Pub Date : 2014-06-01DOI: 10.1504/IJACT.2014.062722
Liran Lerman, Gianluca Bontempi, O. Markowitch
In cryptography, a side-channel attack is any attack based on the analysis of measurements related to the physical implementation of a cryptosystem. Nowadays, the possibility of collecting a large amount of observations paves the way to the adoption of machine learning techniques, i.e., techniques able to extract information and patterns from large datasets. The use of statistical techniques for side-channel attacks is not new. Techniques like the template attack have shown their effectiveness in recent years. However, these techniques rely on parametric assumptions and are often limited to small dimensionality settings, which limit their range of application. This paper explores the use of machine learning techniques to relax such assumptions and to deal with high dimensional feature vectors.
{"title":"Power analysis attack: an approach based on machine learning","authors":"Liran Lerman, Gianluca Bontempi, O. Markowitch","doi":"10.1504/IJACT.2014.062722","DOIUrl":"https://doi.org/10.1504/IJACT.2014.062722","url":null,"abstract":"In cryptography, a side-channel attack is any attack based on the analysis of measurements related to the physical implementation of a cryptosystem. Nowadays, the possibility of collecting a large amount of observations paves the way to the adoption of machine learning techniques, i.e., techniques able to extract information and patterns from large datasets. The use of statistical techniques for side-channel attacks is not new. Techniques like the template attack have shown their effectiveness in recent years. However, these techniques rely on parametric assumptions and are often limited to small dimensionality settings, which limit their range of application. This paper explores the use of machine learning techniques to relax such assumptions and to deal with high dimensional feature vectors.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129733846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-06-01DOI: 10.1504/IJACT.2014.062738
T. Veugen
When processing data in the encrypted domain, homomorphic encryption can be used to enable linear operations on encrypted data. Integer division of encrypted data however requires an additional protocol between the client and the server and will be relatively expensive. We present new solutions for dividing encrypted data in the semi-honest model using homomorphic encryption and additive blinding, having low computational and communication complexity. In most of our protocols we assume the divisor is publicly known. The division result is not only computed exactly, but may also be approximated leading to further improved performance. The idea of approximating the result of an integer division is extended to similar results for secure comparison, secure minimum, and secure maximum in the client-server model, yielding new efficient protocols with demonstrated application in biometrics. The exact minimum protocol is shown to outperform existing approaches.
{"title":"Encrypted integer division and secure comparison","authors":"T. Veugen","doi":"10.1504/IJACT.2014.062738","DOIUrl":"https://doi.org/10.1504/IJACT.2014.062738","url":null,"abstract":"When processing data in the encrypted domain, homomorphic encryption can be used to enable linear operations on encrypted data. Integer division of encrypted data however requires an additional protocol between the client and the server and will be relatively expensive. We present new solutions for dividing encrypted data in the semi-honest model using homomorphic encryption and additive blinding, having low computational and communication complexity. In most of our protocols we assume the divisor is publicly known. The division result is not only computed exactly, but may also be approximated leading to further improved performance. The idea of approximating the result of an integer division is extended to similar results for secure comparison, secure minimum, and secure maximum in the client-server model, yielding new efficient protocols with demonstrated application in biometrics. The exact minimum protocol is shown to outperform existing approaches.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126814404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-06-01DOI: 10.1504/IJACT.2014.062740
Hiren J. Patel, R. Baldwin
Random Forest, a non-parametric classifier, is proposed for byte-wise profiling attack on advanced encryption standard AES and shown to improve results on PIC microcontrollers, especially in high-dimensional variable spaces. It is shown in this research that data collected from 40 PIC microcontrollers exhibited highly non-Gaussian variables. For the full-dimensional dataset consisting of 50,000 variables, Random Forest correctly extracted all 16 bytes of the AES key. For a reduced set of 2,700 variables captured during the first round of the encryption, Random Forest achieved success rates as high as 100% for cross-device attacks on 40 PIC microcontrollers from four different device families. With further dimensionality reduction, Random Forest still outperformed classical template attack for this dataset, requiring fewer traces and achieving higher success rates with lower misclassification rate. The importance of analysing the system noise in choosing a classifier for profiling attack is examined and demonstrated through this work.
