1,721,015 research outputs found
Policy privacy in cryptographic access control
Full text linkCryptographic access control offers selective accessto encrypted data via a combination of key management andfunctionality-rich cryptographic schemes, such as attribute-basedencryption. Using this approach, publicly available meta-datamay inadvertently leak information on the access policy that isenforced by cryptography, which renders cryptographic accesscontrol unusable in settings where this information is highlysensitive.We begin to address this problem by presenting rigorousdefinitions for policy privacy in cryptographic access control.For concreteness we set our results in the model of Role-BasedAccess Control (RBAC), where we identify and formalize severaldifferent flavors of privacy; however, our framework should serveas inspiration for other models of access control. Based on ourinsights we propose a new system which significantly improves onthe privacy properties of state-of-the-art constructions. Our designis based on a novel type of privacy-preserving attribute-basedencryption, which we introduce and show how to instantiate.We present our results in the context of a cryptographicRBAC system by Ferrara et al. (CSF’13), which uses cryptographyto control read access to files, while write access isstill delegated to trusted monitors. We give an extension of theconstruction that permits cryptographic control over write access.Our construction assumes that key management uses out-of-bandchannels between the policy enforcer and the users but eliminatescompletely the need for monitoring read/write access to the data
On the physical security of falcon
Full text linkFalcon ist von NIST zur Standardisierung als Post-Quanten digitales Signaturverfahren ausgewählt worden. Zwar sind bereits mehrere Angriffe auf Falcon publiziert worden, die auf Schwachstellen der Implementierung abzielen, jedoch ist die physische Sicherheit des Verfahrens noch nicht allgemein untersucht worden. Wir stellen eine Analyse der physischen Sicherheit des Falcon Signaturverfahrens vor, die sowohl Angriffe aus früheren Publikationen, als auch neue Schwachstellen enthält und in die die mathematischen Grundlagen des Verfahrens (zum Beispiel die Fast Fourier Transformation, diskrete Normalverteilungen und ein Turm von Körpern) miteinfließen. Weiters betrachten wir einen der neuen Angriffsvektoren, NarrowSampling, genauer. Wir simulieren einen Angriff, der auf einer Parallelepiped-Lernmethode aufbaut, die auf eine Signaturverteilung mit veringerter Standardabweichung angewendet wird. Jede einzelne Phase des Angriffs wird analysiert und der Einfluss der wichtigsten Angriffsparameter wird gemessen und evaluiert. Für Falcon Parametersets mit reduzierter Sicherheit gelingt es uns, damit den vollständigen privaten Schlüssel zu bestimmen.Falcon has been selected for standardization by NIST as a post-quantum digital signature scheme. Although there have been several published attacks against Falcon that target vulnerabilities on the implementation side, the physical security of the scheme has not been thoroughly studied yet. We present a broad analysis of the physical security of the Falcon signature scheme that includes attacks from prior publications as well as novel vulnerabilities and takes into account the mathematical foundations of the scheme, such as the Fast Fourier Transform, discrete Gaussian distributions and a tower of fields. Additionally, we closely investigate one of the new attack vectors, NarrowSampling. We simulate a fault injection attack based on a parallelepiped learning technique applied to a signature distribution with lowered standard deviation. Each individual phase of the attack is analyzed and the influence of the most important attack parameters is measured and evaluated. For Falcon parameter sets with reduced security we are able to fully recover the secret key
Wie man PLONK simuliert: Eine formale Sicherheitsanalyse eines zk-SNARKs
Full text linkZero-Knowledge-Beweise ermöglichen es, etwas zu beweisen, ohne dabei Informationen über die Wahrheit der Aussage hinaus preiszugeben. Dieses paradoxe Konzept, welches ursprünglich rein theoretischer Natur war, hat in den letzten Jahrzehnten eine breite Anwendung in der Praxis gefunden. An der Spitze dieser Entwicklung stehen Beweissysteme, die zk-SNARKs genannt werden, was für Zero-Knowledge Succinct Non-Interactive Argument of Knowledge steht. Sie vermeiden nicht nur, dass mehrere Runden der Interaktion erforderlich sind, sondern haben auch Beweise, die deutlich kürzer als die bewiesene Aussage selbst sind, wobei einige Konstruktionen sogar Beweise mit konstanter Größe erreichen. Einer der aktuellsten zk-SNARKs ist "PLONK" von Gabizon, Williamson und Ciobotaru aus dem Jahr 2019. Seine Beweise haben mit nur einem halben Kilobyte konstante Größe und können in sublinearer Zeit verifiziert werden. Darüber hinaus müssen die erforderlichen öffentlichen Parameter nur einmalig aufgesetzt werden, um beliebige Aussagen bis zu einer bestimmten Länge beweisen zu können, was PLONK zu einem universellen und zeiteffizienten zk-SNARK macht. Obwohl PLONK sehr einflussreich ist und in mehreren realen Anwendungen eingesetzt wird, gibt es keinen formalen Sicherheitsbeweis seiner Zero-Knowledge-Eigenschaft. Im Rahmen dieser Arbeit zeigen wir auf, wie eine von uns gefundene Sicherheitslücke in der Zero-Knowledge-Implementierung von PLONK behoben werden kann. Das PLONK-Protokoll wurde bereits entsprechend ausgebessert. Unser Hauptbeitrag ist ein formaler Sicherheitsbeweis dafür, dass die resultierende Version von PLONK statistisches Zero-Knowledge erfüllt. Hierfür zeigen wir, wie Beweise bis auf einen exponentiell kleinen Unterschied simuliert werden können, ohne dabei Zugriff auf die geheimen Informationen des Beweisers zu haben. Gemäß der Standarddefinition von Zero-Knowledge folgt