Organized by cryptographers at Tsinghua University, IIIS.
Where: Tsinghua University, FIT Building 2nd floor Conference Room.
When: May 25, 2023 (Thursday)
13:30-14:30 刘天任 Tianren Liu (PKU)
Is AES Secure? From an Information-Theoretic Perspective
14:30-14:40 Coffee break
14:40-15:40 毛昕渝 Xinyu Mao (USC)
Non-Adaptive Universal One-Way Hash Functions from Arbitrary One-Way Functions
15:40-15:50 Tea break
15:50-16:50 朱晨智 Chenzhi Zhu (U. Washington)
Recent Developments in Pairing-Free Blind Signatures and More
Titles and abstracts:
Tianren Liu: Is AES Secure? From an Information-Theoretic Perspective
Abstract: AES is arguably the most widely used cipher. This talk covers a recent line of works targeting provable security of AES and other block ciphers.
We consider t-wise independence, a natural and attractive security target for block ciphers. A block cipher is t-wise independent, if for any t plaintexts, the joint distribution of the t corresponding ciphertexts is statistically close to uniform. It implies resistance to any statistical attack that only involves a few inputs.
We have a collection of results showing AES and a few of its variants are t-wise independent, under different parameters (the value of t, the security level, the number of rounds, etc.). Some of them will be presented in this talk.
The t-wise Independence of Substitution-Permutation Networks. Tianren Liu, Stefano Tessaro, Vinod Vaikuntanathan. Crypto 2019. https://eprint.iacr.org/2021/507
Layout Graphs, Random Walks and the t-wise Independence of SPN Block Ciphers. Tianren Liu, Angelos Pelecanos, Stefano Tessaro, Vinod Vaikuntanathan. Crypto 2023.
Xinyu Mao: Non-Adaptive Universal One-Way Hash Functions from Arbitrary One-Way Functions
Abstract: In this work we give the first non-adaptive construction of universal one-way hash functions (UOWHFs) from arbitrary one-way functions. Our construction uses O(n^9) calls to the one-way function, has a key of length O(n^10), and can be implemented in NC1 assuming the underlying one-way function is in NC1.
Prior to this work, the best UOWHF construction used O(n^13) adaptive calls and a key of size O(n^5) (Haitner, Holenstein, Reingold, Vadhan and Wee [Eurocrypt ’10]). By the result of Applebaum, Ishai and Kushilevitz [FOCS ’04], the above implies the existence of UOWHFs in NC0, given the existence of one-way functions in NC1.
We also show that the PRG construction of Haitner, Reingold and Vadhan (HRV, [STOC ’10]), with small modifications, yields a relaxed notion of UOWHFs, which is a function family which can be (inefficiently) converted to UOWHF by changing the functions on a negligible fraction of the inputs. In order to analyze this construction, we introduce the notion of next-bit unreachable entropy, which replaces the next-bit pseudoentropy notion used by HRV.
Chenzhi Zhu: Recent Developments in Pairing-Free Blind Signatures and More
Abstract: Blind signature schemes enable users to obtain signatures from issuers without disclosing any details about the signed content. They were initially proposed to build anonymous e-cash systems and lately found useful in constructing anonymous credentials and tokens.
In this talk, I will present my recent work, where we propose the first practical pairing-free three-move blind signature schemes that (1) are concurrently secure, (2) produce short signatures (i.e., three or four group elements/scalars), and (3) are provably secure either in the generic group model (GGM) or the algebraic group model (AGM) under the (plain or one-more) discrete logarithm assumption (beyond additionally assuming random oracles). Additionally, I will discuss a few of my follow-up works, which extend our techniques to threshold settings and the blind issuance of certain zero-knowledge proofs.