Yiyuan Luo,Xuejia Lai

2010-01-01

Abstract:In this paper we give more insights on the security of blockcipherbased hash functions. We give a very simple criterion to build a secure large class of Single-Block-Length (SBL) or double call DoubleBlock-Length (DBL) compression functions based on (kn, n) blockciphers, where kn is the key length and n is the block length and k is an integer. This criterion is simpler than previous works in the literature. Based on the criterion, we can get many results from this criterion, and we can get a conclusion on such class of blockcipher-based hash functions. We solved the open problem left by Hirose. Our results show that to build a secure double call DBL compression function, it is required k >= m+ 1 where m is the number of message blocks. Thus, we can only build rate 1/2 secure double DBL blockcipher-based compression functions if k == 2. At last, we pointed out flaws in Stam’s theorem about supercharged functions and gave a revision of this theorem and added another condition for the security of supercharged compression functions.

Chun Guo,Jonathan Katz,Xiao Wang,Chenkai Weng,Yu

DOI: https://doi.org/10.1007/978-3-030-56880-1_28

2020-01-01

Abstract:We study the concrete security of high-performance implementations of half-gates garbling, which all rely on (hardware-accelerated) AES. We find that current instantiations using k-bit wire labels can be completely broken—in the sense that the circuit evaluator learns all the inputs of the circuit garbler—in time $$O(2^k/C)$$ , where C is the total number of (non-free) gates that are garbled, possibly across multiple independent executions. The attack can be applied to existing circuit-garbling libraries using $$k=80$$ when $$C \approx 10^9$$ , and would require $$267$$ machine-months and cost about $ $$3500$$ to implement on the Google Cloud Platform. Since the attack can be fully parallelized, it could be carried out in about a month using $${\approx }250$$ machines. With this as our motivation, we seek a way to instantiate the hash function in the half-gates scheme so as to achieve better concrete security. We present a construction based on AES that achieves optimal security in the single-instance setting (when only a single circuit is garbled). We also show how to modify the half-gates scheme so that its concrete security does not degrade in the multi-instance setting. Our modified scheme is as efficient as prior work in networks with up to 2 Gbps bandwidth.

Yibiao Lu,Zhibo Wu,Bingsheng Zhang,Kui Ren

DOI: https://doi.org/10.1155/2023/6039034

2023-01-01

Wireless Communications and Mobile Computing

Abstract:The wireless network suffers from many security problems, and computation in a wireless network environment may fail to preserve privacy as well as correctness when the adversaries conduct attacks through backdoors, steganography, kleptography, etc. Secure computation ensures the execution security in such an environment, and compared with computation on the plaintext, the performance of secure computation is bounded by the underlying cryptographic algorithms and the network environment between the involved parties. Besides, the Chinese cryptography laws require the cryptographic algorithms that appeared in the commercial market to be authorized. In this work, we show how to implement oblivious transfer (OT), an important primitive in secure multiparty computation (MPC), using the Chinese government-approved SM2 and SM3 algorithms. The SM2 algorithm is based on the elliptic curve cryptography and is much faster than the discrete logarithm-based solutions. Moreover, by adopting the standard OT extension technique, we can extend the number of OTs efficiently with one more round of communication and invocations to the SM3 and SM4 algorithms. The OT primitive can be used in the Beaver multiplication triple generation and other MPC protocols, e.g., private set intersection. Therefore, we can utilize the SM series cryptography, specifically, the SM2, SM3, and SM4 algorithms, to build highly efficient secure computation frameworks which are suitable for the wireless network environment and for commercial applications in China. The experimental evaluation results show that our protocols have comparable performance to existing protocols; specifically, our protocols are quite suitable for bad network environments.

Maokang Du,Bo He,Yong Wang,JianJun Wu,Di Xiao

DOI: https://doi.org/10.1109/ebiss.2009.5138020

2009-01-01

Abstract:Although a variety of hash functions have been proposed, few of them works efficiently in parallel computing environment. An algorithm for parallel hash function construction based on block cipher is proposed. Not only message blocks but also the orders of them are considered in the process of constructing hash values. This hash function can be expected to have the same computational security against target attack, free-start target attack, collision attack, semi-free-start collision attack, and free-start collision attack as DM scheme. Theoretical analysis and computer simulation indicate that the proposed algorithm can satisfy the performance requirements of hash function. It is simple, efficient, practicable, and reliable. These properties make it a good choice for hash on parallel computing platform for E-commerce.

