[crypto] [Serge.Fehr at cwi.nl: [risc-list] RISC/INT at CWI (May 23)]
R. Hirschfeld
ray at unipay.nl
Thu May 22 11:43:58 CEST 2014
------- Start of forwarded message -------
Date: Mon, 19 May 2014 11:44:04 +0200
From: Serge Fehr <Serge.Fehr at cwi.nl>
Subject: [risc-list] RISC/INT at CWI (May 23)
Dear Colleagues,
this is to remind you of the upcoming joint RISC / Intercity Number
Theory seminar, taking place at CWI Amsterdam, The Netherlands, this
*Friday, May 23, 2014, in Room L120 (1st floor)*
starting at *13:00h* . The program features talks by *Aner mosh Ben
efraim* (Ben Gurion University, Israel), *Ronald Cramer* (CWI/Leiden),
*Serge Fehr* (CWI), and *Daniele Venturi* (Sapienza University of Rome).
The schedule is as follows.
13:00 - 13:45 Serge Fehr (CWI): Reconstructing a Shared Secret in
the Presence of Faulty Shares - A Survey
14:00 - 14:45 Aner moshe Ben efraim (Ben-Gurion University,
Israel): Multi-Linear Secret-Sharing Schemes
15:15 - 16:00 Ronald Cramer (CWI/Leiden): Optimal Algebraic
Manipulation Detection Codes
16:15 - 17:00 Daniele Venturi (Sapienza University, Italy):
Non-Malleable Codes and Applications
The abstracts are quoted below. See also
http://www.cwi.nl/crypto/risc.html and
http://pub.math.leidenuniv.nl/~smitbde/ic/current.html .
See you then and there!
Best regards,
Ronald Cramer, Serge Fehr, and Lenny Taelman
----------------------------------------------
Serge Fehr: *Reconstructing a Shared Secret in the Presence of Faulty
Shares - A Survey*
Abstract: Secret sharing is a fundamental primitive in cryptography. In
this talk, I consider the problem of reconstructing a shared secret in
the presence of faulty shares, with unconditional security. We require
that any t shares give no information on the shared secret, and
reconstruction is possible even if up to t out of the n shares are
incorrect. The interesting setting is n/3 <= t < n/2, where
reconstruction of a shared secret in the presence of faulty shares is
possible, but only with an increase in the share size, and only if one
admits a small failure probability. In this talk, I give an overview
over the different known solutions. The first one, due to Rabin and
Ben-Or (1989), suffers from relatively large shares of size Omega(k*n),
where k is the security parameter. The second one, due to Cramer,
Damgard and Fehr (2001), has close to optimal share size O(k + n) but is
computationally inefficient. Finally, I will present a more recent
solution by Cevallos, Fehr, Ostrovsky and Rabani (2012) that combines
the advantages of the two: it has short shares of size O(k + n log(n))
and runs in polynomial time.
Aner moshe Ben efraim: *Multi-Linear Secret-Sharing Schemes*
Abstract: We study the power of multi-linear secret-sharing schemes. On
the one hand, we prove that ideal multi-linear secret-sharing schemes,
in which the secret is composed of p field elements, are more powerful
than schemes in which the secret is composed of less than p field
elements (for every prime p). On the other hand, we prove
super-polynomial lower bounds on the share size in multi-linear
secret-sharing schemes. Previously, such lower bounds were known only
for linear schemes.
This is joint work with Amos Beimel, Carles Padro, and Ilya Tyomkin
Ronald Cramer: *Optimal Algebraic-Manipulation-Detection Codes*
Abstract: Algebraic manipulation detection (AMD) codes, introduced at
EUROCRYPT 2008, may, in some sense, be viewed as {\em keyless}
combinatorial authentication codes that provide security in the presence
of an {\em oblivious}, {\em algebraic} attacker. Its original
applications included robust fuzzy extractors, secure message
transmission and robust secret sharing. In recent years, however, a
rather diverse array of additional applications in cryptography has
emerged. In this paper we consider, for the first time, the natural
regime of arbitrary positive constant error probability $\epsilon$ in
combination with messages of unbounded binary length $\ell$. Adapting a
known bound to this regime, it follows that the binary length $\rho$ of
the tag satisfies $\rho \geq \log \ell + \Omega_{\epsilon}(1)$. We
shall call AMD codes meeting this lower bound {\em optimal}. Owing to
our refinement of the mathematical perspective on AMD codes, which
focuses on symmetries of codes, we propose novel constructive
principles. Our main result is an efficient randomized construction of
optimal AMD codes based on a careful adaptation of certain
asymptotically good quasi-cyclic codes.
Joint work with Carles Padr{\o'} and Chaoping Xing.
Daniele Venturi: * Non-Malleable Codes and Applications*
Abstract: Non-malleable codes (Dziembowski et al., ICS 2010) encode a
message in such a way that the decoded value corresponding to a modified
codeword (w.r.t. some class of modifications) is either the original
encoded value or a completely independent one. Compared to error
correction/detection, non-malleability is a weaker guarantee that can be
achieved for much richer classes of modifications. In this talk I will
survey recent results on the construction of non-malleable codes, both
in the computational and in the information theoretic setting. In the
last part of the talk I will focus on applications relevant for the
field of cryptography, mainly in the context of tamper resistance and
chosen-ciphertext security.
----------------------------------------------
_______________________________________________
risc-list mailing list
risc-list at cwi.nl
https://lists.cwi.nl/mailman/listinfo/risc-list
------- End of forwarded message -------
More information about the crypto
mailing list