Secure Arithmetic Computation with No Honest Majority
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
A Highly Scalable RFID Authentication Protocol
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Private Interrogation of Devices via Identification Codes
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
APPROX/RANDOM'10 Proceedings of the 13th international conference on Approximation, and 14 the International conference on Randomization, and combinatorial optimization: algorithms and techniques
Hi-index | 754.84 |
In this paper, we investigate the decoding problem of Reed-Solomon (RS) codes, also known as the polynomial reconstruction problem (PR), from a cryptographic hardness perspective. Namely, we deal with samplable PR instances over parameter choices for which decoding is not known to be feasibly solvable and where part of the solution polynomial is the hidden input. We put forth a natural decisional intractability assumption that relates to this decoding problem: distinguishing between a single randomly chosen error location and a single randomly chosen nonerror location for a given corrupted RS codeword with random noise. We prove that under this assumption, PR instances are entirely pseudorandom, i.e., they are indistinguishable from random vectors over the underlying finite field. Moreover, under the same assumption, we show that it is hard to extract any partial information related to the hidden input encoded by the corrupted PR instance, i.e., PR instances hide their message polynomial solution in the semantic security sense. The above results lay a framework for the exploitation of PR as an intractability assumption for provable security of cryptographic primitives. Based on this framework, we present provably secure cryptographic constructions for (1) a pseudorandom number generator, (2) a semantically secure version of the oblivious polynomial evaluation (OPE) protocol, and (3) a stateful cipher with a set of interesting properties that include: semantic security, forward secrecy, error-correcting decryption and an array of random self-reducibility properties with respect to the plaintext choice, key choice, and partial domain choice.