Security Flaws in Several Group Signatures Proposed by Popescu

In resent years, Popescu proposed several group signature schemes based on the Okamoto-Shiraishi assumption in [8-11], and claimed his schemes are secure. However, this paper demonstrates that all these schemes are insecure by identifying some security flaws. Exploiting these flaws, an attacker without any secret can mount universally forging attacks. That is, anybody (not necessarily a group member) can forge valid group signatures on arbitrary messages of his/her choice

On the Security of the PKCS#1 v1.5 Signature Scheme

The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that verification of signatures is significantly faster than for DSA or ECDSA. Despite the huge practical importance of RSA PKCS#1 v1.5 signatures, providing formal evidence for their security based on plausible cryptographic hardness assumptions has turned out to be very difficult. Therefore the most recent version of PKCS#1 (RFC 8017) even recommends a replacement the more complex and less efficient scheme RSA-PSS, as it is provably secure and therefore considered more robust. The main obstacle is that RSA PKCS#1 v1.5 signatures use a deterministic padding scheme, which makes standard proof techniques not applicable. We introduce a new technique that enables the first security proof for RSA-PKCS#1 v1.5 signatures. We prove full existential unforgeability against adaptive chosen-message attacks (EUF-CMA) under the standard RSA assumption. Furthermore, we give a tight proof under the Phi-Hiding assumption. These proofs are in the random oracle model and the parameters deviate slightly from the standard use, because we require a larger output length of the hash function. However, we also show how RSA-PKCS#1 v1.5 signatures can be instantiated in practice such that our security proofs apply. In order to draw a more complete picture of the precise security of RSA PKCS#1 v1.5 signatures, we also give security proofs in the standard model, but with respect to weaker attacker models (key-only attacks) and based on known complexity assumptions. The main conclusion of our work is that from a provable security perspective RSA PKCS#1 v1.5 can be safely used, if the output length of the hash function is chosen appropriately

On the Optimality of Lattices for the Coppersmith Technique

We investigate a method for finding small integer solutions of a univariate modular equation, that was introduced by Coppersmith and extended by May. We will refer this method as the Coppersmith technique. This paper provides a way to analyze a general limitations of the lattice construction for the Coppersmith technique. Our analysis upper bounds the possible range of $U$ that is asymptotically equal to the bound given by the original result of Coppersmith and May. This means that they have already given the best lattice construction. In addition, we investigate the optimality for the bivariate equation to solve the small inverse problem, which was inspired by Kunihiro\u27s argument. In particular, we show the optimality for the Boneh-Durfee\u27s equation used for RSA cryptoanalysis, To show our results, we establish framework for the technique by following the relation of Howgrave-Graham, and then concretely define the conditions in which the technique succeed and fails. We then provide a way to analyze the range of $U$ that satisfies these conditions. Technically, we show that the original result of Coppersmith achieves the optimal bound for $U$ when constructing a lattice in the standard way. We then provide evidence which indicates that constructing a non-standard lattice is generally difficult

Cryptographic Enforcement of Attribute-based Authentication

Doktorgradsavhandling,This dissertation investigates on the cryptographic enforcement about attributebased authentication (ABA) schemes. ABA is an approach to authenticate users via attributes, which are properties of users to be authenticated, environment conditions such as time and locations. By using attributes in place of users’ identity information, ABA can provide anonymous authentication, or more specifically, ABA enables to keep users anonymous from their authenticators. In addition, the property of least information leakage provides better protection for users’ privacy compared with public key based authentication approaches. These properties make it possible to apply ABA schemes in privacy preserving scenarios, for instance, cloud-based applications. The most important security requirements of ABA schemes consist of anonymity, traceability, unforgeability, unlinkability and collision resistance. In this dissertation, we combine these security requirements with other properties such as hierarchy to divide ABA schemes into different categories, based on which we use examples to demonstrate how to construct these schemes cryptographically. The main contributions of this dissertation include the following aspects: We categorize ABA schemes into different types and describe their structures as well as workflows, such that readers can gain a big picture and a clear view of different ABA schemes and their relations. This categorization serves as a guideline how to design and construct ABA schemes. We provide two examples to demonstrate how to construct ciphertext-policy attribute-based authentication (CP-ABA) schemes via two different approaches. Different from key-policy attribute-based authentication (KP-ABA) schemes, attribute keys generated in CP-ABA schemes are comparatively independent of relations among attributes. Thus compared with KP-ABA, CP-ABA extends the flexibility and usage scope of ABA schemes. We extend the core ABA schemes to hierarchical ABA (HABA) schemes by adding the property of hierarchy. Then we propose two different types of hierarchical structures, i.e., user related hierarchical ABA (U-HABA) and attribute related hierarchical ABA (A-HABA). According to these two hierarchical structures, an example is provided for each type to show how to use cryptographic primitives to build HABA schemes. All ABA schemes discussed above and proposed in this dissertation can be implemented to assist users to achieve anonymous authentication from their authenticators. Therefore, these schemes can offer more opportunities to protect users’ privacy, for example, in attribute-based access control (ABAC) and cloud-based services

SYNTHESIS AND STRUCTURE-PROPERTY STUDIES OF ORGANIC MATERIALS CONTAINING FLUORINATED AND NON-FLUORINATED # SYSTEMS (SMALL MOLECULES AND POLYMERS)

Loline alkaloids (LA) are secondary metabolites produced by Epichloandamp;euml; (anamorph, Neotyphodium) grass endophytes. They are toxic and deterrent to a broad range of herbivorous insects but not to livestock. This protective bioactivity has spurred considerable research into the LA biosynthetic pathway. LOL, the gene cluster containing nine genes, is required for LA biosynthesis. The regulation of LOL genes during LA production in culture and in symbio is of interest. In this study, coordinate regulation between LOL gene expression and LA production level was investigated in both MM culture and symbiota. Results showed that expression of LOL genes in N. uncinatum MM culture were tightly correlated with each other (p andamp;lt; 0.0005), and all presented a significant temporal quadratic pattern during LA production. Gene expression started before LA were detectable, and increased while LA accumulated. The highest gene expression level was reached before the highest amounts of LA were detected, and gene expression level declined to a very low level after amounts of LA plateaued. Observations suggested that the hierarchical clusters based on the correlation coefficient could help to predict the roles of LOL genes in the LA pathway. In symbiota, coordinate coregulation of LOL gene expression with LA was found in E. festucae-meadow fescue inflorescences and stromata, whereby lower LOL gene expression corresponded with the lower LA level in stromata. In N. uncinatum (or N. siegelii)-meadow fescue vegetative tissues, dramatically higher LA levels were found in younger leaf tissue than in older leaf tissue, yet no evidence was found to relate this difference to LOL gene expression differences. Instead, substrate availability may regulate the LA level. In particular, asparagine was more than 10-fold higher in young leaf tissue than in old tissue, although proline was significantly lower in young tissue. Therefore, different regulatory mechanisms underlie LOL gene expression and LA production in different circumstances. The GUS activity of Pro-lolC2-GUS and Pro-lolA2-GUS in Neotyphodium species was almost undetectable in culture, though the activity could be detected in symbiota. The mRNA of GUS did not exhibit the same pattern as lolC2 or lolA2 in culture during LA production time course. A Pro-lolC2-cre transgene was expressed in complex medium, in which lolC2 mRNA was not detectable. These results suggest that proper regulation of LOL genes in culture or symbiota is dependent on the LOL cluster