Papers by Ferucio Laurentiu Tiplea
IACR Cryptology ePrint Archive, 2014
A necessary and sufficient condition for the asymptotic idealness of the Asmuth-Bloom threshold s... more A necessary and sufficient condition for the asymptotic idealness of the Asmuth-Bloom threshold secret sharing scheme is proposed. Apart from this, a comprehensive analysis of the known variants of the Asmuth-Bloom threshold secret sharing scheme is provided, clarifying the security properties achieved by each of them.
IACR Cryptology ePrint Archive, 2019
We develop exact formulas for the distribution of quadratic residues and non-residues in sets of ... more We develop exact formulas for the distribution of quadratic residues and non-residues in sets of the form a + X = {(a + x) mod n | x ∈ X}, where n is a prime or the product of two primes and X is a subset of integers with given Jacobi symbols modulo prime factors of n. We then present applications of these formulas to Cocks' identity-based encryption scheme and statistical indistinguishability.
We show that a history-based variant of alternating bisimulation with imperfect information allow... more We show that a history-based variant of alternating bisimulation with imperfect information allows it to be related to a variant of Alternating-time Temporal Logic (ATL) with imperfect information by a full Hennessy-Milner theorem. The variant of ATL we consider has a common knowledge semantics, which requires that the uniform strategy available for a coalition to accomplish some goal must be common knowledge inside the coalition, while other semantic variants of ATL with imperfect information do not accomodate a Hennessy-Milner theorem. We also show that the existence of a history-based alternating bisimulation between two finite Concurrent Game Structures with imperfect information (iCGS) is undecidable.
IACR Cryptology ePrint Archive, 2014
We propose an efficient Key-policy Attribute-based Encryption (KP-ABE) scheme for general (monoto... more We propose an efficient Key-policy Attribute-based Encryption (KP-ABE) scheme for general (monotone) Boolean circuits based on secret sharing and on a very particular and simple form of leveled multilinear maps, called chained multilinear maps. The number of decryption key components is substantially reduced in comparison with the scheme in [6], and the size of the multilinear map (in terms of bilinear map components) is less than the Boolean circuit depth, while it is quadratic in the Boolean circuit depth for the scheme in [6]. Moreover, it is much easier to find chained multilinear maps than leveled multilinear maps. Selective security of the proposed schemes in the standard model is proved, under the decisional multilinear Diffie-Hellman assumption.
IACR Cryptology ePrint Archive, 2016
BasicIBE and AnonIBE are two space-efficient identity-based encryption (IBE) schemes based on qua... more BasicIBE and AnonIBE are two space-efficient identity-based encryption (IBE) schemes based on quadratic residues, proposed by Boneh, Gentry, and Hamburg, and closely related to Cocks' IBE scheme. BasicIBE is secure in the random oracle model under the quadratic residuosity assumption, while AnonIBE is secure in the standard model under the interactive quadratic residuosity assumption. In this paper we revise the BasicIBE scheme and we show that if the requirements for the deterministic algorithms used to output encryption and decryption polynomials are slightly changed, then the scheme's security margin can be slightly improved.
Applied Mathematics and Computation, May 1, 2020
We develop exact formulas for the distribution of quadratic residues and non-residues in sets of ... more We develop exact formulas for the distribution of quadratic residues and non-residues in sets of the form a + X = {(a + x) mod n | x ∈ X}, where n is a prime or the product of two primes and X is a subset of integers with given Jacobi symbols modulo prime factors of n. We then present applications of these formulas to Cocks' identity-based encryption scheme and statistical indistinguishability.
arXiv (Cornell University), Jun 26, 2020
We show that a history-based variant of alternating bisimulation with imperfect information allow... more We show that a history-based variant of alternating bisimulation with imperfect information allows it to be related to a variant of Alternating-time Temporal Logic (ATL) with imperfect information by a full Hennessy-Milner theorem. The variant of ATL we consider has a common knowledge semantics, which requires that the uniform strategy available for a coalition to accomplish some goal must be common knowledge inside the coalition, while other semantic variants of ATL with imperfect information do not accomodate a Hennessy-Milner theorem. We also show that the existence of a history-based alternating bisimulation between two finite Concurrent Game Structures with imperfect information (iCGS) is undecidable.
数理解析研究所講究録, Aug 1, 1996
A Jumping Petn Net ([18], [12]), JPTN for short, is defined as a classical net which can spontane... more A Jumping Petn Net ([18], [12]), JPTN for short, is defined as a classical net which can spontaneously jumps from a marking to another one. In [18] it has been shown that the reachability problem for JPTN's is undecidable, but it is decidable for finite JPTN's (FJPTN). In this paper we investigate the computational power of such nets, via the interleaving semantics. Thus, we show that the non-labelled JPTN's have the same computational power as the labelled or $\lambda$-labelled JPTN's. When final markings are considered, the power of JPTN's equals the power of Turing machines. Languages generated by FJPTN's can be represented in terms of regular languages and substitutions with classical Petri net languages. This characterization result leads to many important consequences, e.g. the recursiveness (context-sensitiveness, resp.) of languages generated by arbitrarily labelled (labelled, resp.) FJPTN's. A pumping lemma for nonterminal jumping net languages is also established. Finally, some comparisons between families of languages are given, and a connection between FJPTN's and a subclass of inhibitor nets is presented. $\lambda$-free languages. Then some important consequences are derived and a pumping lemma for nonterminal jumping net languages is established. In Section 4 some comparisons between families of languages are given. The last section presents a connection between FJPTN's and a subclass of inhibitor nets.
