Wenbo Ma,Zejun Ni

DOI: https://doi.org/10.62051/vqz8a719

2024-08-12

Abstract:The SM9 algorithm represents a sophisticated advancement in cryptographic protocols, characterized by its unique implementation of bilinear pairing techniques and identity-based encryption mechanisms. Unlike conventional approaches, SM9 leverages the user's identity directly in the generation of cryptographic keys, streamlining the process and enhancing security. This method stands in contrast to traditional schemes like SM2, which typically rely on external certificate management for public key association. Central to its innovation is the seamless integration of identity information into the public key itself, thereby simplifying the encryption process and reducing the overhead associated with certificate handling. SM9's versatility extends to various applications, including digital signature creation, robust data encryption, secure key exchange, and reliable identity verification. This algorithm has garnered significant attention for its ability to maintain a high level of security while offering greater efficiency and user convenience. By directly binding keys to user identities, it eliminates several complexities and potential vulnerabilities inherent in certificate-based systems. As a result, SM9 has demonstrated remarkable performance and utility across a wide range of research and practical applications, making it a noteworthy subject of study in the field of modern cryptography.

Xiaohong Liu,Xinyi Huang,Zhaohui Cheng,Wei Wu

DOI: https://doi.org/10.1007/s11432-022-3706-7

2024-01-27

Science China Information Sciences

Abstract:This paper initiates the formal study of attribute-based encryption within the framework of SM9, the Chinese National Cryptography Standard for Identity-Based Cryptography, by presenting two new fault-tolerant identity-based encryption (FIBE) schemes. Our first scheme uses the same private-key/ciphertext structure as the original SM9 algorithm and operates in a small attribute universe. As a result, it can be effectively and smoothly integrated into the information systems using SM9. In the random oracle model, we prove that our scheme is ciphertext-indistinguishable against fuzzy selective-identity and chosen-plaintext attacks under the ( k + 3)-DBDHI assumption. Our second design is a large universe FIBE scheme based on SM9 that is ciphertext-indistinguishable against chosen-plaintext attacks in the random oracle model under the ( f,g )-GDDHE assumption. Finally, we compare the communication and computing costs of our schemes to those of other classical ones. The comparison shows that our schemes have comparable performance as others. We believe that our findings will accelerate the applications of SM9 in modern information systems such as cloud computing and blockchain.

computer science, information systems,engineering, electrical & electronic

Yufeng Tang,Zheng Gong,Tao Sun,Jinhai Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-030-88323-2_22

2021-01-01

Abstract:White-box block cipher (WBC) aims at protecting the secret key of a block cipher even if an adversary has full control over the implementations. At CHES 2016, Bos et al. proved that WBC are also threatened by side-channel analysis (SCA), e.g., differential fault analysis (DFA) and differential computation analysis (DCA). Therefore, advanced countermeasures have been proposed by Lee et al. for resisting DFA and DCA, such as table redundancy and improved masking methods, respectively. In this paper, we introduce a new adaptive side-channel analysis model which assumes that an adversary adaptively collects the intermediate values of a specific function and can mount the DFA/DCA attack with chosen inputs. In the adaptive SCA model, both theoretical analysis and experimental results show that Lee et al.’s proposed methods are vulnerable to DFA and DCA attacks. Moreover, a negative proposition is also demonstrated on the corresponding high-order countermeasures under our new model.

