Accelerating ID-based Encryption based on Trapdoor DL using Pre-computation

The existing identity-based encryption (IBE) schemes based on pairings require pairing computations in encryption or decryption algorithm and it is a burden to each entity which has restricted computing resources in mobile computing environments. An IBE scheme (MY-IBE) based on a trapdoor DL group for RSA setting is one of good alternatives for applying to mobile computing environments. However, it has a drawback for practical use, that the key generation algorithm spends a long time for generating a user\u27s private key since the key generation center has to solve a discrete logarithm problem. In this paper, we suggest a method to reduce the key generation time of the MY-IBE scheme, applying modified Pollard rho algorithm using significant pre-computation (mPAP). We also provide a rigorous analysis of the mPAP for more precise estimation of the key generation time and consider the parallelization and applying the tag tracing technique to reduce the wall-clock running time of the key generation algorithm. Finally, we give a parameter setup method for an efficient key generation algorithm and estimate key generation time for practical parameters from our theoretical analysis and experimental results on small parameters. Our estimation shows that it takes about two minutes using pre-computation for about 50 days with 27 GB storage to generate one user\u27s private key using the parallelized mPAP enhanced by the tag tracing technique with 100 processors

ECC2K-130 on NVIDIA GPUs

Abstract. Computations of small discrete logarithms are feasible even in "secure" groups, and are used as subroutines in several cryptographic protocols in the literature. For example, the Boneh-Goh-Nissim degree-2-homomorphic public-key encryption system uses generic square-root discrete-logarithm methods for decryption. This paper shows how to use a small group-specific table to accelerate these subroutines. The cost of setting up the table grows with the table size, but the acceleration also grows with the table size. This paper shows experimentally that computing a discrete logarithm in an interval of order takes only 1.93

Secure Session Framework: An Identity-based Cryptographic Key Agreement and Signature Protocol

Die vorliegende Dissertation beschäftigt sich mit der Methode der identitätsbasierten Verschlüsselung. Hierbei wird der Name oder die Identität eines Zielobjekts zum Verschlüsseln der Daten verwendet. Diese Eigenschaft macht diese Methode zu einem passenden Werkzeug für die moderne elektronische Kommunikation, da die dort verwendeten Identitäten oder Endpunktadressen weltweit eindeutig sein müssen. Das in der Arbeit entwickelte identitätsbasierte Schlüsseleinigungsprotokoll bietet Vorteile gegenüber existierenden Verfahren und eröffnet neue Möglichkeiten. Eines der Hauptmerkmale ist die komplette Unabhängigkeit der Schlüsselgeneratoren. Diese Unabhängigkeit ermöglicht es, dass verschiedene Sicherheitsdomänen ihr eigenes System aufsetzen können. Sie sind nicht mehr gezwungen, sich untereinander abzusprechen oder Geheimnisse auszutauschen. Auf Grund der Eigenschaften des Protokolls sind die Systeme trotzdem untereinander kompatibel. Dies bedeutet, dass Anwender einer Sicherheitsdomäne ohne weiteren Aufwand verschlüsselt mit Anwendern einer anderen Sicherheitsdomäne kommunizieren können. Die Unabhängigkeit wurde ebenfalls auf ein Signatur-Protokoll übertragen. Es ermöglicht, dass Benutzer verschiedener Sicherheitsdomänen ein Objekt signieren können, wobei auch der Vorgang des Signierens unabhängig sein kann. Neben dem Protokoll wurde in der Arbeit auch die Analyse von bestehenden Systemen durchgeführt. Es wurden Angriffe auf etablierte Protokolle und Vermutungen gefunden, die aufzeigen, ob oder in welchen Situationen diese nicht verwendet werden sollten. Dabei wurde zum einen eine komplett neue Herangehensweise gefunden, die auf der (Un-)Definiertheit von bestimmten Objekten in diskreten Räumen basiert. Zum anderen wurde die bekannte Analysemethode der Gitterreduktion benutzt und erfolgreich auf neue Bereiche übertragen. Schlussendlich werden in der Arbeit Anwendungsszenarien für das Protokoll vorgestellt, in denen dessen Vorteile besonders relevant sind. Das erste Szenario bezieht sich auf Telefonie, wobei die Telefonnummer einer Zielperson als Schlüssel verwendet. Sowohl GSM-Telefonie als auch VoIP-Telefonie werden in der Arbeit untersucht. Dafür wurden Implementierungen auf einem aktuellen Mobiltelefon durchgeführt und bestehende VoIP-Software erweitert. Das zweite Anwendungsbeispielsind IP-Netzwerke. Auch die Benutzung der IP-Adresse eines Rechners als Schlüssel ist ein gutes Beispiel, jedoch treten hier mehr Schwierigkeiten auf als bei der Telefonie. Es gibt beispielsweise dynamische IP-Adressen oder die Methode der textit{Network Address Translation}, bei der die IP-Adresse ersetzt wird. Diese und weitere Probleme wurden identifiziert und jeweils Lösungen erarbeitet

