Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
where the extractor has to recover witnesses for multiple, possibly adaptively chosen
statements and proofs. We also discuss extensions to simulation soundness, as typically
required for the ``encrypt-then-prove\'\' construction of strongly secure encryption
from IND-CPA schemes.
Utilizing our model we show three results:
(1) Simulation-sound adaptive proofs exist.
(2) The ``encrypt-then-prove\'\' construction with a simulation-sound
adaptive proof yields CCA security. This appears to be a ``folklore\'\' result
but which has never been proven in the random oracle model. As a corollary, we
obtain a new class of CCA-secure encryption schemes.
(3) We show that the
Fiat-Shamir transformed Schnorr protocol is _not_ adaptively secure and
discuss the implications of this limitation.
Our result not only separates
adaptive proofs from proofs of knowledge, but also gives a strong hint why
Signed ElGamal as the most prominent encrypt-then-prove example has not been
proven CCA-secure without making further assumptions.
encryption with a non-interactive Schnorr proof of knowledge. While this
scheme should be intuitively secure against chosen-ciphertext attacks
in the random oracle model, its security has not yet been proven nor
disproven so far, without relying on further non-standard assumptions
like the generic group model. Currently, the best known positive result
is that Signed ElGamal is non-malleable under chosen-plaintext attacks.
In this paper we provide evidence that Signed ElGamal may not be CCA
secure in the random oracle model. That is, building on previous work of
Shoup and Gennaro (Eurocrypt\'98), Seurin and Treger (CT-RSA 2013),
and Bernhard et al. (PKC 2015), we exclude a large class of potential
reductions that could be used to establish CCA security of the scheme.
management protocols have been suggested to transfer or
delegate the ownership of RFID tagged items. Recently, Niu et
al. have proposed an authentication and ownership management
protocol based on 16-bit pseudo random number generators and
exclusive-or operations which both can be easily implemented on
low-cost RFID passive tags in EPC global Class-1 Generation-2
standard. They claim that their protocol offers location and data
privacy and also resists against desynchronization attack. In this
paper, we analyze the security of their proposed authentication
and ownership management protocol and show that the protocol
is vulnerable to secret disclosure and desynchronization attacks.
The complexity of most of the attacks are only two runs of the
protocol and the success probability of the attacks are almost 1.
We derive our new class of score functions from a Neyman-Pearson hypothesis test and illustrate its performance with simulation results.
Finally we derive a score function for (medical) group testing applications.
over Galois rings is introduced. The Gray map determines an isometry between
the Galois ring and a vector space over a Galois eld. The introduced code
attains optimal impersonation and substitution probabilities.