Pub Date : 2024-01-05DOI: 10.3390/cryptography8010002
Devanshi Upadhyaya, Mael Gay, Ilia Polian
Hardware implementations of cryptographic primitives require protection against physical attacks and supply chain threats. This raises the question of secure composability of different attack countermeasures, i.e., whether protecting a circuit against one threat can make it more vulnerable against a different threat. In this article, we study the consequences of applying logic locking, a popular design-for-trust solution against intellectual property piracy and overproduction, to cryptographic circuits. We show that the ability to unlock the circuit incorrectly gives the adversary new powerful attack options. We introduce LEDFA (locking-enabled differential fault analysis) and demonstrate for several ciphers and families of locking schemes that fault attacks become possible (or consistently easier) for incorrectly unlocked circuits. In several cases, logic locking has made circuit implementations prone to classical algebraic attacks with no fault injection needed altogether. We refer to this “zero-fault” version of LEDFA by the term LEDA, investigate its success factors in-depth and propose a countermeasure to protect the logic-locked implementations against LEDA. We also perform test vector leakage assessment (TVLA) of incorrectly unlocked AES implementations to show the effects of logic locking regarding side-channel leakage. Our results indicate that logic locking is not safe to use in cryptographic circuits, making them less rather than more secure.
{"title":"Locking-Enabled Security Analysis of Cryptographic Circuits","authors":"Devanshi Upadhyaya, Mael Gay, Ilia Polian","doi":"10.3390/cryptography8010002","DOIUrl":"https://doi.org/10.3390/cryptography8010002","url":null,"abstract":"Hardware implementations of cryptographic primitives require protection against physical attacks and supply chain threats. This raises the question of secure composability of different attack countermeasures, i.e., whether protecting a circuit against one threat can make it more vulnerable against a different threat. In this article, we study the consequences of applying logic locking, a popular design-for-trust solution against intellectual property piracy and overproduction, to cryptographic circuits. We show that the ability to unlock the circuit incorrectly gives the adversary new powerful attack options. We introduce LEDFA (locking-enabled differential fault analysis) and demonstrate for several ciphers and families of locking schemes that fault attacks become possible (or consistently easier) for incorrectly unlocked circuits. In several cases, logic locking has made circuit implementations prone to classical algebraic attacks with no fault injection needed altogether. We refer to this “zero-fault” version of LEDFA by the term LEDA, investigate its success factors in-depth and propose a countermeasure to protect the logic-locked implementations against LEDA. We also perform test vector leakage assessment (TVLA) of incorrectly unlocked AES implementations to show the effects of logic locking regarding side-channel leakage. Our results indicate that logic locking is not safe to use in cryptographic circuits, making them less rather than more secure.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":"18 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139383498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-12-21DOI: 10.3390/cryptography8010001
R. Selvam, Akhilesh Tyagi
Over the past decade, significant research has been performed on power side-channel mitigation techniques. Logic families based on secret sharing schemes, such as t-private logic, that serve to secure cryptographic implementations against power side-channel attacks represent one such countermeasure. These mitigation techniques are applicable at various design abstraction levels—algorithm, architecture, logic, physical, and gate levels. One research question is when can the two mitigation techniques from different design abstraction levels be employed together gainfully? We explore this notion of the orthogonality of two mitigation techniques with respect to the RNS secure logic, a logic level power side-channel mitigation technique, and power distribution network (PDN), with the decoupling capacitance, a mitigation technique at physical level. Machine learning (ML) algorithms are employed to measure the effectiveness of power side-channel attacks in terms of the success rate of the adversary. The RNS protected LED block cipher round function is implemented as the test circuit in both tree-style and grid-style PDN using the FreePDK 45 nm technology library. The results show that the success rate of an unsecured base design 68.96% for naive Bayes, 67.44% with linear discriminant analysis, 67.51% for quadratic discriminant analysis, and 66.58% for support vector machine. It is reduced to a success rate of 19.68% for naive Bayes, 19.62% with linear discriminant analysis, 19.10% for quadratic discriminant analysis, and 10.54% in support vector machine. Grid-type PDN shows a slightly better reduction in success rate compared to the tree-style PDN.
{"title":"Residue Number System (RNS) and Power Distribution Network Topology-Based Mitigation of Power Side-Channel Attacks","authors":"R. Selvam, Akhilesh Tyagi","doi":"10.3390/cryptography8010001","DOIUrl":"https://doi.org/10.3390/cryptography8010001","url":null,"abstract":"Over the past decade, significant research has been performed on power side-channel mitigation techniques. Logic families based on secret sharing schemes, such as t-private logic, that serve to secure cryptographic implementations against power side-channel attacks represent one such countermeasure. These mitigation techniques are applicable at various design abstraction levels—algorithm, architecture, logic, physical, and gate levels. One research question is when can the two mitigation techniques from different design abstraction levels be employed together gainfully? We explore this notion of the orthogonality of two mitigation techniques with respect to the RNS secure logic, a logic level power side-channel mitigation technique, and power distribution network (PDN), with the decoupling capacitance, a mitigation technique at physical level. Machine learning (ML) algorithms are employed to measure the effectiveness of power side-channel attacks in terms of the success rate of the adversary. The RNS protected LED block cipher round function is implemented as the test circuit in both tree-style and grid-style PDN using the FreePDK 45 nm technology library. The results show that the success rate of an unsecured base design 68.96% for naive Bayes, 67.44% with linear discriminant analysis, 67.51% for quadratic discriminant analysis, and 66.58% for support vector machine. It is reduced to a success rate of 19.68% for naive Bayes, 19.62% with linear discriminant analysis, 19.10% for quadratic discriminant analysis, and 10.54% in support vector machine. Grid-type PDN shows a slightly better reduction in success rate compared to the tree-style PDN.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":"42 3","pages":""},"PeriodicalIF":1.6,"publicationDate":"2023-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138950009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-12-14DOI: 10.3390/cryptography7040063
Li Duan, Yong Li, Lijun Liao
We propose highly efficient certificate-less (CL) protocols for the infrastructure used by authenticated key exchange (AKE). The construction is based on elliptic curves (EC) without pairing, which means it can be easily supported by most industrial cryptography libraries on constrained devices. Compared with other pairing-free CL solutions, the new CL-AKE protocol enjoys the least number of scalar multiplications over EC groups. We use a unified game-based model to formalize the security of each protocol, while most previous works only assess the security against a list of attacks, provide informal theorems without proper modeling, or use separate models for protocols in different stages. We also present an efficient integration of the core protocols into the TLS cipher suites and a stand-alone implementation for constrained devices. The performance is evaluated on constrained devices in real-world settings, which further confirms the efficiency of our proposal.
{"title":"Practical Certificate-Less Infrastructure with Application in TLS","authors":"Li Duan, Yong Li, Lijun Liao","doi":"10.3390/cryptography7040063","DOIUrl":"https://doi.org/10.3390/cryptography7040063","url":null,"abstract":"We propose highly efficient certificate-less (CL) protocols for the infrastructure used by authenticated key exchange (AKE). The construction is based on elliptic curves (EC) without pairing, which means it can be easily supported by most industrial cryptography libraries on constrained devices. Compared with other pairing-free CL solutions, the new CL-AKE protocol enjoys the least number of scalar multiplications over EC groups. We use a unified game-based model to formalize the security of each protocol, while most previous works only assess the security against a list of attacks, provide informal theorems without proper modeling, or use separate models for protocols in different stages. We also present an efficient integration of the core protocols into the TLS cipher suites and a stand-alone implementation for constrained devices. The performance is evaluated on constrained devices in real-world settings, which further confirms the efficiency of our proposal.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":"1 8","pages":""},"PeriodicalIF":1.6,"publicationDate":"2023-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138972137","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Voters use traditional paper ballots, a method limited by the factors of time and space, to ensure their voting rights are exercised; this method requires a lot of manpower and resources. Duplicate voting problems may also occur, meaning the transparency and reliability of the voting results cannot be guaranteed. With the rapid developments in science and technology, E-voting system technology is being adopted more frequently in election activities. However, E-voting systems still cannot address the verifiability of the election process; the results of a given election and the credibility of the host organization will be questioned if the election’s verifiability cannot be ensured. Elections may also pose a series of problems related to privacy, security, and so on. To address these issues, this paper presents a public, and verifiable E-voting system with hidden statistics; this system is based on commitment, zk-SNARKs, and machine learning. The system can deal with a large number of candidates, complex voting methods, and result functions in counting both hidden and public votes and can satisfy the requirements of verifiability, privacy, security, and intelligence. Our security analysis shows that our scheme achieves privacy, hidden vote counting and verifiability. Our performance evaluation demonstrates that our system has reasonable applications in real scenarios.
{"title":"A Publicly Verifiable E-Voting System Based on Biometrics","authors":"Jinhui Liu, Tianyi Han, Maolin Tan, Bo Tang, Wei Hu, Yong Yu","doi":"10.3390/cryptography7040062","DOIUrl":"https://doi.org/10.3390/cryptography7040062","url":null,"abstract":"Voters use traditional paper ballots, a method limited by the factors of time and space, to ensure their voting rights are exercised; this method requires a lot of manpower and resources. Duplicate voting problems may also occur, meaning the transparency and reliability of the voting results cannot be guaranteed. With the rapid developments in science and technology, E-voting system technology is being adopted more frequently in election activities. However, E-voting systems still cannot address the verifiability of the election process; the results of a given election and the credibility of the host organization will be questioned if the election’s verifiability cannot be ensured. Elections may also pose a series of problems related to privacy, security, and so on. To address these issues, this paper presents a public, and verifiable E-voting system with hidden statistics; this system is based on commitment, zk-SNARKs, and machine learning. The system can deal with a large number of candidates, complex voting methods, and result functions in counting both hidden and public votes and can satisfy the requirements of verifiability, privacy, security, and intelligence. Our security analysis shows that our scheme achieves privacy, hidden vote counting and verifiability. Our performance evaluation demonstrates that our system has reasonable applications in real scenarios.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":"8 11 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2023-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139220718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-23DOI: 10.3390/cryptography7040061
Mingfei Yu, Dewmini Sudara Marakkalage, Giovanni De Micheli
Garbled circuit (GC) is one of the few promising protocols to realize general-purpose secure computation. The target computation is represented by a Boolean circuit that is subsequently transformed into a network of encrypted tables for execution. The need for distributing GCs among parties, however, requires excessive data communication, called garbling cost, which bottlenecks system performance. Due to the zero garbling cost of XOR operations, existing works reduce garbling cost by representing the target computation as the XOR-AND graph (XAG) with minimal structural multiplicative complexity (MC). Starting with a thorough study of the cipher-text efficiency of different types of logic primitives, for the first time, we propose XOR-OneHot graph (X1G) as a suitable logic representation for the generation of low-cost GCs. Our contribution includes (a) an exact algorithm to synthesize garbling-cost-optimal X1G implementations for small-scale functions and (b) a set of logic optimization algorithms customized for X1Gs, which together form a robust optimization flow that delivers high-quality X1Gs for practical functions. The effectiveness of the proposals is evidenced by comprehensive evaluations: compared with the state of the art, 7.34%, 26.14%, 13.51%, and 4.34% reductions in garbling costs are achieved on average for the involved benchmark suites, respectively, with reasonable runtime overheads.
{"title":"Garbled Circuits Reimagined: Logic Synthesis Unleashes Efficient Secure Computation","authors":"Mingfei Yu, Dewmini Sudara Marakkalage, Giovanni De Micheli","doi":"10.3390/cryptography7040061","DOIUrl":"https://doi.org/10.3390/cryptography7040061","url":null,"abstract":"Garbled circuit (GC) is one of the few promising protocols to realize general-purpose secure computation. The target computation is represented by a Boolean circuit that is subsequently transformed into a network of encrypted tables for execution. The need for distributing GCs among parties, however, requires excessive data communication, called garbling cost, which bottlenecks system performance. Due to the zero garbling cost of XOR operations, existing works reduce garbling cost by representing the target computation as the XOR-AND graph (XAG) with minimal structural multiplicative complexity (MC). Starting with a thorough study of the cipher-text efficiency of different types of logic primitives, for the first time, we propose XOR-OneHot graph (X1G) as a suitable logic representation for the generation of low-cost GCs. Our contribution includes (a) an exact algorithm to synthesize garbling-cost-optimal X1G implementations for small-scale functions and (b) a set of logic optimization algorithms customized for X1Gs, which together form a robust optimization flow that delivers high-quality X1Gs for practical functions. The effectiveness of the proposals is evidenced by comprehensive evaluations: compared with the state of the art, 7.34%, 26.14%, 13.51%, and 4.34% reductions in garbling costs are achieved on average for the involved benchmark suites, respectively, with reasonable runtime overheads.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":"66 ","pages":""},"PeriodicalIF":1.6,"publicationDate":"2023-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139245423","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper conducts an extensive comparative study of state-of-the-art solutions for implementing the SHA-3 hash function. SHA-3, a pivotal component in modern cryptography, has spawned numerous implementations across diverse platforms and technologies. This research aims to provide valuable insights into selecting and optimizing Keccak SHA-3 implementations. Our study encompasses an in-depth analysis of hardware, software, and software–hardware (hybrid) solutions. We assess the strengths, weaknesses, and performance metrics of each approach. Critical factors, including computational efficiency, scalability, and flexibility, are evaluated across different use cases. We investigate how each implementation performs in terms of speed and resource utilization. This research aims to improve the knowledge of cryptographic systems, aiding in the informed design and deployment of efficient cryptographic solutions. By providing a comprehensive overview of SHA-3 implementations, this study offers a clear understanding of the available options and equips professionals and researchers with the necessary insights to make informed decisions in their cryptographic endeavors.
{"title":"Comparative Study of Keccak SHA-3 Implementations","authors":"Alessandra Dolmeta, Maurizio Martina, Guido Masera","doi":"10.3390/cryptography7040060","DOIUrl":"https://doi.org/10.3390/cryptography7040060","url":null,"abstract":"This paper conducts an extensive comparative study of state-of-the-art solutions for implementing the SHA-3 hash function. SHA-3, a pivotal component in modern cryptography, has spawned numerous implementations across diverse platforms and technologies. This research aims to provide valuable insights into selecting and optimizing Keccak SHA-3 implementations. Our study encompasses an in-depth analysis of hardware, software, and software–hardware (hybrid) solutions. We assess the strengths, weaknesses, and performance metrics of each approach. Critical factors, including computational efficiency, scalability, and flexibility, are evaluated across different use cases. We investigate how each implementation performs in terms of speed and resource utilization. This research aims to improve the knowledge of cryptographic systems, aiding in the informed design and deployment of efficient cryptographic solutions. By providing a comprehensive overview of SHA-3 implementations, this study offers a clear understanding of the available options and equips professionals and researchers with the necessary insights to make informed decisions in their cryptographic endeavors.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":"292 2-3","pages":""},"PeriodicalIF":1.6,"publicationDate":"2023-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139257042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-17DOI: 10.3390/cryptography7040059
Xian Guo, Ye Li, Yongbo Jiang, Jing Wang, Junli Fang
In recent years, many companies have chosen to outsource data and other data computation tasks to cloud service providers to reduce costs and increase efficiency. However, there are risks of security and privacy breaches when users outsource data to a cloud environment. Many researchers have proposed schemes based on cryptographic primitives to address these risks under the assumption that the cloud is a semi-honest participant and query users are honest participants. However, in a real-world environment, users’ data privacy and security may be threatened by the presence of malicious participants. Therefore, a novel scheme based on secure multi-party computation is proposed when attackers gain control over both the cloud and a query user in the paper. We prove that our solution can satisfy our goals of security and privacy protection. In addition, our experimental results based on simulated data show feasibility and reliability.
