susanne Culler Chair.\r\n\r\nThis
  work was done in part while the authors were visiting the Simons Institute for the
  Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons
  Collaboration in Cryptography through NSF grant CNS-1523467."
alternative_title:
- LNCS
author:
- first_name: Joel F
  full_name: Alwen, Joel F
  id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
  last_name: Alwen
- first_name: Binyi
  full_name: Chen, Binyi
  last_name: Chen
- first_name: Chethan
  full_name: Kamath Hosdurg, Chethan
  id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
  last_name: Kamath Hosdurg
- first_name: Vladimir
  full_name: Kolmogorov, Vladimir
  id: 3D50B0BA-F248-11E8-B48F-1D18A9856A87
  last_name: Kolmogorov
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Stefano
  full_name: Tessaro, Stefano
  last_name: Tessaro
citation:
  ama: 'Alwen JF, Chen B, Kamath Hosdurg C, Kolmogorov V, Pietrzak KZ, Tessaro S.
    On the complexity of scrypt and proofs of space in the parallel random oracle
    model. In: Vol 9666. Springer; 2016:358-387. doi:<a href="https://doi.org/10.1007/978-3-662-49896-5_13">10.1007/978-3-662-49896-5_13</a>'
  apa: 'Alwen, J. F., Chen, B., Kamath Hosdurg, C., Kolmogorov, V., Pietrzak, K. Z.,
    &#38; Tessaro, S. (2016). On the complexity of scrypt and proofs of space in the
    parallel random oracle model (Vol. 9666, pp. 358–387). Presented at the EUROCRYPT:
    Theory and Applications of Cryptographic Techniques, Vienna, Austria: Springer.
    <a href="https://doi.org/10.1007/978-3-662-49896-5_13">https://doi.org/10.1007/978-3-662-49896-5_13</a>'
  chicago: Alwen, Joel F, Binyi Chen, Chethan Kamath Hosdurg, Vladimir Kolmogorov,
    Krzysztof Z Pietrzak, and Stefano Tessaro. “On the Complexity of Scrypt and Proofs
    of Space in the Parallel Random Oracle Model,” 9666:358–87. Springer, 2016. <a
    href="https://doi.org/10.1007/978-3-662-49896-5_13">https://doi.org/10.1007/978-3-662-49896-5_13</a>.
  ieee: 'J. F. Alwen, B. Chen, C. Kamath Hosdurg, V. Kolmogorov, K. Z. Pietrzak, and
    S. Tessaro, “On the complexity of scrypt and proofs of space in the parallel random
    oracle model,” presented at the EUROCRYPT: Theory and Applications of Cryptographic
    Techniques, Vienna, Austria, 2016, vol. 9666, pp. 358–387.'
  ista: 'Alwen JF, Chen B, Kamath Hosdurg C, Kolmogorov V, Pietrzak KZ, Tessaro S.
    2016. On the complexity of scrypt and proofs of space in the parallel random oracle
    model. EUROCRYPT: Theory and Applications of Cryptographic Techniques, LNCS, vol.
    9666, 358–387.'
  mla: Alwen, Joel F., et al. <i>On the Complexity of Scrypt and Proofs of Space in
    the Parallel Random Oracle Model</i>. Vol. 9666, Springer, 2016, pp. 358–87, doi:<a
    href="https://doi.org/10.1007/978-3-662-49896-5_13">10.1007/978-3-662-49896-5_13</a>.
  short: J.F. Alwen, B. Chen, C. Kamath Hosdurg, V. Kolmogorov, K.Z. Pietrzak, S.
    Tessaro, in:, Springer, 2016, pp. 358–387.
conference:
  end_date: 2016-05-12
  location: Vienna, Austria
  name: 'EUROCRYPT: Theory and Applications of Cryptographic Techniques'
  start_date: 2016-05-08
date_created: 2018-12-11T11:50:51Z
date_published: 2016-04-28T00:00:00Z
date_updated: 2021-01-12T06:49:15Z
day: '28'
department:
- _id: KrPi
- _id: VlKo
doi: 10.1007/978-3-662-49896-5_13
ec_funded: 1
intvolume: '      9666'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2016/100
month: '04'
oa: 1
oa_version: Submitted Version
page: 358 - 387
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
- _id: 25FBA906-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '616160'
  name: 'Discrete Optimization in Computer Vision: Theory and Practice'
publication_status: published
publisher: Springer
publist_id: '6103'
quality_controlled: '1'
scopus_import: 1
status: public
title: On the complexity of scrypt and proofs of space in the parallel random oracle
  model
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 9666
year: '2016'
...
---
_id: '1233'
abstract:
- lang: eng
  text: About three decades ago it was realized that implementing private channels
    between parties which can be adaptively corrupted requires an encryption scheme
    that is secure against selective opening attacks. Whether standard (IND-CPA) security
    implies security against selective opening attacks has been a major open question
    since. The only known reduction from selective opening to IND-CPA security loses
    an exponential factor. A polynomial reduction is only known for the very special
    case where the distribution considered in the selective opening security experiment
    is a product distribution, i.e., the messages are sampled independently from each
    other. In this paper we give a reduction whose loss is quantified via the dependence
    graph (where message dependencies correspond to edges) of the underlying message
    distribution. In particular, for some concrete distributions including Markov
    distributions, our reduction is polynomial.
acknowledgement: G. Fuchsbauer and K. Pietrzak are supported by the European Research
  Council, ERC Starting Grant (259668-PSPC). F. Heuer is funded by a Sofja Kovalevskaja
  Award of the Alexander von Humboldt Foundation and DFG SPP 1736, Algorithms for
  BIG DATA. E. Kiltz is supported by a Sofja Kovalevskaja Award of the Alexander von
  Humboldt Foundation, the German Israel Foundation, and ERC Project ERCC (FP7/615074).
alternative_title:
- LNCS
author:
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Felix
  full_name: Heuer, Felix
  last_name: Heuer
- first_name: Eike
  full_name: Kiltz, Eike
  last_name: Kiltz
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Fuchsbauer G, Heuer F, Kiltz E, Pietrzak KZ. Standard security does imply
    security against selective opening for markov distributions. In: Vol 9562. Springer;
    2016:282-305. doi:<a href="https://doi.org/10.1007/978-3-662-49096-9_12">10.1007/978-3-662-49096-9_12</a>'
  apa: 'Fuchsbauer, G., Heuer, F., Kiltz, E., &#38; Pietrzak, K. Z. (2016). Standard
    security does imply security against selective opening for markov distributions
    (Vol. 9562, pp. 282–305). Presented at the TCC: Theory of Cryptography Conference,
    Tel Aviv, Israel: Springer. <a href="https://doi.org/10.1007/978-3-662-49096-9_12">https://doi.org/10.1007/978-3-662-49096-9_12</a>'
  chicago: Fuchsbauer, Georg, Felix Heuer, Eike Kiltz, and Krzysztof Z Pietrzak. “Standard
    Security Does Imply Security against Selective Opening for Markov Distributions,”
    9562:282–305. Springer, 2016. <a href="https://doi.org/10.1007/978-3-662-49096-9_12">https://doi.org/10.1007/978-3-662-49096-9_12</a>.
  ieee: 'G. Fuchsbauer, F. Heuer, E. Kiltz, and K. Z. Pietrzak, “Standard security
    does imply security against selective opening for markov distributions,” presented
    at the TCC: Theory of Cryptography Conference, Tel Aviv, Israel, 2016, vol. 9562,
    pp. 282–305.'
  ista: 'Fuchsbauer G, Heuer F, Kiltz E, Pietrzak KZ. 2016. Standard security does
    imply security against selective opening for markov distributions. TCC: Theory
    of Cryptography Conference, LNCS, vol. 9562, 282–305.'
  mla: Fuchsbauer, Georg, et al. <i>Standard Security Does Imply Security against
    Selective Opening for Markov Distributions</i>. Vol. 9562, Springer, 2016, pp.
    282–305, doi:<a href="https://doi.org/10.1007/978-3-662-49096-9_12">10.1007/978-3-662-49096-9_12</a>.
  short: G. Fuchsbauer, F. Heuer, E. Kiltz, K.Z. Pietrzak, in:, Springer, 2016, pp.
    282–305.
conference:
  end_date: 2016-01-13
  location: Tel Aviv, Israel
  name: 'TCC: Theory of Cryptography Conference'
  start_date: 2016-01-10
date_created: 2018-12-11T11:50:51Z
date_published: 2016-01-01T00:00:00Z
date_updated: 2021-01-12T06:49:16Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-662-49096-9_12
ec_funded: 1
intvolume: '      9562'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2015/853
month: '01'
oa: 1
oa_version: Submitted Version
page: 282 - 305
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '6100'
quality_controlled: '1'
scopus_import: 1
status: public
title: Standard security does imply security against selective opening for markov
  distributions
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 9562
year: '2016'
...
---
_id: '1235'
abstract:
- lang: eng
  text: 'A constrained pseudorandom function (CPRF) F: K×X → Y for a family T of subsets
    of χ is a function where for any key k ∈ K and set S ∈ T one can efficiently compute
    a short constrained key kS, which allows to evaluate F(k, ·) on all inputs x ∈
    S, while the outputs on all inputs x /∈ S look random even given kS. Abusalah
    et al. recently constructed the first constrained PRF for inputs of arbitrary
    length whose sets S are decided by Turing machines. They use their CPRF to build
    broadcast encryption and the first ID-based non-interactive key exchange for an
    unbounded number of users. Their constrained keys are obfuscated circuits and
    are therefore large. In this work we drastically reduce the key size and define
    a constrained key for a Turing machine M as a short signature on M. For this,
    we introduce a new signature primitive with constrained signing keys that let
    one only sign certain messages, while forging a signature on others is hard even
    when knowing the coins for key generation.'
acknowledgement: H. Abusalah—Research supported by the European Research Council,
  ERC starting grant (259668-PSPC) and ERC consolidator grant (682815 - TOCNeT).
alternative_title:
- LNCS
author:
- first_name: Hamza M
  full_name: Abusalah, Hamza M
  id: 40297222-F248-11E8-B48F-1D18A9856A87
  last_name: Abusalah
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
citation:
  ama: 'Abusalah HM, Fuchsbauer G. Constrained PRFs for unbounded inputs with short
    keys. In: Vol 9696. Springer; 2016:445-463. doi:<a href="https://doi.org/10.1007/978-3-319-39555-5_24">10.1007/978-3-319-39555-5_24</a>'
  apa: 'Abusalah, H. M., &#38; Fuchsbauer, G. (2016). Constrained PRFs for unbounded
    inputs with short keys (Vol. 9696, pp. 445–463). Presented at the ACNS: Applied
    Cryptography and Network Security, Guildford, UK: Springer. <a href="https://doi.org/10.1007/978-3-319-39555-5_24">https://doi.org/10.1007/978-3-319-39555-5_24</a>'
  chicago: Abusalah, Hamza M, and Georg Fuchsbauer. “Constrained PRFs for Unbounded
    Inputs with Short Keys,” 9696:445–63. Springer, 2016. <a href="https://doi.org/10.1007/978-3-319-39555-5_24">https://doi.org/10.1007/978-3-319-39555-5_24</a>.
  ieee: 'H. M. Abusalah and G. Fuchsbauer, “Constrained PRFs for unbounded inputs
    with short keys,” presented at the ACNS: Applied Cryptography and Network Security,
    Guildford, UK, 2016, vol. 9696, pp. 445–463.'
  ista: 'Abusalah HM, Fuchsbauer G. 2016. Constrained PRFs for unbounded inputs with
    short keys. ACNS: Applied Cryptography and Network Security, LNCS, vol. 9696,
    445–463.'
  mla: Abusalah, Hamza M., and Georg Fuchsbauer. <i>Constrained PRFs for Unbounded
    Inputs with Short Keys</i>. Vol. 9696, Springer, 2016, pp. 445–63, doi:<a href="https://doi.org/10.1007/978-3-319-39555-5_24">10.1007/978-3-319-39555-5_24</a>.
  short: H.M. Abusalah, G. Fuchsbauer, in:, Springer, 2016, pp. 445–463.
conference:
  end_date: 2016-06-22
  location: Guildford, UK
  name: 'ACNS: Applied Cryptography and Network Security'
  start_date: 2016-06-19
date_created: 2018-12-11T11:50:52Z
date_published: 2016-01-01T00:00:00Z
date_updated: 2023-09-07T12:30:22Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-319-39555-5_24
ec_funded: 1
intvolume: '      9696'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2016/279.pdf
month: '01'
oa: 1
oa_version: Submitted Version
page: 445 - 463
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
publication_status: published
publisher: Springer
publist_id: '6098'
quality_controlled: '1'
related_material:
  record:
  - id: '83'
    relation: dissertation_contains
    status: public
scopus_import: 1
status: public
title: Constrained PRFs for unbounded inputs with short keys
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 9696
year: '2016'
...
---
_id: '1236'
abstract:
- lang: eng
  text: 'A constrained pseudorandom function F: K × X → Y for a family T ⊆ 2X of subsets
    of X is a function where for any key k ∈ K and set S ∈ T one can efficiently compute
    a constrained key kS which allows to evaluate F (k, ·) on all inputs x ∈ S, while
    even given this key, the outputs on all inputs x ∉ S look random. At Asiacrypt’13
    Boneh and Waters gave a construction which supports the most general set family
    so far. Its keys kc are defined for sets decided by boolean circuits C and enable
    evaluation of the PRF on any x ∈ X where C(x) = 1. In their construction the PRF
    input length and the size of the circuits C for which constrained keys can be
    computed must be fixed beforehand during key generation. We construct a constrained
    PRF that has an unbounded input length and whose constrained keys can be defined
    for any set recognized by a Turing machine. The only a priori bound we make is
    on the description size of the machines. We prove our construction secure assuming
    publiccoin differing-input obfuscation. As applications of our constrained PRF
    we build a broadcast encryption scheme where the number of potential receivers
    need not be fixed at setup (in particular, the length of the keys is independent
    of the number of parties) and the first identity-based non-interactive key exchange
    protocol with no bound on the number of parties that can agree on a shared key.'
acknowledgement: Supported by the European Research Council, ERC Starting Grant (259668-PSPC).
alternative_title:
- LNCS
author:
- first_name: Hamza M
  full_name: Abusalah, Hamza M
  id: 40297222-F248-11E8-B48F-1D18A9856A87
  last_name: Abusalah
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. Constrained PRFs for unbounded inputs.
    In: Vol 9610. Springer; 2016:413-428. doi:<a href="https://doi.org/10.1007/978-3-319-29485-8_24">10.1007/978-3-319-29485-8_24</a>'
  apa: 'Abusalah, H. M., Fuchsbauer, G., &#38; Pietrzak, K. Z. (2016). Constrained
    PRFs for unbounded inputs (Vol. 9610, pp. 413–428). Presented at the CT-RSA: Topics
    in Cryptology, San Francisco, CA, USA: Springer. <a href="https://doi.org/10.1007/978-3-319-29485-8_24">https://doi.org/10.1007/978-3-319-29485-8_24</a>'
  chicago: Abusalah, Hamza M, Georg Fuchsbauer, and Krzysztof Z Pietrzak. “Constrained
    PRFs for Unbounded Inputs,” 9610:413–28. Springer, 2016. <a href="https://doi.org/10.1007/978-3-319-29485-8_24">https://doi.org/10.1007/978-3-319-29485-8_24</a>.
  ieee: 'H. M. Abusalah, G. Fuchsbauer, and K. Z. Pietrzak, “Constrained PRFs for
    unbounded inputs,” presented at the CT-RSA: Topics in Cryptology, San Francisco,
    CA, USA, 2016, vol. 9610, pp. 413–428.'
  ista: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. 2016. Constrained PRFs for unbounded
    inputs. CT-RSA: Topics in Cryptology, LNCS, vol. 9610, 413–428.'
  mla: Abusalah, Hamza M., et al. <i>Constrained PRFs for Unbounded Inputs</i>. Vol.
    9610, Springer, 2016, pp. 413–28, doi:<a href="https://doi.org/10.1007/978-3-319-29485-8_24">10.1007/978-3-319-29485-8_24</a>.
  short: H.M. Abusalah, G. Fuchsbauer, K.Z. Pietrzak, in:, Springer, 2016, pp. 413–428.
conference:
  end_date: 2016-03-04
  location: San Francisco, CA, USA
  name: 'CT-RSA: Topics in Cryptology'
  start_date: 2016-02-29
date_created: 2018-12-11T11:50:52Z
date_published: 2016-02-02T00:00:00Z
date_updated: 2023-09-07T12:30:22Z
day: '02'
ddc:
- '005'
- '600'
department:
- _id: KrPi
doi: 10.1007/978-3-319-29485-8_24
ec_funded: 1
file:
- access_level: open_access
  checksum: 3851cee49933ae13b1272e516f213e13
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:08:05Z
  date_updated: 2020-07-14T12:44:41Z
  file_id: '4664'
  file_name: IST-2017-764-v1+1_279.pdf
  file_size: 495176
  relation: main_file
file_date_updated: 2020-07-14T12:44:41Z
has_accepted_license: '1'
intvolume: '      9610'
language:
- iso: eng
month: '02'
oa: 1
oa_version: Submitted Version
page: 413 - 428
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '6097'
pubrep_id: '764'
quality_controlled: '1'
related_material:
  record:
  - id: '83'
    relation: dissertation_contains
    status: public
scopus_import: 1
status: public
title: Constrained PRFs for unbounded inputs
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9610
year: '2016'
...
---
_id: '1644'
abstract:
- lang: eng
  text: Increasing the computational complexity of evaluating a hash function, both
    for the honest users as well as for an adversary, is a useful technique employed
    for example in password-based cryptographic schemes to impede brute-force attacks,
    and also in so-called proofs of work (used in protocols like Bitcoin) to show
    that a certain amount of computation was performed by a legitimate user. A natural
    approach to adjust the complexity of a hash function is to iterate it c times,
    for some parameter c, in the hope that any query to the scheme requires c evaluations
    of the underlying hash function. However, results by Dodis et al. (Crypto 2012)
    imply that plain iteration falls short of achieving this goal, and designing schemes
    which provably have such a desirable property remained an open problem. This paper
    formalizes explicitly what it means for a given scheme to amplify the query complexity
    of a hash function. In the random oracle model, the goal of a secure query-complexity
    amplifier (QCA) scheme is captured as transforming, in the sense of indifferentiability,
    a random oracle allowing R queries (for the adversary) into one provably allowing
    only r &lt; R queries. Turned around, this means that making r queries to the
    scheme requires at least R queries to the actual random oracle. Second, a new
    scheme, called collision-free iteration, is proposed and proven to achieve c-fold
    QCA for both the honest parties and the adversary, for any fixed parameter c.
alternative_title:
- LNCS
author:
- first_name: Grégory
  full_name: Demay, Grégory
  last_name: Demay
- first_name: Peter
  full_name: Gazi, Peter
  id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
  last_name: Gazi
- first_name: Ueli
  full_name: Maurer, Ueli
  last_name: Maurer
- first_name: Björn
  full_name: Tackmann, Björn
  last_name: Tackmann
citation:
  ama: 'Demay G, Gazi P, Maurer U, Tackmann B. Query-complexity amplification for
    random oracles. In: Vol 9063. Springer; 2015:159-180. doi:<a href="https://doi.org/10.1007/978-3-319-17470-9_10">10.1007/978-3-319-17470-9_10</a>'
  apa: 'Demay, G., Gazi, P., Maurer, U., &#38; Tackmann, B. (2015). Query-complexity
    amplification for random oracles (Vol. 9063, pp. 159–180). Presented at the ICITS:
    International Conference on Information Theoretic Security, Lugano, Switzerland:
    Springer. <a href="https://doi.org/10.1007/978-3-319-17470-9_10">https://doi.org/10.1007/978-3-319-17470-9_10</a>'
  chicago: Demay, Grégory, Peter Gazi, Ueli Maurer, and Björn Tackmann. “Query-Complexity
    Amplification for Random Oracles,” 9063:159–80. Springer, 2015. <a href="https://doi.org/10.1007/978-3-319-17470-9_10">https://doi.org/10.1007/978-3-319-17470-9_10</a>.
  ieee: 'G. Demay, P. Gazi, U. Maurer, and B. Tackmann, “Query-complexity amplification
    for random oracles,” presented at the ICITS: International Conference on Information
    Theoretic Security, Lugano, Switzerland, 2015, vol. 9063, pp. 159–180.'
  ista: 'Demay G, Gazi P, Maurer U, Tackmann B. 2015. Query-complexity amplification
    for random oracles. ICITS: International Conference on Information Theoretic Security,
    LNCS, vol. 9063, 159–180.'
  mla: Demay, Grégory, et al. <i>Query-Complexity Amplification for Random Oracles</i>.
    Vol. 9063, Springer, 2015, pp. 159–80, doi:<a href="https://doi.org/10.1007/978-3-319-17470-9_10">10.1007/978-3-319-17470-9_10</a>.
  short: G. Demay, P. Gazi, U. Maurer, B. Tackmann, in:, Springer, 2015, pp. 159–180.
conference:
  end_date: 2015-05-05
  location: Lugano, Switzerland
  name: 'ICITS: International Conference on Information Theoretic Security'
  start_date: 2015-05-02
date_created: 2018-12-11T11:53:13Z
date_published: 2015-01-01T00:00:00Z
date_updated: 2021-01-12T06:52:13Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-319-17470-9_10
ec_funded: 1
intvolume: '      9063'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://eprint.iacr.org/2015/315
month: '01'
oa: 1
oa_version: Submitted Version
page: 159 - 180
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5507'
quality_controlled: '1'
scopus_import: 1
status: public
title: Query-complexity amplification for random oracles
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9063
year: '2015'
...
---
_id: '1645'
abstract:
- lang: eng
  text: Secret-key constructions are often proved secure in a model where one or more
    underlying components are replaced by an idealized oracle accessible to the attacker.
    This model gives rise to information-theoretic security analyses, and several
    advances have been made in this area over the last few years. This paper provides
    a systematic overview of what is achievable in this model, and how existing works
    fit into this view.
article_number: '7133163'
author:
- first_name: Peter
  full_name: Gazi, Peter
  id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
  last_name: Gazi
- first_name: Stefano
  full_name: Tessaro, Stefano
  last_name: Tessaro
citation:
  ama: 'Gazi P, Tessaro S. Secret-key cryptography from ideal primitives: A systematic
    verview. In: <i>2015 IEEE Information Theory Workshop</i>. IEEE; 2015. doi:<a
    href="https://doi.org/10.1109/ITW.2015.7133163">10.1109/ITW.2015.7133163</a>'
  apa: 'Gazi, P., &#38; Tessaro, S. (2015). Secret-key cryptography from ideal primitives:
    A systematic verview. In <i>2015 IEEE Information Theory Workshop</i>. Jerusalem,
    Israel: IEEE. <a href="https://doi.org/10.1109/ITW.2015.7133163">https://doi.org/10.1109/ITW.2015.7133163</a>'
  chicago: 'Gazi, Peter, and Stefano Tessaro. “Secret-Key Cryptography from Ideal
    Primitives: A Systematic Verview.” In <i>2015 IEEE Information Theory Workshop</i>.
    IEEE, 2015. <a href="https://doi.org/10.1109/ITW.2015.7133163">https://doi.org/10.1109/ITW.2015.7133163</a>.'
  ieee: 'P. Gazi and S. Tessaro, “Secret-key cryptography from ideal primitives: A
    systematic verview,” in <i>2015 IEEE Information Theory Workshop</i>, Jerusalem,
    Israel, 2015.'
  ista: 'Gazi P, Tessaro S. 2015. Secret-key cryptography from ideal primitives: A
    systematic verview. 2015 IEEE Information Theory Workshop. ITW 2015: IEEE Information
    Theory Workshop, 7133163.'
  mla: 'Gazi, Peter, and Stefano Tessaro. “Secret-Key Cryptography from Ideal Primitives:
    A Systematic Verview.” <i>2015 IEEE Information Theory Workshop</i>, 7133163,
    IEEE, 2015, doi:<a href="https://doi.org/10.1109/ITW.2015.7133163">10.1109/ITW.2015.7133163</a>.'
  short: P. Gazi, S. Tessaro, in:, 2015 IEEE Information Theory Workshop, IEEE, 2015.
conference:
  end_date: 2015-05-01
  location: Jerusalem, Israel
  name: 'ITW 2015: IEEE Information Theory Workshop'
  start_date: 2015-04-26
date_created: 2018-12-11T11:53:13Z
date_published: 2015-06-24T00:00:00Z
date_updated: 2021-01-12T06:52:13Z
day: '24'
department:
- _id: KrPi
doi: 10.1109/ITW.2015.7133163
ec_funded: 1
language:
- iso: eng
month: '06'
oa_version: None
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: 2015 IEEE Information Theory Workshop
publication_status: published
publisher: IEEE
publist_id: '5506'
quality_controlled: '1'
scopus_import: 1
status: public
title: 'Secret-key cryptography from ideal primitives: A systematic verview'
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2015'
...
---
_id: '1646'
abstract:
- lang: eng
  text: 'A pseudorandom function (PRF) is a keyed function F : K × X → Y where, for
    a random key k ∈ K, the function F(k, ·) is indistinguishable from a uniformly
    random function, given black-box access. A key-homomorphic PRF has the additional
    feature that for any keys k, k'' and any input x, we have F(k+k'', x) = F(k, x)⊕F(k'',
    x) for some group operations +,⊕ on K and Y, respectively. A constrained PRF for
    a family of setsS ⊆ P(X) has the property that, given any key k and set S ∈ S,
    one can efficiently compute a “constrained” key kS that enables evaluation of
    F(k, x) on all inputs x ∈ S, while the values F(k, x) for x /∈ S remain pseudorandom
    even given kS. In this paper we construct PRFs that are simultaneously constrained
    and key homomorphic, where the homomorphic property holds even for constrained
    keys. We first show that the multilinear map-based bit-fixing and circuit-constrained
    PRFs of Boneh and Waters (Asiacrypt 2013) can be modified to also be keyhomomorphic.
    We then show that the LWE-based key-homomorphic PRFs of Banerjee and Peikert (Crypto
    2014) are essentially already prefix-constrained PRFs, using a (non-obvious) definition
    of constrained keys and associated group operation. Moreover, the constrained
    keys themselves are pseudorandom, and the constraining and evaluation functions
    can all be computed in low depth. As an application of key-homomorphic constrained
    PRFs,we construct a proxy re-encryption schemewith fine-grained access control.
    This scheme allows storing encrypted data on an untrusted server, where each file
    can be encrypted relative to some attributes, so that only parties whose constrained
    keys match the attributes can decrypt. Moreover, the server can re-key (arbitrary
    subsets of) the ciphertexts without learning anything about the plaintexts, thus
    permitting efficient and finegrained revocation.'
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Abishek
  full_name: Banerjee, Abishek
  last_name: Banerjee
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Chris
  full_name: Peikert, Chris
  last_name: Peikert
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Sophie
  full_name: Stevens, Sophie
  last_name: Stevens
citation:
  ama: 'Banerjee A, Fuchsbauer G, Peikert C, Pietrzak KZ, Stevens S. Key-homomorphic
    constrained pseudorandom functions. In: <i>12th Theory of Cryptography Conference</i>.
    Vol 9015. Springer Nature; 2015:31-60. doi:<a href="https://doi.org/10.1007/978-3-662-46497-7_2">10.1007/978-3-662-46497-7_2</a>'
  apa: 'Banerjee, A., Fuchsbauer, G., Peikert, C., Pietrzak, K. Z., &#38; Stevens,
    S. (2015). Key-homomorphic constrained pseudorandom functions. In <i>12th Theory
    of Cryptography Conference</i> (Vol. 9015, pp. 31–60). Warsaw, Poland: Springer
    Nature. <a href="https://doi.org/10.1007/978-3-662-46497-7_2">https://doi.org/10.1007/978-3-662-46497-7_2</a>'
  chicago: Banerjee, Abishek, Georg Fuchsbauer, Chris Peikert, Krzysztof Z Pietrzak,
    and Sophie Stevens. “Key-Homomorphic Constrained Pseudorandom Functions.” In <i>12th
    Theory of Cryptography Conference</i>, 9015:31–60. Springer Nature, 2015. <a href="https://doi.org/10.1007/978-3-662-46497-7_2">https://doi.org/10.1007/978-3-662-46497-7_2</a>.
  ieee: A. Banerjee, G. Fuchsbauer, C. Peikert, K. Z. Pietrzak, and S. Stevens, “Key-homomorphic
    constrained pseudorandom functions,” in <i>12th Theory of Cryptography Conference</i>,
    Warsaw, Poland, 2015, vol. 9015, pp. 31–60.
  ista: 'Banerjee A, Fuchsbauer G, Peikert C, Pietrzak KZ, Stevens S. 2015. Key-homomorphic
    constrained pseudorandom functions. 12th Theory of Cryptography Conference. TCC:
    Theory of Cryptography Conference, LNCS, vol. 9015, 31–60.'
  mla: Banerjee, Abishek, et al. “Key-Homomorphic Constrained Pseudorandom Functions.”
    <i>12th Theory of Cryptography Conference</i>, vol. 9015, Springer Nature, 2015,
    pp. 31–60, doi:<a href="https://doi.org/10.1007/978-3-662-46497-7_2">10.1007/978-3-662-46497-7_2</a>.
  short: A. Banerjee, G. Fuchsbauer, C. Peikert, K.Z. Pietrzak, S. Stevens, in:, 12th
    Theory of Cryptography Conference, Springer Nature, 2015, pp. 31–60.
conference:
  end_date: 2015-03-25
  location: Warsaw, Poland
  name: 'TCC: Theory of Cryptography Conference'
  start_date: 2015-03-23
date_created: 2018-12-11T11:53:14Z
date_published: 2015-03-01T00:00:00Z
date_updated: 2022-02-03T08:41:46Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-662-46497-7_2
ec_funded: 1
file:
- access_level: open_access
  checksum: 3c5093bda5783c89beaacabf1aa0e60e
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:15:17Z
  date_updated: 2020-07-14T12:45:08Z
  file_id: '5136'
  file_name: IST-2016-679-v1+1_180.pdf
  file_size: 450665
  relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: '      9015'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2015/180
month: '03'
oa: 1
oa_version: Submitted Version
page: 31 - 60
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: 12th Theory of Cryptography Conference
publication_identifier:
  isbn:
  - 978-3-662-46496-0
publication_status: published
publisher: Springer Nature
publist_id: '5505'
pubrep_id: '679'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Key-homomorphic constrained pseudorandom functions
type: conference
user_id: 8b945eb4-e2f2-11eb-945a-df72226e66a9
volume: 9015
year: '2015'
...
---
_id: '1647'
abstract:
- lang: eng
  text: Round-optimal blind signatures are notoriously hard to construct in the standard
    model, especially in the malicious-signer model, where blindness must hold under
    adversarially chosen keys. This is substantiated by several impossibility results.
    The only construction that can be termed theoretically efficient, by Garg and
    Gupta (Eurocrypt’14), requires complexity leveraging, inducing an exponential
    security loss. We present a construction of practically efficient round-optimal
    blind signatures in the standard model. It is conceptually simple and builds on
    the recent structure-preserving signatures on equivalence classes (SPSEQ) from
    Asiacrypt’14. While the traditional notion of blindness follows from standard
    assumptions, we prove blindness under adversarially chosen keys under an interactive
    variant of DDH. However, we neither require non-uniform assumptions nor complexity
    leveraging. We then show how to extend our construction to partially blind signatures
    and to blind signatures on message vectors, which yield a construction of one-show
    anonymous credentials à la “anonymous credentials light” (CCS’13) in the standard
    model. Furthermore, we give the first SPS-EQ construction under noninteractive
    assumptions and show how SPS-EQ schemes imply conventional structure-preserving
    signatures, which allows us to apply optimality results for the latter to SPS-EQ.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Christian
  full_name: Hanser, Christian
  last_name: Hanser
- first_name: Daniel
  full_name: Slamanig, Daniel
  last_name: Slamanig
citation:
  ama: 'Fuchsbauer G, Hanser C, Slamanig D. Practical round-optimal blind signatures
    in the standard model. In: Vol 9216. Springer; 2015:233-253. doi:<a href="https://doi.org/10.1007/978-3-662-48000-7_12">10.1007/978-3-662-48000-7_12</a>'
  apa: 'Fuchsbauer, G., Hanser, C., &#38; Slamanig, D. (2015). Practical round-optimal
    blind signatures in the standard model (Vol. 9216, pp. 233–253). Presented at
    the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States:
    Springer. <a href="https://doi.org/10.1007/978-3-662-48000-7_12">https://doi.org/10.1007/978-3-662-48000-7_12</a>'
  chicago: Fuchsbauer, Georg, Christian Hanser, and Daniel Slamanig. “Practical Round-Optimal
    Blind Signatures in the Standard Model,” 9216:233–53. Springer, 2015. <a href="https://doi.org/10.1007/978-3-662-48000-7_12">https://doi.org/10.1007/978-3-662-48000-7_12</a>.
  ieee: 'G. Fuchsbauer, C. Hanser, and D. Slamanig, “Practical round-optimal blind
    signatures in the standard model,” presented at the CRYPTO: International Cryptology
    Conference, Santa Barbara, CA, United States, 2015, vol. 9216, pp. 233–253.'
  ista: 'Fuchsbauer G, Hanser C, Slamanig D. 2015. Practical round-optimal blind signatures
    in the standard model. CRYPTO: International Cryptology Conference, LNCS, vol.
    9216, 233–253.'
  mla: Fuchsbauer, Georg, et al. <i>Practical Round-Optimal Blind Signatures in the
    Standard Model</i>. Vol. 9216, Springer, 2015, pp. 233–53, doi:<a href="https://doi.org/10.1007/978-3-662-48000-7_12">10.1007/978-3-662-48000-7_12</a>.
  short: G. Fuchsbauer, C. Hanser, D. Slamanig, in:, Springer, 2015, pp. 233–253.
conference:
  end_date: 2015-08-20
  location: Santa Barbara, CA, United States
  name: 'CRYPTO: International Cryptology Conference'
  start_date: 2015-08-16
date_created: 2018-12-11T11:53:14Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2023-02-21T16:44:51Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-662-48000-7_12
ec_funded: 1
intvolume: '      9216'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2015/626.pdf
month: '08'
oa: 1
oa_version: Submitted Version
page: 233 - 253
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5503'
quality_controlled: '1'
related_material:
  record:
  - id: '1225'
    relation: later_version
    status: public
scopus_import: 1
status: public
title: Practical round-optimal blind signatures in the standard model
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9216
year: '2015'
...
---
_id: '1648'
abstract:
- lang: eng
  text: Generalized Selective Decryption (GSD), introduced by Panjwani [TCC’07], is
    a game for a symmetric encryption scheme Enc that captures the difficulty of proving
    adaptive security of certain protocols, most notably the Logical Key Hierarchy
    (LKH) multicast encryption protocol. In the GSD game there are n keys k1,...,
    kn, which the adversary may adaptively corrupt (learn); moreover, it can ask for
    encryptions Encki (kj) of keys under other keys. The adversary’s task is to distinguish
    keys (which it cannot trivially compute) from random. Proving the hardness of
    GSD assuming only IND-CPA security of Enc is surprisingly hard. Using “complexity
    leveraging” loses a factor exponential in n, which makes the proof practically
    meaningless. We can think of the GSD game as building a graph on n vertices, where
    we add an edge i → j when the adversary asks for an encryption of kj under ki.
    If restricted to graphs of depth ℓ, Panjwani gave a reduction that loses only
    a factor exponential in ℓ (not n). To date, this is the only non-trivial result
    known for GSD. In this paper we give almost-polynomial reductions for large classes
    of graphs. Most importantly, we prove the security of the GSD game restricted
    to trees losing only a quasi-polynomial factor n3 log n+5. Trees are an important
    special case capturing real-world protocols like the LKH protocol. Our new bound
    improves upon Panjwani’s on some LKH variants proposed in the literature where
    the underlying tree is not balanced. Our proof builds on ideas from the “nested
    hybrids” technique recently introduced by Fuchsbauer et al. [Asiacrypt’14] for
    proving the adaptive security of constrained PRFs.
alternative_title:
- LNCS
author:
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Zahra
  full_name: Jafargholi, Zahra
  last_name: Jafargholi
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Fuchsbauer G, Jafargholi Z, Pietrzak KZ. A quasipolynomial reduction for generalized
    selective decryption on trees. In: Vol 9215. Springer; 2015:601-620. doi:<a href="https://doi.org/10.1007/978-3-662-47989-6_29">10.1007/978-3-662-47989-6_29</a>'
  apa: 'Fuchsbauer, G., Jafargholi, Z., &#38; Pietrzak, K. Z. (2015). A quasipolynomial
    reduction for generalized selective decryption on trees (Vol. 9215, pp. 601–620).
    Presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA,
    USA: Springer. <a href="https://doi.org/10.1007/978-3-662-47989-6_29">https://doi.org/10.1007/978-3-662-47989-6_29</a>'
  chicago: Fuchsbauer, Georg, Zahra Jafargholi, and Krzysztof Z Pietrzak. “A Quasipolynomial
    Reduction for Generalized Selective Decryption on Trees,” 9215:601–20. Springer,
    2015. <a href="https://doi.org/10.1007/978-3-662-47989-6_29">https://doi.org/10.1007/978-3-662-47989-6_29</a>.
  ieee: 'G. Fuchsbauer, Z. Jafargholi, and K. Z. Pietrzak, “A quasipolynomial reduction
    for generalized selective decryption on trees,” presented at the CRYPTO: International
    Cryptology Conference, Santa Barbara, CA, USA, 2015, vol. 9215, pp. 601–620.'
  ista: 'Fuchsbauer G, Jafargholi Z, Pietrzak KZ. 2015. A quasipolynomial reduction
    for generalized selective decryption on trees. CRYPTO: International Cryptology
    Conference, LNCS, vol. 9215, 601–620.'
  mla: Fuchsbauer, Georg, et al. <i>A Quasipolynomial Reduction for Generalized Selective
    Decryption on Trees</i>. Vol. 9215, Springer, 2015, pp. 601–20, doi:<a href="https://doi.org/10.1007/978-3-662-47989-6_29">10.1007/978-3-662-47989-6_29</a>.
  short: G. Fuchsbauer, Z. Jafargholi, K.Z. Pietrzak, in:, Springer, 2015, pp. 601–620.
conference:
  end_date: 2015-08-20
  location: Santa Barbara, CA, USA
  name: 'CRYPTO: International Cryptology Conference'
  start_date: 2015-08-16
date_created: 2018-12-11T11:53:14Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2021-01-12T06:52:14Z
day: '01'
ddc:
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-662-47989-6_29
ec_funded: 1
file:
- access_level: open_access
  checksum: 99b76b3263d5082554d0a9cbdeca3a22
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:13:31Z
  date_updated: 2020-07-14T12:45:08Z
  file_id: '5015'
  file_name: IST-2016-674-v1+1_389.pdf
  file_size: 505618
  relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: '      9215'
language:
- iso: eng
month: '08'
oa: 1
oa_version: Submitted Version
page: 601 - 620
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5502'
pubrep_id: '674'
quality_controlled: '1'
scopus_import: 1
status: public
title: A quasipolynomial reduction for generalized selective decryption on trees
tmp:
  image: /images/cc_by.png
  legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
  name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
  short: CC BY (4.0)
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9215
year: '2015'
...
---
_id: '1649'
abstract:
- lang: eng
  text: 'We extend a commitment scheme based on the learning with errors over rings
    (RLWE) problem, and present efficient companion zeroknowledge proofs of knowledge.
    Our scheme maps elements from the ring (or equivalently, n elements from '
alternative_title:
- LNCS
author:
- first_name: Fabrice
  full_name: Benhamouda, Fabrice
  last_name: Benhamouda
- first_name: Stephan
  full_name: Krenn, Stephan
  last_name: Krenn
- first_name: Vadim
  full_name: Lyubashevsky, Vadim
  last_name: Lyubashevsky
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: Benhamouda F, Krenn S, Lyubashevsky V, Pietrzak KZ. Efficient zero-knowledge
    proofs for commitments from learning with errors over rings. 2015;9326:305-325.
    doi:<a href="https://doi.org/10.1007/978-3-319-24174-6_16">10.1007/978-3-319-24174-6_16</a>
  apa: 'Benhamouda, F., Krenn, S., Lyubashevsky, V., &#38; Pietrzak, K. Z. (2015).
    Efficient zero-knowledge proofs for commitments from learning with errors over
    rings. Presented at the ESORICS: European Symposium on Research in Computer Security,
    Vienna, Austria: Springer. <a href="https://doi.org/10.1007/978-3-319-24174-6_16">https://doi.org/10.1007/978-3-319-24174-6_16</a>'
  chicago: Benhamouda, Fabrice, Stephan Krenn, Vadim Lyubashevsky, and Krzysztof Z
    Pietrzak. “Efficient Zero-Knowledge Proofs for Commitments from Learning with
    Errors over Rings.” Lecture Notes in Computer Science. Springer, 2015. <a href="https://doi.org/10.1007/978-3-319-24174-6_16">https://doi.org/10.1007/978-3-319-24174-6_16</a>.
  ieee: F. Benhamouda, S. Krenn, V. Lyubashevsky, and K. Z. Pietrzak, “Efficient zero-knowledge
    proofs for commitments from learning with errors over rings,” vol. 9326. Springer,
    pp. 305–325, 2015.
  ista: Benhamouda F, Krenn S, Lyubashevsky V, Pietrzak KZ. 2015. Efficient zero-knowledge
    proofs for commitments from learning with errors over rings. 9326, 305–325.
  mla: Benhamouda, Fabrice, et al. <i>Efficient Zero-Knowledge Proofs for Commitments
    from Learning with Errors over Rings</i>. Vol. 9326, Springer, 2015, pp. 305–25,
    doi:<a href="https://doi.org/10.1007/978-3-319-24174-6_16">10.1007/978-3-319-24174-6_16</a>.
  short: F. Benhamouda, S. Krenn, V. Lyubashevsky, K.Z. Pietrzak, 9326 (2015) 305–325.
conference:
  end_date: 2015-09-25
  location: Vienna, Austria
  name: 'ESORICS: European Symposium on Research in Computer Security'
  start_date: 2015-09-21
date_created: 2018-12-11T11:53:15Z
date_published: 2015-01-01T00:00:00Z
date_updated: 2021-01-12T06:52:14Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-319-24174-6_16
ec_funded: 1
file:
- access_level: open_access
  checksum: 6eac4a485b2aa644b2d3f753ed0b280b
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:11:28Z
  date_updated: 2020-07-14T12:45:08Z
  file_id: '4883'
  file_name: IST-2016-678-v1+1_889.pdf
  file_size: 494239
  relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: '      9326'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Published Version
page: 305 - 325
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5501'
pubrep_id: '678'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: Efficient zero-knowledge proofs for commitments from learning with errors over
  rings
tmp:
  image: /images/cc_by_nc.png
  legal_code_url: https://creativecommons.org/licenses/by-nc/4.0/legalcode
  name: Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
  short: CC BY-NC (4.0)
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9326
year: '2015'
...
---
_id: '1650'
abstract:
- lang: eng
  text: "We consider the task of deriving a key with high HILL entropy (i.e., being
    computationally indistinguishable from a key with high min-entropy) from an unpredictable
    source.\r\n\r\nPrevious to this work, the only known way to transform unpredictability
    into a key that was ϵ indistinguishable from having min-entropy was via pseudorandomness,
    for example by Goldreich-Levin (GL) hardcore bits. This approach has the inherent
    limitation that from a source with k bits of unpredictability entropy one can
    derive a key of length (and thus HILL entropy) at most k−2log(1/ϵ) bits. In many
    settings, e.g. when dealing with biometric data, such a 2log(1/ϵ) bit entropy
    loss in not an option. Our main technical contribution is a theorem that states
    that in the high entropy regime, unpredictability implies HILL entropy. Concretely,
    any variable K with |K|−d bits of unpredictability entropy has the same amount
    of so called metric entropy (against real-valued, deterministic distinguishers),
    which is known to imply the same amount of HILL entropy. The loss in circuit size
    in this argument is exponential in the entropy gap d, and thus this result only
    applies for small d (i.e., where the size of distinguishers considered is exponential
    in d).\r\n\r\nTo overcome the above restriction, we investigate if it’s possible
    to first “condense” unpredictability entropy and make the entropy gap small. We
    show that any source with k bits of unpredictability can be condensed into a source
    of length k with k−3 bits of unpredictability entropy. Our condenser simply “abuses&quot;
    the GL construction and derives a k bit key from a source with k bits of unpredicatibily.
    The original GL theorem implies nothing when extracting that many bits, but we
    show that in this regime, GL still behaves like a “condenser&quot; for unpredictability.
    This result comes with two caveats (1) the loss in circuit size is exponential
    in k and (2) we require that the source we start with has no HILL entropy (equivalently,
    one can efficiently check if a guess is correct). We leave it as an intriguing
    open problem to overcome these restrictions or to prove they’re inherent."
alternative_title:
- LNCS
author:
- first_name: Maciej
  full_name: Skórski, Maciej
  last_name: Skórski
- first_name: Alexander
  full_name: Golovnev, Alexander
  last_name: Golovnev
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Skórski M, Golovnev A, Pietrzak KZ. Condensed unpredictability . In: Vol 9134.
    Springer; 2015:1046-1057. doi:<a href="https://doi.org/10.1007/978-3-662-47672-7_85">10.1007/978-3-662-47672-7_85</a>'
  apa: 'Skórski, M., Golovnev, A., &#38; Pietrzak, K. Z. (2015). Condensed unpredictability  (Vol.
    9134, pp. 1046–1057). Presented at the ICALP: Automata, Languages and Programming,
    Kyoto, Japan: Springer. <a href="https://doi.org/10.1007/978-3-662-47672-7_85">https://doi.org/10.1007/978-3-662-47672-7_85</a>'
  chicago: Skórski, Maciej, Alexander Golovnev, and Krzysztof Z Pietrzak. “Condensed
    Unpredictability ,” 9134:1046–57. Springer, 2015. <a href="https://doi.org/10.1007/978-3-662-47672-7_85">https://doi.org/10.1007/978-3-662-47672-7_85</a>.
  ieee: 'M. Skórski, A. Golovnev, and K. Z. Pietrzak, “Condensed unpredictability
    ,” presented at the ICALP: Automata, Languages and Programming, Kyoto, Japan,
    2015, vol. 9134, pp. 1046–1057.'
  ista: 'Skórski M, Golovnev A, Pietrzak KZ. 2015. Condensed unpredictability . ICALP:
    Automata, Languages and Programming, LNCS, vol. 9134, 1046–1057.'
  mla: Skórski, Maciej, et al. <i>Condensed Unpredictability </i>. Vol. 9134, Springer,
    2015, pp. 1046–57, doi:<a href="https://doi.org/10.1007/978-3-662-47672-7_85">10.1007/978-3-662-47672-7_85</a>.
  short: M. Skórski, A. Golovnev, K.Z. Pietrzak, in:, Springer, 2015, pp. 1046–1057.
conference:
  end_date: 2015-07-10
  location: Kyoto, Japan
  name: 'ICALP: Automata, Languages and Programming'
  start_date: 2015-07-06
date_created: 2018-12-11T11:53:15Z
date_published: 2015-06-20T00:00:00Z
date_updated: 2021-01-12T06:52:15Z
day: '20'
ddc:
- '000'
- '005'
department:
- _id: KrPi
doi: 10.1007/978-3-662-47672-7_85
ec_funded: 1
file:
- access_level: open_access
  checksum: e808c7eecb631336fc9f9bf2e8d4ecae
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:08:32Z
  date_updated: 2020-07-14T12:45:08Z
  file_id: '4693'
  file_name: IST-2016-675-v1+1_384.pdf
  file_size: 525503
  relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: '      9134'
language:
- iso: eng
month: '06'
oa: 1
oa_version: Published Version
page: 1046 - 1057
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5500'
pubrep_id: '675'
quality_controlled: '1'
scopus_import: 1
status: public
title: 'Condensed unpredictability '
tmp:
  image: /images/cc_by.png
  legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
  name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
  short: CC BY (4.0)
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9134
year: '2015'
...
---
_id: '1651'
abstract:
- lang: eng
  text: Cryptographic e-cash allows off-line electronic transactions between a bank,
    users and merchants in a secure and anonymous fashion. A plethora of e-cash constructions
    has been proposed in the literature; however, these traditional e-cash schemes
    only allow coins to be transferred once between users and merchants. Ideally,
    we would like users to be able to transfer coins between each other multiple times
    before deposit, as happens with physical cash. “Transferable” e-cash schemes are
    the solution to this problem. Unfortunately, the currently proposed schemes are
    either completely impractical or do not achieve the desirable anonymity properties
    without compromises, such as assuming the existence of a trusted “judge” who can
    trace all coins and users in the system. This paper presents the first efficient
    and fully anonymous transferable e-cash scheme without any trusted third parties.
    We start by revising the security and anonymity properties of transferable e-cash
    to capture issues that were previously overlooked. For our construction we use
    the recently proposed malleable signatures by Chase et al. to allow the secure
    and anonymous transfer of coins, combined with a new efficient double-spending
    detection mechanism. Finally, we discuss an instantiation of our construction.
acknowledgement: Work done as an intern in Microsoft Research Redmond and as a student
  at Brown University, where supported by NSF grant 0964379. Supported by the European
  Research Council, ERC Starting Grant (259668-PSPC).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Foteini
  full_name: Baldimtsi, Foteini
  last_name: Baldimtsi
- first_name: Melissa
  full_name: Chase, Melissa
  last_name: Chase
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Markulf
  full_name: Kohlweiss, Markulf
  last_name: Kohlweiss
citation:
  ama: 'Baldimtsi F, Chase M, Fuchsbauer G, Kohlweiss M. Anonymous transferable e-cash.
    In: <i>Public-Key Cryptography - PKC 2015</i>. Vol 9020. Springer; 2015:101-124.
    doi:<a href="https://doi.org/10.1007/978-3-662-46447-2_5">10.1007/978-3-662-46447-2_5</a>'
  apa: 'Baldimtsi, F., Chase, M., Fuchsbauer, G., &#38; Kohlweiss, M. (2015). Anonymous
    transferable e-cash. In <i>Public-Key Cryptography - PKC 2015</i> (Vol. 9020,
    pp. 101–124). Gaithersburg, MD, United States: Springer. <a href="https://doi.org/10.1007/978-3-662-46447-2_5">https://doi.org/10.1007/978-3-662-46447-2_5</a>'
  chicago: Baldimtsi, Foteini, Melissa Chase, Georg Fuchsbauer, and Markulf Kohlweiss.
    “Anonymous Transferable E-Cash.” In <i>Public-Key Cryptography - PKC 2015</i>,
    9020:101–24. Springer, 2015. <a href="https://doi.org/10.1007/978-3-662-46447-2_5">https://doi.org/10.1007/978-3-662-46447-2_5</a>.
  ieee: F. Baldimtsi, M. Chase, G. Fuchsbauer, and M. Kohlweiss, “Anonymous transferable
    e-cash,” in <i>Public-Key Cryptography - PKC 2015</i>, Gaithersburg, MD, United
    States, 2015, vol. 9020, pp. 101–124.
  ista: 'Baldimtsi F, Chase M, Fuchsbauer G, Kohlweiss M. 2015. Anonymous transferable
    e-cash. Public-Key Cryptography - PKC 2015. PKC: Public Key Crypography, LNCS,
    vol. 9020, 101–124.'
  mla: Baldimtsi, Foteini, et al. “Anonymous Transferable E-Cash.” <i>Public-Key Cryptography
    - PKC 2015</i>, vol. 9020, Springer, 2015, pp. 101–24, doi:<a href="https://doi.org/10.1007/978-3-662-46447-2_5">10.1007/978-3-662-46447-2_5</a>.
  short: F. Baldimtsi, M. Chase, G. Fuchsbauer, M. Kohlweiss, in:, Public-Key Cryptography
    - PKC 2015, Springer, 2015, pp. 101–124.
conference:
  end_date: 2015-04-01
  location: Gaithersburg, MD, United States
  name: 'PKC: Public Key Crypography'
  start_date: 2015-03-30
date_created: 2018-12-11T11:53:15Z
date_published: 2015-03-17T00:00:00Z
date_updated: 2022-05-23T10:08:37Z
day: '17'
department:
- _id: KrPi
doi: 10.1007/978-3-662-46447-2_5
ec_funded: 1
intvolume: '      9020'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://doi.org/10.1007/978-3-662-46447-2_5
month: '03'
oa: 1
oa_version: Published Version
page: 101 - 124
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: Public-Key Cryptography - PKC 2015
publication_identifier:
  isbn:
  - 978-3-662-46446-5
publication_status: published
publisher: Springer
publist_id: '5499'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Anonymous transferable e-cash
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9020
year: '2015'
...
---
_id: '1652'
abstract:
- lang: eng
  text: We develop new theoretical tools for proving lower-bounds on the (amortized)
    complexity of certain functions in models of parallel computation. We apply the
    tools to construct a class of functions with high amortized memory complexity
    in the parallel Random Oracle Model (pROM); a variant of the standard ROM allowing
    for batches of simultaneous queries. In particular we obtain a new, more robust,
    type of Memory-Hard Functions (MHF); a security primitive which has recently been
    gaining acceptance in practice as an effective means of countering brute-force
    attacks on security relevant functions. Along the way we also demonstrate an important
    shortcoming of previous definitions of MHFs and give a new definition addressing
    the problem. The tools we develop represent an adaptation of the powerful pebbling
    paradigm (initially introduced by Hewitt and Paterson [HP70] and Cook [Coo73])
    to a simple and intuitive parallel setting. We define a simple pebbling game Gp
    over graphs which aims to abstract parallel computation in an intuitive way. As
    a conceptual contribution we define a measure of pebbling complexity for graphs
    called cumulative complexity (CC) and show how it overcomes a crucial shortcoming
    (in the parallel setting) exhibited by more traditional complexity measures used
    in the past. As a main technical contribution we give an explicit construction
    of a constant in-degree family of graphs whose CC in Gp approaches maximality
    to within a polylogarithmic factor for any graph of equal size (analogous to the
    graphs of Tarjan et. al. [PTC76, LT82] for sequential pebbling games). Finally,
    for a given graph G and related function fG, we derive a lower-bound on the amortized
    memory complexity of fG in the pROM in terms of the CC of G in the game Gp.
author:
- first_name: Joel F
  full_name: Alwen, Joel F
  id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
  last_name: Alwen
- first_name: Vladimir
  full_name: Serbinenko, Vladimir
  last_name: Serbinenko
citation:
  ama: 'Alwen JF, Serbinenko V. High parallel complexity graphs and memory-hard functions.
    In: <i>Proceedings of the 47th Annual ACM Symposium on Theory of Computing</i>.
    ACM; 2015:595-603. doi:<a href="https://doi.org/10.1145/2746539.2746622">10.1145/2746539.2746622</a>'
  apa: 'Alwen, J. F., &#38; Serbinenko, V. (2015). High parallel complexity graphs
    and memory-hard functions. In <i>Proceedings of the 47th annual ACM symposium
    on Theory of computing</i> (pp. 595–603). Portland, OR, United States: ACM. <a
    href="https://doi.org/10.1145/2746539.2746622">https://doi.org/10.1145/2746539.2746622</a>'
  chicago: Alwen, Joel F, and Vladimir Serbinenko. “High Parallel Complexity Graphs
    and Memory-Hard Functions.” In <i>Proceedings of the 47th Annual ACM Symposium
    on Theory of Computing</i>, 595–603. ACM, 2015. <a href="https://doi.org/10.1145/2746539.2746622">https://doi.org/10.1145/2746539.2746622</a>.
  ieee: J. F. Alwen and V. Serbinenko, “High parallel complexity graphs and memory-hard
    functions,” in <i>Proceedings of the 47th annual ACM symposium on Theory of computing</i>,
    Portland, OR, United States, 2015, pp. 595–603.
  ista: 'Alwen JF, Serbinenko V. 2015. High parallel complexity graphs and memory-hard
    functions. Proceedings of the 47th annual ACM symposium on Theory of computing.
    STOC: Symposium on the Theory of Computing, 595–603.'
  mla: Alwen, Joel F., and Vladimir Serbinenko. “High Parallel Complexity Graphs and
    Memory-Hard Functions.” <i>Proceedings of the 47th Annual ACM Symposium on Theory
    of Computing</i>, ACM, 2015, pp. 595–603, doi:<a href="https://doi.org/10.1145/2746539.2746622">10.1145/2746539.2746622</a>.
  short: J.F. Alwen, V. Serbinenko, in:, Proceedings of the 47th Annual ACM Symposium
    on Theory of Computing, ACM, 2015, pp. 595–603.
conference:
  end_date: 2015-06-17
  location: Portland, OR, United States
  name: 'STOC: Symposium on the Theory of Computing'
  start_date: 2015-06-14
date_created: 2018-12-11T11:53:16Z
date_published: 2015-06-01T00:00:00Z
date_updated: 2021-01-12T06:52:16Z
day: '01'
department:
- _id: KrPi
doi: 10.1145/2746539.2746622
ec_funded: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://eprint.iacr.org/2014/238
month: '06'
oa: 1
oa_version: Submitted Version
page: 595 - 603
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: Proceedings of the 47th annual ACM symposium on Theory of computing
publication_status: published
publisher: ACM
publist_id: '5498'
quality_controlled: '1'
scopus_import: 1
status: public
title: High parallel complexity graphs and memory-hard functions
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2015'
...
---
_id: '1654'
abstract:
- lang: eng
  text: "HMAC and its variant NMAC are the most popular approaches to deriving a MAC
    (and more generally, a PRF) from a cryptographic hash function. Despite nearly
    two decades of research, their exact security still remains far from understood
    in many different contexts. Indeed, recent works have re-surfaced interest for
    {\\em generic} attacks, i.e., attacks that treat the compression function of the
    underlying hash function as a black box.\r\n\r\nGeneric security can be proved
    in a model where the underlying compression function is modeled as a random function
    -- yet, to date, the question of proving tight, non-trivial bounds on the generic
    security of HMAC/NMAC even as a PRF remains a challenging open question.\r\n\r\nIn
    this paper, we ask the question of whether a small modification to HMAC and NMAC
    can allow us to exactly characterize the security of the resulting constructions,
    while only incurring little penalty with respect to efficiency. To this end, we
    present simple variants of NMAC and HMAC, for which we prove tight bounds on the
    generic PRF security, expressed in terms of numbers of construction and compression
    function queries necessary to break the construction. All of our constructions
    are obtained via a (near) {\\em black-box} modification of NMAC and HMAC, which
    can be interpreted as an initial step of key-dependent message pre-processing.\r\n\r\nWhile
    our focus is on PRF security, a further attractive feature of our new constructions
    is that they clearly defeat all recent generic attacks against properties such
    as state recovery and universal forgery. These exploit properties of the so-called
    ``functional graph'' which are not directly accessible in our new constructions. "
alternative_title:
- LNCS
author:
- first_name: Peter
  full_name: Gazi, Peter
  id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
  last_name: Gazi
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Stefano
  full_name: Tessaro, Stefano
  last_name: Tessaro
citation:
  ama: Gazi P, Pietrzak KZ, Tessaro S. Generic security of NMAC and HMAC with input
    whitening. 2015;9453:85-109. doi:<a href="https://doi.org/10.1007/978-3-662-48800-3_4">10.1007/978-3-662-48800-3_4</a>
  apa: 'Gazi, P., Pietrzak, K. Z., &#38; Tessaro, S. (2015). Generic security of NMAC
    and HMAC with input whitening. Presented at the ASIACRYPT: Theory and Application
    of Cryptology and Information Security, Auckland, New Zealand: Springer. <a href="https://doi.org/10.1007/978-3-662-48800-3_4">https://doi.org/10.1007/978-3-662-48800-3_4</a>'
  chicago: Gazi, Peter, Krzysztof Z Pietrzak, and Stefano Tessaro. “Generic Security
    of NMAC and HMAC with Input Whitening.” Lecture Notes in Computer Science. Springer,
    2015. <a href="https://doi.org/10.1007/978-3-662-48800-3_4">https://doi.org/10.1007/978-3-662-48800-3_4</a>.
  ieee: P. Gazi, K. Z. Pietrzak, and S. Tessaro, “Generic security of NMAC and HMAC
    with input whitening,” vol. 9453. Springer, pp. 85–109, 2015.
  ista: Gazi P, Pietrzak KZ, Tessaro S. 2015. Generic security of NMAC and HMAC with
    input whitening. 9453, 85–109.
  mla: Gazi, Peter, et al. <i>Generic Security of NMAC and HMAC with Input Whitening</i>.
    Vol. 9453, Springer, 2015, pp. 85–109, doi:<a href="https://doi.org/10.1007/978-3-662-48800-3_4">10.1007/978-3-662-48800-3_4</a>.
  short: P. Gazi, K.Z. Pietrzak, S. Tessaro, 9453 (2015) 85–109.
conference:
  end_date: 2015-12-03
  location: Auckland, New Zealand
  name: 'ASIACRYPT: Theory and Application of Cryptology and Information Security'
  start_date: 2015-11-29
date_created: 2018-12-11T11:53:17Z
date_published: 2015-12-30T00:00:00Z
date_updated: 2021-01-12T06:52:16Z
day: '30'
ddc:
- '004'
- '005'
department:
- _id: KrPi
doi: 10.1007/978-3-662-48800-3_4
ec_funded: 1
file:
- access_level: open_access
  checksum: d1e53203db2d8573a560995ccdffac62
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:09:09Z
  date_updated: 2020-07-14T12:45:08Z
  file_id: '4732'
  file_name: IST-2016-676-v1+1_881.pdf
  file_size: 512071
  relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: '      9453'
language:
- iso: eng
month: '12'
oa: 1
oa_version: Submitted Version
page: 85 - 109
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5496'
pubrep_id: '676'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: Generic security of NMAC and HMAC with input whitening
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9453
year: '2015'
...
---
_id: '1668'
abstract:
- lang: eng
  text: "We revisit the security (as a pseudorandom permutation) of cascading-based
    constructions for block-cipher key-length extension. Previous works typically
    considered the extreme case where the adversary is given the entire codebook of
    the construction, the only complexity measure being the number qe of queries to
    the underlying ideal block cipher, representing adversary’s secret-key-independent
    computation. Here, we initiate a systematic study of the more natural case of
    an adversary restricted to adaptively learning a number qc of plaintext/ciphertext
    pairs that is less than the entire codebook. For any such qc, we aim to determine
    the highest number of block-cipher queries qe the adversary can issue without
    being able to successfully distinguish the construction (under a secret key) from
    a random permutation.\r\nMore concretely, we show the following results for key-length
    extension schemes using a block cipher with n-bit blocks and κ-bit keys:\r\nPlain
    cascades of length ℓ=2r+1 are secure whenever qcqre≪2r(κ+n), qc≪2κ and qe≪22κ.
    The bound for r=1 also applies to two-key triple encryption (as used within Triple
    DES).\r\nThe r-round XOR-cascade is secure as long as qcqre≪2r(κ+n), matching
    an attack by Gaži (CRYPTO 2013).\r\nWe fully characterize the security of Gaži
    and Tessaro’s two-call "
alternative_title:
- LNCS
author:
- first_name: Peter
  full_name: Gazi, Peter
  id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
  last_name: Gazi
- first_name: Jooyoung
  full_name: Lee, Jooyoung
  last_name: Lee
- first_name: Yannick
  full_name: Seurin, Yannick
  last_name: Seurin
- first_name: John
  full_name: Steinberger, John
  last_name: Steinberger
- first_name: Stefano
  full_name: Tessaro, Stefano
  last_name: Tessaro
citation:
  ama: 'Gazi P, Lee J, Seurin Y, Steinberger J, Tessaro S. Relaxing full-codebook
    security: A refined analysis of key-length extension schemes. 2015;9054:319-341.
    doi:<a href="https://doi.org/10.1007/978-3-662-48116-5_16">10.1007/978-3-662-48116-5_16</a>'
  apa: 'Gazi, P., Lee, J., Seurin, Y., Steinberger, J., &#38; Tessaro, S. (2015).
    Relaxing full-codebook security: A refined analysis of key-length extension schemes.
    Presented at the FSE: Fast Software Encryption, Istanbul, Turkey: Springer. <a
    href="https://doi.org/10.1007/978-3-662-48116-5_16">https://doi.org/10.1007/978-3-662-48116-5_16</a>'
  chicago: 'Gazi, Peter, Jooyoung Lee, Yannick Seurin, John Steinberger, and Stefano
    Tessaro. “Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension
    Schemes.” Lecture Notes in Computer Science. Springer, 2015. <a href="https://doi.org/10.1007/978-3-662-48116-5_16">https://doi.org/10.1007/978-3-662-48116-5_16</a>.'
  ieee: 'P. Gazi, J. Lee, Y. Seurin, J. Steinberger, and S. Tessaro, “Relaxing full-codebook
    security: A refined analysis of key-length extension schemes,” vol. 9054. Springer,
    pp. 319–341, 2015.'
  ista: 'Gazi P, Lee J, Seurin Y, Steinberger J, Tessaro S. 2015. Relaxing full-codebook
    security: A refined analysis of key-length extension schemes. 9054, 319–341.'
  mla: 'Gazi, Peter, et al. <i>Relaxing Full-Codebook Security: A Refined Analysis
    of Key-Length Extension Schemes</i>. Vol. 9054, Springer, 2015, pp. 319–41, doi:<a
    href="https://doi.org/10.1007/978-3-662-48116-5_16">10.1007/978-3-662-48116-5_16</a>.'
  short: P. Gazi, J. Lee, Y. Seurin, J. Steinberger, S. Tessaro, 9054 (2015) 319–341.
conference:
  end_date: 2015-03-11
  location: Istanbul, Turkey
  name: 'FSE: Fast Software Encryption'
  start_date: 2015-03-08
date_created: 2018-12-11T11:53:22Z
date_published: 2015-08-12T00:00:00Z
date_updated: 2020-08-11T10:09:26Z
day: '12'
department:
- _id: KrPi
doi: 10.1007/978-3-662-48116-5_16
ec_funded: 1
intvolume: '      9054'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://eprint.iacr.org/2015/397
month: '08'
oa: 1
oa_version: Submitted Version
page: 319 - 341
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5481'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: 'Relaxing full-codebook security: A refined analysis of key-length extension
  schemes'
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9054
year: '2015'
...
---
_id: '1669'
abstract:
- lang: eng
  text: Computational notions of entropy (a.k.a. pseudoentropy) have found many applications,
    including leakage-resilient cryptography, deterministic encryption or memory delegation.
    The most important tools to argue about pseudoentropy are chain rules, which quantify
    by how much (in terms of quantity and quality) the pseudoentropy of a given random
    variable X decreases when conditioned on some other variable Z (think for example
    of X as a secret key and Z as information leaked by a side-channel). In this paper
    we give a very simple and modular proof of the chain rule for HILL pseudoentropy,
    improving best known parameters. Our version allows for increasing the acceptable
    length of leakage in applications up to a constant factor compared to the best
    previous bounds. As a contribution of independent interest, we provide a comprehensive
    study of all known versions of the chain rule, comparing their worst-case strength
    and limitations.
alternative_title:
- LNCS
author:
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Maciej
  full_name: Skórski, Maciej
  last_name: Skórski
citation:
  ama: Pietrzak KZ, Skórski M. The chain rule for HILL pseudoentropy, revisited. 2015;9230:81-98.
    doi:<a href="https://doi.org/10.1007/978-3-319-22174-8_5">10.1007/978-3-319-22174-8_5</a>
  apa: 'Pietrzak, K. Z., &#38; Skórski, M. (2015). The chain rule for HILL pseudoentropy,
    revisited. Presented at the LATINCRYPT: Cryptology and Information Security in
    Latin America, Guadalajara, Mexico: Springer. <a href="https://doi.org/10.1007/978-3-319-22174-8_5">https://doi.org/10.1007/978-3-319-22174-8_5</a>'
  chicago: Pietrzak, Krzysztof Z, and Maciej Skórski. “The Chain Rule for HILL Pseudoentropy,
    Revisited.” Lecture Notes in Computer Science. Springer, 2015. <a href="https://doi.org/10.1007/978-3-319-22174-8_5">https://doi.org/10.1007/978-3-319-22174-8_5</a>.
  ieee: K. Z. Pietrzak and M. Skórski, “The chain rule for HILL pseudoentropy, revisited,”
    vol. 9230. Springer, pp. 81–98, 2015.
  ista: Pietrzak KZ, Skórski M. 2015. The chain rule for HILL pseudoentropy, revisited.
    9230, 81–98.
  mla: Pietrzak, Krzysztof Z., and Maciej Skórski. <i>The Chain Rule for HILL Pseudoentropy,
    Revisited</i>. Vol. 9230, Springer, 2015, pp. 81–98, doi:<a href="https://doi.org/10.1007/978-3-319-22174-8_5">10.1007/978-3-319-22174-8_5</a>.
  short: K.Z. Pietrzak, M. Skórski, 9230 (2015) 81–98.
conference:
  end_date: 2015-08-26
  location: Guadalajara, Mexico
  name: 'LATINCRYPT: Cryptology and Information Security in Latin America'
  start_date: 2015-08-23
date_created: 2018-12-11T11:53:22Z
date_published: 2015-08-15T00:00:00Z
date_updated: 2021-01-12T06:52:24Z
day: '15'
ddc:
- '005'
department:
- _id: KrPi
doi: 10.1007/978-3-319-22174-8_5
ec_funded: 1
file:
- access_level: open_access
  checksum: 8cd4215b83efba720e8cf27c23ff4781
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:18:29Z
  date_updated: 2020-07-14T12:45:11Z
  file_id: '5351'
  file_name: IST-2016-669-v1+1_599.pdf
  file_size: 443340
  relation: main_file
file_date_updated: 2020-07-14T12:45:11Z
has_accepted_license: '1'
intvolume: '      9230'
language:
- iso: eng
month: '08'
oa: 1
oa_version: Submitted Version
page: 81 - 98
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5480'
pubrep_id: '669'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: The chain rule for HILL pseudoentropy, revisited
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9230
year: '2015'
...
---
_id: '1671'
abstract:
- lang: eng
  text: This paper studies the concrete security of PRFs and MACs obtained by keying
    hash functions based on the sponge paradigm. One such hash function is KECCAK,
    selected as NIST’s new SHA-3 standard. In contrast to other approaches like HMAC,
    the exact security of keyed sponges is not well understood. Indeed, recent security
    analyses delivered concrete security bounds which are far from existing attacks.
    This paper aims to close this gap. We prove (nearly) exact bounds on the concrete
    PRF security of keyed sponges using a random permutation. These bounds are tight
    for the most relevant ranges of parameters, i.e., for messages of length (roughly)
    l ≤ min{2n/4, 2r} blocks, where n is the state size and r is the desired output
    length; and for l ≤ q queries (to the construction or the underlying permutation).
    Moreover, we also improve standard-model bounds. As an intermediate step of independent
    interest, we prove tight bounds on the PRF security of the truncated CBC-MAC construction,
    which operates as plain CBC-MAC, but only returns a prefix of the output.
alternative_title:
- LNCS
author:
- first_name: Peter
  full_name: Gazi, Peter
  id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
  last_name: Gazi
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Stefano
  full_name: Tessaro, Stefano
  last_name: Tessaro
citation:
  ama: 'Gazi P, Pietrzak KZ, Tessaro S. The exact PRF security of truncation: Tight
    bounds for keyed sponges and truncated CBC. In: Vol 9215. Springer; 2015:368-387.
    doi:<a href="https://doi.org/10.1007/978-3-662-47989-6_18">10.1007/978-3-662-47989-6_18</a>'
  apa: 'Gazi, P., Pietrzak, K. Z., &#38; Tessaro, S. (2015). The exact PRF security
    of truncation: Tight bounds for keyed sponges and truncated CBC (Vol. 9215, pp.
    368–387). Presented at the CRYPTO: International Cryptology Conference, Santa
    Barbara, CA, United States: Springer. <a href="https://doi.org/10.1007/978-3-662-47989-6_18">https://doi.org/10.1007/978-3-662-47989-6_18</a>'
  chicago: 'Gazi, Peter, Krzysztof Z Pietrzak, and Stefano Tessaro. “The Exact PRF
    Security of Truncation: Tight Bounds for Keyed Sponges and Truncated CBC,” 9215:368–87.
    Springer, 2015. <a href="https://doi.org/10.1007/978-3-662-47989-6_18">https://doi.org/10.1007/978-3-662-47989-6_18</a>.'
  ieee: 'P. Gazi, K. Z. Pietrzak, and S. Tessaro, “The exact PRF security of truncation:
    Tight bounds for keyed sponges and truncated CBC,” presented at the CRYPTO: International
    Cryptology Conference, Santa Barbara, CA, United States, 2015, vol. 9215, pp.
    368–387.'
  ista: 'Gazi P, Pietrzak KZ, Tessaro S. 2015. The exact PRF security of truncation:
    Tight bounds for keyed sponges and truncated CBC. CRYPTO: International Cryptology
    Conference, LNCS, vol. 9215, 368–387.'
  mla: 'Gazi, Peter, et al. <i>The Exact PRF Security of Truncation: Tight Bounds
    for Keyed Sponges and Truncated CBC</i>. Vol. 9215, Springer, 2015, pp. 368–87,
    doi:<a href="https://doi.org/10.1007/978-3-662-47989-6_18">10.1007/978-3-662-47989-6_18</a>.'
  short: P. Gazi, K.Z. Pietrzak, S. Tessaro, in:, Springer, 2015, pp. 368–387.
conference:
  end_date: 2015-08-20
  location: Santa Barbara, CA, United States
  name: 'CRYPTO: International Cryptology Conference'
  start_date: 2015-08-16
date_created: 2018-12-11T11:53:23Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2021-01-12T06:52:25Z
day: '01'
ddc:
- '004'
- '005'
department:
- _id: KrPi
doi: 10.1007/978-3-662-47989-6_18
ec_funded: 1
file:
- access_level: open_access
  checksum: 17d854227b3b753fd34f5d29e5b5a32e
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:10:38Z
  date_updated: 2020-07-14T12:45:11Z
  file_id: '4827'
  file_name: IST-2016-673-v1+1_053.pdf
  file_size: 592296
  relation: main_file
file_date_updated: 2020-07-14T12:45:11Z
has_accepted_license: '1'
intvolume: '      9215'
language:
- iso: eng
month: '08'
oa: 1
oa_version: Submitted Version
page: 368 - 387
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5478'
pubrep_id: '673'
quality_controlled: '1'
scopus_import: 1
status: public
title: 'The exact PRF security of truncation: Tight bounds for keyed sponges and truncated
  CBC'
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9215
year: '2015'
...
---
_id: '1672'
abstract:
- lang: eng
  text: Composable notions of incoercibility aim to forbid a coercer from using anything
    beyond the coerced parties’ inputs and outputs to catch them when they try to
    deceive him. Existing definitions are restricted to weak coercion types, and/or
    are not universally composable. Furthermore, they often make too strong assumptions
    on the knowledge of coerced parties—e.g., they assume they known the identities
    and/or the strategies of other coerced parties, or those of corrupted parties—
    which makes them unsuitable for applications of incoercibility such as e-voting,
    where colluding adversarial parties may attempt to coerce honest voters, e.g.,
    by offering them money for a promised vote, and use their own view to check that
    the voter keeps his end of the bargain. In this work we put forward the first
    universally composable notion of incoercible multi-party computation, which satisfies
    the above intuition and does not assume collusions among coerced parties or knowledge
    of the corrupted set. We define natural notions of UC incoercibility corresponding
    to standard coercion-types, i.e., receipt-freeness and resistance to full-active
    coercion. Importantly, our suggested notion has the unique property that it builds
    on top of the well studied UC framework by Canetti instead of modifying it. This
    guarantees backwards compatibility, and allows us to inherit results from the
    rich UC literature. We then present MPC protocols which realize our notions of
    UC incoercibility given access to an arguably minimal setup—namely honestly generate
    tamper-proof hardware performing a very simple cryptographic operation—e.g., a
    smart card. This is, to our knowledge, the first proposed construction of an MPC
    protocol (for more than two parties) that is incoercibly secure and universally
    composable, and therefore the first construction of a universally composable receipt-free
    e-voting protocol.
acknowledgement: Joël Alwen was supported by the ERC starting grant (259668-PSPC).
  Rafail Ostrovsky was supported in part by NSF grants 09165174, 1065276, 1118126
  and 1136174, US-Israel BSF grant 2008411, OKAWA Foundation Research Award, IBM Faculty
  Research Award, Xerox Faculty Research Award, B. John Garrick Foundation Award,
  Teradata Research Award, Lockheed-Martin Corporation Research Award, and the Defense
  Advanced Research Projects Agency through the U.S. Office of Naval Research under
  Contract N00014 -11 -1-0392. The views expressed are those of the author and do
  not reflect the official policy or position of the Department of Defense or the
  U.S. Government. Vassilis Zikas was supported in part by the Swiss National Science
  Foundation (SNF) via the Ambizione grant PZ00P-2142549.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Joel F
  full_name: Alwen, Joel F
  id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
  last_name: Alwen
- first_name: Rafail
  full_name: Ostrovsky, Rafail
  last_name: Ostrovsky
- first_name: Hongsheng
  full_name: Zhou, Hongsheng
  last_name: Zhou
- first_name: Vassilis
  full_name: Zikas, Vassilis
  last_name: Zikas
citation:
  ama: 'Alwen JF, Ostrovsky R, Zhou H, Zikas V. Incoercible multi-party computation
    and universally composable receipt-free voting. In: <i>Advances in Cryptology
    - CRYPTO 2015</i>. Vol 9216. Lecture Notes in Computer Science. Springer; 2015:763-780.
    doi:<a href="https://doi.org/10.1007/978-3-662-48000-7_37">10.1007/978-3-662-48000-7_37</a>'
  apa: 'Alwen, J. F., Ostrovsky, R., Zhou, H., &#38; Zikas, V. (2015). Incoercible
    multi-party computation and universally composable receipt-free voting. In <i>Advances
    in Cryptology - CRYPTO 2015</i> (Vol. 9216, pp. 763–780). Santa Barbara, CA, United
    States: Springer. <a href="https://doi.org/10.1007/978-3-662-48000-7_37">https://doi.org/10.1007/978-3-662-48000-7_37</a>'
  chicago: Alwen, Joel F, Rafail Ostrovsky, Hongsheng Zhou, and Vassilis Zikas. “Incoercible
    Multi-Party Computation and Universally Composable Receipt-Free Voting.” In <i>Advances
    in Cryptology - CRYPTO 2015</i>, 9216:763–80. Lecture Notes in Computer Science.
    Springer, 2015. <a href="https://doi.org/10.1007/978-3-662-48000-7_37">https://doi.org/10.1007/978-3-662-48000-7_37</a>.
  ieee: J. F. Alwen, R. Ostrovsky, H. Zhou, and V. Zikas, “Incoercible multi-party
    computation and universally composable receipt-free voting,” in <i>Advances in
    Cryptology - CRYPTO 2015</i>, Santa Barbara, CA, United States, 2015, vol. 9216,
    pp. 763–780.
  ista: 'Alwen JF, Ostrovsky R, Zhou H, Zikas V. 2015. Incoercible multi-party computation
    and universally composable receipt-free voting. Advances in Cryptology - CRYPTO
    2015. CRYPTO: International Cryptology ConferenceLecture Notes in Computer Science,
    LNCS, vol. 9216, 763–780.'
  mla: Alwen, Joel F., et al. “Incoercible Multi-Party Computation and Universally
    Composable Receipt-Free Voting.” <i>Advances in Cryptology - CRYPTO 2015</i>,
    vol. 9216, Springer, 2015, pp. 763–80, doi:<a href="https://doi.org/10.1007/978-3-662-48000-7_37">10.1007/978-3-662-48000-7_37</a>.
  short: J.F. Alwen, R. Ostrovsky, H. Zhou, V. Zikas, in:, Advances in Cryptology
    - CRYPTO 2015, Springer, 2015, pp. 763–780.
conference:
  end_date: 2015-08-20
  location: Santa Barbara, CA, United States
  name: 'CRYPTO: International Cryptology Conference'
  start_date: 2015-08-16
date_created: 2018-12-11T11:53:23Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2022-06-07T09:51:55Z
day: '01'
ddc:
- '000'
department:
- _id: KrPi
doi: 10.1007/978-3-662-48000-7_37
ec_funded: 1
file:
- access_level: open_access
  checksum: 5b6649e80d1f781a8910f7cce6427f78
  content_type: application/pdf
  creator: dernst
  date_created: 2020-05-15T08:55:29Z
  date_updated: 2020-07-14T12:45:11Z
  file_id: '7853'
  file_name: 2015_CRYPTO_Alwen.pdf
  file_size: 397363
  relation: main_file
file_date_updated: 2020-07-14T12:45:11Z
has_accepted_license: '1'
intvolume: '      9216'
language:
- iso: eng
month: '08'
oa: 1
oa_version: Submitted Version
page: 763 - 780
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: Advances in Cryptology - CRYPTO 2015
publication_identifier:
  eisbn:
  - 978-3-662-48000-7
  isbn:
  - 978-3-662-47999-5
publication_status: published
publisher: Springer
publist_id: '5476'
quality_controlled: '1'
scopus_import: '1'
series_title: Lecture Notes in Computer Science
status: public
title: Incoercible multi-party computation and universally composable receipt-free
  voting
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9216
year: '2015'
...
---
_id: '1675'
abstract:
- lang: eng
  text: Proofs of work (PoW) have been suggested by Dwork and Naor (Crypto’92) as
    protection to a shared resource. The basic idea is to ask the service requestor
    to dedicate some non-trivial amount of computational work to every request. The
    original applications included prevention of spam and protection against denial
    of service attacks. More recently, PoWs have been used to prevent double spending
    in the Bitcoin digital currency system. In this work, we put forward an alternative
    concept for PoWs - so-called proofs of space (PoS), where a service requestor
    must dedicate a significant amount of disk space as opposed to computation. We
    construct secure PoS schemes in the random oracle model (with one additional mild
    assumption required for the proof to go through), using graphs with high “pebbling
    complexity” and Merkle hash-trees. We discuss some applications, including follow-up
    work where a decentralized digital currency scheme called Spacecoin is constructed
    that uses PoS (instead of wasteful PoW like in Bitcoin) to prevent double spending.
    The main technical contribution of this work is the construction of (directed,
    loop-free) graphs on N vertices with in-degree O(log logN) such that even if one
    places Θ(N) pebbles on the nodes of the graph, there’s a constant fraction of
    nodes that needs Θ(N) steps to be pebbled (where in every step one can put a pebble
    on a node if all its parents have a pebble).
alternative_title:
- LNCS
author:
- first_name: Stefan
  full_name: Dziembowski, Stefan
  last_name: Dziembowski
- first_name: Sebastian
  full_name: Faust, Sebastian
  last_name: Faust
- first_name: Vladimir
  full_name: Kolmogorov, Vladimir
  id: 3D50B0BA-F248-11E8-B48F-1D18A9856A87
  last_name: Kolmogorov
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: Dziembowski S, Faust S, Kolmogorov V, Pietrzak KZ. Proofs of space. 2015;9216:585-605.
    doi:<a href="https://doi.org/10.1007/978-3-662-48000-7_29">10.1007/978-3-662-48000-7_29</a>
  apa: 'Dziembowski, S., Faust, S., Kolmogorov, V., &#38; Pietrzak, K. Z. (2015).
    Proofs of space. Presented at the CRYPTO: International Cryptology Conference,
    Santa Barbara, CA, United States: Springer. <a href="https://doi.org/10.1007/978-3-662-48000-7_29">https://doi.org/10.1007/978-3-662-48000-7_29</a>'
  chicago: Dziembowski, Stefan, Sebastian Faust, Vladimir Kolmogorov, and Krzysztof
    Z Pietrzak. “Proofs of Space.” Lecture Notes in Computer Science. Springer, 2015.
    <a href="https://doi.org/10.1007/978-3-662-48000-7_29">https://doi.org/10.1007/978-3-662-48000-7_29</a>.
  ieee: S. Dziembowski, S. Faust, V. Kolmogorov, and K. Z. Pietrzak, “Proofs of space,”
    vol. 9216. Springer, pp. 585–605, 2015.
  ista: Dziembowski S, Faust S, Kolmogorov V, Pietrzak KZ. 2015. Proofs of space.
    9216, 585–605.
  mla: Dziembowski, Stefan, et al. <i>Proofs of Space</i>. Vol. 9216, Springer, 2015,
    pp. 585–605, doi:<a href="https://doi.org/10.1007/978-3-662-48000-7_29">10.1007/978-3-662-48000-7_29</a>.
  short: S. Dziembowski, S. Faust, V. Kolmogorov, K.Z. Pietrzak, 9216 (2015) 585–605.
conference:
  end_date: 2015-08-20
  location: Santa Barbara, CA, United States
  name: 'CRYPTO: International Cryptology Conference'
  start_date: 2015-08-16
date_created: 2018-12-11T11:53:24Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2023-02-23T10:35:50Z
day: '01'
department:
- _id: VlKo
- _id: KrPi
doi: 10.1007/978-3-662-48000-7_29
ec_funded: 1
intvolume: '      9216'
language:
- iso: eng
month: '08'
oa_version: None
page: 585 - 605
project:
- _id: 25FBA906-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '616160'
  name: 'Discrete Optimization in Computer Vision: Theory and Practice'
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5474'
pubrep_id: '671'
quality_controlled: '1'
related_material:
  record:
  - id: '2274'
    relation: earlier_version
    status: public
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: Proofs of space
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9216
year: '2015'
...
---
_id: '1474'
abstract:
- lang: eng
  text: Cryptographic access control offers selective access to encrypted data via
    a combination of key management and functionality-rich cryptographic schemes,
    such as attribute-based encryption. Using this approach, publicly available meta-data
    may inadvertently leak information on the access policy that is enforced by cryptography,
    which renders cryptographic access control unusable in settings where this information
    is highly sensitive. We begin to address this problem by presenting rigorous definitions
    for policy privacy in cryptographic access control. For concreteness we set our
    results in the model of Role-Based Access Control (RBAC), where we identify and
    formalize several different flavors of privacy, however, our framework should
    serve as inspiration for other models of access control. Based on our insights
    we propose a new system which significantly improves on the privacy properties
    of state-of-the-art constructions. Our design is based on a novel type of privacy-preserving
    attribute-based encryption, which we introduce and show how to instantiate. We
    present our results in the context of a cryptographic RBAC system by Ferrara et
    al. (CSF'13), which uses cryptography to control read access to files, while write
    access is still delegated to trusted monitors. We give an extension of the construction
    that permits cryptographic control over write access. Our construction assumes
    that key management uses out-of-band channels between the policy enforcer and
    the users but eliminates completely the need for monitoring read/write access
    to the data.
article_processing_charge: No
author:
- first_name: Anna
  full_name: Ferrara, Anna
  last_name: Ferrara
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Bin
  full_name: Liu, Bin
  last_name: Liu
- first_name: Bogdan
  full_name: Warinschi, Bogdan
  last_name: Warinschi
citation:
  ama: 'Ferrara A, Fuchsbauer G, Liu B, Warinschi B. Policy privacy in cryptographic
    access control. In: IEEE; 2015:46-60. doi:<a href="https://doi.org/10.1109/CSF.2015.11">10.1109/CSF.2015.11</a>'
  apa: 'Ferrara, A., Fuchsbauer, G., Liu, B., &#38; Warinschi, B. (2015). Policy privacy
    in cryptographic access control (pp. 46–60). Presented at the CSF: Computer Security
    Foundations, Verona, Italy: IEEE. <a href="https://doi.org/10.1109/CSF.2015.11">https://doi.org/10.1109/CSF.2015.11</a>'
  chicago: Ferrara, Anna, Georg Fuchsbauer, Bin Liu, and Bogdan Warinschi. “Policy
    Privacy in Cryptographic Access Control,” 46–60. IEEE, 2015. <a href="https://doi.org/10.1109/CSF.2015.11">https://doi.org/10.1109/CSF.2015.11</a>.
  ieee: 'A. Ferrara, G. Fuchsbauer, B. Liu, and B. Warinschi, “Policy privacy in cryptographic
    access control,” presented at the CSF: Computer Security Foundations, Verona,
    Italy, 2015, pp. 46–60.'
  ista: 'Ferrara A, Fuchsbauer G, Liu B, Warinschi B. 2015. Policy privacy in cryptographic
    access control. CSF: Computer Security Foundations, 46–60.'
  mla: Ferrara, Anna, et al. <i>Policy Privacy in Cryptographic Access Control</i>.
    IEEE, 2015, pp. 46–60, doi:<a href="https://doi.org/10.1109/CSF.2015.11">10.1109/CSF.2015.11</a>.
  short: A. Ferrara, G. Fuchsbauer, B. Liu, B. Warinschi, in:, IEEE, 2015, pp. 46–60.
conference:
  end_date: 2015-07-17
  location: Verona, Italy
  name: 'CSF: Computer Security Foundations'
  start_date: 2015-07-13
date_created: 2018-12-11T11:52:14Z
date_published: 2015-09-04T00:00:00Z
date_updated: 2021-01-12T06:50:59Z
day: '04'
department:
- _id: KrPi
doi: 10.1109/CSF.2015.11
ec_funded: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://epubs.surrey.ac.uk/808055/
month: '09'
oa: 1
oa_version: Submitted Version
page: 46-60
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: IEEE
publist_id: '5722'
quality_controlled: '1'
status: public
title: Policy privacy in cryptographic access control
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2015'
...