Researcher profile

Massimiliano Sala

Massimiliano Sala contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate

Cryptography and Security Information Theory math.IT math.AG math.AC math.CO math.NT

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author

9works

0followers

7topics

4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

preprint2022arXiv

A Provably-Unforgeable Threshold EdDSA with an Offline Recovery Party

A $(t,n)$-threshold signature scheme enables distributed signing among $n$ players such that any subset of size at least $t$ can sign, whereas any subset with fewer players cannot. The goal is to produce threshold digital signatures that are compatible with an existing centralized signature scheme. Starting from the threshold scheme for the ECDSA signature due to Battagliola et al., we present the first protocol that supports EdDSA multi-party signatures with an offline participant during the key-generation phase, without relying on a trusted third party. Under standard assumptions we prove our scheme secure against adaptive malicious adversaries. Furthermore we show how our security notion can be strengthen when considering a rushing adversary. We discuss the resiliency of the recovery in the presence of a malicious party. Using a classical game-based argument, we prove that if there is an adversary capable of forging the scheme with non-negligible probability, then we can build a forger for the centralized EdDSA scheme with non-negligible probability.

preprint2021arXiv

Rational points on cubic surfaces and AG codes from the Norm-Trace curve

In this paper we give a complete characterization of the intersections between the Norm-Trace curve over $\mathbb{F}_{q^3}$ and the curves of the form $y=ax^3+bx^2+cx+d$, generalizing a previous result by Bonini and Sala, providing more detailed information about the weight spectrum of one-point AG codes arising from such curve. We also derive, with explicit computations, some general bounds for the number of rational points on a cubic surface defined over $\mathbb{F}_{q}$.

preprint2020arXiv

A power APN function CCZ-equivalent to Kasami function in even dimension

Let $n$ be an even number such that $n\equiv 0 \pmod{4}$. We show that a power function $x^d$, with $d=2^{\frac{n+2}{2}}+2^{\frac{n-2}{2}}-1$, on $\mathbb{F}_{2^n}$ is an APN function of degree $n/2$ which is CCZ-equivalent to Kasami functions of degrees $n/2$ and $(n+4)/2$.

preprint2020arXiv

Intersections between the norm-trace curve and some low degree curves

In this paper we analyze the intersection between the norm-trace curve over $\mathbb{F}_{q^3}$ and the curves of the form $y=ax^3+bx^2+cx+d$, giving a complete characterization of the intersection between the curve and the parabolas, as well as sharp bounds for the other cases. This information is used for the determination of the weight distribution of some one-point AG codes constructed on the curve.

preprint2020arXiv

Public Ledger for Sensitive Data

Satoshi Nakamoto's Blockchain allows to build publicly verifiable and almost immutable ledgers, but sometimes privacy has to be factored in. In this work an original protocol is presented that allows sensitive data to be stored on a ledger where its integrity may be publicly verified, but its privacy is preserved and owners can tightly manage the sharing of their information with efficient revocation.

preprint2012arXiv

A bound on the size of linear codes

We present a bound on the size of linear codes. This bound is independent of other known bounds, e.g. the Griesmer bound.

preprint2011arXiv

Postulation of general quintuple fat point schemes in P^3

We study the postulation of a general union Y of double, triple, quartuple and quintuple points of P^3. In characteristic 0, we prove that Y has good postulation in degree $d\ge 11$. The proof is based on the combination of the Horace differential lemma with a computer-assisted proof. We also classify the exceptions in degree 9 and 10.

preprint2010arXiv

A possible intrinsic weakness of AES and other cryptosystems

It has been suggested that the algebraic structure of AES (and other similar block ciphers) could lead to a weakness exploitable in new attacks. In this paper, we use the algebraic structure of AES-like ciphers to construct a cipher embedding where the ciphers may lose their non-linearity. We show some examples and we discuss the limitations of our approach.

preprint2010arXiv

Do AES encryptions act randomly?

The Advanced Encryption Standard (AES) is widely recognized as the most important block cipher in common use nowadays. This high assurance in AES is given by its resistance to ten years of extensive cryptanalysis, that has shown no weakness, not even any deviation from the statistical behaviour expected from a random permutation. Only reduced versions of the ciphers have been broken, but they are not usually implemented. In this paper we build a distinguishing attack on the AES, exploiting the properties of a novel cipher embedding. With our attack we give some statistical evidence that the set of AES-$128$ encryptions acts on the message space in a way significantly different than that of the set of random permutations acting on the same space. While we feel that more computational experiments by independent third parties are needed in order to validate our statistical results, we show that the non-random behaviour is the same as we would predict using the property of our embedding. Indeed, the embedding lowers the nonlinearity of the AES rounds and therefore the AES encryptions tend, on average, to keep low the rank of low-rank matrices constructed in the large space. Our attack needs $2^{23}$ plaintext-ciphertext pairs and costs the equivalent of $2^{48}$ encryptions. We expect our attack to work also for AES-$192$ and AES-$256$, as confirmed by preliminary experiments.

Massimiliano Sala

Quick read

Decide how to stay connected

How to connect with this researcher

Open a focused conversation when the fit is right

See the researcher in context

Building this graph slice

9 published item(s)

A Provably-Unforgeable Threshold EdDSA with an Offline Recovery Party

Rational points on cubic surfaces and AG codes from the Norm-Trace curve

A power APN function CCZ-equivalent to Kasami function in even dimension

Intersections between the norm-trace curve and some low degree curves

Public Ledger for Sensitive Data

A bound on the size of linear codes

Postulation of general quintuple fat point schemes in P^3

A possible intrinsic weakness of AES and other cryptosystems

Do AES encryptions act randomly?