Browse ORBi

- What it is and what it isn't
- Green Road / Gold Road?
- Ready to Publish. Now What?
- How can I support the OA movement?
- Where can I learn more?

ORBi

Simultaneous Diagonalization of Incomplete Matrices and Applications Coron, Jean-Sébastien ; Notarnicola, Luca ; Wiese, Gabor in Proceedings of the Fourteenth Algorithmic Number Theory Symposium (ANTS-XIV), edited by Steven Galbraith, Open Book Series 4, Mathematical Sciences Publishers, Berkeley, 2020 (2020), 4 We consider the problem of recovering the entries of diagonal matrices {U_a}_a for a = 1, . . . , t from multiple “incomplete” samples {W_a}_a of the form W_a = P U_a Q, where P and Q are unknown matrices ... [more ▼] We consider the problem of recovering the entries of diagonal matrices {U_a}_a for a = 1, . . . , t from multiple “incomplete” samples {W_a}_a of the form W_a = P U_a Q, where P and Q are unknown matrices of low rank. We devise practical algorithms for this problem depending on the ranks of P and Q. This problem finds its motivation in cryptanalysis: we show how to significantly improve previous algorithms for solving the approximate common divisor problem and breaking CLT13 cryptographic multilinear maps. [less ▲] Detailed reference viewed: 107 (15 UL)A Polynomial-Time Algorithm for Solving the Hidden Subset Sum Problem Coron, Jean-Sébastien ; Gini, Agnese in Advances in Cryptology -- CRYPTO 2020 (2020, August 10) At Crypto '99, Nguyen and Stern described a lattice based algorithm for solving the hidden subset sum problem, a variant of the classical subset sum problem where the n weights are also hidden. While the ... [more ▼] At Crypto '99, Nguyen and Stern described a lattice based algorithm for solving the hidden subset sum problem, a variant of the classical subset sum problem where the n weights are also hidden. While the Nguyen-Stern algorithm works quite well in practice for moderate values of n, we argue that its complexity is actually exponential in n; namely in the final step one must recover a very short basis of a n-dimensional lattice, which takes exponential-time in n, as one must apply BKZ reduction with increasingly large block-sizes. [less ▲] Detailed reference viewed: 101 (16 UL)Cryptanalysis of CLT13 Multilinear Maps with Independent Slots Coron, Jean-Sébastien ; Notarnicola, Luca Speeches/Talks (2019) Detailed reference viewed: 107 (11 UL)Cryptanalysis of CLT13 Multilinear Maps with Independent Slots Coron, Jean-Sébastien ; Notarnicola, Luca in Advances in Cryptology – ASIACRYPT 2019, 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, December 8–12, 2019, Proceedings, Part II (2019, December) Detailed reference viewed: 185 (10 UL)On Kilian's Randomization of Multilinear Map Encodings Coron, Jean-Sébastien ; Pereira, Vitor in Coron, Jean-Sébastien; Pereira, Vitor (Eds.) On Kilian's Randomization of Multilinear Map Encodings (2019) Detailed reference viewed: 55 (14 UL)Improved Cryptanalysis of the AJPS Mersenne Based Cryptosystem Coron, Jean-Sébastien ; Gini, Agnese in Journal of Mathematical Cryptology (2019) At Crypto 2018, Aggarwal, Joux, Prakash and Santha (AJPS) described a new public-key encryption scheme based on Mersenne numbers. Shortly after the publication of the cryptosystem, Beunardeau et al ... [more ▼] At Crypto 2018, Aggarwal, Joux, Prakash and Santha (AJPS) described a new public-key encryption scheme based on Mersenne numbers. Shortly after the publication of the cryptosystem, Beunardeau et al. described an attack with complexity O(2^(2h)). In this paper, we describe an improvedattack with complexity O(2^(1.75h)) . [less ▲] Detailed reference viewed: 40 (13 UL)High-Order Conversion from Boolean to Arithmetic Masking Coron, Jean-Sébastien in Proceedings of CHES 2017 (2017, September) Detailed reference viewed: 149 (17 UL)Zeroizing Attacks on Indistinguishability Obfuscation over CLT13 Coron, Jean-Sébastien ; ; et al in Proceedings of PKC 2017 (2017) Detailed reference viewed: 119 (18 UL)Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme Coron, Jean-Sébastien ; ; et al in Proceedings of CHES 2016 (2016) Detailed reference viewed: 128 (0 UL)Cryptanalysis of GGH15 Multilinear Maps Coron, Jean-Sébastien ; ; et al in Proceedings of Crypto 2016 (2016) Detailed reference viewed: 158 (2 UL)Faster Evaluation of SBoxes via Common Shares Coron, Jean-Sébastien ; ; et al in Proceedings of CHES 2016 (2016) Detailed reference viewed: 99 (2 UL)New Multilinear Maps over the Integers Coron, Jean-Sébastien ; ; in Proceedings