[crypto] [Serge.Fehr at cwi.nl: [risc-list] RISC/INT at CWI (May 23)]

R. Hirschfeld ray at unipay.nl
Mon May 12 16:51:22 CEST 2014 

------- Start of forwarded message -------
From: Serge Fehr <Serge.Fehr at cwi.nl>
Date: Mon, 12 May 2014 10:42:03 +0200
Subject: [risc-list] RISC/INT at CWI (May 23)


Dear Colleagues, 

we cordially invite you to a joint RISC / Intercity Number Theory seminar, taking place at CWI Amsterdam, The Netherlands, on 

                           *Friday, May 23, 2014, in Room L120 (1st floor)* 

starting at *13:00h* . The program features talks by *Aner mosh Ben efraim* (Ben Gurion University, Israel), *Ronald Cramer* (CWI/Leiden), *Serge Fehr* (CWI), and *Daniele Venturi* (Sapienza University of Rome). The schedule is as follows. 

 13:00 - 13:45     Serge Fehr (CWI): Reconstructing a Shared Secret in the Presence of Faulty Shares - A Survey 
 14:00 - 14:45     Aner moshe Ben efraim (Ben-Gurion University, Israel): Multi-Linear Secret-Sharing Schemes 
 15:15 - 16:00     Ronald Cramer (CWI/Leiden): Optimal Algebraic Manipulation Detection Codes
 16:15 - 17:00     Daniele Venturi (Sapienza University, Italy): Non-Malleable Codes and Applications 

The abstracts are quoted below. See also http://www.cwi.nl/crypto/risc.html and http://pub.math.leidenuniv.nl/~smitbde/ic/current.html .

See you then and there! 

Best regards, 
Ronald Cramer, Serge Fehr, and Lenny Taelman



---------------------------------------------- 

Serge Fehr: *Reconstructing a Shared Secret in the Presence of Faulty Shares - A Survey* 

Abstract: Secret sharing is a fundamental primitive in cryptography. In this talk, I consider the problem of reconstructing a shared secret in the presence of faulty shares, with unconditional security. We require that any t shares give no information on the shared secret, and reconstruction is possible even if up to t out of the n shares are incorrect. The interesting setting is n/3 <= t < n/2, where reconstruction of a shared secret in the presence of faulty shares is possible, but only with an increase in the share size, and only if one admits a small failure probability. In this talk, I give an overview over the different known solutions. The first one, due to Rabin and Ben-Or (1989), suffers from relatively large shares of size Omega(k*n), where k is the security parameter. The second one, due to Cramer, Damgard and Fehr (2001), has close to optimal share size O(k + n) but is computationally inefficient. Finally, I will present a more recent solution by Cevallos, Fehr, !
 Ostrovsky and Rabani (2012) that combines the advantages of the two: it has short shares of size O(k + n log(n)) and runs in polynomial time. 

Aner moshe Ben efraim: *Multi-Linear Secret-Sharing Schemes* 

Abstract: We study the power of multi-linear secret-sharing schemes. On the one hand, we prove that ideal multi-linear secret-sharing schemes, in which the secret is composed of p field elements, are more powerful than schemes in which the secret is composed of less than p field elements (for every prime p). On the other hand, we prove super-polynomial lower bounds on the share size in multi-linear secret-sharing schemes. Previously, such lower bounds were known only for linear schemes. 
This is joint work with Amos Beimel, Carles Padro, and Ilya Tyomkin 

Ronald Cramer: *Optimal Algebraic-Manipulation-Detection Codes* 

Abstract: Algebraic manipulation detection (AMD) codes, introduced at EUROCRYPT 2008, may, in some sense,  be viewed as {\em keyless} combinatorial authentication codes that provide security in the presence of an {\em oblivious}, {\em algebraic} attacker. Its original applications included robust fuzzy extractors, secure message transmission and robust secret sharing. In recent years, however, a rather diverse array of additional applications in cryptography has emerged. In this paper we consider, for the first time, the natural regime of arbitrary positive constant error probability $\epsilon$  in combination with messages of unbounded binary length $\ell$. Adapting a known bound to this regime, it follows that the binary length $\rho$ of the tag satisfies  $\rho \geq \log \ell + \Omega_{\epsilon}(1)$. We shall call AMD codes  meeting this lower bound {\em optimal}. Owing to our refinement of the mathematical perspective on AMD codes, which focuses on symmetries of codes, w!
 e propose novel constructive principles. Our main result is an efficient randomized construction of optimal AMD codes based on a careful adaptation of certain asymptotically good quasi-cyclic codes. 
Joint work with Carles Padr{\o'} and Chaoping Xing.

Daniele Venturi: * Non-Malleable Codes and Applications* 

Abstract: Non-malleable codes (Dziembowski et al., ICS 2010) encode a message in such a way that the decoded value corresponding to a modified codeword (w.r.t. some class of modifications) is either the original encoded value or a completely independent one. Compared to error correction/detection, non-malleability is a weaker guarantee that can be achieved for much richer classes of modifications. In this talk I will survey recent results on the construction of non-malleable codes, both in the computational and in the information theoretic setting. In the last part of the talk I will focus on applications relevant for the field of cryptography, mainly in the context of tamper resistance and chosen-ciphertext security. 

----------------------------------------------

_______________________________________________
risc-list mailing list
risc-list at cwi.nl
https://lists.cwi.nl/mailman/listinfo/risc-list
------- End of forwarded message -------

More information about the crypto mailing list