38 research outputs found
A New Lattice-Based Cryptosystem Mixed with a Knapsack
In this paper, we present a new lattice-based public-key
cryptosystem mixed with a knapsack, which has reasonable key size
and quick encryption and decryption. The module strategy in our
cryptosystem can also be used to construct a framework for some
GGH-type cryptosystems to improve their security
Public key cryptosystems : theory, application and implementation
The determination of an individual's right to privacy is mainly a nontechnical matter, but the pragmatics of providing it is the central concern of the cryptographer. This thesis has sought answers to some of the outstanding issues in cryptography. In particular, some of the theoretical, application and implementation problems associated with a Public Key Cryptosystem (PKC).The Trapdoor Knapsack (TK) PKC is capable of fast throughput, but suffers from serious disadvantages. In chapter two a more general approach to the TK-PKC is described, showing how the public key size can be significantly reduced. To overcome the security limitations a new trapdoor was described in chapter three. It is based on transformations between the radix and residue number systems.Chapter four considers how cryptography can best be applied to multi-addressed packets of information. We show how security or communication network structure can be used to advantage, then proposing a new broadcast cryptosystem, which is more generally applicable.Copyright is traditionally used to protect the publisher from the pirate. Chapter five shows how to protect information when in easily copyable digital format.Chapter six describes the potential and pitfalls of VLSI, followed in chapter seven by a model for comparing the cost and performance of VLSI architectures. Chapter eight deals with novel architectures for all the basic arithmetic operations. These architectures provide a basic vocabulary of low complexity VLSI arithmetic structures for a wide range of applications.The design of a VLSI device, the Advanced Cipher Processor (ACP), to implement the RSA algorithm is described in chapter nine. It's heart is the modular exponential unit, which is a synthesis of the architectures in chapter eight. The ACP is capable of a throughput of 50 000 bits per second
Mixed-radix Naccache-Stern encryption
In this work we explore a combinatorial optimization problem stemming from the Naccache-Stern cryptosystem. We show that solving this problem results in bandwidth improvements, and suggest
a polynomial-time approximation algorithm to find an optimal solution.
Our work suggests that
using optimal radix encoding results in an asymptotic 50% increase in bandwidth
Computational Indistinguishability between Quantum States and Its Cryptographic Application
We introduce a computational problem of distinguishing between two specific
quantum states as a new cryptographic problem to design a quantum cryptographic
scheme that is "secure" against any polynomial-time quantum adversary. Our
problem, QSCDff, is to distinguish between two types of random coset states
with a hidden permutation over the symmetric group of finite degree. This
naturally generalizes the commonly-used distinction problem between two
probability distributions in computational cryptography. As our major
contribution, we show that QSCDff has three properties of cryptographic
interest: (i) QSCDff has a trapdoor; (ii) the average-case hardness of QSCDff
coincides with its worst-case hardness; and (iii) QSCDff is computationally at
least as hard as the graph automorphism problem in the worst case. These
cryptographic properties enable us to construct a quantum public-key
cryptosystem, which is likely to withstand any chosen plaintext attack of a
polynomial-time quantum adversary. We further discuss a generalization of
QSCDff, called QSCDcyc, and introduce a multi-bit encryption scheme that relies
on similar cryptographic properties of QSCDcyc.Comment: 24 pages, 2 figures. We improved presentation, and added more detail
proofs and follow-up of recent wor
Cryptanalysis of McEliece Cryptosystem Based on Algebraic Geometry Codes and their subcodes
We give polynomial time attacks on the McEliece public key cryptosystem based
either on algebraic geometry (AG) codes or on small codimensional subcodes of
AG codes. These attacks consist in the blind reconstruction either of an Error
Correcting Pair (ECP), or an Error Correcting Array (ECA) from the single data
of an arbitrary generator matrix of a code. An ECP provides a decoding
algorithm that corrects up to errors, where denotes
the designed distance and denotes the genus of the corresponding curve,
while with an ECA the decoding algorithm corrects up to
errors. Roughly speaking, for a public code of length over ,
these attacks run in operations in for the
reconstruction of an ECP and operations for the reconstruction of an
ECA. A probabilistic shortcut allows to reduce the complexities respectively to
and . Compared to the
previous known attack due to Faure and Minder, our attack is efficient on codes
from curves of arbitrary genus. Furthermore, we investigate how far these
methods apply to subcodes of AG codes.Comment: A part of the material of this article has been published at the
conferences ISIT 2014 with title "A polynomial time attack against AG code
based PKC" and 4ICMCTA with title "Crypt. of PKC that use subcodes of AG
codes". This long version includes detailed proofs and new results: the
proceedings articles only considered the reconstruction of ECP while we
discuss here the reconstruction of EC
Good Gottesman-Kitaev-Preskill codes from the NTRU cryptosystem
We introduce a new class of random Gottesman-Kitaev-Preskill (GKP) codes
derived from the cryptanalysis of the so-called NTRU cryptosystem. The derived
codes are good in that they exhibit constant rate and average distance scaling
with high probability, where is the number of
bosonic modes, which is a distance scaling equivalent to that of a GKP code
obtained by concatenating single mode GKP codes into a qubit-quantum error
correcting code with linear distance. The derived class of NTRU-GKP codes has
the additional property that decoding for a stochastic displacement noise model
is equivalent to decrypting the NTRU cryptosystem, such that every random
instance of the code naturally comes with an efficient decoder. This
construction highlights how the GKP code bridges aspects of classical error
correction, quantum error correction as well as post-quantum cryptography. We
underscore this connection by discussing the computational hardness of decoding
GKP codes and propose, as a new application, a simple public key quantum
communication protocol with security inherited from the NTRU cryptosystem.Comment: 23 pages, 10 figures, comments welcome! Version 2 has minor
correction
Cryptanalysis and Secure Implementation of Modern Cryptographic Algorithms
Cryptanalytic attacks can be divided into two classes: pure mathematical attacks and Side Channel Attacks (SCAs). Pure mathematical attacks are traditional cryptanalytic techniques that rely on known or chosen input-output pairs of the cryptographic function and exploit the inner structure of the cipher to reveal the secret key information. On the other hand, in SCAs, it is assumed that attackers have some access to the cryptographic device and can gain some information from its physical implementation.
Cold-boot attack is a SCA which exploits the data remanence property of Random Access Memory (RAM) to retrieve its content which remains readable shortly after its power has been removed. Fault analysis is another example of SCAs in which the attacker is assumed to be able to induce faults in the cryptographic device and observe the faulty output. Then, by careful inspection of faulty outputs, the attacker recovers the secret information, such as secret inner state or secret key. Scan-based Design-For-Test (DFT) is a widely deployed technique for testing hardware chips. Scan-based SCAs exploit the information obtained by analyzing the scanned data in order to retrieve secret information from cryptographic hardware devices that are designed with this testability feature.
In the first part of this work, we investigate the use of an off-the-shelf SAT solver, CryptoMinSat, to improve the key recovery of the Advance Encryption Standard (AES-128) key schedules from its corresponding decayed memory images which can be obtained using cold-boot attacks.
We also present a fault analysis on both NTRUEncrypt and NTRUSign cryptosystems. For this specific original instantiation of the NTRU encryption system with parameters , our attack succeeds with probability and when the number of faulted coefficients is upper bounded by , it requires polynomial inversions in . We also investigate several techniques to strengthen hardware implementations of NTRUEncrypt against this class of attacks. For NTRUSign with parameters (, , , \emph{standard}, ), when the attacker is able to skip the norm-bound signature checking step, our attack needs one fault to succeed with probability and requires steps when the number of faulted polynomial coefficients is upper bounded by . The attack is also applicable to NTRUSign utilizing the \emph{transpose} NTRU lattice but it requires double the number of fault injections. Different countermeasures against the proposed attack are also investigated.
Furthermore, we present a scan-based SCA on NTRUEncrypt hardware implementations that employ scan-based DFT techniques. Our attack determines the scan chain structure of the polynomial multiplication circuits used in the decryption algorithm which allows the cryptanalyst to efficiently retrieve the secret key.
Several key agreement schemes based on matrices were recently proposed. For example, \'{A}lvarez \emph{et al.} proposed a scheme in which the secret key is obtained by multiplying powers of block upper triangular matrices whose elements are defined over . Climent \emph{et al.} identified the elements of the endomorphisms ring with elements in a set, , of matrices of size , whose elements in the first row belong to and the elements in the second row belong to . Keith Salvin presented a key exchange protocol using matrices in the general linear group, , where is the product of two distinct large primes. The system is fully specified in the US patent number 7346162 issued in 2008. In the second part of this work, we present mathematical cryptanalytic attacks against these three schemes and show that they can be easily broken for all practical choices of their security parameters
How to Explain Modern Security Concepts to your Children
International audienceAt the main cryptography conference CRYPTO in 1989, Quisquater et al. published a paper showing how to explain the complex notion of zero-knowledge proof in a simpler way that children can understand. In the same line of work, we present simple and intuitive explanations of various modern security concepts and technologies, including symmetric encryption, public key encryption, homomorphic encryption, intruder models (CPA, CCA1, CCA2) and security properties (OW, IND, NM). The explanations given in this paper may also serve in demystifying such complex security notions for non-expert adults