Browse ORBi

- What it is and what it isn't
- Green Road / Gold Road?
- Ready to Publish. Now What?
- How can I support the OA movement?
- Where can I learn more?

ORBi

QKD parameter estimation by two-universal hashing leads to faster convergence to the asymptotic rate Ostrev, Dimiter E-print/Working paper (2021) This paper proposes and proves security of a QKD protocol which uses two-universal hashing instead of random sampling to estimate the number of bit flip and phase flip errors. For this protocol, the ... [more ▼] This paper proposes and proves security of a QKD protocol which uses two-universal hashing instead of random sampling to estimate the number of bit flip and phase flip errors. For this protocol, the difference between asymptotic and finite key rate decreases with the number $n$ of qubits as $cn^{-1}$, where $c$ depends on the security parameter. For comparison, the same difference decreases no faster than $c'n^{-1/3}$ for an optimized protocol that uses random sampling and has the same asymptotic rate, where $c'$ depends on the security parameter and the error rate. [less ▲] Detailed reference viewed: 34 (1 UL)Deniable encryption, authentication, and key exchange Ostrev, Dimiter E-print/Working paper (2020) We present some foundational ideas related to deniable encryption, message authentication, and key exchange in classical cryptography. We give detailed proofs of results that were previously only sketched ... [more ▼] We present some foundational ideas related to deniable encryption, message authentication, and key exchange in classical cryptography. We give detailed proofs of results that were previously only sketched in the literature. In some cases, we reach the same conclusions as in previous papers; in other cases, the focus on rigorous proofs leads us to different formulations of the results. [less ▲] Detailed reference viewed: 136 (5 UL)An introduction to the theory of unconditionally secure message authentication using the constructive cryptography framework Ostrev, Dimiter E-print/Working paper (2019) We provide an introduction to certain ideas from the theory of unconditionally secure message authentication. We explain the notions of impersonation and substitution attacks, and explain how protection ... [more ▼] We provide an introduction to certain ideas from the theory of unconditionally secure message authentication. We explain the notions of impersonation and substitution attacks, and explain how protection against these two types of attack implies composable, information theoretic security. We explain the relation of authentication protocols to universal hashing. We give both probabilistic and explicit constructions proving the existence of one way authentication protocols using a short secret key and we prove matching lower bounds on the required secret key size. Then, we turn attention to interactive authentication protocols. We explain the message size reduction technique used by Gemmell and Naor and later Naor, Segev and Smith, and how it leads to protocols with secret key size independent of the message length. We also prove a matching lower bound on the secret key entropy. We generalize the lower bound proof of Naor, Segev and Smith and remove the assumption that the message is revealed in the first flow of the protocol. [less ▲] Detailed reference viewed: 114 (12 UL)Composable, Unconditionally Secure Message Authentication without any Secret Key Ostrev, Dimiter in 2019 IEEE International Symposium on Information Theory (ISIT), Paris, France, 2019 (2019) We consider a setup in which the channel from Alice to Bob is less noisy than the channel from Eve to Bob. We show that there exist encoding and decoding which accomplish error correction and ... [more ▼] We consider a setup in which the channel from Alice to Bob is less noisy than the channel from Eve to Bob. We show that there exist encoding and decoding which accomplish error correction and authentication simultaneously; that is, Bob is able to correctly decode a message coming from Alice and reject a message coming from Eve with high probability. The system does not require any secret key shared between Alice and Bob, provides information theoretic security, and can safely be composed with other protocols in an arbitrary context. [less ▲] Detailed reference viewed: 86 (8 UL)On the Relation Between SIM and IND-RoR Security Models for PAKEs with Forward Secrecy Lopez Becerra, José Miguel ; Iovino, Vincenzo ; Ostrev, Dimiter et al in E-Business and Telecommunications - 2019 (2019) Password-based Authenticated Key-Exchange (PAKE) protocols allow the establishment of secure communication entirely based on the knowledge of a shared password. Over the last two decades, we have ... [more ▼] Password-based Authenticated Key-Exchange (PAKE) protocols allow the establishment of secure communication entirely based on the knowledge of a shared password. Over the last two decades, we have witnessed the debut of a number of prominent security models for PAKE protocols, whose aim is to capture the desired security properties that such protocols must satisfy when executed in the presence of an active adversary. These models are usually classified into (i) indistinguishability-based (IND-based) or (ii) simulation-based (SIM-based). However, the relation between these two security notions is unclear and mentioned as a gap in the literature. In this work, we prove that SIM-BMP security from Boyko et al. (EUROCRYPT 2000) implies IND-RoR security from Abdalla et al. (PKC 2005) and that IND-RoR security is equivalent to a slightly modified version of SIM-BMP security. We also investigate whether IND-RoR security implies (unmodified) SIM-BMP security. The results obtained also hold when forward secrecy is incorporated into the security models in question. [less ▲] Detailed reference viewed: 144 (10 UL)Forward Secrecy for SPAKE2 Lopez Becerra, José Miguel ; Ostrev, Dimiter ; in Baek, Joonsang; Willy, Susilo (Eds.) Provable Security (2018, October 25) Currently, the Simple Password-Based Encrypted Key Exchange (SPAKE2) protocol of Abdalla and Pointcheval (CT-RSA 2005) is being considered by the IETF for standardization and integration in TLS 1.3 ... [more ▼] Currently, the Simple Password-Based Encrypted Key Exchange (SPAKE2) protocol of Abdalla and Pointcheval (CT-RSA 2005) is being considered by the IETF for standardization and integration in TLS 1.3. Although it has been proven secure in the Find-then-Guess model of Bellare, Pointcheval and Rogaway (EUROCRYPT 2000), whether it satisfies some notion of forward secrecy remains an open question. In this work, we prove that the SPAKE2 protocol satisfies the so-called weak forward secrecy introduced by Krawczyk (CRYPTO 2005). Furthermore, we demonstrate that the incorporation of key-confirmation codes in SPAKE2 results in a protocol that provably satisfies the stronger notion of perfect forward secrecy. As forward secrecy is an explicit requirement for cipher suites supported in the TLS handshake, we believe this work could fill the gap in the literature and facilitate the adoption of SPAKE2 in the recently approved TLS 1.3. [less ▲] Detailed reference viewed: 91 (16 UL)Entanglement of Approximate Quantum Strategies in XOR Games Ostrev, Dimiter ; in Quantum Information and Computation (2018), 18(7&8), 06170631 We characterize the amount of entanglement that is sufficient to play any XOR game near-optimally. We show that for any XOR game $G$ and $\eps>0$ there is an $\eps$-optimal strategy for $G$ using $\lceil ... [more ▼] We characterize the amount of entanglement that is sufficient to play any XOR game near-optimally. We show that for any XOR game $G$ and $\eps>0$ there is an $\eps$-optimal strategy for $G$ using $\lceil \eps^{-1} \rceil$ ebits of entanglement, irrespective of the number of questions in the game. By considering the family of XOR games CHSH($n$) introduced by Slofstra (Jour. Math. Phys. 2011), we show that this bound is nearly tight: for any $\eps>0$ there is an $n = \Theta(\eps^{-1/5})$ such that $\Omega(\eps^{-1/5})$ ebits are required for any strategy achieving bias that is at least a multiplicative factor $(1-\eps)$ from optimal in CHSH($n$). [less ▲] Detailed reference viewed: 77 (3 UL)Tightly-Secure PAK(E) Lopez Becerra, José Miguel ; Iovino, Vincenzo ; Ostrev, Dimiter et al in Cryptology and Network Security (2017, December 02) We present a security reduction for the PAK protocol instantiated over Gap Diffie-Hellman Groups that is tighter than previously known reductions. We discuss the implications of our results for concrete ... [more ▼] We present a security reduction for the PAK protocol instantiated over Gap Diffie-Hellman Groups that is tighter than previously known reductions. We discuss the implications of our results for concrete security. Our proof is the first to show that the PAK protocol can provide meaningful security guarantees for values of the parameters typical in today’s world. [less ▲] Detailed reference viewed: 216 (36 UL)Deniability in Quantum Cryptography Atashpendar, Arash ; Roenne, Peter ; Ostrev, Dimiter et al Poster (2017, June 14) This poster describes ongoing work on deniability in quantum cryptography, an area of research that remains almost entirely unexplored in the quantum information processing literature. Deniability is a ... [more ▼] This poster describes ongoing work on deniability in quantum cryptography, an area of research that remains almost entirely unexplored in the quantum information processing literature. Deniability is a well-known and fundamental concept in classical cryptography and it can be defined as the ability for the sender of a message to deny the contents of a message or the very act of having participated in an exchange, e.g. having sent the said message. We discuss deniability in the context of quantum key exchange and address a particular problem, first discovered by Donald Beaver, where he claims that all QKD protocols are undeniable. The claim is that while we do get a one-time pad (OTP) using QKD, it does not provide the property of key equivocation as it is expected in the Shannon sense for a OTP. Intuitively, this difficulty lies in the quantum channel alone and it has to do with the fact that in QKD, while we generate entropy by expanding an initially short pre-shared key into an arbitrary longer secret key, we do so by exchanging information over a quantum as well as a classical channel, which could potentially leave a binding transcript of Alice's decisions to the final secret key. This is in contrast with the implicit assumption that Eve knows nothing about how two given parties have established their shared OTP in the first place. We discuss the importance of deniability in cryptography and its wide range of applications, along with cryptographic primitives other than key exchange where deniability might be a desired property. Finally, we present a series of fundamental open questions in this area of research and discuss quantum cryptographic primitives that lend themselves to devising deniable protocols. [less ▲] Detailed reference viewed: 289 (24 UL)On the Relation Between SIM and IND-RoR Security Models for PAKEs Lopez Becerra, José Miguel ; Iovino, Vincenzo ; Ostrev, Dimiter et al in Proceedings of the International Conference on Security and Cryptography (2017) Password-based Authenticated Key-Exchange (PAKE) protocols allow users, who need only to share a password, to compute a high-entropy shared session key despite passwords being taken from a dictionary ... [more ▼] Password-based Authenticated Key-Exchange (PAKE) protocols allow users, who need only to share a password, to compute a high-entropy shared session key despite passwords being taken from a dictionary. Security models for PAKE protocols aim to capture the desired security properties that such protocols must satisfy when executed in the presence of an active adversary. They are usually classified into i) indistinguishability-based (IND-based) or ii) simulation-based (SIM-based). The relation between these two security notions is unclear and mentioned as a gap in the literature. In this work, we prove that SIM-BMP security from Boyko et al.~(EUROCRYPT 2000) implies IND-RoR security from Abdalla et al.~(PKC 2005) and that IND-RoR security implies a slightly modified version of SIM-BMP security. We also investigate whether IND-RoR security implies (unmodified) SIM-BMP security. [less ▲] Detailed reference viewed: 265 (16 UL) |
||