Universally-composable privacy amplification from causality constraints

We consider schemes for secret key distribution which use as a resource correlations that violate Bell inequalities. We provide the first security proof for such schemes, according to the strongest notion of security, the so called universally-composable security. Our security proof does not rely on the validity of quantum mechanics, it solely relies on the impossibility of arbitrarily-fast signaling between separate physical systems. This allows for secret communication in situations where the participants distrust their quantum devices.Comment: 4 page

Efficient Conditional Proxy Re-encryption with Chosen-Ciphertext Security

Recently, a variant of proxy re-encryption, named conditional proxy re-encryption (C-PRE), has been introduced. Compared with traditional proxy re-encryption, C-PRE enables the delegator to implement fine-grained delegation of decryption rights, and thus is more useful in many applications. In this paper, based on a careful observation on the existing definitions and security notions for C-PRE, we reformalize more rigorous definition and security notions for C-PRE. We further propose a more efficient C-PRE scheme, and prove its chosenciphertext security under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. In addition, we point out that a recent C-PRE scheme fails to achieve the chosen-ciphertext security

Sealed containers in Z

Physical means of securing information, such as sealed envelopes and scratch cards, can be used to achieve cryptographic objectives. Reasoning about this has so far been informal. We give a model of distinguishable sealed envelopes in Z, exploring design decisions and further analysis and development of such models

Security analysis of standard authentication and key agreement protocols utilising timestamps

We propose a generic modelling technique that can be used to extend existing frameworks for theoretical security analysis in order to capture the use of timestamps. We apply this technique to two of the most popular models adopted in literature (Bellare-Rogaway and Canetti-Krawczyk). We analyse previous results obtained using these models in light of the proposed extensions, and demonstrate their application to a new class of protocols. In the timed CK model we concentrate on modular design and analysis of protocols, and propose a more efficient timed authenticator relying on timestamps. The structure of this new authenticator implies that an authentication mechanism standardised in ISO-9798 is secure. Finally, we use our timed extension to the BR model to establish the security of an efficient ISO protocol for key transport and unilateral entity authentication

Non-malleable encryption: simpler, shorter, stronger

In a seminal paper, Dolev et al. [15] introduced the notion of non-malleable encryption (NM-CPA). This notion is very intriguing since it suffices for many applications of chosen-ciphertext secure encryption (IND-CCA), and, yet, can be generically built from semantically secure (IND-CPA) encryption, as was shown in the seminal works by Pass et al. [29] and by Choi et al. [9], the latter of which provided a black-box construction. In this paper we investigate three questions related to NM-CPA security: 1. Can the rate of the construction by Choi et al. of NM-CPA from IND-CPA be improved? 2. Is it possible to achieve multi-bit NM-CPA security more efficiently from a single-bit NM-CPA scheme than from IND-CPA? 3. Is there a notion stronger than NM-CPA that has natural applications and can be achieved from IND-CPA security? We answer all three questions in the positive. First, we improve the rate in the scheme of Choi et al. by a factor O(λ), where λ is the security parameter. Still, encrypting a message of size O(λ) would require ciphertext and keys of size O(λ2) times that of the IND-CPA scheme, even in our improved scheme. Therefore, we show a more efficient domain extension technique for building a λ-bit NM-CPA scheme from a single-bit NM-CPA scheme with keys and ciphertext of size O(λ) times that of the NM-CPA one-bit scheme. To achieve our goal, we define and construct a novel type of continuous non-malleable code (NMC), called secret-state NMC, as we show that standard continuous NMCs are not enough for the natural “encode-then-encrypt-bit-by-bit” approach to work. Finally, we introduce a new security notion for public-key encryption that we dub non-malleability under (chosen-ciphertext) self-destruct attacks (NM-SDA). After showing that NM-SDA is a strict strengthening of NM-CPA and allows for more applications, we nevertheless show that both of our results—(faster) construction from IND-CPA and domain extension from one-bit scheme—also hold for our stronger NM-SDA security. In particular, the notions of IND-CPA, NM-CPA, and NM-SDA security are all equivalent, lying (plausibly, strictly?) below IND-CCA securit

Postprocessing for quantum random number generators: entropy evaluation and randomness extraction

Quantum random-number generators (QRNGs) can offer a means to generate information-theoretically provable random numbers, in principle. In practice, unfortunately, the quantum randomness is inevitably mixed with classical randomness due to classical noises. To distill this quantum randomness, one needs to quantify the randomness of the source and apply a randomness extractor. Here, we propose a generic framework for evaluating quantum randomness of real-life QRNGs by min-entropy, and apply it to two different existing quantum random-number systems in the literature. Moreover, we provide a guideline of QRNG data postprocessing for which we implement two information-theoretically provable randomness extractors: Toeplitz-hashing extractor and Trevisan's extractor.Comment: 13 pages, 2 figure

Sublinear-Time Algorithms for Monomer-Dimer Systems on Bounded Degree Graphs

For a graph $G$, let $Z(G,\lambda)$ be the partition function of the monomer-dimer system defined by $\sum_k m_k(G)\lambda^k$, where $m_k(G)$ is the number of matchings of size $k$ in $G$. We consider graphs of bounded degree and develop a sublinear-time algorithm for estimating $\log Z(G,\lambda)$ at an arbitrary value $\lambda>0$ within additive error $\epsilon n$ with high probability. The query complexity of our algorithm does not depend on the size of $G$ and is polynomial in $1/\epsilon$, and we also provide a lower bound quadratic in $1/\epsilon$ for this problem. This is the first analysis of a sublinear-time approximation algorithm for a # P-complete problem. Our approach is based on the correlation decay of the Gibbs distribution associated with $Z(G,\lambda)$. We show that our algorithm approximates the probability for a vertex to be covered by a matching, sampled according to this Gibbs distribution, in a near-optimal sublinear time. We extend our results to approximate the average size and the entropy of such a matching within an additive error with high probability, where again the query complexity is polynomial in $1/\epsilon$ and the lower bound is quadratic in $1/\epsilon$. Our algorithms are simple to implement and of practical use when dealing with massive datasets. Our results extend to other systems where the correlation decay is known to hold as for the independent set problem up to the critical activity