XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Shaoxuan Zhang,Chun Guo,Qingju Wang

DOI: https://doi.org/10.1049/2024/9991841

2024-09-15

IET Information Security

Abstract:We study quantum superposition attacks against permutation‐based pseudorandom cryptographic schemes. We first extend Kuwakado and Morii's attack against the Even–Mansour cipher and exhibit key recovery attacks against a large class of pseudorandom schemes based on a single call to an n‐bit permutation, with polynomial O(n) (or O(n2), if the concrete cost of Hadamard transform is also taken in) quantum steps. We then consider TPPR schemes, namely, two permutation‐based pseudorandom cryptographic schemes. Using the improved Grover‐meet‐Simon method, we show that the keys of a wide class of TPPR schemes can be recovered with O(n) superposition queries (the complexity of the original is O(n2n/2)) and O(n2n/2) quantum steps. We also exhibit subclasses of "degenerated" TPPR schemes that lack certain internal operations and exhibit more efficient key recovery attacks using either the Simon's algorithm or collision searching algorithm. Further, using the all‐subkeys‐recovery idea of Isobe and Shibutani, our results give rise to key recovery attacks against several recently proposed permutation‐based PRFs, as well as the two‐round Even–Mansour ciphers with generic key schedule functions and their tweakable variants. From a constructive perspective, our results establish new quantum Q2 security upper bounds for two permutation‐based pseudorandom schemes as well as sound design choices.

computer science, information systems, theory & methods

Wonseok Choi,Seongha Hwang,Byeonghak Lee,Jooyoung Lee

DOI: https://doi.org/10.1007/s10623-024-01434-6

IF: 1.4

2024-05-31

Designs Codes and Cryptography

Abstract:Online authenticated encryption has been considered of practical relevance in light-weight environments due to low latency and constant memory usage. In this paper, we propose a new tweakable block cipher-based online authenticated encryption scheme, dubbed ZLR , and its domain separation variant, dubbed DS-ZLR . ZLR and DS-ZLR follow the Encrypt-Mix-Encrypt paradigm. However, in contrast to existing schemes using the same paradigm such as ELmE and CoLM , ZLR and DS-ZLR enjoy n -bit security by using larger internal states with an efficient ZHash -like hashing algorithm. In this way, 2 n -bit blocks are processed with only a single primitive call for hashing and two primitive calls for encryption and decryption, when they are based on an n -bit tweakable block cipher using n -bit (resp. 2 n -bit) tweaks for ZLR (resp. DS-ZLR ). Furthermore, they support pipelined computation as well as online nonce-misuse resistance. To the best of our knowledge, ZLR and DS-ZLR are the first pipelineable tweakable block cipher-based online authenticated encryption schemes of rate-2/3 that provide n -bit security with online nonce-misuse resistance.

mathematics, applied,computer science, theory & methods

Xinming Yin,Junhui He,Yi Guo,Dezhi Han,Kuan-Ching Li,Arcangelo Castiglione

DOI: https://doi.org/10.3390/s20205735

IF: 3.9

2020-10-09

Sensors

Abstract:The Time-based One-Time Password (TOTP) algorithm is commonly used for two-factor authentication. In this algorithm, a shared secret is used to derive a One-Time Password (OTP). However, in TOTP, the client and the server need to agree on a shared secret (i.e., a key). As a consequence, an adversary can construct an OTP through the compromised key if the server is hacked. To solve this problem, Kogan et al. proposed T/Key, an OTP algorithm based on a hash chain. However, the efficiency of OTP generation and verification is low in T/Key. In this article, we propose a novel and efficient Merkle tree-based One-Time Password (MOTP) algorithm to overcome such limitations. Compared to T/Key, this proposal reduces the number of hash operations to generate and verify the OTP, at the cost of small server storage and tolerable client storage. Experimental analysis and security evaluation show that MOTP can resist leakage attacks against the server and bring a tiny delay to two-factor authentication and verification time.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Rui Zong,Xiaoyang Dong

DOI: https://doi.org/10.1109/access.2019.2946638

IF: 3.9

2019-01-01

IEEE Access

Abstract:In this paper, we study the relation of related-tweak/key impossible differentials with single-key ones. Following a heuristic strategy, we can derive longer related-tweak/key impossible differentials from single-key ones. We implement this strategy with the MILP technique and apply it to search related-tweak/key impossible differentials of two tweakable block ciphers: QARMA-64 and Joltik-BC-128. For QARMA-64, we find several 7-round related-tweak impossible differential distinguishers and use them to mount a 10-round key recovery attack including the outer whitening key; for Joltik-BC-128, we find two 6-round related-tweakey impossible differential distinguishers and use them attack 9-round and 10-round Joltik-BC-128 respectively.

