Pub Date : 2012-02-01DOI: 10.1504/IJACT.2012.045589
K. Emura, A. Miyaji, Mohammad Shahriar Rahman
In SCN2010, Gagne, Narayan, and Safavi-Naini proposed attribute-based signcryption (ABSC) with threshold structure. As in ciphertext-policy attribute-based encryption (CP-ABE), an encryptor can specify the access structure of decryptors, and as in attribute-based signature (ABS), each decryptor can verify the encryptor's attributes. In contrast to the access structure of decryptors, the access structure of the encryptor needs to be fixed in the setup phase. In this paper, we propose ABSC with dynamic property, where access structures of encryptor can be updated flexibly without re-issuing secret keys of users. We call this primitive dynamic attribute-based signcryption (DABSC). Our DABSC scheme is secure in the standard model under the decision bilinear Diffie-Hellman assumption and the computational Diffie-Hellman assumption.
{"title":"Dynamic attribute-based signcryption without random oracles","authors":"K. Emura, A. Miyaji, Mohammad Shahriar Rahman","doi":"10.1504/IJACT.2012.045589","DOIUrl":"https://doi.org/10.1504/IJACT.2012.045589","url":null,"abstract":"In SCN2010, Gagne, Narayan, and Safavi-Naini proposed attribute-based signcryption (ABSC) with threshold structure. As in ciphertext-policy attribute-based encryption (CP-ABE), an encryptor can specify the access structure of decryptors, and as in attribute-based signature (ABS), each decryptor can verify the encryptor's attributes. In contrast to the access structure of decryptors, the access structure of the encryptor needs to be fixed in the setup phase. In this paper, we propose ABSC with dynamic property, where access structures of encryptor can be updated flexibly without re-issuing secret keys of users. We call this primitive dynamic attribute-based signcryption (DABSC). Our DABSC scheme is secure in the standard model under the decision bilinear Diffie-Hellman assumption and the computational Diffie-Hellman assumption.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122011687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-02-01DOI: 10.1504/IJACT.2012.045587
M. Hinek, Shaoquan Jiang, R. Safavi-Naini, S. F. Shahandashti
In this work, we consider the problem of key cloning in attribute-based encryption schemes. We introduce a new type of attribute-based encryption scheme, called token-based attribute-based encryption (tk-ABE) that provides strong deterrence for key cloning, in the sense that delegation of keys reveals some personal information about the user. It also has the feature that a misbehaving user can be easily revoked. We formalise the security requirements for such a scheme in terms of indistinguishability of the ciphertexts and two new security requirements which we call uncloneability and privacy-preserving. We construct a privacy-preserving uncloneable token-based attribute-based encryption scheme based on Cheung and Newport's ciphertext-policy attribute-based encryption scheme and prove the scheme satisfies the above three security requirements. We also introduce the notion of non-interactive uncloneable attribute-based encryption in order to remove the online token server in the tk-ABE. We then construct such a new scheme with provable security. It should be pointed out that, although our non-interactive scheme is token-free, the scheme does not have the capability to easily revoke users from the scheme. Hence, both types of schemes have their own merits of existence.
{"title":"Attribute-based encryption without key cloning","authors":"M. Hinek, Shaoquan Jiang, R. Safavi-Naini, S. F. Shahandashti","doi":"10.1504/IJACT.2012.045587","DOIUrl":"https://doi.org/10.1504/IJACT.2012.045587","url":null,"abstract":"In this work, we consider the problem of key cloning in attribute-based encryption schemes. We introduce a new type of attribute-based encryption scheme, called token-based attribute-based encryption (tk-ABE) that provides strong deterrence for key cloning, in the sense that delegation of keys reveals some personal information about the user. It also has the feature that a misbehaving user can be easily revoked. We formalise the security requirements for such a scheme in terms of indistinguishability of the ciphertexts and two new security requirements which we call uncloneability and privacy-preserving. We construct a privacy-preserving uncloneable token-based attribute-based encryption scheme based on Cheung and Newport's ciphertext-policy attribute-based encryption scheme and prove the scheme satisfies the above three security requirements. We also introduce the notion of non-interactive uncloneable attribute-based encryption in order to remove the online token server in the tk-ABE. We then construct such a new scheme with provable security. It should be pointed out that, although our non-interactive scheme is token-free, the scheme does not have the capability to easily revoke users from the scheme. Hence, both types of schemes have their own merits of existence.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"100 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116652247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-02-01DOI: 10.1504/IJACT.2012.045590
Joppe W. Bos, Marcelo E. Kaihara, T. Kleinjung, A. Lenstra, P. L. Montgomery
We describe a cell processor implementation of Pollard's rho method to solve discrete logarithms in groups of elliptic curves over prime fields. The implementation was used on a cluster of PlayStation 3 game consoles to set a new record. We present in detail the underlying single instruction multiple data modular arithmetic.
