Adaptive Proofs of Knowledge in the Random Oracle Model, by David Bernhard and Marc Fischlin and Bogdan Warinschi
We formalise the notion of adaptive proofs of knowledge in the random oracle model,
where the extractor has to recover witnesses for multiple, possibly adaptively chosen
statements and proofs. We also discuss extensions to simulation soundness, as typically
required for the ``encrypt-then-prove\'\' construction of strongly secure encryption
from IND-CPA schemes.
Utilizing our model we show three results:
(1) Simulation-sound adaptive proofs exist.
(2) The ``encrypt-then-prove\'\' construction with a simulation-sound
adaptive proof yields CCA security. This appears to be a ``folklore\'\' result
but which has never been proven in the random oracle model. As a corollary, we
obtain a new class of CCA-secure encryption schemes.
(3) We show that the
Fiat-Shamir transformed Schnorr protocol is _not_ adaptively secure and
discuss the implications of this limitation.
Our result not only separates
adaptive proofs from proofs of knowledge, but also gives a strong hint why
Signed ElGamal as the most prominent encrypt-then-prove example has not been
proven CCA-secure without making further assumptions.
On the Hardness of Proving CCA-security of Signed ElGamal, by David Bernhard and Marc Fischlin and Bogdan Warinschi
The well-known Signed ElGamal scheme consists of ElGamal
encryption with a non-interactive Schnorr proof of knowledge. While this
scheme should be intuitively secure against chosen-ciphertext attacks
in the random oracle model, its security has not yet been proven nor
disproven so far, without relying on further non-standard assumptions
like the generic group model. Currently, the best known positive result
is that Signed ElGamal is non-malleable under chosen-plaintext attacks.
In this paper we provide evidence that Signed ElGamal may not be CCA
secure in the random oracle model. That is, building on previous work of
Shoup and Gennaro (Eurocrypt\'98), Seurin and Treger (CT-RSA 2013),
and Bernhard et al. (PKC 2015), we exclude a large class of potential
reductions that could be used to establish CCA security of the scheme.
Security Analysis of Niu et al. Authentication and Ownership Management Protocol, by Nasour Bagheri, Masoumeh Safkhani and Hoda Jannati
Over the past decade, besides authentication, ownership
management protocols have been suggested to transfer or
delegate the ownership of RFID tagged items. Recently, Niu et
al. have proposed an authentication and ownership management
protocol based on 16-bit pseudo random number generators and
exclusive-or operations which both can be easily implemented on
low-cost RFID passive tags in EPC global Class-1 Generation-2
standard. They claim that their protocol offers location and data
privacy and also resists against desynchronization attack. In this
paper, we analyze the security of their proposed authentication
and ownership management protocol and show that the protocol
is vulnerable to secret disclosure and desynchronization attacks.
The complexity of most of the attacks are only two runs of the
protocol and the success probability of the attacks are almost 1.
Generalised tally-based decoders for traitor tracing and group testing, by Boris Skoric and Wouter de Groot
We propose a new type of score function for Tardos traitor tracing codes. It is related to the recently introduced tally-based score function, but it utilizes more of the information available to the decoder. It does this by keeping track of sequences of symbols in the distributed codewords instead of looking at columns of the code matrix individually.
We derive our new class of score functions from a Neyman-Pearson hypothesis test and illustrate its performance with simulation results.
Finally we derive a score function for (medical) group testing applications.
An Authentication Code over Galois Rings with Optimal Impersonation and Substitution Probabilities, by Juan Carlos Ku-Cauich Guillermo Morales-Luna Horacio Tapia-Recillas
A new systematic authentication scheme based on the Gray map
over Galois rings is introduced. The Gray map determines an isometry between
the Galois ring and a vector space over a Galois eld. The introduced code
attains optimal impersonation and substitution probabilities.
Statistical Concurrent Non-malleable Zero-knowledge from One-way Functions, by Susumu Kiyoshima
Concurrent non-malleable zero-knowledge (CNMZK) protocols are zero-knowledge protocols that are secure even against adversaries that interact with multiple provers and verifiers simultaneously. Recently, the first statistical CNMZK argument for NP was constructed under the DDH assumption (Orlandi el al., TCC\'14).
In this paper, we construct a statistical CNMZK argument for NP assuming only the existence of one-way functions. The security is proven via black-box simulation, and the round complexity is poly(n). Under the existence of collision-resistant hash functions, the round complexity can be reduced to w(log n), which is known to be essentially optimal for black-box concurrent zero-knowledge protocols.