5 research outputs found
HERMES: Scalable, Secure, and Privacy-Enhancing Vehicle Access System
We propose HERMES, a scalable, secure, and privacy-enhancing system for users
to share and access vehicles. HERMES securely outsources operations of vehicle
access token generation to a set of untrusted servers. It builds on an earlier
proposal, namely SePCAR [1], and extends the system design for improved
efficiency and scalability. To cater to system and user needs for secure and
private computations, HERMES utilizes and combines several cryptographic
primitives with secure multiparty computation efficiently. It conceals secret
keys of vehicles and transaction details from the servers, including vehicle
booking details, access token information, and user and vehicle identities. It
also provides user accountability in case of disputes. Besides, we provide
semantic security analysis and prove that HERMES meets its security and privacy
requirements. Last but not least, we demonstrate that HERMES is efficient and,
in contrast to SePCAR, scales to a large number of users and vehicles, making
it practical for real-world deployments. We build our evaluations with two
different multiparty computation protocols: HtMAC-MiMC and CBC-MAC-AES. Our
results demonstrate that HERMES with HtMAC-MiMC requires only approx 1,83 ms
for generating an access token for a single-vehicle owner and approx 11,9 ms
for a large branch of rental companies with over a thousand vehicles. It
handles 546 and 84 access token generations per second, respectively. This
results in HERMES being 696 (with HtMAC-MiMC) and 42 (with CBC-MAC-AES) times
faster compared to in SePCAR for a single-vehicle owner access token
generation. Furthermore, we show that HERMES is practical on the vehicle side,
too, as access token operations performed on a prototype vehicle on-board unit
take only approx 62,087 ms
Revisiting Key-alternating Feistel Ciphers for Shorter Keys and Multi-user Security
Key-Alternating Feistel (KAF) ciphers, a.k.a. Feistel-2 models, refer to Feistel networks with round functions of the form , where is the (secret) round-key and is a public random function. This model roughly captures the structures of many famous Feistel ciphers, and the most prominent instance is DES.
Existing provable security results on KAF assumed independent round-keys and round functions (ASIACRYPT 2004 & FSE 2014). In this paper, we investigate how to achieve security under simpler and more realistic assumptions: with round-keys derived from a short main-key, and hopefully with identical round functions.
For birthday-type security, we consider 4-round KAF, investigate the minimal conditions on the way to derive the four round-keys, and prove that when such adequately derived keys and the same round function are used, the 4-round KAF is secure up to queries.
For beyond-birthday security, we focus on 6-round KAF. We prove that when the adjacent round-keys are independent, and independent round-functions are used, the 6 round KAF is secure up to queries. To our knowledge, this is the first beyond-birthday security result for KAF without assuming completely independent round-keys.
Our results hold in the multi-user setting as well, constituting the first non-trivial multi-user provable security results on Feistel ciphers. We finally demonstrate applications of our results on designing key-schedules and instantiating keyed sponge constructions
Modes of Operation Suitable for Computing on Encrypted Data
We examine how two parallel modes of operation for Authenticated Encryption (namely CTR+PMAC and OTR mode) work when evaluated in a multiparty computation engine. These two modes are selected because they suit the PRFs examined in previous works. In particular the modes are highly parallel, and do not require evaluation of the inverse of the underlying PRF. In order to use these modes one needs to convert them from their original instantiation of being defined on binary blocks of data, to working on elememts in a large prime finite field. The latter fitting the use case of many secret-sharing based MPC engines. In doing this conversion we examine the associated security proofs of PMAC and OTR, and show that they carry over to this new setting
Modes of Operation Suitable for Computing on Encrypted Data
We examine how two parallel modes of operation for Authenticated Encryption (namely CTR+PMAC and OTR mode) work when evaluated in a multiparty computation engine. These two modes are selected because they suit the PRFs examined in previous works. In particular the modes are highly parallel, and do not require evaluation of the inverse of the underlying PRF. In order to use these modes one needs to convert them from their original instantiation of being defined on binary blocks of data, to working on elememts in a large prime finite field. The latter fitting the use case of many secret-sharing based MPC engines. In doing this conversion we examine the associated security proofs of PMAC and OTR, and show that they carry over to this new setting