1,379 research outputs found
Hard isogeny problems over RSA moduli and groups with infeasible inversion
We initiate the study of computational problems on elliptic curve isogeny
graphs defined over RSA moduli. We conjecture that several variants of the
neighbor-search problem over these graphs are hard, and provide a comprehensive
list of cryptanalytic attempts on these problems. Moreover, based on the
hardness of these problems, we provide a construction of groups with infeasible
inversion, where the underlying groups are the ideal class groups of imaginary
quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a
group element is required to be hard, while performing the group operation is
easy. Motivated by the potential cryptographic application of building a
directed transitive signature scheme, the search for a group with infeasible
inversion was initiated in the theses of Hohenberger and Molnar (2003). Later
it was also shown to provide a broadcast encryption scheme by Irrer et al.
(2004). However, to date the only case of a group with infeasible inversion is
implied by the much stronger primitive of self-bilinear map constructed by
Yamakawa et al. (2014) based on the hardness of factoring and
indistinguishability obfuscation (iO). Our construction gives a candidate
without using iO.Comment: Significant revision of the article previously titled "A Candidate
Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the
constructions by giving toy examples, added "The Parallelogram Attack" (Sec
5.3.2). 54 pages, 8 figure
Efficient methods to overcome Rabin cryptosystem decryption failure
Rabin cryptosystem is an efficient factoring-based scheme, however, its decryption produces 4-to-1 output, which leads to decryption failure. In this work, in order to overcome the 4-to-1 decryption problem for the Rabin cryptosystem, we propose two distinct methods using the modulus of the type N=p2q coupled with the restriction on the plaintext space M. In the first method, the plaintext space is limited to M ∈ Zpq. For the second method, we restrict the plaintext in the range of M ∈ (0,22n−2). Importantly, we prove that the decryption output of the proposed methods is unique and without decryption failure. The results in this work indicate that the decryption problem of Rabin cryptosystem is overcome
Smooth Number Message Authentication Code in the IoT Landscape
This paper presents the Smooth Number Message Authentication Code (SNMAC) for
the context of lightweight IoT devices. The proposal is based on the use of
smooth numbers in the field of cryptography, and investigates how one can use
them to improve the security and performance of various algorithms or security
constructs. The literature findings suggest that current IoT solutions are
viable and promising, yet they should explore the potential usage of smooth
numbers. The methodology involves several processes, including the design,
implementation, and results evaluation. After introducing the algorithm,
provides a detailed account of the experimental performance analysis of the
SNMAC solution, showcasing its efficiency in real-world scenarios. Furthermore,
the paper also explores the security aspects of the proposed SNMAC algorithm,
offering valuable insights into its robustness and applicability for ensuring
secure communication within IoT environments.Comment: 19 pages, 7 figure
Shared and Searchable Encrypted Data for Untrusted Servers
Current security mechanisms pose a risk for organisations that outsource their data management to untrusted servers. Encrypting and decrypting sensitive data at the client side is the normal approach in this situation but has high communication and computation overheads if only a subset of the data is required, for example, selecting records in a database table based on a keyword search. New cryptographic schemes have been proposed that support encrypted queries over encrypted data but all depend on a single set of secret keys, which implies single user access or sharing keys among multiple users, with key revocation requiring costly data re-encryption. In this paper, we propose an encryption scheme where each authorised user in the system has his own keys to encrypt and decrypt data. The scheme supports keyword search which enables the server to return only the encrypted data that satisfies an encrypted query without decrypting it. We provide two constructions of the scheme giving formal proofs of their security. We also report on the results of a prototype implementation.
This research was supported by the UK’s EPSRC research grant EP/C537181/1. The authors would like to thank the members of the Policy Research Group at Imperial College for their support
A kilobit hidden SNFS discrete logarithm computation
We perform a special number field sieve discrete logarithm computation in a
1024-bit prime field. To our knowledge, this is the first kilobit-sized
discrete logarithm computation ever reported for prime fields. This computation
took a little over two months of calendar time on an academic cluster using the
open-source CADO-NFS software. Our chosen prime looks random, and
has a 160-bit prime factor, in line with recommended parameters for the Digital
Signature Algorithm. However, our p has been trapdoored in such a way that the
special number field sieve can be used to compute discrete logarithms in
, yet detecting that p has this trapdoor seems out of reach.
Twenty-five years ago, there was considerable controversy around the
possibility of back-doored parameters for DSA. Our computations show that
trapdoored primes are entirely feasible with current computing technology. We
also describe special number field sieve discrete log computations carried out
for multiple weak primes found in use in the wild. As can be expected from a
trapdoor mechanism which we say is hard to detect, our research did not reveal
any trapdoored prime in wide use. The only way for a user to defend against a
hypothetical trapdoor of this kind is to require verifiably random primes
Security Estimates for Quadratic Field Based Cryptosystems
We describe implementations for solving the discrete logarithm problem in the
class group of an imaginary quadratic field and in the infrastructure of a real
quadratic field. The algorithms used incorporate improvements over
previously-used algorithms, and extensive numerical results are presented
demonstrating their efficiency. This data is used as the basis for
extrapolations, used to provide recommendations for parameter sizes providing
approximately the same level of security as block ciphers with
and -bit symmetric keys
Secure Data Provenance in Home Energy Monitoring Networks
Smart grid empowers home owners to efficiently manage their smart home appliances within a Home Area Network (HAN), by real time monitoring and fine-grained control. However, it offers the possibility for a malicious user to intrude into the HAN and deceive the smart metering system with fraudulent energy usage report. While most of the existing works have focused on how to prevent data tampering in HAN's communication channel, this paper looks into a relatively less studied security aspect namely data provenance. We propose a novel solution based on Shamir's secret sharing and threshold cryptography to guarantee that the reported energy usage is collected from the specific appliance as claimed at a particular location, and that it reflects the real consumption of the energy. A byproduct of the proposed security solution is a guarantee of data integrity. A prototype implementation is presented to demonstrate the feasibility and practicality of the proposed solution
A Survey on Homomorphic Encryption Schemes: Theory and Implementation
Legacy encryption systems depend on sharing a key (public or private) among
the peers involved in exchanging an encrypted message. However, this approach
poses privacy concerns. Especially with popular cloud services, the control
over the privacy of the sensitive data is lost. Even when the keys are not
shared, the encrypted material is shared with a third party that does not
necessarily need to access the content. Moreover, untrusted servers, providers,
and cloud operators can keep identifying elements of users long after users end
the relationship with the services. Indeed, Homomorphic Encryption (HE), a
special kind of encryption scheme, can address these concerns as it allows any
third party to operate on the encrypted data without decrypting it in advance.
Although this extremely useful feature of the HE scheme has been known for over
30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE)
scheme, which allows any computable function to perform on the encrypted data,
was introduced by Craig Gentry in 2009. Even though this was a major
achievement, different implementations so far demonstrated that FHE still needs
to be improved significantly to be practical on every platform. First, we
present the basics of HE and the details of the well-known Partially
Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which
are important pillars of achieving FHE. Then, the main FHE families, which have
become the base for the other follow-up FHE schemes are presented. Furthermore,
the implementations and recent improvements in Gentry-type FHE schemes are also
surveyed. Finally, further research directions are discussed. This survey is
intended to give a clear knowledge and foundation to researchers and
practitioners interested in knowing, applying, as well as extending the state
of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the
survey that is being submitted to ACM CSUR and has been uploaded to arXiv for
feedback from stakeholder
- …