[PDF] Top 20 STA: Supersingular Encryption from Torsion Attacks

... Acknowledgements. The first author was supported for this work in part by ERC Advanced Grant ERC-2015-AdG-IMPaCT and by the Defense Advanced Research Projects Agency (DARPA) and Space and Naval Warfare Systems Center, ... See full document

... Algorithm 1 and Algorithm 2 break query privacy after observing enough queries using a less amount of required knowledge. To realize their effect, assume that an attacker has observed enough queries on a searchable ... See full document

... far from the initial desiderata set by NIST’s selection process, which required 128 bits of ...severe attacks [10] than those by now known to exist against all Feistel-based ... See full document

... The third line follows because if neither coll nor pred occurs, then the inputs to the random oracle are distinct and unknown, so the outputs may be replaced with random values chosen independently and uniformly at ... See full document

... pering attacks on Boneh-Franklin IBE scheme (Boneh and Franklin 2001) and Waters IBE scheme (Waters 2005) but repaired IBE schemes in a different way from ...tampering attacks on PE or IBE is due to ... See full document

... fault attacks on computing a pairing value e(P, Q), where P is a public point and Q is a secret ...these attacks are in fact effective only on a small number of pairing-based protocols, and that too only ... See full document

... Communication costs, expressed in terms of bytes in Table 1, only include cryptography-related content. That is, for simplification purposes, they do not take into account some additional informa- tion that is needed in ... See full document

... back from ancient ...comes from the Greek words kryptos and graphein, which mean hidden and writing, respectively [1] ...monuments from the Old Kingdom of Egypt circa 1900 ...offerings from ... See full document

... obtained from SessionKeyReveal query) is equal to that computed by Bob, one bit of Alice’s static secret key is ...obtained from SessionStateReveal query), by honestly registering static public key for Bob, ... See full document

... of supersingular elliptic curves over finite fields. Supersingular isogeny graphs are excellent expander graphs with asymptotically optimal expansion con- stant ...between supersingular elliptic ... See full document

... Originating from the seminal work of Ajtai [1], there has been a large body of research on basing lattice- based cryptosystems on the minimal possible assumptions and improving the efficiency of such provably ... See full document

... IND-CCA encryption schemes, our instantiation also avoids the use of one-time signatures and message authentication ...IND-CPA encryption scheme [CHK + 05, KMTG05, AP06], in the 3-flow protocol, IND-CCA ... See full document

... Yao’s garbled circuit (GC) technique is a powerful cryptographic tool which allows to “en- crypt” a circuit C by another circuit ˆ C in a way that hides all information except for the final output. Yao’s original ... See full document

... We have outlined how Kalb-Ramond axion fields could generate a magnetic monopole. There is spontaneous symmetry breaking of a global internal symmetry which is essential for producing a self-gravitating global monopole ... See full document

... Homomorphic Encryption (SHE) schemes have been developed with the aim of being IND-CPA ...devising attacks against existing SHE ...suffer from key recovery attacks, which allow an attacker to ... See full document

... RSA encryption method exhibits a specific feature that even an encryption key is publicly revealed it is difficult to trace the corresponding decryption ... See full document

... Our Contributions. We propose a new generic construction of PKE with LR-CCA security from a Hash Proof System (HPS) and a one-time lossy filter (OT-LF). The new primitive, one-time lossy filter (OT-LF), is a weak ... See full document

... To resist statistical, differential, brute- force attacks and to improve the computational performance, a novel chaotic image encryption scheme is proposed in this paper, [r] ... See full document

... -SIOT protocol, Bob’s choice should not be known to Alice. More- over, at the end of the protocol execution, Bob will not be able to gain any knowledge about the message that he did not decrypt. It should be noted that ... See full document

... In Table 12 are presented the results of stegokey searching after testing of 500 different images. We note that a decision about CO instead of some SG was taken if the number of passed tests was less than 13. The ... See full document