## CryptoDB

### Alfredo De Santis

#### Publications

Year
Venue
Title
2008
EPRINT
A recent research trend, motivated by the massive deployment of RFID technology, looks at cryptographic protocols for securing communication between entities in which al least one of the parties has very limited computing capabilities. In this paper we focus our attention on SASI, a new Ultra-Lightweight RFID Authentication Protocol, designed for providing Strong Authentication and Strong Integrity. The protocol, suitable for passive Tags with limited computational power and storage, involves simple bitwise operations like $and$, $or$, exclusive $or$, modular addition, and cyclic shift operations. It is efficient, fits the hardware constraints, and can be seen as an example of the above research trend. We start by showing some weaknesses in the protocol and, then, we describe how such weaknesses, through a sequence of simple steps, can be used to compute in an efficient way all secret data used for the authentication process. More precisely, we describe three attacks: - A de-synchronisation attack, through which an adversary can break the synchronisation between the RFID Reader and the Tag. - An identity disclosure attack, through which an adversary can compute the identity of the Tag. - A full disclosure attack, which enables an adversary to retrieve all secret data stored in the Tag. Then we present some experimental results we have obtained by running several tests on an implementation of the protocol, in order to evaluate the performance of the proposed attacks. The results confirm that the attacks are effective and efficient.
2007
JOFC
2006
EPRINT
A visual cryptography scheme encodes a black&white secret image into n shadow images called shares which are distributed to the n participants. Such shares are such that only qualified subsets of participants can visually'' recover the secret image. Usually, the reconstructed image will be darker than the background of the image itself. In this paper we consider visual cryptography schemes satisfying the model introduced by Tzeng and Hu (Designs, Codes and Cryptography, Vol. 27, No. 3, pp. 207-227, 2002). In such a model the recovered secret image can be darker or lighter than the background. We prove a lower bound on the pixel expansion of the scheme and, for (2,n)-threshold visual cryptography schemes, we provide schemes achieving the bound. Our schemes improve on the ones proposed by Tzeng and Hu.
2006
EPRINT
A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys to a set of classes in a partially ordered hierarchy, in such a way that each class can compute the keys of all classes lower down in the hierarchy, according to temporal constraints. In this paper we design and analyze time-bound hierarchical key assignment schemes which are provably-secure and efficient. We consider both the unconditionally secure and the computationally secure settings and distinguish between two different goals: security with respect to key indistinguishability and against key recovery. We first present definitions of security with respect to both goals in the unconditionally secure setting and we show tight lower bounds on the size of the private information distributed to each class. Then, we consider the computational setting and we further distinguish security against static and adaptive adversarial behaviors. We explore the relations between all possible combinations of security goals and adversarial behaviors and, in particular, we prove that security against adaptive adversaries is (polynomially) equivalent to security against static adversaries. Afterwards, we prove that a recently proposed scheme is insecure against key recovery. Finally, we propose two different constructions for time-bound key assignment schemes. The first one is based on symmetric encryption schemes, whereas, the second one makes use of bilinear maps. Both constructions support updates to the access hierarchy with local changes to the public information and without requiring any private information to be re-distributed. These appear to be the first constructions for time-bound hierarchical key assignment schemes which are simultaneously practical and provably-secure.
2006
EPRINT
A hierarchical key assignment scheme is a method to assign some private information and encryption keys to a set of classes in a partially ordered hierarchy, in such a way that the private information of a higher class can be used to derive the keys of all classes lower down in the hierarchy. In this paper we design and analyze hierarchical key assignment schemes which are provably-secure and support dynamic updates to the hierarchy with local changes to the public information and without requiring any private information to be re-distributed. We first consider the problem of constructing a hierarchical key assignment scheme by using as a building block a symmetric encryption scheme. We propose a new construction which is provably secure with respect to key indistinguishability, requires a single computational assumption, and improves on previous proposals. Then, we show how to reduce key derivation time at the expense of an increment of the amount of public information, by improving a previous result. Finally, we show how to construct a hierarchical key assignment scheme by using as a building block a public-key broadcast encryption scheme. In particular, one of our constructions provides constant private information and public information linear in the number of classes in the hierarchy.
2006
EPRINT
A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys to a set of classes in a partially ordered hierarchy, in such a way that each class in the hierarchy can compute the keys of all classes lower down in the hierarchy, according to temporal constraints. In this paper we propose new constructions for time-bound hierarchical key assignment schemes which are provably secure with respect to key indistinguishability. Our constructions use as a building block any provably-secure hierarchical key assignment scheme without temporal constraints and exhibit a tradeoff among the amount of private information held by each class, the amount of public data, the complexity of key derivation, and the computational assumption on which their security is based. Moreover, the proposed schemes support updates to the access hierarchy with local changes to the public information and without requiring any private information to be re-distributed.
2001
CRYPTO
1999
JOFC
1999
JOFC
1998
EPRINT
The input to the Graph Clustering Problem consists of a sequence of integers $m_1,...,m_t$ and a sequence of $\sum_{i=1}^{t}m_i$ graphs. The question is whether the equivalence classes, under the graph isomorphism relation, of the input graphs have sizes which match the input sequence of integers. In this note we show that this problem has a (perfect) zero-knowledge interactive proof system. This result improves over <a href="http:../1996/96-14.html">record 96-14</a>, where a parametrized (by the sequence of integers) version of the problem was studied.
1996
EPRINT
A visual cryptography scheme is a method to encode a secret image SI into shadow images called shares such that certain qualified subsets of shares enable the visual'' recovery of the secret image. The visual'' recovery consists of xeroxing the shares onto transparencies, and then stacking them. The shares of a qualified set will reveal the secret image without any cryptographic computation. In this paper we analyze the contrast of the reconstructed image in k out of n visual cryptography schemes. (In such a scheme any k shares will reveal the image, but no set of k-1 shares gives any information about the image.) In the case of 2 out of n threshold schemes we give a complete characterization of schemes having optimal contrast and minimum pixel expansion in terms of certain balanced incomplete block designs. In the case of k out of n threshold schemes with k>2 we obtain upper and lower bounds on the optimal contrast.
1996
JOFC
1995
JOFC
1994
ASIACRYPT
1994
CRYPTO
1993
CRYPTO
1993
CRYPTO
1993
EUROCRYPT
1993
JOFC
1992
CRYPTO
1992
CRYPTO
1992
EUROCRYPT
1991
CRYPTO
1990
CRYPTO
1990
EUROCRYPT
1990
EUROCRYPT
1988
CRYPTO
1987
CRYPTO

#### Program Committees

PKC 2007
Crypto 2001
Crypto 1997
Eurocrypt 1994 (Program chair)
Eurocrypt 1993