Zhen Liu,Xiaoyuan Yang

DOI: https://doi.org/10.1109/incos.2013.108

2013-01-01

Abstract:The cipher text consistency check that can be implemented publicly has practical significance, and it is always an interested studying aspect to construct cryptographic algorithm without pairings in the field of cryptographic. On the other hand, it is one of the most important research topics to design CCA-secure PKE schemes with weaker assumptions. Especially, there have been no CCA-secure PKE scheme under factoring assumption, except for a recent work by Hofheinz, D., Kiltz, E. A fly in the ointment is that HK09's scheme is not a public verifiable construction. Using the Gap quality that the Decisional Diffie-Hellman problem is easy but the Computational Diffie-Hellman problem is difficult as factoring, we instantiated HK09's scheme over the group of signed quadratic residues, and realized public verifiable construct. It will be used to construct threshold schemes.

Jintai Ding,Daniel Smith-Tone

DOI: https://doi.org/10.1090/noti1546

2017-01-01

Notices of the American Mathematical Society

Abstract:Over the past three decades, the family of public-key cryptosystems, a fundamental breakthrough in modern cryptography in the late 1970s, has become an increasingly integral part of our communication networks. The Internet, as well as other communication systems, relies principally on the Diffie-Hellman key exchange, RSA encryption, and digital signatures using DSA, ECDSA, or related algorithms. The security of these cryptosystems depends on the difficulty of certain number-theoretic problems, such as integer factorization or the discrete log problem. In 1994 Peter Shor showed that quantum computers can solve each of these problems in polynomial time, thus rendering the security of all cryptosystems based on such assumptions impotent. A large international community has emerged to address this issue in the hope that our public-key infrastructure may remain intact by utilizing new quantum-resistant primitives. In the academic world, this new science bears the moniker Post-Quantum Cryptography (PQC).

Kaifeng Xiao,Xinjian Chen,Jianye Huang,Hongbo Li,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103758

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:When data security is facing growing threats, ordinary encryption techniques cannot meet the needs of comparing, sharing, and classifying data hidden in ciphertexts. At the same time, the advent of the quantum computing era has brought unprecedented challenges to traditional cryptography. Fortunately, a lattice-based PKEET scheme can solve the above problems. In this paper, we design a lattice-based PKE-DET scheme that can support the delegated tester function with satisfying anti-quantum computing security and resisting OMRA attacks. To the best of our knowledge, this is the first PKE-DET scheme that has both kinds of security at the same time. Under the standard model, we prove the security of the scheme based on the LWE hardness assumption. Compared with existing schemes, our scheme has many advantages, such as high security, delegated tester authorization, and small storage space.

Ming Zeng,Jie Chen,Kai Zhang,Haifeng Qian

DOI: https://doi.org/10.1016/j.tcs.2019.05.033

IF: 1.002

2019-01-01

Theoretical Computer Science

Abstract:Public key encryption with equality test (PKEET) allows a tester to know whether ciphertexts are the encryptions of a same message or not by using the trapdoors issued from their owners, which is a useful cryptographic primitive can be deployed in many applications, such as in the mechanism of searching over encrypted data. Based on Hash Proof System (HPS) introduced by Cramer and Shoup, this paper presents an oversimplified paradigm for constructing PKEET in the standard model. Compared with the previous works that use identity-based encryption, strongly unforgeable one-time signature or other strong cryptographic primitives, our paradigm requires only the universal 2 property of HPS and provides an efficient way to obtain concrete PKEET schemes based on different assumptions in the standard model, since HPS has been shown can be easily realized from a board range of NP languages (e.g., DLIN-based, DCR-based, Lattice-based and so on). Moreover, to demonstrate the practicality of the proposed paradigm, we instantiate it based on two kinds of NP languages respectively, one is based on the decisional Diffie-Hellman (DDH) assumption, the other one is based on the decisional composite residuosity (DCR) assumption, which results in the first concrete PKEET schemes that in the standard model without using pairing operations, and the schemes' security are also based on the standard DDH assumption and the standard DCR assumption respectively.

