719 research outputs found
A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM
Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a
number of applications, in particular, as an essential building block for
two-party and multi-party computation. We construct a round-optimal (2 rounds)
universally composable (UC) protocol for oblivious transfer secure against
active adaptive adversaries from any OW-CPA secure public-key encryption scheme
with certain properties in the random oracle model (ROM). In terms of
computation, our protocol only requires the generation of a public/secret-key
pair, two encryption operations and one decryption operation, apart from a few
calls to the random oracle. In~terms of communication, our protocol only
requires the transfer of one public-key, two ciphertexts, and three binary
strings of roughly the same size as the message. Next, we show how to
instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE,
and CDH assumptions. Our instantiations based on the low noise LPN, McEliece,
and QC-MDPC assumptions are the first UC-secure OT protocols based on coding
assumptions to achieve: 1) adaptive security, 2) optimal round complexity, 3)
low communication and computational complexities. Previous results in this
setting only achieved static security and used costly cut-and-choose
techniques.Our instantiation based on CDH achieves adaptive security at the
small cost of communicating only two more group elements as compared to the
gap-DH based Simplest OT protocol of Chou and Orlandi (Latincrypt 15), which
only achieves static security in the ROM
Homomorphic Data Isolation for Hardware Trojan Protection
The interest in homomorphic encryption/decryption is increasing due to its
excellent security properties and operating facilities. It allows operating on
data without revealing its content. In this work, we suggest using homomorphism
for Hardware Trojan protection. We implement two partial homomorphic designs
based on ElGamal encryption/decryption scheme. The first design is a
multiplicative homomorphic, whereas the second one is an additive homomorphic.
We implement the proposed designs on a low-cost Xilinx Spartan-6 FPGA. Area
utilization, delay, and power consumption are reported for both designs.
Furthermore, we introduce a dual-circuit design that combines the two earlier
designs using resource sharing in order to have minimum area cost. Experimental
results show that our dual-circuit design saves 35% of the logic resources
compared to a regular design without resource sharing. The saving in power
consumption is 20%, whereas the number of cycles needed remains almost the sam
Good Gottesman-Kitaev-Preskill codes from the NTRU cryptosystem
We introduce a new class of random Gottesman-Kitaev-Preskill (GKP) codes
derived from the cryptanalysis of the so-called NTRU cryptosystem. The derived
codes are good in that they exhibit constant rate and average distance scaling
with high probability, where is the number of
bosonic modes, which is a distance scaling equivalent to that of a GKP code
obtained by concatenating single mode GKP codes into a qubit-quantum error
correcting code with linear distance. The derived class of NTRU-GKP codes has
the additional property that decoding for a stochastic displacement noise model
is equivalent to decrypting the NTRU cryptosystem, such that every random
instance of the code naturally comes with an efficient decoder. This
construction highlights how the GKP code bridges aspects of classical error
correction, quantum error correction as well as post-quantum cryptography. We
underscore this connection by discussing the computational hardness of decoding
GKP codes and propose, as a new application, a simple public key quantum
communication protocol with security inherited from the NTRU cryptosystem.Comment: 23 pages, 10 figures, comments welcome! Version 2 has minor
correction
Good Gottesman-Kitaev-Preskill codes from the NTRU cryptosystem
We introduce a new class of random Gottesman-Kitaev-Preskill (GKP) codes derived from the cryptanalysis of the so-called NTRU cryptosystem. The derived codes are good in that they exhibit constant rate and average distance scaling Îâân with high probability, where n is the number of bosonic modes, which is a distance scaling equivalent to that of a GKP code obtained by concatenating single mode GKP codes into a qubit-quantum error correcting code with linear distance. The derived class of NTRU-GKP codes has the additional property that decoding for a stochastic displacement noise model is equivalent to decrypting the NTRU cryptosystem, such that every random instance of the code naturally comes with an efficient decoder. This construction highlights how the GKP code bridges aspects of classical error correction, quantum error correction as well as post-quantum cryptography. We underscore this connection by discussing the computational hardness of decoding GKP codes and propose, as a new application, a simple public key quantum communication protocol with security inherited from the NTRU cryptosystem
Cryptography based on the Hardness of Decoding
This thesis provides progress in the fields of for lattice and coding based cryptography. The first contribution consists of constructions of IND-CCA2 secure public key cryptosystems from both the McEliece and the low noise learning parity with noise assumption. The second contribution is a novel instantiation of the lattice-based learning with errors problem which uses uniform errors
Vulnerability Assessment and Privacy-preserving Computations in Smart Grid
Modern advances in sensor, computing, and communication technologies enable various smart grid applications which highlight the vulnerability that requires novel approaches to the field of cybersecurity. While substantial numbers of technologies have been adopted to protect cyber attacks in smart grid, there lacks a comprehensive review of the implementations, impacts, and solutions of cyber attacks specific to the smart grid.In this dissertation, we are motivated to evaluate the security requirements for the smart grid which include three main properties: confidentiality, integrity, and availability. First, we review the cyber-physical security of the synchrophasor network, which highlights all three aspects of security issues. Taking the synchrophasor network as an example, we give an overview of how to attack a smart grid network. We test three types of attacks and show the impact of each attack consisting of denial-of-service attack, sniffing attack, and false data injection attack.Next, we discuss how to protect against each attack. For protecting availability, we examine possible defense strategies for the associated vulnerabilities.For protecting data integrity, a small-scale prototype of secure synchrophasor network is presented with different cryptosystems. Besides, a deep learning based time-series anomaly detector is proposed to detect injected measurement. Our approach observes both data measurements and network traffic features to jointly learn system states and can detect attacks when state vector estimator fails.For protecting data confidentiality, we propose privacy-preserving algorithms for two important smart grid applications. 1) A distributed privacy-preserving quadratic optimization algorithm to solve Security Constrained Optimal Power Flow (SCOPF) problem. The SCOPF problem is decomposed into small subproblems using the Alternating Direction Method of Multipliers (ADMM) and gradient projection algorithms. 2) We use Paillier cryptosystem to secure the computation of the power system dynamic simulation. The IEEE 3-Machine 9-Bus System is used to implement and demonstrate the proposed scheme. The security and performance analysis of our implementations demonstrate that our algorithms can prevent chosen-ciphertext attacks at a reasonable cost
CRYSTALS - Kyber: A CCA-secure Module-Lattice-Based KEM
Rapid advances in quantum computing, together with the announcement by the National Institute of Standards and Technology (NIST) to define new standards for digital-signature, encryption, and key-establishment protocols, have created significant interest in post-quantum cryptographic schemes. This paper introduces Kyber (part of CRYSTALS - Cryptographic Suite for Algebraic Lattices - a package submitted to NIST post-quantum standardization effort in November 2017), a portfolio of post-quantum cryptographic primitives built around a key-encapsulation mechanism (KEM), based on hardness assumptions over module lattices. Our KEM is most naturally seen as a successor to the NEWHOPE KEM (Usenix 2016). In particular, the key and ciphertext sizes of our new construction are about half the size, the KEM offers CCA instead of only passive security, the security is based on a more general (and flexible) lattice problem, and our optimized implementation results in essentially the same running time as the aforementioned scheme. We first introduce a CPA-secure public-key encryption scheme, apply a variant of the Fujisaki-Okamoto transform to create a CCA-secure KEM, and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticated-key-exchange schemes. The security of our primitives is based on the hardness of Module-LWE in the classical and quantum random oracle models, and our concrete parameters conservatively target more than 128 bits of post-quantum security
A Framework for Efficient and Composable Oblivious Transfer
We propose a simple and general framework for constructing oblivious
transfer (OT) protocols that are \emph{efficient}, \emph{universally
composable}, and \emph{generally realizable} from a variety of
standard number-theoretic assumptions, including the decisional
Diffie-Hellman assumption, the quadratic residuosity assumption, and
\emph{worst-case} lattice assumptions.
