Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
(i) a broadcast protocol secure under the assumption that the honest parties have computing power that is some non-negligible fraction of computing power of the adversary (this fraction can be small, in particular it can be much less than 1/2),
(ii) a protocol for identifying a set of parties such that the majority of them is honest, and every honest party belongs to this set (this protocol works under the assumption that the majority of computing power is controlled by the honest parties).
Our broadcast protocol can be used to generate an unpredictable beacon (that can later serve, e.g., as a genesis block for a new cryptocurrency). The protocol from Point (ii) can be used to construct arbitrary multiparty computation protocols. Our main tool for checking the computing power of the parties are the Proofs of Work (Dwork and Naor, CRYPTO 92). Our broadcast protocol is built on top of the classical protocol of Dolev and Strong (SIAM J. on Comp. 1983). Although our motivation is mostly theoretic, we believe that our ideas can lead to practical implementations (probably after some optimizations and simplifications). We discuss some possible applications of our protocols at the end of the paper.
Our construction is modular, and can be instantiated efficiently from standard assumptions (such as the SXDH or DLIN assumptions in pairing-friendly groups). For instance, we provide an SXDH-based protocol whose communication complexity is only 14 group elements and 4 exponents (plus some bookkeeping information).
Along the way we develop new, stronger security definitions for digital signatures and key encapsulation mechanisms. For instance, we introduce a security model for digital signatures that provides existential unforgeability under chosen-message attacks in a multi-user setting with adaptive corruptions of secret keys. We show how to construct efficient schemes that satisfy the new definitions with tight security proofs under standard assumptions.
The only known constructions without these restrictions are based on non-static, so-called \"q-type\" assumptions, which are parametrized by an integer q. Since q-type assumptions get stronger with larger q, it is desirable to have q as small as possible. In current constructions q is a polynomial (Hohenberger and Waters, Eurocrypt 2010) or at least linear (Boneh et al., CCS 2010) in the security parameter.
We construct a relatively simple and efficient verifiable random function, based on a q-type assumption where q is only logarithmic in the security parameter. We also describe a verifiable unpredictable function from a similar, but weaker assumption. Both constructions have full adaptive security and large input spaces.
privacy, cryptography, etc.
Position 1 at the Working Group for Theoretical Computer Science and IT-Security at Universität Mannheim (Germany) focuses on the theoretical aspects of WSNSec:
- Formalization of attacker models and security goals
- Cryptanalysis of existing cryptographic protocols
- Development of provably secure cryptographic protocols
Position 2 at the Chair for IT-Security Infrastructures (Informatik 1) at the Friedrich-Alexander-Universität Erlangen-Nürnberg (Germany) focuses on the practical aspects of WSNSec:
- Investigation of security strengths and weaknesses of the real WSNs at both the hardware and the software levels
- Implementation of cryptographic protocols for WSNs in simulation environments and on the real sensor nodes