Arnab Roy,Matthias Johann Steiner

DOI: https://doi.org/10.48550/arXiv.2204.01802

2023-05-28

Abstract:In recent years a new class of symmetric-key primitives over $\mathbb{F}_p$ that are essential to Multi-Party Computation and Zero-Knowledge Proofs based protocols have emerged. Towards improving the efficiency of such primitives, a number of new block ciphers and hash functions over $\mathbb{F}_p$ were proposed. These new primitives also showed that following alternative design strategies to the classical Substitution-Permutation Network (SPN) and Feistel Networks leads to more efficient cipher and hash function designs over $\mathbb{F}_p$ specifically for large odd primes $p$. In view of these efforts, in this work we build an \emph{algebraic framework} that allows the systematic exploration of viable and efficient design strategies for constructing symmetric-key (iterative) permutations over $\mathbb{F}_p$. We first identify iterative polynomial dynamical systems over finite fields as the central building block of almost all block cipher design strategies. We propose a generalized triangular polynomial dynamical system (GTDS), and based on the GTDS we provide a generic definition of an iterative (keyed) permutation over $\mathbb{F}_p^n$. Our GTDS-based generic definition is able to describe the three most well-known design strategies, namely SPNs, Feistel networks and Lai--Massey. Consequently, the block ciphers that are constructed following these design strategies can also be instantiated from our generic definition. Moreover, we find that the recently proposed \texttt{Griffin} design, which neither follows the Feistel nor the SPN design, can be described using the generic GTDS-based definition. We also show that a new generalized Lai--Massey construction can be instantiated from the GTDS-based definition. We further provide generic analysis of the GTDS including an upper bound on the differential uniformity and the correlation.

Cryptography and Security

Nobuyuki TAKEUCHI,Kosei SAKAMOTO,Takuro SHIRAYA,Takanori ISOBE

DOI: https://doi.org/10.1587/transfun.2023eap1098

2024-01-01

Abstract:At CT-RSA 2022, Bossert et al. proposed Pholkos family, an efficient large-state tweakable block cipher. In order to evaluate the security of differential attacks on Pholkos, they obtained the lower bounds for the number of active S-boxes for Pholkos using MILP (Mixed Integer Linear Programming) tools. Based on it, they claimed that Pholkos family is secure against differential attacks. However, they only gave rough security bounds in both of related-tweak and related-tweakey settings. To be more precise, they estimated the lower bounds of the number of active S-boxes for relatively-large number of steps by just summing those in the small number of steps. In this paper, we utilize efficient search methods based on MILP to obtain tighter lower bounds for the number of active S-boxes in a larger number of steps. For the first time, we derive the exact minimum number of active S-boxes of each variant up to the steps where the security against differential attacks can be ensured in related-tweak and related-tweakey settings. Our results indicate that Pholkos-256-128/256-256/512/1024 is secure after 4/5/3/4 steps in the related-tweak setting, and after 5/6/3/4 steps in the related-tweakey setting, respectively. Our results enable reducing the required number of steps to be secure against differential attacks of Pholkos-256-256 in related-tweak setting, and Pholkos-256-128/256 and Pholkos-1024 in the related-tweakey setting by one step, respectively.

computer science, information systems,engineering, electrical & electronic, hardware & architecture

Randy Kuang,Michel Barbeau

DOI: https://doi.org/10.1007/s11128-022-03557-y

IF: 1.965

2022-06-01

Quantum Information Processing

Abstract:Classical cryptographic techniques are currently under the growing quantum computing threat. New techniques that quantum computing algorithms cannot break are urgently needed. We present such an encryption method. It builds upon quantum permutation logic gates or quantum permutation pads. It is universal in that it can be equally employed on classical computers, today’s Internet, and the upcoming quantum Internet. While the cryptographic technique is formulated in a quantum computing framework, it does not rely on physical properties uniquely present at the quantum level, such as no-cloning or entanglement of data. It achieves with today’s technology a level of security comparable to what will be possible to attain with tomorrow’s quantum technology. The mathematics behind the cryptographic technique, quantum representations of a symmetric group over a computational basis, is surprisingly simple. However, the challenge faced by an adversary wishing to break the code is intractable and uninterpretable, a property of Shannon’s perfect secrecy. We believe that the cryptographic technique presented in this article can be used in several different ways and modes. It can be integrated into numerous current Internet protocols, or the Internet of Things, making them quantum safe. In addition, it can be used to transition to the upcoming Internet quantum technology smoothly.