Our OT protocols are round-optimal (one message each way), quite
efficient in computation and communication, and can use a single
common string for an unbounded number of executions. Furthermore, the
protocols can provide \emph{statistical} security to either the sender
or receiver, simply by changing the distribution of the common string.
For certain instantiations of the protocol, even a common
\emph{random} string suffices.
Our key technical contribution is a simple abstraction that we call a
\emph{dual-mode} cryptosystem. We implement dual-mode cryptosystems
by taking a unified view of several cryptosystems that have what we
call ``messy\u27\u27 public keys, whose defining property is that a
ciphertext encrypted under such a key carries \emph{no information}
(statistically) about the encrypted message.
As a contribution of independent interest, we also provide a multi-bit
version of Regev\u27s lattice-based cryptosystem (STOC 2005) whose time
and space efficiency are improved by a linear factor in the security
parameter . The amortized encryption and decryption time is only
bit operations per message bit, and the ciphertext
expansion can be made as small as a constant; the public key size and
underlying lattice assumption remain essentially the same
Frodo: Take off the ring! Practical, quantum-secure key exchange from LWE
Lattice-based cryptography offers some of the most attractive primitives believed to be resistant to quantum computers. Following increasing interest from both companies and government agencies in building quantum computers, a number of works have proposed instantiations of practical post-quantum key exchange protocols based on hard problems in ideal lattices, mainly based on the Ring Learning With Errors (R-LWE) problem. While ideal lattices facilitate major efficiency and storage benefits over their nonideal counterparts, the additional ring structure that enables these advantages also raises concerns about the assumed difficulty of the underlying problems. Thus, a question of significant interest to cryptographers, and especially to those currently placing bets on primitives that will withstand quantum adversaries, is how much of an advantage the additional ring structure actually gives in practice. Despite conventional wisdom that generic lattices might be too slow and unwieldy, we demonstrate that LWE-based key exchange is quite practical: our constant time implementation requires around 1.3ms computation time for each party; compared to the recent NewHope R-LWE scheme, communication sizes increase by a factor of 4.7Ă, but remain under 12 KiB in each direction. Our protocol is competitive when used for serving web pages over TLS; when partnered with ECDSA signatures, latencies increase by less than a factor of 1.6Ă, and (even under heavy load) server throughput only decreases by factors of 1.5Ă and 1.2Ă when serving typical 1 KiB and 100 KiB pages, respectively. To achieve these practical results, our protocol takes advantage of several innovations. These include techniques to optimize communication bandwidth, dynamic generation of public parameters (which also offers additional security against backdoors), carefully chosen error distributions, and tight security parameters
CRYSTALS - Kyber: A CCA-secure Module-Lattice-Based KEM
Rapid advances in quantum computing, together with the announcement by the National Institute of Standards and Technology (NIST) to define new standards for digitalsignature, encryption, and key-establishment protocols, have created significant interest in post-quantum cryptographic schemes. This paper introduces Kyber (part of CRYSTALS - Cryptographic Suite for Algebraic Lattices - a package submitted to NIST post-quantum standardization effort in November 2017), a portfolio of post-quantum cryptographic primitives built around a key-encapsulation mechanism (KEM), based on hardness assumptions over module lattices. Our KEM is most naturally seen as a successor to the NEWHOPE KEM (Usenix 2016). In particular, the key and ciphertext sizes of our new construction are about half the size, the KEM offers CCA instead of only passive security, the security is based on a more general (and flexible) lattice problem, and our optimized implementation results in essentially the same running time as the aforementioned scheme. We first introduce a CPA-secure public-key encryption scheme, apply a variant of the Fujisaki-Okamoto transform to create a CCA-secure KEM, and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticated-key-exchange schemes. The security of our primitives is based on the hardness of Module-LWE in the classical and quantum random oracle models, and our concrete parameters conservatively target more than 128 bits of postquantum security
- âŠ