Identity-based encryption schemes - a review

Identity-based encryption (IBE) allows a user to compute public key from arbitrary string such as name or email address as user’s identity explicitly, thus provides a key-certificateless encryption platform while ensuring message confidentiality. In this paper, several identity-based encryption schemes are reviewed, ranging from the first practical well-known Boneh-Franklin IBE scheme based on pairing function to the recent IBE based on lattices. The aim of this review is to provide an extensive view and classification of these IBE schemes based on their setting, including underlying primitives in the parameter setup, fundamental security behind these schemes, comparative computational complexity and efficiency analysis. This review does not consider the variants of IBE such as hierarchical IBE, fuzzy IBE and those from the similar categories. Some current trends in IBE research and its implementation, along with some possible suggestions in designing new IBE schemes in the future are given as a conclusion of this review

The Pre-Shared Key Modes of HPKE

The Hybrid Public Key Encryption (HPKE) standard was recently published as RFC 9180 by the Crypto Forum Research Group (CFRG) of the Internet Research Task Force (IRTF). The RFC specifies an efficient public key encryption scheme, combining asymmetric and symmetric cryptographic building blocks. Out of HPKE’s four modes, two have already been formally analyzed by Alwen et al. (EUROCRYPT 2021). This work considers the remaining two modes: HPKE_PSK and HPKE_AuthPSK . Both of them are “pre-shared key” modes that assume the sender and receiver hold a symmetric pre-shared key. We capture the schemes with two new primitives which we call pre-shared key public-key encryption (pskPKE) and pre-shared key authenticated public-key encryption (pskAPKE). We provide formal security models for pskPKE and pskAPKE and prove (via general composition theorems) that the two modes HPKE_PSK and HPKE_AuthPSK offer active security (in the sense of insider privacy and outsider authenticity) under the Gap Diffie-Hellman assumption. We furthermore explore possible post-quantum secure instantiations of the HPKE standard and propose new solutions based on lattices and isogenies. Moreover, we show how HPKE’s basic HPKEPSK and HPKEAuthPSK modes can be used black-box in a simple way to build actively secure post-quantum/classic-hybrid (authenticated) encryption schemes. Our hybrid constructions provide a cheap and easy path towards a practical post-quantum secure drop-in replacement for the basic HPKE modes HPKE_Base and HPKE_Auth

Cryptanalysis of the multivariate encryption scheme EFLASH

Post-Quantum Cryptography studies cryptographic algorithms that quantum computers cannot break. Recent advances in quantum computing have made this kind of cryptography necessary, and research in the field has surged over the last years as a result. One of the main families of post-quantum cryptographic schemes is based on finding solutions of a polynomial system over finite fields. This family, known as multivariate cryptography, includes both public key encryption and signature schemes. The majority of the research contribution of this thesis is devoted to understanding the security of multivariate cryptography. We mainly focus on big field schemes, i.e., constructions that utilize the structure of a large extension field. One essential contribution is an increased understanding of how Gröbner basis algorithms can exploit this structure. The increased knowledge furthermore allows us to design new attacks in this setting. In particular, the methods are applied to two encryption schemes suggested in the literature: EFLASH and Dob. We show that the recommended parameters for these schemes will not achieve the proposed 80-bit security. Moreover, it seems unlikely that there can be secure and efficient variants based on these ideas. Another contribution is the study of the effectiveness and limitations of a recently proposed rank attack. Finally, we analyze some of the algebraic properties of MiMC, a block cipher designed to minimize its multiplicative complexity.Doktorgradsavhandlin

Lattice Trapdoors and IBE from Middle-Product LWE

Middle-product learning with errors (MP-LWE) was recently introduced by Rosca, Sakzad, Steinfeld and Stehlé (CRYPTO 2017) as a way to combine the efficiency of Ring-LWE with the more robust security guarantees of plain LWE. While Ring-LWE is at the heart of efficient lattice-based cryptosystems, it involves the choice of an underlying ring which is essentially arbitrary. In other words, the effect of this choice on the security of Ring-LWE is poorly understood. On the other hand, Rosca et al. showed that a new LWE variant, called MP-LWE, is as secure as Polynomial-LWE (another variant of Ring-LWE) over any of a broad class of number fields. They also demonstrated the usefulness of MP-LWE by constructing an MP-LWE based public-key encryption scheme whose efficiency is comparable to Ring-LWE based public-key encryption. In this work, we take this line of research further by showing how to construct Identity-Based Encryption (IBE) schemes that are secure under a variant of the MP-LWE assumption. Our IBE schemes match the efficiency of Ring-LWE based IBE, including a scheme in the random oracle model with keys and ciphertexts of size $\tilde{O}(n)$ (for $n$-bit identities). We construct our IBE scheme following the lattice trapdoors paradigm of [Gentry, Peikert, and Vaikuntanathan, STOC\u2708]; our main technical contributions are introducing a new leftover hash lemma and instantiating a new variant of lattice trapdoors compatible with MP-LWE. This work demonstrates that the efficiency/security tradeoff gains of MP-LWE can be extended beyond public-key encryption to more complex lattice-based primitives

A measurement study of peer-to-peer bootstrapping and implementations of delay-based cryptography

This thesis researches two distinct areas of study in both peer-to-peer networking formodern cryptocurrencies and implementations of delay-based cryptography.The first part of the thesis researches elements of peer-to-peer network mechanisms,with a specific focus on the dependencies on centralised infrastructure required for theinitial participation in such networks.Cryptocurrencies rely on decentralised peer-to-peer networks, yet the method bywhich new peers initially join these networks, known as bootstrapping, presents a significantchallenge. Our original research consists of a measurement study of 74 cryptocurrencies.Our study reveals a prevalent reliance on centralised infrastructure which leadsto censorship-prone bootstrapping techniques leaving networks vulnerable to censorshipand manipulation.In response, we explore alternative bootstrapping methods seeking solutions lesssusceptible to censorship. However, our research demonstrates operational challengesand limitations which hinder their effectiveness, highlighting the complexity of achievingcensorship-resistance in practice.Furthermore, our global measurement study uncovers the details of cryptocurrencypeer-to-peer networks, revealing instances outages and intentional protocol manipulationimpacting bootstrapping operations. Through a volunteer network of probes deployedacross 42 countries, we analyse network topology, exposing centralisation tendencies andunintentional peer exposure.Our research also highlights the pervasive inheritance of legacy bootstrapping methods,perpetuating security vulnerabilities and censorship risks within cryptocurrencysystems. These findings illuminate broader concerns surrounding decentralisation andcensorship-resistance in distributed systems.In conclusion, our study offers valuable insights into cryptocurrency bootstrappingtechniques and their susceptibility to censorship, paving the way for future research andinterventions to enhance the resilience and autonomy of peer-to-peer networks.In the second part of the thesis, attention shifts towards delay-based cryptography,where the focus lies on the creation and practical implementations of timed-release encryptionschemes. Drawing from the historical delay-based cryptographic protocols, thisthesis presents two original research contributions.The first is the creation of a new timed-release encryption scheme with a propertytermed implicit authentication. The second contribution is the development of a practicalconstruction called TIDE (TIme Delayed Encryption) tailored for use in sealed-bidauctions.Timed-Release Encryption with Implicit Authentication (TRE-IA) is a cryptographicprimitive which presents a new property named implicit authentication (IA). This propertyensures that only authorised parties, such as whistleblowers, can generate meaningfulciphertexts. By incorporating IA techniques into the encryption process, TRE-IAaugments a new feature in standard timed-release encryption schemes by ensuring thatonly the party with the encryption key can create meaningful ciphertexts. This propertyensures the authenticity of the party behind the sensitive data disclosure. Specifically, IAenables the encryption process to authenticate the identity of the whistleblower throughthe ciphertext. This property prevents malicious parties from generating ciphertextsthat do not originate from legitimate sources. This ensures the integrity and authenticityof the encrypted data, safeguarding against potential leaks of information not vettedby the party performing the encryption.TIDE introduces a new method for timed-release encryption in the context of sealedbidauctions by creatively using classic number-theoretic techniques. By integratingRSA-OEAP public-key encryption and the Rivest Shamir Wagner time-lock assumptionwith classic number theory principles, TIDE offers a solution that is both conceptuallystraightforward and efficient to implement.Our contributions in TIDE address the complexities and performance challengesinherent in current instantiations of timed-release encryption schemes. Our researchoutput creates a practical timed-release encryption implementation on consumer-gradehardware which can facilitate real-world applications such as sealed-bid auctions withclear steps for implementation.Finally, our thesis concludes with a review of the prospects of delay-based cryptographywhere we consider potential applications such as leveraging TIDE for a publicrandomness beacon.<br/

