Your search keyword '"DATA encryption"' showing total 89 results

1. Template Attack Assisted Linear Cryptanalysis on Outer Rounds Protected DES Implementations.

Author

Zhang, Hailong and Yang, Wei

Subjects

*BLOCK ciphers, *CRYPTOGRAPHY, *DATA encryption, *ENCRYPTION protocols, *PRICES

Abstract

In practice, when the security of a block cipher implementation is considered, the leakages related to the outer rounds encryptions can be used by side channel attacks (SCA) to recover the secret key. Therefore, the outer rounds of block cipher implementations should be protected. However, in order to lower the implementation price, the inner rounds of block cipher implementations may be unprotected. In light of this, the security of an outer rounds protected DES implementation is considered. In detail, template attack (TA), which is information theoretically the strongest SCA style, can be used to obtain the inner round output. Then, linear cryptanalysis (LC) can be used to recover the secret key. Finally, the optimal key enumeration algorithm can be used to optimize the efficiency of TA assisted LC. We evaluate the efficiency of TA assisted LC in simulated scenarios where a three outer rounds protected DES implementation is targeted. The evaluation results show that when 800 correct samples are available and the number of key enumeration is |$2^{10}$|⁠ , the efficiency of TA assisted LC can reach 83% of success rate. Overall, an efficient combination attack style that can be used to accurately evaluate the security of an outer rounds protected DES implementation is proposed. [ABSTRACT FROM AUTHOR]

Published

2023

2. Optimal Symmetric Ratcheting for Secure Communication.

Author

Yan, Hailun, Vaudenay, Serge, Collins, Daniel, and Caforio, Andrea

Subjects

*ADVANCED Encryption Standard, *INSTANT messaging, *DATA encryption, *ENCRYPTION protocols

Abstract

To mitigate state exposure threats to long-lived instant messaging sessions, ratcheting was introduced, which is used in practice in protocols like Signal. However, existing ratcheting protocols generally come with a high cost. Recently, Caforio et al. proposed pragmatic constructions, which compose a weakly secure 'light' protocol and a strongly secure 'heavy' protocol, in order to achieve so-called ratcheting on-demand. The light protocol they proposed has still a high complexity. In this paper, we propose the lightest possible protocol we could imagine, which essentially encrypts and then hashes the secret key. We prove it secure in the standard model by introducing a new security notion, which relates symmetric encryption with key updates by hashing. Our protocol composes well with the generic transformation techniques by Caforio et al. to offer high security and performance at the same time. In a second step, we propose another protocol based on a newly defined integrated primitive, extending standard one-time authenticated encryption with an additional output block used as a secret key for the next message. We instantiate this primitive firstly from any authenticated encryption with associated data, and then we propose an efficient instantiation using advanced encryption standard (AES) encryption to update the key and AES-Galois/Counter mode of operation to encrypt and decrypt messages. [ABSTRACT FROM AUTHOR]

Published

2023

3. Guess-and-Determine Attacks on AEGIS.

Author

Jiao, Lin, Li, Yongqiang, and Du, Shaoyu

Subjects

*BOOLEAN functions, *DATA encryption, *COLUMNS

Abstract

AEGIS is one of the authenticated encryption with associated data designs selected for the final portfolio of the CAESAR competition. It combines the AES round function and simple Boolean operations to update its large state and extract a keystream to achieve an excellent software performance. The AEGIS family consists of AEGIS-128, AEGIS-256 and AEGIS-128L, which use 5, 6 and 8 parallel AES round functions to process 128, 128 and 256 bits message block per step with slightly different output functions separately. Surprisingly, very few cryptanalytic results on AEGIS have been published so far. This paper presents the first guess-and-determine attacks on AEGIS family. Firstly, we propose a new observation on the structure of AEGIS that the relations of fixed variables remain in the outputs at consecutive steps under some conditions on the AND operations, and the vectorial bitwise AND operation is biased, which is able to derive the additional variables added directly. Secondly, we add several techniques, such as divide and conquer on byte-based columns, reduction by meet in the middle and simplification through constraints on variables, for each AEGIS member. Finally, we conduct guess-and-determine attacks on AEGIS-128, AEGIS-256 and AEGIS-128L and result in a complexity of |$2^{309}$|⁠ , |$2^{437}$| and |$2^{384}$| to |$2^{416}$|⁠ , respectively. Although neither attack threatens the practical security of AEGIS, it has great significance to evaluate the resistance of such structure compared with their large internal state exploited of 640, 768 and 1024 bits. It is also the first internal state recovery attack on AEGIS without nonce reusing, while only distinguishing attacks on AEGIS exist up to now. [ABSTRACT FROM AUTHOR]

Published

2022

4. Secure and Differentiated Fog-Assisted Data Access for Internet of Things.

Author

Yu, Ping, Ni, Wei, Zhang, Hua, Liu, Ren Ping, Wen, Qiaoyan, Li, Wenmin, and Gao, Fei

Subjects

*INTERNET access, *INTERNET of things, *DATA encryption, *PARALLEL programming, *TRUST, *FOG

Abstract

The ability of Fog computing to admit and process huge volumes of heterogeneous data is the catalyst for the fast expansion of Internet of things (IoT). The critical challenge is secure and differentiated access to the data, given limited computation capability and trustworthiness in typical IoT devices and Fog servers, respectively. This paper designs and develops a new approach for secure, efficient and differentiated data access. Secret sharing is decoupled to allow the Fog servers to assist the IoT devices with attribute-based encryption of data while preventing the Fog servers from tampering with the data and the access structure. The proposed encryption supports direct revocation and can be decoupled among multiple Fog servers for acceleration. Based on the decisional |$q$| -parallel bilinear Diffie–Hellman exponent assumption, we propose a new extended |$q$| -parallel bilinear Diffie–Hellman exponent (E |$q$| -PBDHE) assumption and prove that the proposed approach provides 'indistinguishably chosen-plaintext attacks secure' data access for legitimate data subscribers. As numerically and experimentally verified, the proposed approach is able to reduce the encryption time by 20% at the IoT devices and by 50% at the Fog network using parallel computing as compared to the state of the art. [ABSTRACT FROM AUTHOR]

Published

2022

5. A New Framework of IND-CCA Secure Public Key Encryption with Keyword Search.

Author

Ma, Sha and Huang, Qiong

Subjects

*PUBLIC key cryptography, *KEYWORD searching, *RSA algorithm, *DATA encryption, *MAP projection

Abstract

In the era of cloud computing, public key encryption with keyword search (PEKS) is an extremely useful cryptographic tool for searching on encryption data, whose strongest security notion is indistinguishability encryption against chosen ciphertext attack (ind-cca). Adballa et al. presented a transformation from identity based encryption (IBE) to PEKS in the Theory of Cryptography Conference 2010. This paper proposes a new framework of ind-cca secure PEKS in the standard model. Our main technical tool is a newly introduced notion of smooth projective hash function with key mapping, in which the hash key hk is mapped into another mapping projection key mhp besides the classical projection key hp. Finally, we provide an instantiation of our framework based on symmetric eXternal Diffie–Hellman assumption. [ABSTRACT FROM AUTHOR]

Published

2020

6. Intrusion Detection Over Encrypted Network Data.

Author

Karaçay, Leyli, Savaş, Erkay, and Alptekin, Halit

Subjects

*DATA encryption, *OUTLIER detection, *DATA analysis, *MACHINE learning, *VIRTUAL private networks, *SYSTEM analysis, *DATA modeling, *END-to-end delay

Abstract

Effective protection against cyber-attacks requires constant monitoring and analysis of system data in an IT infrastructure, such as log files and network packets, which may contain private and sensitive information. Security operation centers (SOC), which are established to detect, analyze and respond to cyber-security incidents, often utilize detection models either for known types of attacks or for anomaly and applies them to the system data for detection. SOC are also motivated to keep their models private to capitalize on the models that are their propriety expertise, and to protect their detection strategies against adversarial machine learning. In this paper, we develop a protocol for privately evaluating detection models on the system data, in which privacy of both the system data and detection models is protected and information leakage is either prevented altogether or quantifiably decreased. Our main approach is to provide an end-to-end encryption for the system data and detection models utilizing lattice-based cryptography that allows homomorphic operations over ciphertext. We employ recent data sets in our experiments which demonstrate that the proposed privacy-preserving intrusion detection system is feasible in terms of execution times and bandwidth requirements and reliable in terms of accuracy. [ABSTRACT FROM AUTHOR]

