|
On Fine-Grained Key-Agreement| title | On Fine-Grained Key-Agreement |
|---|
| start_date | 2024/04/09 |
|---|
| schedule | 11h |
|---|
| online | no |
|---|
| location_info | Salle 3052 |
|---|
| summary | We are considering fine-grained key agreement. In a key agreement protocol, two parties wish to establish a shared secret that remains hidden from any passive observer. Fine-grained key agreement requires that, for example, an adversary running in quadratic time compared to the honest parties fails to learn about the key.
One can require the adversary to *find* a key or alternatively just require it to *distinguish* between the produced key and a random key. The two notions are equivalent given *classical* access to a random function oracle; however, they are different when parties have superposition access to said oracle – the best bound for the classical transformation uses semi-classical one-way-to-hiding due to Ambainis et al. (Crypto'19) which incurs a security degradation. Consequently, the key-agreement protocol by Brassard et al. (JCryptology'19) does not *directly* provide distinguishing security.
In the talk, I will present a key-agreement protocol relative to a random function oracle with superposition access, which directly provides distinguishing security, and discuss semi-classical one-way-to-hiding, which is a core building block of this work.
In a different direction, one can also base key agreement on space hardness: An adversary that has less *memory* than some (polynomial) bound fails to break the security. I will mention some preliminary results in this setting. |
|---|
| responsibles | Hamoudi |
|---|
Workflow history| from state (1) | to state | comment | date |
|---|
| submitted | published | | 2024/04/03 12:59 UTC |
| |
|