top row, left to right: Ueli Maurer, Martin Hirt, Joel Alwen
middle row, left ro right: Christian Badertscher, Sandro Coretti, Grégory Demay, Maria Dubovitskaya, Robert Enderlein
bottom row, left to right: Christian Matt, Pavel Raykov, Björn Tackmann, Daniel Tschudi
Recent Research Highlights
- Generic equivalence of breaking RSA and factoring. A long-standing open problem in cryptography is whether breaking the RSA cryptosystem is as hard as factoring the modulus, or whether it is potentially much easier. It is proved in [AM09] that breaking RSA and factoring are equivalent in a generic model of computation. Any generic algorithm for breaking RSA can be transformed into a factoring algorithm.
- Efficient symmetric cryptography under very weak assumptions. In contrast to the standard notion of a pseudo-random function (PRF), which is indistinguishable from a random function for a computationally-bounded adversary asking arbitrarily many queries (within its running time constraint), the new notion of an s-query weak PRF was introduced in [MT08]. Such a function need only be secure against an adversary who obtains a fixed number s (e.g. s=2) of input-output pairs and, moreover, the inputs are random (not chosen). It is shown that provably-secure encryption can be obtained from an s-query weak PRF essentially as efficiently as from a full-fledged PRF.
- Quantum cryptography -- revisited. Quantum cryptography has been advocated as being provably secure based only that the laws of quantum mechanics are correct. It was shown in [AKMR07] that, contrary to the established security proofs in quantum cryptography, there are provably-secure key agreement schemes which can be broken. While a generated key is indeed provably secure, its security is potentially lost when it is used. This shows that the traditional security definition is too weak. The flaw is due to a locking property of the notion of accessible information in quantum physics: one additional (physical) bit of information can increase the accessible information by more than one bit. This problem was solved in [Ren05] where the right security definition for quantum key distribution is stated and a new framework for proving the security is proposed.