Published

2020

7. Cryptanalysis of a Compact Anonymous HIBE with Constant Size Private Keys.

Author

Lin, Xi-Jun, Sun, Lin, Qu, Haipeng, and Xian, He-Qun

Subjects

*SIZE, *CRYPTOGRAPHY, *DATA encryption, *CRYPTOSYSTEMS, *ANONYMITY, *EXPONENTS

Abstract

Recently, Zhang et al. proposed a new anonymous hierarchical identity-based encryption (anonymous HIBE) over prime order groups to achieve both constant size private key and constant size ciphertext. Moreover, a double exponent technique was used to provide anonymity. They proved that their scheme is secure and anonymous against chosen plaintext attacks in the standard model. In this paper, we point out that their scheme is insecure. [ABSTRACT FROM AUTHOR]

Published

2019

8. A Searchable Asymmetric Encryption Scheme with Support for Boolean Queries for Cloud Applications.

Author

Zeng, Ming, Zhang, Kai, Qian, Haifeng, Chen, Xiaofeng, and Chen, Jie

Subjects

*CLOUD computing, *BOOLEAN searching, *DATA security, *DATA encryption, *SIMULATION methods & models

Abstract

Cloud computing is a new promising technology paradigm that can provide clients from the whole network with scalable storage resources and on-demand high-quality services. However, security concerns are raised when sensitive data are outsourced. Searchable encryption is a kind of cryptographic primitive that enables clients to selectively retrieve encrypted data, the existing schemes that support for sub-linear boolean queries are only considered in symmetric key setting, which makes a limitation for being widely deployed in many cloud applications. In order to address this issue, we propose a novel searchable asymmetric encryption scheme to support for sub-linear boolean query over encrypted data in a multi-client model that is extracted from an important observation that the outsourced database in cloud is continuously contributed and searched by multiple clients. For the purpose of introducing the scheme, we combine both the ideas of symmetric searchable encryption and public key searchable encryption and then design a novel secure inverted index. Furthermore, a detailed security analysis for our scheme is given under the simulation-based security definition. Finally, we conduct experiments for our construction on a real dataset (Enron) along with a performance analysis to show its practicality. [ABSTRACT FROM AUTHOR]

Published

2019

9. Non-transferable Proxy Re-encryption.

Author

Guo, Hui, Zhang, Zhenfeng, Xu, Jing, and An, Ningyu

Subjects

*DATA encryption, *DATA security, *PROXY servers, *COMPUTER access control, *CIPHERS

Abstract

The traditional security notion of proxy re-encryption (PRE) focuses on preventing the proxy learning anything about the encrypted messages. However, such a basic security requirement is clearly not enough for scenarios where the proxy can collude with Bob. A desirable security goal is, therefore, to prevent a malicious proxy colluding with Bob to re-delegate Alice's decryption right. In 2005, Ateniese et al. first proposed this intriguing problem called non-transferability, in the sense that the only way for Bob to transfer Alice's decryption capability is to expose his own secret key. However, no solutions have achieved this property. In this paper, we positively resolve this open problem. In particular, we give the first construction of non-transferable PRE where the attacker is allowed to obtain one pair of keys consisting of Bob's secret key and the corresponding re-encryption key. Using indistinguishability obfuscation and k -unforgeable authentication as main tools, our scheme is provably secure in the standard model. The essential idea behind our approach is to allow Bob's secret key to be evoked in the process of decrypting Alice's ciphertext while hiding the fact that only Bob could decrypt it by the obfuscated program. In addition, we also show a negative result: a CPA secure PRE scheme with 'error-freeness' property cannot be non-transferable. [ABSTRACT FROM AUTHOR]

Published

2019

10. Leakage Resilient CCA Security in Stronger Model: Branch Hidden ABO-LTFs and Their Applications.

Author

Zhao, Yi, Yu, Yong, and Yang, Bo

Subjects

*CIPHERS, *PUBLIC key cryptography, *DATA security failures, *DATA encryption, *COMPUTER security

Abstract

Lossy trapdoor functions (LTFs) have already found various applications in cryptography with many priorities. But constructing leakage resilient (LR) CCA secure PKE schemes through this way received less attention. Existing works could only be proven secure in a weakened model due to the power of leakage attack. To address this problem, we introduce a new variant of ABO-LTF which is called branch hidden ABO-LTF (BHABO-LTF) in this paper. This primitive provides protection for the information of evaluated branches rather than lossy branches, which means even an adversary knows the information of the set of lossy branches, it can still not determine whether the output is evaluated on an injective or a lossy branch as long as the inversion key is kept secret. We observe that if this primitive has Chameleon property, we could present a generic construction of CCA secure PKE schemes. Due to the transparency of lossy branches of the primitive, we find that our construction can naturally be extended to accommodate leakage resilience. We give a generic construction with a realization of LR-BHABO-LTFs under the decisional composite residuosity assumption. This construction can be proved secure in a well-accepted security model rather than existing LTF-based ones in weak key-leakage model. Besides, without the need to hide the information of lossy branches, a Chameleon BHABO-LTF can be constructed by additively homomorphic CPA secure PKE alone. So our work can also be viewed as an interesting progress to give a construction of CCA secure PKE from additively homomorphic CPA secure PKE with certain properties as well as their LR counterparts, which has been a longstanding problem. [ABSTRACT FROM AUTHOR]

Published

2019

11. Privacy-Preserving Aggregation of Time-Series Data with Public Verifiability from Simple Assumptions and Its Implementations.

Author

Emura, Keita, Kimura, Hayato, Ohigashi, Toshihiro, and Suzuki, Tatsuya

Subjects

*DATA encryption, *AGGREGATION (Statistics), *TIME series analysis, *PRIVACY, *DATA analysis

Abstract

Aggregator oblivious encryption was proposed by Shi et al. (NDSS 2011). In this method, an aggregator can compute an aggregated sum of data and is unable to learn anything else (aggregator obliviousness). Since the aggregator does not learn individual data that may reveal users' habits and behaviors, several applications including privacy-preserving smart metering have been considered. In this paper, we propose an aggregator oblivious encryption scheme with public verifiability where the aggregator is required to generate a proof of an aggregated sum, and anyone can verify whether the aggregated sum has been correctly computed by the aggregator. Although Leontiadis et al. (CANS 2015) considered verifiability, their scheme requires an interactive complexity assumption to provide the unforgeability of the proof. Our scheme is proven to be unforgeable under a static and simple assumption (a variant of the Computational Diffie–Hellman assumption). Moreover, our scheme inherits the tightness of the reduction of the Benhamouda et al. scheme (ACM TISSEC 2016) for proving aggregator obliviousness. This tight reduction allows us to employ elliptic curves of a smaller order and leads to efficient implementation. Specifically, for 112-bit security, we can employ Barreto–Naehrig (BN) curves with a 383-bit prime order, whereas we need to employ curves with a 1031-bit prime order to implement the Leontiadis et al. scheme. We give implementations of two schemes and evaluate their performances under those curves. We employ a Raspberry-Pi as a power-constrained device such as a smart meter. Consequently, we demonstrate that the running time of the data encryption, data aggregation and verification in our scheme are reduced by approximately 74%, 64% and 89%, respectively, compared to those of the Leontiadis et al. scheme. [ABSTRACT FROM AUTHOR]

Published

2019

12. CCA Security for Self-Updatable Encryption: Protecting Cloud Data When Clients Read/Write Ciphertexts.

Author

Lee, Kwangsu, Lee, Dong Hoon, Park, Jong Hwan, and Yung, Moti

Subjects

*CIPHERS, *DATA encryption, *CLOUD computing security measures, *PUBLIC key cryptography, *INFORMATION retrieval

