Volume 9, Issue 2

In this paper, we introduce the notion of secret key encryption with non-interactive opening (SKENO). With SKENO, one can make a non-interactive proof π to show that the decryption result of a ciphertext C under a shared secret key K is indeed plaintext M without revealing K itself. SKENO is the secret key analogue of public key encryption with non-interactive opening (PKENO). We give a generic construction of SKENO from verifiable random function (VRF) with certain stronger uniqueness, for example, the Hohenberger–Waters VRF and the Berbain–Gilbert I V -dependent stream cipher construction. Although the strong primitive VRF is used, by taking advantage of the features of the stream cipher, we can still achieve good performance without sacrificing much of the efficiency. Though our VRF-based SKENO construction does not require random oracles, we show that SKENO can be constructed from weak VRF (which is strictly weaker primitive than VRF) in the random oracle model.

The fully homomorphic symmetric encryption scheme MORE encrypts random keys by conjugation with a random invertible matrix over an RSA modulus. We provide a known-ciphertext cryptanalysis recovering a linear dependence among any pair of encrypted keys.

In the problem of private “swarm” computing, n agents wish to securely and distributively perform a computation on common inputs, in such a way that even if the entire memory contents of some of them are exposed, no information is revealed about the state of the computation. Recently, Dolev, Garay, Gilboa and Kolesnikov [Innov. Comput. Sci. (2011), 32–44] considered this problem in the setting of information-theoretic security, showing how to perform such computations on input streams of unbounded length. However, the cost of their solution is exponential in the size of the finite state automaton (FSA) computing the function. In this work we are interested in an efficient (i.e., polynomial time) computation of the above model, at the expense of minimal additional assumptions. Relying on the existence of one-way functions, we show how to process unbounded inputs (polynomial in the security parameter) at a cost linear in m , the number of FSA states. In particular, our algorithms achieve the following: In the case of ( n , n )-reconstruction (i.e., in which all n agents participate in the reconstruction of the distributed computation) and at most n - 1 agents are corrupted, the time required to process each input symbol and the time complexity for reconstruction are O(mn)$O(mn)$, while agent storage is O(m+n)$O(m+n)$. In the case of (n-t,n)$(n-t,n)$-reconstruction (where only n-t$n-t$ agents take part in the reconstruction) and at most t agents are corrupted, the agents' storage is O(n-1n-t+m)$O(\binom{n-1}{n-t}+m)$, the time required to process each input symbol is O(mn-1n-t)$O(m\binom{n-1}{n-t})$ and the time complexity of reconstruction is O(mt)$O(mt)$. We achieve the above through a carefully orchestrated use of pseudo-random generators and secret-sharing, and in particular a novel share re-randomization technique which might be of independent interest.

In this paper, we present a variant of Diem's O˜(q)${\widetilde{O}(q)}$ index calculus algorithm to attack the discrete logarithm problem (DLP) in Jacobians of genus 3 non-hyperelliptic curves over a finite field 𝔽 q . We implement this new variant in C++ and study the complexity in both theory and practice, making the logarithmic factors and constants hidden in the O ˜-notation precise. Our variant improves the computational complexity at the cost of a moderate increase in memory consumption, but we also improve the computational complexity even when we limit the memory usage to that of Diem's original algorithm. Finally, we examine how parallelization can help to reduce both the memory cost per computer and the running time for our algorithms.

We provide three statistical laws concerning the limit distribution of quadratic residues and quadratic non-residues in ℤ/Nℤ${\mathbb {Z}/N\mathbb {Z}}$, where N=pq${{N= pq}}$ is an RSA modulus used in the Goldwasser–Micali cryptosystem.