数理解析研究所講究録, Aug 1, 1996
Refinement and abstraction are complementary techniques in system design and analysis; both of th... more Refinement and abstraction are complementary techniques in system design and analysis; both of them are generally referred to as replacements. In this paper we consider a general enough technique of replacement of Petri nets.
arXiv (Cornell University), Feb 17, 2022
The concept of Generalized Inverse based Decoding (GID) is introduced, as an algebraic framework ... more The concept of Generalized Inverse based Decoding (GID) is introduced, as an algebraic framework for the syndrome decoding problem (SDP) and low weight codeword problem (LWP). The framework has ground on two characterizations by generalized inverses (GIs), one for the null space of a matrix and the other for the solution space of a system of linear equations over a finite field. Generic GID solvers are proposed for SDP and LWP. It is shown that information set decoding (ISD) algorithms, such as Prange, Lee-Brickell, Leon, and Stern's algorithms, are particular cases of GID solvers. All of them search GIs or elements of the null space under various specific strategies. However, as the paper shows the ISD variants do not search through the entire space, while our solvers do even when they use just one Gaussian elimination. Apart from these, our GID framework clearly shows how each ISD algorithm, except for Prange's solution, can be used as an SDP or LWP solver. A tight reduction from our problems, viewed as optimization problems, to the MIN-SAT problem is also provided. Experimental results show a very good behavior of the GID solvers. The domain of easy weights can be reached by a very few iterations and even enlarged.
Scientific Annals of Cuza University, 1998
A Petri net is normalized if both the weight function and the initial and nal markings(if any) ta... more A Petri net is normalized if both the weight function and the initial and nal markings(if any) take values in f0; 1g. In [3] E. Pelz showed that any Petri net is equivalent,via concurrent (process) behaviour, with a normalized one. Moreover, an algorithm tonormalize a Petri net has been given.In this paper we show that the Pelz's algorithm can be
Lecture Notes in Computer Science, 2016
We propose a Key-policy Attribute-based Encryption (KP-ABE) scheme for general Boolean circuits, ... more We propose a Key-policy Attribute-based Encryption (KP-ABE) scheme for general Boolean circuits, based on secret sharing and on a very particular and simple form of leveled multi-linear maps, called chained multi-linear maps. The number of decryption key components is substantially reduced in comparison with the scheme in [7], and the size of the multi-linear map (in terms of bilinear map components) is less than the Boolean circuit depth, while it is quadratic in the Boolean circuit depth for the scheme in [7]. Moreover, the multiplication depth of the chained multi-linear map in our scheme can be significantly less than the multiplication depth of the leveled multi-linear map in the scheme in [7]. Selective security of the proposed scheme in the standard model is proved, under the decisional multi-linear Diffie-Hellman assumption.
Information Processing Letters, Oct 1, 2005
arXiv (Cornell University), Feb 21, 2011
We propose a formal proof of the undecidability of the model checking problem for alternatingtime... more We propose a formal proof of the undecidability of the model checking problem for alternatingtime temporal logic under imperfect information and perfect recall semantics. This problem was announced to be undecidable according to a personal communication on multi-player games with imperfect information, but no formal proof was ever published. Our proof is based on a direct reduction from the non-halting problem for Turing machines.
Lecture Notes in Computer Science, 2017
The aim of this paper is to provide an overview on the newest results regarding the design of key... more The aim of this paper is to provide an overview on the newest results regarding the design of key-policy attribute-based encryption (KP-ABE) schemes from secret sharing and bilinear maps.
Acta Cybernetica, Jun 1, 2000
The aim of this note is to prove that the reachability problem for Petri nets controlled by finit... more The aim of this note is to prove that the reachability problem for Petri nets controlled by finite automata, in the sense of [5], is decidable.
IOS Press, Inc. eBooks, 2006
IEEE Transactions on Information Forensics and Security, 2021
RFID tag corruption is a powerful attack on RFID systems, especially when it reveals the tag’s te... more RFID tag corruption is a powerful attack on RFID systems, especially when it reveals the tag’s temporary state. Under such an attack, no RFID scheme can achieve both security and privacy if the tags are not endowed with some hardware primitives, such as physically unclonable functions (PUFs), to prevent adversarial access to secret information. However, the use of such primitives does not constitute a guarantee for security and privacy because they do not substitute a good RFID system design. In this paper a general technique is proposed, to translate any (PUF-based) RFID scheme that is secure and private under corruption without temporary state disclosure into a PUF-based RFID scheme that is secure and private under corruption with temporary state disclosure. Our technique is optimal with respect to the tag overhead induced by PUFs. The technique is richly exemplified on both RFID and PUF-based RFID schemes. As a notable result, the first PUF-based RFID scheme is obtained, that is secure and forward private, but not destructive private, under corruption with temporary state disclosure. By using our technique, some flawed PUF-based RFID schemes that have been proposed so far in the literature can be fixed.
IEEE Transactions on Dependable and Secure Computing, Jul 1, 2022
Uploads
Papers by Ferucio Laurentiu Tiplea