182 research outputs found
Best Effort and Practice Activation Codes
Activation Codes are used in many different digital services and known by
many different names including voucher, e-coupon and discount code. In this
paper we focus on a specific class of ACs that are short, human-readable,
fixed-length and represent value. Even though this class of codes is
extensively used there are no general guidelines for the design of Activation
Code schemes. We discuss different methods that are used in practice and
propose BEPAC, a new Activation Code scheme that provides both authenticity and
confidentiality. The small message space of activation codes introduces some
problems that are illustrated by an adaptive chosen-plaintext attack (CPA-2) on
a general 3-round Feis- tel network of size 2^(2n) . This attack recovers the
complete permutation from at most 2^(n+2) plaintext-ciphertext pairs. For this
reason, BEPAC is designed in such a way that authenticity and confidentiality
are in- dependent properties, i.e. loss of confidentiality does not imply loss
of authenticity.Comment: 15 pages, 3 figures, TrustBus 201
Format and Order Revealing Encryption
As more and more cloud services emerge so does the need for new methods for securing the
data these services consume, especially since data leaks have become the norm rather than the
exception. Since most cloud services require some kind of access to our private data in order to
perform searches and provide services, new ways of securing our data in the cloud is needed.
This dissertation examines the current state of the cryptographic world in order to try to and
understand and resume what solutions currently exist for this particular type of problem.
This work is motivated by a particular problem of data delegation to a cloud infrastructure. This
problem involves the protection of sensitive data whilst it’s analysed by a third party. While
there is no simple approach to solve this particular problem, this dissertation discusses three
main approaches to tackle this problem. One approach attempts to define a new cryptographic
scheme with a leakage profile that would allow a third party to only have access to some information
of the plaintext but, at the same time, keep the plaintext safe from attackers. Another
approach attempts to use already existing cryptographic schemes, such as, Format Preserving
Encryption and Order Revealing Encryption to solve this particular problem. A final approach
tries to solve this problem by utilising cryptographic tools, such as hash-functions and hash-based
message authentication codes.
An extended study was also conducted in many cryptographic schemes, both current and old
cryptographic schemes. This study allowed for a better view of the cryptographic world and
how these schemes could help us achieve a solution. For this dissertation, a prototype was also
implemented of some recent cryptographic schemes. These prototype implementations allowed
for a deeper understanding of how these schemes work and also allowed us to conduct some
experiments while trying to combine two cryptographic schemes.
The results of this dissertation show that that trying to solve a problem via creating a new
cryptographic scheme is not an easy feat especially when one wants to define correctly the strict
security requirements and also the work needed to understand the mathematical workings of
similar schemes. Lastly we conclude that solving the problem with the help of already existing
tools may be the easiest solution, but, it may also only work for a specific scenario and hence is
of no use in other similar situations. A solution to the particular problem studied in this thesis is
also presented at the end of this dissertation, although, it only applies to this specific problem
and does not solve the more general problem of privacy of data delegation to the cloud.Com a explosão de serviços baseados na nuvem que ocorre nos dias de hoje, torna-se imperativo
que os dados que são consumidos por este tipo de serviços sejam de alguma forma protegidos
contra ataques ou roubos[Cen18]. O principal problema com este tipo de serviços é que, normalmente,
estes serviços precisam de acesso aos dados para conseguirem fazer pesquisas e
correlacionar dados de forma a que seja possÃvel fornecer diversos serviços. Esta dissertação
tem como objetivo estudar o mundo da criptografia de forma a perceber que tipo de garantias
são oferecidas pelos esquemas criptográficos existentes nos dias de hoje para serviços baseados
na nuvem.
Este trabalho é motivado por um problema real de delegação de dados para a nuvem. Este
problema envolve a proteção de dados sensÃveis que precisam de ser analisados por entidades
externas. Embora não haja uma abordagem simples para resolver este tipo de problemas, nesta
dissertação iremos discutir três abordagens que, potencialmente, poderão resolver este problema.
Uma abordagem tenta definir o que poderia ser a estrutura geral de um novo esquema
criptográfico que pudesse lidar com o problema especÃfico em análise. Numa outra abordagem
iremos utilizar ferramentas existentes para tentar resolver o problema em questão. Iremos
também tentar unir dois esquemas criptográficos existentes, de forma a tentar combater este
problema em especÃfico.
