Pub Date : 2008-11-01DOI: 10.1504/IJACT.2008.021082
M. Burmester, B. D. Medeiros, Rossana Motta
In the absence of sufficiently optimised public key constructions, anonymous authentication for Radio-Frequency Identification Devices (RFIDs) requires state synchronisation between tags and a trusted server. Active adversaries disrupt this synchrony, making a recovery strategy necessary. In some protocols, tags recover by replaying previously used values, thus compromising unlinkability of their transcripts; other schemes require servers to search through the set of issued keys, incurring costs that are not constant with the number of legitimate tags. This article describes an approach based on a lightweight trapdoor one-way function from modular squaring. The solution exploits the fact that synchrony can be recovered even if tags are endowed with only the ability to perform public-key operations, whilst the trusted server is capable of trapdoor computations. The construction is provably secure and generic, transforming any anonymous, challenge-response RFID authentication protocol into another that is robust against active adversaries and supports constant key-lookup cost.
{"title":"Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries","authors":"M. Burmester, B. D. Medeiros, Rossana Motta","doi":"10.1504/IJACT.2008.021082","DOIUrl":"https://doi.org/10.1504/IJACT.2008.021082","url":null,"abstract":"In the absence of sufficiently optimised public key constructions, anonymous authentication for Radio-Frequency Identification Devices (RFIDs) requires state synchronisation between tags and a trusted server. Active adversaries disrupt this synchrony, making a recovery strategy necessary. In some protocols, tags recover by replaying previously used values, thus compromising unlinkability of their transcripts; other schemes require servers to search through the set of issued keys, incurring costs that are not constant with the number of legitimate tags. This article describes an approach based on a lightweight trapdoor one-way function from modular squaring. The solution exploits the fact that synchrony can be recovered even if tags are endowed with only the ability to perform public-key operations, whilst the trusted server is capable of trapdoor computations. The construction is provably secure and generic, transforming any anonymous, challenge-response RFID authentication protocol into another that is robust against active adversaries and supports constant key-lookup cost.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114530267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-01DOI: 10.1504/IJACT.2008.021085
T. Plantard, W. Susilo, K. Win, Qiong Huang
In Crypto 1997, Goldreich, Goldwasser and Halevi (GGH) proposed a lattice analogue of McEliece public key cryptosystem, in which security is related to the hardness of approximating the Closest Vector Problem in a lattice. Furthermore, they also described how to use the same principle of their encryption scheme to provide a signature scheme. Practically, this cryptosystem uses the Euclidean norm, l2-norm, which has been used in many algorithms based on lattice theory. Nonetheless, many drawbacks have been studied and these could lead to cryptanalysis of the scheme. In this article, we present a novel method of reducing a vector under the l∞-norm and propose a digital signature scheme based on it. Our scheme takes advantage of the l∞-norm to increase the resistance of the GGH scheme and to decrease the signature length. Furthermore, after some other improvements, we obtain a very efficient signature scheme, that trades the security level, speed and space.
{"title":"Efficient lattice-based signature scheme","authors":"T. Plantard, W. Susilo, K. Win, Qiong Huang","doi":"10.1504/IJACT.2008.021085","DOIUrl":"https://doi.org/10.1504/IJACT.2008.021085","url":null,"abstract":"In Crypto 1997, Goldreich, Goldwasser and Halevi (GGH) proposed a lattice analogue of McEliece public key cryptosystem, in which security is related to the hardness of approximating the Closest Vector Problem in a lattice. Furthermore, they also described how to use the same principle of their encryption scheme to provide a signature scheme. Practically, this cryptosystem uses the Euclidean norm, l2-norm, which has been used in many algorithms based on lattice theory. Nonetheless, many drawbacks have been studied and these could lead to cryptanalysis of the scheme. In this article, we present a novel method of reducing a vector under the l∞-norm and propose a digital signature scheme based on it. Our scheme takes advantage of the l∞-norm to increase the resistance of the GGH scheme and to decrease the signature length. Furthermore, after some other improvements, we obtain a very efficient signature scheme, that trades the security level, speed and space.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125774955","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-07-07DOI: 10.1504/IJACT.2009.023472
A. Menezes, Berkant Ustaoglu
In the pre-specified peer model for key agreement, it is assumed that a party knows the identifier of its intended communicating peer when it commences a protocol run. On the other hand, a party in the post-specified peer model for key agreement does not know the identifier of its communicating peer at the outset, but learns the identifier during the protocol run. In this paper we compare the security assurances provided by the Canetti-Krawczyk security definitions for key agreement in the pre- and post-specified peer models. We give examples of protocols that are secure in one model but insecure in the other. We also enhance the Canetti-Krawczyk security models and definitions to encompass a class of protocols that are executable and secure in both the pre- and post-specified peer models.