Wenqi Liang,Zhaoman Liu,Xuyang Zhao,Yafang Yang,Zhichuang Liang

DOI: https://doi.org/10.3390/math12111769

IF: 2.4

2024-06-07

Mathematics

Abstract:In order to resist the security risks caused by quantum computing, post-quantum cryptography (PQC) has been a research focus. Constructing a key encapsulation mechanism (KEM) based on lattices is one of the promising PQC routines. The algebraically structured learning with errors (LWE) problem over power-of-two cyclotomics has been one of the most widely used hardness assumptions for lattice-based cryptographic schemes. However, power-of-two cyclotomic rings may be exploited in the inflexibility of selecting parameters. Recently, trinomial cyclotomic rings of the form Zq[x]/(xn−xn/2+1), where n=2k3l, k≥1,l≥0, have received widespread attention due to their flexible parameter selection. In this paper, we propose Tyber, a variant scheme of the NIST-standardized KEM candidate Kyber over trinomial cyclotomic rings. We provide three parameter sets, aiming at the quantum security of 128, 192, and 256 bits (actually achieving 129, 197, and 276 bits) with matching and negligible error probabilities. When compared to Kyber, our Tyber exhibits stronger quantum security, by 22, 31, and 44 bits, than Kyber for three security levels.

mathematics

Shifeng Sun,Dawu Gu,Man Ho Au,Shuai Han,Yu Yu,Joseph K. Liu

DOI: https://doi.org/10.1007/978-3-030-21568-2_24

2019-01-01

Abstract:We revisit the problem of constructing public key encryption (PKE) secure against both key-leakage and tampering attacks. First, we present an enhanced security against both kinds of attacks, namely strong leakage and tamper-resilient chosen-ciphertext (sLTR-CCA) security, which imposes only minimal restrictions on the adversary's queries and thus captures the capability of the adversary in a more reasonable way. Then, we propose a generic paradigm achieving this security on the basis of a refined hash proof system (HPS) called public-key-malleable HPS. The paradigm can not only tolerate a large amount of bounded key-leakage, but also resist an arbitrary polynomial of restricted tampering attacks, even depending on the challenge phase. Moreover, the paradigm with slight adaptations can also be proven sLTR-CCA secure with respect to subexponentially hard auxiliary-input leakage. In addition, we instantiate our paradigm under certain standard number-theoretic assumptions, and thus, to our best knowledge, obtain the first efficient PKE schemes possessing the strong bounded/auxiliary-input leakage and tamper-resilient chosen-ciphertext security in the standard model.

Dung Hoang Duong,Kazuhide Fukushima,Shinsaku Kiyomoto,Partha Sarathi Roy,Arnaud Sipasseuth,Willy Susilo

DOI: https://doi.org/10.48550/arXiv.2005.05308

2020-05-10

Abstract:Public key encryption with equality test (PKEET) supports to check whether two ciphertexts encrypted under different public keys contain the same message or not. PKEET has many interesting applications such as keyword search on encrypted data, encrypted data partitioning for efficient encrypted data management, personal health record systems, spam filtering in encrypted email systems and so on. However, the PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others. In 2015, Ma et al. introduce the notion of PKEET with flexible authorization (PKEET-FA) which strengthens privacy protection. Since 2015, there are several follow-up works on PKEET-FA. But, all are secure in the random-oracle model. Moreover, all are vulnerable to quantum attacks. In this paper, we provide three constructions of quantum-safe PKEET-FA secure in the standard model. Proposed constructions are secure based on the hardness assumptions of integer lattices and ideal lattices. Finally, we implement the PKEET-FA scheme over ideal lattices.

Cryptography and Security

Zhengzhong Jin,Shiyu Shen,Yunlei Zhao

DOI: https://doi.org/10.1109/TIT.2022.3148586

IF: 2.5

2022-01-01

IEEE Transactions on Information Theory

Abstract:A remarkable breakthrough in mathematics in recent years is the proof of the long-standing conjecture: sphere packing in the <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$E_{8}$ </tex-math></inline-formula> lattice is optimal in the sense of the best density for sphere packing in <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathbb {R}^{8}$ </tex-math></inline-formula> . In this work, we design a mechanism for asymmetric key consensus from noise (AKCN), referred to as AKCN-E8, for error correction and key consensus. As a direct application, we present a practical key encapsulation mechanism (KEM) from the ideal lattice based on the ring learning with errors (RLWE) problem. Compared with NewHope-KEM that was the second round candidate of the National Institute of Standards and Technology (NIST) post-quantum cryptography (PQC) standardization, our AKCN-E8 KEM scheme overcomes some limitations and shortcomings of NewHope-KEM. Compared with some other dominating KEM schemes based on the variants of LWE, specifically Kyber and Saber, AKCN-E8 has a comparable performance but enjoys much flexible shared-key sizes. Specifically, the key encapsulated by AKCN-E8-512 (resp., 768, 1024) has the size of 256 (resp., 384, 512) bits. Flexible key size renders us stronger security against quantum attacks, more powerful and economic ability of key transportation, and better matches the demand in interactive protocols like TLS where parties need to negotiate the security parameters including the shared key length.

Jintai Ding,Momonari Kudo,Shinya Okumura,Tsuyoshi Takagi,Chengdong Tao

DOI: https://doi.org/10.1007/s13160-018-0316-x

2018-01-01

Japan Journal of Industrial and Applied Mathematics

Abstract:Researching post-quantum cryptography is now an important task in cryptography. Although various candidates of post-quantum cryptosystems (PQC) have been constructed, sizes of their public keys are large. Okumura constructed a candidate of PQC whose security is expected to be based on certain Diophantine equations (DEC). Okumura analysis suggests that DEC achieves the high security with small public key sizes. This paper proposes a polynomial time-attack on the one-way property of DEC. We reduce the security of DEC to finding special short lattice points of some low-rank lattices derived from public data. The usual LLL algorithm could not find the most important lattice point in our experiments because of certain properties of the lattice point. Our heuristic analysis leads us to using a variant of the LLL algorithm, called a weighted LLL algorithm by us. Our experiments suggest that DEC with 128 bit security becomes insecure by our attack.

Pierre-Augustin Berthet

2024-09-24

Abstract:Due to developments in quantum computing, classical asymmetric cryptography is at risk of being breached. Consequently, new Post-Quantum Cryptography (PQC) primitives using lattices are studied. Another point of scrutiny is the resilience of these new primitives to Side Channel Analysis (SCA), where an attacker can study physical leakages. In this work we discuss a SCA vulnerability due to the ciphertext malleability of some PQC primitives exposed by a work from Ravi et al. We propose a novel countermeasure to this vulnerability exploiting the same ciphertext malleability and discuss its practical application to several PQC primitives. We also extend the seminal work of Ravi et al. by detailling their attack on the different security levels of a post-quantum Key Encapsulation Mechanism (KEM), namely FrodoKEM.

Cryptography and Security

Minqing Zhang,Xu An Wang,Xiaoyuan Yang,Weihua Li

DOI: https://doi.org/10.1155/2015/430797

2015-01-01

Mobile Information Systems

Abstract:In SCN12, Nieto et al. discussed an interesting property of public key encryption with chosen ciphertext security, that is, ciphertexts with public verifiability. Independently, we introduced a new cryptographic primitive, CCA-secure publicly verifiable public key encryption without pairings in the standard model (PVPKE), and discussed its application in proxy reencryption (PRE) and threshold public key encryption (TPKE). In Crypto’09, Hofheiz and Kiltz introduced the group of signed quadratic residues and discussed its application; the most interesting feature of this group is its “gap” property, while the computational problem is as hard as factoring, and the corresponding decisional problem is easy. In this paper, we give new constructions ofPVPKEscheme based on signed quadratic residues and analyze their security. We also discussPVPKE’s important application in modern information systems, such as achieving ciphertext checkable in the cloud setting for the mobile laptop, reducing workload by the gateway between the open internet and the trusted private network, and dropping invalid ciphertext by the routers for helping the network to preserve its communication bandwidth.

Paul Staat,Meik Dörpinghaus,Azadeh Sheikholeslami,Christof Paar,Gerhard Fettweis,Dennis Goeckel

2024-12-18

Abstract:Today's information society relies on cryptography to achieve security goals such as confidentiality, integrity, authentication, and non-repudiation for digital communications. Here, public-key cryptosystems play a pivotal role to share encryption keys and create digital signatures. However, quantum computers threaten the security of traditional public-key cryptosystems as they can tame computational problems underlying the schemes, i.e., discrete logarithm and integer factorization. The prospective arrival of capable-enough quantum computers already threatens today's secret communication in terms of their long-term secrecy when stored to be later decrypted. Therefore, researchers strive to develop and deploy alternative schemes. In this work, evaluate a key exchange protocol based on combining public-key schemes with physical-layer security, anticipating the prospect of quantum attacks. If powerful quantum attackers cannot immediately obtain private keys, legitimate parties have a window of short-term secrecy to perform a physical-layer jamming key exchange (JKE) to establish a long-term shared secret. Thereby, the protocol constraints the computation time available to the attacker to break the employed public-key cryptography. In this paper, we outline the protocol, discuss its security, and point out challenges to be resolved.

Cryptography and Security

Shuai Han,Shengli Liu,Lin Lyu

DOI: https://doi.org/10.1155/2017/2148534

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:KDM[F]-CCA security of public-key encryption (PKE) ensures the privacy of key-dependent messages f(sk) which are closely related to the secret key sk, where f∈F, even if the adversary is allowed to make decryption queries. In this paper, we study the design of KDM-CCA secure PKE. To this end, we develop a new primitive named Auxiliary-Input Authenticated Encryption (AIAE). For AIAE, we introduce two related-key attack (RKA) security notions, including IND-RKA and weak-INT-RKA. We present a generic construction of AIAE from tag-based hash proof system (HPS) and one-time secure authenticated encryption (AE) and give an instantiation of AIAE under the Decisional Diffie-Hellman (DDH) assumption. Using AIAE as an essential building block, we give two constructions of efficient KDM-CCA secure PKE based on the DDH and the Decisional Composite Residuosity (DCR) assumptions. Specifically, (i) our first PKE construction is the first one achieving KDM[Faff]-CCA security for the set of affine functions and compactness of ciphertexts simultaneously. (ii) Our second PKE construction is the first one achieving KDM[Fpolyd]-CCA security for the set of polynomial functions and almost compactness of ciphertexts simultaneously. Our PKE constructions are very efficient; in particular, they are pairing-free and NIZK-free.

Xin Sun,Jiajia Han,Bang Lv,Changhua Sun,Cheng Zeng

DOI: https://doi.org/10.1371/journal.pone.0312690

IF: 3.7

2024-10-31

PLoS ONE

Abstract:With the rise of the Internet of things, the limitations of traditional PKI certificate authentication technology have progressively emerged. Hence, identity-based public key algorithms have been proposed. In this paper, we propose a new approach to generate an identity key, named identity public key (IPK). IPK identity key generation protocol is based on SM2 elliptic curve cryptography and random matrix theory. It builds upon the concept of combined public key (CPK) and resolves the linear collusion issue of CPK as well as the authenticity verification problem of the declared public key of the simplified TF-CPK by enhancing the identity mapping approach. Another main aim of this paper is to prove the security of the IPK identity key generation protocol. Roughly speaking, we verify the security of each part of the private key and the security of the composite private key. We also increase the function and performance comparison with other schemes, such as IBC(SM9) and TF-CPK. Our scheme has the lowest computation cost, which demonstrates its rationality.

multidisciplinary sciences

XG Wang,XF Gong,M Zhan,CH Lai

DOI: https://doi.org/10.1063/1.1916207

2005-01-01

Abstract:Currently used public-key cryptosystems are based on difficulties in solving certain numeric theoretic problems, in which the way to predict the private key from the knowledge of the public key is computationally infeasible. Here we propose a method of constructing public-key cryptosystems by generalized synchronization of coupled map lattices, in which the difficulty in predicting the synchronous function is used as the trap-door function to deduce the private key from the public key. In specific, we implement this idea on the method of "Merkle's puzzles," and find that, incorporated with the chaotic dynamics, this traditional method is equipped with some new features and can be practical in certain situations.

Shuai Han,Shengli Liu,Lin Lyu

DOI: https://doi.org/10.1007/978-3-662-53890-6_11

2016-01-01

Abstract:KDM[F]-CCA secure public-key encryption (PKE) protects the security of message f(sk), with f. F, that is computed directly from the secret key, even if the adversary has access to a decryption oracle. An efficient KDM[F-aff]-CCA secure PKE scheme for affine functions was proposed by Lu, Li and Jia (LLJ, EuroCrypt2015). We point out that their security proof cannot go through based on the DDH assumption. In this paper, we introduce a new concept Authenticated Encryption with Auxiliary-Input AIAE and define for it new security notions dealing with related-key attacks, namely IND-RKA security and weak INT-RKA security. We also construct such an AIAE w.r.t. a set of restricted affine functions from the DDH assumption. With our AIAE,- we construct the first efficient KDM[F-aff]-CCA secure PKE w.r.t. affine functions with compact ciphertexts, which consist only of a constant number of group elements;- we construct the first efficient KDM[F-poly(d)]-CCA secure PKE w.r.t. polynomial functions of bounded degree d with almost compact ciphertexts, and the number of group elements in a ciphertext is polynomial in d, independent of the security parameter.Our PKEs are both based on the DDH & DCR assumptions, free of NIZK and free of pairing.

Randy Kuang

2024-02-07

Abstract:In response to the evolving landscape of quantum computing and the escalating vulnerabilities in classical cryptographic systems, our paper introduces a unified cryptographic framework. Rooted in the innovative work of Kuang et al., we leverage two novel primitives: the Quantum Permutation Pad (QPP) for symmetric key encryption and the Homomorphic Polynomial Public Key (HPPK) for Key Encapsulation Mechanism (KEM) and Digital Signatures (DS). Our approach adeptly confronts the challenges posed by quantum advancements. Utilizing the Galois Permutation Group's matrix representations and inheriting its bijective and non-commutative properties, QPP achieves quantum-secure symmetric key encryption, seamlessly extending Shannon's perfect secrecy to both classical and quantum-native systems. Meanwhile, HPPK, free from NP-hard problems, fortifies symmetric encryption for the plain public key. It accomplishes this by concealing the mathematical structure through modular multiplications or arithmetic representations of Galois Permutation Group over hidden rings, harnessing their partial homomorphic properties. This allows for secure computation on encrypted data during secret encapsulations, bolstering the security of the plain public key. The seamless integration of KEM and DS within HPPK cryptography yields compact key, cipher, and signature sizes, demonstrating exceptional performance. This paper organically unifies QPP and HPPK under the Galois Permutation Group, marking a significant advancement in laying the groundwork for quantum-resistant cryptographic protocols. Our contribution propels the development of secure communication systems amid the era of quantum computing.

Cryptography and Security,Quantum Physics

Lize Gu,Licheng Wang,Kaoru Ota,Mianxiong Dong,Zhenfu Cao,Yixian Yang

DOI: https://doi.org/10.1002/sec.710

IF: 1.968

2013-01-01

Security and Communication Networks

Abstract:Two novel public key encryption schemes based on the non-Abelian factorization problems were proposed. Both of them are proved to be indistinguishable against adaptively chosen ciphertext attack (IND-CCA2) in the random oracle models. These constructions have the potential to resist Shor's quantum algorithm attack proposed in 1994 and give affirmative answers for the open question announced by Myasnikov, Shpilrain and Ushakov in 2011. Copyright (c) 2013 John Wiley & Sons, Ltd.

Johanna Barzen,Frank Leymann

2024-05-20

Abstract:Nowadays, predominant asymmetric cryptographic schemes are considered to be secure because discrete logarithms are believed to be hard to be computed. The algorithm of Shor can effectively compute discrete logarithms, i.e. it can brake such asymmetric schemes. But the algorithm of Shor is a quantum algorithm and at the time this algorithm has been invented, quantum computers that may successfully execute this algorithm seemed to be far out in the future. The latter has changed: quantum computers that are powerful enough are likely to be available in a couple of years. In this article, we first describe the relation between discrete logarithms and two well-known asymmetric security schemes, RSA and Elliptic Curve Cryptography. Next, we present the foundations of lattice-based cryptography which is the bases of schemes that are considered to be safe against attacks by quantum algorithms (as well as by classical algorithms). Then we describe two such quantum-safe algorithms (Kyber and Dilithium) in more detail. Finally, we give a very brief and selective overview of a few actions currently taken by governments and industry as well as standardization in this area. The article especially strives towards being self-contained: the required mathematical foundations to understand post-quantum cryptography are provided and examples are given.

Cryptography and Security,Quantum Physics