State Key Laboratory of Cryptology

Beijing, China

State Key Laboratory of Cryptology

Beijing, China
SEARCH FILTERS
Time filter
Source Type

Zheng Y.,CAS Institute of Software | Zheng Y.,State Key Laboratory of Cryptology | Wu W.,CAS Institute of Software
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2017

SKINNY is a lightweight tweakable block cipher, which was proposed at CRYPTO 2016. This paper presents an optimized brute force attack on full SKINNY using biclique attack with partial matching and precomputation. The results show that full round SKINNY64/64 is not secure against balanced biclique attack, the data complexity is 248, and the time complexity is 262.92. That is a very tiny advantage against brute force attack. Furthermore, an unbalanced biclique attack is considered, which improves the time complexity to 262.82. Moreover, in order to be immune to biclique attack, the round of SKINNY64/64 needs to be increased by 4 rounds to 36 rounds. Other versions of SKINNY do not have full round biclique attack owing to more encryption rounds. © Springer International Publishing AG 2017.


Deng Y.,Chinese Academy of Sciences | Deng Y.,State Key Laboratory of Cryptology
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2017

We prove that, assuming there exists an injective one-way function f, at least one of the following statements is true: – (Infinitely-often) Non-uniform public-key encryption and key agreement exist; – The Feige-Shamir protocol instantiated with f is distributional concurrent zero knowledge for a large class of distributions over any OR NP-relations with small distinguishability gap. The questions of whether we can achieve these goals are known to be subject to black-box limitations. Our win-win result also establishes an unexpected connection between the complexity of public-key encryption and the round-complexity of concurrent zero knowledge. As the main technical contribution, we introduce a dissection procedure for concurrent adversaries, which enables us to transform a magic concurrent adversary that breaks the distributional concurrent zero knowledge of the Feige-Shamir protocol into non-black-box constructions of (infinitely-often) public-key encryption and key agreement. This dissection of complex algorithms gives insight into the fundamental gap between the known universal security reductions/simulations, in which a single reduction algorithm or simulator works for all adversaries, and the natural security definitions (that are sufficient for almost all cryptographic primitives/protocols), which switch the order of qualifiers and only require that for every adversary there exists an individual reduction or simulator. © International Association for Cryptologic Research 2017.


Heng Z.,Nanjing University of Aeronautics and Astronautics | Yue Q.,Nanjing University of Aeronautics and Astronautics | Yue Q.,State Key Laboratory of Cryptology
Cryptography and Communications | Year: 2017

Complete weight distribution can be used to study authentication codes and the Walsh transform of monomial functions over finite fields. Also, the Hamming weight distribution of a code can be obtained from its complete weight distribution. In this paper, we investigate the complete weight distributions of two classes of cyclic codes. We explicitly present the complete weight enumerators of the cyclic codes. Particularly, we partly solve an open problem proposed in Luo and Feng (IEEE Trans. Inf. Theory 54(12), 5345–5353 (2008)). © 2016, Springer Science+Business Media New York.


Zhang J.,State Key Laboratory of Cryptology
IEEE Transactions on Mobile Computing | Year: 2017

Though the electronic technologies have undergone fast developments in recent years, mobile devices such as smartphones are still comparatively weak in contrast to desktops in terms of computational capability, storage etc, and are not able to meet the increasing demands from mobile users. By integrating mobile computing and cloud computing, mobile cloud computing (MCC) greatly extends the boundary of the mobile applications, but it also inherits many challenges in cloud computing, e.g., data privacy and data integrity. In this paper, we leverage several cryptographic primitives such as a new type-based proxy re-encryption to design a secure and efficient data distribution system in MCC, which provides data privacy, data integrity, data authentication, and flexible data distribution with access control. Compared to traditional cloud-based data storage systems, our system is a lightweight and easily deployable solution for mobile users in MCC since no trusted third parties are involved and each mobile user only has to keep short secret keys consisting of three group elements for all cryptographic operations. Finally, we present extensive performance analysis and empirical studies to demonstrate the security, scalability, and efficiency of our proposed system. IEEE