{"title":"Random Forest profiling attack on advanced encryption standard","authors":"Hiren J. Patel, R. Baldwin","doi":"10.1504/IJACT.2014.062740","DOIUrl":"https://doi.org/10.1504/IJACT.2014.062740","url":null,"abstract":"Random Forest, a non-parametric classifier, is proposed for byte-wise profiling attack on advanced encryption standard AES and shown to improve results on PIC microcontrollers, especially in high-dimensional variable spaces. It is shown in this research that data collected from 40 PIC microcontrollers exhibited highly non-Gaussian variables. For the full-dimensional dataset consisting of 50,000 variables, Random Forest correctly extracted all 16 bytes of the AES key. For a reduced set of 2,700 variables captured during the first round of the encryption, Random Forest achieved success rates as high as 100% for cross-device attacks on 40 PIC microcontrollers from four different device families. With further dimensionality reduction, Random Forest still outperformed classical template attack for this dataset, requiring fewer traces and achieving higher success rates with lower misclassification rate. The importance of analysing the system noise in choosing a classifier for profiling attack is examined and demonstrated through this work.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125512558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-06-01DOI: 10.1504/IJACT.2014.062736
Syed Taqi Ali, B. B. Amberker
Attribute-based group signature ABGS scheme is a group signature scheme where the group members possessing certain privileges attributes only are eligible for signing the document. In verifier-local revocation VLR schemes, only verifiers are involved in the revocation of a member, while signers are not. Backward unlinkability ensures that even after a member is revoked, signatures produced by the member before the revocation remain anonymous. There is an ABGS scheme with VLR feature in the literature but it neither supports backward unlinkability nor has attribute anonymity nor it is in standard model and moreover its signature length is not constant. We propose a VLR ABGS scheme with all these features in the standard model.
{"title":"Dynamic attribute-based group signature with verifier-local revocation and backward unlinkability in the standard model","authors":"Syed Taqi Ali, B. B. Amberker","doi":"10.1504/IJACT.2014.062736","DOIUrl":"https://doi.org/10.1504/IJACT.2014.062736","url":null,"abstract":"Attribute-based group signature ABGS scheme is a group signature scheme where the group members possessing certain privileges attributes only are eligible for signing the document. In verifier-local revocation VLR schemes, only verifiers are involved in the revocation of a member, while signers are not. Backward unlinkability ensures that even after a member is revoked, signatures produced by the member before the revocation remain anonymous. There is an ABGS scheme with VLR feature in the literature but it neither supports backward unlinkability nor has attribute anonymity nor it is in standard model and moreover its signature length is not constant. We propose a VLR ABGS scheme with all these features in the standard model.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114909931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-04-01DOI: 10.1504/IJACT.2013.053432
Huihui Yap, Khoongming Khoo, A. Poschmann
We propose two parallelisable variants of Camellia and SMS4 block ciphers based on the n-cell GF-NLFSR. The n-cell generalised Feistel-non-linear feedback shift register GF-NLFSR structure Choy et al., 2009a is a generalised unbalanced Feistel network that can be considered as a generalisation of the outer function FO of the KASUMI block cipher. An advantage of this cipher over other n-cell generalised Feistel networks, e.g., SMS4 Diffe and Ledin, 2008 and Camellia Aokiet al., 2001, is that it is parallelisable for up to n rounds. In hardware implementations, the benefits translate to speeding up encryption by up to n times while consuming similar area and significantly less power. At the same time, n-cell GF-NLFSR structures offer similar proofs of security against differential cryptanalysis as conventional n-cell Feistel structures. In this paper, we prove security against differential, linear and boomerang attacks. We also show that the selected number of rounds are conservative enough to provide high security margin against other known attacks such as integral, impossible differential, higher order differential, interpolation, slide, XSL and related-key differential attacks.
