17,963 research outputs found
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Revisited fluorine abundances in the globular cluster M22 (NGC 6656)
Fluorine is a fairly good tracer of formation histories of multiple stellar
populations in globular clusters as already revealed by several studies. Large
variations in fluorine abundance in red giant stars of the globular cluster M22
have been recently reported by two different groups. Futhermore, one of these
studies claims that the abundance of fluorine is anti-correlated with sodium
abundances in this cluster, leading to strong conclusions on the chemical
history of M22. To validate this important finding, we re-examine the F
abundance determinations of some of the previously studied stars. We have thus
reanalysed some high-resolution VLT/CRIRES spectra of RGB stars found in M22 in
order to re-estimate their fluorine abundance from the spectral synthesis of
the HF line at 2.336microns. Unlike what has been previously estimated, we show
that only upper limits or doubtful fluorine abundances with large uncertainties
in M22 RGB stars can be derived. This is probably caused by an incorrect
identification of continuum fluctuations as the HF signature combined with a
wrong correction of the stellar radial velocity. Such continuum fluctuations
could be the consequences of telluric residuals that are still present in the
analysed spectra. Therefore, no definitive conclusions on the chemical
pollution caused by the M22 first stellar generation can presently be drawn
from the fluorine content of this cluster.Comment: A&A, in pres
Anonymous Single-Sign-On for n designated services with traceability
Anonymous Single-Sign-On authentication schemes have been proposed to allow
users to access a service protected by a verifier without revealing their
identity which has become more important due to the introduction of strong
privacy regulations. In this paper we describe a new approach whereby anonymous
authentication to different verifiers is achieved via authorisation tags and
pseudonyms. The particular innovation of our scheme is authentication can only
occur between a user and its designated verifier for a service, and the
verification cannot be performed by any other verifier. The benefit of this
authentication approach is that it prevents information leakage of a user's
service access information, even if the verifiers for these services collude
which each other. Our scheme also supports a trusted third party who is
authorised to de-anonymise the user and reveal her whole services access
information if required. Furthermore, our scheme is lightweight because it does
not rely on attribute or policy-based signature schemes to enable access to
multiple services. The scheme's security model is given together with a
security proof, an implementation and a performance evaluation.Comment: 3
Dining Cryptographers are Practical
The dining cryptographers protocol provides information-theoretically secure
sender and recipient untraceability. However, the protocol is considered to be
impractical because a malicious participant may disrupt the communication. We
propose an implementation which provides information-theoretical security for
senders and recipients, and in which a disruptor with limited computational
capabilities can easily be detected.Comment: 12 page
Public-Key Encryption with Delegated Search
In public-key setting, Alice encrypts email with public key of Bob, so that only Bob will be able to learn contents of email. Consider scenario when computer of Alice is infected and unbeknown to Alice it also embeds malware into message. Bob's company, Carol, cannot scan his email for malicious content as it is encrypted so burden is on Bob to do scan. This is not efficient. We construct mechanism that enables Bob to provide trapdoors to Carol such that Carol, given encrypted data and malware signature, is able to check whether encrypted data contains malware signature, without decrypting it. We refer to this mechanism as Public-Key Encryption with Delegated Search SPKE.\ud
\ud
We formalize SPKE and give construction based on ElGamal public-key encryption (PKE). proposed scheme has ciphertexts which are both searchable and decryptable. This property of scheme is crucial since entity can search entire content of message, in contrast to existing searchable public-key encryption schemes where search is done only in metadata part. We prove in standard model that scheme is ciphertext indistinguishable and trapdoor indistinguishable under Symmetric External Diffie-Hellman (sxdh) assumption. We prove also ciphertext one-wayness of scheme under modified Computational Diffie-Hellman (mcdh) assumption. We show that our PKEDS scheme can be used in different applications such as detecting encrypted malwares and forwarding encrypted emails
Monitoring Challenges and Approaches for P2P File-Sharing Systems
Since the release of Napster in 1999, P2P file-sharing has enjoyed a dramatic rise in popularity. A 2000 study by Plonka on the University of Wisconsin campus network found that file-sharing accounted for a comparable volume of traffic to HTTP, while a 2002 study by Saroiu et al. on the University of Washington campus network found that file-sharing accounted for more than treble the volume of Web traffic observed, thus affirming the significance of P2P in the context of Internet traffic. Empirical studies of P2P traffic are essential for supporting the design of next-generation P2P systems, informing the provisioning of network infrastructure and underpinning the policing of P2P systems. The latter is of particular significance as P2P file-sharing systems have been implicated in supporting criminal behaviour including copyright infringement and the distribution of illegal pornograph
An Identity-Based Group Signature with Membership Revocation in the Standard Model
Group signatures allow group members to sign an arbitrary number\ud
of messages on behalf of the group without revealing their\ud
identity. Under certain circumstances the group manager holding a\ud
tracing key can reveal the identity of the signer from the\ud
signature. Practical group signature schemes should support\ud
membership revocation where the revoked member loses the\ud
capability to sign a message on behalf of the group without\ud
influencing the other non-revoked members. A model known as\ud
\emph{verifier-local revocation} supports membership revocation.\ud
In this model the trusted revocation authority sends revocation\ud
messages to the verifiers and there is no need for the trusted\ud
revocation authority to contact non-revoked members to update\ud
their secret keys. Previous constructions of verifier-local\ud
revocation group signature schemes either have a security proof in the\ud
random oracle model or are non-identity based. A security proof\ud
in the random oracle model is only a heuristic proof and\ud
non-identity-based group signature suffer from standard Public Key\ud
Infrastructure (PKI) problems, i.e. the group public key is not\ud
derived from the group identity and therefore has to be certified.\ud
\ud
\ud
In this work we construct the first verifier-local revocation group\ud
signature scheme which is identity-based and which has a security proof in the standard model. In\ud
particular, we give a formal security model for the proposed\ud
scheme and prove that the scheme has the\ud
property of selfless-anonymity under the decision Linear (DLIN)\ud
assumption and it is fully-traceable under the\ud
Computation Diffie-Hellman (CDH) assumption. The proposed scheme is based on prime order bilinear\ud
groups
- ā¦