Ping Zhang,Honggang Hu

DOI: https://doi.org/10.1109/DSC.2017.37

2017-01-01

Abstract:This paper focuses on the security of permutation-based tweakable on-line ciphers against related-key attacks. We firstly formalize syntaxes of tweakable on-line ciphers and tweakable on-line authenticated encryption modes, and set up their security models, respectively. Then we propose the first new parallelizable permutation-based tweakable on-line cipher PTOC, which is constructed by a public random permutation and a universal hash function family with a tweak and a key. We prove that PTOC achieves related-key strong tweakable on-line pseudorandom permutation security using H-coefficients technique. Finally, this paper introduces a provably secure permutation-based tweakable on-line authenticated encryption scheme PTOAE, which provides both decryption-misuse resistance and related-key security. Tweakable on-line schemes can be widely applied to the data storage security, database security, cloud security, big data security, and so on.

Zhili Chen,Xin Chen

DOI: https://doi.org/10.48550/arXiv.2007.14915

2020-07-29

Cryptography and Security

Abstract:Due to the great development of secure multi-party computation, many practical secure computation schemes have been proposed. As an example, different secure auction mechanisms have been widely studied, which can protect bid privacy while satisfying various economic properties. However, as far as we know, none of them solve the secure computation problems for multiple data providers (e.g., secure cloud resource auctions) in the malicious security model. In this paper, we use the techniques of cut-and-choose and garbled circuits to propose a general secure computation framework for multiple data providers against malicious adversaries. Specifically, our framework checks input consistency with the cut-and-choose paradigm, conducts maliciously secure computations by running two independent garbled circuits, and verifies the correctness of output by comparing two versions of outputs. Theoretical analysis shows that our framework is secure against a malicious computation party, or a subset of malicious data providers. Taking secure cloud resource auctions as an example, we implement our framework. Extensive experimental evaluations show that the performance of the proposed framework is acceptable in practice.

Xu Yan,Bin Lian,Yunhao Yang,Xiaotie Wang,Jialin Cui,Xianghong Zhao,Fuqun Wang,Kefei Chen

DOI: https://doi.org/10.3390/sym16060664

2024-05-28

Symmetry

Abstract:The secure computation of symmetric encryption schemes using Yao's garbled circuits, such as AES, allows two parties, where one holds a plaintext block m and the other holds a key k, to compute Enc(k,m) without leaking m and k to one another. Due to its wide application prospects, secure AES computation has received much attention. However, the evaluation of AES circuits using Yao's garbled circuits incurs substantial communication overhead. To further improve its efficiency, this paper, upon observing the special structures of AES circuits and the symmetries of an S-box, proposes a novel ciphertext reduction scheme for garbling an S-box in the last SubBytes step. Unlike the idea of traditional Yao's garbled circuits, where the circuit generator uses the input wire labels to encrypt the corresponding output wire labels, our garbling scheme uses the input wire labels of an S-box to encrypt the corresponding "flip bit strings". This approach leads to a significant performance improvement in our garbling scheme, which necessitates only 28 ciphertexts to garble an S-box and a single invocation of a cryptographic primitive for decryption compared to the best result in previous work that requires 8×28 ciphertexts to garble an S-box and multiple invocations of a cryptographic primitive for decryption. Crucially, the proposed scheme provides a new idea to improve the performance of Yao's garbled circuits. We analyze the security of the proposed scheme in the semi-honest model and experimentally verify its efficiency.

multidisciplinary sciences

Zheng Gong,Xuejia Lai,Kefei Chen

2008-01-01

Abstract:In this work the security of the rate-1 double block length hash functions, which based on a block cipher with a block length of n-bit and a key length of 2n-bit, is reconsidered. Counter-examples and new attacks are presented on this general class of double block length hash functions with rate 1, which disclose uncovered flaws in the necessary conditions given by Satoh et al. and Hirose. Preimage and second preimage attacks are presented on Hirose's two examples which were left as an open problem. Therefore, although all the rate-1 hash functions in this general class are failed to be optimally (second) preimage resistant, the necessary conditions are refined for ensuring this general class of the rate-1 hash functions to be optimally secure against the collision attack. In particular, two typical examples, which designed under the refined conditions, are proven to be indifferentiable from the random oracle in the ideal cipher model. The security results are extended to a new class of double block length hash functions with rate 1, where one block cipher used in the compression function has the key length is equal to the block length, while the other is doubled.