{"title":"Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction","authors":"Joppe W. Bos, Marcelo E. Kaihara, T. Kleinjung, A. Lenstra, P. L. Montgomery","doi":"10.1504/IJACT.2012.045590","DOIUrl":"https://doi.org/10.1504/IJACT.2012.045590","url":null,"abstract":"We describe a cell processor implementation of Pollard's rho method to solve discrete logarithms in groups of elliptic curves over prime fields. The implementation was used on a cluster of PlayStation 3 game consoles to set a new record. We present in detail the underlying single instruction multiple data modular arithmetic.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121886820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-07-05DOI: 10.1504/IJACT.2013.053435
J. Buchmann, Erik Dahmen, S. Ereth, Andreas Hülsing, M. Rückert
We show that the Winternitz one-time signature scheme is existentially unforgeable under adaptive chosen message attacks when instantiated with a family of pseudorandom functions. Our result halves the signature size at the same security level, compared to previous results, which require a collision resistant hash function. We also consider security in the strong sense and show that the Winternitz one-time signature scheme is strongly unforgeable assuming additional properties of the pseudorandom function family. In this context we formally define several key-based security notions for function families and investigate their relation to pseudorandomness. All our reductions are exact and in the standard model and can directly be used to estimate the output length of the hash function required to meet a certain security level.
{"title":"On the security of the Winternitz one-time signature scheme","authors":"J. Buchmann, Erik Dahmen, S. Ereth, Andreas Hülsing, M. Rückert","doi":"10.1504/IJACT.2013.053435","DOIUrl":"https://doi.org/10.1504/IJACT.2013.053435","url":null,"abstract":"We show that the Winternitz one-time signature scheme is existentially unforgeable under adaptive chosen message attacks when instantiated with a family of pseudorandom functions. Our result halves the signature size at the same security level, compared to previous results, which require a collision resistant hash function. We also consider security in the strong sense and show that the Winternitz one-time signature scheme is strongly unforgeable assuming additional properties of the pseudorandom function family. In this context we formally define several key-based security notions for function families and investigate their relation to pseudorandomness. All our reductions are exact and in the standard model and can directly be used to estimate the output length of the hash function required to meet a certain security level.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122188695","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-21DOI: 10.1504/IJACT.2014.062723
Daniel Loebenberger, Michael Nüsken
The key-generation algorithm for the RSA cryptosystem is specified in several standards, such as PKCS#1, IEEE 1363-2000, FIPS 186-3, ANSI X9.44, or ISO/IEC 18033-2. All of them substantially differ in their requirements. This indicates that for computing a 'secure' RSA modulus it does not matter how exactly one generates RSA integers. In this work, we show that this is indeed the case to a large extent. First, we give a theoretical framework that enables us to easily compute the entropy of the output distribution of the considered standards and show that it is comparatively high. To do so, we compute for each standard the number of integers they define up to an error of very small order and discuss different methods of generating integers of a specific form. Second, we show that factoring such integers is hard, provided factoring a product of two primes of similar size is hard.
{"title":"Notions for RSA integers","authors":"Daniel Loebenberger, Michael Nüsken","doi":"10.1504/IJACT.2014.062723","DOIUrl":"https://doi.org/10.1504/IJACT.2014.062723","url":null,"abstract":"The key-generation algorithm for the RSA cryptosystem is specified in several standards, such as PKCS#1, IEEE 1363-2000, FIPS 186-3, ANSI X9.44, or ISO/IEC 18033-2. All of them substantially differ in their requirements. This indicates that for computing a 'secure' RSA modulus it does not matter how exactly one generates RSA integers. In this work, we show that this is indeed the case to a large extent. First, we give a theoretical framework that enables us to easily compute the entropy of the output distribution of the considered standards and show that it is comparatively high. To do so, we compute for each standard the number of integers they define up to an error of very small order and discuss different methods of generating integers of a specific form. Second, we show that factoring such integers is hard, provided factoring a product of two primes of similar size is hard.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128065680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-07-01DOI: 10.1504/IJACT.2010.033795
A. M. Hagalisletto, Lars Strand
Many protocols running over the internet are neither formalised, nor formally analysed. The amount of documentation for telecommunication protocols used in real-life applications is huge, while the available analysis methods and tools require precise and clear-cut protocol clauses. A manual formalisation of the Session Initiation Protocol (SIP) used in Voice over IP (VoIP) applications is not feasible. Therefore, by combining the information retrieved from the specification documents published by the IETF and traces of real-world SIP traffic, we craft a formal specification of the protocol in addition to an implementation of the protocol. In the course of our work we detected several weaknesses, both of SIP call set-up and in the Asterisk implementation of the protocol. These weaknesses could be exploited and pose as a threat for authentication and non-repudiation of VoIP calls.