Siyue Dong,Zhen Zhao,Baocang Wang,Wen Gao,Shanshan Zhang

DOI: https://doi.org/10.3390/electronics13071256

IF: 2.9

2024-03-29

Electronics

Abstract:Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine whether two ciphertexts encrypted with same or different public keys have been generated from the same message without decryption. Previous studies extended PKEET to public key encryption with designated-position fuzzy equality test (PKE-DFET), enabling testers to verify whether plaintexts corresponding to two ciphertexts are equal while ignoring specific bits at designated positions. In this work, we have filled the research gap in the identity-based encryption (IBE) cryptosystems for this primitive. Furthermore, although our authorization method is the all-or-nothing (AoN) type, it overcomes the shortcomings present in the majority of AoN-type authorization schemes. In our scheme, equality tests can only be performed between a ciphertext and a given plaintext. Specifically, even if a tester acquires multiple AoN-type authorizations, it cannot conduct unpermitted equality tests between users. This significantly reduces the risk of user privacy leaks when handling sensitive information in certain scenarios, while still retaining the flexible and simple characteristics of AoN-type authorizations. We use the Chinese national cryptography standard SM9-IBE algorithm to provide the concrete construction of our scheme, enhancing the usability and security of our scheme, while making deployment more convenient. Finally, we prove that our scheme achieves F-OW-ID-CCA security when the adversary has the trapdoor of the challenge ciphertext, and achieves IND-ID-CCA security when the adversary does not have the trapdoor of the challenge ciphertext.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xiangming Cai,Chau Yuen,Chongwen Huang,Weikai Xu,Lin Wang

DOI: https://doi.org/10.1109/tcomm.2023.3262834

IF: 6.166

2023-01-01

IEEE Transactions on Communications

Abstract:Chaotic secure communication systems using chaotic waveforms as their spreading carriers can hide the transmitted information bits over a wide frequency range of chaotic waveform, which disguises the transmitted information waveform as noise. In this paper, a reconfigurable intelligent surface (RIS) enabled $M$ -ary differential chaos shift keying with block interleaving (RIS-MDCSK-BI) system is proposed for chaotic secure communications, where an RIS is deployed at the transmitter to assist communications and a pair of block interleaving patterns are used to interleave $M$ -ary information-bearing signals to enhance security performance. Moreover, we propose a chaotic merging sort algorithm to generate different block interleaving patterns, where these interleaving patterns are encrypted by using the non-periodic and noise-like properties of chaotic signals. To estimate information bits at the legitimate receiver, we propose a sequential detection algorithm and a joint detection algorithm. Then, theoretical bit error rate (BER) performances of the proposed RIS-MDCSK-BI system with the legitimate receiver and the eavesdropping receiver are derived. The security performance metrics, including information leakage and secrecy outage probability, are also analyzed. Monte Carlo simulations are performed to verify the superior BER performance and security performance of the proposed RIS-MDCSK-BI system compared to benchmark systems.

Zhishuo Zhang,Wen Huang,Lin Yang,Yongjian Liao,Shijie Zhou

DOI: https://doi.org/10.1109/jiot.2023.3268699

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Outsourced Decryption Attribute-based Encryption (OD-ABE) is emerging as a promising cryptographic tool to provide efficient fine-grained access control for data accessing and sharing in cloud-assisted Intelligent Internet of Mobile Things (IIoMT). Decryption verification is an essential property of OD-ABE to enable the mobile user to verify the precision of the decryption data. Unfortunately, the most representative verification (commitment) algorithms have various security flaws. In this paper, we first indicate that the two state-of-art key-based commitment schemes are vulnerable to “Commitment Extract(Decrypt)-then-Reuse Attack” and “Commitment Impersonation Attack” which demolish the unforgeability of the commitment. Then to cover all the existing attacks to commitment algorithms, we re-define a robuster verifiable security model for verifiable OD-ABE. Subsequently, we invent a ciphertext fingerprint (CTfp) based commitment scheme and give rigorous proof to the proposed commitment scheme including binding, hiding, unforgeability, and non-repudiation (traceability) in the random oracle. Next, we apply our CTfp-based commitment to the widely used OD-ABE schemes to provide them robuster verifiability. Finally, the theoretical comparison and simulation experiments are presented to show our new type of commitment algorithm is more secure and practical.

computer science, information systems,telecommunications,engineering, electrical & electronic

Junzuo Lai,Robert H. Deng,Shengli Liu,Jian Weng,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-55220-5_5

2015-01-01

Abstract:Security against selective opening attack (SOA) requires that in a multi-user setting, even if an adversary has access to all ciphertexts from users, and adaptively corrupts some fraction of the users by exposing not only their messages but also the random coins, the remaining unopened messages retain their privacy. Recently, Bellare, Waters and Yilek considered SOA-security in the identity-based setting, and presented the first identity-based encryption (IBE) schemes that are proven secure against selective opening chosen plaintext attack (SO-CPA). However, how to achieve SO-CCA security for IBE is still open. In this paper, we introduce a new primitive called extractable IBE and define its IND-ID-CCA security notion. We present a generic construction of SO-CCA secure IBE from an IND-ID-CCA secure extractable IBE with "One-Sided Public Openability"(1SPO), a collision-resistant hash function and a strengthened cross-authentication code. Finally, we propose two concrete constructions of extractable 1SPO-IBE schemes, resulting in the first simulation-based SO-CCA secure IBE schemes without random oracles.

Fan Zhang,Xiaofei Dong,Xinjie Zhao,Yidi Wang,Samiya Qureshi,Yiran Zhang,Xiaoxuan Lou,Yongkang Tang

DOI: https://doi.org/10.1109/MASS.2018.00056

2018-01-01

Abstract:This paper proposed an advanced round modification fault analysis (RMFA) at the theoretical level on AEGIS-128, which is one of seven finalists in CAESAR competition. First, we clarify our assumptions and simplifications on the attack model, focusing on the encryption security. Then, we emphasize the difficulty of applying vanilla RMFA to AEGIS-128 in the practical case. Finally we demonstrate our advanced fault analysis on AEGIS-128 using machine-solver based algebraic techniques. Our enhancement can be used to conquer the practical scenario which is difficult for vanilla RMFA. Simulation results show that when the fault is injected to the initialization phase and the number of rounds is reduced to one, two samples of injections can extract the whole 128 key bits within less than two hours. This work can also be extended to other versions such as AEGIS-256.

Yibiao Lu,Zhibo Wu,Bingsheng Zhang,Kui Ren

DOI: https://doi.org/10.1155/2023/6039034

2023-01-01

Wireless Communications and Mobile Computing

Abstract:The wireless network suffers from many security problems, and computation in a wireless network environment may fail to preserve privacy as well as correctness when the adversaries conduct attacks through backdoors, steganography, kleptography, etc. Secure computation ensures the execution security in such an environment, and compared with computation on the plaintext, the performance of secure computation is bounded by the underlying cryptographic algorithms and the network environment between the involved parties. Besides, the Chinese cryptography laws require the cryptographic algorithms that appeared in the commercial market to be authorized. In this work, we show how to implement oblivious transfer (OT), an important primitive in secure multiparty computation (MPC), using the Chinese government-approved SM2 and SM3 algorithms. The SM2 algorithm is based on the elliptic curve cryptography and is much faster than the discrete logarithm-based solutions. Moreover, by adopting the standard OT extension technique, we can extend the number of OTs efficiently with one more round of communication and invocations to the SM3 and SM4 algorithms. The OT primitive can be used in the Beaver multiplication triple generation and other MPC protocols, e.g., private set intersection. Therefore, we can utilize the SM series cryptography, specifically, the SM2, SM3, and SM4 algorithms, to build highly efficient secure computation frameworks which are suitable for the wireless network environment and for commercial applications in China. The experimental evaluation results show that our protocols have comparable performance to existing protocols; specifically, our protocols are quite suitable for bad network environments.

Fan Zhang,Liang Geng,Jizhong Shen,Shivam Bhasin,Xinjie Zhao,Shize Guo

DOI: https://doi.org/10.1109/AsianHOST.2017.8353994

2017-01-01

Abstract:Recent lightweight cryptographic algorithms are vulnerable to side channel attacks (SCA), requiring a careful design of implementations. In this paper, we carefully investigate the "Low-Entropy Masking Scheme" (LEMS) on the block cipher LED in the context of resource-constrained environments. We propose an improved LEMS called "iMLED", so as to satisfy two different yet unified design goals: to maintain the entropy of the masking at one bit, meanwhile, to enhance first-order SCA-resistance against advanced SCAs such as correlation-enhanced collision attack (CCA). The security of the implementation has been evaluated based on the SASEBO-W board, which proves that iM-LED has boosted its mitigation against SCA with limited overheads.

Ke Ren,Peng Jiang,Keke Gai,Liehuang Zhu,Jingjing Huang

DOI: https://doi.org/10.1109/smartcloud52277.2021.00010

2021-11-01

Abstract:Access control, as one of flagship security mechanisms for cloud storage, allows authorized users' access right while repels unauthorized behaviors. State-of-the-art cryptographic access control systems are deployed on attribute-based encryption or identity-based encryption. They commonly inherit the key escrow problem, which incurs that pirate's untraceability. Meanwhile, with announcement of cryptographic industry standards, kinds of cryptographic algorithms according with these standards have better industrial applications. In this paper, we design SM9-based Traceable and Accountable Access Control (TA2C) to support pirate traceability and accountability. Built on top of identity-based broadcast encryption and SM9 specification, we present an SM9-based TA 2 C construction, which is provably secure in the indistinguishability and traceability security models. We also implement an SM9-based TA 2 C prototype system that supports 100 users and evaluation results show that it just needs about 1 second for encryption/decryption and tracing operations on a workstation with basic configuration.

Rui Wang,Longlong Li,Guozheng Yang,Xuehu Yan,Wei Yan

DOI: https://doi.org/10.1109/tifs.2024.3477265

IF: 7.231

2024-10-30

IEEE Transactions on Information Forensics and Security

Abstract:The Asmuth and Bloom threshold secret sharing (AB-SS) is a classical introduction of the Chinese remainder theorem (CRT) to secret sharing, offering low computational complexity compared to other branches of secret sharing. For decades, numerous schemes have been proposed for practical applications of AB-SS, such as secret image sharing (SIS). However, in terms of security, AB-SS has proved to be neither ideal nor perfect, and its derivatives in image sharing exhibit vulnerabilities associated with secret leakage. This paper studies the security issues in the SIS schemes derived from AB-SS and improves the core sharing principle of AB-SS to enhance security in image protection. First, for -CRTSIS schemes, we exploit the vulnerability in a single share image to crack the confidential information of the original image, including secret pixel values and the ratio of different pixels. Then, by employing the XOR operation, we introduce a chain obfuscation technology and propose a secure image sharing scheme based on the Chinese remainder theorem (COxor-CRTSIS). The COxor-CRTSIS scheme utilizes integer linear programming for achieving lossless recovery without segmentation and eliminates potential secret disclosure risks without additional encryption. Furthermore, to comprehensively evaluate the security of existing schemes, this paper presents three metrics, information loss rate, fluctuation degree, and coverage rate, enabling a quantitative comparison of security for the first time. Theoretical analyses and experiments are conducted to validate the effectiveness of our scheme.

computer science, theory & methods,engineering, electrical & electronic

Yuanju Gan,Licheng Wang,Jianhua Yan,Yixian Yang

DOI: https://doi.org/10.4304/jsw.8.5.1245-1253

2013-01-01

Journal of Software

Abstract:Most threshold key encapsulation mechanisms (KEM) have been studied in a weak model–static corruption model or random oracle model. In this paper, we propose a threshold KEM scheme with provable security based on the bilinear groups of composite order in the standard model. We use a direct construction from Boyen-Mei-Waters’ KEM scheme and Libert and Yung’s threshold decryption scheme to obtain a threshold KEM scheme that can withstand adaptive chosen ciphertext attacks (CCA) and adaptive corruption attacks. However, to achieve a higher security level, our construction does not increase overall additional size of ciphertext compare to other schemes.

Vincent Giraud,Guillaume Bouffard

DOI: https://doi.org/10.48550/arXiv.2305.02855

2023-05-04

Cryptography and Security

Abstract:Private and public actors increasingly encounter use cases where they need to implement sensitive operations on mass-market peripherals for which they have little or no control. They are sometimes inclined to attempt this without using hardware-assisted equipment, such as secure elements. In this case, the white-box attack model is particularly relevant and includes access to every asset, retro-engineering, and binary instrumentation by attackers. At the same time, quantum attacks are becoming more and more of a threat and challenge traditional asymmetrical ciphers, which are treasured by private and public actors. The McEliece cryptosystem is a code-based public key algorithm introduced in 1978 that is not subject to well-known quantum attacks and that could be implemented in an uncontrolled environment. During the NIST post-quantum cryptography standardization process, a derived candidate commonly refer to as classic McEliece was selected. This algorithm is however vulnerable to some fault injection attacks while a priori, this does not apply to the original McEliece. In this article, we thus focus on the original McEliece cryptosystem and we study its resilience against fault injection attacks on an ARM reference implementation. We disclose the first fault injection based attack and we discuss on how to modify the original McEliece cryptosystem to make it resilient to fault injection attacks.

