Public-Seed Pseudorandom Permutations

Soni, Pratik; Tessaro, Stefano

doi:10.1007/978-3-319-56614-6_14

Cited by 13 publications

(5 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The notion of universal computational extractors (UCE) [BHK13,ST17] was originally proposed as a way of capturing "random-oracle like" security properties of hash functions via a standard-model definition. While the format of the UCE definition is also given in terms of an extraction game with a source and a distinguisher, there are major differences between the UCE definition and that of ED-Extractors, both in terms of their syntactic structure, but also more conceptually in terms of what they aim to capture.…”

Section: Universal Computational Extractors (Uce)mentioning

confidence: 99%

Extracting Randomness from Extractor-Dependent Sources

Dodis

Vaikuntanathan

Wichs

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We revisit the well-studied problem of extracting nearly uniform randomness from an arbitrary source of sufficient min-entropy. Strong seeded extractors solve this problem by relying on a public random seed, which is unknown to the source. Here, we consider a setting where the seed is reused over time and the source may depend on prior calls to the extractor with the same seed. Can we still extract nearly uniform randomness?In more detail, we assume the seed is chosen randomly, but the source can make arbitrary oracle queries to the extractor with the given seed before outputting a sample. We require that the sample has entropy and differs from any of the previously queried values. The extracted output should look uniform even to a distinguisher that gets the seed. We consider two variants of the problem, depending on whether the source only outputs the sample, or whether it can also output some correlated public auxiliary information that preserves the sample's entropy. Our results are: Without Auxiliary Information: We show that every pseudo-random function (PRF) with a sufficiently high security level is a good extractor in this setting, even if the distinguisher is computationally unbounded. We further show that the source necessarily needs to be computationally bounded and that such extractors imply one-way functions. With Auxiliary Information:We construct secure extractors in this setting, as long as both the source and the distinguisher are computationally bounded. We give several constructions based on different intermediate primitives, yielding instantiations based on the DDH, DLIN, LWE or DCR assumptions. On the negative side, we show that one cannot prove security against computationally unbounded distinguishers in this setting under any standard assumption via a black-box reduction. Furthermore, even when restricting to computationally bounded distinguishers, we show that there exist PRFs that are insecure as extractors in this setting and that a large class of constructions cannot be proven secure via a black-box reduction from standard assumptions. setting where a seed S is chosen uniformly at random. A source S EDExt(•,S) gets oracle access to the extractor with the seed S and outputs a sample X along with some public auxiliary information AUX. We say that such a source S is a legal extractor-dependent source of entropy α if two conditions hold: (1) the (conditional min-entropy) of X given S, AUX is at least α, and (2) the source never queries the oracle on the value X that it outputs. An α-ED-Extractor needs to ensure that for all legal extractor-dependent sources of entropy α, the output EDExt(X, S) is indistinguishable from uniform, even given the seed S and the auxiliary information AUX.Discussion on the Legality Conditions. We motivate the reason behind the two legality conditions imposed by the definition.Firstly, just like for standard (seeded) extractors, we need to assume that X has a sufficient level of entropy even conditioned on AUX in order to extract randomness from it. In our case, ...

show abstract

Section: Universal Computational Extractors (Uce)mentioning

confidence: 99%

Extracting Randomness from Extractor-Dependent Sources

Dodis

Vaikuntanathan

Wichs

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Sponge-based PRNG (Sponge-PRBG) constructions offer a great flexibility due to their simplicity, security relying on indifferentiability of the underlying permutation, and efficient hardware/software implementations, which can be flexibly configured to a PRBG. After the sponge-based construction by Bertoni et al [BDPVA10], several variants of spongebased PRBG have been proposed, with improved security and robustness under different security models, e.g., [GT16,ST17,Hut17,CDKT19]. The construction of the seeded PRBG proposed by Gazi and Tessaro [GT16] provides robustness and forward secrecy guarantees, however, this construction incurs an extra hardware cost of r XOR gates, needs an additional source of weak randomness and an extra call to the underlying permutation.…”

Section: Sponge-based Prbg From Wagementioning

confidence: 99%

WAGE: An Authenticated Encryption with a Twist

AlTawy

Gong

Mandal

et al. 2020

ToSC

View full text Add to dashboard Cite

This paper presents WAGE, a new lightweight sponge-based authenticated cipher whose underlying permutation is based on a 37-stage Galois NLFSR over F27. At its core, the round function of the permutation consists of the well-analyzed Welch-Gong permutation (WGP), primitive feedback polynomial, a newly designed 7-bit SB sbox and partial word-wise XORs. The construction of the permutation is carried out such that the design of individual components is highly coupled with cryptanalysis and hardware efficiency. As such, we analyze the security of WAGE against differential, linear, algebraic and meet/miss-in-the-middle attacks. For 128-bit authenticated encryption security, WAGE achieves a throughput of 535 Mbps with hardware area of 2540 GE in ASIC ST Micro 90 nm standard cell library. Additionally, WAGE is designed with a twist where its underlying permutation can be efficiently turned into a pseudorandom bit generator based on the WG transformation (WG-PRBG) whose output bits have theoretically proved randomness properties.

show abstract

“…1. Determine two random permutations Peach of size n using any public seed pseudorandom permutation algorithm (also called key-based pseudorandom permutation algorithm), such as the algorithms in [28,29].In this case, we determine two permutations, one for SGAS-SM channel (PS) and the other for SM-SMO channel (PO). The seed for the permutation is the hash of the string produced from concatenated the relative parameters, such that:…”

Section: Dna-based Cryptography Keymentioning

confidence: 99%

A DNA-based Privacy-preserving Scheme in Smart-grid

Abed¹

2019

IJCIS

View full text Add to dashboard Cite

Smart grid utility provider collects consumers' power consumption data for three main reasons: billing, analysis, and operation. Billing needs coarse-grained data where there are no, or minimal, privacy concerns. While analysis and operation needs fine-grained data which can highly explore consumers' privacy. Hence, consumers might be reluctant to allow for operational metering to protect their privacy.This paper presents detail description of a reliable DNA-based privacy-preserving (DNAPP) scheme in smart grid. DNAPP assures robust authentication, confidentiality, message integrity, and nonrepudiation across the smart grid as well as assuring high consumers' privacy. The scheme demonstrates many good security features, such as: high complexity of O(n!), lightweight , scalable, minimum overhead, no cryptography key exchange between the communicating parties as each of them can determine the key locally and independently. This scheme does not require any level of modifications to the existing smart grid infrastructure or smart meter. It only requires some software modifications.

show abstract

Public-Seed Pseudorandom Permutations

Cited by 13 publications

References 39 publications

Extracting Randomness from Extractor-Dependent Sources

Extracting Randomness from Extractor-Dependent Sources

WAGE: An Authenticated Encryption with a Twist

A DNA-based Privacy-preserving Scheme in Smart-grid

Contact Info

Product

Resources

About