On an almost-universal hash function family with applications to authentication and secrecy codes

Universal hashing, discovered by Carter and Wegman in 1979, has many important applications in computer science. MMH$^*$, which was shown to be $\Delta$-universal by Halevi and Krawczyk in 1997, is a well-known universal hash function family. We introduce a variant of MMH$^*$, that we call GRDH, where we use an arbitrary integer $n>1$ instead of prime $p$ and let the keys $\mathbf{x}=\langle x_1, \ldots, x_k \rangle \in \mathbb{Z}_n^k$ satisfy the conditions $\gcd(x_i,n)=t_i$ ($1\leq i\leq k$), where $t_1,\ldots,t_k$ are given positive divisors of $n$. Then via connecting the universal hashing problem to the number of solutions of restricted linear congruences, we prove that the family GRDH is an $\varepsilon$-almost-$\Delta$-universal family of hash functions for some $\varepsilon<1$ if and only if $n$ is odd and $\gcd(x_i,n)=t_i=1$ $(1\leq i\leq k)$. Furthermore, if these conditions are satisfied then GRDH is $\frac{1}{p-1}$-almost-$\Delta$-universal, where $p$ is the smallest prime divisor of $n$. Finally, as an application of our results, we propose an authentication code with secrecy scheme which strongly generalizes the scheme studied by Alomair et al. [{\it J. Math. Cryptol.} {\bf 4} (2010), 121--148], and [{\it J.UCS} {\bf 15} (2009), 2937--2956].Comment: International Journal of Foundations of Computer Science, to appea

Restricted linear congruences

In this paper, using properties of Ramanujan sums and of the discrete Fourier transform of arithmetic functions, we give an explicit formula for the number of solutions of the linear congruence $a_1x_1+\cdots +a_kx_k\equiv b \pmod{n}$, with $\gcd(x_i,n)=t_i$ ($1\leq i\leq k$), where $a_1,t_1,\ldots,a_k,t_k, b,n$ ($n\geq 1$) are arbitrary integers. As a consequence, we derive necessary and sufficient conditions under which the above restricted linear congruence has no solutions. The number of solutions of this kind of congruence was first considered by Rademacher in 1925 and Brauer in 1926, in the special case of $a_i=t_i=1$ $(1\leq i \leq k)$. Since then, this problem has been studied, in several other special cases, in many papers; in particular, Jacobson and Williams [{\it Duke Math. J.} {\bf 39} (1972), 521--527] gave a nice explicit formula for the number of such solutions when $(a_1,\ldots,a_k)=t_i=1$ $(1\leq i \leq k)$. The problem is very well-motivated and has found intriguing applications in several areas of mathematics, computer science, and physics, and there is promise for more applications/implications in these or other directions.Comment: Journal of Number Theory, to appea

TSKY: a dependable middleware solution for data privacy using public storage clouds

Dissertação para obtenção do Grau de Mestre em Engenharia InformáticaThis dissertation aims to take advantage of the virtues offered by data storage cloud based systems on the Internet, proposing a solution that avoids security issues by combining different providers’ solutions in a vision of a cloud-of-clouds storage and computing. The solution, TSKY System (or Trusted Sky), is implemented as a middleware system, featuring a set of components designed to establish and to enhance conditions for security, privacy, reliability and availability of data, with these conditions being secured and verifiable by the end-user, independently of each provider. These components, implement cryptographic tools, including threshold and homomorphic cryptographic schemes, combined with encryption, replication, and dynamic indexing mecha-nisms. The solution allows data management and distribution functions over data kept in different storage clouds, not necessarily trusted, improving and ensuring resilience and security guarantees against Byzantine faults and at-tacks. The generic approach of the TSKY system model and its implemented services are evaluated in the context of a Trusted Email Repository System (TSKY-TMS System). The TSKY-TMS system is a prototype that uses the base TSKY middleware services to store mailboxes and email Messages in a cloud-of-clouds

The Interpolating Random Spline Cryptosystem and the Chaotic-Map Public-Key Cryptosystem

The feasibility of implementing the interpolating cubic spline function as encryption and decryption transformations is presented. The encryption method can be viewed as computing a transposed polynomial. The main characteristic of the spline cryptosystem is that the domain and range of encryption are defined over real numbers, instead of the traditional integer numbers. Moreover, the spline cryptosystem can be implemented in terms of inexpensive multiplications and additions. Using spline functions, a series of discontiguous spline segments can execute the modular arithmetic of the RSA system. The similarity of the RSA and spline functions within the integer domain is demonstrated. Furthermore, we observe that such a reformulation of RSA cryptosystem can be characterized as polynomials with random offsets between ciphertext values and plaintext values. This contrasts with the spline cryptosystems, so that a random spline system has been developed. The random spline cryptosystem is an advanced structure of spline cryptosystem. Its mathematical indeterminacy on computing keys with interpolants no more than 4 and numerical sensitivity to the random offset t( increases its utility. This article also presents a chaotic public-key cryptosystem employing a one-dimensional difference equation as well as a quadratic difference equation. This system makes use of the El Gamal’s scheme to accomplish the encryption process. We note that breaking this system requires the identical work factor that is needed in solving discrete logarithm with the same size of moduli