Zhuangfei Wu,Lin Bai,Lin Zhou

2024-04-18

Abstract:We study the successive refinement setting of Shannon cipher system (SCS) under the maximal leakage secrecy metric for discrete memoryless sources under bounded distortion measures. Specifically, we generalize the threat model for the point-to-point rate-distortion setting of Issa, Wagner and Kamath (T-IT 2020) to the multiterminal successive refinement setting. Under mild conditions that correspond to partial secrecy, we characterize the asymptotically optimal normalized maximal leakage region for both the joint excess-distortion probability (JEP) and the expected distortion reliability constraints. Under JEP, in the achievability part, we propose a type-based coding scheme, analyze the reliability guarantee for JEP and bound the leakage of the information source through compressed messages. In the converse part, by analyzing a guessing scheme of the eavesdropper, we prove the optimality of our achievability result. Under expected distortion, the achievability part is established similarly to the JEP counterpart. The converse proof proceeds by generalizing the corresponding results for the rate-distortion setting of SCS by Schieler and Cuff (T-IT 2014) to the successive refinement setting. Somewhat surprisingly, the normalized maximal leakage regions under both JEP and expected distortion constraints are identical under certain conditions, although JEP appears to be a stronger reliability constraint.

Information Theory

Xiaoxuan Lou,Fan Zhang,Guorui Xu,Ziyuan Liang,Xinjie Zhao,Shize Guo,Kui Ren

DOI: https://doi.org/10.1007/978-3-030-42921-8_29

2020-01-01

Abstract:Block ciphers with Feistel structures are vulnerable to a specific type of cache attacks named differential cache attacks. The attacks leverage side-channel leakages from cache and differential property of cipher component to reveal the master key of cipher. In this paper, we combine the algebraic analysis to enhance the attacks, and propose a novel method named Algebraic Differential Cache Attack (ADCA). By converting both cipher and cache leakages to algebraic equations, ADCA can reveal the cipher key automatically with the help of the SAT solver, which allows the analysis on much deeper rounds and makes a considerable reduction in attack complexity. When it is applied to the block cipher SM4, 10 plaintexts are enough to reveal the master key in 8-rounds analysis, while the traditional differential cache attack needs 20 ones. Finally, to eliminate the impact from noise, an error-tolerant method is proposed to deduce cache events from the leakage traces. It vastly enhances the robustness of attack, and makes the attack more practical. The experimental results show that the error-tolerant ADCA can correctly reveal the master key even when the uncertainty rate of cache events reaches to 60%.

Yang Zhao,Yuwei Pang,Xingyu Ke,Bintao Wang,Guobin Zhu,Mingsheng Cao

DOI: https://doi.org/10.1016/j.future.2023.04.025

IF: 7.307

2023-05-01

Future Generation Computer Systems

Abstract:Metaverse is an immersive, hyperspace virtual reality space. Due to its characteristics of hyperspace and immersive realism, metaverse has a bright future, but ubiquitous user analysis and calculation make it difficult to achieve one-to-multiple data sharing. As an innovative encryption algorithm, ciphertext-policy attribute-based encryption (CP-ABE) can realize one-to-multiple secure file sharing through fine-grained access control. Many evidences show that attackers may add backdoors to internal devices to make encryption algorithms insecure, CP-ABE also faces the above threats. In order to deal with such attacks, researchers put forward the notion of cryptographic reverse firewall (CRF), which has the ability of resistance to insider attack. However, the existing ABE scheme supporting CRF have the problems of low efficiency and no support for malicious user tracking.To improve safety and efficiency, we constructed an efficient CP-ABE scheme supporting CRF protection which has function of outsourcing decryption, offline encryption and black-box tracking.

computer science, theory & methods

Anthony C. J. Fox,Gareth Stockwell,Shale Xiong,Hanno Becker,Dominic P. Mulligan,Gustavo Petri,Nathan Chong