Abstract

Self-updatable encryption (SUE) is a new kind of public-key encryption, motivated by cloud computing, which enables anyone (i.e. cloud server with no access to private keys) to update a past ciphertext to a future ciphertext by using a public key. The main applications of SUE are revocable-storage attribute-based encryption (RS-ABE) that provides an efficient and secure access control to encrypted data stored in cloud storage. In this setting, there is a new threat such that a revoked user still can access past ciphertexts given to him by a storage server. RS-ABE solves this problem by combining user revocation and ciphertext updating functionalities. We propose the first SUE and RS-ABE schemes secure against a relevant form of chosen-ciphertext security (CCA). Due to the fact that some ciphertexts are easily derived from others, we employ a different notion of CCA that avoids easy challenge related messages. Specifically, we define "time extended challenge" CCA security for SUE which excludes ciphertexts that are easily derived from the challenge (over time periods) from being queried on. We then propose an efficient SUE scheme with such CCA security, and we also present an RS-ABE scheme with this CCA security. [ABSTRACT FROM AUTHOR]

Published

2019

13. Tightly Secure Encryption Schemes against Related-Key Attacks.

Author

Han, Shuai, Liu, Shengli, Lyu, Lin, and Gu, Dawu

Subjects

*COMPUTER security, *DATA encryption, *CRYPTOGRAPHY, *SECURITY management, *ACCESS to information

Abstract

ℱ -Related-Key Attacks (RKAs) allow an adversary to tamper the key k stored in a cryptographic device by specifying related-key deriving (RKD) functions f in ℱ and subsequently learn the outcome of the device under related keys f (k) ⁠. In this paper, we present RKA secure public-key encryption (PKE) and symmetric encryption (SE) schemes admitting a tight security reduction to the standard s -Linear assumption. The security loss depends only on the security parameter and is independent of the number of tampering queries made by the adversary. Our encryption schemes are resilient to RKAs w.r.t. the set of restricted affine functions ℱ raff ⁠, of which the set of linear functions ℱ lin is a subset. In particular, • Our encryption schemes serve as the first ones possessing tight RKA security for a non-trivial RKD function class ℱ under standard assumptions. • Moreover, our encryption schemes enjoy tight super-strong RKA securities, which are the strongest ones among the existing RKA security notions. [ABSTRACT FROM AUTHOR]

Published

2018

14. Order-Hiding Range Query over Encrypted Data without Search Pattern Leakage.

Author

Dou, Yi, Chan, Henry C B, and Au, Man Ho

Subjects

*COMPUTER security, *DATA encryption, *COMPUTER network security, *ACCESS control, *DATABASE management

Abstract

For cloud data storage, data privacy and security are two key concerns. Although sensitive data can be encrypted before they are stored in the cloud, the encrypted data can hardly be processed efficiently. Hence, a lightweight solution is required to satisfy both high security and high efficiency requirements. In this paper, we study the problem of range query over encrypted data. The main idea is to transform the range comparison to a privacy-preserving set intersection operation. To protect record privacy, our scheme builds searchable encrypted indexes for records that are secure against inference attack. To ensure the privacy of range queries, non-deterministic encryption, which has not been achieved in range query before, is proposed to hide the search pattern of queries. During range comparison, our scheme neither leaks the order relationship between the upper/lower bound of a range query and the encrypted index, nor produces false positives in the query results. We have implemented our scheme and evaluated its performance in comparison with other schemes. The comparison results indicate that our scheme has a shorter index size and search time than the order-revealing encryption (ORE) scheme when the processing unit is large. Meanwhile, our scheme only leaks the access pattern, and is proved to be more secure than existing schemes. [ABSTRACT FROM AUTHOR]

Published

2018

15. Matrix FHE and Its Application in Optimizing Bootstrapping.

Author

Wang, Biao, Wang, Xueqing, Xue, Rui, and Huang, Xinyi

Subjects

*HOMOMORPHISMS, *COMPUTER security, *CRYPTOGRAPHY, *DATA encryption, *COMPUTER network security, *CLOUD computing, *ACCESS control

Abstract

We propose a fully homomorphic encryption (FHE) scheme that encrypts matrices. Our scheme supports homomorphic matrix addition, multiplication and Hadamard product. In PKC 2015, Hiromasa et al. constructed the only FHE scheme that encrypts matrices and supports homomorphic matrix addition and multiplication. Compared with their work, the advantages of our scheme are the following: (1) Small ciphertext size : For a plaintext matrix M ∈ {0,1} r × r ⁠, the size of ciphertext matrix is r × (n + r) ⁠, in contrast to (n + r) × (n + r) ⌈ log q ⌉ in their work. (2) Standard assumption : The security is based on LWE assumption merely, while the security of scheme in their work depends additionally on some special kind of circular security assumption. (3) Supporting homomorphic matrix Hadamard product. We show how to apply the proposed scheme to optimize the bootstrapping procedure of Alperin-Sheriff and Peikert, in a way similar to the work of Hiromasa, Abe and Okamoto. Due to smaller ciphertext matrices, the bootstrapping key of our optimized bootstrapping procedure is smaller than that in the work of Hiromasa, Abe and Okamoto by a factor of (n / r + 1) ⌈ log q ⌉ ⁠. [ABSTRACT FROM AUTHOR]

Published

2018

16. Defense Mechanism for Malicious and Selective Forwarding Attacks in Large and Mobile Wireless Networks.

Author

Chuang, Yung-Ting and Lee, Yi-Fan

Subjects

*COMPUTER security, *SECURITY systems, *ACCESS control, *DATA encryption, *INTERNET security

Abstract

People are constantly using mobile technologies to exchange perspectives across the world. The search services they use, however, belong to centralized systems that may be easily censored. The Peer-to-Peer retrieval system was created to impede censorship of online information, but the decentralized nature of P2P makes it difficult to infer information that cannot be measured directly, such as the proportion of subversion, selfish nodes, network size, or churn rate. Recent advances have pushed providers toward large-scale wireless networks where data retrieval is difficult. Thus, we propose a defense mechanism that can: (1) tackle censorship issues; (2) employ probability density function, exponential weighted moving average and modified Chi-squared tests to estimate the proportion of malicious and selfish nodes; (3) defend against malicious and selective-forwarding attacks by adjusting the number of forwarding levels and requests to ensure high-match probability; (4) maintain high-retrieval rates even in large and highly mobile networks; and (5) guarantee robustness compared to other search systems. A series of experiments demonstrated our algorithm's high-retrieval rate, reasonable costs, mobility resilience, and robustness, demonstrating that the algorithm can work well when the network size is large and/or has a large proportion of selfish nodes, malicious nodes and mobile nodes. [ABSTRACT FROM AUTHOR]

Published

2018

17. Structural Key Recovery of Simple Matrix Encryption Scheme Family.

Author

Liu, Jinhui, Yu, Yong, Yang, Bo, Jia, Jianwei, Wang, Shijia, and Wang, Houzhen

Subjects

*COMPUTER security, *DATA encryption, *COMPUTER network security, *COMPUTATIONAL complexity, *ELECTRONIC data processing, *MACHINE theory, *CRYPTOGRAPHY

Abstract

Advances in quantum computers threaten the security of public-key cryptosystems whose security is based on the hardness of factoring or on the discrete logarithm problem. Multivariate encryption schemes are promising alternatives to traditional cryptosystems. Tao et al. proposed a new Multivariate Public-Key Cryptosystem for encryption called simple matrix encryption scheme (ABC for short). Further, they proposed an improved simple matrix encryption schemes and a cubic simple matrix encryption scheme. In this paper, we show that the three schemes are vulnerable to a structural key recovery attack by tensor and vectorization notation and associated algebraic re-writing rules. We derive a set of linear equations from the public key whose solution yields an equivalent key pair that hide the central map. The proposed cryptanalysis approaches require polynomial computational complexity to achieve some equivalent keys from associated public keys. In addition, we provide an example to illustrate feasibility of proposed analysis method. [ABSTRACT FROM AUTHOR]

Published

2018

18. Authorized Function Homomorphic Signature.

Author

Guo, Qingwen, Huang, Qiong, and Yang, Guomin

Subjects

*DIGITAL signatures, *DATA encryption, *ELECTRONIC authentication, *COMPUTER security, *CRYPTOGRAPHY

Abstract

Homomorphic signature (HS) is a novel primitive that allows an agency to carry out arbitrary (polynomial time) computation f on the signed data m → and accordingly gain a signature σ h for the computation result f (m →) with respect to f on behalf of the data owner (DO). However, since DO lacks control of the agency's behavior, receivers would believe that DO did authenticate the computation result even if the agency misbehaves and applies a function that the DO does not want. To address the problem above, in this paper we introduce a new primitive called authorized function homomorphic signature (AFHS). In AFHS, the agency has to obtain a confidence key sk f from DO in order to evaluate a function f on the data m → and to obtain a signature with which one can check whether the agency acts in accordance with DO's instructions. A black-box construction of AFHS based on HS is given in this paper, and we show that if the underlying primitives are secure, so is our construction under the given security model. Moreover, we provide a somewhat concrete construction that offers stronger security guarantee. [ABSTRACT FROM AUTHOR]

Published

2018

19. Improved Meet-in-the Middle Attacks on Reduced-Round TWINE-128.

Author

Liu, Ya, Yang, Anren, Dai, Bo, Li, Wei, Liu, Zhiqiang, Gu, Dawu, and Zeng, Zhiqiang

Subjects

*BLOCK ciphers, *DATA encryption, *CRYPTOGRAPHY, *COMPLEXITY (Philosophy)

Abstract

TWINE is a lightweight block cipher, which was proposed by NEC corporation in 2012. It is both a good example of common trade-offs in lightweight cryptography and one of the only instances of a GFN with improved diffusion layer. Therefore, its security has attracted amount of attention in recent years. In this paper, we present a meet-in-the-middle attack on 26-round TWINE-128 by exploiting the slow diffusion of key schedule. Specifically, we first construct a new 11-round distinguisher of TWINE. Based on it, we mount a meet-in-the-middle attack on 26-round TWINE-128. The data, time and memory complexities are 2 60 chosen plaintexts, 2 126.18 26-round encryptions and 2 109 64-bit blocks, respectively. Our results are better than all previous ones on TWINE-128 in the single-key scenario if not considering biclique cryptanalysis of TWINE-128. [ABSTRACT FROM AUTHOR]

Published

2018

20. Klepto for Ring-LWE Encryption.

Author

Xiao, Dianyan and Yu, Yang

Subjects

*PUBLIC key cryptography, *LATTICE theory, *CRYPTOGRAPHY, *ALGORITHMS, *DATA encryption

Abstract

Due to its great efficiency and quantum resistance, public key cryptography based on Ring-LWE problem has drawn much attention in recent years. A batch of cryptanalysis works provided ever-improved security estimations for various Ring-LWE schemes, but few works discussed the security of Ring-LWE cryptography from kleptographic aspect. In this paper, we show how to embed a backdoor into a classic Ring-LWE encryption scheme so that partial bits of the plaintext are leaked to the owner of the backdoor. By theoretical analysis and experimental observations, we argue that the klepto Ring-LWE encryption scheme with such backdoor is feasible and practical. [ABSTRACT FROM AUTHOR]

Published

2018

21. A New Software Birthmark based on Weight Sequences of Dynamic Control Flow Graph for Plagiarism Detection.

Author

Yuan, Baoguo, Wang, Junfeng, Fang, Zhiyang, and Qi, Li

Subjects

*PLAGIARISM prevention, *COMPUTER software quality control, *FLOWGRAPHS, *DATA encryption, *N-gram models (Computational linguistics)

Abstract

With the large-scale development of open source software, software plagiarism has become a serious threat to software industry and intellectual property. As the latest technique of plagiarism detection, dynamic software birthmark has attracted much attention in recent years. Most of the existing dynamic birthmarks focus on how to resist obfuscation techniques such as compiler optimizations and strong obfuscations implemented in tools. However, they pay little attention to packers, especially encryption packer which is commonly used in software protection as well as plagiarism. When used to encrypt software, the decryption code is added to the binary. It is hard to distinguish the original parts of software from the decryption parts using traditional dynamic birthmarks. In this paper, we propose a new dynamic software birthmark called weight sequences birthmark (WSB) which is based on weight sequences of dynamic control flow graph (DCFG). The weight sequences are used as characteristics, which make full use of the different patterns of dynamic basic block replications between the original code and the decryption code. Compared with the-state-of-art dynamic key instruction sequence birthmark (DKISB), the new birthmark can resist encryption packer effectively. Furthermore, WSB shows better credibility than DKISB when distinguishing independent programs. The comprehensive experiments illustrate that the value of extended F -measure can reach 96.8%, indicating that it is a high-quality birthmark which satisfies both the credibility and the resiliency. [ABSTRACT FROM AUTHOR]

Published

2018

22. Meet-in-the-Middle Attacks on Reduced-Round QARMA-64/128.

Author

Li, Rongjia and Jin, Chenhui

Subjects

*CRYPTOGRAPHY, *BLOCK ciphers, *MATHEMATICAL sequences, *COMPLEXITY (Philosophy), *DATA encryption

Abstract

QARMA is a new family of lightweight tweakable block ciphers which is used in the Pointer Authentication of ARMv8.3-A. In this paper, we apply meet-in-the-middle attack to QARMA-64 and QARMA-128 including the outer whitening keys. First, we observe that a linear relation exists between four cells out of the eight input/output cells in the MixColumns operation. Then, the idea of canceling the state difference with the tweak difference is used to make one blank round. Finally, we construct meet-in-the-middle distinguishers on 5-round QARMA-128 and QARMA-64, respectively. Therefore, the attack on QARMA4-128 is obtained by appending three rounds on the top of the distinguisher and two round on the bottom. Similarly, the attack on QARMA3-64 is obtained. Besides, this attack can be extended to attack on 9-round QARMA-64 without increasing the overall complexity. To the best of our knowledge, these are the first attacks on QARMA block ciphers including the outer whitening keys. [ABSTRACT FROM AUTHOR]

Published

2018

23. Secure and Efficient Attribute-Based Encryption with Keyword Search.

Author

Wang, Haijiang, Dong, Xiaolei, Cao, Zhenfu, and Li, Dongmei

Subjects

*KEYWORD searching, *DATA encryption, *ACCESS control, *DATA warehousing, *ALGORITHMS

Abstract

Attribute-based encryption with keyword search (ABKS) is a system that supports keyword search and access control. By inheriting from attribute-based encryption technology, most current ABKS schemes incur large computation costs in encryption phase and keyword search phase. In a typical implementation, the size of ciphertext is proportional to the number of attributes associated with the access policy, so that the keyword search time and the decryption time are proportional to the number of attributes used in the access policy. To deal with the above problem, we present a new ciphertext-policy attribute-based encryption with fast keyword search scheme. Our scheme preserves the fine-grained access control inherited from the ABE system while supporting hidden policy and fast keyword search. In particular, the proposed scheme can efficiently support AND-gate access policy with multiple attribute values. Moreover, our scheme features multi-value-independent which have constant computation costs compared with the existing ABKS schemes. With the “aggregation” technique, the keyword search phase only needs three pairings, which is a great advantage over previous ABKS schemes. We offer rigorous security proof of our scheme, and the performance analysis demonstrates the efficiency of our scheme. [ABSTRACT FROM AUTHOR]

Published

2018

24. A Secure Self-Synchronized Stream Cipher.

Author

Daneshgar, Amir and Mohebbipoor, Fahimeh

Subjects

*STREAM ciphers, *DATA encryption, *DATA transmission systems, *ALGORITHMS, *SYNCHRONIZATION

Abstract

We follow two main objectives in this article. On the one hand, we introduce a security model called LORBACPA+ for self-synchronized stream ciphers which is stronger than the blockwise LOR-IND-CPA, where we show that standard constructions as delayed CBC or similar existing self-synchronized modes of operation are not secure in this stronger model. Then, on the other hand, following contributions of Millérioux et al. , we introduce a new self-synchronized stream cipher and prove its security in LORBACPA+ model. [ABSTRACT FROM AUTHOR]

Published

2018

25. Identity-Based Broadcast Encryption for Inner Products.

Author

Lai, Jianchang, Mu, Yi, Guo, Fuchun, Jiang, Peng, and Ma, Sha

Subjects

*DATA encryption, *INNER product, *PUBLIC key cryptography, *ALGORITHMS, *COMPUTER security software

Abstract

In the identity-based broadcast encryption (IBBE), only these users whose identities are chosen in the ciphertext computing can decrypt the encrypted message. In this paper, we introduce an extension of IBBE, namely Identity-Based Broadcast Encryption for Inner Product (IBBE-IP), where message encryption is replaced by inner product encryption (IPE) introduced by Abdalla et al. (PKC 2015). Precisely, in the IBBE-IP, the private key is associated with a pair of an identity and a vector (I D , y →). The user with private key of (I D , y →) can decrypt the encrypted vector x → for an identity set S selected by the encryptor and learn the inner product 〈 x → , y → 〉 if and only if I D ∈ S. Differing from the IBBE, the decryption in the IBBE-IP yields the inner product associated with the encrypted vector without leaking any information of the vector. The encrypted vector is protected as long as the number of selected identities is less than their length. We present a construction of IBBE-IP with constant-size private keys and it supports unbounded private key queries, which was unachieved in the previous works of IPE in the public-key setting. The security of our proposed scheme is proved in the random oracle model. [ABSTRACT FROM AUTHOR]

Published

2018

26. Bounded Revocable and Outsourceable ABE for Secure Data Sharing.

Author

Qin, Baodong, Zhao, Qinglan, and Zheng, Dong

Subjects

*CLOUD computing, *DATA encryption, *PUBLIC key cryptography, *COMPUTER network security, *COMPUTER security software

Abstract

With the progress of cloud computing, many users hope in time to upload their data into cloud for sharing. For sensitive data, the owner must encrypt it before sending it to cloud server. The state of the art method for fine-grained access control on encrypted data is attribute-based encryption (ABE). Though ABE is believed to be an outstanding technique for secure data sharing, it has many efficiency drawbacks. For example, its ciphertext size and decryption time increase linearly with the number of attributes used during encryption and decryption, and it is hard to revoke a user’s access ability. In this paper, we propose a method to outsource the decryption of ABE via public cloud computing, and to control a user’s decryption capacity through a bounded revocation technique. The public cloud server can transform any user’s ABE ciphertexts into short ElGamal-type ciphertexts via the user’s public transformation key. The transformed ciphertexts are actually ElGamal-type identity-based ciphertexts obtained through a bounded-collision identity-based encryption scheme, and the decryption time only requires one exponentiation. Our scheme can revoke user’s decryption ability. But it limits to scenario with bounded number of revocation. [ABSTRACT FROM AUTHOR]

Published

2018

27. Efficient Homomorphic Integer Polynomial Evaluation Based on GSW FHE.

Author

Wang, Husen and Tang, Qiang

Subjects

*DATA encryption, *COMPUTER security, *ENCRYPTION protocols, *COMPUTER network security, *DATA security

Abstract

In this paper, we introduce new methods to evaluate integer polynomials with the Gentry-Sahai-Waters fully homomorphic encryption (GSW FHE) scheme. Our solution has much slower noise growth and per homomorphic integer multiplication cost, with a ratio O((logk)w+1 / kw⋅n) in comparison to the original GSW scheme where k is the input plaintext width, n is the LWE dimension and ω=2.373. Technically, we reduce the integer multiplication noise by restricting the evaluation to be between two kinds of ciphertexts: one is for the message space ℤq and the other is for message space 픽2 [log q]. To achieve generality, we propose an integer bootstrapping scheme which converts these two kinds of ciphertexts into each other. To solve the ciphertext expansion problem due to ciphertexts in 픽2 [log q], we propose a solution based on symmetric-key encryption with stream ciphers. [ABSTRACT FROM AUTHOR]

Published

2018

28. Continuous Leakage-Resilient Identity-Based Encryption without Random Oracles.

Author

Zhou, Yanwei, Yang, Bo, and Mu, Yi

Subjects

*DATA encryption, *COMPUTER network security, *DATA security, *INTERNET security, *COMPUTER security

Abstract

Provably secure identity-based encryption (IBE) schemes in the presence of key-leakage have attracted a lot of attention recently. However, most of them were designed in the bounded-leakage model, and might not be able to meet the claimed security under the continuous-leakage attacks. The main issue is that the most of previous leakage-resilient IBE schemes could not ensure the randomness of all elements in the ciphertext, because some elements can be written as a function on the private key of user; therefore, the adversary can obtain the leakage on the private key of user from the corresponding given ciphertext. In this paper, a new construction of CCA-secure IBE scheme tolerating continuous-leakage attacks in the standard model is proposed, and its security is proved in the selective-ID security model based on the hardness of decisional bilinear Diffie-Hellman assumption, which is a classical static assumption. In our construction, the adversary cannot obtain any leakage on the private key from the corresponding ciphertext, since all elements in the ciphertext are random in the adversary's view. The striking advantage of our constructions is the key leakage ratio, which is the best one among the previous leakage-resilient IBE constructions. [ABSTRACT FROM AUTHOR]

Published

2018

29. Efficient Ring Signature and Group Signature Schemes Based on q-ary Identification Protocols.

Author

Chen, Siyuan, Zeng, Peng, Choo, Kim-Kwang Raymond, and Dong, Xiaolei

Subjects

*DIGITAL signatures, *DATA encryption, *DATA security, *COMPUTER network security, *ELECTRONIC authentication

Abstract

While designing ring signature and group signature is a relatively mature area, few published schemes are both efficient and quantum attack-resilience. In this paper, we present two new signature schemes based on coding theory. First, we present two new zero-knowledge (ZK) identification protocols based on the construction of (Cayrel, P.L., Véron, P. and Alaoui, S.M.E.Y. (2010) A Zero-Knowledge Identification Scheme Based on the q-ary Syndrome Decoding Problem. Proceedings of SAC 2010, Waterloo, Ontario, Canada, August 12-13, pp. 171-186. Springer, Berlin) in order to improve efficiency of code-based digital signature schemes. We then transform the newly proposed ZK protocols into a ring signature scheme and a group signature scheme. Our schemes enjoy a significant improvement in efficiency since reducing the cheating probability decreases the interaction rounds. Specially, with the security level of 2-87, the sizes of public key and signature are 14.5 KB and 52 KB in our ring signature scheme, while the corresponding sizes are 400 KB and 2384 KB in the scheme of (Cayrel, P. L., Alaoui, S. M. E. Y., Hoffmann, G. and Véron, P. (2012) An improved threshold ring signature scheme based on error correcting codes. Proceedings of WAIFI 2012, Bochum, Germany, July 16-19, pp. 45-63. Springer, Berlin). At the security level of 2-80, the sizes of public key and signature are 32 KB and 113.8 KB in our group signature scheme, as compared with 2.5 MB and 20 MB in the scheme of (Alamélou, Q., Blazy, O., Cauchie, S. and Gaborit, P. (2017) A codebased group signature scheme. Des. Codes Cryptogr., 82, 469-493) and 642 KB and 114 KB in the scheme of (Ezerman, M.F., Lee, H.T., Ling, S., Nguyen, K. and Wang, H. (2015) A provably secure group signature scheme from code-based assumptions. Proc. ASIACRYPT 2015, Auckland, New Zealand, November 29-December 3, pp. 260-285. Springer, Berlin). [ABSTRACT FROM AUTHOR]

Published

2018

30. Cryptanalysis of A Pairing-Free Certificateless Signcryption Scheme.

Author

Lin, Xi-Jun, Sun, Lin, Qu, Haipeng, and Liu, Dongxiao

Subjects

*CLOUD computing, *ARTIFICIAL intelligence, *PUBLIC key cryptography, *DATA encryption, *MACHINE learning

Abstract

Certificateless signcryption (CLSC) has attracted much attention from the research community since it provides both confidentiality and unforgeability, and, at the same time, it does not suffer from the certificate management problem in traditional public key cryptography and the key escrow problem in identity-based cryptography. However, most CLSC schemes are based on the bilinear pairing which is still a time-costing operation although many efforts have been made to improve its efficiency. Recently, Yu et al. proposed a pairing-free CLSC scheme and proved its security. In this paper, we point out that their scheme can be totally broken since confidentiality and unforgeability actually are not captured. [ABSTRACT FROM AUTHOR]

Published

2018

31. Novel Smooth Hash Proof Systems Based on Lattices.

Author

Lai, Qiqi, Yang, Bo, Yu, Yong, Chen, Yuan, and Bai, Jian

Subjects

*CRYPTOGRAPHY, *ARTIFICIAL intelligence, *DATA encryption, *DATA security, *CLOUD computing

Abstract

As a basic and important primitive, hash proof system can be used to construct many cryptographic schemes and protocols. Therefore, it is significant to instantiate more efficient hash proof systems from various assumptions. Although there are many hash proof systems based on various classical assumptions, only a handful of efficient hash proof systems are known based on post-quantum assumptions. In this paper, we present several new hash proof systems based on the standard learning with errors (LWE) problem, which is at least as hard as standard worst-case lattice problems. Comparing with other existing constructions based on lattices, our main advantages are 2-fold: much simpler and more efficient. And our constructions can be easily extended to be identity-based ones and updatable ones. Throughout the paper, our main idea is to base hash proof systems on a new subset indistinguishability problem related to LWE, and employ the property of smooth parameter of q-ary orthogonal lattices to ensure smoothness. [ABSTRACT FROM AUTHOR]

Published

2018

32. Criteria-Based Encryption.

Author

Phuong, Tran Viet Xuan, Yang, Guomin, and Susilo, Willy

Subjects

*DATA encryption, *COMPUTER security, *CLOUD computing, *INTERNET security, *ARTIFICIAL intelligence

Abstract

We present a new type of public-key encryption called Criteria-based Encryption (or CE, for short). Different from Attribute-based Encryption, in CE, we consider the access policies as criteria carrying different weights. A user must hold some cases (or answers) satisfying the criteria and have sufficient weights in order to successfully decrypt a message. We then propose two CE Schemes under different settings: the first scheme requires a user to have at least one case for a criterion specified by the encryptor in the access structure, while the second scheme requires a user to have all the cases for each criterion. We prove that both schemes are secure under the Decisional q-Bilinear Diffie Hellman Exponent assumption without random oracles. In addition, we also present two special CE schemes for the above two settings without considering the weight requirement. We show that under this special case CE schemes can be constructed much more efficiently. [ABSTRACT FROM AUTHOR]

Published

2018

33. Public-Key Encryption with Tight Simulation-Based Selective-Opening Security.

Author

Lyu, Lin, Liu, Shengli, and Han, Shuai

Subjects

*DATA encryption, *POLYNOMIAL time algorithms, *IMPERSONATION, *RANDOM functions (Mathematics), *RANDOM variables

Abstract

In a selective-opening, chosen-ciphertext attack (SO-CCA) against a public key encryption scheme (PKE scheme), a probabilistic polynomial time (PPT) adversary obtains a vector of challenge ciphertexts, has access to a decryption oracle, adaptively selects to open some of the challenge ciphertexts and sees the corresponding messages together with the random coins. The simulation-based, selective-opening security against chosen-ciphertext attacks (SIM-SO-CCA security) protects the security of the unopened messages in a semantic way, i.e. it requires that the output of the adversary can be simulated by a simulator who sees only the opened messages. In particular, all information that the adversary can get from the unopened messages can also be simulated from the opened messages alone by the simulator. All security proofs of the available PKEs achieving SIM-SO-CCA security are not tight, and the security loss depends either on the number of challenge ciphertexts or on the number of decryption queries. In this work, we present the first PKE scheme which achieves SIM-SO-CCA security with a tight reduction to standard assumptions. This partially solves the open problem proposed by Hofheinz in EuroCrypt 2012. [ABSTRACT FROM AUTHOR]

Published

2018

34. Providing Secret Authentication in Clustered Security Architecture for Cloud-Based WBAN.

Author

Karthiga, I. and Sankar, Sharmila

Subjects

*BODY area networks, *HIDDEN Markov models, *DATA encryption, *BIOINFORMATICS, *WIRELESS sensor nodes

Abstract

In inter-WBAN communication, there is more possibility of the physical attacks that includes the node capture, tampering, pre-deployment network topology and so on. In order to overcome these issues, in this paper, we propose a secret authentication in clustered security architecture for Cloud-based WBAN. When the nodes are deployed in the network, the cluster heads are elected based on the residual energy and node distance. Then a Wavelet-Domain Hidden Markov Model is deployed to perform the communication in a secure manner. A selective encryption mechanism is then used to protect data confidentiality by using biomedical information as a key. Further, the security is enhanced by concealing the features of sensors by generating a coffer, a computationally efficient protocol. By simulation results, we show that the proposed technique enhances the security and reduces the overhead. [ABSTRACT FROM AUTHOR]

Published

2018

35. Partitioned Group Password-Based Authenticated Key Exchange.

Author

FIORE, DARIO, GONZÁLEZ VASCO, MARÍA ISABEL, and SORIENTE, CLAUDIO

Subjects

*COMPUTER password security, *COMPUTER access control, *PRIVACY, *COMMUNICATION, *DATA encryption

Abstract

Group Password-Based Authenticated Key Exchange (GPAKE) allows a group of users to establish a secret key, as long as all of them share the same password. However, in existing GPAKE protocols as soon as one user runs the protocol with a non-matching password, all the others abort and no key is established. In this paper we seek for a more flexible, yet secure, GPAKE and put forward the notion of partitioned GPAKE. Partitioned GPAKE tolerates users that run the protocol on different passwords. Through a protocol run, any subgroup of users that indeed share a password, establish a session key, factoring out the ‘noise’ of inputs by users holding different passwords. At the same time any two keys, each established by a different subgroup of users, are pair-wise independent if the corresponding subgroups hold different passwords. We also introduce the notion of password-privacy for partitioned GPAKE, which is a kind of affiliation hiding property, ensuring that an adversary should not be able to tell whether any given set of users share a password. Finally, we propose an efficient instantiation of partitioned GPAKE building on an unforgeable symmetric encryption scheme and a PAKE by Bellare et al. Our proposal is proven secure in the random oracle/ideal cipher model, and requires only two communication rounds. [ABSTRACT FROM AUTHOR]

Published

2017

36. Statistical Cipher Feedback of Stream Ciphers.

Author

HEYS, HOWARD M.

Subjects

*STREAM ciphers, *HARDWARE, *DATA encryption, *COMMUNICATION, *CRYPTOGRAPHY

Abstract

In this paper, we examine a method of constructing a self-synchronizing stream cipher referred to as statistical cipher feedback (SCFB). Although recently studied as a mode for block ciphers, we explicitly consider the application of SCFB to hardware-oriented stream ciphers. Specifically, we show that SCFB can be used to realize a self-synchronizing stream cipher that has the characteristics of compact, efficient hardware implementations and is secure given that the underlying synchrononous stream cipher is secure. Further, we consider the communication properties of the SCFB system and examine the relationships between these properties and the implementation characteristics. [ABSTRACT FROM AUTHOR]

