Selected Areas in Cryptography 27th International Conference, Halifax, NS, Canada (Virtual Event), October 21-23, 2020, Revised Selected Papers
This book contains revised selected papers from the 27th International Conference on Selected Areas in Cryptography, SAC 2020, held in Halifax, Nova Scotia, Canada in October 2020. The 27 full papers presented in this volume were carefully reviewed and selected from 52 submissions. They cover the fo...
Saved in:
| Main Authors | , , |
|---|---|
| Format | eBook Conference Proceeding |
| Language | English |
| Published |
Cham
Springer Nature
2021
Springer International Publishing AG Springer International Publishing |
| Edition | 1 |
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 9783030816520 3030816524 9783030816513 3030816516 |
| ISSN | 0302-9743 1611-3349 |
| DOI | 10.1007/978-3-030-81652-0 |
Cover
Table of Contents:
- 4 Distinguisher and Attack on Xoofff Instantiated with 2-round Xoodoo in the Expansion Part -- 4.1 First Secret-Key Distinguisher -- 4.2 Second Secret-Key Distinguisher -- 4.3 Attack on Xoofff Instantiated with 2-round Xoodoo in the Expansion Part -- 4.4 Experimental Results -- 5 Linearization MitM Attack on Xoofff (Instantiated with 3-/4-round Xoodoo in the Expansion Part) -- 5.1 Idea of the MitM Linearization Attack -- 5.2 Attacks on Xoofff Instantiated with 2-round Xoodoo in the Expansion Part -- 5.3 Attacks on Xoofff Instantiated with 3-/4-round Xoodoo in the Expansion Part -- 5.4 Experiment Results -- 6 Summary and Possible Countermeasures -- A Attack on Xoofff (2-round Xoodoo): Details for Step 2 -- B Specification of Toy-Version Xoofff -- C Attack on Full-Round Xoofff without Constants -- D Different Constant Addition (Equivalently, ) Operation -- E Higher-Order Differential on Xoofff -- E.1 Idea of the Attack -- E.2 Cost of the Attack -- References -- Improved (Related-key) Differential Cryptanalysis on GIFT -- 1 Introduction -- 2 Preliminaries -- 2.1 Description of GIFT -- 2.2 Definitions and Notations -- 2.3 Three Methods to Speed up Matsui's Algorithm -- 2.4 Related-key Boomerang Attack and Rectangle Attack -- 3 Searching Related-key Differential Trails -- 3.1 Applying Matsui's Algorithm in Related-key Scenario -- 3.2 Results on Related-Key Differential Trails of GIFT -- 4 Increasing the Probability of the Distinguisher Utilizing Clustering Effect -- 4.1 Single-key Scenario -- 4.2 Related-key Scenario -- 5 Attacks on GIFT-64 -- 5.1 Related-key Rectangle Attack on 25-Round GIFT-64 -- 5.2 Related-key Rectangle Attack on 24-Round GIFT-64 -- 6 Attacks on GIFT-128 -- 6.1 Single-Key Differential Attack on 26-Round GIFT-128 -- 6.2 Related-Key Rectangle Attack on 23-Round GIFT-128 -- 7 Conclusion and Future Work
- 3.3 Optimizing Modular Reduction -- 3.4 Optimizing FastBConv -- 3.5 Extended Base -- 3.6 Finding NTT Parameters -- 4 Experimental Evaluation -- 4.1 CE-RAM Environment and Parameters -- 4.2 Comparison to CE-RAM Implementation of B/FV -- 4.3 Comparison to CPU Implementation of B/FV -- 4.4 Considering Throughput with Projection -- 4.5 Comparison to Other Hardware Accelerators of B/FV -- 5 Related Work -- 6 Conclusion -- A Proofs for Novel Optimizations -- A.1 Proof of Theorem 1 -- A.2 Proof of Lemma 2 -- A.3 Proof of Theorem 2 -- B Proofs for Fermat-like Coprimes -- C NTT Algorithm -- References -- Obfuscating Finite Automata -- 1 Introduction -- 2 Obfuscation Definitions -- 3 Matrix (Graded) Encoding Schemes -- 3.1 HAO15 -- 4 HAO15 Zero-Testing and Computational Assumptions -- 5 Finite Automata and Transition Matrices -- 5.1 General Safeguards -- 6 Obfuscated Finite Automata -- 6.1 Obfuscator and Obfuscated Program -- 6.2 Obfuscated Program Evaluation -- 6.3 Security -- 7 Parameters -- 8 Conclusion -- A Matrix (Graded) Encoding Scheme -- B GGH15 -- C General Encoding Schemes -- References -- On Index Calculus Algorithms for Subfield Curves -- 1 Introduction -- 2 Index Calculus -- 2.1 Framework of Index Calculus -- 2.2 Index Calculus for Elliptic Curves -- 2.3 Breaking Symmetries -- 3 Index Calculus for Koblitz Curves -- 3.1 Improved Symmetry Breaking for Koblitz Curves -- 3.2 Frobenius Invariant Factor Bases -- 3.3 Comparison of Different Variants -- 4 Frobenius Invariant Factor Bases -- 4.1 Linearised Polynomials -- 4.2 Factor Bases from Isogenies Between Algebraic Groups -- 5 Experimental Results -- 5.1 Frobenius Invariant Vector Spaces -- 5.2 Factor Bases from Isogenies Between Algebraic Tori -- 6 Conclusion -- References -- Symmetric-Key Analysis -- Weak-Key Distinguishers for AES -- 1 Introduction -- 2 Weak-Key (Invariant) Subspace Trails
- 2.1 Subspace Trails -- 2.2 Invariant Subspace Attacks -- 2.3 Weak-Key Subspace Trails -- 3 Preliminary - Subspace Trail Properties of the AES -- 3.1 Subspace Trails of AES -- 3.2 (Weak-Key) Invariant Subspace Trail for AES -- 4 Weak-Key Secret-Key Distinguishers for AES -- 4.1 Subspace Trail Distinguishers -- 4.2 Weak-Key ``Multiple-of-n'' Property for 5-/6-Round AES-128 -- 4.3 Practical Experiments -- 5 New Chosen-Key Distinguishers for AES -- 5.1 Open-Key Distinguishers - State of the Art for AES -- 5.2 The ``Simultaneous Multiple-of-n'' Property -- 5.3 9-Round Chosen-Key Distinguisher for AES-128 -- 5.4 Achieving the ``Simultaneous Multiple-of-n'' Property Generically -- A Generic Subspace Trail (of Length 1) for AES - Proof -- B Weak-Key Invariant Subspace Trails of AES-256 -- B.1 AES-256 Key-Schedule -- B.2 Invariant Subspace - Weak-Keys of AES-256 -- B.3 Chosen-Key Distinguisher for 12-Round AES-256 -- C Practical Collisions for 7-Round AES-256 Compressing Modes -- D Proofs of Results Given in Sect.4 -- D.1 Proofs of Proposition 1 -- D.2 Proofs of Weak-Key ``Multiple-of-n'' - Theorem 4 -- E Gilbert's Known-Key Distinguisher for AES -- F Proof of Proposition 2 -- G On the Difficulty to Set Up ``Multiple-of-n'' Open-Key Distinguishers Without Relying on Weak-Keys -- References -- Algebraic Key-Recovery Attacks on Reduced-Round Xoofff -- 1 Introduction -- 1.1 State of the Art -- 1.2 Our Contribution -- 2 Preliminaries -- 2.1 Farfalle Construction -- 2.2 Specification of Xoofff -- 2.3 Linearization Attack -- 3 Distinguisher and Attack on Xoofff (1-Round Xoodoo) -- 3.1 Symmetry Property of the State Rolling Function -- 3.2 Secret-Key Distinguisher (1-round Xoodoo) -- 3.3 Attack on Xoofff Instantiated with 1-round Xoodoo in the Expansion Part -- 3.4 Experimental Results
- Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions
- A Improved Matsui's Algorithm for GIFT -- B Related-key Boomerang Attack on 22-round GIFT-128 -- B.1 Determining the Related-key Boomerang Distinguisher -- B.2 Data Collection -- B.3 Key Recovery -- B.4 Complexity and Success Probability -- C Analyzing the Probability of the 19-round Distinguisher Proposed in ch8DBLP:journalsspscjspsChenWZ19 -- D (Related-key) Differential Trails -- References -- Boolean Polynomials, BDDs and CRHS Equations - Connecting the Dots with CryptaPath -- 1 Introduction -- 1.1 Our Contribution -- 2 Preliminaries -- 2.1 Binary Decision Diagrams and Boolean Functions -- 2.2 Compressed Right-Hand Sides and Boolean Equations -- 2.3 Basic Operations on CRHS Equations -- 3 Modelling Cryptographic Primitives as System of CRHS Equations -- 3.1 The Structure of SPN Block Ciphers -- 3.2 Variables -- 3.3 Constructing CRHS Equations and the Complete System -- 4 Solving a System of CRHS Equations -- 4.1 Finding the Solution -- 4.2 Supporting Techniques -- 4.3 Complexity -- 5 CryptaPath -- 5.1 Example Usage and Results -- 6 Conclusions and Further Work -- A Overview of the Code and Usage of CryptaPath -- A.1 Usage -- References -- Boolean Ring Cryptographic Equation Solving -- 1 Introduction -- 2 Cryptographic Equation Systems and the Boolean Ring -- 3 The XL and EGHAM Processes -- 3.1 XL-Type Algorithms -- 3.2 The EGHAM Process -- 3.3 A Boolean View of the EGHAM process -- 4 A Boolean EGHAM process: EGHAM2 -- 4.1 The Kernel of the Boolean Mapping -- 4.2 The R2-Criterion for a Quadratic Boolean Element -- 4.3 Finding Quadratic Elements Satisfying the R2-Criterion -- 4.4 Probabilistic Linear Expressions -- 4.5 Boolean Ring Equation Solving as an LPN Problem -- 4.6 Required Degree for the EGHAM2 Process to Succeed -- 4.7 An Example of the EGHAM2 Process -- 5 Conclusions -- References
- Intro -- Preface -- Organization -- Invited Talks -- What's So Hard About Internet Voting? -- Trustless Groups of Unknown Order -- Contents -- Public-Key Cryptography -- Efficient Lattice-Based Polynomial Evaluation and Batch ZK Arguments -- 1 Introduction -- 1.1 Our Contribution -- 1.2 Application -- 2 Preliminaries -- 3 Lattice-Based Polynomial Zero-Knowledge Argument -- 3.1 Commitments to Polynomials (PolyCom) -- 3.2 Polynomial Evaluation Protocol PEv -- 3.3 Efficiency Analysis -- 4 Batch Polynomial Evaluation -- 4.1 Preliminaries of the Protocol -- 4.2 Detailed Protocol -- 4.3 Efficiency Analysis -- 5 Application to Range Proof -- 5.1 Comparison -- A Example to Batch Technique -- References -- FROST: Flexible Round-Optimized Schnorr Threshold Signatures -- 1 Introduction -- 2 Background -- 2.1 Threshold Schemes -- 2.2 Distributed Key Generation -- 2.3 Schnorr Signatures -- 2.4 Attacks on Parallelized Schnorr Multisignatures -- 3 Related Work -- 4 Preliminaries -- 5 FROST: Flexible Round-Optimized Schnorr Threshold Signatures -- 5.1 Key Generation -- 5.2 Threshold Signing with Unrestricted Parallelism -- 6 Security -- 6.1 Correctness -- 6.2 Security Against Chosen Message Attacks -- 6.3 Aborting on Misbehaviour -- 7 Implementation and Operational Considerations -- 8 Conclusion -- A Proof of Security -- A.1 Preliminaries -- A.2 Proof of Security for FROST-Interactive -- A.3 Extension of FROST-Interactive to FROST -- References -- Algorithmic Acceleration of B/FV-Like Somewhat Homomorphic Encryption for Compute-Enabled RAM -- 1 Introduction -- 2 Preliminaries -- 2.1 Notations -- 2.2 The Original B/FV Scheme ch3fan2012somewhat -- 2.3 The Full-RNS Variant of the B/FV Scheme -- 2.4 NTT -- 2.5 Compute-Enabled RAM -- 3 Novel Optimizations Using Special Moduli -- 3.1 NTT Implementation with CE-RAM -- 3.2 Choosing Special Moduli for Optimization