The zheng-seberry public key cryptosystem and signcryption

In 1993 Zheng-Seberry presented a public key cryptosystem that was considered efficient and secure in the sense of indistinguishability of encryptions (IND) against an adaptively chosen ciphertext adversary (CCA2). This thesis shows the Zheng-Seberry scheme is not secure as a CCA2 adversary can break the scheme in the sense of IND. In 1998 Cramer-Shoup presented a scheme that was secure against an IND-CCA2 adversary and whose proof relied only on standard assumptions. This thesis modifies this proof and applies it to a modified version of the El-Gamal scheme. This resulted in a provably secure scheme relying on the Random Oracle (RO) model, which is more efficient than the original Cramer-Shoup scheme. Although the RO model assumption is needed for security of this new El-Gamal variant, it only relies on it in a minimal way

Design and Analysis of Opaque Signatures

Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents

BINARY EDWARDS CURVES IN ELLIPTIC CURVE CRYPTOGRAPHY

Edwards curves are a new normal form for elliptic curves that exhibit some cryp- tographically desirable properties and advantages over the typical Weierstrass form. Because the group law on an Edwards curve (normal, twisted, or binary) is complete and unified, implementations can be safer from side channel or exceptional procedure attacks. The different types of Edwards provide a better platform for cryptographic primitives, since they have more security built into them from the mathematic foun- dation up. Of the three types of Edwards curves—original, twisted, and binary—there hasn’t been as much work done on binary curves. We provide the necessary motivation and background, and then delve into the theory of binary Edwards curves. Next, we examine practical considerations that separate binary Edwards curves from other recently proposed normal forms. After that, we provide some of the theory for bi- nary curves that has been worked on for other types already: pairing computations. We next explore some applications of elliptic curve and pairing-based cryptography wherein the added security of binary Edwards curves may come in handy. Finally, we finish with a discussion of e2c2, a modern C++11 library we’ve developed for Edwards Elliptic Curve Cryptography

Robust stability assessment for future power systems

Thesis: Ph. D., Massachusetts Institute of Technology, Department of Mechanical Engineering, 2018.Cataloged from PDF version of thesis. "Due to the condition of the original material, there are unavoidable flaws in this reproduction. Some pages in the original document contain text that is illegible"--Disclaimer Notice page.Includes bibliographical references (pages 119-128).Loss of stability in electrical power systems may eventually lead to blackouts which, despite being rare, are extremely costly. However, ensuring system stability is a non-trivial task for several reasons. First, power grids, by nature, are complex nonlinear dynamical systems, so assessing and maintaining system stability is challenging mainly due to the co-existence of multiple equilibria and the lack of global stability. Second, the systems are subject to various sources of uncertainties. For example, the renewable energy injections may vary depending on the weather conditions. Unfortunately, existing security assessment may not be sufficient to verify system stability in the presence of such uncertainties. This thesis focuses on new scalable approaches for robust stability assessment applicable to three main types of stability, i.e., long-term voltage, transient, and small-signal stability. In the first part of this thesis, I develop a novel computationally tractable technique for constructing Optimal Power Flow (OPF) feasibility (convex) subsets. For any inner point of the subset, the power flow problem is guaranteed to have a feasible solution which satisfies all the operational constraints considered in the corresponding OPF. This inner approximation technique is developed based on Brouwer's fixed point theorem as the existence of a solution can be verified through a self-mapping condition. The self-mapping condition along with other operational constraints are incorporated in an optimization problem to find the largest feasible subsets. Such an optimization problem is nonlinear, but any feasible solution will correspond to a valid OPF feasibility estimation. Simulation results tested on several IEEE test cases up to 300 buses show that the estimation covers a substantial fraction of the true feasible set. Next, I introduce another inner approximation technique for estimating an attraction domain of a post-fault equilibrium based on contraction analysis. In particular, I construct a contraction region where the initial conditions are "forgotten", i.e., all trajectories starting from inside this region will exponentially converge to each other. An attraction basin is constructed by inscribing the largest ball in the contraction region. To verify contraction of a Differential-Algebraic Equation (DAE) system, I also show that one can rely on the analysis of extended virtual systems which are reducible to the original one. Moreover, the Jacobians of the synthetic systems can always be expressed in a linear form of state variables because any polynomial system has a quadratic representation. This makes the synthetic system analysis more appropriate for contraction region estimation in a large scale. In the final part of the thesis, I focus on small-signal stability assessment under load dynamic uncertainties. After introducing a generic impedance-based load model which can capture the uncertainty, I propose a new robust small signal (RSS) stability criterion. Semidefinite programming is used to find a structured Lyapunov matrix, and if it exists, the system is provably RSS stable. An important application of the criterion is to characterize operating regions which are safe from Hopf bifurcations. The robust stability assessment techniques developed in this thesis primarily address the needs of a system operator in electrical power systems. The results, however, can be naturally extended to other nonlinear dynamical systems that arise in different fields such as biology, biomedicine, economics, neuron networks, and optimization. As the robust assessment is based on sufficient conditions for stability, there is still room for development on reducing the inevitable conservatism. For example, for OPF feasibility region estimation, an important open question considers what tighter bounds on the nonlinear residual terms one can use instead of box type bounds. Also, for attraction basin problem, finding the optimal norms and metrics which result in the largest contraction domain is an interesting potential research question.by Hung Dinh Nguyen.Ph. D

Algorithms for Solving Linear and Polynomial Systems of Equations over Finite Fields with Applications to Cryptanalysis

This dissertation contains algorithms for solving linear and polynomial systems of equations over GF(2). The objective is to provide fast and exact tools for algebraic cryptanalysis and other applications. Accordingly, it is divided into two parts. The first part deals with polynomial systems. Chapter 2 contains a successful cryptanalysis of Keeloq, the block cipher used in nearly all luxury automobiles. The attack is more than 16,000 times faster than brute force, but queries 0.62 × 2^32 plaintexts. The polynomial systems of equations arising from that cryptanalysis were solved via SAT-solvers. Therefore, Chapter 3 introduces a new method of solving polynomial systems of equations by converting them into CNF-SAT problems and using a SAT-solver. Finally, Chapter 4 contains a discussion on how SAT-solvers work internally. The second part deals with linear systems over GF(2), and other small fields (and rings). These occur in cryptanalysis when using the XL algorithm, which converts polynomial systems into larger linear systems. We introduce a new complexity model and data structures for GF(2)-matrix operations. This is discussed in Appendix B but applies to all of Part II. Chapter 5 contains an analysis of "the Method of Four Russians" for multiplication and a variant for matrix inversion, which is log n faster than Gaussian Elimination, and can be combined with Strassen-like algorithms. Chapter 6 contains an algorithm for accelerating matrix multiplication over small finite fields. It is feasible but the memory cost is so high that it is mostly of theoretical interest. Appendix A contains some discussion of GF(2)-linear algebra and how it differs from linear algebra in R and C. Appendix C discusses algorithms faster than Strassen's algorithm, and contains proofs that matrix multiplication, matrix squaring, triangular matrix inversion, LUP-factorization, general matrix in- version and the taking of determinants, are equicomplex. These proofs are already known, but are here gathered into one place in the same notation