AI helps you reading Science
AI generates interpretation videos
AI extracts and analyses the key points of the paper to generate videos automatically
AI parses the academic lineage of this thesis
AI extracts a summary of this paper
Our first contribution is a two-round authentication protocol which we prove secure against active attacks assuming the hardness of the learning parity with noise problem
Efficient authentication from hard learning problems
J. Cryptology, no. 4 (2017): 1238-1275
We construct efficient authentication protocols and message-authentication codes (MACs) whose security can be reduced to the learning parity with noise (LPN) problem. Despite a large body of work - starting with the HB protocol of Hopper and Blum in 2001 - until now it was not even known how to construct an efficient authentication protoc...More
PPT (Upload PPT)
- Authentication is among the most basic and important cryptographic tasks. In the present paper the authors construct efficient (secret-key) authentication schemes from the learning parity with noise (LPN) problem.
- The authors build two efficient MACs, and get two-round authentication protocols secure against MIM attacks, from the LPN assumption.
- Authentication is among the most basic and important cryptographic tasks
- The pursuit of learning parity with noise (LPN)-based authentication is motivated by two disjoint concerns, one theoretical and one practical
- We provide new constructions of authentication protocols and even message authentication codes (MACs) from LPN
- Our first contribution is a two-round authentication protocol which we prove secure against active attacks assuming the hardness of the LPN problem
- An authentication protocol is secure against passive attacks, if there exists no probabilistic polynomial time (PPT) adversary A that can make the verifier return accept with non-negligible probability after observing any number of interactions between the verifier and prover
- We prove that if the LPN problem is ε-hard, √no adversary making Q queries can forge a MAC with probability more than Θ( ε · Q)
- The authors' first contribution is a two-round authentication protocol which the authors prove secure against active attacks assuming the hardness of the LPN problem.
- In Section 4, the authors give two constructions of message authentication codes (MACs) that are secure assuming that the LPN problem is hard.
- 2 For MACs, the authors consider the communication one incurs by constructing a MIM secure 2-round protocol from the MAC by having the prover compute the tag on a random challenge message.
- An authentication protocol is secure against passive attacks, if there exists no PPT adversary A that can make the verifier return accept with non-negligible probability after observing any number of interactions between the verifier and prover.
- An authentication protocol is (t, Q, ε)-secure against active adversaries if every PPT A, running in time at most t and making Q queries to the honest prover, has probability at most ε to win the above game.
- The authors describe the new 2-round authentication protocol and prove its active security under the hardness of the SLPN∗τ,2 ,d problem, where d = /(2+γ) for some constant γ > 0.
- If the SLPN∗τ,2 ,d problem is (t, nQ, ε)-hard the authentication protocol from Figure 4 is (t , Q, ε )secure against active adversaries, where for constants cγ, cτ > 0 that depend only on γ and τ respectively, t = t − poly(Q, ) ε = ε + Q · 2−cγ· + 2−cτ ·n = ε + 2−Θ(n) .
- To turn this interactive protocol into a MAC, the authors will compute this v from the message m to be authenticated as v = C(h(m, b)), where h is a pairwise independent hash function, b ∈ Zν2 is some fresh randomness and C is some encoding scheme.
- The idea is that in the reduction to the SLPN problem the authors define the function s(v) = A(v) · s ⊕ b(v) such that the following holds with non-negligible probability: (i) for each vi from the TAG queries, A(vi) has full rank and the tags can be simulated using the provided Γτ, , (s, ·, ·) oracle; (ii) for the first fresh forgery the authors have A(v) = 0 such that s(v) is independent of s and the reduction can check the forgery’s correctness.
- The full version of this paper will be posted on the Cryptology ePrint Archive, http://eprint.iacr.org/
- Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–57Springer, Heidelberg (2010)
- Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24(3), 384– 386 (1978)
- Blum, A., Furst, M.L., Kearns, M.J., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994)
- Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. In: 32nd ACM STOC, pp. 435–440. ACM Press, New York (May 2000)
- Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM 50(4), 506–519 (2003)
- Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)
- Boyen, X.: Lattice mixing and vanishing trapdoors: A framework for fully secure short signatures and more. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 499–517.
- Bringer, J., Chabanne, H., Dottax, E.: HB++: a lightweight authentication protocol secure against some attacks. In: SecPerU, pp. 28–33 (2006)
- Cramer, R., Damgard, I.: On the amortized complexity of zero-knowledge protocols. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 177–191. Springer, Heidelberg (2009)
- Duc, D.N., Kim, K.: Securing HB+ against GRS man-in-the-middle attack. In: SCIS (2007)
- Fischer, J.-B., Stern, J.: An efficient pseudo-random generator provably as secure as syndrome decoding. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 245–255. Springer, Heidelberg (1996)
- Furer, M.: Faster integer multiplication. SIAM J. Comput. 39(3), 979–1005 (2009)
- Gilbert, H., Robshaw, M., Sibert, H.: An active attack against HB+ - a provably secure lightweight authentication protocol. Cryptology ePrint Archive, Report 2005/237 (2005), http://eprint.iacr.org/
- Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good variants of hB+ are hard to find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008)
- Gilbert, H., Robshaw, M.J.B., Seurin, Y.: HB#: Increasing the security and efficiency of HB+. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378.
- Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the ACM 33, 792–807 (1986)
- Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)
- Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)
- Katz, J., Shin, J.S.: Parallel and concurrent security of the HB and HB+ protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)
- Katz, J., Shin, J.S., Smith, A.: Parallel and concurrent security of the HB and HB+ protocols. Journal of Cryptology 23(3), 402–421 (2010)
- Kearns, M.J.: Efficient noise-tolerant learning from statistical queries. J. ACM 45(6), 983–1006 (1998)
- Levieil, E., Fouque, P.-A.: An improved LPN algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348–359.
- Munilla, J., Peinado, A.: HB-MP: A further step in the HB-family of lightweight authentication protocols. Computer Networks 51(9), 2262–2267 (2007)
- Ouafi, K., Overbeck, R., Vaudenay, S.: On the security of hB# against a man-inthe-middle attack. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 108–124.
- Pietrzak, K.: Subspace LWE (2010) (manuscript) http://homepages.cwi.nl/~pietrzak/publications/SLWE.pdf
- Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th ACM STOC, pp. 84–93. ACM Press, New York (2005)
- Schonhage, A., Strassen, V.: Schnelle Multiplikation grosser Zahlen. Computing 7 (1971)
- Van De Graaf, J.: Towards a formal definition of security for quantum protocols. PhD thesis, Monreal, P.Q., Canada, AAINQ35648 (1998)
- Waters, B.R.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127.
- Watrous, J.: Zero-knowledge against quantum attacks. SIAM J. Comput. 39(1), 25–58 (2009)