Cryptography Why are so many CAESAR finalists AES-based?

---

• Why are so many CAESAR finalists AES-based?
• [1810.00181] A Randomized Kernel-Based Secret Image Sharing Scheme
• Trying to validate the integrity of ranked ballots by hashing ballot sets. Two approaches. Comments?

Why are so many CAESAR finalists AES-based? Posted: 04 Oct 2018 06:37 PM PDT All but one of the CAESAR finalists are AES-based. I find this somewhat disappointing — I was hoping for a larger number of software-friendly algorithms. I am especially disappointed that Keyak and NORX were excluded, given the potential throughput in parallel mode with 4-way SIMD. Is there any explanation for why the algorithms chosen where chosen? submitted by /u/devbydemi [link] [comments]

[1810.00181] A Randomized Kernel-Based Secret Image Sharing Scheme Posted: 04 Oct 2018 07:27 AM PDT submitted by /u/ihaphleas [link] [comments]

Trying to validate the integrity of ranked ballots by hashing ballot sets. Two approaches. Comments? Posted: 04 Oct 2018 09:38 AM PDT Hi all. I have a particular problem in which a set of ballots comprises an IMMENSE amount of information. For plurality ballots, your votes are yes/no for a candidate, and the vote totals are 1:1 with an exact set of ballots: A got 100 votes, B got 50, 150 were cast. For 10 candidates, you need 10 numbers: linear growth. With ranked ballots, you have A>B>C>D>ALL (truncated). For c candidates, growth is exponential, somewhere in the realm of log(c!) bits. I could render all ballots into a format based on strict rules and then SHA512-hashing the result; however, I'd like to put something stronger around that, and it's technically not burdensome. Simple Method: Sequential SHA512 The simple method is to order the ballots as above and use a sequential SHA512: Hash the first ballot; Use the hash as a salt to hash the next ballot; Continue until hashing the final ballot. Given the final hash plus the number of votes, you have three controls: The number of votes; The specific rules of rendering each ballot into a byte-identical format and placing those ballots into an exact repeatable order; SHA512 Because of the sequencing, you have a limited scope of alterations you can make, as these alterations change the sequence in which ballots appear. Assuming you could find an SHA512 collision, you would need to create a collision in a specific position to produce the same final hash. That is: for the ballot for which you're trying to find a collision, the colliding ballot must be naturally ordered into that exact position in the ballot set. I'm not actually certain if this is any more secure than just one SHA512 over the whole set. It seems like it mathematically shouldn't be, but logically should be more-likely to not have collisions. Complex Method: Statistics and SHA512 The more-complex method is to take statistics which are NP-hard to simultaneously satisfy (like taking both SHA1+MD5—good luck) and produce an SHA512. Statistics also have some meaning to voters instead of just computer scientists, which is valuable. The statistics would be: A c x c pairwise victory matrix (c2 values, only c(c-1) are meaningful); A c x c matrix of counts for each time a candidate appeared ranked at a position (c2 values); A count of each time a candidate was truncated from the ballot (c values—linear); Total ballot count; SHA512. The SHA512 could be the sequential SHA512 above. Although the first four values restrict the search domain for collisions, they don't make collisions more likely: if a collision occurs outside the domain, the collision is not useful. Would there be any downsides to the second method? For that matter, would the first method be better or worse than just a straight SHA512? submitted by /u/bluefoxicy [link] [comments]

You are subscribed to email updates from Cryptography news and discussions. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States