daraus, dass PLONK-Beweise (statistisch) keine Informationen über die Wahrheit der Aussage hinaus preisgeben. Zudem führen wir eine genaue Sicherheitsanalyse des gesamten PLONK-Protokolls durch, einschließlich des Nachweises der Sicherheit aller seiner Komponenten. Dabei beweisen wir eine präzise obere Schranke für den Knowledge-Soundness-Fehler von PLONK im algebraischen Gruppenmodell. Da der ursprüngliche Beweis der Knowledge-Soundness von PLONK ebenfalls auf diesem idealisierten Modell beruht, tragen unsere Ergebnisse zu einem allgemein besseren Verständnis der Sicherheitseigenschaften von PLONK bei.Zero-knowledge proofs enable proving a statement without revealing any information beyond its truth. This paradoxical notion has evolved over the last few decades from a theoretical concept to the wide adoption of highly efficient zero-knowledge proof systems in practice. At the forefront of this development are proof systems called zk-SNARKs, which stands for zero-knowledge succinct non-interactive argument of knowledge. Not only do they avoid multiple rounds of interaction, but zk-SNARKs also offer succinct proofs whose length is much shorter than the size of the proved statement, with some constructions even achieving constant-size proofs. Among the most recent state-of-the-art constructions is the zk-SNARK "PLONK" by Gabizon, Williamson, and Ciobotaru from 2019. It has constant-size proofs of only half a kilobyte and sublinear proof verification time. Furthermore, it only requires a single trusted setup of its public parameters to support proofs of any statement up to a certain size bound, making PLONK a universal and fully succinct zk-SNARK. Although highly influential and implemented in several real-world applications, there is no formal security proof of its zero knowledge property. In this thesis, we disclose a vulnerability found in PLONK's implementation of zero knowledge and propose how to fix it. As a result, the PLONK protocol has been patched accordingly. Our primary contribution is a formal security proof establishing that the resulting version of PLONK achieves statistical zero knowledge. Towards this goal, we show how to simulate proofs up to an exponentially small difference without relying on any secret information used by the prover. Following the standard definition of zero knowledge, this implies that PLONK proofs reveal (statistically) zero information beyond the truth of the statement. Moreover, we conduct a rigorous security analysis of the entire PLONK protocol, proving the security of all its underlying components. This allows us to show a precise upper bound on PLONK's knowledge soundness error in the algebraic group model. Since the original proof given by the authors of PLONK relies on the same idealized model, our results help towards a better understanding of the security guarantees of PLONK in general
Unmöglichkeit eines Sicherheitsbeweises von Equivalenz-Klassen-Signaturen von Komplexitäts-Annahmen
Full text linkEquivalence class signatures (EQS) are digital signatures which provide the additional functionality that lets users adapt a given signature to a related message without knowledge of the secret key. They have been used to instantiate numerous cryptographic primitives and increased their efficiency.Unforgeability of the original EQS construction is proven in the generic group model, a theoretical model that treats the underlying group as "ideal". There exist constructions from standard assumptions but those only achieve weak security notions.In this work we strive to answer the question whether EQS schemes which satisfy the original model can be proved secure under standard assumptions with standard techniques. We answer in the negative. There cannot be an efficient security reduction which runs an adversary breaking unforgeability to then break a non-interactive computational assumption. This will be shown by construction of efficient meta-reductions that either break the security of the scheme or said computational problem directly
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
Appropriate Similarity Measures for Author Cocitation Analysis
Full text linkWe provide a number of new insights into the methodological discussion about author cocitation analysis. We first argue that the use of the Pearson correlation for measuring the similarity between authors’ cocitation profiles is not very satisfactory. We then discuss what kind of similarity measures may be used as an alternative to the Pearson correlation. We consider three similarity measures in particular. One is the well-known cosine. The other two similarity measures have not been used before in the bibliometric literature. Finally, we show by means of an example that our findings have a high practical relevance.information science;Pearson correlation;cosine;similarity measure;author cocitation analysis
Dispelling the Myths Behind First-author Citation Counts
Full text linkWe conducted a full-scale evaluative citation analysis study of scholars in the XML research field to explore just how different from each other author rankings resulting from different citation counting methods actually are, and to demonstrate the capability of emerging data and tools on the Web in supporting more realistic citation counting methods. Our results contest some common arguments for the continued
use of first-author citation counts in the evaluation of scholars, such as high correlations between author rankings by first-author citation counts and other citation
counting methods, and high costs of using more realistic citation counting methods that are not well-supported by the ISI databases. It is argued that increasingly available digital full text research papers make it possible for citation analysis studies to go beyond what the ISI databases have directly supported and to employ more
sophisticated methods
- …
