EFFICIENT AND SCALABLE NETWORK SECURITY PROTOCOLS BASED ON LFSR SEQUENCES

The gap between abstract, mathematics-oriented research in cryptography and the engineering approach of designing practical, network security protocols is widening. Network researchers experiment with well-known cryptographic protocols suitable for different network models. On the other hand, researchers inclined toward theory often design cryptographic schemes without considering the practical network constraints. The goal of this dissertation is to address problems in these two challenging areas: building bridges between practical network security protocols and theoretical cryptography. This dissertation presents techniques for building performance sensitive security protocols, using primitives from linear feedback register sequences (LFSR) sequences, for a variety of challenging networking applications. The significant contributions of this thesis are: 1. A common problem faced by large-scale multicast applications, like real-time news feeds, is collecting authenticated feedback from the intended recipients. We design an efficient, scalable, and fault-tolerant technique for combining multiple signed acknowledgments into a single compact one and observe that most signatures (based on the discrete logarithm problem) used in previous protocols do not result in a scalable solution to the problem. 2. We propose a technique to authenticate on-demand source routing protocols in resource-constrained wireless mobile ad-hoc networks. We develop a single-round multisignature that requires no prior cooperation among nodes to construct the multisignature and supports authentication of cached routes. 3. We propose an efficient and scalable aggregate signature, tailored for applications like building efficient certificate chains, authenticating distributed and adaptive content management systems and securing path-vector routing protocols. 4. We observe that blind signatures could form critical building blocks of privacypreserving accountability systems, where an authority needs to vouch for the legitimacy of a message but the ownership of the message should be kept secret from the authority. We propose an efficient blind signature that can serve as a protocol building block for performance sensitive, accountability systems. All special forms digital signatures—aggregate, multi-, and blind signatures—proposed in this dissertation are the first to be constructed using LFSR sequences. Our detailed cost analysis shows that for a desired level of security, the proposed signatures outperformed existing protocols in computation cost, number of communication rounds and storage overhead

Index tables of finite fields and modular golomb rulers

For a Galois field GF(2 n ) defined by a primitive element α with minimal polynomial f, the index table contains in row i the coordinates of α i in the polynomial basis α n − 1, α n − 2,…, α, 1. Each column i in this table equals the m-sequence with characteristic polynomial f, shifted cyclically by some offset h i . In this paper we show that the set of the n shifts h i contains large subsets which are modular Golomb rulers modulo 2 n  − 1 (i.e. all the differences are different). Let D be the set of integers j such that the coefficient of x j in f is non-zero. We prove that the set H D of shifts corresponding to columns j ∈ D can be partitioned into two subsets (the columns in the left half of the table and the ones in the right half) each of which is a modular Golomb ruler. Based on this result and on computational data, we conjecture that in fact the whole set H D is a modular Golomb ruler. We give a polynomial time algorithm for deciding if given a subset of column positions, the corresponding shifts are a modular Golomb ruler. These results are applied to filter generators used in the design of stream ciphers. Golić recommends that in order to withstand his inversion attack, one of the design requirements should be that the inputs of the non-linear filtering function are taken from positions of a Fibonacci LFSR which form a Golomb ruler. We propose using a Galois LFSR instead and selecting positions such that the corresponding shifts form a modular Golomb ruler. This would allow for a larger number of inputs to be selected (roughly n/2 rather than 2n − − √ ) while still satisfying Golić’s requirement

Generating elements of orders dividing p6 ± p5 + p4 ± p3 + p2 + p ± 1

In this paper we propose an algorithm for computing large primes p and q such that q divides p6 + p5 + p4 + p3 + p2 + p + 1 or p6 - p5 + p4 - p3 + p2 - p + 1. Such primes are the key parameters for the cryptosystem based on the 7th order characteristic sequences

Applications of the Galois Model LFSR in Cryptography

The linear feedback shift-register is a widely used tool for generating cryptographic sequences. The properties of the Galois model discussed here offer many opportunities to improve the implementations that already exist. We explore the overall properties of the phases of the Galois model and conjecture a relation with modular Golomb rulers. This conjecture points to an efficient method for constructing non-linear filtering generators which fulfil Golic s design criteria in order to maximise protection against his inversion attack. We also produce a number of methods which can improve the rate of output of sequences by combining particular distinct phases of smaller elementary sequences