of Crypto 2015 (2015) Detailed reference viewed: 139 (15 UL)Zeroizing Without Low-Level Zeroes: New MMAP Attacks and Their Limitations Coron, Jean-Sébastien in Proceedings of Crypto 2015 (2015) Detailed reference viewed: 129 (4 UL)Conversion from Arithmetic to Boolean Masking with Logarithmic Complexity Coron, Jean-Sébastien ; Groszschädl, Johann ; et al in Leander, Gregor (Ed.) Fast Software Encryption, 22nd International Workshop, FSE 2015, Istanbul, Turkey, March 8-11, 2015, Revised Selected Papers (2015, March) A general technique to protect a cryptographic algorithm against side-channel attacks consists in masking all intermediate variables with a random value. For cryptographic algorithms combining Boolean ... [more ▼] A general technique to protect a cryptographic algorithm against side-channel attacks consists in masking all intermediate variables with a random value. For cryptographic algorithms combining Boolean operations with arithmetic operations, one must then perform conversions between Boolean masking and arithmetic masking. At CHES 2001, Goubin described a very elegant algorithm for converting from Boolean masking to arithmetic masking, with only a constant number of operations. Goubin also described an algorithm for converting from arithmetic to Boolean masking, but with O(k) operations where k is the addition bit size. In this paper we describe an improved algorithm with time complexity O(log k) only. Our new algorithm is based on the Kogge-Stone carry look-ahead adder, which computes the carry signal in O(log k) instead of O(k) for the classical ripple carry adder. We also describe an algorithm for performing arithmetic addition modulo 2^k directly on Boolean shares, with the same complexity O(log k) instead of O(k). We prove the security of our new algorithm against first-order attacks. Our algorithm performs well in practice, as for k=64 we obtain a 23% improvement compared to Goubin’s algorithm. [less ▲] Detailed reference viewed: 211 (8 UL)Secure Conversion between Boolean and Arithmetic Masking of Any Order Coron, Jean-Sébastien ; Groszschädl, Johann ; Vadnala, Praveen Kumar in Batina, Lejla; Robshaw, Matthew (Eds.) Cryptographic Hardware and Embedded Systems - CHES 2014, 16th International Workshop, Busan, South Korea, September 23-26, 2014. Proceedings (2014, September) Detailed reference viewed: 165 (12 UL)Higher Order Masking of Look-Up Tables Coron, Jean-Sébastien in Proceedings of Eurocrypt 2014 (2014) Detailed reference viewed: 106 (1 UL)Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Channel Countermeasures Coron, Jean-Sébastien ; ; Venkatesh, Srinivas Vivek in Batina, Lejla; Robshaw, Matthew (Eds.) Cryptographic Hardware and Embedded Systems – CHES 2014 (2014) We describe a new technique for evaluating polynomials over binary finite fields. This is useful in the context of anti-DPA countermeasures when an S-box is expressed as a polynomial over a binary finite ... [more ▼] We describe a new technique for evaluating polynomials over binary finite fields. This is useful in the context of anti-DPA countermeasures when an S-box is expressed as a polynomial over a binary finite field. For n-bit S-boxes our new technique has heuristic complexity ${\cal O}(2^{n/2}/\sqrt{n})$ instead of ${\cal O}(2^{n/2})$ proven complexity for the Parity-Split method. We also prove a lower bound of ${\Omega}(2^{n/2}/\sqrt{n})$ on the complexity of any method to evaluate $n$-bit S-boxes; this shows that our method is asymptotically optimal. Here, complexity refers to the number of non-linear multiplications required to evaluate the polynomial corresponding to an S-box. In practice we can evaluate any 8-bit S-box in 10 non-linear multiplications instead of 16 in the Roy-Vivek paper from CHES 2013, and the DES S-boxes in 4 non-linear multiplications instead of 7. We also evaluate any 4-bit S-box in 2 non-linear multiplications instead of 3. Hence our method achieves optimal complexity for the PRESENT S-box. [less ▲] Detailed reference viewed: 156 (6 UL)A Note on the Bivariate Coppersmith Theorem Coron, Jean-Sébastien ; ; Tibouchi, Mehdi in Journal of Cryptology (2013), 26(2), 246-250 Detailed reference viewed: 108 (2 UL)Practical Multilinear Maps over the Integers Coron, Jean-Sébastien ; Lepoint, Tancrède ; Tibouchi, Mehdi in CRYPTO (1) (2013) Detailed reference viewed: 140 (3 UL)Batch Fully Homomorphic Encryption over the Integers ; Coron, Jean-Sébastien ; et al in EUROCRYPT (2013) Detailed reference viewed: 157 (0 UL) |
||