Band 13, Heft 2

One of the common ways to design secure multi-party computation is twofold: to realize secure fundamental operations and to decompose a target function to be securely computed into them. In the setting of fully homomorphic encryption, as well as some kinds of secret sharing, the fundamental operations are additions and multiplications in the base field such as the field 𝔽2{\mathbb{F}_{2}} with two elements. Then the second decomposition part, which we study in this paper, is (in theory) equivalent to expressing the target function as a polynomial. It is known that any function over the finite prime field 𝔽p{\mathbb{F}_{p}} has a unique polynomial expression of degree at most p-1{p-1} with respect to each input variable; however, there has been little study done concerning such minimal-degree polynomial expressions for practical functions. This paper aims at triggering intensive studies on this subject, by focusing on polynomial expressions of some auction-related functions such as the maximum/minimum and the index of the maximum/minimum value among input values.

In this paper, we show how to construct – from any linear code – a Proof of Retrievability (𝖯𝗈𝖱{\mathsf{PoR}}) which features very low computation complexity on both the client (𝖵𝖾𝗋𝗂𝖿𝗂𝖾𝗋{\mathsf{Verifier}}) and the server (𝖯𝗋𝗈𝗏𝖾𝗋{\mathsf{Prover}}) sides, as well as small client storage (typically 512 bits). We adapt the security model initiated by Juels and Kaliski [PoRs: Proofs of retrievability for large files, Proceedings of the 2007 ACM Conference on Computer and Communications Security—CCS 2007, ACM, New York 2007, 584–597] to fit into the framework of Paterson, Stinson and Upadhyay [A coding theory foundation for the analysis of general unconditionally secure proof-of-retrievability schemes for cloud storage, J. Math. Cryptol. 7 2013, 3, 183–216], from which our construction evolves. We thus provide a rigorous treatment of the security of our generic design; more precisely, we sharply bound the extraction failure of our protocol according to this security model. Next we instantiate our formal construction with codes built from tensor-products as well as with Reed–Muller codes and lifted codes, yielding 𝖯𝗈𝖱{\mathsf{PoR}}s with moderate communication complexity and (server) storage overhead, in addition to the aforementioned features.

In a secret-sharing scheme, a piece of information – the secret – is distributed among a finite set of participants in such a way that only some predefined coalitions can recover it. The efficiency of the scheme is measured by the amount of information the most heavily loaded participant must remember. This amount is called information ratio, and one of the most interesting problems of this topic is to calculate the exact information ratio of given structures. In this paper, the information ratios of all but one graph-based schemes on 8 or 9 vertices with a girth at least 5 and all graph-based schemes on 10 vertices and 10 edges with a girth at least 5 are determined using two polyhedral combinatoric tools: the entropy method and covering with stars. Beyond the investigation of new graphs, the paper contains a few improvements and corrections of recent results on graphs with 9 vertices. Furthermore, we determine the exact information ratio of a large class of generalized sunlet graphs consisting of some pendant paths attached to a cycle of length at least 5.

Signcryption aims to provide both confidentiality and authentication of messages more efficiently than performing encryption and signing independently. The “Commit-then-Sign & Encrypt” (CtS&E) method allows to perform encryption and signing in parallel. Parallel execution of cryptographic algorithms decreases the computation time needed to signcrypt messages. CtS&E uses weaker cryptographic primitives in a generic way to achieve a strong security notion of signcryption. Various message pre-processing schemes, also known as message padding, have been used in signcryption as a commitment scheme in CtS&E. Due to its elegance and versatility, the sponge structure turns out to be a useful tool for designing new padding schemes such as SpAEP [T. K. Bansal, D. Chang and S. K. Sanadhya, Sponge based CCA2 secure asymmetric encryption for arbitrary length message, Information Security and Privacy – ACISP 2015, Lecture Notes in Comput. Sci. 9144, Springer, Berlin 2015, 93–106], while offering further avenues for optimization and parallelism in the context of signcryption. In this work, we design a generic and efficient signcryption scheme featuring parallel encryption and signature on top of a sponge-based message-padding underlying structure. Unlike other existing schemes, the proposed scheme also supports arbitrarily long messages. We prove the construction secure when instantiated from weakly secure asymmetric primitives such as a trapdoor one-way encryption and a universal unforgeable signature. With a careful analysis and simple tweaks, we demonstrate how different combinations of weakly secure probabilistic and deterministic encryption and signature schemes can be used to construct a strongly secure signcryption scheme, further broadening the choices of underlying primitives to cover essentially any combination thereof. To the best of our knowledge, this is the first signcryption scheme based on the sponge structure that also offers strong security using weakly secure underlying asymmetric primitives, even deterministic ones, along with the ability to handle long messages, efficiently.