physics, multidisciplinary,quantum science & technology, mathematical

Geraldo A. Barbosa,Jeroen van de Graaf

DOI: https://doi.org/10.48550/arXiv.1406.1543

2015-07-09

Abstract:One-time-pad (OTP) encryption simply cannot be cracked, even by a quantum computer. The need of sharing in a secure way supplies of symmetric random keys turned the method almost obsolete as a standing-alone method for fast and large volume telecommunication. Basically, this secure sharing of keys and their renewal, once exhausted, had to be done through couriers, in a slow and costly process. This paper presents a solution for this problem providing a fast and unlimited renewal of secure keys: An untappable key distribution system is presented and detailed. This fast key distribution system utilizes two layers of confidentially protection: 1) Physical noise intrinsic to the optical channel that turn the coded signals into stealth signals and 2) Privacy amplification using a bit pool of refreshed entropy run after run, to eliminate any residual information. The resulting level of security is rigorously calculated and demonstrates that the level of information an eavesdropper could obtain is completely negligible. The random bit sequences, fast and securely distributed, can be used to encrypt text, data or voice.

Cryptography and Security,Quantum Physics

Chuan Zhao,Han Jiang,Xiaochao Wei,Qiuliang Xu,Minghao Zhao

DOI: https://doi.org/10.1109/trustcom.2015.398

2015-01-01

Abstract:Oblivious transfer is a fundamental tool in cryptographic protocols, especially in secure two-party computation. In TCC 2011, Lindell and Pinkas proposed a variant called cut-and-choose oblivious transfer, which did a great job in solving the selective failure attack in secure two-party computation protocols based on cut-and-choose paradigm. In this paper, we present a new primitive called cut-and-choose bilateral oblivious transfer. As an extension to cut-and-choose oblivious transfer, in addition to overcoming the selective failure attack, this primitive also makes a contribution to reducing the round number of the protocols that invoke it. This is very important in the scenarios where interactions between parties are limited. Besides, the application of this primitive in the outer protocols enables us to present a more modular and clean high-level description of the protocol framework. Furthermore, we believe that the new primitive is of independent research interest itself and could be useful in many cut-and-choose scenarios. Based on homomorphic encryption, we construct an efficient instantiation of this primitive in malicious model, and present a formal rigorous proof of its security under ideal/real simulation paradigm.

Alex Shafarenko

2024-04-10

Abstract:We present a new construction of a One Time Pad (OTP) with inherent diffusive properties and a redundancy injection mechanism that benefits from them. The construction is based on interpreting the plaintext and key as members of a permutation group in the Lehmer code representation after conversion to factoradic. The so constructed OTP translates any perturbation of the ciphertext to an unpredictable, metrically large random perturbation of the plaintext. This allows us to provide unconditional integrity assurance without extra key material. The redundancy is injected using Foata's "pun": the reading of the one-line representation as the cyclic one; we call this Pseudo Foata Injection. We obtain algorithms of quadratic complexity that implement both mechanisms.

Cryptography and Security

Shion UTSUMI,Kosei SAKAMOTO,Takanori ISOBE

DOI: https://doi.org/10.1587/transfun.2023eap1149

2024-01-01

Abstract:Lightweight block ciphers have gained attention in recent years due to the increasing demand for sensor nodes, RFID tags, and various applications. In such a situation, lightweight block ciphers Piccolo and TWINE have been proposed. Both Piccolo and TWINE are designed based on the Generalized Feistel Structure. However, it is crucial to address the potential vulnerability of these structures to the impossible differential attack. Therefore, detailed security evaluations against this attack are essential. This paper focuses on conducting bit-level evaluations of Piccolo and TWINE against related-key impossible differential attacks by leveraging SAT-aided approaches. We search for the longest distinguishers under the condition that the Hamming weight of the active bits of the input, which includes plaintext and master key differences, and output differences is set to 1, respectively. Additionally, for Tweakable TWINE, we search for the longest distinguishers under the related-tweak and related-tweak-key settings. The result for Piccolo with a 128-bit key, we identify the longest 16-round distinguishers for the first time. In addition, we also demonstrate the ability to extend these distinguishers to 17 rounds by taking into account the cancellation of the round key and plaintext difference. Regarding evaluations of TWINE with a 128-bit key, we search for the first time and reveal the distinguishers up to 19 rounds. For the search for Tweakable TWINE, we evaluate under the related-tweak-key setting for the first time and reveal the distinguishers up to 18 rounds for 80-bit key and 19 rounds for 128-bit key.

computer science, information systems,engineering, electrical & electronic, hardware & architecture

Chengyu Hu,Pengtao Liu,Yongbin Zhou,Shanqing Guo,Yilei Wang,Qiuliang Xu

DOI: https://doi.org/10.1007/s00500-015-1782-6

2015-01-01

Abstract:Public-key encryption can be used to protect the sensitive data in cloud system with intelligent mobile agents facilitating better services. However, many public-key encryption schemes do not resist the side-channel attacks which can be applied to the encryption instances implemented on a chip or cloud to obtain partial information leakage about the secret states, as the traditional security model of public-key encryption does not capture this kind of attacks. Also, the adversary can inject fault to tamper with the secret key and observe the output of the public-key encryption scheme under this modified key which is called "related-key attacks". Inspired by these, the models of key-leakage attacks and related-key attacks are formalized, respectively. In this paper, we present a method to construct public-key encryption schemes against both weak key-leakage attacks and linear related-key attacks from extractable hash proof systems (EHPS or XHPS). Specifically, we first transform ABOEHPS to weak leakage-resilient ABOEHPS and add Key Homomorphism and Fingerprinting properties to it. Then, based on this new ABOEHPS, we construct weak leakage-resilient adaptive trapdoor relation with these two properties and public-key encryption schemes against both weak key-leakage attacks and linear related-key attacks can be constructed from it. Moreover, we propose a public-key encryption scheme against both adaptive key-leakage attacks and linear related-key attacks.

Kaifeng Xiao,Xinjian Chen,Jianye Huang,Hongbo Li,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103758

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:When data security is facing growing threats, ordinary encryption techniques cannot meet the needs of comparing, sharing, and classifying data hidden in ciphertexts. At the same time, the advent of the quantum computing era has brought unprecedented challenges to traditional cryptography. Fortunately, a lattice-based PKEET scheme can solve the above problems. In this paper, we design a lattice-based PKE-DET scheme that can support the delegated tester function with satisfying anti-quantum computing security and resisting OMRA attacks. To the best of our knowledge, this is the first PKE-DET scheme that has both kinds of security at the same time. Under the standard model, we prove the security of the scheme based on the LWE hardness assumption. Compared with existing schemes, our scheme has many advantages, such as high security, delegated tester authorization, and small storage space.

Mohammad Hassan Ameri,Jeremiah Blocki

DOI: https://doi.org/10.1145/3658644.3690374

2024-09-10

Abstract:We introduce the notion of a conditional encryption scheme as an extension of public key encryption. In addition to the standard public key algorithms ($\mathsf{KG}$, $\mathsf{Enc}$, $\mathsf{Dec}$) for key generation, encryption and decryption, a conditional encryption scheme for a binary predicate $P$ adds a new conditional encryption algorithm $\mathsf{CEnc}$. The conditional encryption algorithm $c=\mathsf{CEnc}_{pk}(c_1,m_2,m_3)$ takes as input the public encryption key $pk$, a ciphertext $c_1 = \mathsf{Enc}_{pk}(m_1)$ for an unknown message $m_1$, a control message $m_2$ and a payload message $m_3$ and outputs a conditional ciphertext $c$. Intuitively, if $P(m_1,m_2)=1$ then the conditional ciphertext $c$ should decrypt to the payload message $m_3$. On the other hand if $P(m_1,m_2) = 0$ then the ciphertext should not leak any information about the control message $m_2$ or the payload message $m_3$ even if the attacker already has the secret decryption key $sk$. We formalize the notion of conditional encryption secrecy and provide concretely efficient constructions for a set of predicates relevant to password typo correction. Our practical constructions utilize the Paillier partially homomorphic encryption scheme as well as Shamir Secret Sharing. We prove that our constructions are secure and demonstrate how to use conditional encryption to improve the security of personalized password typo correction systems such as TypTop. We implement a C++ library for our practically efficient conditional encryption schemes and evaluate the performance empirically. We also update the implementation of TypTop to utilize conditional encryption for enhanced security guarantees and evaluate the performance of the updated implementation.