On Cryptographic Building Blocks and Transformations

Cryptographic building blocks play a central role in cryptography, e.g., encryption or digital signatures with their security notions. Further, cryptographic building blocks might be constructed modularly, i.e., emerge out of other cryptographic building blocks. Essentially, one cryptographically transforms the underlying block(s) and their (security) properties into the emerged block and its properties. This thesis considers cryptographic building blocks and new cryptographic transformations

Radioresistance in rhabdomyosarcomas: much more than a question of dose

Management of rhabdomyosarcoma (RMS), the most common soft tissue sarcoma in children, frequently accounting the genitourinary tract is complex and requires a multimodal therapy. In particular, as a consequence of the advancement in dose conformity technology, radiation therapy (RT) has now become the standard therapeutic option for patients with RMS. In the clinical practice, dose and timing of RT are adjusted on the basis of patients' risk stratification to reduce late toxicity and side effects on normal tissues. However, despite the substantial improvement in cure rates, local failure and recurrence frequently occur. In this review, we summarize the general principles of the treatment of RMS, focusing on RT, and the main molecular pathways and specific proteins involved into radioresistance in RMS tumors. Specifically, we focused on DNA damage/repair, reactive oxygen species, cancer stem cells, and epigenetic modifications that have been reported in the context of RMS neoplasia in both in vitro and in vivo studies. The precise elucidation of the radioresistance-related molecular mechanisms is of pivotal importance to set up new more effective and tolerable combined therapeutic approaches that can radiosensitize cancer cells to finally ameliorate the overall survival of patients with RMS, especially for the most aggressive subtypes

Radioresistance in rhabdomyosarcomas: Much more than a question of dose

Management of rhabdomyosarcoma (RMS), the most common soft tissue sarcoma in children, frequently accounting the genitourinary tract is complex and requires a multimodal therapy. In particular, as a consequence of the advancement in dose conformity technology, radiation therapy (RT) has now become the standard therapeutic option for patients with RMS. In the clinical practice, dose and timing of RT are adjusted on the basis of patients' risk stratification to reduce late toxicity and side effects on normal tissues. However, despite the substantial improvement in cure rates, local failure and recurrence frequently occur. In this review, we summarize the general principles of the treatment of RMS, focusing on RT, and the main molecular pathways and specific proteins involved into radioresistance in RMS tumors. Specifically, we focused on DNA damage/repair, reactive oxygen species, cancer stem cells, and epigenetic modifications that have been reported in the context of RMS neoplasia in both in vitro and in vivo studies. The precise elucidation of the radioresistance-related molecular mechanisms is of pivotal importance to set up new more effective and tolerable combined therapeutic approaches that can radiosensitize cancer cells to finally ameliorate the overall survival of patients with RMS, especially for the most aggressive subtypes

The Discrete-Logarithm Problem with Preprocessing

This paper studies discrete-log algorithms that use preprocessing. In our model, an adversary may use a very large amount of precomputation to produce an advice string about a specific group (e.g., NIST P-256). In a subsequent online phase, the adversary\u27s task is to use the preprocessed advice to quickly compute discrete logarithms in the group. Motivated by surprising recent preprocessing attacks on the discrete-log problem, we study the power and limits of such algorithms. In particular, we focus on generic algorithms -- these are algorithms that operate in every cyclic group. We show that any generic discrete-log algorithm with preprocessing that uses an $S$-bit advice string, runs in online time $T$, and succeeds with probability $\epsilon$, in a group of prime order $N$, must satisfy $ST^2 = \tilde{\Omega}(\epsilon N)$. Our lower bound, which is tight up to logarithmic factors, uses a synthesis of incompressibility techniques and classic methods for generic-group lower bounds. We apply our techniques to prove related lower bounds for the CDH, DDH, and multiple-discrete-log problems. Finally, we demonstrate two new generic preprocessing attacks: one for the multiple-discrete-log problem and one for certain decisional-type problems in groups. This latter result demonstrates that, for generic algorithms with preprocessing, distinguishing tuples of the form $(g, g^x, g^{(x^2)})$ from random is much easier than the discrete-log problem

A P2P Optimistic Fair Exchange (OFE) Scheme For Personal Health Records Using Blockchain Technology

In today’s digital world, it is common to exchange sensitive data between different parties. There are many examples of sensitive data or documents that require a digital exchange, such as banking information, insurance data, health records. In many cases, the exchange exists between unknown and untrusted parties. Therefore, it is essential to execute the data exchange over a fair non-repudiation protocol. In digital communication, non-repudiation is undeniable evidence of one’s responsibility regarding the validity of any data he shares/receives. Usually, this is achieved by the use of a cryptographic digital signature. In this case, the parties cannot deny the authenticity of their digital signature. The protocol satisfies the fairness property if and only if it does not give the sender any advantages over the receiver or vice versa, at any step during the exchange process. Combining fair exchange and non-repudiation for digital exchange is critical in many applications and can be acquired with or without the involvement of any trusted third party (TTP). However, without the involvement of TTP, fairness becomes probabilistic, and the involvement of TTP can cause significant dependency on the third party. Therefore, a peer-to-peer (P2P) (aka offline) fair non-repudiation protocol that does not require a trusted third-party is desirable in many applications. Blockchain is designed in such a way that the network can handle the trustless environment and deliver the correct result. Thus, if the exchanges are done leveraging Blockchain, it will ensure true fairness, and at the same time, none of the participants have to deal with the trust issue. In this thesis we propose a P2P fair non-repudiation data exchange scheme by leveraging Blockchain and distributed ledger technology. The scheme combines on-chain and off-chain communication patterns to enable the exchange of personal health records between patients and healthcare providers. We provide an informal reasoning of the proposed scheme. Moreover, we propose a design and implementation agnostic to existing Blockchain platforms to enable unbiased evaluation of the proposed scheme. Finally, we make a comparative analysis of the result derived from our approach with the existing one

Studies on the Security of Selected Advanced Asymmetric Cryptographic Primitives

The main goal of asymmetric cryptography is to provide confidential communication, which allows two parties to communicate securely even in the presence of adversaries. Ever since its invention in the seventies, asymmetric cryptography has been improved and developed further, and a formal security framework has been established around it. This framework includes different security goals, attack models, and security notions. As progress was made in the field, more advanced asymmetric cryptographic primitives were proposed, with other properties in addition to confidentiality. These new primitives also have their own definitions and notions of security. This thesis consists of two parts, where the first relates to the security of fully homomorphic encryption and related primitives. The second part presents a novel cryptographic primitive, and defines what security goals the primitive should achieve. The first part of the thesis consists of Article I, II, and III, which all pertain to the security of homomorphic encryption schemes in one respect or another. Article I demonstrates that a particular fully homomorphic encryption scheme is insecure in the sense that an adversary with access only to the public material can recover the secret key. It is also shown that this insecurity mainly stems from the operations necessary to make the scheme fully homomorphic. Article II presents an adaptive key recovery attack on a leveled homomorphic encryption scheme. The scheme in question claimed to withstand precisely such attacks, and was the only scheme of its kind to do so at the time. This part of the thesis culminates with Article III, which is an overview article on the IND-CCA1 security of all acknowledged homomorphic encryption schemes. The second part of the thesis consists of Article IV, which presents Vetted Encryption (VE), a novel asymmetric cryptographic primitive. The primitive is designed to allow a recipient to vet who may send them messages, by setting up a public filter with a public verification key, and providing each vetted sender with their own encryption key. There are three different variants of VE, based on whether the sender is identifiable to the filter and/or the recipient. Security definitions, general constructions and comparisons to already existing cryptographic primitives are provided for all three variants.Doktorgradsavhandlin