*21:17* [Pub][ePrint]
Concurrent Zero Knowledge in the Bounded Player Model, by Abhishek Jain, Rafail Ostrovsky, Silas Richelson, Ivan Visconti
In this paper we put forward the Bounded Player Model for secure computation. In this new model, the number of players that will ever be involved in secure computations is bounded, but the number of computations has no a-priori bound. Indeed, while the number of devices and people on this planet can be realistically estimated and bounded, the number of computations these devices will run can not be realistically bounded.We stress that in the Bounded Player model, in addition to no apriori bound on the number of sessions, there is no synchronization barrier, no trusted party, and simulation must be performed in polynomial time.

In this setting, we achieve concurrent Zero Knowledge (cZK) with sub-logarithmic round complexity.

Our security proof is (necessarily) non-black-box, our simulator is straight-line and works as long as the number of rounds is $\\omega(1)$.

We further show that unlike previously studied relaxations of the standard model (e.g., timing assumptions, super-polynomial simulation), concurrent-secure computation is impossible to achieve in the Bounded Player model. This gives evidence that our model is closer to the standard model than previously studied models, and we believe might have additional applications.

*21:17* [Pub][ePrint]
Publicly Verifiable Delegation of Large Polynomials and Matrix Computations, with Applications, by Dario Fiore and Rosario Gennaro
Outsourced computations (where a client requests a server to perform some computation on its behalf) are becoming increasingly important due to the rise of Cloud Computing and the proliferation of mobile devices. Since cloud providers may not be trusted, a crucial problem is the verification of the integrity and correctness of such computation, possibly in a {\\em public} way, i.e., the result of a computation can be verified by any third party, and requires no secret key -- akin to a digital signature on a message.

We present new protocols for publicly verifiable secure outsourcing of

{\\em Evaluation of High Degree Polynomials} and {\\em Matrix Multiplication}. Compared to previously

proposed solutions, ours improve in efficiency and offer security in a stronger model.

The paper also discusses several practical applications of our protocols.

*21:17* [Pub][ePrint]
Some properties of q-ary functions based on spectral analysis, by Deep Singh and Maheshanand Bhaintwal
In this paper, we generalize some existing results on Booleanfunctions to the $q$-ary functions defined over $\\BBZ_q$, where

$q\\geq 2$ is an integer, and obtain some new characterization of

$q$-ary functions based on spectral analysis. We provide a

relationship between Walsh-Hadamard spectra of two $p$-ary functions

$f$ and $g$ (for $p$ a prime) and their derivative $D_{f, g}$. We

provide a relationship between the Walsh-Hadamard spectra and the

decompositions of any two $p$-ary functions. Further, we investigate

a relationship between the Walsh-Hadamard spectra and the

autocorrelation of any two $q$-ary functions.

*21:17* [Pub][ePrint]
Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages, by Olivier Blazy and CĂ©line Chevalier and David Pointcheval and Damien Vergnaud
Authenticated Key Exchange (AKE) protocols enable two parties toestablish a shared, cryptographically strong key over an insecure network using various authentication means, such as cryptographic keys, short (i.e. low-entropy) secret keys or credentials. In this paper, we provide a general framework that encompasses several previous AKE primitives such as Password-Authenticated Key Exchange or Secret Handshakes. We call it LAKE for Language-Authenticated Key Exchange.

We first model this general primitive in the Universal Composability (UC) setting. Thereafter, we show that the Gennaro-Lindell approach can efficiently address this goal. But we need smooth projective hash functions on new languages, whose efficient implementations are of independent interest. We indeed provide such hash functions for languages defined by combinations of linear pairing product equations.

Combined with an efficient commitment scheme, derived from the highly-efficient UC-secure Lindell\'s commitment, we obtain a very practical realization of Secret Handshakes, but also Credential-Authenticated Key Exchange protocols.

All the protocols are UC-secure, in the standard model with a common reference string, under the classical Decisional Linear assumption.

*21:17* [Pub][ePrint]
Protecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis, by Sk Subidh Ali and Debdeep Mukhopadhyay
In this paper we propose a new differential fault analysis (DFA) on CLEFIA of 128-bit key. The proposed attack requires to induce byte faults at the fourteenth round of CLEFIA encryption. The attack uses only two pairs of fault-free and faulty ciphertexts and uniquelydetermines the 128-bit secret key. The attacker does not need to know

the plaintext. The most efficient reported fault attack on CLEFIA, needs fault induction at the fifteenth round of encryption and can be performed with two pairs of fault-free and faulty ciphertexts and brute-force search of around 20 bits. Therefore, the proposed attack can evade the countermeasures against the existing DFAs which only protect the last four rounds of encryption. Extensive simulation results have been presented to validate the proposed attack. The simulation results show that the attack can retrieve the 128-bit secret key in around one minute of execution time. To the best of authors\' knowledge the proposed attack is the most efficient attack in terms of both the input requirements as well as the complexity.

*21:17* [Pub][ePrint]
Computationally-Fair Group and Identity-Based Key-Exchange, by Andrew C. Yao and Yunlei Zhao
In this work, we re-examine some fundamental group key-exchange and identity-based key-exchange protocols, specifically the Burmester-Desmedet group key-exchange protocol [7] (re-ferred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol [9](referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are not computationally fair. Specifically, with our attacks, an

adversary can do the following damages:

(1) It can compute the session-key output with much lesser computational complexity than that of the victim honest player, and can maliciously nullify the contributions from the victim honest players.

(2) It can set the session-key output to be some pre-determined value, which can be efficiently and publicly computed without knowing any secrecy supposed to be held by the attacker.

We remark these attacks are beyond the traditional security models for group key-exchange and identity-based key-exchange.

Then, based on the computationally fair Diffie-Hellman key-

exchange in [21], we present some fixing approaches, and prove that the fixed protocols are computationally fair.

*21:17* [Pub][ePrint]
Fair Exchange of Short Signatures Without Trusted Third Party, by Philippe Camacho
We propose a protocol to exchange Boneh-Boyen short signatures in a fair way, without relying on a trusted third party. Our protocol is quite practical and is the first of the sort to the bestof our knowledge.Our construction uses a new non-interactive zero-knowledge (NIZK) argument to prove that a commitment is the encryption of a bit vector.

We also design a NIZK argument to prove that a commitment to a bit vector $v=(b_1,b_2,...,b_\\secparam)$ is such that $\\sum_{i \\in [\\secparam]}b_i2^{i-1}=\\Blinding$ where $\\Blinding$

is the discrete logarithm of some public value $\\BasicCommitment=g^\\Blinding$.These arguments may be of independent interest.

*21:17* [Pub][ePrint]
Ring Group Signatures, by Liqun Chen
In many applications of group signatures, not only a signer\'sidentity but also which group the signer belongs to is sensitive

information regarding signer privacy. In this paper, we study these

applications and combine a group signature with a ring signature to

create a ring group signature, which specifies a set of possible

groups without revealing which member of which group produced the

signature. The main contributions of this paper are a formal

definition of a ring group signature scheme and its security model,

a generic construction and a concrete example of such a scheme. Both

the construction and concrete scheme are provably secure if the

underlying group signature and ring signature schemes are

secure.