Foi também realizado um estudo a vários esquemas criptográficos de forma a perceber quais as
soluções que existem hoje em dia para problemas relacionados com a delegação de dados para
entidades externas, como também, tentar perceber que esquemas criptográficos que ainda são
resultados meramente teóricos mas que possam vir, no futuro, a ser úteis para combater esta
problemática.
Os resultados desta dissertação mostram que resolver um problema relacionado com criptografia
nem sempre é fácil, uma vez que, a má utilização destes esquemas poderá levar a uma falha
grave de segurança. Por fim, concluÃmos que, resolver um problema desta natureza através de
ferramentas existentes é bastante mais fácil do que tentar desenvolver esquemas criptográficos
novos, mas que irá perder o poder de poder ser aplicado a outros problemas semelhantes
A unified framework for trapdoor-permutation-based sequential aggregate signatures
We give a framework for trapdoor-permutation-based sequential aggregate signatures (SAS) that unifies and simplifies prior work and leads to new results. The framework is based on ideal ciphers over large domains, which have recently been shown to be realizable in the random oracle model. The basic idea is to replace the random oracle in the full-domain-hash signature scheme with an ideal cipher. Each signer in sequence applies the ideal cipher, keyed by the message, to the output of the previous signer, and then inverts the trapdoor permutation on the result. We obtain different variants of the scheme by varying additional keying material in the ideal cipher and making different assumptions on the trapdoor permutation. In particular, we obtain the first scheme with lazy verification and signature size independent of the number of signers that does not rely on bilinear pairings.
Since existing proofs that ideal ciphers over large domains can be realized in the random oracle model are lossy, our schemes do not currently permit practical instantiation parameters at a reasonable security level, and thus we view our contribution as mainly conceptual. However, we are optimistic tighter proofs will be found, at least in our specific application.https://eprint.iacr.org/2018/070.pdfAccepted manuscrip
On generalized Feistel networks
We prove beyond-birthday-bound security for the well-known types of
generalized Feistel networks, including: (1) unbalanced Feistel networks, where the -bit to -bit round functions may have ; (2) alternating Feistel networks, where the round functions alternate between contracting and expanding; (3) type-1, type-2, and type-3 Feistel networks, where -bit to -bit round functions are used to encipher -bit strings for some ; and (4) numeric variants of any of the above, where one enciphers numbers in some given range rather than strings of some given size. Using a unified analytic framework we show that, in any of these settings, for
any , with enough rounds, the subject scheme can tolerate CCA attacks of up to adversarial queries, where is the size of the round functions\u27 domain (the size of the larger domain for alternating Feistel). This is asymptotically optimal. Prior analyses for generalized Feistel networks established security to only adversarial queries
Improved quantum attack on Type-1 Generalized Feistel Schemes and Its application to CAST-256
Generalized Feistel Schemes (GFS) are important components of symmetric ciphers, which have been extensively researched in classical setting. However, the security evaluations of GFS in quantum setting are rather scanty.
In this paper, we give more improved polynomial-time quantum distinguishers on Type-1 GFS in quantum
chosen-plaintext attack (qCPA) setting and quantum chosen-ciphertext attack (qCCA) setting.
In qCPA setting, we give new quantum polynomial-time distinguishers on -round Type-1 GFS with branches , which gain more rounds than the previous distinguishers. Hence, we could get better key-recovery attacks, whose time complexities gain a factor of .
In qCCA setting, we get -round quantum distinguishers on Type-1 GFS, which gain more rounds than the previous distinguishers.
In addition,
we give some quantum attacks on CAST-256 block cipher. We find 12-round and 13-round polynomial-time quantum distinguishers in qCPA and qCCA settings, respectively, while the best previous one is only 7 rounds.
Hence, we could derive quantum key-recovery attack on 19-round CAST-256. While the best previous quantum key-recovery attack is on 16 rounds. When comparing our quantum attacks with classical attacks, our result also reaches 16 rounds on CAST-256 with 128-bit key under a competitive complexity
- …