Arnab Roy,Matthias Johann Steiner

DOI: https://doi.org/10.48550/arXiv.2204.01802

2023-05-28

Abstract:In recent years a new class of symmetric-key primitives over $\mathbb{F}_p$ that are essential to Multi-Party Computation and Zero-Knowledge Proofs based protocols have emerged. Towards improving the efficiency of such primitives, a number of new block ciphers and hash functions over $\mathbb{F}_p$ were proposed. These new primitives also showed that following alternative design strategies to the classical Substitution-Permutation Network (SPN) and Feistel Networks leads to more efficient cipher and hash function designs over $\mathbb{F}_p$ specifically for large odd primes $p$. In view of these efforts, in this work we build an \emph{algebraic framework} that allows the systematic exploration of viable and efficient design strategies for constructing symmetric-key (iterative) permutations over $\mathbb{F}_p$. We first identify iterative polynomial dynamical systems over finite fields as the central building block of almost all block cipher design strategies. We propose a generalized triangular polynomial dynamical system (GTDS), and based on the GTDS we provide a generic definition of an iterative (keyed) permutation over $\mathbb{F}_p^n$. Our GTDS-based generic definition is able to describe the three most well-known design strategies, namely SPNs, Feistel networks and Lai--Massey. Consequently, the block ciphers that are constructed following these design strategies can also be instantiated from our generic definition. Moreover, we find that the recently proposed \texttt{Griffin} design, which neither follows the Feistel nor the SPN design, can be described using the generic GTDS-based definition. We also show that a new generalized Lai--Massey construction can be instantiated from the GTDS-based definition. We further provide generic analysis of the GTDS including an upper bound on the differential uniformity and the correlation.

Cryptography and Security

Fen Liu,Yongqiang Li,Huiqin Chen,Lin Jiao,Ming Luo,Mingsheng Wang

DOI: https://doi.org/10.1109/tit.2024.3349414

IF: 2.5

2024-01-01

IEEE Transactions on Information Theory

Abstract:With the growing practical applications of fully homomorphic encryption (FHE), secure multi-party computation (MPC), and zero-knowledge proofs (ZK), there has been an increasing need to design and analyze symmetric primitives that have low multiplication complexity and depth. In this paper, we propose a permutation constructed upon a 4-round nonlinear feedback resistor over F4q. Our proposed permutation has a multiplication depth of 2 and a multiplication complexity of 4. Significantly, its maximum differential/linear probability is bounded by q-2. Based on this nonlinear function, we propose a new family of block ciphers over F16q called YuX, whose decryption circuit is highly efficient for FHE evaluation. We further provide specific instantiations, denoted as Yu2X and YupX, wherein q takes the form of either 2n or a prime p, respectively. Furthermore, we conduct a comprehensive security analysis of YuX within certain parameters against various cryptanalysis methods employing automatic analysis tools, including the differential attack, linear attack, impossible differential attack, zero-correlation attack, and integral attack, as well as Gröbner basis and linearization attacks. Our research indicates that YuX maintains a robust security margin against those attacks. Finally, we present a detailed implementation of Yu2X and YupX employing the BGV homomorphic encryption scheme. In comparison to ciphers over a field of characteristic 2, the outcomes evince that Yu2X-8 (over F1628 ) and Yu2X-16 (over F16216 ) achieve remarkably competitive throughputs, boasting performance approximately 12 times, 17 times, and 9 times superior to AES-128, CHAGHRI, and LowMC-128 (under 128-bit security), respectively. Furthermore, when juxtaposed with ciphers over a field of characteristic p, the outcomes affirm that the throughput of YupX-65537 (over F1665537) retains considerable competitiveness, registering an approximate fivefold enhancement relative to HERA. Evidently, YuX exhibits superior throughput compared to a majority of symmetric ciphers within this category.

computer science, information systems,engineering, electrical & electronic

Yasir Nawaz,Lei Wang

DOI: https://doi.org/10.3390/sym11121485

2019-01-01

Symmetry

Abstract:Designing a secure construction has always been a fascinating area for the researchers in the field of symmetric key cryptography. This research aimed to make contributions to the design of secure block cipher in the ideal cipher model whose underlying primitive is a family of n − b i t to n − b i t random permutations indexed by secret key. Our target construction of a secure block ciphers denoted as E [ s ] is built on a simple XOR operation and two block cipher invocations, under the assumptions that the block cipher in use is a pseudorandom permutation. One out of these two block cipher invocations produce a subkey that is derived from the secret key. It has been accepted that at least two block cipher invocations with XOR operations are required to achieve beyond birthday bound security. In this paper, we investigated the E [ s ] instances with the advanced proof technique and efficient block cipher constructions that bypass the birthday-bound up to 2 n provable security was achieved. Our study provided new insights to the block cipher that is beyond birthday bound security.

