*13:17* [Pub][ePrint]
A new index calculus algorithm with complexity $L(1/4+o(1))$ in very small characteristic, by Antoine Joux
In this paper, we describe a new algorithm for discrete logarithms insmall characteristic. It works especially well when the characteristic

is fixed. Indeed, in this case, we obtain a total complexity of $L(1/4+o(1)).$

*19:17* [Pub][ePrint]
Secure Signatures and Chosen Ciphertext Security in a Post-Quantum World, by Dan Boneh and Mark Zhandry
We initiate the study of quantum-secure digital signatures and quantum chosen ciphertext security. In the case of signatures, we enhance the standard chosen message query model by allowing the adversary to issue quantum chosen message queries: given a superposition of messages, the adversary receives a superposition of signatures on those messages. Similarly, for encryption, we allow the adversary to issue quantum chosen ciphertext queries: given a superposition of ciphertexts, the adversary receives a superposition of their decryptions. These adversaries model a natural post-quantum environment where end-users sign messages and decrypt ciphertexts on a personal quantum computer.We construct classical systems that remain secure when exposed to such quantum queries. For signatures we construct two compilers that convert classically secure signatures into signatures secure in the quantum setting and apply these compilers to existing post-quantum signatures. We also show that standard constructions such as Lamport one-time signatures and Merkle signatures remain secure under quantum chosen message attacks, thus giving signatures whose quantum security is based on generic assumptions. For encryption, we define security under quantum chosen ciphertext attacks and present both public-key and symmetric-key constructions.

*19:17* [Pub][ePrint]
Functional Encryption Supporting Recursive Languages, by Somindu C. Ramanna and Palash Sarkar
We provide a construction for functional encryption over the set of recursive languages. In this scheme, a secret key $\\sk_{\\mathcal{M}}$ encodes a halting double-stack deterministic pushdown

automaton (2DPDA) $\\mathcal{M}$ that accepts by final state. Encryption algorithm takes a message $m$

and a string $w$ as input and outputs a ciphertext $\\cipher$. A user possessing $\\sk_{\\mathcal{M}}$ can

decrypt $\\cipher$ only if $\\mathcal{M}$ accepts $w$. Halting 2DPDAs can simulate halting deterministic

Turing machines and hence our construction essentially covers all

recursive languages.

The construction is built upon Waters\' bilinear pairing-based functional encryption scheme

over regular languages. The main technical novelty is in handling stack contents and

$\\lambda$-transitions (i.e., transitions that do not advance the input pointer)

of the automata. This is reflected both in the construction and the security arguments.

The scheme is shown to be selectively secure based on the decision $\\ell$-expanded bilinear

Diffie-Hellman exponent assumption introduced by Waters.

*19:17* [Pub][ePrint]
On the security of a certificateless aggregate signature scheme, by Lin Cheng and Qiaoyan Wen and Zhengping Jin and Hua Zhang and Liming Zhou
Aggregate signature can combinensignatures on nmessages fromnusers into a single short signature, and the resulting signature can convince the verifier that thenusers indeed signedthe ncorresponding messages. This feature makes aggregate signature very useful especially in environments with low bandwidth communication, low storage and low computability since it

greatly reduces the total signature length and verification cost. Recently, Xiong et al. presented an efficient certificateless aggregate signature scheme. They proved that their scheme is secure in a strengthened security model, where the \"malicious-but-passive\" KGC attack was considered. In this paper, we show that Xiong et al.\'s certificateless aggregate signature scheme is not secure

even in a weaker security model called \"honest-but-curious\" KGC attack model.