Cryptanalysis of an Efficient Signcryption Scheme with Forward Secrecy Based on Elliptic Curve

The signcryption is a relatively new cryptographic technique that is supposed to fulfill the functionalities of encryption and digital signature in a single logical step. Several signcryption schemes are proposed throughout the years, each of them having its own problems and limitations. In this paper, the security of a recent signcryption scheme, i.e. Hwang et al.'s scheme is analyzed, and it is proved that it involves several security flaws and shortcomings. Several devastating attacks are also introduced to the mentioned scheme whereby it fails all the desired and essential security attributes of a signcryption scheme.Comment: 5 Pages, 2 Figure

On the Relations Between Diffie-Hellman and ID-Based Key Agreement from Pairings

This paper studies the relationships between the traditional Diffie-Hellman key agreement protocol and the identity-based (ID-based) key agreement protocol from pairings. For the Sakai-Ohgishi-Kasahara (SOK) ID-based key construction, we show that identical to the Diffie-Hellman protocol, the SOK key agreement protocol also has three variants, namely \emph{ephemeral}, \emph{semi-static} and \emph{static} versions. Upon this, we build solid relations between authenticated Diffie-Hellman (Auth-DH) protocols and ID-based authenticated key agreement (IB-AK) protocols, whereby we present two \emph{substitution rules} for this two types of protocols. The rules enable a conversion between the two types of protocols. In particular, we obtain the \emph{real} ID-based version of the well-known MQV (and HMQV) protocol. Similarly, for the Sakai-Kasahara (SK) key construction, we show that the key transport protocol underlining the SK ID-based encryption scheme (which we call the "SK protocol") has its non-ID counterpart, namely the Hughes protocol. Based on this observation, we establish relations between corresponding ID-based and non-ID-based protocols. In particular, we propose a highly enhanced version of the McCullagh-Barreto protocol

SOME REMARKS ON THE LOGARITHMIC SIGNATURES OF FINITE ABELIAN GROUPS

In the paper about the cryptosystem MST3, Svaba and Trung pro- posed a way to build a cryptosystem based on the concept of logarithmic signa- tures, and they choose Suzuki\u27s group, which is not abelian for implementing. Recently, to reason why these methods cannot be applied to abelian groups; Sv- aba, Trung and Wolf developed some algorithms to factorize the fused transver- sal logarithmic signatures (FTLS). Their attacks can be avoided by some mod- ications, which is the aim of this paper, where we will use the weakness of the discrete logarithm problem (DLP) to propose two cryptosystems. The rst one is based on the new concept about quasi-logarithmic signature of nite solvable groups, which is the generalization of logarithmic signatures. The second is built on the logarithmic signatures of nite cyclic 2-groups, which include two interesting examples on Pell\u27s curves and elliptic curves over nite elds

An identity-based key infrastructure suitable for messaging applications

Abstract—Identity-based encryption (IBE) systems are relatively recently proposed; yet they are highly popular for messaging applications since they offer new features such as certificateless infrastructure and anonymous communication. In this paper, we intended to propose an IBE infrastructure for messaging applications. The proposed infrastructure requires one registration authority and at least one public key generator and they secret share the master secret key. In addition, the PKG also shares the same master secret with each user in the system in a different way. Therefore, the PKG will never be able to learn the private keys of users under non-collusion assumption. We discuss different aspects of the proposed infrastructure such as security, key revocation, uniqueness of the identities that constitute the main drawbacks of other IBE schemes. We demonstrate that our infrastructure solves many of these drawbacks under certain assumptions

Secure Trapdoor Hash Functions Based on Public-Key Cryptosystems

In this paper we systematically consider examples representative of the various families of public-key cryptosystems to see if it would be possible to incorporate them into trapdoor hash functions, and we attempt to evaluate the resulting strengths and weaknesses of the functions we are able to construct. We are motivated by the following question: Question 1.2 How likely is it that the discoverer of a heretofore unknown public-key cryptosystem could subvert it for use in a plausible secure trapdoor hash algorithm? In subsequent sections, our investigations will lead to a variety of constructions and bring to light the non-adaptability of public-key cryptosystems that are of a \low density. More importantly, we will be led to consider from a new point of view the effects of the unsigned addition, shift, exclusive-or and other logical bit string operators that are presently used in constructing secure hash algorithms: We will show how the use of publickey cryptosystems leads to \fragile secure hash algorithms, and we will argue that circular shift operators are largely responsible for the security of modern high-speed secure hash algorithms

Breaking an orbit-based symmetric cryptosystem

We report a break for a recently proposed class of cryptosystems. The cryptosystem uses constant points of a periodic secret orbit to encrypt the plaintext. In order to break the system, it suffices to sort the constant points and find the initial fixed point. We also report breaks for modified versions of the cryptosystem. In addition, we discuss some efficiency issues of the cryptosystem.Publisher's VersionAuthor's Cop

Algebraic Curves and Cryptographic Protocols for the e-society

Amb l'augment permanent de l'adopció de sistemes intel·ligents de tot tipus en la societat actual apareixen nous reptes. Avui en dia quasi tothom en la societat moderna porta a sobre almenys un telèfon intel·ligent, si no és que porta encara més dispositius capaços d'obtenir dades personals, com podria ser un smartwatch per exemple. De manera similar, pràcticament totes les cases tindran un comptador intel·ligent en el futur pròxim per a fer un seguiment del consum d'energia. També s'espera que molts més dispositius del Internet de les Coses siguin instal·lats de manera ubiqua, recol·lectant informació dels seus voltants i/o realitzant accions, com per exemple en sistemes d'automatització de la llar, estacions meteorològiques o dispositius per la ciutat intel·ligent en general. Tots aquests dispositius i sistemes necessiten enviar dades de manera segura i confidencial, les quals poden contindre informació sensible o de caire privat. A més a més, donat el seu ràpid creixement, amb més de nou mil milions de dispositius en tot el món actualment, s'ha de tenir en compte la quantitat de dades que cal transmetre. En aquesta tesi mostrem la utilitat de les corbes algebraiques sobre cossos finits en criptosistemes de clau pública, en particular la de les corbes de gènere 2, ja que ofereixen la mida de clau més petita per a un nivell de seguretat donat i això redueix de manera significativa el cost total de comunicacions d'un sistema, a la vegada que manté un rendiment raonable. Analitzem com la valoració 2-àdica del cardinal de la Jacobiana augmenta en successives extensions quadràtiques, considerant corbes de gènere 2 en cossos de característica senar, incloent les supersingulars. A més, millorem els algoritmes actuals per a computar la meitat d'un divisor d'una corba de gènere 2 sobre un cos binari, cosa que pot ser útil en la multiplicació escalar, que és l'operació principal en criptografia de clau pública amb corbes. Pel que fa a la privacitat, presentem un sistema de pagament d'aparcament per mòbil que permet als conductors pagar per aparcar mantenint la seva privacitat, i per tant impedint que el proveïdor del servei o un atacant obtinguin un perfil de conducta d'aparcament. Finalment, oferim protocols de smart metering millorats, especialment pel que fa a la privacitat i evitant l'ús de terceres parts de confiança.Con el aumento permanente de la adopción de sistemas inteligentes de todo tipo en la sociedad actual aparecen nuevos retos. Hoy en día prácticamente todos en la sociedad moderna llevamos encima al menos un teléfono inteligente, si no es que llevamos más dispositivos capaces de obtener datos personales, como podría ser un smartwatch por ejemplo. De manera similar, en el futuro cercano la mayoría de las casas tendrán un contador inteligente para hacer un seguimiento del consumo de energía. También se espera que muchos más dispositivos del Internet de las Cosas sean instalados de manera ubicua, recolectando información de sus alrededores y/o realizando acciones, como por ejemplo en sistemas de automatización del hogar, estaciones meteorológicas o dispositivos para la ciudad inteligente en general. Todos estos dispositivos y sistemas necesitan enviar datos de manera segura y confidencial, los cuales pueden contener información sensible o de ámbito personal. Además, dado su rápido crecimiento, con más de nueve mil millones de dispositivos en todo el mundo actualmente, hay que tener en cuenta la cantidad de datos a transmitir. En esta tesis mostreamos la utilidad de las curvas algebraicas sobre cuerpos finitos en criptosistemas de clave pública, en particular la de las curvas de género 2, ya que ofrecen el tamaño de clave más pequeño para un nivel de seguridad dado y esto disminuye de manera significativa el coste total de comunicaciones del sistema, a la vez que mantiene un rendimiento razonable. Analizamos como la valoración 2-ádica del cardinal de la Jacobiana aumenta en sucesivas extensiones cuadráticas, considerando curvas de género 2 en cuerpos de característica importa, incluyendo las supersingulares. Además, mejoramos los algoritmos actuales para computar la mitad de un divisor de una curva de género 2 sobre un cuerpo binario, lo cual puede ser útil en la multiplicación escalar, que es la operación principal en criptografía de clave pública con curvas. Respecto a la privacidad, presentamos un sistema de pago de aparcamiento por móvil que permite a los conductores pagar para aparcar manteniendo su privacidad, y por lo tanto impidiendo que el proveedor del servicio o un atacante obtengan un perfil de conducta de aparcamiento. Finalmente, ofrecemos protocolos de smart metering mejorados, especialmente en lo relativo a la privacidad y evitando el uso de terceras partes de confianza.With the ever increasing adoption of smart systems of every kind throughout society, new challenges arise. Nowadays, almost everyone in modern societies carries a smartphone at least, if not even more devices than can also gather personal data, like a smartwatch or a fitness wristband for example. Similarly, practically all homes will have a smart meter in the near future for billing and energy consumption monitoring, and many other Internet of Things devices are expected to be installed ubiquitously, obtaining information of their surroundings and/or performing some action, like for example, home automation systems, weather detection stations or devices for the smart city in general. All these devices and systems need to securely and privately transmit some data, which can be sensitive and personal information. Moreover, with a rapid increase of their number, with already more than nine billion devices worldwide, the amount of data to be transmitted has to be considered. In this thesis we show the utility of algebraic curves over finite fields in public key cryptosystems, specially genus 2 curves, since they offer the minimum key size for a given security level and that significantly reduces the total communication costs of a system, while maintaining a reasonable performance. We analyze how the 2-adic valuation of the cardinality of the Jacobian increases in successive quadratic extensions, considering genus 2 curves with odd characteristic fields, including supersingular curves. In addition, we improve the current algorithms for computing the halving of a divisor of a genus 2 curve over binary fields, which can be useful in scalar multiplication, the main operation in public key cryptography using curves. As regards to privacy, we present a pay-by-phone parking system which enables drivers to pay for public parking while preserving their privacy, and thus impeding the service provider or an attacker to obtain a profile of parking behaviors. Finally, we offer better protocols for smart metering, especially regarding privacy and the avoidance of trusted third parties