Plaintext awareness in identity-based key encapsulation

The notion of plaintext awareness ( PA ) has many applications in public key cryptography: it offers unique, stand-alone security guarantees for public key encryption schemes, has been used as a sufficient condition for proving indistinguishability against adaptive chosen-ciphertext attacks ( IND-CCA ), and can be used to construct privacy-preserving protocols such as deniable authentication. Unlike many other security notions, plaintext awareness is very fragile when it comes to differences between the random oracle and standard models; for example, many implications involving PA in the random oracle model are not valid in the standard model and vice versa. Similarly, strategies for proving PA of schemes in one model cannot be adapted to the other model. Existing research addresses PA in detail only in the public key setting. This paper gives the first formal exploration of plaintext awareness in the identity-based setting and, as initial work, proceeds in the random oracle model. The focus is laid mainly on identity-based key encapsulation mechanisms (IB-KEMs), for which the paper presents the first definitions of plaintext awareness, highlights the role of PA in proof strategies of IND-CCA security, and explores relationships between PA and other security properties. On the practical side, our work offers the first, highly efficient, general approach for building IB-KEMs that are simultaneously plaintext-aware and IND-CCA -secure. Our construction is inspired by the Fujisaki-Okamoto (FO) transform, but demands weaker and more natural properties of its building blocks. This result comes from a new look at the notion of γ -uniformity that was inherent in the original FO transform. We show that for IB-KEMs (and PK-KEMs), this assumption can be replaced with a weaker computational notion, which is in fact implied by one-wayness. Finally, we give the first concrete IB-KEM scheme that is PA and IND-CCA -secure by applying our construction to a popular IB-KEM and optimizing it for better performance.

Modelling after-the-fact leakage for key exchange

Security models for two-party authenticated key exchange (AKE) protocols have developed over time to prove the security of AKE protocols even when the adversary learns certain secret values. In this work, we address more granular leakage: partial leakage of long-term secrets of protocol principals, even after the session key is established. We introduce a generic key exchange security model, which can be instantiated allowing bounded or continuous leakage, even when the adversary learns certain ephemeral secrets or session keys. Our model is the strongest known partial-leakage-based security model for key exchange protocols. We propose a generic construction of a two-pass leakage-resilient key exchange protocol that is secure in the proposed model, by introducing a new concept: the leakage-resilient NAXOS trick. We identify a special property for public-key cryptosystems: pair generation indistinguishability, and show how to obtain the leakage-resilient NAXOS trick from a pair generation indistinguishable leakage-resilient public-key cryptosystem.

New security notions and relations for public-key encryption

Since their introduction, the notions of indistinguishability and non-malleability have been changed and extended by different authors to support different goals. In this paper, we propose new flavors of these notions, investigate their relative strengths with respect to previous notions, and provide the full picture of relationships (i.e., implications and separations) among the security notions for public-key encryption schemes. We take into account the two general security goals of indistinguishability and non-malleability, each in the message space, key space, and hybrid message-key space to find six specific goals, a couple of them, namely complete indistinguishability and key non-malleability, are new. Then for each pair of goals, coming from the indistinguishability or non-malleability classes, we prove either an implication or a separation, completing the full picture of relationships among all these security notions. The implications and separations are respectively supported by formal proofs (i.e., reductions) in the concrete-security framework and by counterexamples.

Parallel authentication and public-key encryption

A parallel authentication and public-key encryption is introduced and exemplified on joint encryption and signing which compares favorably with sequential Encrypt-then-Sign (ɛtS) or Sign-then-Encrypt (Stɛ) schemes as far as both efficiency and security are concerned. A security model for signcryption, and thus joint encryption and signing, has been recently defined which considers possible attacks and security goals. Such a scheme is considered secure if the encryption part guarantees indistinguishability and the signature part prevents existential forgeries, for outsider but also insider adversaries. We propose two schemes of parallel signcryption, which are efficient alternative to Commit-then-Sign-and- Encrypt (Ct&G3&S). They are both provably secure in the random oracle model. The first one, called generic parallel encrypt and sign, is secure if the encryption scheme is semantically secure against chosen-ciphertext attacks and the signature scheme prevents existential forgeries against random-message attacks. The second scheme, called optimal parallel encrypt. and sign, applies random oracles similar to the OAEP technique in order to achieve security using encryption and signature components with very weak security requirements — encryption is expected to be one-way under chosen-plaintext attacks while signature needs to be secure against universal forgeries under random-plaintext attack, that is actually the case for both the plain-RSA encryption and signature under the usual RSA assumption. Both proposals are generic in the sense that any suitable encryption and signature schemes (i.e. which simply achieve required security) can be used. Furthermore they allow both parallel encryption and signing, as well as parallel decryption and verification. Properties of parallel encrypt and sign schemes are considered and a new security standard for parallel signcryption is proposed.

