9 results sorted by ID
Possible spell-corrected query: emph Block
To Broadcast or Not to Broadcast: Decision-Making Strategies for Mining Empty Blocks
Chon Kit Lao, Rui Jiang, Luyao Zhang, Fan Zhang, Ye Wang
Applications
Resource efficiency in blockchain systems remains a pivotal concern in their design. While Ethereum often experiences network congestion, leading to rewarding opportunities for miners through transaction inclusions, a significant amount of block space remains underutilized. Remarkably, instances of entirely unutilized blocks contribute to resource wastage within the Ethereum ecosystem. This study delves into the incentives driving miners to produce empty blocks. We ascertain that the...
Authenticated Encryption for Very Short Inputs
Alexandre Adomnicai, Kazuhiko Minematsu, Junji Shikata
Secret-key cryptography
We study authenticated encryption (AE) modes dedicated to very short messages, which are crucial for Internet-of-things applications. Since the existing general-purpose AE modes need at least three block cipher calls for non-empty messages, we explore the design space for AE modes that use at most two calls. We proposed a family of AE modes, dubbed Manx, that work when the total input length is less than $2n$ bits, using an $n$-bit block cipher. Notably, the second construction of Manx can...
2020/698
Last updated: 2020-06-16
Forgery attack on the authentication encryption GIFT-COFB
Zhe CEN, Xiutao FENG, Zhangyi Wang, Chunping CAO
Secret-key cryptography
GIFT-COFB is one of the round 2 candidate algorithms of NIST lightweight cryptography. In this paper we present a forgery attack on GIFT-COFB. In our attack, the block cipher GIFT is viewed as a block box, and for an arbitrary ciphertext $(C, T)$ with at least twice the block length of GIFT-COFB, if an attacker knows arbitrary two successive blocks of message $M$ corresponding to $C$, he/she can forge infinite new valid ciphertexts $(C', T')$ such that for each $(C', T')$, there exists a...
Ubiquitous Weak-key Classes of BRW-polynomial Function
Kaiyan Zheng, Peng Wang, Dingfeng Ye
Secret-key cryptography
BRW-polynomial function is suggested as a preferred alternative of polynomial function, owing to its high efficiency and seemingly non-existent weak keys.
In this paper we investigate the weak-key issue of BRW-polynomial function as well as BRW-instantiated cryptographic schemes.
Though, in BRW-polynomial evaluation, the relationship between coefficients and input blocks is indistinct, we give out a recursive algorithm to compute another $(2^{v 1}-1)$-block message, for any given...
Private Projections & Variants
Xavier Carpent, Sky Faber, Tomas Sander, Gene Tsudik
Cryptographic protocols
There are many realistic settings where two mutually suspicious parties need to share some specific information while keeping everything else private. Various privacy-preserving techniques (such as Private Set Intersection) have been proposed as general solutions.
Based on timely real-world examples, this paper motivates the need for a new privacy tool, called Private Set Intersection with Projection (PSI-P). In it, Server has (at least) a two-attribute table and Client has a set of values....
Active Domain Expansion for Normal Narrow-pipe Hash Functions
Xigen Yao
Recently several reports of Cryptology ePrint Archive showed the discovering that for
a normal iterative hash function the entropy and codomain would reduce greatly,then some conclusions were given: Narrow-pipe hash functions couldn't resist this reducing (But wide-pipe hash functions could.),and generic collision
attacks on narrow-pipe hash functions would be faster than birthday paradox.The discovering and conclusions rely on the cases of active domain reducing which causes the empty...
Practical consequences of the aberration of narrow-pipe hash designs from ideal random functions
Danilo Gligoroski, Vlastimil Klima
In a recent note to the NIST hash-forum list, the following
observation was presented: narrow-pipe hash functions differ
significantly from ideal random functions $H:\{0,1\}^{N} \rightarrow
\{0,1\}^n$ that map bit strings from a big domain where $N=n m,\
m\geq n$ ($n=256$ or $n=512$). Namely, for an ideal random function
with a big domain space $\{0,1\}^{N}$ and a finite co-domain space
$Y=\{0,1\}^n$, for every element $y \in Y$, the probability
$Pr\{H^{-1}(y) = \varnothing\} \approx...
On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions
John Black, Martin Cochran, Thomas Shrimpton
Fix a small, non-empty set of blockcipher keys $K$. We say a blockcipher-based hash function is highly-efficient if it makes exactly one blockcipher call for each message block hashed, and all blockcipher calls use a key from $K$. Although a few highly-efficient constructions have been proposed, no one has been able to prove their security. In this paper we prove, in the ideal-cipher model, that it is impossible to construct a highly-efficient iterated blockcipher-based hash function...