Cryptography and Security

Yuke Zhang,Yinghua Hu,Pierluigi Nuzzo,Peter A. Beerel

DOI: https://doi.org/10.48550/arXiv.2201.05943

2022-01-16

Abstract:Sequential logic locking has been studied over the last decade as a method to protect sequential circuits from reverse engineering. However, most of the existing sequential logic locking techniques are threatened by increasingly more sophisticated SAT-based attacks, efficiently using input queries to a SAT solver to rule out incorrect keys, as well as removal attacks based on structural analysis. In this paper, we propose TriLock, a sequential logic locking method that simultaneously addresses these vulnerabilities. TriLock can achieve high, tunable functional corruptibility while still guaranteeing exponential queries to the SAT solver in a SAT-based attack. Further, it adopts a state re-encoding method to obscure the boundary between the original state registers and those inserted by the locking method, thus making it more difficult to detect and remove the locking-related components.

Cryptography and Security,Systems and Control

T.V. Laptyeva,S. Flach,K. Kladko

DOI: https://doi.org/10.1209/0295-5075/95/50007

2011-07-01

Abstract:Vulnerabilities related to weak passwords are a pressing global economic and security issue. We report a novel, simple, and effective approach to address the weak password problem. Building upon chaotic dynamics, criticality at phase transitions, CAPTCHA recognition, and computational round-off errors we design an algorithm that strengthens security of passwords. The core idea of our method is to split a long and secure password into two components. The first component is memorized by the user. The second component is transformed into a CAPTCHA image and then protected using evolution of a two-dimensional dynamical system close to a phase transition, in such a way that standard brute-force attacks become ineffective. We expect our approach to have wide applications for authentication and encryption technologies.

Cryptography and Security,Other Condensed Matter,Chaotic Dynamics

Jaryn Shen,Qingkai Zeng

DOI: https://doi.org/10.1504/ijics.2019.099434

2019-01-01

International Journal of Information and Computer Security

Abstract:This paper proposes to address online and offline attacks to passwords without increasing users' efforts in choosing and memorising their passwords. In CSPS, a password consists of two parts, a user-chosen short password and a server-generated long password. The short password should be memorised and secured by its user while the long password be encrypted and stored on the server side. To keep the secret key for protecting the long password secure, an additional sever is introduced to store the secret key and provide encryption/decryption services. On top of balloon, CSPS integrates expensive hash with secure encryption. It is mathematically proved that computationally unbounded attackers cannot succeed in offline dictionary or brute-force attacks or a combination of offline and online attacks. The criteria of security are established, which quantifies the security. To our best knowledge, CSPS is the first technique to make security quantifiable in password authentication mechanisms.

Piotr Zawadzki

DOI: https://doi.org/10.1007/s11128-024-04278-0

IF: 1.965

2024-02-23

Quantum Information Processing

Abstract:The quantum permutation pad (QPP) is a cryptographic primitive, functionally similar to the one-time pad (OTP). Unlike OTP, QPP promises to remain secure even when the encryption key is used multiple times (Kuang and Barbeau in Quantum Inf Process 21(6):211, 2022. https://doi.org/10.1007/s11128-022-03557-y). QPP has emerged as a relatively recent proposal, with many aspects of its functionality yet to be explored. One such aspect is ensuring the security of this primitive against chosen-plaintext attacks. This study reveals that an eavesdropper can gain access to the encryption key under such an attack paradigm. Additionally, the security of a proposed practical encryption device built around PRNG and QPP primitives is examined (Kuang and Perepechaenko in EPJ Quantum Technol 9(1):26, 2022. https://doi.org/10.1140/epjqt/s40507-022-00145-y). We have found that simplified versions, in which the attacker has access to the input data of the QPP block, are vulnerable. It is crucial to note, however, that the described attack does not undermine the security of a complete implementation, as it requires a combined attack on both the PRNG and QPP.

physics, multidisciplinary,quantum science & technology, mathematical

Lifu Cheng,Youyou Zhao,Jinjiang Yang,Leibo Liu

DOI: https://doi.org/10.1088/1742-6596/1856/1/012054

2021-01-01

Journal of Physics Conference Series

Abstract:Abstract The implantation security of cryptographic algorithm is very important. This paper proposes a method to resist power consumption attack for lightweight cryptographic algorithms. Using bit permutation operation as a countermeasure, we ensure that the position of each data of the original intermediate value data has changed after the bit is permutated, which greatly increases the difficulty of the attack. SKINNY is taken as an example for evaluate the effect of the proposed countermeasure. The experiment results show that the key will not reveal over 100,000 energy traces by using the countermeasure.