对称加密方案的密文验证安全性

文中研究由密文的完整性检查而导致的数据保密性问题,提出一个新的安全概念——加密方案在密文验证攻击下的不可区分性(IND-CVA:indistinguishability ofencryption scheme under ciphertext verification attacks)来刻画加密方案在这种情况下的保密安全性。IND-CVA允许敌手访问加密oracle和密文验证oracle。与IND-CPA和IND-CCA相比,IND-CVA比IND-CPA稍微强些,但要比IND-CCA弱得多。IND-CVA能使多数常用的加密方案(如:OTP,CBC,及CTR)得以满足。并且,这个IND-CVA可以恰当地刻画安全信道的保密安全性。将认证方案和加密方案结合起来是保证通信安全的一种常用方法。然而,在IND-CVA模型下,当利用认证方案来加强保密安全性的时候,却有可能反而破坏了原有的保密安全性。IND-CVA揭示了完整性对保密性的影响,准确刻画了安全信道的保密性要求,为协议设计提供了有益的参考。

Exposed singularity

Edkins, J., Exposed singularity, Journal for Cultural Research, Volume 9, Issue 4 October 2005 , pages 359 - 386 RAE2008

Strategic concealment of sexual identity in an estrildid finch

One explanation for the evolution of sexual monomorphism is the sexual indistinguishability hypothesis, which argues that in group-living species individuals might benefit by concealing their sex to reduce sexual competition. We tested this hypothesis in long-tailed finches Poephila acuticauda. Males and females could not be reliably distinguished morphologically or by analysis of the reflectance spectra (300-700 nm) from the plumage and bill. Males seemed unable to distinguish the sex of an unfamiliar individual in the absence of behavioural cues; they were equally likely to court and copulate with unfamiliar males and females but rarely courted familiar males. Here we report the first experimental evidence that sexual monomorphism enables strategic concealment of sex. Males were more likely to reveal their sex when faced with a solitary unfamiliar individual than a group of unfamiliar individuals. When encountering an unfamiliar male that revealed his sex, subordinate males were more likely to conceal their sex than dominant males.

Further observations on certificateless public key encryption

Certificateless public key encryption can be classified into two types, namely, CLE and CLE † , both of which were introduced by Al-Riyami and Paterson in Asiacrypt 2003. Most works about certificateless public key encryption belong to CLE, where the partial secret key is uniquely determined by an entity’s identity. In CLE † , an entity’s partial secret key is not only determined by the identity information but also by his/her (partial) public key. Such techniques can enhance the resilience of certificateless public key encryption against a cheating KGC. In this paper, we first formalize the security definitions of CLE † . After that, we demonstrate the gap between the security model of CLE † and CLE, by showing the insecurity of a CLE † scheme proposed by Lai and Kou in PKC 2007. We give an attack that can successfully break the indistinguishability of their CLE † scheme, although their scheme can be proved secure in the security model of CLE. Therefore, it does not suffice to consider the security of CLE † in the security model of CLE. Finally, we show how to secure Lai-Kou’s scheme by providing a new scheme with the security proof in the model of CLE †

