Our Contributions Sample Clauses

Our Contributions. We provide definitions and constant-round protocols for key agreement from noisy pass-strings that: – Have well specified composition properties via the UC framework [Can01]. Instead of imposing entropy requirements or other requirements on the dis- tribution of pass-strings, our protocols are secure as long as the adversary cannot guess a pass-string value that is sufficiently close. There is no requirement, for example, that the amount of pass-string entropy is greater than the number of errors; in fact, one of our protocols is suitable for iris scans. Moreover, our pro- tocols prevent off-line attacks, so each adversarial attempt to get close to the correct pass-string requires an on-line interaction by the adversary. Thus, for example, our protocols can be meaningfully run with pass-strings whose entropy is only 30 bits—something not possible with any prior protocols for the noisy case.

Our Contributions. Our main contribution is a compiler that enjoys all of the above properties. Our compiler transforms any two given protocols BAAuth, ▇▇▇▇▇ in the authenticated and sabotaged settings, respectively, into a protocol Juggernaut with crypto-agnostic security with optimal resilience ts + 2ti < n, ti ≤ ts < n . Furthermore, Juggernaut uses BAAuth, ▇▇▇▇▇ in a black-box manner, Juggernaut has an additive factor of just O(λn2) bits of communication over BAAuth, ▇▇▇▇▇. Our protocol optimizes for the practical authenticated case: if BAAuth is early stopping, then so is Juggernaut in the authenticated setting. Moreover, if BAAuth is a randomized protocol with expected round complexity R, then Juggernaut has expected round complexity O(R) in the authenticated setting. Therefore, our protocol effectively provides crypto-agnostic security to an authenticated protocol for free. Along the way, we propose two new graded consensus gadgets with O(λn2) bit complexity and constant (worst-case) round complexity that provide partial security guarantees in one world (authenticated resp. sabotaged) and full security in the other (sabotaged resp. authenticated) that may be of independent interest. Using our compiler, we propose two concrete protocols, one deterministic and one randomized. Our deterministic protocol has O(λn2) bit complexity in all cases, has O(f ) round complexity for f actual failures in the authenticated case and uses O(n) rounds in the sabotaged case. Our randomized protocol has O(λn2) expected bit complexity and constant expected round complexity in the authenticated case, and uses O(λ2n2) bits and O(λ + f ) rounds in the sabotaged case.

Our Contributions. In this work, we present a provably secure and minimal cost SAS-AKA scheme which re-uses public key pairs across protocol ses- sions and thus presents a lower-cost but non-PFS alternative to the perfect-forward secret SAS-AKA protocols of [9, 11]. Our SAS-AKA relies on a non-malleable com- mitments just like the SAS-AKA schemes of [19, 8, 11], but unlike the previous schemes it is built directly on CCA-secure encryption, and it relies on encryption not just for key-establishment but also for authentication security. As a consequence, the new SAS-AKA is somewhat simpler than the previous SAS-AKA’s which were built on top of the three-round SAS-MCA’s of [8, 11], and in particular it does not need to use universal hash functions.3 However, the most important contribution of the new SAS-AKA scheme is that it remains secure if each player uses a perma- nent public key, and hence shares a state across all protocol sessions it executes. This leads to two minimal-cost 3-round non-PFS SAS-AKA protocols where the same public/private key pair or the same ▇▇▇▇▇▇-▇▇▇▇▇▇▇ random contribution is re- used across protocol instances. Specifically, when instantiated with the hash-based commitment and the CCA-secure OAEP-RSA, this implies a 3-round SAS-AKA 3On the other hand, it might help to clarify that even though our SAS-AKA protocol implies also a new SAS-MCA scheme, we do not claim that our scheme is interesting as SAS-MCA, because it relies on a public-key encryption and is therefore much more expensive than the SAS- MCA’s of [8, 11] which can be implemented using only symmetric-key cryptography, at least in ROM. protocol secure under the RSA assumption in ROM, with the cost of a single RSA encryption for the responder and a single RSA decryption for the initiator. When instantiated with the randomness-reusing CCA-secure version of ElGamal [3] this implies a 3-round SAS-AKA protocol secure under the DH assumption in ROM, with the cost of one exponentiation per player. In other words, the costs of the SAS- AKA protocols implied by our result are (for the first time) essentially the same as the costs of the corresponding basic unauthenticated key agreement protocols. By contrast, previously known PFS SAS-AKA protocols require two exponentiations per player if they are based on DH [11, 9] or a generation of fresh public/private RSA key pair for each protocol instance if the general result of [11] is instantiated with an RSA-based key agreement. We note that the SAS-MCA/AK...

Our Contributions. We focus on the abstract problem of secret-key agreement between two parties holding instances w, wj of correlated random variables W, Wj that are guaranteed to be close but not necessarily identical. Specifically, we assume that w and wj are within distance t in some underlying metric space. Our definitions as well as some of our results hold for arbitrary metric spaces, while other results assume specific metrics. We restrict our attention to noninteractive protocols defined by procedures (Gen, Rep) that operate as follows. The first party, holding w, computes (R, P ) ← Gen(w) and sends P to the second party; this second party computes Rj ← Rep(wj, P ). (If the parties share a long-term key SKExt then Gen, Rep take this key as additional input.) The basic requirements, informally, are Correctness: R = Rj whenever wj is within distance t of w.

Our Contributions. You acknowledge that any copyright or other intellectual property rights arising from our activities in preparing the Work for publication (including, without limitation, the development of supporting textual or illustrative material) shall be owned by us.

Our Contributions. Our contribution in [109] is to present a generalised implementation of the MaxShift algorithm as proposed by [27] — MaxShiftM — employing the Hamming distance model [55] to perform Fixed Length Approximate String Matching (FLASM). Our implementation overcomes the limitation of ℓ ≤ w of a naïve implementation, meaning the length of a factor can be longer than the computer word size. And in [4] we make use of ▇▇▇▇▇’ algorithm [95] for approximate pattern matching, employing the edit distance model [28], and tailor it to solving the FLASM problem. We have released both algorithms bundled in an open-source C++ software library — libFLASM — which we provide with example applications and documentation. In this thesis we demonstrate practical applications of the algorithms in biological as well as general purpose contexts.

Our Contributions. We completely characterize the feasibility of AA in the best-of-both-worlds setting, by presenting a protocol and a matching impossibility result.

Our Contributions. In this paper, we classify the functions of password authen- tication key exchange scheme based on smart card into two types, essential function and auxiliary function . Then, we propose a strong off-line guessing attack called stealing card and eavesdropping off-line guessing attack, SEG attack for short. After pointing out SEG attack flaws in recent schemes, we raise a strong multi-function scheme with privacy preserving more efficient and secure by comparing with the related research.

Our Contributions. In this paper (full version in [2]) we propose a new CGKA protocol called CoCoA (for COncurrent COntinuous group key Agreement ) which is designed specifically to allow for efficient concurrent group operations. In contrast to past CGKA