Wang Y.,State Key Laboratory of Cryptology | Su Q.,State Key Laboratory of Cryptology
Chinese Physics Letters | Year: 2017

Measurement-based one-way quantum computation, which uses cluster states as resources, provides an efficient model to perform computation. However, few of the continuous variable (CV) quantum algorithms and classical algorithms based on one-way quantum computation were proposed. In this work, we propose a method to implement the classical Hadamard transform algorithm utilizing the CV cluster state. Compared with classical computation, only half operations are required when it is operated in the one-way CV quantum computer. As an example, we present a concrete scheme of four-mode classical Hadamard transform algorithm with a four-partite CV cluster state. This method connects the quantum computer and the classical algorithms, which shows the feasibility of running classical algorithms in a quantum computer efficiently. © 2017 Chinese Physical Society and IOP Publishing Ltd.


Wang H.,Dalian Ocean University | Wang H.,State Key Laboratory of Cryptology | He D.,Wuhan University
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2016

Since public clouds are untrusted by many consumers, it is important to check whether their remote data keeps intact. Sometimes, it is necessary for many clients to cooperate to store their data in the public clouds. For example, a file needs many clients’ approval before it is stored in the public clouds. Specially, different files need different client subsets’ approval. After that, these stored remote data will be proved possession by the verifier. In some cases, the verifier has no ability to perform remote data possession proof, for example, the verifier is in the battlefield because of the war. It will delegate this task to its proxy. In this paper, we propose the concept of proxy provable data possession (PPDP) which supports a general access structure. We propose the corresponding system model, security model and a concrete PPDP protocol from n-multilinear map. Our concrete PPDP protocol is provably secure and efficient by security analysis and performance analysis. Since our proposed PPDP protocol supports the general access structure, only the clients of an authorized subset can cooperate to store the massive data to PCS (Public Cloud Servers), and it is impossible for those of an unauthorized subset to store the data to PCS. © Springer International Publishing Switzerland 2016.


Qu L.,National University of Defense Technology | Qu L.,State Key Laboratory of Cryptology
IEEE Transactions on Information Theory | Year: 2016

Planar functions over finite fields give rise to finite projective planes. They were also used in the constructions of DES-like iterated ciphers, error-correcting codes, and codebooks. They were originally defined only in finite fields with odd characteristic, but recently Zhou introduced pesudo-planar functions in even characteristic which yields similar applications. All known pesudo-planar functions are quadratic and hence they give presemifields. In this paper, a new approach to constructing quadratic pseudo-planar functions is given. Then five explicit families of pseudo-planar functions are constructed, one of which is a binomial, two of which are trinomials, and the other two are quadrinomials. All known pesudo-planar functions are revisited, some of which are generalized. These functions not only lead to projective planes, relative difference sets and presemifields, but also give optimal codebooks meeting the Levenstein bound, complete sets of mutually unbiased bases (MUB) and compressed sensing matrices with low coherence. © 2016 IEEE.


Chen Y.,Chinese Academy of Sciences | Chen Y.,State Key Laboratory of Cryptology | Zhang Z.,Japan National Institute of Advanced Industrial Science and Technology
Journal of Computer Security | Year: 2016

We put forth the notion of publicly evaluable pseudorandom functions (PEPRFs), which can be viewed as a counterpart of standard pseudorandom functions (PRFs) in the public-key setting. Briefly, PEPRFs are defined over domain X containing a language L associated with a hard relation RL, and each secret key sk is associated with a public key pk. For any x ∈ L, in addition to evaluate Fsk (x) using sk as standard PRFs, one is also able to evaluate Fsk (x) with pk, x and a witness w for x ∈ L. We consider two security notions for PEPRFs. The basic one is weak pseudorandomness which stipulates a PEPRF cannot be distinguished from a real random function on uniformly random chosen inputs. The strengthened one is adaptive weak pseudorandomness which requires a PEPRF remains weak pseudorandom even when an adversary is given adaptive access to an evaluation oracle. We conduct a formal study of PEPRFs, focusing on applications, constructions, and extensions. • We show how to construct chosen-plaintext secure (CPA) and chosen-ciphertext secure (CCA) public-key encryption (PKE) schemes from (adaptive) PEPRFs. The construction is simple, black-box, and admits a direct proof of security. We provide evidence that (adaptive) PEPRFs exist by showing constructions from injective trapdoor functions, hash proof systems, extractable hash proof systems, as well as a construction from puncturable PRFs with program obfuscation. • We introduce the notion of publicly sampleable PRFs (PSPRFs), which is a relaxation of PEPRFs, but nonetheless imply PKE. We show (adaptive) PSPRFs are implied by (adaptive) trapdoor relations. This helps us to unify and clarify many PKE schemes from seemingly unrelated general assumptions and paradigms under the notion of PSPRFs. • We explore similar extension on recently emerging constrained PRFs, and introduce the notion of publicly evaluable constrained PRFs, which, as an immediate application, implies attribute-based encryption. • We propose a twist on PEPRFs, which we call publicly evaluable and verifiable functions (PEVFs). Compared to PEPRFs, PEVFs have an additional promising property named public verifiability while the best possible security degrades to unpredictability. We justify the applicability of PEVFs by presenting a simple construction of "hash-and-sign" signatures, both in the random oracle model and the standard model. © 2016 - IOS Press and the authors. All rights reserved.


Heng Z.,Nanjing University of Aeronautics and Astronautics | Heng Z.,State Key Laboratory of Cryptology | Yue Q.,Nanjing University of Aeronautics and Astronautics | Yue Q.,State Key Laboratory of Cryptology
IEEE Transactions on Information Theory | Year: 2016

Cyclic codes with a few weights are very useful in the design of frequency hopping sequences and the development of secret sharing schemes. In this paper, we mainly use Gauss sums to represent the Hamming weights of cyclic codes whose duals have two zeroes. A lower bound of the minimum Hamming distance is determined. In some cases, we give the Hamming weight distributions of the cyclic codes. In particular, we obtain a class of three-weight optimal cyclic codes achieving the Griesmer bound, which generalizes a Vega's result, and several classes of cyclic codes with a few weights, which solve an open problem proposed by Vega. © 1963-2012 IEEE.


Zhang J.,State Key Laboratory of Cryptology | Chen Y.,Chinese Academy of Sciences | Zhang Z.,Information Assurance
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2016

Driven by the open problem raised by Hofheinz and Kiltz [34], we study the formalization of lattice-based programmable hash function (PHF), and give two types of constructions by using several techniques such as a novel combination of cover-free sets and lattice trapdoors. Under the Inhomogeneous Small Integer Solution (ISIS) assumption, we show that any (non-trivial) lattice-based PHF is collisionresistant, which gives a direct application of this new primitive. We further demonstrate the power of lattice-based PHF by giving generic constructions of signature and identity-based encryption (IBE) in the standard model, which not only provide a way to unify several previous lattice-based schemes using the partitioning proof techniques, but also allow us to obtain a new short signature scheme and a new fully secure IBE scheme with keys consisting of a logarithmic number of matrices/ vectors in the security parameter κ. Besides, we also give a refined way of combining two concrete PHFs to construct an improved short signature scheme with short verification keys from weaker assumptions. In particular, our methods depart from the confined guessing technique of Böhl et al. [8] that was used to construct previous standard model short signature schemes with short verification keys by Ducas and Micciancio [24] and by Alperin-Sheriff [6], and allow us to achieve existential unforgeability against chosen message attacks (EUF-CMA) without resorting to chameleon hash functions. © International Association for Cryptologic Research 2016.

Loading State Key Laboratory of Cryptology collaborators
Loading State Key Laboratory of Cryptology collaborators