On the geometry of the spin-statistics connection in quantum mechanics

The Spin-Statistics theorem states that the statistics of a system of identical particles is determined by their spin: Particles of integer spin are Bosons (i.e. obey Bose-Einstein statistics), whereas particles of half-integer spin are Fermions (i.e. obey Fermi-Dirac statistics). Since the original proof by Fierz and Pauli, it has been known that the connection between Spin and Statistics follows from the general principles of relativistic Quantum Field Theory. In spite of this, there are different approaches to Spin-Statistics and it is not clear whether the theorem holds under assumptions that are different, and even less restrictive, than the usual ones (e.g. Lorentz-covariance). Additionally, in Quantum Mechanics there is a deep relation between indistinguishabilty and the geometry of the configuration space. This is clearly illustrated by Gibbs' paradox. Therefore, for many years efforts have been made in order to find a geometric proof of the connection between Spin and Statistics. Recently, various proposals have been put forward, in which an attempt is made to derive the Spin-Statistics connection from assumptions different from the ones used in the relativistic, quantum field theoretic proofs. Among these, there is the one due to Berry and Robbins (BR), based on the postulation of a certain single-valuedness condition, that has caused a renewed interest in the problem. In the present thesis, we consider the problem of indistinguishability in Quantum Mechanics from a geometric-algebraic point of view. An approach is developed to study configuration spaces Q having a finite fundamental group, that allows us to describe different geometric structures of Q in terms of spaces of functions on the universal cover of Q. In particular, it is shown that the space of complex continuous functions over the universal cover of Q admits a decomposition into C(Q)-submodules, labelled by the irreducible representations of the fundamental group of Q, that can be interpreted as the spaces of sections of certain flat vector bundles over Q. With this technique, various results pertaining to the problem of quantum indistinguishability are reproduced in a clear and systematic way. Our method is also used in order to give a global formulation of the BR construction. As a result of this analysis, it is found that the single-valuedness condition of BR is inconsistent. Additionally, a proposal aiming at establishing the Fermi-Bose alternative, within our approach, is made.

Contribución al estudio de dos conceptos básicos de la lógica fuzzy

La tesis doctoral CONTRIBUCIÓN AL ESTUDIO DE DOS CONCEPTOS BÁSICOS DE LA LÓGICA FUZZY constituye un conjunto de nuevas aportaciones al análisis de dos elementos básicos de la lógica fuzzy: los mecanismos de inferencia y la representación de predicados vagos. La memoria se encuentra dividida en dos partes que corresponden a los dos aspectos señalados. En la Parte I se estudia el concepto básico de «estado lógico borroso». Un estado lógico borroso es un punto fijo de la aplicación generada a partir de la regla de inferencia conocida como modus ponens generalizado. Además, un preorden borroso puede ser representado mediante los preórdenes elementales generados por el conjunto de sus estados lógicos borrosos. El Capítulo 1 está dedicado a caracterizar cuándo dos estados lógicos dan lugar al mismo preorden elemental, obteniéndose también un representante de la clase de todos los estados lógicos que generan el mismo preorden elemental. El Capítulo finaliza con la caracterización del conjunto de estados lógicos borrosos de un preorden elemental. En el Capítulo 2 se obtiene un subconjunto borroso trapezoidal como una clase de una relación de indistinguibilidad. Finalmente, el Capítulo 3 se dedica a estudiar dos tipos de estados lógicos clásicos: los irreducibles y los minimales. En el Capítulo 4, que inicia la Parte II de la memoria, se aborda el problema de obtener la función de compatibilidad de un predicado vago. Se propone un método, basado en el conocimiento del uso del predicado mediante un conjunto de reglas y de ciertos elementos distinguidos, que permite obtener una expresión general de la función de pertenencia generalizada de un subconjunto borroso que realice la función de extensión del predicado borroso. Dicho método permite, en ciertos casos, definir un conjunto de conectivas multivaluadas asociadas al predicado. En el último capítulo se estudia la representación de antónimos y sinónimos en lógica fuzzy a través de auto-morfismos. Se caracterizan los automorfismos sobre el intervalo unidad cuando sobre él se consideran dos operaciones: una t-norma y una t-conorma ambas arquimedianas. The PhD Thesis CONTRIBUCIÓN AL ESTUDIO DE DOS CONCEPTOS BÁSICOS DE LA LÓGICA FUZZY is a contribution to two basic concepts of the Fuzzy Logic. It is divided in two parts, the first is devoted to a mechanism of inference in Fuzzy Logic, and the second to the representation of vague predicates. «Fuzzy Logic State» is the basic concept in Part I. A Fuzzy Logic State is a fixed-point for the mapping giving the Generalized Modus Ponens Rule of inference. Moreover, a fuzzy preordering can be represented by the elementary preorderings generated by its Fuzzy Logic States. Chapter 1 contemplates the identity of elementary preorderings and the selection of representatives for the classes modulo this identity. This chapter finishes with the characterization of the set of Fuzzy Logic States of an elementary preordering. In Chapter 2 a Trapezoidal Fuzzy Set as a class of a relation of Indistinguishability is obtained. Finally, Chapter 3 is devoted to study two types of Classical Logic States: irreducible and minimal. Part II begins with Chapter 4 dealing with the problem of obtaining a Compa¬tibility Function for a vague predicate. When the use of a predicate is known by means of a set of rules and some distinguished elements, a method to obtain the general expression of the Membership Function is presented. This method allows, in some cases, to reach a set of multivalued connectives associated to the predicate. Last Chapter is devoted to the representation of antonyms and synonyms in Fuzzy Logic. When the unit interval [0,1] is endowed with both an archimedean t-norm and a an archi-medean t-conorm, it is showed that the automorphisms' group is just reduced to the identity function.

