EFFICIENT AND SCALABLE NETWORK SECURITY PROTOCOLS BASED ON LFSR SEQUENCES

The gap between abstract, mathematics-oriented research in cryptography and the engineering approach of designing practical, network security protocols is widening. Network researchers experiment with well-known cryptographic protocols suitable for different network models. On the other hand, researchers inclined toward theory often design cryptographic schemes without considering the practical network constraints. The goal of this dissertation is to address problems in these two challenging areas: building bridges between practical network security protocols and theoretical cryptography. This dissertation presents techniques for building performance sensitive security protocols, using primitives from linear feedback register sequences (LFSR) sequences, for a variety of challenging networking applications. The significant contributions of this thesis are: 1. A common problem faced by large-scale multicast applications, like real-time news feeds, is collecting authenticated feedback from the intended recipients. We design an efficient, scalable, and fault-tolerant technique for combining multiple signed acknowledgments into a single compact one and observe that most signatures (based on the discrete logarithm problem) used in previous protocols do not result in a scalable solution to the problem. 2. We propose a technique to authenticate on-demand source routing protocols in resource-constrained wireless mobile ad-hoc networks. We develop a single-round multisignature that requires no prior cooperation among nodes to construct the multisignature and supports authentication of cached routes. 3. We propose an efficient and scalable aggregate signature, tailored for applications like building efficient certificate chains, authenticating distributed and adaptive content management systems and securing path-vector routing protocols. 4. We observe that blind signatures could form critical building blocks of privacypreserving accountability systems, where an authority needs to vouch for the legitimacy of a message but the ownership of the message should be kept secret from the authority. We propose an efficient blind signature that can serve as a protocol building block for performance sensitive, accountability systems. All special forms digital signatures—aggregate, multi-, and blind signatures—proposed in this dissertation are the first to be constructed using LFSR sequences. Our detailed cost analysis shows that for a desired level of security, the proposed signatures outperformed existing protocols in computation cost, number of communication rounds and storage overhead

Key improvements to XTR

This paper describes improved methods for XTR key representation and parameter generation (Lenstra et al., 2000). If the field characteristic is properly chosen, the size of the XTR public key for signature applications can be reduced by a factor of three at the cost of a small one time computation for the recipient of the key. Furthermore, the parameter set-up for an XTR system can be simplified because the trace of a proper subgroup generator can, with very high probability, be computed directly, thus avoiding the probabilistic approach from Lenstra. These non-trivial extensions further enhance the practical potential of XT

On Small Degree Extension Fields in Cryptology

This thesis studies the implications of using public key cryptographic primitives that are based in, or map to, the multiplicative group of finite fields with small extension degree. A central observation is that the multiplicative group of extension fields essentially decomposes as a product of algebraic tori, whose properties allow for improved communication efficiency. Part I of this thesis is concerned with the constructive implications of this idea. Firstly, algorithms are developed for the efficient implementation of torus-based cryptosystems and their performance compared with previous work. It is then shown how to apply these methods to operations required in low characteristic pairing-based cryptography. Finally, practical schemes for high-dimensional tori are discussed. Highly optimised implementations and benchmark timings are provided for each of these systems. Part II addresses the security of the schemes presented in Part I, i.e., the hardness of the discrete logarithm problem. Firstly, an heuristic analysis of the effectiveness of the Function Field Sieve in small characteristic is given. Next presented is an implementation of this algorithm for characteristic three fields used in pairing-based cryptography. Finally, a new index calculus algorithm for solving the discrete logarithm problem on algebraic tori is described and analysed

Generalizations of the Diffie-Hellman protocol : exposition and implementation

A generalisation of the Diffie-Hellman protocol is studied in this dissertation. In the generalisation polynomials are used to reduce the representation size of a public key and linear shift registers for more efficient computations. These changes are important for the implementation of the protocol in con- strained environments. The security of the Diffie-Hellman protocol and its generalisation is based on the same computations problems. Lastly three examples of the generalisation and their implementation are discussed. For two of the protocols, models are given to predict the execution time and it is determined how well these model predictions are.Dissertation (MSc (Applied Mathematics))--University of Pretoria, 2007.Mathematics and Applied MathematicsMScunrestricte

Pairings on hyperelliptic curves with a real model

We analyse the efficiency of pairing computations on hyperelliptic curves given by a real model using a balanced divisor at infinity. Several optimisations are proposed and analysed. Genus two curves given by a real model arise when considering pairing friendly groups of order dividing $p^{2}-p+1$. We compare the performance of pairings on such groups in both elliptic and hyperelliptic versions. We conclude that pairings can be efficiently computable in real models of hyperelliptic curves

Cryptographic Pairings: Efficiency and DLP security

This thesis studies two important aspects of the use of pairings in cryptography, efficient algorithms and security. Pairings are very useful tools in cryptography, originally used for the cryptanalysis of elliptic curve cryptography, they are now used in key exchange protocols, signature schemes and Identity-based cryptography. This thesis comprises of two parts: Security and Efficient Algorithms. In Part I: Security, the security of pairing-based protocols is considered, with a thorough examination of the Discrete Logarithm Problem (DLP) as it occurs in PBC. Results on the relationship between the two instances of the DLP will be presented along with a discussion about the appropriate selection of parameters to ensure particular security level. In Part II: Efficient Algorithms, some of the computational issues which arise when using pairings in cryptography are addressed. Pairings can be computationally expensive, so the Pairing-Based Cryptography (PBC) research community is constantly striving to find computational improvements for all aspects of protocols using pairings. The improvements given in this section contribute towards more efficient methods for the computation of pairings, and increase the efficiency of operations necessary in some pairing-based protocol

Advances in Monte Carlo methods: exponentially tilted sequential proposal distributions and regenerative Markov chain samplers

Inference for Bayesian models often require one to simulate from some non-standard multivariate probability distributions. In the first part of the thesis, we successfully simulate exactly from certain Bayesian posteriors (the Tobit, the constrained linear regression, smoothing spline, and the Lasso) by applying rejection sampling using exponentially tilted sequential proposal distributions. This technique is typically efficient for posteriors which have the form of truncated multivariate normal/student. In this manner, we are able to simulate exactly from the posterior in hundreds of dimensions, which has until now being unattainable. Due to the curse of dimensionality, these rejection schemes are unfortunately bound to fail as the dimensions of the problems grow. In such cases, one ultimately has to resort to approximate MCMC schemes. It is known that the sampling error of a Markov chain can be a lot easier if we can identify the regeneration times for the Markov chain. In particular, the convergence rate of a geometrically ergodic Markov chain can be estimated if one can identify the underlying regeneration events. While the idea of using regeneration in the error analysis of MCMC is not new, our contribution in the second part of the thesis is to provide simpler estimates of the total variation error, and a new graphical diagnostic with strong theoretical justification. Finally, in the third part of the thesis, we consider the exponentially tilted sequential distributions in part one as proposal distributions for the MCMC samplers in part two. We introduce a novel Reject-Regenerate sampler, which combines the lessons learned about exact sampling and regenerative MCMC into a single framework. The resulting MCMC algorithm is a Markov chain with clearly demarcated regeneration events. Moreover, in the event of a regeneration, the Markov chain achieves a perfect draw with some probability