ICISC2011-note1

adversarial model

INDistingushability 

分辨率

under chosen ciphertext attacks

back up

scheme

IND-CPA encryption

verifiability

schemes considering sa and ND

non-delegatable schemes

pkzip compression algorithm

12 bytes input 

bk94 

stay in fse01

ciphertext-only attack

PRNG

focus only on his attack algorithm

biham and 

bk94 attack process

guess some bit 

early step: 6 bits

find some bits of k[1] and kk1[1]

side-channels

relation between 

stay01 bk94 

synthetic linear analysis 

on bias analysis

CubeHash preliminaries

The EVITA hardware Security Module

software layers 

meadows

puzzles  proof of work

signatures

cookies

rechability

moderately hard puzzles based on this 

easy to generate

hard to solve 

easy to verify 

computation bound or memory bound 

former.

tuple of algorithms

puzzle security properties

difficulty

unforgeability: hard for the adversary to generate valid puzzles

non-parallelizability :非常重要

tuneable difficulty

useful puzzles: the work done in solving a puzzle can be used for another target.

HASH-based puzzle (Juels-Brainard)

merits: generation and verification very efficient

time-lock puzzles of Rivest-Shamir-Wagner (RSW)

choose random a 

puzzle consists of (n,a,q)

Karame-Capkun puzzle

 (ESORIS 2010)

BPV Generator

Pre-processing run once...

whenever a pari .. is needed..

a new non-parallelisable puzzle (RSA puz)

setup genuz findsoln versoln

rsw puz kc puz rsa puz

a new