On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions
John Black, Martin Cochran, Thomas Shrimpton
Foundations
Fix a small, non-empty set of blockcipher keys K.
We say a blockcipher-based hash function is "highly-efficient"
if it makes exactly one blockcipher call for each message block hashed, and all blockcipher calls use a key from K. Although a few
highly-efficient constructions have been proposed, no one has been
able to prove their security. In this paper we prove, in the
ideal-cipher model, that it is impossible to construct a
highly-efficient iterated blockcipher-based hash function that...
Resource efficiency in blockchain systems remains a pivotal concern in their design. While Ethereum often experiences network congestion, leading to rewarding opportunities for miners through transaction inclusions, a significant amount of block space remains underutilized. Remarkably, instances of entirely unutilized blocks contribute to resource wastage within the Ethereum ecosystem. This study delves into the incentives driving miners to produce empty blocks. We ascertain that the...
We study authenticated encryption (AE) modes dedicated to very short messages, which are crucial for Internet-of-things applications. Since the existing general-purpose AE modes need at least three block cipher calls for non-empty messages, we explore the design space for AE modes that use at most two calls. We proposed a family of AE modes, dubbed Manx, that work when the total input length is less than $2n$ bits, using an $n$-bit block cipher. Notably, the second construction of Manx can...
GIFT-COFB is one of the round 2 candidate algorithms of NIST lightweight cryptography. In this paper we present a forgery attack on GIFT-COFB. In our attack, the block cipher GIFT is viewed as a block box, and for an arbitrary ciphertext $(C, T)$ with at least twice the block length of GIFT-COFB, if an attacker knows arbitrary two successive blocks of message $M$ corresponding to $C$, he/she can forge infinite new valid ciphertexts $(C', T')$ such that for each $(C', T')$, there exists a...
BRW-polynomial function is suggested as a preferred alternative of polynomial function, owing to its high efficiency and seemingly non-existent weak keys. In this paper we investigate the weak-key issue of BRW-polynomial function as well as BRW-instantiated cryptographic schemes. Though, in BRW-polynomial evaluation, the relationship between coefficients and input blocks is indistinct, we give out a recursive algorithm to compute another $(2^{v 1}-1)$-block message, for any given...
There are many realistic settings where two mutually suspicious parties need to share some specific information while keeping everything else private. Various privacy-preserving techniques (such as Private Set Intersection) have been proposed as general solutions. Based on timely real-world examples, this paper motivates the need for a new privacy tool, called Private Set Intersection with Projection (PSI-P). In it, Server has (at least) a two-attribute table and Client has a set of values....
Recently several reports of Cryptology ePrint Archive showed the discovering that for a normal iterative hash function the entropy and codomain would reduce greatly,then some conclusions were given: Narrow-pipe hash functions couldn't resist this reducing (But wide-pipe hash functions could.),and generic collision attacks on narrow-pipe hash functions would be faster than birthday paradox.The discovering and conclusions rely on the cases of active domain reducing which causes the empty...
In a recent note to the NIST hash-forum list, the following observation was presented: narrow-pipe hash functions differ significantly from ideal random functions $H:\{0,1\}^{N} \rightarrow \{0,1\}^n$ that map bit strings from a big domain where $N=n m,\ m\geq n$ ($n=256$ or $n=512$). Namely, for an ideal random function with a big domain space $\{0,1\}^{N}$ and a finite co-domain space $Y=\{0,1\}^n$, for every element $y \in Y$, the probability $Pr\{H^{-1}(y) = \varnothing\} \approx...
Fix a small, non-empty set of blockcipher keys $K$. We say a blockcipher-based hash function is highly-efficient if it makes exactly one blockcipher call for each message block hashed, and all blockcipher calls use a key from $K$. Although a few highly-efficient constructions have been proposed, no one has been able to prove their security. In this paper we prove, in the ideal-cipher model, that it is impossible to construct a highly-efficient iterated blockcipher-based hash function...
Fix a small, non-empty set of blockcipher keys K. We say a blockcipher-based hash function is "highly-efficient" if it makes exactly one blockcipher call for each message block hashed, and all blockcipher calls use a key from K. Although a few highly-efficient constructions have been proposed, no one has been able to prove their security. In this paper we prove, in the ideal-cipher model, that it is impossible to construct a highly-efficient iterated blockcipher-based hash function that...