{"title":"Designing attacks on SIP call set-up","authors":"A. M. Hagalisletto, Lars Strand","doi":"10.1504/IJACT.2010.033795","DOIUrl":"https://doi.org/10.1504/IJACT.2010.033795","url":null,"abstract":"Many protocols running over the internet are neither formalised, nor formally analysed. The amount of documentation for telecommunication protocols used in real-life applications is huge, while the available analysis methods and tools require precise and clear-cut protocol clauses. A manual formalisation of the Session Initiation Protocol (SIP) used in Voice over IP (VoIP) applications is not feasible. Therefore, by combining the information retrieved from the specification documents published by the IETF and traces of real-world SIP traffic, we craft a formal specification of the protocol in addition to an implementation of the protocol. In the course of our work we detected several weaknesses, both of SIP call set-up and in the Asterisk implementation of the protocol. These weaknesses could be exploited and pose as a threat for authentication and non-repudiation of VoIP calls.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134539382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-07-01DOI: 10.1504/IJACT.2010.033799
Wentao Zhang, Bozhan Su, Wenling Wu, D. Feng
SMS4 is a 128-bit block cipher used in the WAPI standard in wireless networks in China. The cipher has attracted much attention in the past several years. This paper consists of two parts. The first part is on the design of the linear diffusion layer L of SMS4. Some observations on L are present, which open out the design rationales of L and such class functions to a great extent. The second part is on the differential attack against SMS4. An effective 19-round differential characteristic is presented. Then, a simple differential attack on 23-round SMS4 is given, which is the best known attack on SMS4 so far.
{"title":"Some results on cryptanalysis of SMS4 block cipher","authors":"Wentao Zhang, Bozhan Su, Wenling Wu, D. Feng","doi":"10.1504/IJACT.2010.033799","DOIUrl":"https://doi.org/10.1504/IJACT.2010.033799","url":null,"abstract":"SMS4 is a 128-bit block cipher used in the WAPI standard in wireless networks in China. The cipher has attracted much attention in the past several years. This paper consists of two parts. The first part is on the design of the linear diffusion layer L of SMS4. Some observations on L are present, which open out the design rationales of L and such class functions to a great extent. The second part is on the differential attack against SMS4. An effective 19-round differential characteristic is presented. Then, a simple differential attack on 23-round SMS4 is given, which is the best known attack on SMS4 so far.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132130330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-07-01DOI: 10.1504/IJACT.2010.033800
E. Fleischmann, C. Forler, M. Gorski, S. Lucks
In this paper we present TWISTER π, a framework for hash functions. It is an improved version of TWISTER, a candidate of the NIST SHA-3 hash function competition. TWISTER π is built upon the ideas of wide pipe and sponge functions. The core of this framework is a – very easy to analyse – Twister-Round providing both extremely fast diffusion as well as collision-freeness for one internal Twister-Round. The total security level is claimed to be not below 2 n/2 for collision attacks and 2 n for (2nd) pre-image attacks. TWISTER π instantiations are secure against all known generic attacks. We also propose two instances TWISTER π-n for hash output sizes n = 256 and n = 512. These instantiations are highly optimised for 64-bit architectures and run very fast in hardware and software, e.g TWISTER π-256 is faster than SHA2-256 on 64-bit platforms and TWISTER π-512 is faster than SHA2-512 on 32-bit platforms. Furthermore, TWISTER π scales very well on low-end platforms.