{"title":"Parallelisable variants of Camellia and SMS4 block cipher: p-Camellia and p-SMS4","authors":"Huihui Yap, Khoongming Khoo, A. Poschmann","doi":"10.1504/IJACT.2013.053432","DOIUrl":"https://doi.org/10.1504/IJACT.2013.053432","url":null,"abstract":"We propose two parallelisable variants of Camellia and SMS4 block ciphers based on the n-cell GF-NLFSR. The n-cell generalised Feistel-non-linear feedback shift register GF-NLFSR structure Choy et al., 2009a is a generalised unbalanced Feistel network that can be considered as a generalisation of the outer function FO of the KASUMI block cipher. An advantage of this cipher over other n-cell generalised Feistel networks, e.g., SMS4 Diffe and Ledin, 2008 and Camellia Aokiet al., 2001, is that it is parallelisable for up to n rounds. In hardware implementations, the benefits translate to speeding up encryption by up to n times while consuming similar area and significantly less power. At the same time, n-cell GF-NLFSR structures offer similar proofs of security against differential cryptanalysis as conventional n-cell Feistel structures. In this paper, we prove security against differential, linear and boomerang attacks. We also show that the selected number of rounds are conservative enough to provide high security margin against other known attacks such as integral, impossible differential, higher order differential, interpolation, slide, XSL and related-key differential attacks.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129779043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-04-01DOI: 10.1504/IJACT.2013.053434
S. Chatterjee, P. Sarkar
The paper proposes a HIBE scheme, which improves upon Waters' scheme from Eurocrypt 2005 by significantly reducing the size of the public parameters. The improvement is based on two ideas: 1 partitioning the identities in smaller blocks; 2 reusing public parameters. Modification of the basic HIBE scheme yields a CCA-secure hybrid HIBE where symmetric key authentication is used to eliminate costly pairing operations from the decryption algorithm. The protocols and the security arguments are recast in the most efficient asymmetric pairing setting where one gets several variants of the basic protocol with associated trade-offs in the ciphertext overhead and public parameter size. For practical security levels, the variants we obtain are currently the most efficient and practical among all other schemes which achieve similar security under the DBDH assumption. The basic idea provides improvements to the construction of other cryptographic primitives such as signatures, wildcard IBE and certificateless encryption.
{"title":"Practical hybrid (hierarchical) identity-based encryption schemes based on the decisional bilinear Diffie-Hellman assumption","authors":"S. Chatterjee, P. Sarkar","doi":"10.1504/IJACT.2013.053434","DOIUrl":"https://doi.org/10.1504/IJACT.2013.053434","url":null,"abstract":"The paper proposes a HIBE scheme, which improves upon Waters' scheme from Eurocrypt 2005 by significantly reducing the size of the public parameters. The improvement is based on two ideas: 1 partitioning the identities in smaller blocks; 2 reusing public parameters. Modification of the basic HIBE scheme yields a CCA-secure hybrid HIBE where symmetric key authentication is used to eliminate costly pairing operations from the decryption algorithm. The protocols and the security arguments are recast in the most efficient asymmetric pairing setting where one gets several variants of the basic protocol with associated trade-offs in the ciphertext overhead and public parameter size. For practical security levels, the variants we obtain are currently the most efficient and practical among all other schemes which achieve similar security under the DBDH assumption. The basic idea provides improvements to the construction of other cryptographic primitives such as signatures, wildcard IBE and certificateless encryption.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131350761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-04-01DOI: 10.1504/IJACT.2013.053433
Ayman Jarrous, Benny Pinkas
This paper examines secure two-party computation of functions, which depend only on the Hamming distance of the inputs of the two parties. We present efficient protocols for computing these functions. In particular, we present protocols which are secure in the sense of full simulatability against malicious adversaries. We then show applications of HDOT. These include protocols for checking similarity between documents without disclosing additional information about them these protocols are based on algorithms of Broder et al. for computing document similarity based on the Jaccard measure. Another application is a variant of symmetric private information retrieval SPIR, which can be used if the server's database contains N entries, at most N / logN of which have individual values, and the rest are set to some default value. The receiver does not learn whether it receives an individual value or the default value. This variant of PIR is unique since it can be based on the existence of OT alone.
{"title":"Secure computation of functionalities based on Hamming distance and its application to computing document similarity","authors":"Ayman Jarrous, Benny Pinkas","doi":"10.1504/IJACT.2013.053433","DOIUrl":"https://doi.org/10.1504/IJACT.2013.053433","url":null,"abstract":"This paper examines secure two-party computation of functions, which depend only on the Hamming distance of the inputs of the two parties. We present efficient protocols for computing these functions. In particular, we present protocols which are secure in the sense of full simulatability against malicious adversaries. We then show applications of HDOT. These include protocols for checking similarity between documents without disclosing additional information about them these protocols are based on algorithms of Broder et al. for computing document similarity based on the Jaccard measure. Another application is a variant of symmetric private information retrieval SPIR, which can be used if the server's database contains N entries, at most N / logN of which have individual values, and the rest are set to some default value. The receiver does not learn whether it receives an individual value or the default value. This variant of PIR is unique since it can be based on the existence of OT alone.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122650249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-07-01DOI: 10.1504/IJACT.2012.048084
M.M.J. Stevens, A. Lenstra, B. Weger
We present a novel, automated way to find differential paths for MD5. Its main application is in the construction of chosen-prefix collisions. We have shown how, at an approximate expected cost of 2
{"title":"Chosen-prefix collisions for MD5 and applications","authors":"M.M.J. Stevens, A. Lenstra, B. Weger","doi":"10.1504/IJACT.2012.048084","DOIUrl":"https://doi.org/10.1504/IJACT.2012.048084","url":null,"abstract":"We present a novel, automated way to find differential paths for MD5. Its main application is in the construction of chosen-prefix collisions. We have shown how, at an approximate expected cost of 2","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131215871","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-07-01DOI: 10.1504/IJACT.2012.048079
Qiang Tang
In this paper, we extend the work about public key encryption schemes supporting fine-grained authorisation (FG-PKEET), done by Tang (2011b). First of all, we correct some flaws in Tang (2011b) and discuss how to extend the proposed cryptosystem to support approximate equality test. Secondly, we present a comparison between FG-PKEET and other similar primitives including AoN-PKEET by Tang (2011a) and PKEET by Yang et al. (2010), and demonstrate their differences in complexity and achieved security. Thirdly, to mitigate the inherent offline message recovery attacks, we extend FG-PKEET to a two-proxy setting, where two proxies need to collaborate in order to perform an equality test. Finally, we propose a cryptosystem and prove its security in the two-proxy setting.
{"title":"Public key encryption schemes supporting equality test with authorisation of different granularity","authors":"Qiang Tang","doi":"10.1504/IJACT.2012.048079","DOIUrl":"https://doi.org/10.1504/IJACT.2012.048079","url":null,"abstract":"In this paper, we extend the work about public key encryption schemes supporting fine-grained authorisation (FG-PKEET), done by Tang (2011b). First of all, we correct some flaws in Tang (2011b) and discuss how to extend the proposed cryptosystem to support approximate equality test. Secondly, we present a comparison between FG-PKEET and other similar primitives including AoN-PKEET by Tang (2011a) and PKEET by Yang et al. (2010), and demonstrate their differences in complexity and achieved security. Thirdly, to mitigate the inherent offline message recovery attacks, we extend FG-PKEET to a two-proxy setting, where two proxies need to collaborate in order to perform an equality test. Finally, we propose a cryptosystem and prove its security in the two-proxy setting.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"146 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116338882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-07-01DOI: 10.1504/IJACT.2012.048083
Abdoul Aziz Ciss, Djiby Sow
A deterministic extractor for an elliptic curve, that converts a uniformly random point on the curve to a random bit-string with a uniform distribution, is an important tool in cryptography. Such extractors can be used for example in key derivation functions, in key exchange protocols and to design cryptographically secure pseudorandom number generator. In this paper, we present a simple and efficient deterministic extractor for an elliptic curve E defined over a non prime finite field. Our extractor, for a given random point P on the curve, outputs the k-first coefficients of the abscissa of the point P. This extractor confirms the two conjectures stated by Farashahi and Pellikaan (2007) and Farashahi et al. (2008), related to the extraction of bits from coordinates of a point of an elliptic curve. As applications of our extractor, we show under the decisional Diffie-Hellman problem on an elliptic curve defined over a finite field of characteristic two, that the k-first or the k-last bits of the abscissa of a random point on the curve are indistinguishable from a random bit-string of the same length.
{"title":"Randomness extraction in elliptic curves and secret key derivation at the end of Diffie-Hellman protocol","authors":"Abdoul Aziz Ciss, Djiby Sow","doi":"10.1504/IJACT.2012.048083","DOIUrl":"https://doi.org/10.1504/IJACT.2012.048083","url":null,"abstract":"A deterministic extractor for an elliptic curve, that converts a uniformly random point on the curve to a random bit-string with a uniform distribution, is an important tool in cryptography. Such extractors can be used for example in key derivation functions, in key exchange protocols and to design cryptographically secure pseudorandom number generator. In this paper, we present a simple and efficient deterministic extractor for an elliptic curve E defined over a non prime finite field. Our extractor, for a given random point P on the curve, outputs the k-first coefficients of the abscissa of the point P. This extractor confirms the two conjectures stated by Farashahi and Pellikaan (2007) and Farashahi et al. (2008), related to the extraction of bits from coordinates of a point of an elliptic curve. As applications of our extractor, we show under the decisional Diffie-Hellman problem on an elliptic curve defined over a finite field of characteristic two, that the k-first or the k-last bits of the abscissa of a random point on the curve are indistinguishable from a random bit-string of the same length.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123857180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: