Description
We consider a generalisation of the encryption from "one-to-one'' to "one-to-many'' communication, i.e. broadcast encryption. The objective is to allow a center to send secret messages to a large number of receivers. The security notion in “one-to-many” communications needs to be extended beyond the notion of confidentiality in “one-to-one” encryption in order to meet practical requirements. Two main functionalities are studied: (1) traitor tracing which identifies the malicious users who leak their secrets to a pirate and (2) revocation which prevents malicious users and/or non-legitimate ones from decrypting broadcasted information.<br/> In the first part of the talk, we focus on combinatorial schemes. We consider the Exclusive Set System (ESS) which has been originally designed to support revocation. We propose a method to integrate the black-box tracing capacity in ESS by introducing a technique called "shadow group testing''.<br/> The second part of the talk discusses the techniques for constructing algebraic schemes which can overcome some limitations of combinatorial schemes. We propose a lattice-based traitor tracing of which the security is based on the hardness of a new variant of the Learning With Errors problem, namely k-LWE (for k traitors). We then prove the hardness of the k-LWE problem which implies that the proposed traitor tracing scheme is asymptotically as efficient as the Regev LWE-based encryption. Our technique can also be used to improve the Boneh-Freeman reduction from SIS to k-SIS from exponential loss to polynomial loss in k (thus answer their open problem of a tighter reduction from SIS to k-SIS). We finally consider the combination of algebraic and combinatorial methods and discuss some promising directions.
Next sessions
-
Lightweight (AND, XOR) Implementations of Large-Degree S-boxes
Speaker : Marie Bolzer - LORIA
The problem of finding a minimal circuit to implement a given function is one of the oldest in electronics. In cryptography, the focus is on small functions, especially on S-boxes which are classically the only non-linear functions in iterated block ciphers. In this work, we propose new ad-hoc automatic tools to look for lightweight implementations of non-linear functions on up to 5 variables for[…]-
Cryptography
-
Symmetrical primitive
-
Implementation of cryptographic algorithm
-
-
Algorithms for post-quantum commutative group actions
Speaker : Marc Houben - Inria Bordeaux
At the historical foundation of isogeny-based cryptography lies a scheme known as CRS; a key exchange protocol based on class group actions on elliptic curves. Along with more efficient variants, such as CSIDH, this framework has emerged as a powerful building block for the construction of advanced post-quantum cryptographic primitives. Unfortunately, all protocols in this line of work are[…] -
Endomorphisms via Splittings
Speaker : Min-Yi Shen - No Affiliation
One of the fundamental hardness assumptions underlying isogeny-based cryptography is the problem of finding a non-trivial endomorphism of a given supersingular elliptic curve. In this talk, we show that the problem is related to the problem of finding a splitting of a principally polarised superspecial abelian surface. In particular, we provide formal security reductions and a proof-of-concept[…]-
Cryptography
-