A New Combiner for Key Encapsulation Mechanisms HANAOKA, Goichiro; MATSUDA, Takahiro; SCHULDT, Jacob C. N.
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences,
12/2019, Letnik:
E102.A, Številka:
12
Journal Article
Recenzirano
Key encapsulation mechanism (KEM) combiners, recently formalized by Giacon, Heuer, and Poettering (PKC'18), enable hedging against insecure KEMs or weak parameter choices by combining ingredient KEMs ...into a single KEM that remains secure assuming just one of the underlying ingredient KEMs is secure. This seems particularly relevant when considering quantum-resistant KEMs which are often based on arguably less well-understood hardness assumptions and parameter choices. We propose a new simple KEM combiner based on a one-time secure message authentication code (MAC) and two-time correlated input secure hash. Instantiating the correlated input secure hash with a t-wise independent hash for an appropriate value of t, yields a KEM combiner based on a strictly weaker additional primitive than the standard model construction of Giaon et al. and furthermore removes the need to do n full passes over the encapsulation, where n is the number of ingredient KEMs, which Giacon et al. highlight as a disadvantage of their scheme. However, unlike Giacon et al., our construction requires the public key of the combined KEM to include a hash key, and furthermore requires a MAC tag to be added to the encapsulation of the combined KEM.
Oblivious Linear Group Actions and Applications Attrapadung, Nuttapong; Hanaoaka, Goichiro; Matsuda, Takahiro ...
Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security,
11/2021
Conference Proceeding
Odprti dostop
In this paper we propose efficient two-party protocols for obliviously applying a (possibly random) linear group action to a data set. Our protocols capture various applications such as oblivious ...shuffles, circular shifts, matrix multiplications, to name just a few. A notable feature enjoyed by our protocols, is that they admit a round-optimal (more precisely, one-round) online computation phase, once an input-independent off-line computation phase has been completed. Our oblivious shuffle is the first to achieve a round-optimal online phase. The most efficient instantiations of our protocols are obtained in the so-called client-aided client-server setting, where the offline phase is run by a semi-honest input party (client) who will then distribute the generated correlated randomness to the computing parties (servers). When comparing the total running time to the previous best two-party oblivious shuffle protocol by Chase et al. (Asiacrypt 2020), our shuffle protocol in this client-aided setting is up to 105 times and 152 times faster, in the LAN and WAN setting, respectively. We additionally show how the Chase et al. protocol (which is a standard two-party protocol) can be modified to leverage the advantages of the client-aided setting, but show that, even doing so, our scheme is still two times faster in the online phase and 1.34 times faster in total on average.
An additional feature of our protocols is that they allow to re-invoke a previously generated group action, or its inverse, in subsequent runs. This allows us to utilize randomize-then-reveal techniques, which are crucial for constructing efficient protocols in complex applications. As an application, we construct a new oblivious sorting protocol implementing radix sort. Our protocol is based on a similar approach to the three-party protocol by Chida et al. (IACR ePrint 2019/965), but using our oblivious shuffle as a building block as well as various optimizations, we obtain a two-party protocol (in the client-aided setting) with improved online running time and a reduced number of rounds. As other applications, we also obtain efficient protocols for oblivious selection, oblivious unit-vectorization, oblivious multiplexer, oblivious polynomial evaluation, arithmetic-to-boolean share conversions, and more.
Delay tomography has so far burdened source and receiver measurement nodes in a network with two requirements: path establishment and clock synchronization between them. In this letter, we focus on ...the clock synchronization problem in delay tomography and propose a synchronization-free delay tomography scheme based on compressed sensing. The proposed scheme selects a path between source and receiver measurement nodes as the reference path, which results in a loss of equation in a conventional delay tomography problem. By utilizing compressed sensing, however, the proposed scheme becomes robust to the loss. Simulation experiments confirm that the proposed scheme works comparable to a conventional delay tomography scheme in a network with no clock synchronization between source and receiver measurement nodes.
In this study, we realized a relay network using drones and analyzed the impact of the sway angle of a drone’s attitude on communication in a windy flight environment. Drones in flight act as radio ...relay stations and communication among them is performed using radio equipment mounted on board. In a windy environment, a directional antenna is used for relay communication among them to avoid interference caused by the spread of radio waves in space and extend the relay distance. However, when wind occurs during flight, the flying attitude of the drone inclines, which causes the beam of the antenna to sway and the communication link to be disconnected, leading to a decrease in the transmission speed. In this study, we statistically evaluated the pitch, yaw, and roll axes of a drone through wind tunnel experiments. Furthermore, the pattern of the swing angle of the drone with respect to the wind speed was investigated using computer simulations to analyze the fluid dynamics and theoretically analyze the swing of the drone. Based on these results, the transmission speed when using a directional antenna was calculated. When the wind speed was 6.0 m/s, the pitch axis deflection angle of the drone was 13∘ at maximum, and the average transmission speed decreased by 33.3 Mbps. In this study, it was found that in communication between drones due to the wind, the transmission efficiency decreased depending on the sway angle of the aircraft.
Delay tomography is an inference technique for link delays in a network, where end-to-end route measurement is a promising method to reduce measurement overhead. Furthermore, by incorporating ...compressed sensing, delay tomography can efficiently detect sparse anomaly. In delay tomography, however, there is an inevitable issue that is clock synchronization for the route measurements. In this paper, based on route referencing, we study synchronization-free delay tomography with compressed sensing. From theoretical analysis, optimal route referencing and ordering methods for synchronization-free delay tomography are derived as “subtractive and differential schemes,” which cancel or minimize the error factors caused by clock asynchronism, clock skew, and normal link delays with single or multiple references, respectively. Simulation experiments confirm that the proposed methods can identify abnormal links more accurately with robustness against the error factors than a conventional scheme, where the newly proposed differential scheme always shows the best performance thanks to its better error factors cancelation.
Celotno besedilo
Dostopno za:
DOBA, IZUM, KILJ, NUK, PILJ, PNG, SAZU, SIK, UILJ, UKNU, UL, UM, UPUK