{"title":"TWISTERpi - a framework for secure and fast hash functions","authors":"E. Fleischmann, C. Forler, M. Gorski, S. Lucks","doi":"10.1504/IJACT.2010.033800","DOIUrl":"https://doi.org/10.1504/IJACT.2010.033800","url":null,"abstract":"In this paper we present TWISTER π, a framework for hash functions. It is an improved version of TWISTER, a candidate of the NIST SHA-3 hash function competition. TWISTER π is built upon the ideas of wide pipe and sponge functions. The core of this framework is a – very easy to analyse – Twister-Round providing both extremely fast diffusion as well as collision-freeness for one internal Twister-Round. The total security level is claimed to be not below 2 n/2 for collision attacks and 2 n for (2nd) pre-image attacks. TWISTER π instantiations are secure against all known generic attacks. We also propose two instances TWISTER π-n for hash output sizes n = 256 and n = 512. These instantiations are highly optimised for 64-bit architectures and run very fast in hardware and software, e.g TWISTER π-256 is faster than SHA2-256 on 64-bit platforms and TWISTER π-512 is faster than SHA2-512 on 32-bit platforms. Furthermore, TWISTER π scales very well on low-end platforms.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"193 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127560502","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-07-01DOI: 10.1504/IJACT.2010.033794
Shaoying Cai, Yingjiu Li, Tieyan Li, R. Deng, Haixia Yao
While RFID technology has greatly facilitated visible supply chain management, designing a secure and efficient RFID-tagged supply chain system is still a challenge. To achieve high security and efficiency at the same time, we categorise RFID-tagged supply chain environments in two security levels and design an RFID-tagged supply chain system accordingly. In the relatively secure environment, our system is set to the weak security mode, and the tagged products can be processed in a highly efficient manner. While in the less secure environment, our system is tuned into the strong security mode so as to maintain a high level of security with its efficiency lower than that in the weak security mode. A set of RFID protocols are designed to enable the duel security modes.
{"title":"Achieving high security and efficiency in RFID-tagged supply chains","authors":"Shaoying Cai, Yingjiu Li, Tieyan Li, R. Deng, Haixia Yao","doi":"10.1504/IJACT.2010.033794","DOIUrl":"https://doi.org/10.1504/IJACT.2010.033794","url":null,"abstract":"While RFID technology has greatly facilitated visible supply chain management, designing a secure and efficient RFID-tagged supply chain system is still a challenge. To achieve high security and efficiency at the same time, we categorise RFID-tagged supply chain environments in two security levels and design an RFID-tagged supply chain system accordingly. In the relatively secure environment, our system is set to the weak security mode, and the tagged products can be processed in a highly efficient manner. While in the less secure environment, our system is tuned into the strong security mode so as to maintain a high level of security with its efficiency lower than that in the weak security mode. A set of RFID protocols are designed to enable the duel security modes.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122832178","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-08-01DOI: 10.1504/IJACT.2009.028027
Jianyong Huang, J. Seberry, W. Susilo
We present a five-round algebraic property of the advanced encryption standard (AES), and we show that this algebraic property can be used to analyse the internal structure of ALPHA-MAC whose underlying block cipher is AES. In the proposed property, we modify 20 bytes from five intermediate values at some fixed locations in five consecutive rounds, and we show that after five rounds of operations, such modifications do not change the intermediate result and finally, still produce the same ciphertext. By employing the proposed five-round algebraic property of AES, we provide a method to find second preimages of the ALPHA-MAC based on the assumption that a key or an intermediate value is known. We also show that our idea can also be used to find internal collisions of the ALPHA-MAC under the same assumption.
{"title":"A five-round algebraic property of AES and its application to the ALPHA-MAC","authors":"Jianyong Huang, J. Seberry, W. Susilo","doi":"10.1504/IJACT.2009.028027","DOIUrl":"https://doi.org/10.1504/IJACT.2009.028027","url":null,"abstract":"We present a five-round algebraic property of the advanced encryption standard (AES), and we show that this algebraic property can be used to analyse the internal structure of ALPHA-MAC whose underlying block cipher is AES. In the proposed property, we modify 20 bytes from five intermediate values at some fixed locations in five consecutive rounds, and we show that after five rounds of operations, such modifications do not change the intermediate result and finally, still produce the same ciphertext. By employing the proposed five-round algebraic property of AES, we provide a method to find second preimages of the ALPHA-MAC based on the assumption that a key or an intermediate value is known. We also show that our idea can also be used to find internal collisions of the ALPHA-MAC under the same assumption.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133149978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: