A Constructive Perspective on Signcryption Security

Signcryption is a public-key cryptographic primitive, originally introduced by Zheng (Crypto \u2797), that allows parties to establish secure communication without the need of prior key agreement. Instead, a party registers its public key at a certificate authority (CA), and only needs to retrieve the public key of the intended partner from the CA before being able to protect the communication. Signcryption schemes provide both authenticity and confidentiality of sent messages and can offer a simpler interface to applications and better performance compared to generic compositions of signature and encryption schemes. Although introduced two decades ago, the question which security notions of signcryption are adequate in which applications has still not reached a fully satisfactory answer. To resolve this question, we conduct a constructive analysis of this public-key primitive. Similar to previous constructive studies for other important primitives, this treatment allows to identify the natural goal that signcryption schemes should achieve and to formalize this goal in a composable framework. More specifically, we capture the goal of signcryption as a gracefully-degrading secure network, which is basically a network of independent parties that allows secure communication between any two parties. However, when a party is compromised, its respective security guarantees are lost, while all guarantees for the remaining users remain unaffected. We show which security notions for signcryption are sufficient to construct this kind of secure network from a certificate authority (or key registration resource) and insecure communication. Our study does not only unveil that it is the so-called insider-security notion that enables this construction, but also that a weaker version thereof would already be sufficient. This may be of interest in the context of practical signcryption schemes that do not achieve the stronger notions. Last but not least, we observe that the graceful-degradation property is actually an essential feature of signcryption that stands out in comparison to alternative and more standard constructions that achieve secure communication from the same assumptions. This underlines the vital importance of the insider security notion for signcryption and strongly supports, in contrast to the initial belief, the recent trend to consider the insider security notion as the standard notion for signcryption

Studies on the Security of Selected Advanced Asymmetric Cryptographic Primitives

The main goal of asymmetric cryptography is to provide confidential communication, which allows two parties to communicate securely even in the presence of adversaries. Ever since its invention in the seventies, asymmetric cryptography has been improved and developed further, and a formal security framework has been established around it. This framework includes different security goals, attack models, and security notions. As progress was made in the field, more advanced asymmetric cryptographic primitives were proposed, with other properties in addition to confidentiality. These new primitives also have their own definitions and notions of security. This thesis consists of two parts, where the first relates to the security of fully homomorphic encryption and related primitives. The second part presents a novel cryptographic primitive, and defines what security goals the primitive should achieve. The first part of the thesis consists of Article I, II, and III, which all pertain to the security of homomorphic encryption schemes in one respect or another. Article I demonstrates that a particular fully homomorphic encryption scheme is insecure in the sense that an adversary with access only to the public material can recover the secret key. It is also shown that this insecurity mainly stems from the operations necessary to make the scheme fully homomorphic. Article II presents an adaptive key recovery attack on a leveled homomorphic encryption scheme. The scheme in question claimed to withstand precisely such attacks, and was the only scheme of its kind to do so at the time. This part of the thesis culminates with Article III, which is an overview article on the IND-CCA1 security of all acknowledged homomorphic encryption schemes. The second part of the thesis consists of Article IV, which presents Vetted Encryption (VE), a novel asymmetric cryptographic primitive. The primitive is designed to allow a recipient to vet who may send them messages, by setting up a public filter with a public verification key, and providing each vetted sender with their own encryption key. There are three different variants of VE, based on whether the sender is identifiable to the filter and/or the recipient. Security definitions, general constructions and comparisons to already existing cryptographic primitives are provided for all three variants.Doktorgradsavhandlin

CASE: A New Frontier in Public-Key Authenticated Encryption

We introduce a new cryptographic primitive, called Completely Anonymous Signed Encryption (CASE). CASE is a public-key authenticated encryption primitive, that offers anonymity for senders as well as receivers. A case-packet should appear, without a (decryption) key for opening it, to be a blackbox that reveals no information at all about its contents. To decase a case-packet fully - so that the message is retrieved and authenticated - a verifcation key is also required. Defining security for this primitive is subtle. We present a relatively simple Chosen Objects Attack (COA) security definition. Validating this definition, we show that it implies a comprehensive indistinguishability-preservation definition in the real-ideal paradigm. To obtain the latter definition, we extend the Cryptographic Agents framework of [2, 3] to allow maliciously created objects. We also provide a novel and practical construction for COA-secure CASE under standard assumptions in public-key cryptography, and in the standard model. We believe CASE can be a staple in future cryptographic libraries, thanks to its robust security guarantees and efficient instantiations based on standard assumptions

Public-Key Encryption with Lazy Parties

In a public-key encryption scheme, if a sender is not concerned about the security of a message and is unwilling to generate costly randomness, the security of the encrypted message can be compromised. In this work, we characterize such \emph{lazy parties}, who are regraded as honest parties, but are unwilling to perform a costly task when they are not concerned about the security. Specifically, we consider a rather simple setting in which the costly task is to generate randomness used in algorithms, and parties can choose either perfect randomness or a fixed string. We model lazy parties as rational players who behave rationally to maximize their utilities, and define a security game between the parties and an adversary. Since a standard secure encryption scheme does not work in the setting, we provide constructions of secure encryption schemes in various settings

Identity based cryptography from pairings.

Yuen Tsz Hon.Thesis (M.Phil.)--Chinese University of Hong Kong, 2006.Includes bibliographical references (leaves 109-122).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiList of Notations --- p.viiiChapter 1 --- Introduction --- p.1Chapter 1.1 --- Identity Based Cryptography --- p.3Chapter 1.2 --- Hierarchical Identity Based Cryptosystem --- p.4Chapter 1.3 --- Our contributions --- p.5Chapter 1.4 --- Publications --- p.5Chapter 1.4.1 --- Publications Produced from This Thesis --- p.5Chapter 1.4.2 --- Publications During Author's Study in the Degree --- p.6Chapter 1.5 --- Thesis Organization --- p.6Chapter 2 --- Background --- p.8Chapter 2.1 --- Complexity Theory --- p.8Chapter 2.1.1 --- Order Notation --- p.8Chapter 2.1.2 --- Algorithms and Protocols --- p.9Chapter 2.1.3 --- Relations and Languages --- p.11Chapter 2.2 --- Algebra and Number Theory --- p.12Chapter 2.2.1 --- Groups --- p.12Chapter 2.2.2 --- Elliptic Curve --- p.13Chapter 2.2.3 --- Pairings --- p.14Chapter 2.3 --- Intractability Assumptions --- p.15Chapter 2.4 --- Cryptographic Primitives --- p.18Chapter 2.4.1 --- Public Key Encryption --- p.18Chapter 2.4.2 --- Digital Signature --- p.19Chapter 2.4.3 --- Zero Knowledge --- p.21Chapter 2.5 --- Hash Functions --- p.23Chapter 2.6 --- Random Oracle Model --- p.24Chapter 3 --- Literature Review --- p.26Chapter 3.1 --- Identity Based Signatures --- p.26Chapter 3.2 --- Identity Based Encryption --- p.27Chapter 3.3 --- Identity Based Signcryption --- p.27Chapter 3.4 --- Identity Based Blind Signatures --- p.28Chapter 3.5 --- Identity Based Group Signatures --- p.28Chapter 3.6 --- Hierarchical Identity Based Cryptography --- p.29Chapter 4 --- Blind Identity Based Signcryption --- p.30Chapter 4.1 --- Schnorr's ROS problem --- p.31Chapter 4.2 --- BIBSC and Enhanced IBSC Security Model --- p.32Chapter 4.2.1 --- Enhanced IBSC Security Model --- p.33Chapter 4.2.2 --- BIBSC Security Model --- p.36Chapter 4.3 --- Efficient and Secure BIBSC and IBSC Schemes --- p.38Chapter 4.3.1 --- Efficient and Secure IBSC Scheme --- p.38Chapter 4.3.2 --- The First BIBSC Scheme --- p.43Chapter 4.4 --- Generic Group and Pairing Model --- p.47Chapter 4.5 --- Comparisons --- p.52Chapter 4.5.1 --- Comment for IND-B --- p.52Chapter 4.5.2 --- Comment for IND-C --- p.54Chapter 4.5.3 --- Comment for EU --- p.55Chapter 4.6 --- Additional Functionality of Our Scheme --- p.56Chapter 4.6.1 --- TA Compatibility --- p.56Chapter 4.6.2 --- Forward Secrecy --- p.57Chapter 4.7 --- Chapter Conclusion --- p.57Chapter 5 --- Identity Based Group Signatures --- p.59Chapter 5.1 --- New Intractability Assumption --- p.61Chapter 5.2 --- Security Model --- p.62Chapter 5.2.1 --- Syntax --- p.63Chapter 5.2.2 --- Security Notions --- p.64Chapter 5.3 --- Constructions --- p.68Chapter 5.3.1 --- Generic Construction --- p.68Chapter 5.3.2 --- An Instantiation: IBGS-SDH --- p.69Chapter 5.4 --- Security Theorems --- p.73Chapter 5.5 --- Discussions --- p.81Chapter 5.5.1 --- Other Instantiations --- p.81Chapter 5.5.2 --- Short Ring Signatures --- p.82Chapter 5.6 --- Chapter Conclusion --- p.82Chapter 6 --- Hierarchical IBS without Random Oracles --- p.83Chapter 6.1 --- New Intractability Assumption --- p.87Chapter 6.2 --- Security Model: HIBS and HIBSC --- p.89Chapter 6.2.1 --- HIBS Security Model --- p.89Chapter 6.2.2 --- Hierarchical Identity Based Signcryption (HIBSC) --- p.92Chapter 6.3 --- Efficient Instantiation of HIBS --- p.95Chapter 6.3.1 --- Security Analysis --- p.96Chapter 6.3.2 --- Ordinary Signature from HIBS --- p.101Chapter 6.4 --- Plausibility Arguments for the Intractability of the OrcYW Assumption --- p.102Chapter 6.5 --- Efficient HIBSC without Random Oracles --- p.103Chapter 6.5.1 --- Generic Composition from HIBE and HIBS --- p.104Chapter 6.5.2 --- Concrete Instantiation --- p.105Chapter 6.6 --- Chapter Conclusion --- p.107Chapter 7 --- Conclusion --- p.108Bibliography --- p.10

P2TA: Privacy-preserving task allocation for edge computing enhanced mobile crowdsensing

The final publication is available at Elsevier via https://doi.org/10.1016/j.sysarc.2019.01.005. © 2019. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/In conventional mobile crowdsensing (MCS) applications, the crowdsensing server (CS-server) needs mobile users’ precise locations for optimal task allocation, which raises privacy concerns. This paper proposes a privacy-preserving task allocation framework (called P2TA) for edge computing enhanced MCS, focusing on optimize task acceptance rate while protecting participants’ privacy by introducing edge nodes. The basic idea is that edge nodes act as task assignment agents with privacy protection that prevents an untrusted CS-server from accessing a user’s private data. We begin with a thorough analysis of the limitations of typical task allocation and obfuscation schemes. On this basis, the optimization problem about location obfuscation and task allocation is formulated in consideration of privacy constraints, travel distance and impact of location perturbation. Through problem decomposition, the location obfuscation subproblem is modeled as a leader-follower game between the designer of location obfuscation mechanism and the potential attacker. Against inference attack with background knowledge, a genetic algorithm is introduced to initialize an obfuscation matrix. With the matrix, an edge node makes task allocation decisions that maximize task acceptance rate subject to differential and distortion privacy constraints. The effectiveness and superiority of P2TA compared to exiting task allocation schemes are validated via extensive simulations.The authors gratefully acknowledge the support and financial assistance provided by the National Natural Science Foundation of China under Grant No. 61502230, 61501224 and 61073197, the Natural Science Foundation of Jiangsu Province under Grant No. BK20150960, the National Key R&D Program of China under Grant No. 2018YFC0808500, the Natural Science Foundation of the Jiangsu Higher Education Institutions of China under Grant No. 15KJB520015, and Nanjing Municipal Science and Technology Plan Project under Grant No. 201608009

Elliptic Curve Cryptography on Modern Processor Architectures

Abstract Elliptic Curve Cryptography (ECC) has been adopted by the US National Security Agency (NSA) in Suite "B" as part of its "Cryptographic Modernisation Program ". Additionally, it has been favoured by an entire host of mobile devices due to its superior performance characteristics. ECC is also the building block on which the exciting field of pairing/identity based cryptography is based. This widespread use means that there is potentially a lot to be gained by researching efficient implementations on modern processors such as IBM's Cell Broadband Engine and Philip's next generation smart card cores. ECC operations can be thought of as a pyramid of building blocks, from instructions on a core, modular operations on a finite field, point addition & doubling, elliptic curve scalar multiplication to application level protocols. In this thesis we examine an implementation of these components for ECC focusing on a range of optimising techniques for the Cell's SPU and the MIPS smart card. We show significant performance improvements that can be achieved through of adoption of EC

ISSUES AND SOLUTIONS OF APPLYING IDENTITY-BASED CRYPTOGRAPHY TO MOBILE AD-HOC NETWORKS

Concept of Mobile Ad-hoc Networks (MANETs) was brought up a few decades ago with assumed prosperous future. Unfortunately, we do not see many practical applications of them in real life. Security of MANETs is a big concern considered by investors and industries, and hinders them from putting MANETs into application. Requirements of security, and difficulties to meet these requirements have been stated clearly already; yet solutions to these difficulties are not quite clear. Cryptographic technologies seem to be capable of satisfying most of the requirements, which has been proved in Internet or wired networks. However, most of the technologies, including symmetric and traditional asymmetric cryptography (such as Public Key Infrastructure (PKI)), are inapplicable or inconvenient to use inMANETs context. Identity-based Cryptography (IBC), as a special form of asymmetric cryptography, carries many features interesting for MANETs. IBC has been studied a lot recently by researchers of MANET security, and many applications have been proposed and claimed to address this difficult problem. However, it is still the case that most of the solutions are not sound enough to be used in a practical MANET. This thesis starts with an intensive survey on the proposals of applications of IBC in MANETs, and points out the issues, limitations and weaknesses in these proposals and also in IBC itself. The thesis proposes a novel framework with key management and secure routing scheme integrated aiming to address these issues. This scheme brings these contributions: compared to symmetric key solutions, it has more functionality derived from asymmetric keys, and is more secure due to using 1-to-m broadcasting key instead of only 1 group broadcasting key, and has less keys to store per node due to using asymmetric keys instead of pairwise symmetric keys; compared to traditional asymmetric cryptography solutions, the storage and communication requirements are lower due to IBC properties; compared to previous IBC solutions, it has no key management and secure routing interdependency cycle problem. Security of the proposed scheme is proved and performance of the scheme is simulated and analyzed in the thesis. To the end of a complete solution for an arbitraryMANET running in an arbitrary environment, the thesis proposes enhancements to counter various attacks and options to abate or eliminate limitations and weaknesses of IBC. The proposed scheme has a wide range of applicability for various MANETs with little or no administrative overhead depending on situations where it is considered

A Collaborative PHY-Aided Technique for End-to-End IoT Device Authentication

Nowadays, Internet of Things (IoT) devices are rapidly proliferating to support a vast number of end-to-end (E2E) services and applications, which require reliable device authentication for E2E data security. However, most low-cost IoT end devices with limited computing resources have difficulties in executing the increasingly complicated cryptographic security protocols, resulting in increased vulnerability of the virtual authentication credentials to malicious cryptanalysis. An attacker possessing compromised credentials could be deemed legitimate by the conventional cryptography-based authentication. Although inherently robust to upper-layer unauthorized cryptanalysis, the device-to-device physical-layer (PHY) authentication is practically difficult to be applied to the E2E IoT scenario and to be integrated with the existing, well-established cryptography primitives without any conflict. This paper proposes an enhanced E2E IoT device authentication that achieves seamless integration of PHY security into traditional asymmetric cryptography-based authentication schemes. Exploiting the collaboration of several intermediate nodes (e.g., edge gateway, access point, and full-function device), multiple radio-frequency features of an IoT device can be estimated, quantized, and used in the proposed PHY identity-based cryptography for key protection. A closed-form expression of the generated PHY entropy is derived for measuring the security enhancement. The evaluation results of our cross-layer authentication demonstrate an elevated resistance to various computation-based impersonation attacks. Furthermore, the proposed method does not impose any extra implementation overhead on resource-constrained IoT devices