406 research outputs found
Hard isogeny problems over RSA moduli and groups with infeasible inversion
We initiate the study of computational problems on elliptic curve isogeny
graphs defined over RSA moduli. We conjecture that several variants of the
neighbor-search problem over these graphs are hard, and provide a comprehensive
list of cryptanalytic attempts on these problems. Moreover, based on the
hardness of these problems, we provide a construction of groups with infeasible
inversion, where the underlying groups are the ideal class groups of imaginary
quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a
group element is required to be hard, while performing the group operation is
easy. Motivated by the potential cryptographic application of building a
directed transitive signature scheme, the search for a group with infeasible
inversion was initiated in the theses of Hohenberger and Molnar (2003). Later
it was also shown to provide a broadcast encryption scheme by Irrer et al.
(2004). However, to date the only case of a group with infeasible inversion is
implied by the much stronger primitive of self-bilinear map constructed by
Yamakawa et al. (2014) based on the hardness of factoring and
indistinguishability obfuscation (iO). Our construction gives a candidate
without using iO.Comment: Significant revision of the article previously titled "A Candidate
Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the
constructions by giving toy examples, added "The Parallelogram Attack" (Sec
5.3.2). 54 pages, 8 figure
Dynamic block encryption with self-authenticating key exchange
One of the greatest challenges facing cryptographers is the mechanism used
for key exchange. When secret data is transmitted, the chances are that there
may be an attacker who will try to intercept and decrypt the message. Having
done so, he/she might just gain advantage over the information obtained, or
attempt to tamper with the message, and thus, misguiding the recipient.
Both cases are equally fatal and may cause great harm as a consequence.
In cryptography, there are two commonly used methods of exchanging secret
keys between parties. In the first method, symmetric cryptography, the key is
sent in advance, over some secure channel, which only the intended recipient
can read. The second method of key sharing is by using a public key exchange
method, where each party has a private and public key, a public key is shared
and a private key is kept locally. In both cases, keys are exchanged between
two parties.
In this thesis, we propose a method whereby the risk of exchanging keys
is minimised. The key is embedded in the encrypted text using a process
that we call `chirp coding', and recovered by the recipient using a process
that is based on correlation. The `chirp coding parameters' are exchanged
between users by employing a USB flash memory retained by each user. If the
keys are compromised they are still not usable because an attacker can only
have access to part of the key. Alternatively, the software can be configured
to operate in a one time parameter mode, in this mode, the parameters
are agreed upon in advance. There is no parameter exchange during file
transmission, except, of course, the key embedded in ciphertext.
The thesis also introduces a method of encryption which utilises dynamic blocks, where the block size is different for each block. Prime numbers are
used to drive two random number generators: a Linear Congruential Generator
(LCG) which takes in the seed and initialises the system and a Blum-Blum
Shum (BBS) generator which is used to generate random streams to encrypt
messages, images or video clips for example. In each case, the key created is
text dependent and therefore will change as each message is sent.
The scheme presented in this research is composed of five basic modules. The
first module is the key generation module, where the key to be generated is
message dependent. The second module, encryption module, performs data
encryption. The third module, key exchange module, embeds the key into
the encrypted text. Once this is done, the message is transmitted and the
recipient uses the key extraction module to retrieve the key and finally the
decryption module is executed to decrypt the message and authenticate it.
In addition, the message may be compressed before encryption and decompressed
by the recipient after decryption using standard compression tools
A New Cross-Layer FPGA-Based Security Scheme for Wireless Networks
This chapter presents a new cross-layer security scheme which deploys efficient coding techniques in the physical layer in an upper layer classical cryptographic protocol system. The rationale in designing the new scheme is to enhance security-throughput trade-off in wireless networks which is in contrast to existing schemes which either enhances security at the detriment of data throughput or vice versa. The new scheme is implemented using the residue number system (RNS), non-linear convolutional coding and subband coding at the physical layer and RSA cryptography at the upper layers. The RNS reduces the huge data obtained from RSA cryptography into small parallel data. To increase the security level, iterated wavelet-based subband coding splits the ciphertext into different levels of decomposition. At subsequent levels of decomposition, the ciphertext from the preceding level serves as data for encryption using convolutional codes. In addition, throughput is enhanced by transmitting small parallel data and the bit error correction capability of non-linear convolutional code. It is shown that, various passive and active attacks common to wireless networks could be circumvented. An FPGA implementation applied to CDMA could fit into a single Virtex-4 FPGA due to small parallel data sizes employed
A Survey on Homomorphic Encryption Schemes: Theory and Implementation
Legacy encryption systems depend on sharing a key (public or private) among
the peers involved in exchanging an encrypted message. However, this approach
poses privacy concerns. Especially with popular cloud services, the control
over the privacy of the sensitive data is lost. Even when the keys are not
shared, the encrypted material is shared with a third party that does not
necessarily need to access the content. Moreover, untrusted servers, providers,
and cloud operators can keep identifying elements of users long after users end
the relationship with the services. Indeed, Homomorphic Encryption (HE), a
special kind of encryption scheme, can address these concerns as it allows any
third party to operate on the encrypted data without decrypting it in advance.
Although this extremely useful feature of the HE scheme has been known for over
30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE)
scheme, which allows any computable function to perform on the encrypted data,
was introduced by Craig Gentry in 2009. Even though this was a major
achievement, different implementations so far demonstrated that FHE still needs
to be improved significantly to be practical on every platform. First, we
present the basics of HE and the details of the well-known Partially
Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which
are important pillars of achieving FHE. Then, the main FHE families, which have
become the base for the other follow-up FHE schemes are presented. Furthermore,
the implementations and recent improvements in Gentry-type FHE schemes are also
surveyed. Finally, further research directions are discussed. This survey is
intended to give a clear knowledge and foundation to researchers and
practitioners interested in knowing, applying, as well as extending the state
of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the
survey that is being submitted to ACM CSUR and has been uploaded to arXiv for
feedback from stakeholder
New attacks on RSA with Moduli N = p^r q
International audienceWe present three attacks on the Prime Power RSA with mod-ulus N = p^r q. In the first attack, we consider a public exponent e satisfying an equation ex − φ(N)y = z where φ(N) = p^(r−1 )(p − 1)(q − 1). We show that one can factor N if the parameters |x| and |z| satisfy |xz| < N r(r−1) (r+1)/ 2 thereby extending the recent results of Sakar [16]. In the second attack, we consider two public exponents e1 and e2 and their corresponding private exponents d1 and d2. We show that one can factor N when d1 and d2 share a suitable amount of their most significant bits, that is |d1 − d2| < N r(r−1) (r+1) /2. The third attack enables us to factor two Prime Power RSA moduli N1 = p1^r q1 and N2 = p2^r q2 when p1 and p2 share a suitable amount of their most significant bits, namely, |p1 − p2| < p1/(2rq1 q2)
Public key exponent attacks on multi-prime power modulus using continued fraction expansion method
This paper proposes three public key exponent attacks of breaking the security of the prime power modulus =22 where and are distinct prime numbers of the same bit size. The first approach shows that the RSA prime power modulus =22 for q<<2q using key equation −()=1 where ()= 22(−1)(−1) can be broken by recovering the secret keys / from the convergents of the continued fraction expansion of e/−23/4 +1/2 . The paper also reports the second and third approaches of factoring multi-prime power moduli =2 2 simultaneously through exploiting generalized system of equations −()=1 and −()=1 respectively. This can be achieved in polynomial time through utilizing Lenstra Lenstra Lovasz (LLL) algorithm and simultaneous Diophantine approximations method for =1,2,…,
- …