Carlos Aguilar Melchor

Additively homomorphic encryption with d-operand multiplications

The search for encryption schemes that allow to evaluate functions (or circuits) over encrypted data has attracted a lot of attention since the seminal work on this subject by Rivest, Adleman and Dertouzos in 1978. In this work we define a theoretical object, chained encryption schemes, which allow an efficient evaluation of polynomials of degree d over encrypted data. Chained encryption schemes are generically constructed by concatenating cryptosystems with the appropriate homomorphic properties; such schemes are common in lattice-based cryptography. As a particular instantiation we propose a chained encryption scheme whose INDCPA security is based on a worst-case/average-case reduction from uSVP.

A New Efficient Threshold Ring Signature Scheme Based on Coding Theory

Ring signatures were introduced by Rivest, Shamir, and Tauman in 2001. These signatures allow a signer to anonymously authenticate a message on behalf of a group of his choice. This concept was then extended by Bresson, Stern, and Szydlo into t-out-of-N (threshold) ring signatures in 2002. We propose in this article a generalization of Sterns code-based identification (and signature) scheme to design a practical t -out-of- N threshold ring signature scheme. The size of the resulting signatures is in O(N) and does not depend on t , contrary to most of the existing protocols. Our scheme is existentially unforgeable under a chosen message attack in the random oracle model assuming the hardness of the minimum distance problem, is unconditionally source hiding, has a very short public key and has an overall complexity in O(N). This protocol is the first efficient code-based ring signature scheme and the first code-based threshold ring signature scheme. Moreover it has a better complexity than number-theory based schemes which have a complexity in O(Nt). This paper is an extended version of a paper published in the conference PQCrypto 2008, with complete proofs and definitions.

A fast private information retrieval protocol

A PIR scheme is a scheme that allows a user to get an element of a database without giving any information about what part of the database he is interested in. In this paper we present a lattice-based PIR scheme, based on problems close to coding theory problems known to be NP-complete [1], in which the computational cost is a few thousand bit-operations per bit in the database. This improves the protocol computational performance by two orders of magnitude when compared to existing approaches. Our scheme has not as good communication performance as other existing protocols, but we show that practical usability of PIR schemes is not as dependent on communication performance as the literature suggests, and that a trade-off between communication and computation leads to much more versatile schemes.

Lattice-based homomorphic encryption of vector spaces

In this paper we introduce a new probabilistic lattice-based bounded homomorphic encryption scheme. For this scheme the sum of two encrypted messages is the encryption of the sum of two messages and the scheme is able to preserve a vector spave structure of the message. The size of the public key is rather large ap 3 Mb but the encryption and the decryption operations are very fast (of the same speed order than NTRU). The homomorphic operation, i.e. the addition of ciphertexts is dramatically fast compared to homomorphic schemes based on group theory like Paillier or El Gamal.

On the Classification of Extremal

In this correspondence, we give a new recursive method to classify extremal self-dual codes. As an application we classify all the 41 extremal binary [36,18,8] self-dual codes.

[36,18,8]

A Private Information Retrieval (PIR) scheme is a protocol in which a user retrieves a record out of n from a replicated database, while hiding from the database which record has been retrieved, as long as the different replicas do not collude. A specially interesting sub-field of research, called single-database PIR, deals with the schemes that allow a user to retrieve privately an element of a non-replicated database. In these schemes, user privacy is related to the intractability of a mathematical problem, instead of being based on the assumption that different replicas exist and do not collude against their users. Single-database PIR schemes have generated an enormous amount of research in the privacy protection field during the last two decades. However, many scientists believe that these are theoretical tools unusable in almost any situation. It is true that these schemes usually require the database to use a lot of computational power, but considering the large number of applications these protocols have, it is important to develop practical approaches that provide acceptable performances for as many applications as possible. We present in this article a proof-of-concept implementation of a single-database PIR scheme proposed by Aguilar and Gaborit [2, 3]. This implementation can run in a CPU or in a GPU using CUDA, nVidias library for General Purpose computing on Graphics Processing Units (GPGPU). The performance results highlight that linear algebra PIR schemes allow to process database contents several orders of magnitude faster than previous protocols.

Binary Self-Dual Codes

Initial attempts to obtain lattice based signatures were closely related to reducing a vector modulo the fundamental parallelepiped of a secret basis (like GGH [9], or NTRUSign [12]). This approach leaked some information on the secret, namely the shape of the parallelepiped, which has been exploited on practical attacks [24]. NTRUSign was an extremely efficient scheme, and thus there has been a noticeable interest on developing countermeasures to the attacks, but with little success [6].

High-Speed Private Information Retrieval Computation on GPU

Private scalar product protocols have proved to beinteresting in various applications such as data mining, data integration, trust computing, etc. In 2007, Yao et al. proposed a distributed scalar product protocol with application to privacy-preserving computation of trust [1]. This protocol is split in two phases: an homorphic encryption computation; and a private multi-party summation protocol. The summation protocol has two drawbacks: ¿rst, it generates a non-negligible communication overhead; and second, it introduces a security ¿aw.The contribution of this present paper is two-fold. We ¿rst prove that the protocol of [1] is not secure in the semi-honest model by showing that it is not resistant to collusion attacks and we give an example of a collusion attack, with only four participants. Second, we propose to use a superposed sending round as an alternative to the multi-party summation protocol, which results in better security properties and in a reduction of the communication costs. In particular, regarding security, we show that the previous scheme was vulnerable to collusions of three users whereas in our proposal we can ¿x t [1..n − 1] and de¿ne a protocol resisting to collusions of up to t users.

Sealing the Leak on Classical NTRU Signatures

Basing signature schemes on strong lattice problems has been a long standing open issue. Today, two families of lattice-based signature schemes are known: the ones based on the hash-and-sign construction of Gentry et al.; and Lyubashevsky’s schemes, which are based on the Fiat-Shamir framework. In this paper we show for the first time how to adapt the schemes of Lyubashevsky to the ring signature setting. In particular we transform the scheme of ASIACRYPT 2009 into a ring signature scheme that provides strong properties of security under the random oracle model. Anonymity is ensured in the sense that signatures of different users are within negligible statistical distance even under full key exposure. In fact, the scheme satisfies a notion which is stronger than the classical full key exposure setting as even if the keypair of the signing user is adversarially chosen, the statistical distance between signatures of different users remains negligible. Considering unforgeability, the best lattice-based ring signature schemes provide either unforgeability against arbitrary chosen subring attacks or insider corruption in log-sized rings. In this paper we present two variants of our scheme. In the basic one, unforgeability is ensured in those two settings. Increasing signature and key sizes by a factor k (typically 80 − 100), we provide a variant in which unforgeability is ensured against insider corruption attacks for arbitrary rings. The technique used is pretty general and can be adapted to other existing schemes.

A Collusion-Resistant Distributed Scalar Product Protocol with Application to Privacy-Preserving Computation of Trust

A wireless ad-hoc network is a network which does not use any infrastructure such as access points or base station. Instead, the mobile nodes forward packets to each others, allowing communication among nodes outside wireless transmission range. In this dynamic network, each node is considered as a mobile router but in an energy-conserving manner. This fact makes node an active element in the network which is able of the best and of the worst. Actually, a malicious node can easily disrupt the proper functioning of the routing by simply refusing to forward routing message (misbehavior node), inject the wrong routing packets, modifying others, etc. In this paper, we propose a new routing protocol for wireless ad-hoc network based on multi-agent systems and particularly on ant behavior. The novelty of our protocol relies in the fact that, apparently for the first time, a protocol combines at the same time routing on one side and trust level and reputation between nodes on the other side. This combination permits to increase the security of route establishment. More generally, this protocol opens the door to the use of different agents for obtaining different mixed functionalities, routing and trust level in this paper but also other functionalities like key-distribution.