Everybody's a Target: Scalability in Public-Key Encryption

@article{Auerbach2019EverybodysAT,
  title={Everybody's a Target: Scalability in Public-Key Encryption},
  author={Benedikt Auerbach and F. Giacon and Eike Kiltz},
  journal={IACR Cryptol. ePrint Arch.},
  year={2019},
  volume={2019},
  pages={364}
}
For \(1\le m \le n\), we consider a natural m-out-of-n multi-instance scenario for a public-key encryption (PKE) scheme. An adversary, given n independent instances of PKE, wins if he breaks at least m out of the n instances. In this work, we are interested in the scaling factor of PKE schemes, \(\mathrm {SF}\), which measures how well the difficulty of breaking m out of the n instances scales in m. That is, a scaling factor \(\mathrm {SF}=\ell \) indicates that breaking m out of n instances is… Expand
1 Citations

References

SHOWING 1-10 OF 34 REFERENCES
Multi-instance Security and Its Application to Password-Based Cryptography
TLDR
This work is able to conclude with the first proof that per password salts amplify mi-security as hoped in practice, and provides a composition-based framework to transfer standard single-instance si security to mi- security with the aid of a key-derivation function. Expand
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
TLDR
Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman, is presented and a close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved a break. Expand
Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements
TLDR
It is proved that security in the single-user setting implies security inThe multi- user setting as long as the former is interpreted in the strong sense of "indistinguishability," thereby pin-pointing many schemes guaranteed to be secure against Hastad-type attacks. Expand
Hybrid Encryption in a Multi-user Setting, Revisited
TLDR
This paper contributes to understanding the interplay of security notions for PKE, KEMs, and DEMs, in settings with multiple users, challenges, and instances, by studying the tightness aspects of the standard hybrid KEM+DEM encryption paradigm and the inherent weak security properties of all deterministic DEMs. Expand
Abstract Models of Computation in Cryptography
TLDR
An abstract model of computation is proposed which allows to capture reasonable restrictions on the power of algorithms and is proved that computing discrete logarithms is generically hard even if an oracle for the decisional Diffie-Hellman problem and/or other low degree relations were available. Expand
Multi-user Collisions: Applications to Discrete Logarithm, Even-Mansour and PRINCE
TLDR
This paper introduces two new algorithmic ideas to improve collision-based attacks in the multi-user setting, derived from the parallelizable collision search as proposed by van Oorschot and Wiener. Expand
Resource-based corruptions and the combinatorics of hidden diversity
TLDR
The notion of resource-based corruptions, where the adversary must invest some resources in order to corrupt a player, is put forth and it is shown that hidden diversity can be used to force the corruption threshold to drop from 1/2 to 1/3, in turn allowing the use of much more efficient MPC protocols. Expand
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES
TLDR
In this paper, natural assumptions under which DHIES achieves security under chosen-ciphertext attack are found and the assumptions made about the Diffie-Hellman problem are investigated, and they provide security lower bounds. Expand
Assumptions Related to Discrete Logarithms: Why Subtleties Make a Real Difference
TLDR
It is proved that two DL-related assumptions can be reduced to each other for medium granularity but it is also shown that they are provably not reducible with generic algorithms for high granularity. Expand
Hierarchical Identity Based Encryption with Constant Size Ciphertext
TLDR
A Hierarchical Identity Based Encryption system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of the hierarchy depth, which is proved to be as efficient as in other HIBE systems. Expand
...
1
2
3
4
...