[crypto] [Serge.Fehr at cwi.nl: [risc-list] RISC/INT at CWI (May 23)]

R. Hirschfeld ray at unipay.nl
Thu May 22 11:43:58 CEST 2014


------- Start of forwarded message -------
Date: Mon, 19 May 2014 11:44:04 +0200
From: Serge Fehr <Serge.Fehr at cwi.nl>
Subject: [risc-list] RISC/INT at CWI (May 23)

Dear Colleagues,

this is to remind you of the upcoming joint RISC / Intercity Number 
Theory seminar, taking place at CWI Amsterdam, The Netherlands, this

                            *Friday, May 23, 2014, in Room L120 (1st floor)*

starting at *13:00h* . The program features talks by *Aner mosh Ben 
efraim* (Ben Gurion University, Israel), *Ronald Cramer* (CWI/Leiden), 
*Serge Fehr* (CWI), and *Daniele Venturi* (Sapienza University of Rome). 
The schedule is as follows.

  13:00 - 13:45     Serge Fehr (CWI): Reconstructing a Shared Secret in 
the Presence of Faulty Shares - A Survey
  14:00 - 14:45     Aner moshe Ben efraim (Ben-Gurion University, 
Israel): Multi-Linear Secret-Sharing Schemes
  15:15 - 16:00     Ronald Cramer (CWI/Leiden): Optimal Algebraic 
Manipulation Detection Codes
  16:15 - 17:00     Daniele Venturi (Sapienza University, Italy): 
Non-Malleable Codes and Applications

The abstracts are quoted below. See also 
http://www.cwi.nl/crypto/risc.html and 
http://pub.math.leidenuniv.nl/~smitbde/ic/current.html .

See you then and there!

Best regards,
Ronald Cramer, Serge Fehr, and Lenny Taelman



----------------------------------------------

Serge Fehr: *Reconstructing a Shared Secret in the Presence of Faulty 
Shares - A Survey*

Abstract: Secret sharing is a fundamental primitive in cryptography. In 
this talk, I consider the problem of reconstructing a shared secret in 
the presence of faulty shares, with unconditional security. We require 
that any t shares give no information on the shared secret, and 
reconstruction is possible even if up to t out of the n shares are 
incorrect. The interesting setting is n/3 <= t < n/2, where 
reconstruction of a shared secret in the presence of faulty shares is 
possible, but only with an increase in the share size, and only if one 
admits a small failure probability. In this talk, I give an overview 
over the different known solutions. The first one, due to Rabin and 
Ben-Or (1989), suffers from relatively large shares of size Omega(k*n), 
where k is the security parameter. The second one, due to Cramer, 
Damgard and Fehr (2001), has close to optimal share size O(k + n) but is 
computationally inefficient. Finally, I will present a more recent 
solution by Cevallos, Fehr, Ostrovsky and Rabani (2012) that combines 
the advantages of the two: it has short shares of size O(k + n log(n)) 
and runs in polynomial time.

Aner moshe Ben efraim: *Multi-Linear Secret-Sharing Schemes*

Abstract: We study the power of multi-linear secret-sharing schemes. On 
the one hand, we prove that ideal multi-linear secret-sharing schemes, 
in which the secret is composed of p field elements, are more powerful 
than schemes in which the secret is composed of less than p field 
elements (for every prime p). On the other hand, we prove 
super-polynomial lower bounds on the share size in multi-linear 
secret-sharing schemes. Previously, such lower bounds were known only 
for linear schemes.
This is joint work with Amos Beimel, Carles Padro, and Ilya Tyomkin

Ronald Cramer: *Optimal Algebraic-Manipulation-Detection Codes*

Abstract: Algebraic manipulation detection (AMD) codes, introduced at 
EUROCRYPT 2008, may, in some sense,  be viewed as {\em keyless} 
combinatorial authentication codes that provide security in the presence 
of an {\em oblivious}, {\em algebraic} attacker. Its original 
applications included robust fuzzy extractors, secure message 
transmission and robust secret sharing. In recent years, however, a 
rather diverse array of additional applications in cryptography has 
emerged. In this paper we consider, for the first time, the natural 
regime of arbitrary positive constant error probability $\epsilon$  in 
combination with messages of unbounded binary length $\ell$. Adapting a 
known bound to this regime, it follows that the binary length $\rho$ of 
the tag satisfies  $\rho \geq \log \ell + \Omega_{\epsilon}(1)$. We 
shall call AMD codes meeting this lower bound {\em optimal}. Owing to 
our refinement of the mathematical perspective on AMD codes, which 
focuses on symmetries of codes, we propose novel constructive 
principles. Our main result is an efficient randomized construction of 
optimal AMD codes based on a careful adaptation of certain 
asymptotically good quasi-cyclic codes.
Joint work with Carles Padr{\o'} and Chaoping Xing.

Daniele Venturi: * Non-Malleable Codes and Applications*

Abstract: Non-malleable codes (Dziembowski et al., ICS 2010) encode a 
message in such a way that the decoded value corresponding to a modified 
codeword (w.r.t. some class of modifications) is either the original 
encoded value or a completely independent one. Compared to error 
correction/detection, non-malleability is a weaker guarantee that can be 
achieved for much richer classes of modifications. In this talk I will 
survey recent results on the construction of non-malleable codes, both 
in the computational and in the information theoretic setting. In the 
last part of the talk I will focus on applications relevant for the 
field of cryptography, mainly in the context of tamper resistance and 
chosen-ciphertext security.

----------------------------------------------

_______________________________________________
risc-list mailing list
risc-list at cwi.nl
https://lists.cwi.nl/mailman/listinfo/risc-list
------- End of forwarded message -------


More information about the crypto mailing list