DOI: https://doi.org/10.1145/3586040

2023-04-06

Proceedings of the ACM on Programming Languages

Abstract:We present Arm's efforts in verifying the specification and prototype reference implementation of the Realm Management Monitor (RMM), an essential firmware component of Arm Confidential Computing Architecture (Arm CCA), the recently-announced Confidential Computing technologies incorporated in the Armv9-A architecture. Arm CCA introduced the Realm Management Extension (RME), an architectural extension for Armv9-A, and a technology that will eventually be deployed in hundreds of millions of devices. Given the security-critical nature of the RMM, and its taxing threat model, we use a combination of interactive theorem proving, model checking, and concurrency-aware testing to validate and verify security and safety properties of both the specification and a prototype implementation of the RMM. Crucially, our verification efforts were, and are still being, developed and refined contemporaneously with active development of both specification and implementation, and have been adopted by Arm's product teams. We describe our major achievements, realized through the application of formal techniques, as well as challenges that remain for future work. We believe that the work reported in this paper is the most thorough application of formal techniques to the design and implementation of any current commercially-viable Confidential Computing implementation, setting a new high-water mark for work in this area.

Leibo Liu,Zhuoquan Zhou,Shaojun Wei,Min Zhu,Shouyi Yin,Shengyang Mao

DOI: https://doi.org/10.1109/tcad.2017.2729340

IF: 2.9

2017-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Coarse grained reconfigurable architectures (CGRA) have been applied to numerous fields of computing- and data-intensive applications, such as computer vision, baseband communication, and cipher processing. A CGRA usually comprises hundreds of reconfigurable computing-cells (RCC), which account for a majority of the die area. As such, RCCs have a higher probability of being attacked by hardware Trojans, which seriously affects CGRA behavior. However, a CGRA can be dynamically and partially reconfigured via configuration contexts at runtime; this property could be utilized as an effective countermeasure against malicious hardware. This particular topic has yet to undergo significant research. This paper proposes a secure mapping approach called dynamic resource management based on security value (DRMaSV) to enhance CGRA capability against hardware Trojans by selectively protecting RCCs. DRMaSV realizes run-time monitoring based on an adapted triple modular redundancy mechanism under hardware resource constraints (i.e., area constraints). First, in order to measure the capability against hardware Trojans, a security capability metric called “security value” (SV) is defined, with measurements categorized as “Influence” and “Unreliability.” Here, both the circuit architecture and the level of Unreliability for modules used in the circuit are considered. Next, a DRM strategy to maximize the SV under hardware resource constraints is introduced. This strategy is described by the dynamic programming model (i.e., 0/1 knapsack problem), which can obtain an optimal solution. Finally, a mapping approach for CGRAs is derived by attaching the DRM strategy to a generic mapping flow. Simulations show that the proposed secure mapping approach ensures a given number of correct outputs, which then allows the number of outputs affected by activated Trojans under any given hardware resource constraint (area constraint) or overhead (area overhead) to be minimized. The results of actual chip design experiments are in agreement with the simulation results, indicating that the proposed secure mapping approach is effective.

Shuaifu Dai,Tao Wei,Chao Zhang,Tielei Wang,Yu Ding,Zhenkai Liang,Wei Zou

DOI: https://doi.org/10.1109/SP.2012.10

2012-01-01

Abstract:Response-computable authentication (RCA) is a two-party authentication model widely adopted by authentication systems, where an authentication system independently computes the expected user response and authenticates a user if the actual user response matches the expected value. Such authentication systems have long been threatened by malicious developers who can plant backdoors to bypass normal authentication, which is often seen in insider-related incidents. A malicious developer can plant backdoors by hiding logic in source code, by planting delicate vulnerabilities, or even by using weak cryptographic algorithms. Because of the common usage of cryptographic techniques and code protection in authentication modules, it is very difficult to detect and eliminate backdoors from login systems. In this paper, we propose a framework for RCA systems to ensure that the authentication process is not affected by backdoors. Our approach decomposes the authentication module into components. Components with simple logic are verified by code analysis for correctness, components with cryptographic/ obfuscated logic are sand boxed and verified through testing. The key component of our approach is NaPu, a native sandbox to ensure pure functions, which protects the complex and backdoor-prone part of a login module. We also use a testing-based process to either detect backdoors in the sand boxed component or verify that the component has no backdoors that can be used practically. We demonstrated the effectiveness of our approach in real-world applications by porting and verifying several popular login modules into this framework.