-
Topics in Cryptology - CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, San Francisco, CA, USA, February 27 - March 2, 2012. Proceedings; 01/2012
-
12/2011;
-
[show abstract]
[hide abstract]
ABSTRACT: Recent breakthrough results by Brakerski et
al and Dodis et
al have shown that signature schemes can be made secure even if the adversary continually obtains information leakage from the secret key of the scheme. However, the schemes currently do not allow leakage on the
secret key and randomness during signing, except in the random oracle model. Further, the random oracle based schemes require updates to the secret key in order to
maintain security, even when no leakage during computation is present.
We present the first signature scheme that is resilient to full continual leakage: memory leakage as well as leakage from
processing during signing (both from the secret key and the randomness), in key generation, and in update. Our scheme can
tolerate leakage of a 1 – o(1) fraction of the secret key between updates, and is proven secure in the standard model based on the symmetric external
DDH (SXDH) assumption in bilinear groups. The time periods between updates are a function of the amount of leakage in the
period (and nothing more).
As an additional technical contribution, we introduce a new tool: independent pre-image resistant hash functions, which may
be of independent interest.
03/2011: pages 89-106;
-
[show abstract]
[hide abstract]
ABSTRACT: A fair two-party coin tossing protocol is one in which both parties output the same bit that is almost uniformly distributed
(i.e., it equals 0 and 1 with probability that is at most negligibly far from one half). It is well known that it is impossible to achieve fair coin tossing even in the presence of fail-stop adversaries (Cleve, FOCS 1986). In fact, Cleve showed that
for every coin tossing protocol running for r rounds, an efficient fail-stop adversary can bias the output by Ω(1/r). Since this is the best possible, a protocol that limits the bias of any adversary to O(1/r) is called optimally-fair. The only optimally-fair protocol that is known to exist relies on the existence of oblivious transfer, because it uses general
secure computation (Moran, Naor and Segev, TCC 2009). However, it is possible to achieve a bias of O(1/Ör)O(1/\sqrt{r}) in r rounds relying only on the assumption that there exist one-way functions. In this paper we show that it is impossible to
achieve optimally-fair coin tossing via a black-box construction from one-way functions for r that is less than O(n/logn), where n is the input/output length of the one-way function used. An important corollary of this is that it is impossible to construct
an optimally-fair coin tossing protocol via a black-box construction from one-way functions whose round complexity is independent of the security parameter n determining the security of the one-way function being used. Informally speaking, the main ingredient of our proof is to
eliminate the random-oracle from “secure” protocols with “low round-complexity” and simulate the protocol securely against
semi-honest adversaries in the plain model. We believe our simulation lemma to be of broader interest.
Keywordsblack-box separations–coin tossing–optimally-fair coin tossing–round-complexity–lower-bound
03/2011: pages 450-467;
-
IACR Cryptology ePrint Archive. 01/2011; 2011:482.
-
First ACM Conference on Data and Application Security and Privacy, CODASPY 2011, San Antonio, TX, USA, February 21-23, 2011, Proceedings; 01/2011
-
IACR Cryptology ePrint Archive. 01/2011; 2011:611.
-
Theory of Cryptography - 8th Theory of Cryptography Conference, TCC 2011, Providence, RI, USA, March 28-30, 2011. Proceedings; 01/2011
-
IACR Cryptology ePrint Archive. 01/2011; 2011:257.
-
IACR Cryptology ePrint Archive. 01/2011; 2011:708.
-
Applied Cryptography and Network Security - 9th International Conference, ACNS 2011, Nerja, Spain, June 7-10, 2011. Proceedings; 01/2011
-
Twenty-Seventh Annual Computer Security Applications Conference, ACSAC 2011, Orlando, FL, USA, 5-9 December 2011; 01/2011
-
Advances in Cryptology - ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Seoul, South Korea, December 4-8, 2011. Proceedings; 01/2011
-
Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings; 01/2011
-
IACR Cryptology ePrint Archive. 01/2010; 2010:503.
-
IACR Cryptology ePrint Archive. 01/2010; 2010:522.
-
[show abstract]
[hide abstract]
ABSTRACT: Video surveillance is an intrusive operation that violates privacy. It is therefore desirable to devise surveillance protocols
that minimize or even eliminate privacy intrusion. A principled way of doing so is to resort to Secure Multi-Party methods,
that are provably secure, and adapt them to various vision algorithms. In this chapter, we describe an Oblivious Image Matching
protocol which is a secure protocol for image matching. Image matching is a generalization of detection and recognition tasks
since detection can be viewed as matching a particular image to a given object class (i.e., does this image contain a face?)
while recognition can be viewed as matching an image of a particular instance of a class to another image of the same instance
(i.e., does this image contain a particular car?). And instead of applying the Oblivious Image Matching to the entire image
one can apply it to various sub-images, thus solving the localization problem (i.e., where is the gun in the image?). A leading
approach to object detection and recognition is the bag-offeatures approach, where each object is reduced to a set of features
and matching objects is reduced to matching their corresponding sets of features. Oblivious Image Matching uses a secure fuzzy
match of string and sets as its building block. In the proposed protocol, two parties, Alice and Bob, wish to match their
images, without leaking additional information. We use a novel cryptographic protocol for fuzzy matching and adopt it to the
bag-of-features approach. Fuzzy matching compares two sets (or strings) and declares them to match if a certain percentage
of their elements match. To apply fuzzy matching to images, we represent images as a set of visual words that can be fed to
the secure fuzzy matching protocol. The fusion of a novel cryptographic protocol and recent advances in computer vision results
in a secure and efficient protocol for image matching. Experiments on real images are presented.
07/2009: pages 49-64;
-
Applied Cryptography and Network Security, 7th International Conference, ACNS 2009, Paris-Rocquencourt, France, June 2-5, 2009. Proceedings; 01/2009
-
Advances in Cryptology - EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings; 01/2009
-
Theory of Computing. 01/2009; 5:257-282.
