Multi-user Security Bound for Filter Permutators in the Random Oracle Model

in Designs, Codes and Cryptography (2019)

At EUROCRYPT 2016, Méaux et al. introduced a new design strategy for symmetric ciphers for Fully Homomorphic Encryption (FHE), which they dubbed filter permutators. Although less efficient than classical ... [more ▼]

At EUROCRYPT 2016, Méaux et al. introduced a new design strategy for symmetric ciphers for Fully Homomorphic Encryption (FHE), which they dubbed filter permutators. Although less efficient than classical stream ciphers, when used in conjunction with an adequate FHE scheme, they allow constant and small noise growth when homomorphically evaluating decryption circuit. In this article, we present a security proof up to the birthday bound (with respect to the size of the IV and the size of the key space) for this new structure in the random oracle model and in the multi-user setting. In particular, this result justifies the theoretical soundness of filter permutators. We also provide a related-key attack against all instances of FLIP, a stream cipher based on this design. [less ▲]

On the Power of Rewinding Simulators in Functional Encryption

in Designs, Codes and Cryptography (2016)

In a seminal work, Boneh, Sahai and Waters (BSW, for short) [TCC'11] showed that for functional encryption the indistinguishability notion of security (IND-Security) is weaker than simulation-based ... [more ▼]

In a seminal work, Boneh, Sahai and Waters (BSW, for short) [TCC'11] showed that for functional encryption the indistinguishability notion of security (IND-Security) is weaker than simulation-based security (SIM-Security), and that SIM-Security is in general impossible to achieve. This has opened up the door to a plethora of papers showing feasibility and new impossibility results. Nevertheless, the quest for better definitions that (1) overcome the limitations of IND-Security and (2) the known impossibility results, is still open. In this work, we explore the benefits and the limits of using {\em efficient rewinding black-box simulators} to argue security. To do so, we introduce a new simulation-based security definition, that we call {\em rewinding simulation-based security} (RSIM-Security), that is weaker than the previous ones but it is still sufficiently strong to not meet pathological schemes as it is the case for IND-Security (that is implied by the RSIM). This is achieved by retaining a strong simulation-based flavour but adding more rewinding power to the simulator having care to guarantee that it can not learn more than what the adversary would learn in any run of the experiment. What we found is that for RSIM the BSW impossibility result does not hold and that IND-Security is {\em equivalent} to RSIM-Security for {\em Attribute-Based Encryption} in the {\em standard model}. Nevertheless, we prove that there is a setting where rewinding simulators are of no help. The adversary can put in place a strategy that forces the simulator to rewind continuously. [less ▲]

Discrete Logarithm Based Cryptosystems in Quadratic Function Fields of Charac­teristic 2

in Designs, Codes and Cryptography (1998), 14(2), 159-178

We describe a public key cryptosystem which works in quadratic function fields of characteristic two. Formulas for arithmetic are explicitly giv­en. The security of the system is based on the discrete ... [more ▼]

We describe a public key cryptosystem which works in quadratic function fields of characteristic two. Formulas for arithmetic are explicitly giv­en. The security of the system is based on the discrete logarithm problem in these fields. Therefore we also describe a Discrete Logarithm algorithm based on the ideas of Pohlig and Hell­man, especially adopted to quadratic function fields of charac­teristic two. [less ▲]