Kyber on ARM64: Compact Implementations of Kyber on 64-bit ARM Cortex-A Processors

Public-key cryptography based on the lattice problem is efficient and believed to be secure in a post-quantum era. In this paper, we introduce carefully optimized implementations of Kyber encryption schemes for 64-bit ARM Cortex-A processors. Our research contribution includes several optimizations for Number Theoretic Transform (NTT), noise sampling, and AES accelerator based symmetric function implementations. The proposed Kyber512 implementation on ARM64 improved previous works by 1.72×, 1.88×, and 2.29× for key generation, encapsulation, and decapsulation, respectively. Moreover, by using AES accelerator in the proposed Kyber512-90s implementation, it is improved by 8.57×, 6.94×, and 8.26× for key generation, encapsulation, and decapsulation, respectively. These results set new speed records for Kyber encryption on 64-bit ARM Cortex-A processors

Big-Key Symmetric Encryption: Resisting Key Exfiltration

This paper aims to move research in the bounded retrieval model (BRM) from theory to practice by considering symmetric (rather than public-key) encryption, giving efficient schemes, and providing security analyses with sharp, concrete bounds. The threat addressed is malware that aims to exfiltrate a user\u27s key. Our schemes aim to thwart this by using an enormously long key, yet paying for this almost exclusively in storage cost, not speed. Our main result is a general-purpose lemma, the subkey prediction lemma, that gives a very good bound on an adversary\u27s ability to guess a (modest length) subkey of a big-key, the subkey consisting of the bits of the big-key found at random, specified locations, after the adversary has exfiltrated partial information about the big key (e.g., half as many bits as the big-key is long). We then use this to design a new kind of key encapsulation mechanism, and, finally, a symmetric encryption scheme. Both are in the random-oracle model. We also give a less efficient standard-model scheme that is based on universal computational extractors (UCE). Finally, we define and achieve hedged BRM symmetric encryption, which provides authenticity in the absence of leakage

Cyclotomic Polynomials in Ring-LWE Homomorphic Encryption Schemes

Homomorphic Encryption has been considered the \u27Holy Grail of Cryptography\u27 since the discovery of secure public key cryptography in the 1970s. In 2009, a long-standing question about whether fully homomorphic encryption is theoretically plausible was affirmatively answered by Craig Gentry and his bootstrapping construction. Gentry\u27s breakthrough has initiated a surge of new research in this area, one of the most promising ideas being the Learning With Errors (LWE) problem posed by Oded Regev\u27s. Although this problem has proved to be versatile as a basis for homomorphic encryption schemes, the large key sizes result in a quadratic overhead making this inefficient for practical purposes. In order to address this efficiency issue, Oded Regev, Chris Peikert and Vadim Lyubashevsky ported the LWE problem to a ring setting, thus calling it the Ring Learning with Errors (Ring-LWE) problem. The underlying ring structure of the Ring-LWE problem is $\mathbb{Z}[x]/\Phi_m(x)$ where $\Phi_m(x)$ is the $m$th cyclotomic polynomial. The hardness of this problem is based on special properties of cyclotomic number fields. In this thesis, we explore the properties of lattices and algebraic number fields, in particular, cyclotomic number fields which make them a good choice to be used in the Ring-LWE problem setting. The biggest crutch in homomorphic encryption schemes till date is performing homomorphic multiplication. As the noise term in the resulting ciphertext grows multiplicatively, it is very hard to recover the original ciphertext after a certain number of multiplications without compromising on efficiency. We investigate the efficiency of an implemented cryptosystem based on the Ring-LWE hardness and measure the performance of homomorphic multiplication by varying different parameters such as the cipherspace cyclotomic index and the underlying ring $\mathbb{Z}_p$

A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the survey that is being submitted to ACM CSUR and has been uploaded to arXiv for feedback from stakeholder