{"title":"Privacy-Preserving k-Nearest Neighbor Classification over Malicious Participants in Outsourced Cloud Environments","authors":"Xian Guo, Ye Li, Yongbo Jiang, Jing Wang, Junli Fang","doi":"10.3390/cryptography7040059","DOIUrl":"https://doi.org/10.3390/cryptography7040059","url":null,"abstract":"In recent years, many companies have chosen to outsource data and other data computation tasks to cloud service providers to reduce costs and increase efficiency. However, there are risks of security and privacy breaches when users outsource data to a cloud environment. Many researchers have proposed schemes based on cryptographic primitives to address these risks under the assumption that the cloud is a semi-honest participant and query users are honest participants. However, in a real-world environment, users’ data privacy and security may be threatened by the presence of malicious participants. Therefore, a novel scheme based on secure multi-party computation is proposed when attackers gain control over both the cloud and a query user in the paper. We prove that our solution can satisfy our goals of security and privacy protection. In addition, our experimental results based on simulated data show feasibility and reliability.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":"36 2","pages":""},"PeriodicalIF":1.6,"publicationDate":"2023-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139266023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-10DOI: 10.3390/cryptography7040057
Yamin Li
Elliptic curve cryptography (ECC) over prime fields relies on scalar point multiplication realized by point addition and point doubling. Point addition and point doubling operations consist of many modular multiplications of large operands (256 bits for example), especially in projective and Jacobian coordinates which eliminate the modular inversion required in affine coordinates for every point addition or point doubling operation. Accelerating modular multiplication is therefore important for high-performance ECC. This paper presents the hardware implementations of modular multiplication algorithms, including (1) interleaved modular multiplication (IMM), (2) Montgomery modular multiplication (MMM), (3) shift-sub modular multiplication (SSMM), (4) SSMM with advance preparation (SSMMPRE), and (5) SSMM with CSAs and sign detection (SSMMCSA) algorithms, and evaluates their execution time (the number of clock cycles and clock frequency) and required hardware resources (ALMs and registers). Experimental results show that SSMM is 1.80 times faster than IMM, and SSMMCSA is 3.27 times faster than IMM. We also present the ECC hardware implementations based on the Secp256k1 protocol in affine, projective, and Jacobian coordinates using the IMM, SSMM, SSMMPRE, and SSMMCSA algorithms, and investigate their cost and performance. Our ECC implementations can be applied to the design of hardware security module systems.
{"title":"Hardware Implementations of Elliptic Curve Cryptography Using Shift-Sub Based Modular Multiplication Algorithms","authors":"Yamin Li","doi":"10.3390/cryptography7040057","DOIUrl":"https://doi.org/10.3390/cryptography7040057","url":null,"abstract":"Elliptic curve cryptography (ECC) over prime fields relies on scalar point multiplication realized by point addition and point doubling. Point addition and point doubling operations consist of many modular multiplications of large operands (256 bits for example), especially in projective and Jacobian coordinates which eliminate the modular inversion required in affine coordinates for every point addition or point doubling operation. Accelerating modular multiplication is therefore important for high-performance ECC. This paper presents the hardware implementations of modular multiplication algorithms, including (1) interleaved modular multiplication (IMM), (2) Montgomery modular multiplication (MMM), (3) shift-sub modular multiplication (SSMM), (4) SSMM with advance preparation (SSMMPRE), and (5) SSMM with CSAs and sign detection (SSMMCSA) algorithms, and evaluates their execution time (the number of clock cycles and clock frequency) and required hardware resources (ALMs and registers). Experimental results show that SSMM is 1.80 times faster than IMM, and SSMMCSA is 3.27 times faster than IMM. We also present the ECC hardware implementations based on the Secp256k1 protocol in affine, projective, and Jacobian coordinates using the IMM, SSMM, SSMMPRE, and SSMMCSA algorithms, and investigate their cost and performance. Our ECC implementations can be applied to the design of hardware security module systems.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":" February","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135186678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-09DOI: 10.3390/cryptography7040056
Berry Schoenmakers, Toon Segers
In this paper, we introduce secure groups as a cryptographic scheme representing finite groups together with a range of operations, including the group operation, inversion, random sampling, and encoding/decoding maps. We construct secure groups from oblivious group representations combined with cryptographic protocols, implementing the operations securely. We present both generic and specific constructions, in the latter case specifically for number-theoretic groups commonly used in cryptography. These include Schnorr groups (with quadratic residues as a special case), Weierstrass and Edwards elliptic curve groups, and class groups of imaginary quadratic number fields. For concreteness, we develop our protocols in the setting of secure multiparty computation based on Shamir secret sharing over a finite field, abstracted away by formulating our solutions in terms of an arithmetic black box for secure finite field arithmetic or for secure integer arithmetic. Secure finite field arithmetic suffices for many groups, including Schnorr groups and elliptic curve groups. For class groups, we need secure integer arithmetic to implement Shanks’ classical algorithms for the composition of binary quadratic forms, which we will combine with our adaptation of a particular form reduction algorithm due to Agarwal and Frandsen. As a main result of independent interest, we also present an efficient protocol for the secure computation of the extended greatest common divisor. The protocol is based on Bernstein and Yang’s constant-time 2-adic algorithm, which we adapt to work purely over the integers. This yields a much better approach for multiparty computation but raises a new concern about the growth of the Bézout coefficients. By a careful analysis, we are able to prove that the Bézout coefficients in our protocol will never exceed 3max(a,b) in absolute value for inputs a and b. We have integrated secure groups in the Python package MPyC and have implemented threshold ElGamal and threshold DSA in terms of secure groups. We also mention how our results support verifiable multiparty computation, allowing parties to jointly create a publicly verifiable proof of correctness for the results accompanying the results of a secure computation.
{"title":"Secure Groups for Threshold Cryptography and Number-Theoretic Multiparty Computation","authors":"Berry Schoenmakers, Toon Segers","doi":"10.3390/cryptography7040056","DOIUrl":"https://doi.org/10.3390/cryptography7040056","url":null,"abstract":"In this paper, we introduce secure groups as a cryptographic scheme representing finite groups together with a range of operations, including the group operation, inversion, random sampling, and encoding/decoding maps. We construct secure groups from oblivious group representations combined with cryptographic protocols, implementing the operations securely. We present both generic and specific constructions, in the latter case specifically for number-theoretic groups commonly used in cryptography. These include Schnorr groups (with quadratic residues as a special case), Weierstrass and Edwards elliptic curve groups, and class groups of imaginary quadratic number fields. For concreteness, we develop our protocols in the setting of secure multiparty computation based on Shamir secret sharing over a finite field, abstracted away by formulating our solutions in terms of an arithmetic black box for secure finite field arithmetic or for secure integer arithmetic. Secure finite field arithmetic suffices for many groups, including Schnorr groups and elliptic curve groups. For class groups, we need secure integer arithmetic to implement Shanks’ classical algorithms for the composition of binary quadratic forms, which we will combine with our adaptation of a particular form reduction algorithm due to Agarwal and Frandsen. As a main result of independent interest, we also present an efficient protocol for the secure computation of the extended greatest common divisor. The protocol is based on Bernstein and Yang’s constant-time 2-adic algorithm, which we adapt to work purely over the integers. This yields a much better approach for multiparty computation but raises a new concern about the growth of the Bézout coefficients. By a careful analysis, we are able to prove that the Bézout coefficients in our protocol will never exceed 3max(a,b) in absolute value for inputs a and b. We have integrated secure groups in the Python package MPyC and have implemented threshold ElGamal and threshold DSA in terms of secure groups. We also mention how our results support verifiable multiparty computation, allowing parties to jointly create a publicly verifiable proof of correctness for the results accompanying the results of a secure computation.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":" 22","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135241436","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-05DOI: 10.3390/cryptography7040064
T. Andronikos, A. Sirokofskich
This paper presents a new quantum protocol designed to transmit information from one source to many recipients simultaneously. The proposed protocol, which is based on the phenomenon of entanglement, is completely distributed and is provably information-theoretically secure. Numerous existing quantum protocols guarantee secure information communication between two parties but are not amenable to generalization in situations where the source must transmit information to two or more recipients. Hence, they must be executed sequentially two or more times to achieve the desired goal. The main novelty of the new protocol is its extensibility and generality to situations involving one party that must simultaneously communicate different, in general, messages to an arbitrary number of spatially distributed parties. This is achieved in the special way employed to encode the transmitted information in the entangled state of the system, one of the distinguishing features compared with previous protocols. This protocol can prove expedient whenever an information broker, say, Alice, must communicate distinct secret messages to her agents, all in different geographical locations, in one go. Due to its relative complexity compared with similar cryptographic protocols, as it involves communication among n parties and relies on |GHZn⟩ tuples, we provide an extensive and detailed security analysis so as to prove that it is information-theoretically secure. Finally, in terms of its implementation, the prevalent characteristics of the proposed protocol are its uniformity and simplicity, because it only requires CNOT and Hadamard gates and the local quantum circuits are identical for all information recipients.
本文提出了一种新的量子协议,旨在将信息从一个信息源同时传输给多个接收者。所提出的协议基于纠缠现象,是完全分布式的,并且在信息论上是安全的。现有的许多量子协议都能保证双方之间的安全信息通信,但在信息源必须向两个或更多接收者传输信息的情况下,这些协议却无法通用。因此,这些协议必须连续执行两次或更多次才能达到预期目标。新协议的主要新颖之处在于它的可扩展性和通用性,适用于一方必须同时向任意数量的空间分布方发送不同的一般信息的情况。这一点是通过在系统纠缠状态中对传输信息进行编码的特殊方式实现的,这也是与以往协议相比的显著特点之一。当信息中介(如爱丽丝)必须一次性向其位于不同地理位置的代理传递不同的秘密信息时,该协议就显得非常有用。与类似的加密协议相比,该协议相对复杂,因为它涉及 n 方之间的通信,并且依赖于 |GHZn⟩ 元组,因此我们提供了广泛而详细的安全性分析,以证明它在信息论上是安全的。最后,在实现方面,拟议协议的主要特点是统一性和简单性,因为它只需要 CNOT 和 Hadamard 门,而且所有信息接收者的本地量子电路都是相同的。
{"title":"One-to-Many Simultaneous Secure Quantum Information Transmission","authors":"T. Andronikos, A. Sirokofskich","doi":"10.3390/cryptography7040064","DOIUrl":"https://doi.org/10.3390/cryptography7040064","url":null,"abstract":"This paper presents a new quantum protocol designed to transmit information from one source to many recipients simultaneously. The proposed protocol, which is based on the phenomenon of entanglement, is completely distributed and is provably information-theoretically secure. Numerous existing quantum protocols guarantee secure information communication between two parties but are not amenable to generalization in situations where the source must transmit information to two or more recipients. Hence, they must be executed sequentially two or more times to achieve the desired goal. The main novelty of the new protocol is its extensibility and generality to situations involving one party that must simultaneously communicate different, in general, messages to an arbitrary number of spatially distributed parties. This is achieved in the special way employed to encode the transmitted information in the entangled state of the system, one of the distinguishing features compared with previous protocols. This protocol can prove expedient whenever an information broker, say, Alice, must communicate distinct secret messages to her agents, all in different geographical locations, in one go. Due to its relative complexity compared with similar cryptographic protocols, as it involves communication among n parties and relies on |GHZn⟩ tuples, we provide an extensive and detailed security analysis so as to prove that it is information-theoretically secure. Finally, in terms of its implementation, the prevalent characteristics of the proposed protocol are its uniformity and simplicity, because it only requires CNOT and Hadamard gates and the local quantum circuits are identical for all information recipients.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":"11 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2023-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139288802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: