Your search keyword '"PUBLIC key cryptography"' showing total 13 results

1. Chosen-ciphertext secure code-based threshold public key encryptions with short ciphertext.

Author

Takahashi, Kota, Hashimoto, Keitaro, and Ogata, Wakaha

Subjects

PUBLIC key cryptography, CONCRETE, ALGORITHMS

Abstract

Threshold public-key encryption (threshold PKE) has various useful applications. A lot of threshold PKE schemes are proposed based on RSA, Diffie–Hellman and lattice, but to the best of our knowledge, code-based threshold PKEs have not been proposed. In this paper, we provide three IND-CCA secure code-based threshold PKE schemes. The first scheme is the concrete instantiation of Dodis–Katz conversion (Dodis and Katz, TCC'05) that converts an IND-CCA secure PKE into an IND-CCA secure threshold PKE using parallel encryption and a signature scheme. This approach provides non-interactive threshold decryption, but ciphertexts are large (about 16 kilobytes for 128-bit security) due to long code-based signatures even in the state-of-the-art one. The second scheme is a new parallel encryption-based construction without signature schemes. Unlike the Dodis–Katz conversion, our parallel encryption converts an OW-CPA secure PKE into an OW-CPA secure threshold PKE. To enhance security, we use Cong et al.'s conversion (Cong et al., ASIACRYPT'21). Thanks to eliminating signatures, its ciphertext is 512 bytes, which is only 3% of the first scheme. The decryption process needs an MPC for computing hash functions, but decryption of OW-CPA secure PKE can be done locally. The third scheme is an MPC-based threshold PKE scheme from code-based assumption. We take the same approach Cong et al. took to construct efficient lattice-based threshold PKEs. We build an MPC for the decryption algorithm of OW-CPA secure Classic McEliece PKE. This scheme has the shortest ciphertext among the three schemes at just 192 bytes. Compared to the regular CCA secure Classic McEliece PKE, the additional ciphertext length is only 100 bytes. The cons are heavy distributed computation in the decryption process. [ABSTRACT FROM AUTHOR]

Published

2024

2. Post-Quantum Cryptography--Having It Implemented Right.

Author

Guilley, Sylvain, Souissi, Youssef, ZHANG Fan, and YANG Bo-Lin

Subjects

PUBLIC key cryptography, DATA encryption, CRYPTOGRAPHY, MATHEMATICAL functions, MODULAR arithmetic, QUANTUM information science

Abstract

Post-quantum cryptography (PQC) refers to novel requirements in asymmetric cryptography, namely key exchange, asymmetric encryption and digital signature. In PQC, the cryptographic computation shall resist not only attacks from classic computers, but also from quantum computers. Still, PQC algorithms are mathematical functions which are implemented conventionally (as software, hardware, etc.). Therefore, regular implementation-level attacks apply. In this paper, we list the challenges associated with the implementation of PQC, in particular vulnerabilities related to side-channel analyses. Some features in PQC, such as modular arithmetic in finite fields, inversions, non-uniform random numbers sampling, or decoding algorithms, are intrinsically hard to evaluate in constant-time. First, we detail the detection and the prevention of leakage arising from conditional control-flow and from conditional access to data structures. Second, we apply the same methodology to data leakage, in the situation where the manipulated data is randomly split in several shares (protection known as "masking"). Conventional detection of vertical leakage is not appropriate in the presence of countermeasures, such as masking. This paper shows that proper implementation of PQC requires knowledge of security evaluation and of secure coding. Owing to the large variety of PQC algorithms (key generation, encapsulation/decapsulation, signature verification/generation), classes (lattice-based, code-based, multivariate, etc.) and their configurations (key size, conforming to IND-CCA or IND-CPA security, etc.), generic methods shall be available. Those are overviewed in this paper, which is intended to provide to the readers with a comprehensive coverage about secure code evaluation and design. [ABSTRACT FROM AUTHOR]

Published

2023

3. Continual Leakage-Resilient Hedged Public-Key Encryption.

Author

Huang, Meijuan, Yang, Bo, Zhou, Yanwei, and Hu, Xuewei

Subjects

*DISASTER resilience, *PUBLIC key cryptography, *CRYPTOGRAPHY, *LEAKAGE

Abstract

Hedged public-key encryption (HPKE), introduced by Bellare et al. (ASIACRYPT 2009), provides useful security when the per-message randomness fails to be uniform due to faulty implementations or adversarial actions. The HPKE scheme achieves IND-CPA (chosen plaintext attack) security when the randomness they used is of high quality, but, when the randomness is poor quality, rather than breaking completely, it achieves a weaker but a useful notion of security called IND-CDA (chosen distribution attack) as long as the message and randomness together have sufficient min-entropy. However, little research on HPKE in the presence of key leakage was done. In this paper, we study HPKE featuring key leakage-resilience and formulate appropriate security notion for key leakage-resilient HPKE. We work in the continual key leakage model where the secret key is refreshed periodically and an adversary can learn arbitrary but bounded leakage on the secret key between the updates. We present two generic constructions of continual leakage-resilient HPKE in the standard model by using a continual leakage-resilient all-but-one lossy trapdoor function. Finally, we give an instantiation of leakage-resilient HPKE under the linear assumption in bilinear groups. [ABSTRACT FROM AUTHOR]

Published

2022

4. CLAP-PRE: Certificateless Autonomous Path Proxy Re-Encryption for Data Sharing in the Cloud.

Author

Ren, Chengdong, Dong, Xiaolei, Shen, Jiachen, Cao, Zhenfu, and Zhou, Yuanjian

Subjects

PUBLIC key cryptography, INFORMATION sharing, ACCESS control, PERSONALLY identifiable information

Abstract

In e-health systems, patients encrypt their personal health data for privacy purposes and upload them to the cloud. There exists a need for sharing patient health data with doctors for healing purposes in one's own preferred order. To achieve this fine-gained access control to delegation paths, some researchers have designed a new proxy re-encryption (PRE) scheme called autonomous path proxy re-encryption (AP-PRE), where the delegator can control the whole delegation path in a multi-hop delegation process. In this paper, we introduce a certificateless autonomous path proxy re-encryption (CLAP-PRE) using multilinear maps, which holds both the properties (i.e., certificateless, autonomous path) of certificateless encryption and autonomous path proxy re-encryption. In the proposed scheme, (a) each user has two public keys (user's identity and traditional public key) with corresponding private keys, and (b) each ciphertext is first re-encrypted from a public key encryption (PKE) scheme to an identity-based encryption (IBE) scheme and then transformed in the IBE scheme. Our scheme is an IND-CPA secure CLAP-PRE scheme under the k-multilinear decisional Diffie–Hellman (k-MDDH) assumption in the random oracle model. [ABSTRACT FROM AUTHOR]

Published

2022

5. Authentication and key establishment protocol from supersingular isogeny for mobile environments.

Author

Qi, Mingping and Chen, Jianhua

Subjects

*COMPUTER passwords, *PUBLIC key cryptography, *PERSONAL computers, *KEY agreement protocols (Computer network protocols), *ELLIPTIC curves

Abstract

This paper presents a provably secure post-quantum authentication and key establishment protocol for mobile environments, which is the first one from supersingular isogeny to our best knowledge that achieves the client user authentication by using the convenient password and the server authentication by using the password-transformed secret value and its certificate, together with the final session key establishment between them. This makes it be quite suitable for providing quantum-resilient security assurance in mobile environments in the near future post-quantum era. The presented protocol actually is constructed by integrating the password-based authentication way with the key encapsulation mechanism and thereby is named as PBKEM for short. The presented post-quantum PBKEM protocol from supersingular isogeny is formally proved secure in the random oracle model under the well-known Bellare–Pointcheval–Rogaway (BPR) security model, whose security is finally reduced to the SI-CDH security assumption and the IND-CCA security of the SIKE scheme. Moreover, it is implemented on a personal computer by using the SIDH Library provided by Microsoft, and the experimental results have shown that the protocol is efficient enough to be applied in practice to provide quantum-resilient security assurance. [ABSTRACT FROM AUTHOR]

Published

2022

6. Group public key encryption supporting equality test without bilinear pairings.

Author

Shen, Xiaoying, Wang, Baocang, Wang, Licheng, Duan, Pu, and Zhang, Benyu

Subjects

*PUBLIC key cryptography, *UPLOADING of data, *TEST design, *CLOUD computing

Abstract

In cloud computing scenarios, it is a common approach to encrypt the data before uploading in order to maintain the privacy. Public key encryption with equality test (PKEET) provides a generic solution to equality comparisons on encrypted data. Considering the practical requirements of PKEET in group user scenarios, Ling et al. presented a group public key encryption scheme with equality test (G-PKEET) by utilizing the computationally expensive bilinear pairing operations. In this paper, we propose an efficient and verifiable group public key encryption with equality test construction without bilinear pairings (GPKEET/BP). Our proposal is developed from a basic observation that two points determine a straight line, and is proven to be indistinguishable against the chosen-ciphertext attacks (IND-CCA) in the random oracle model under the computational Diffie-Hellman (CDH) assumption. Theoretical analysis shows that our construction only involves several modular exponentiations in the encryption, decryption and test algorithms. The theoretical results are well supported by experimental simulations, which show that the test algorithm of GPKEET/BP performs about 92 % faster than that of Ling et al.'s scheme. So our GPKEET/BP scheme turns out to be better suited for group ciphertext equality test situations. [ABSTRACT FROM AUTHOR]

Published

2022

7. Cost-Effective Proxy Signcryption Scheme for Internet of Things.

Author

Ullah, Insaf, Alkhalifah, Ali, Khan, Muhammad Asghar, and Mostafa, Samih M.

Subjects

INTERNET of things, ELLIPTIC curve cryptography, INTERNET privacy, PUBLIC key cryptography, DELEGATION of authority

Abstract

The Internet of things (IoT) has emerged into a revolutionary technology that enables a wide range of features and applications given the proliferation of sensors and actuators embedded in everyday objects, as well as the ubiquitous availability of high-speed Internet. When nearly everything is connected to the Internet, security and privacy concerns will become more significant. Furthermore, owing to the resource-constrained nature of IoT devices, they are unable to perform standard cryptographic computations. As a result, there is a critical need for efficient and secure lightweight cryptographic scheme that can meet the demands of resource-constrained IoT devices. In this study, we propose a lightweight proxy in which a person/party can delegate its signing authority to a proxy agent. Existing proxy signcryption security approaches are computationally costly and rely on RSA, bilinear pairing, and elliptic curves cryptography (ECC). The hyperelliptic curve cryptosystem (HECC), on the other hand, employs a smaller key size while maintaining the same level of security. When assessed using the random oracle model (ROM), the proposed scheme provides resilience against indistinguishable under adaptive chosen ciphertext attacks (IND-CCA) and unforgeable under adaptive chosen message attacks (UU-ACMA). To demonstrate the viability of the proposed scheme, security analyses and comparisons with existing schemes are performed. The findings show that the proposed scheme provides high security while reducing computational and communication costs. [ABSTRACT FROM AUTHOR]

Published

2021

8. Equality test with an anonymous authorization in cloud computing.

Author

Abdalla, Hisham, Xiong, Hu, Wahaballa, Abubaker, Ramadan, Mohammed, and Qin, Zhiguang

Subjects

*CLOUD computing, *KEY agreement protocols (Computer network protocols), *CLOUD storage, *PUBLIC key cryptography, *STATISTICS

Abstract

With the rapid popularity and wide adoption of cloud storage, providing privacy-preserving by protecting sensitive information becomes a matter of grave concern. The most effective and sensible way to address this issue is to encrypt the data before uploading it to the cloud. However, to search over encrypted data with different keys is still an open problem when it comes to the deployment of emerging technologies such as healthcare applications and e-marketplace systems. To address these issues, in this paper, we proposed a secure and efficient public-key encryption with an equality test technique that supports anonymous authorization, abbreviated as (PKEET-AA). Our proposed scheme allows a specific user to identify who can perform the equality test process among various cloud servers without compromising sensitive information. It also provides an anonymous approach to search for some statistical information about specific identical encrypted records in several databases. Moreover, we prove that our proposed PKEET-AA scheme is one-way secure against chosen-ciphertext attack (OW-CCA) and undistinguishable against adaptive chosen ciphertext attack (IND-CCA) in the random oracle model. Thus, to provide authorization/multi-authorization anonymity under the Decisional Diffie–Hellman assumption. [ABSTRACT FROM AUTHOR]

Published

2021

9. Efficient message transmission via twisted Edwards curves.

Author

Kirlar, Bariş Bülent

Subjects

*DIGITAL signatures, *ELLIPTIC curves, *PUBLIC key cryptography, *CURVES, *CRYPTOSYSTEMS

Abstract

In this paper, we suggest a novel public key scheme by incorporating the twisted Edwards model of elliptic curves. The security of the proposed encryption scheme depends on the hardness of solving elliptic curve version of discrete logarithm problem and Diffie-Hellman problem. It then ensures secure message transmission by having the property of one-wayness, indistinguishability under chosen-plaintext attack (IND-CPA) and indistinguishability under chosen-ciphertext attack (IND-CCA). Moreover, we introduce a variant of Nyberg-Rueppel digital signature algorithm with message recovery using the proposed encryption scheme and give some countermeasures to resist some wellknown forgery attacks. [ABSTRACT FROM AUTHOR]

Published

2020

10. A New Framework of IND-CCA Secure Public Key Encryption with Keyword Search.

Author

Ma, Sha and Huang, Qiong

Subjects

*PUBLIC key cryptography, *KEYWORD searching, *RSA algorithm, *DATA encryption, *MAP projection

Abstract

In the era of cloud computing, public key encryption with keyword search (PEKS) is an extremely useful cryptographic tool for searching on encryption data, whose strongest security notion is indistinguishability encryption against chosen ciphertext attack (ind-cca). Adballa et al. presented a transformation from identity based encryption (IBE) to PEKS in the Theory of Cryptography Conference 2010. This paper proposes a new framework of ind-cca secure PEKS in the standard model. Our main technical tool is a newly introduced notion of smooth projective hash function with key mapping, in which the hash key hk is mapped into another mapping projection key mhp besides the classical projection key hp. Finally, we provide an instantiation of our framework based on symmetric eXternal Diffie–Hellman assumption. [ABSTRACT FROM AUTHOR]

Published

2020

11. A post-quantum hybrid encryption based on QC-LDPC codes in the multi-user setting.

Author

Wang, Luping, Chen, Jie, Zhang, Kai, and Qian, Haifeng

Subjects

*ENCRYPTION protocols, *QUANTUM computing, *CODING theory, *PUBLIC key cryptography, *CIPHERS

Abstract

• Employing a KDF and an OWT function can construct an IND-CCA secure KEM with multi-user setting. • Combining a DEM and a MAC with a tag in the input can get an IND-CCA secure DEM with multi-user setting. • To get an IND-CCA secure HE, the KEM and DEM have to satisfy certain security properties, independently. • Instantiate our mul-HE scheme with QC-LDPC codes can resist quantum computing attacks. The encryption schemes based on coding theory are one of the most accredited choices in post-quantum scenario, where QC-LDPC codes are usually employed to construct concrete schemes due to the well security and good efficiency. In this work, we introduce a new IND-CCA secure multi-instance framework for code-based hybrid encryption primitive in the random oracle model, which is derived from our new multi-instance KEM and DEM building modules. We note that previous multi-instance KEM and DEM are usually derived from single-instance KEM and DEM, and hence suffers from large parameter sizes and security loss. Nevertheless, our multi-instance KEM is a direct construction based on a key generation function and a one-way trapdoor function, and our multi-instance DEM is constructed from a standard DEM and MAC with a tag in the input to achieve a tighter security loss. Finally, we present a IND-CCA secure multi-instance hybrid encryption scheme based on QC-LDPC codes in the random oracle model, where the scheme achieves small private key size and only consumes addition and multiplication operations over F 2 x. [ABSTRACT FROM AUTHOR]

Published

2020

12. A Security-Mediated Encryption Scheme Based on ElGamal Variant.

Author

Tea, Boon Chian, Kamel Ariffin, Muhammad Rezal, Abd. Ghafar, Amir Hamzah, and Asbullah, Muhammad Asyraf

Subjects

*PUBLIC key cryptography, *METHICILLIN-resistant staphylococcus aureus, *REVOCATION

Abstract

Boneh et al. introduced mediated RSA (mRSA) in 2001 in an attempt to achieve faster key revocation for medium-sized organizations via the involvement of a security mediator (SEM) as a semi-trusted third party to provide partial ciphertext decryption for the receiver. In this paper, a pairing-free security mediated encryption scheme based on an ElGamal variant is proposed. The scheme features a similar setting as in the mediated RSA but with a different underlying primitive. We show that the proposed security mediated encryption scheme is secure indistinguishably against chosen-ciphertext attack (IND-CCA) in the random oracle via the hardness assumption of the computational Diffie-Hellman (CDH) problem. [ABSTRACT FROM AUTHOR]

Published

2021

13. Certificateless public key encryption with cryptographic reverse firewalls.

Author

Zhou, Yuyang, Guo, Jing, and Li, Fagen

Subjects

*PUBLIC key cryptography, *ENCRYPTION protocols, *RSA algorithm, *CRYPTOGRAPHY

Abstract

The Snowden incident shows that powerful attackers can compromise users' machines to steal users' private information. Currently, many encryption schemes that have proven to be secure cannot detect vulnerabilities. These vulnerabilities may reveal users' secrets, e.g., a machine hides some backdoors without a user's awareness, and an attacker can steal the user's private information through these backdoors. In 2015, Mironov and Stephens-Davidowitz proposed a new framework for solving this problem: cryptographic reverse firewall (CRF). However, their protocols can't protect certificateless public key encryption (CL-PKE). In this paper, we design a CRF protocol for CL-PKE, which is a one-round CL-PKE with CRFs (CL-PKE-CRF) deployed on a receiver and a key generating centre (KGC). This protocol is proved to achieve indistinguishability against chosen plaintext attack (IND-CPA). Compared with existing protocol with CRFs and two CL-PKE schemes, our protocol has the least communication cost. Meanwhile, we use JPBC library to implement our one-round CL-PKE-CRF. The experimental results indicate that under high security levels, our protocol has a advantage in the percentage of the running time. Since our protocol can resist exfiltration attacks from internal attackers, it is efficient and practical. Finally, we apply the same method to design a secure and effective one-round certificateless public key signature with a CRF (CL-PKS-CRF). This means that our protocol is not only targeted at a single CL-PKE scheme, but also can inspire the design of other certificateless public key cryptography schemes with CRFs. [ABSTRACT FROM AUTHOR]

Published

2020