{"title":"Comparing the pre- and post-specified peer models for key agreement","authors":"A. Menezes, Berkant Ustaoglu","doi":"10.1504/IJACT.2009.023472","DOIUrl":"https://doi.org/10.1504/IJACT.2009.023472","url":null,"abstract":"In the pre-specified peer model for key agreement, it is assumed that a party knows the identifier of its intended communicating peer when it commences a protocol run. On the other hand, a party in the post-specified peer model for key agreement does not know the identifier of its communicating peer at the outset, but learns the identifier during the protocol run. In this paper we compare the security assurances provided by the Canetti-Krawczyk security definitions for key agreement in the pre- and post-specified peer models. We give examples of protocols that are secure in one model but insecure in the other. We also enhance the Canetti-Krawczyk security models and definitions to encompass a class of protocols that are executable and secure in both the pre- and post-specified peer models.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127855386","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-07-01DOI: 10.1504/IJACT.2008.021084
Qiong Huang, D. Wong
Certificateless cryptography is a promising technology for solving the key escrow problem in identity-based cryptography. However, the lack of a unified set of definitions and security models currently hinders its progression as much effort has been put on refining the definitions and looking for an appropriate and practical security models. In this article, we aim to contribute on unifying the definitions and security models for Certificateless Encryption (CLE) schemes. First, we show that the original seven-algorithm definition is equivalent to a simplified five-algorithm definition. We believe that this simplified definition may lead to more compact and efficient implementations in practice and also help in the effort of standardisation of CLE. Secondly, we show that a CLE scheme cannot be both malicious Key Generation Center (KGC) secure and strongly secure in the standard model. Due to the practicality and attacking significance of malicious KGC security; and the uncertainty of how practical the strong security is, we, therefore, suggest constructing practical CLE schemes to be malicious KGC secure. Finally, we propose to formalise a new adversarial capability called partial key replacement attack into the security models and show that our generic scheme proposed recently is secure against this new type of attacks.
{"title":"On the relation among various security models for certificateless cryptography","authors":"Qiong Huang, D. Wong","doi":"10.1504/IJACT.2008.021084","DOIUrl":"https://doi.org/10.1504/IJACT.2008.021084","url":null,"abstract":"Certificateless cryptography is a promising technology for solving the key escrow problem in identity-based cryptography. However, the lack of a unified set of definitions and security models currently hinders its progression as much effort has been put on refining the definitions and looking for an appropriate and practical security models. In this article, we aim to contribute on unifying the definitions and security models for Certificateless Encryption (CLE) schemes. First, we show that the original seven-algorithm definition is equivalent to a simplified five-algorithm definition. We believe that this simplified definition may lead to more compact and efficient implementations in practice and also help in the effort of standardisation of CLE. Secondly, we show that a CLE scheme cannot be both malicious Key Generation Center (KGC) secure and strongly secure in the standard model. Due to the practicality and attacking significance of malicious KGC security; and the uncertainty of how practical the strong security is, we, therefore, suggest constructing practical CLE schemes to be malicious KGC secure. Finally, we propose to formalise a new adversarial capability called partial key replacement attack into the security models and show that our generic scheme proposed recently is secure against this new type of attacks.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129376202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-02-01DOI: 10.1504/IJACT.2008.017047
Xavier Boyen
This paper surveys the practical benefits and drawbacks of several identity-based encryption schemes based on bilinear pairings. After providing some background on identity-based cryptography, we classify the known constructions into a handful of general approaches. We then describe efficient and fully secure IBE and IBKEM instantiations of each approach, with reducibility to practice as the main design parameter. Finally, we catalogue the strengths and weaknesses of each construction according to a few theoretical and many applied comparison criteria.
{"title":"A tapestry of identity-based encryption: practical frameworks compared","authors":"Xavier Boyen","doi":"10.1504/IJACT.2008.017047","DOIUrl":"https://doi.org/10.1504/IJACT.2008.017047","url":null,"abstract":"This paper surveys the practical benefits and drawbacks of several identity-based encryption schemes based on bilinear pairings. After providing some background on identity-based cryptography, we classify the known constructions into a handful of general approaches. We then describe efficient and fully secure IBE and IBKEM instantiations of each approach, with reducibility to practice as the main design parameter. Finally, we catalogue the strengths and weaknesses of each construction according to a few theoretical and many applied comparison criteria.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"2 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122712092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-02-01DOI: 10.1504/IJACT.2008.017052
Yusuke Okada, Yoshifumi Manabe, T. Okamoto
Fair exchange protocols allow both or neither of two parties to obtain the other's items, and this property is essential in e-commerce. In this paper, we construct an optimistic fair exchange protocol that is applicable to any digital signature by prescribing three forms of signatures, namely presignature, post-signature and notarised signature. We set an expiration date for presignature, and thus realise the timely termination of the protocol. Next, we define an ideal functionality of fair exchange protocols in the universal composability framework. Then, we construct an optimistic fair exchange protocol based on the above protocol, and prove its security in the universal composability framework.