Qihuan Huang,Leibo Liu,Hai Huang,Shaojun Wei

DOI: https://doi.org/10.1109/iccsn.2017.8230286

2017-01-01

Abstract:Due to low masking-complexity property of the addition chain, it has been widely researched for evaluating the S-boxes in the recent literatures. This paper summarizes four main addition chains developed for the AES S-box in the existing literatures and chooses the most area-efficient addition chain. To further reduce the masking complexity, this paper proposes an improved algorithm for evaluating the polynomial modular multiplication. Based on the proposed algorithm, the non-linear multiplier, the square multiplier and the constant multiplier are developed separately to implement four different addition chains. To evaluate the performance, these addition chains are modeled with the Verilog, synthesized with the Synopsys Design Compiler and compared with each other. The comparison results show that the addition chain with less non-linear multipliers and square multipliers has less area. According to the comparison results, this paper chooses the most area-efficient addition chain to implements the whole AES. The research in this paper lays the foundation for the high-efficient higher-order masking scheme of the block cipher algorithm.

Yaobin Wang,Hong An,Zhiqin Liu,Kang Xu,Wanli Dong

DOI: https://doi.org/10.1109/CIS.2011.197

2011-01-01

Abstract:How to make use of multicore computing resources to accelerate the block cryptography applications has become a common concern problem. And the block cryptography applications have not yet been explored in procedure level speculation thoroughly. This paper proposes a procedure level speculation mechanism for accelerating block cryptography applications, including execution model, synchronization strategy and analysis method, etc. It also takes RC5 and AES for examples to analyze their potential speedups and memory accessing characteristics. The experimental results show that: (1) in procedure level speculation, the block cryptography applications can get a nearly liner growth speedup under ECB mode, (2) the severe inter-thread data dependence violations is the key factor that badly affect the system performance under CBC, CFB and OFB modes.

Yang LI,Jinlin WANG,Xuewen ZENG,Xiaozhou YE

DOI: https://doi.org/10.3969/j.issn.2095-347X.2017.06.003

2017-01-01

Abstract:Simple Power Analysis attacks are particular efficient on elliptic curve cryptosystems.Based on the Mohamed's idea of computing scalar multiplication with fixed-based comb method,we proposed a new Improved scalar Encoding algorithm to make sure there is no zero item.And on the basis of it,we propose a new fixed-base comb method for scalar multiplication against SPA attacks to keep both the efficiency and security of algorithm.The experiment result on OCTEON platform shows that with the same number of precomputation points,the proposed algorithm is more efficient than the Joye-Tunstall's algorithm.

HouZhen Wang,HuanGuo Zhang,ZhangYi Wang,Ming Tang

DOI: https://doi.org/10.1007/s11432-011-4262-3

2011-01-01

Science China Information Sciences

Abstract:Advances in quantum computers pose great threats on the currently used public key cryptographic algorithms such as RSA and ECC. As a promising candidate secure against attackers equipped with quantum computational power, multivariate public key cryptosystems (MPKCs) have attracted increasing attention in recently years. Unfortunately, the existing MPKCs can only be used as a multivariate signature scheme, and it remains unknown how to construct an efficient MPKC enabling secure encryption. Furthermore, some multivariate signature schemes have been shown insecure in recent years, and it is also not trivial to build MPKC which can serve as a secure signature scheme. By employing the basic MQ-trapdoors, this paper proposes a novel MPKC and shows how it can be used as a multivariate signature scheme and a multivariate encryption scheme, respectively. The goal is achieved by incorporating our new hash authentication techniques and some modification methods such as the Shamir’s minus method. Thorough analysis shows that our schemes are secure and efficient. Our MPKC gives a positive response to the challenges in multivariate public key cryptography.

Su-Fang ZHOU,Jia-Wei DOU,Yi-Min GUO,Qing MAO,Shun-Dong LI

DOI: https://doi.org/10.11897/SP.J.1016.2017.01134

2017-01-01

Abstract:Secure multiparty computation is an important field of cryptography a focus of international cryptographic community.This paper studies secure multiparty vector computation.A vector is often composed of multiple components,and each component may has different practical meaning.Therefore vector computation is equivalent to compute the components with different physical meanings at the same time.Privately and efficiently performing vector computation is of theoretical and practical significance.Therefore,secure multiparty vector computation is an important problem of secure multiparty computation.However,to the best of our knowledge,there is no direct and efficient solution to this problem.Existing protocols are trivial.These protocols implement the vectors computation using additively homomorphic encryption scheme to encrypt each component of vectors,and then to privately add the corresponding components of vectors.Such protocols are inefficient.In this study,we use G6del number to encode a vector into a natural number,and a semantically secure and multiplicatively homomorphic encryption scheme,and then design an efficient scheme enabling direct computation of linear combinations of vectors privately.In order to make secure multiparty vector computation scheme secure against quantum attack,we further devise an efficient protocol based on the NTRU cryptosystem,and mapping a vector to a polynomial.These schemes are proven to be secure in the semi-honest model using the simulation paradigm which is widely used in secure multiparty computation.As the applications of these protocols,we demonstrate how to use them to perform secure statistics and secure electronic elections.

Joseph Jaeger,Fang Song,Stefano Tessaro

DOI: https://doi.org/10.48550/arXiv.2105.01242

2021-10-23

Abstract:Should quantum computers become available, they will reduce the effective key length of basic secret-key primitives, such as blockciphers. To address this we will either need to use blockciphers which inherently have longer keys or use key-length extension techniques which employ a blockcipher to construct a more secure blockcipher that uses longer keys. We consider the latter approach and revisit the FX and double encryption constructions. Classically, FX is known to be secure, while double encryption is no more secure than single encryption due to a meet-in-the-middle attack. We provide positive results, with concrete and tight bounds, for both of these constructions against quantum attackers in ideal models. For FX, we consider a partially-quantum model, where the attacker has quantum access to the ideal primitive, but only classic access to FX. We provide two results for FX in this model. The first establishes the security of FX against non-adaptive attackers. The second establishes security against general adaptive attacks for a variant of FX using a random oracle in place of an ideal cipher. This result relies on the techniques of Zhandry (CRYPTO '19) for lazily sampling a quantum random oracle. An extension to perfectly lazily sampling a quantum random permutation, which would help resolve the adaptive security of standard FX, is an important but challenging open question. We introduce techniques for partially-quantum proofs without relying on analyzing the classical and quantum oracles separately, which is common in existing work. This may be of broader interest. For double encryption we apply a technique of Tessaro and Thiruvengadam (TCC '18) to establish that security reduces to the difficulty of solving the list disjointness problem, which we are able to reduce through a chain of results to the known quantum difficulty of the element distinctness problem.

Quantum Physics,Cryptography and Security

Yuanju Gan,Lihua Wang,Licheng Wang,Ping Pan,Yixian Yang

DOI: https://doi.org/10.1093/comjnl/bxs167

2013-01-01

The Computer Journal

Abstract:In threshold public-key encryption (TPKE), the decryption key is divided into n shares, each one of which is given to a different decryption user in order to avoid single points of failure. A robust TPKE is that if threshold decryption of a valid ciphertext fails, the combiner can identify the decryption users that supplied invalid partial decryption shares. In this paper, we propose a practical and efficient TPKE scheme which is robust and non-interactive. Security against chosen-ciphertext attacks (CCAs) can be proved in the standard model under the hashed Diffie-Hellman assumption in bilinear groups. The security reduction is tight and simple. We use an instantiation hash function of the Kiltz's key encapsulation mechanism and Lai et al.'s chosen-ciphertext secure technique to construct a TPKE scheme. Moreover, our scheme is more simple and shown to be more efficient than currently existing CCA-secure TPKE schemes.

Yan Zhu,Di Ma,Changjun Hu,Gail-Joon Ahn,Hongxin Hu

DOI: https://doi.org/10.1016/j.jnca.2014.07.033

IF: 7.574

2014-01-01

Journal of Network and Computer Applications

Abstract:Many random functions, like Hash, MAC, PRG, have been used in various network applications for different security choices. However, they are either fast but insecure or cryptographic secure but slow. To integrate them together, in this paper we present a new family of square random functions, including SqHash, SqMAC and SqPRG, based on a specially truncated function (MSB or LSB), as well as circular convolution with carry bits. Provable security is provided by the privacy property in hidden number problem and Hard-core unpredication of one-way function. The experiment results show that these schemes have better performance under different input and output lengths. We also perform four types of statistical tests for randomness. The experiments indicate that our construction has good average-case randomness than SHA-2 and original Square algorithm.

Jia-wei DOU,Li MA,Shun-dong LI

DOI: https://doi.org/10.3969/j.issn.0372-2112.2017.07.023

2017-01-01

Abstract:Secure multi-party computation is a focus in the international cryptographic community.This paper studies how to privately compute the minimum of some private numbers.We have not read about any a solution to this problem.In this study,we introduce a new encoding scheme,and then,based on this new encoding scheme and ElGamal multiplicatively homomorphic encryption scheme,using secret sharing and threshold decryption,devise protocols for this problem.By using the simulation paradigm,we prove that these protocols are secure in the semi-honest model.These protocols can resist collision attack.Based on the computing methods for minimum problem,secure multi-party computation for maximum and union of sets can also be solved.Efficiency analysis shows that these schemes are efficient.