Optimal photons for quantum-information processing

Photonic quantum-information processing schemes, such as linear optics quantum computing, and other experiments relying on single-photon interference, inherently require complete photon indistinguishability to enable the desired photonic interactions to take place. Mode-mismatch is the dominant cause of photon distinguishability in optical circuits. Here we study the effects of photon wave-packet shape on tolerance against the effects of mode mismatch in linear optical circuits, and show that Gaussian distributed photons with large bandwidth are optimal. The result is general and holds for arbitrary linear optical circuits, including ones which allow for postselection and classical feed forward. Our findings indicate that some single photon sources, frequently cited for their potential application to quantum-information processing, may in fact be suboptimal for such applications.

Improving the estimation of psychometric functions in 2AFC discrimination tasks.

Ulrich and Vorberg (2009) presented a method that fits distinct functions for each order of presentation of standard and test stimuli in a two-alternative forced-choice (2AFC) discrimination task, which removes the contaminating influence of order effects from estimates of the difference limen. The two functions are fitted simultaneously under the constraint that their average evaluates to 0.5 when test and standard have the same magnitude, which was regarded as a general property of 2AFC tasks. This constraint implies that physical identity produces indistinguishability, which is valid when test and standard are identical except for magnitude along the dimension of comparison. However, indistinguishability does not occur at physical identity when test and standard differ on dimensions other than that along which they are compared (e.g., vertical and horizontal lines of the same length are not perceived to have the same length). In these cases, the method of Ulrich and Vorberg cannot be used. We propose a generalization of their method for use in such cases and illustrate it with data from a 2AFC experiment involving length discrimination of horizontal and vertical lines. The resultant data could be fitted with our generalization but not with the method of Ulrich and Vorberg. Further extensions of this method are discussed.

Achieving simple, secure and efficient hierarchical access control in cloud computing

Access control is an indispensable security component of cloud computing, and hierarchical access control is of particular interest since in practice one is entitled to different access privileges. This paper presents a hierarchical key assignment scheme based on linear-geometry as the solution of flexible and fine-grained hierarchical access control in cloud computing. In our scheme, the encryption key of each class in the hierarchy is associated with a private vector and a public vector, and the inner product of the private vector of an ancestor class and the public vector of its descendant class can be used to derive the encryption key of that descendant class. The proposed scheme belongs to direct access schemes on hierarchical access control, namely each class at a higher level in the hierarchy can directly derive the encryption key of its descendant class without the need of iterative computation. In addition to this basic hierarchical key derivation, we also give a dynamic key management mechanism to efficiently address potential changes in the hierarchy. Our scheme only needs light computations over finite field and provides strong key indistinguishability under the assumption of pseudorandom functions. Furthermore, the simulation shows that our scheme has an optimized trade-off between computation consumption and storage space.