{"title":"An optimistic fair exchange protocol and its security in the universal composability framework","authors":"Yusuke Okada, Yoshifumi Manabe, T. Okamoto","doi":"10.1504/IJACT.2008.017052","DOIUrl":"https://doi.org/10.1504/IJACT.2008.017052","url":null,"abstract":"Fair exchange protocols allow both or neither of two parties to obtain the other's items, and this property is essential in e-commerce. In this paper, we construct an optimistic fair exchange protocol that is applicable to any digital signature by prescribing three forms of signatures, namely presignature, post-signature and notarised signature. We set an expiration date for presignature, and thus realise the timely termination of the protocol. Next, we define an ideal functionality of fair exchange protocols in the universal composability framework. Then, we construct an optimistic fair exchange protocol based on the above protocol, and prove its security in the universal composability framework.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116946429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-02-01DOI: 10.1504/IJACT.2008.017049
G. Leurent
Hash functions are used in many cryptographic constructions under various assumptions, and the practical impact of collision attacks is often unclear. In this paper, we show how collisions can be used to recover part of the password used in the APOP authentication protocol. Since we actually need a little more than mere collisions, we look into the details of MD5 collisions. In Wang's attack, message modifications allow to deterministically satisfy certain sufficient conditions to find collisions efficiently. Unfortunately, message modifications significantly change the messages and one has little control over the colliding blocks. In this paper, we show how to choose small parts of the colliding messages, which will allow to build the APOP attack. This shows that collision attacks can be used to attack real protocols, which means that finding collisions is a real threat.
{"title":"Practical key-recovery attack against APOP, an MD5-based challenge-response authentication","authors":"G. Leurent","doi":"10.1504/IJACT.2008.017049","DOIUrl":"https://doi.org/10.1504/IJACT.2008.017049","url":null,"abstract":"Hash functions are used in many cryptographic constructions under various assumptions, and the practical impact of collision attacks is often unclear. In this paper, we show how collisions can be used to recover part of the password used in the APOP authentication protocol. Since we actually need a little more than mere collisions, we look into the details of MD5 collisions. In Wang's attack, message modifications allow to deterministically satisfy certain sufficient conditions to find collisions efficiently. Unfortunately, message modifications significantly change the messages and one has little control over the colliding blocks. In this paper, we show how to choose small parts of the colliding messages, which will allow to build the APOP attack. This shows that collision attacks can be used to attack real protocols, which means that finding collisions is a real threat.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127136445","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-02-01DOI: 10.1504/IJACT.2008.017048
I. Damgård, M. Geisler, Mikkel Krøigaard
We propose a protocol for secure comparison of integers based on homomorphic encryption. We also propose a homomorphic encryption scheme that can be used in our protocol, makes it more efficient than previous solutions, and can also be used as the basis of efficient and general secure Multiparty Computation (MPC). We show how our comparison protocol can be used to improve security of online auctions, and demonstrate that it is efficient enough to be used in practice. For comparison of 16 bits numbers with security based on 1024 bits RSA (executed by two parties), our implementation takes 0.28 sec including all computation and communication. Using precomputation, one can save a factor of roughly 10.
{"title":"Homomorphic encryption and secure comparison","authors":"I. Damgård, M. Geisler, Mikkel Krøigaard","doi":"10.1504/IJACT.2008.017048","DOIUrl":"https://doi.org/10.1504/IJACT.2008.017048","url":null,"abstract":"We propose a protocol for secure comparison of integers based on homomorphic encryption. We also propose a homomorphic encryption scheme that can be used in our protocol, makes it more efficient than previous solutions, and can also be used as the basis of efficient and general secure Multiparty Computation (MPC). We show how our comparison protocol can be used to improve security of online auctions, and demonstrate that it is efficient enough to be used in practice. For comparison of 16 bits numbers with security based on 1024 bits RSA (executed by two parties), our implementation takes 0.28 sec including all computation and communication. Using precomputation, one can save a factor of roughly 10.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123413492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1504/ijact.2022.10056082
Shardha Porwal, Sangeeta Mittal
{"title":"Authority revocation scheme for MA-CP-ABE-based secure communication in IoMT ecosystem","authors":"Shardha Porwal, Sangeeta Mittal","doi":"10.1504/ijact.2022.10056082","DOIUrl":"https://doi.org/10.1504/ijact.2022.10056082","url":null,"abstract":"","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126489150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1504/IJACT.2017.10010315
A. Lenstra, B. Wesolowski
Many applications require trustworthy generation of public random numbers. It is shown how this can be achieved using a hash function that is timed to be as slow as desired (sloth), while the correctness of the resulting hash can be verified quickly. It is shown how sloth can be used for uncontestable random number generation (unicorn), and how unicorn can be used for a new trustworthy random elliptic curves service (trx) and random-sample voting.
{"title":"Trustworthy public randomness with sloth, unicorn, and trx","authors":"A. Lenstra, B. Wesolowski","doi":"10.1504/IJACT.2017.10010315","DOIUrl":"https://doi.org/10.1504/IJACT.2017.10010315","url":null,"abstract":"Many applications require trustworthy generation of public random numbers. It is shown how this can be achieved using a hash function that is timed to be as slow as desired (sloth), while the correctness of the resulting hash can be verified quickly. It is shown how sloth can be used for uncontestable random number generation (unicorn), and how unicorn can be used for a new trustworthy random elliptic curves service (trx) and random-sample voting.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127638910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: