Zhengjun Cao, Xiao Fan
Fast Fourier Transform (FFT) is an efficient algorithm to compute the Discrete Fourier Transform (DFT) and its inverse. In this paper, we pay special attention to the description of complex-data FFT. We analyze two common descriptions of FFT and propose a new presentation. Our heuristic description is helpful for students and programmers to grasp the algorithm entirely and deeply.
Zhengjun Cao, Lihua Liu
In 2012, Groth, et al. [J. ACM, 59 (3), 1-35, 2012] developed some new techniques for noninteractive zero-knowledge (NIZK) and presented: the first perfect NIZK argument system for all NP; the first universally composable NIZK argument for all NP in the presence of an adaptive adversary; the first noninteractive zap for all NP, which is based on a standard cryptographic security assumption. These solved several long-standing open questions. In this note, we remark that their basic system is flawed because the prover can cheat the verifier to accept a false claim. Thus, these problems remain open now.
Zhengjun Cao, Lihua Liu
We show that the Lei et al.'s scheme [Information Sciences, 280 (2014), 205-217] fails, because the verifying equation does not hold over the infinite field R. For the field R, the computational errors should be considered seriously. We also remark that the incurred communication cost in the scheme could be overtake the computational gain, which makes it somewhat artificial.
Zhengjun Cao, Lihua Liu
Recently, Lu et al. have proposed two image search schemes based on additive homomorphic encryption [IEEE Access, 2 (2014), 125-141]. We remark that both two schemes are flawed because: (1) the first scheme does not make use of the additive homomorphic property at all; (2) the additive homomorphic encryption in the second scheme is unnecessary and can be replaced by a more efficient symmetric key encryption.
Lihua Liu, Zhengjun Cao
We show that the verifying equations in the scheme [Theoretical Computer Science, 562 (2015), 112-121] cannot filter out some malformed values returned by the malicious servers. We also remark that the two untrusted programs model adopted in the scheme is somewhat artificial, and discuss some reasonable scenarios for outsourcing computations.
Zhengjun Cao, Lihua Liu
Recently, Wang et al. [IEEE INFOCOM 2011, 820-828], and Nie et al. [IEEE AINA 2014, 591-596] have proposed two schemes for secure outsourcing of large-scale linear programming (LP). They did not consider the standard form: minimize c^{T}x, subject to Ax=b, x>0. Instead, they studied a peculiar form: minimize c^{T}x, subject to Ax = b, Bx>0, where B is a non-singular matrix. In this note, we stress that the proposed peculiar form is unsolvable and meaningless. The two schemes have confused the functional inequality constraints Bx>0 with the nonnegativity constraints x>0 in the linear programming model. But the condition x>0 is indispensable to the simplex method. Therefore, both two schemes failed.
Zhengjun Cao, Lihua Liu
At Eurocrypt'99, Paillier presented a public-key cryptosystem based on a novel computational problem. It has interested many researchers because it was additively homomorphic. In this paper, we show that there is a big difference between the original Paillier's encryption and some variants. The Paillier's encryption can be naturally transformed into a signature scheme but these variants miss the feature. In particular, we simplify the alternative decryption procedure of Bresson-Catalano-Pointcheval encryption scheme proposed at Asiacrypt'03. The new version is more applicable to cloud computing because of its double trapdoor decryption mechanism and its flexibility to be integrated into other cryptographic schemes. It captures a new feature that its two groups of secret keys can be distributed to different users so as to enhance the robustness of key management.
Zhengjun Cao, Lihua Liu
Fully homomorphic encryption (FHE) allows anyone to perform computations on encrypted data, despite not having the secret decryption key. Since the Gentry's work in 2009, the primitive has interested many researchers. In this paper, we stress that any computations performed on encrypted data are constrained to the encrypted domain (finite fields or rings). This restriction makes the primitive useless for most computations involving common arithmetic expressions and relational expressions. It is only applicable to the computations related to modular arithmetic. We want to reaffirm that cryptography uses modular arithmetic a lot in order to obscure and dissipate the redundancies in a plaintext message, not to perform any numerical calculations. We think it might be an overstated claim that FHE is of great importance to client-server computing or cloud computing.
Zhengjun Cao, Lihua Liu
Key establishment is any process whereby a shared secret key becomes available to two or more parties, for subsequent cryptographic use such as symmetric-key encryption. Though it is widely known that the primitive of encryption is different from key establishment, we find some researchers have confused the two primitives. In this note, we shall clarify the fundamental difference between the two primitives, and point out that the Boneh-Gentry-Waters broadcast encryption scheme and its like are key establishment schemes, not encryption schemes.
Zhengjun Cao, Lihua Liu
The primitive of private broadcast encryption introduced by Barth, Boneh and Waters, is used to encrypt a message to several recipients while hiding the identities of the recipients. In their construction, a recipient has to first decrypt the received ciphertext to extract the verification key for one-time signature. He then uses the verification key to check whether the ciphertext is malformed. The authors did not consider that information delivered over a channel, especially over a broadcast channel, should be authenticated as to its origin. We remark that the conventional public key signature suffices to authenticate data origin and filter out all malformed ciphertexts. We also discuss the disadvantages of the primitive of one-time signature used in their construction.
Zhengjun Cao, Lihua Liu
Attribute-based encryption (ABE) which allows users to encrypt and decrypt messages based on user attributes is a type of one-to-many encryption. Unlike the conventional one-to-one encryption which has no intention to exclude any partners of the intended receiver from obtaining the plaintext, an ABE system tries to exclude some unintended recipients from obtaining the plaintext whether they are partners of some intended recipients. We remark that this requirement for ABE is very hard to meet. An ABE system cannot truly exclude some unintended recipients from decryption because some users can exchange their decryption keys in order to maximize their own interests. The flaw discounts the importance of the cryptographic primitive.
Zhengjun Cao, Lihua Liu
We remark that the Bellare-Rivest protocol for translucent cryptography [J. Cryptology (1999) 12: 117-139] can not truly enable the government to decrypt partial encrypted communications.