Discrete Logarithm Cryptography

The security of many cryptographic schemes relies on the intractability of the discrete logarithm problem (DLP) in groups. The most commonly used groups to deploy such schemes are the multiplicative (sub)groups of finite fields and (hyper)elliptic curve groups over finite fields. The elements of these groups can be easily represented in a computer and the group arithmetic can be efficiently implemented. In this thesis we first study certain subgroups of characteristic-two and characteristic-three finite field groups, with the goal of obtaining more efficient representation of elements and more efficient arithmetic in the corresponding groups. In particular, we propose new compression techniques and exponentiation algorithms, and discuss some potential benefits and applications. Having mentioned that intractability of DLP is a basis for building cryptographic protocols, one should also take into consideration how a system is implemented. It has been shown that realistic (validation) attacks can be mounted against elliptic curve cryptosystems in the case that group membership testing is omitted. In the second part of the thesis, we extend the notion of validation attacks from elliptic curves to hyperelliptic curves, and show that singular curves can be used effectively in such attacks. Finally, we tackle a specific location-privacy problem called the nearby friend problem. We formalize the security model and then propose a new protocol and its extensions that solve the problem in the proposed security model. An interesting feature of the protocol is that it does not depend on any cryptographic primitive and its security is primarily based on the intractability of the DLP. Our solution provides a new approach to solve the nearby friend problem and compares favorably with the earlier solutions to this problem

A Simple and Fast Algorithm for Computing the NN-th Term of a Linearly Recurrent Sequence

We present a simple and fast algorithm for computing the $N$-th term of a given linearly recurrent sequence. Our new algorithm uses $O(\mathsf{M}(d) \log N)$ arithmetic operations, where $d$ is the order of the recurrence, and $\mathsf{M}(d)$ denotes the number of arithmetic operations for computing the product of two polynomials of degree $d$. The state-of-the-art algorithm, due to Charles Fiduccia (1985), has the same arithmetic complexity up to a constant factor. Our algorithm is simpler, faster and obtained by a totally different method. We also discuss several algorithmic applications, notably to polynomial modular exponentiation, powering of matrices and high-order lifting.Comment: 34 page

Contributions to Confidentiality and Integrity Algorithms for 5G

The confidentiality and integrity algorithms in cellular networks protect the transmission of user and signaling data over the air between users and the network, e.g., the base stations. There are three standardised cryptographic suites for confidentiality and integrity protection in 4G, which are based on the AES, SNOW 3G, and ZUC primitives, respectively. These primitives are used for providing a 128-bit security level and are usually implemented in hardware, e.g., using IP (intellectual property) cores, thus can be quite efficient. When we come to 5G, the innovative network architecture and high-performance demands pose new challenges to security. For the confidentiality and integrity protection, there are some new requirements on the underlying cryptographic algorithms. Specifically, these algorithms should: 1) provide 256 bits of security to protect against attackers equipped with quantum computing capabilities; and 2) provide at least 20 Gbps (Gigabits per second) speed in pure software environments, which is the downlink peak data rate in 5G. The reason for considering software environments is that the encryption in 5G will likely be moved to the cloud and implemented in software. Therefore, it is crucial to investigate existing algorithms in 4G, checking if they can satisfy the 5G requirements in terms of security and speed, and possibly propose new dedicated algorithms targeting these goals. This is the motivation of this thesis, which focuses on the confidentiality and integrity algorithms for 5G. The results can be summarised as follows.1. We investigate the security of SNOW 3G under 256-bit keys and propose two linear attacks against it with complexities 2172 and 2177, respectively. These cryptanalysis results indicate that SNOW 3G cannot provide the full 256-bit security level. 2. We design some spectral tools for linear cryptanalysis and apply these tools to investigate the security of ZUC-256, the 256-bit version of ZUC. We propose a distinguishing attack against ZUC-256 with complexity 2236, which is 220 faster than exhaustive key search. 3. We design a new stream cipher called SNOW-V in response to the new requirements for 5G confidentiality and integrity protection, in terms of security and speed. SNOW-V can provide a 256-bit security level and achieve a speed as high as 58 Gbps in software based on our extensive evaluation. The cipher is currently under evaluation in ETSI SAGE (Security Algorithms Group of Experts) as a promising candidate for 5G confidentiality and integrity algorithms. 4. We perform deeper cryptanalysis of SNOW-V to ensure that two common cryptanalysis techniques, guess-and-determine attacks and linear cryptanalysis, do not apply to SNOW-V faster than exhaustive key search. 5. We introduce two minor modifications in SNOW-V and propose an extreme performance variant, called SNOW-Vi, in response to the feedback about SNOW-V that some use cases are not fully covered. SNOW-Vi covers more use cases, especially some platforms with less capabilities. The speeds in software are increased by 50% in average over SNOW-V and can be up to 92 Gbps.Besides these works on 5G confidentiality and integrity algorithms, the thesis is also devoted to local pseudorandom generators (PRGs). 6. We investigate the security of local PRGs and propose two attacks against some constructions instantiated on the P5 predicate. The attacks improve existing results with a large gap and narrow down the secure parameter regime. We also extend the attacks to other local PRGs instantiated on general XOR-AND and XOR-MAJ predicates and provide some insight in the choice of safe parameters