SPDZ2k: Efficient MPC mod 2^k for Dishonest Majority

Most multi-party computation protocols allow secure computation of arithmetic circuits over a finite field, such as the integers modulo a prime. In the more natural setting of integer computations modulo $2^{k}$, which are useful for simplifying implementations and applications, no solutions with active security are known unless the majority of the participants are honest. We present a new scheme for information-theoretic MACs that are homomorphic modulo $2^k$, and are as efficient as the well-known standard solutions that are homomorphic over fields. We apply this to construct an MPC protocol for dishonest majority in the preprocessing model that has efficiency comparable to the well-known SPDZ protocol (Damgård et al., CRYPTO 2012), with operations modulo $2^k$ instead of over a field. We also construct a matching preprocessing protocol based on oblivious transfer, which is in the style of the MASCOT protocol (Keller et al., CCS 2016) and almost as efficient

Key agreement: security / division

Some key agreement schemes, such as Diffie--Hellman key agreement, reduce to Rabi--Sherman key agreement, in which Alice sends $ab$ to Charlie, Charlie sends $bc$ to Alice, they agree on key $a(bc) = (ab)c$, where multiplicative notation here indicates some specialized associative binary operation. All non-interactive key agreement schemes, where each peer independently determines a single delivery to the other, reduce to this case, because the ability to agree implies the existence of an associative operation. By extending the associative operation’s domain, the key agreement scheme can be enveloped into a mathematical ring, such that all cryptographic values are ring elements, and all key agreement computations are ring multiplications. (A smaller envelope, a semigroup instead of a ring, is also possible.) Security relies on the difficulty of division: here, meaning an operator $/$ such that $((ab)/b)b = ab$. Security also relies on the difficulty of the less familiar wedge operation $[ab, b, bc] \mapsto abc$. When Rabi--Sherman key agreement is instantiated as Diffie--Hellman key agreement: its multiplication amounts to modular exponentiation; its division amounts to the discrete logarithm problem; the wedge operation amounts to the computational Diffie--Hellman problem. Ring theory is well-developed and implies efficient division algorithms in some specific rings, such as matrix rings over fields. Semigroup theory, though less widely-known, also implies efficient division in specific semigroups, such as group-like semigroups. The rarity of key agreement schemes with well-established security suggests that easy multiplication with difficult division (and wedges) is elusive. Reduction of key agreement to ring or semigroup multiplication is not a panacea for cryptanalysis. Nonetheless, novel proposals for key agreement perhaps ought to run the gauntlet of a checklist for vulnerability to well-known division strategies that generalize across several forms of multiplication. Ambitiously applying this process of elimination to a plethora of diverse rings or semigroups might also, if only by a fluke, leave standing a few promising schemes, which might then deserve a more focused cryptanalysis

Cryptographic Key Distribution In Wireless Sensor Networks Using Bilinear Pairings

It is envisaged that the use of cheap and tiny wireless sensors will soon bring a third wave of evolution in computing systems. Billions of wireless senor nodes will provide a bridge between information systems and the physical world. Wireless nodes deployed around the globe will monitor the surrounding environment as well as gather information about the people therein. It is clear that this revolution will put security solutions to a great test. Wireless Sensor Networks (WSNs) are a challenging environment for applying security services. They differ in many aspects from traditional fixed networks, and standard cryptographic solutions cannot be used in this application space. Despite many research efforts, key distribution in WSNs still remains an open problem. Many of the proposed schemes suffer from high communication overhead and storage costs, low scalability and poor resilience against different types of attacks. The exclusive usage of simple and energy efficient symmetric cryptography primitives does not solve the security problem. On the other hand a full public key infrastructure which uses asymmetric techniques, digital signatures and certificate authorities seems to be far too complex for a constrained WSN environment. This thesis investigates a new approach to WSN security which addresses many of the shortcomings of existing mechanisms. It presents a detailed description on how to provide practical Public Key Cryptography solutions for wireless sensor networks. The contributions to the state-of-the-art are added on all levels of development beginning with the basic arithmetic operations and finishing with complete security protocols. This work includes a survey of different key distribution protocols that have been developed for WSNs, with an evaluation of their limitations. It also proposes Identity- Based Cryptography (IBC) as an ideal technique for key distribution in sensor networks. It presents the first in-depth study of the application and implementation of Pairing- Based Cryptography (PBC) to WSNs. This is followed by a presentation of the state of the art on the software implementation of Elliptic Curve Cryptography (ECC) on typical WSNplatforms. New optimized algorithms for performing multiprecision multiplication on a broad range of low-end CPUs are introduced as well. Three novel protocols for key distribution are proposed in this thesis. Two of these are intended for non-interactive key exchange in flat and clustered networks respectively. A third key distribution protocol uses Identity-Based Encryption (IBE) to secure communication within a heterogeneous sensor network. This thesis includes also a comprehensive security evaluation that shows that proposed schemes are resistant to various attacks that are specific to WSNs. This work shows that by using the newest achievements in cryptography like pairings and IBC it is possible to deliver affordable public-key cryptographic solutions and to apply a sufficient level of security for the most demanding WSN applications