Published

2017

37. Fully Privacy-Preserving ID-Based Broadcast Encryption with Authorization.

Author

JIANCHANG LAI, YI MU, FUCHUN GUO, and RONGMAO CHEN

Subjects

*DATA encryption, *REVOCATION, *PRIVACY, *CRYPTOGRAPHY, *DATA

Abstract

A revocable ID-based broadcast encryption scheme allows an authorized third party to revoke any receiver (decryptor) from the initial receiver set S of the original broadcast ciphertext without the need of decryption. However, the existing revocable ID-based broadcast encryption schemes in the literature cannot fully preserve the receiver privacy and have a large size of ciphertext when the revoked user sets are large. To solve these problems, in this paper, we propose a novel scheme: fully privacy-preserving ID-based broadcast encryption with authorization. Our scheme allows an authorized party to dynamically handle the decryption rights of receivers via an authorized user set L without knowing the message and the identities of the initial receivers. Only those users who are both in S and L can decrypt the ciphertext successfully. The final ciphertext reveals nothing about the identity information of receivers and the authorized users. Our scheme achieves full collusion resistance and is applicable to anonymous data sharing where the receivers are decided by the authorized third party (or multiple authorized third parties) excluding the data owner. We show that our proposed scheme is provably secure under the defined security models in the random oracle model. [ABSTRACT FROM AUTHOR]

Published

2017

38. Authorized Equi-join for Multiple Data Contributors in the PKC-Based Setting.

Author

SHA MA

Subjects

*DATABASE management, *CRYPTOGRAPHY, *DATA encryption, *TRAPDOORS, *LITERATURE

Abstract

The Database-As-a-Service (DaaS) model provides seamless mechanisms for database management and service. As a countermeasure to security treats, encryption technologies have been widely adopted in database systems. Accordingly, privacy-preserving queries on encrypted databases has become an important research topic. In this paper, we present the first solution of authorized equi-join for multiple data contributors in the PKC-based setting. With the improved ciphertext security under checkability, our underlying cryptographic construction could be used independently as a standard procedure for many other relational operations, for instance, intersection, difference, and set union. As a feature, our scheme allows flexible authorization policies for the join operation by the controlled trapdoor transitivity, which has not yet been studied thoroughly in the literature. Our proposed scheme is efficient in encryption and execution and has a reasonable ciphertext size. It can be applied as a building block for data query in the DaaS model. [ABSTRACT FROM AUTHOR]

Published

2017

39. A Practical Hybrid Group Key Establishment for Secure Group Communications.

Author

HARN, LEIN and CHING-FANG HSU

Subjects

*ENCRYPTION protocols, *DATA encryption, *POLYNOMIALS, *COMPUTER security, *CRYPTOGRAPHY

Abstract

A group key establishment enables a group key shared among all group members. In this paper, we proposed a novel group key establishment, which is a hybrid of the Diffie-Hellman (DH) public-key scheme and the secret sharing scheme. Our protocol takes the advantages of the DH scheme, which does not need a mutually trusted key generation center (KGC) and the secret sharing scheme, which reduces the computational time. Employing the DH scheme allows any group member to act as a KGC to distribute a secret key to all group members. The secret sharing scheme is used as the encryption tool to transfer a group key to group members. Since public-key encryption involves modular exponentiations using a larger modulus (say at least 1024 bits) as compared with the secret sharing encryption involves polynomial operations using a smaller modulus (say only 160 bits), our proposed approach is faster than the broadcast encryption in public-key setting. We show that our protocol can provide key secrecy, key authentication and key independence. [ABSTRACT FROM AUTHOR]

Published

2017

40. Securing Outsourced Data in the Multi-Authority Cloud with Fine-Grained Access Control and Efficient Attribute Revocation.

Author

JUNWEI ZHOU, HUI DUAN, LIANG, KAITAI, QIAO YAN, FEI CHEN, YU, F. RICHARD, JIEMING WU, and JIANYONG CHEN

Subjects

*CLOUD storage, *ACCESS control, *DATA encryption, *COMPUTER security, *SECURITY systems

Abstract

Data outsourcing is a promising service for data owners, where their data are stored on a cloud storage provider. Since the cloud is not fully trusted, data access control has become a challenging issue in the Cloud Storage System (CSS). Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a feasible technique for ensuring access control in the CSS, where an attribute authority is responsible to manage attributes and distribute keys. In this paper, we propose a novel revocable Multi-Authority CP-ABE scheme, in which the access policy can be constructed as an arbitrary tree rather than a matrix used by existing schemes. The tree-like policy makes our scheme more flexible. Consequently, the encryption, decryption and attribute revocation operations are also more efficient. Our scheme is also proved to be secure under the standard assumption. It can resist user collusion attack, while the attribute revocation operation also achieves both forward security and backward security. Simulation results show that our scheme is highly efficient. [ABSTRACT FROM AUTHOR]

Published

2017

41. On the Importance of Checking Multivariate Public Key Cryptography for Side-Channel Attacks: The Case of enTTS Scheme.

Author

HAIBO YI and WEIJIAN LI

Subjects

*CRYPTOGRAPHY, *DATA encryption, *CYBERTERRORISM, *QUANTUM computers, *PUBLIC key cryptography

Abstract

Cryptographic systems refer to a set of algorithms needed to implement a particular form of encryption, decryption, signature and verification, which have practical applications in engineering area. Among cryptographic systems, Multivariate Public Key Cryptography (MPKC) is one of the most popular post-quantum candidates since it has the potential to resist quantum computer attacks. MPKC must be protected against a wide range of attacks, including side-channel attack, which is any attack based on information gained from the physical implementation of cryptographic systems. However, there are few side-channel attacks on MPKC schemes. In this paper, we present techniques to exploit Differential Power Analysis and fault analysis attacks for analyzing the effectiveness of side-channel attacks on MPKC schemes. We propose a general model of side-channel attacks on enhanced Tame Transformation Signature (enTTS) scheme, which is one of the representative MPKC schemes. We implement a naive enTTS scheme on Application Specific Integrated Circuits and propose a successful side-channel attack on the implementation. Experimental results show that our attack successfully obtains all the pieces from the private keys of the enTTS scheme and they clearly demonstrate the importance of protecting MPKC against side-channel attacks. [ABSTRACT FROM AUTHOR]

Published

2017

42. Pairing-Free and Secure Certificateless Signcryption Scheme.

Author

HUIFANG YU and BO YANG

Subjects

*DATA encryption, *CRYPTOGRAPHY, *INTERNET auctions, *EMAIL systems, *COMPUTER security

Abstract

Certificateless signcryption (CLSC) can simultaneously fulfill certificateless encryption and certificateless signature; however, most CLSC schemes need costly computational overhead due to the usage of pairing operations. How to improve its computational efficiency is a very significant research problem. In this paper, we propose a pairing-free and secure CLSC scheme. In the random oracle model, the proposed scheme is indistinguishability against adaptive chosen-ciphertext attacks secure in confidentiality and unforgeability against adaptive chosen-message attacks secure in unforgeability. In the new scheme, only a designated receiver can recover the message, and a third party can verify the validity of a signcrypted text without knowing the receiver's secret value. In addition, this cryptographic algorithm is very appropriate to applications in online auction, email system and private contractual signature. [ABSTRACT FROM AUTHOR]

Published

2017

43. Continuous Leakage-Resilient Public-Key Encryption Scheme with CCA Security.

Author

YANWEI ZHOU and BO YANG

Subjects

*PUBLIC key cryptography, *POLYNOMIAL time algorithms, *HASHING, *CRYPTOGRAPHY, *DATA encryption

Abstract

In recent years, much attention has been focused on designing provably secure public-key encryption (PKE) scheme in the presence of key-leakage. However, most of them are researched in the bounded-leakage model, and cannot keep their claimed security in the continuous leakage setting. What's more, most of traditional leakage-resilient PKE schemes cannot ensure that all of elements in ciphertext are random from the adversary's view, and any polynomial time adversary can get leakage on the secret key from the corresponding ciphertext. But, in the real world, an adversary can trivially break the security of PKE scheme under the continuous leakage attacks. To get an efficient PKE scheme which can keep its original security in the continuous-leakage model, we propose a new construction of chosen-ciphertext attacks secure PKE scheme, and whose security is based on the hardness of the classical decisional Diffie-Hellman assumption and the target collision resistance of the hash function. Our method not only can tolerate continuous leakage attacks on the secret key through key update operation, but also enjoys better performances, such as the round leakage parameter λC ≤ log q - ω(log k) (k is the security parameter, q is a big prime order of the underlying group.) is independent of the plaintext space, and has the constant size, also, any polynomial time adversary unable to obtain leakage on the secret key from the corresponding ciphertext, etc. Because of these good performance features, our proposal may have some significant value in the practical applications. [ABSTRACT FROM AUTHOR]

Published

2017

44. Simpler Generic Constructions for Strongly Secure One-round Key Exchange from Weaker Assumptions.

Author

ZHENG YANG, JUNYU LAI, CHAO LIU, WANPING LIU, and SHUANGQING LI

Subjects

*DIGITAL signatures, *STANDARD model (Nuclear physics), *DATA encryption, *ELECTRONIC authentication, *COMPUTER security

Abstract

In PKC 2015, Bergsma et al. introduced a generic one-round key exchange (ORKE) protocol (which is referred to as BJS) from digital signature (SIG) and simplified non-interactive key exchange (NIKE) without involving any identity. The BJS scheme is shown to satisfy extended Canetti and Krawczyk-PFS security if the NIKE is adaptive-CKS-light secure and the SIG is strongly secure against existential unforgeability under chosen message attacks. However, the BJS scheme cannot be instantiated with NIKE scheme with identity (e.g. the one proposed by Boneh and Zhandry in Crypto 2014). In this paper, we propose a much simpler generic construction for ORKE from NIKE and SIG. In particular, our scheme only makes weaker security assumptions on the underlying building blocks. Namely, we first show that the static-CKS-light security of NIKE, where the target identities are chosen by the adversary before seeing the system parameters, is sufficient for our construction. On the second, we observe that the SIG only needs to provide strong existential unforgeability under weak chosen message attacks for our construction. These results enable our proposal to have more concrete instantiations which might be easier to build and realize. At the same time, our new protocol is much more computationally efficient than the BJS protocol. [ABSTRACT FROM AUTHOR]

Published

2017

45. Probabilistic Public Key Encryption for Controlled Equijoin in Relational Databases.

Author

YUJUE WANG and HWEEHWA PANG

Subjects

*DATA encryption, *DATABASE design, *COMPUTATIONAL complexity, *BLOCK ciphers, *COMPUTER security

Abstract

We present a public key encryption scheme for relational databases (PKDE) that allows the owner to control the execution of cross-relation joins on an outsourced server. The scheme allows anyone to deposit encrypted records in a database on the server. Thereafter, the database owner may authorize the server to join any two relations to identify matching records across them, while preventing self-joins that would reveal information on records that are unmatched in the join. The security of our construction is formally proved in the random oracle model based on the computational bilinear Diffie-Hellman assumption. Specifically, before a relation is joined, its encrypted records enjoy indistinguishability under adaptively chosen ciphertext attacks (CCA2) security; after a join, our scheme offers One-Way CCA2 security protection on the records. Our PKDE construction is shown to outperform the only existing work, both in security guarantee and in efficiency. [ABSTRACT FROM AUTHOR]

Published

2017

46. Novel Leakage-Resilient Attribute-Based Encryption from Hash Proof System.

Author

LEYOU ZHANG, JINGXIA ZHANG, and YI MU

Subjects

*DATA encryption, *INFORMATION technology security, *COMPUTER security standards, *COMPUTER network protocols, *COMPUTER access control

Abstract

As an important primitive, attribute-based encryption (ABE) has attracted much attention in the relative-leakage model. However, the leakage rate in almost all of the existing ABE schemes is restricted with a leakage parameter. It implicitly suggests that higher leakage rate results in larger ciphertexts and keys. Aiming at tackling the challenge, novel leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) and key-policy attribute-based encryption (KP-ABE) are designed in this paper. It achieves shorter secret key size and simultaneously does not suffer from the undesirable drawback above. To realize this, the concepts of CP-AB-HPS and KP-AB-HPS are introduced, which generalize the notion of hash proof system (HPS) to attribute-based setting. Under some static assumptions, the proposed schemes are proved adaptively secure in the standard model. In addition, the results in simulation experiments indicate that the proposed scheme is efficient and practical. [ABSTRACT FROM AUTHOR]

Published

2017

47. Bounds for Message Authentication with Distortion.

Author

SHAOQUAN JIANG

Subjects

*MESSAGE authentication codes, *COMPUTER access control, *COMPUTER security standards, *DATA encryption, *INFORMATION-theoretic security

Abstract

We consider a message authentication with distortion (DMA), where Alice encodes a source state and sends it over an unknown channel to Bob, who then tries to recover it, up to a small distortion. We formulate a formal model for this problem and define the authentication rate for DMA as the number of source symbols transmitted for each channel use. We characterize the best possible authentication rate (called authentication capacity) for a general DMA. We also obtain a lower bound on the adversarial success probability for a typical class of DMA. [ABSTRACT FROM AUTHOR]

Published

2017

48. Editorial: On the Security of the First Leakage-Free Certificateless Signcryption Scheme.

Author

XI-JUN LIN, LIN SUN, HAIPENG QU, and XIAOSHUAI ZHANG

Subjects

*COMPUTER security standards, *PRINTED ephemera, *DATA encryption, *INFORMATION-theoretic security, *DATA caps (Internet)

Abstract

Recently, Islam and Li proposed the first certificateless signcryption scheme without ephemeral secret leakage (ESL) attack, called leakage-free certificateless signcryption (leakage-free CLSC) scheme. However, we point out in this paper that the confidentiality property is not captured in their proposal. Moreover, our attack adheres to the security model proposed in the original paper. On the other hand, the security models proposed by Islam and Li are insufficient. In fact, the ESL attack is not involved in the security models since the ephemeral secret is not returned to the adversary when CLSC-Signcryption query and Challenge are issued. Finally, we give the amended security models. [ABSTRACT FROM AUTHOR]

Published

2017

49. Identity-Based Encryption with Verifiable Outsourced Revocation.

Author

YANLI REN, NING DING, XINPENG ZHANG, HAINING LU, and DAWU GU

Subjects

*DATA encryption, *COMPUTER security, *DIGITAL signatures, *COMPUTER network security, *TEXTILE technology, *COMPUTER systems

Abstract

In an identity-based encryption (IBE) scheme, how to revoke users from the system is a difficult problem when their private keys are compromised. The private key generator (PKG) updates the private keys for all unrevoked users and has high computation load when a large number of users are included. We propose an IBE scheme with verifiable outsourced revocation based on the onemalicious model of two servers. In the proposed scheme, PKG delegates the key update operations to the two servers for all unrevoked users. The PKG can detect the failure with probability 1 if one of the servers misbehaves. Our scheme is proven fully secure and verifiable against chosenplaintext attack (CPA) without random oracles. The servers cannot execute the key update operations for any revoked user even if they collude. The experiment shows the time cost for PKG in the outsourcing algorithm is much smaller than that for directly updating the private keys for all unrevoked users. [ABSTRACT FROM AUTHOR]

Published

2016

50. Practical Attribute-based Signature: Traceability and Revocability.

Author

JIANGHONG WEI, XINYI HUANG, WENFEN LIU, and XUEXIAN HU

Subjects

*DIGITAL signatures, *DATA encryption, *COMPUTER network security, *CRYPTOSYSTEMS, *PUBLIC key cryptography

Abstract

As a new variant of digital signature, attribute-based signature (ABS) is appealing for many scenarios, where both authentication and anonymity are desired. However, in such a paradigm, a user's secret key is not linkable to an authenticated identity, and the same set of attributes might be shared among multiple users. Consequently, a malicious user would leak his secret key for some purposes without the risk of being identified among these equal users. On the other hand, for a cryptosystem with a large number of users, there should be an efficient revocation mechanism to further inform that a user's credential is abolished. We note that none of the existing ABS schemes simultaneously supports traceability and revocability, which are crucial towards the practicability of ABS. In this work, we first give a formal security model for traceable and revocable ABS. Next, we provide a concrete construction that admits flexible threshold signing predicates. Finally, we prove the anonymity and traceability of the proposed scheme in the standard model. To the best of our knowledge, our construction is the first ABS scheme that enjoys the functionalities of traceability and revocability simultaneously, and thus is more feasible for practical applications. [ABSTRACT FROM AUTHOR]

Published

2016