Passive SSH Key Compromise via Lattices

We demonstrate that a passive network attacker can opportunistically obtain private RSA host keys from an SSH server that experiences a naturally arising fault during signature computation. In prior work, this was not believed to be possible for the SSH protocol because the signature included information like the shared Diffie-Hellman secret that would not be available to a passive network observer. We show that for the signature parameters commonly in use for SSH, there is an efficient lattice attack to recover the private key in case of a signature fault. We provide a security analysis of the SSH, IKEv1, and IKEv2 protocols in this scenario, and use our attack to discover hundreds of compromised keys in the wild from several independently vulnerable implementations

Synchronization of multi-carrier CDMA signals and security on internet.

by Yooh Ji Heng.Thesis (M.Phil.)--Chinese University of Hong Kong, 1996.Includes bibliographical references (leaves 119-128).Appendix in Chinese.Chapter I --- Synchronization of Multi-carrier CDMA Signals --- p.1Chapter 1 --- Introduction --- p.2Chapter 1.1 --- Spread Spectrum CDMA --- p.4Chapter 1.1.1 --- Direct Sequence/SS-CDMA --- p.5Chapter 1.1.2 --- Frequency Hopping/SS-CDMA --- p.5Chapter 1.1.3 --- Pseudo-noise Sequence --- p.6Chapter 1.2 --- Synchronization for CDMA signal --- p.7Chapter 1.2.1 --- Acquisition of PN Sequence --- p.7Chapter 1.2.2 --- Phase Locked Loop --- p.8Chapter 2 --- Multi-carrier CDMA --- p.10Chapter 2.1 --- System Model --- p.11Chapter 2.2 --- Crest Factor --- p.12Chapter 2.3 --- Shapiro-Rudin Sequence --- p.14Chapter 3 --- Synchronization and Detection by Line-Fitting --- p.16Chapter 3.1 --- Unmodulated Signals --- p.16Chapter 3.2 --- Estimating the Time Shift by Line-Fitting --- p.19Chapter 3.3 --- Modulated Signals --- p.22Chapter 4 --- Matched Filter --- p.23Chapter 5 --- Performance and Conclusion --- p.27Chapter 5.1 --- Line Fitting Algorithm --- p.27Chapter 5.2 --- Matched Filter --- p.28Chapter 5.3 --- Conclusion --- p.30Chapter II --- Security on Internet --- p.31Chapter 6 --- Introduction --- p.32Chapter 6.1 --- Introduction to Cryptography --- p.32Chapter 6.1.1 --- Classical Cryptography --- p.33Chapter 6.1.2 --- Cryptanalysis --- p.35Chapter 6.2 --- Introduction to Internet Security --- p.35Chapter 6.2.1 --- The Origin of Internet --- p.35Chapter 6.2.2 --- Internet Security --- p.36Chapter 6.2.3 --- Internet Commerce --- p.37Chapter 7 --- Elementary Number Theory --- p.39Chapter 7.1 --- Finite Field Theory --- p.39Chapter 7.1.1 --- Euclidean Algorithm --- p.40Chapter 7.1.2 --- Chinese Remainder Theorem --- p.40Chapter 7.1.3 --- Modular Exponentiation --- p.41Chapter 7.2 --- One-way Hashing Function --- p.42Chapter 7.2.1 --- MD2 --- p.43Chapter 7.2.2 --- MD5 --- p.43Chapter 7.3 --- Prime Number --- p.44Chapter 7.3.1 --- Listing of Prime Number --- p.45Chapter 7.3.2 --- Primality Testing --- p.45Chapter 7.4 --- Random/Pseudo-Random Number --- p.47Chapter 7.4.1 --- Examples of Random Number Generator --- p.49Chapter 8 --- Private Key and Public Key Cryptography --- p.51Chapter 8.1 --- Block Ciphers --- p.51Chapter 8.1.1 --- Data Encryption Standard (DES) --- p.52Chapter 8.1.2 --- International Data Encryption Algorithm (IDEA) --- p.54Chapter 8.1.3 --- RC5 --- p.55Chapter 8.2 --- Stream Ciphers --- p.56Chapter 8.2.1 --- RC2 and RC4 --- p.57Chapter 8.3 --- Public Key Cryptosystem --- p.58Chapter 8.3.1 --- Diffie-Hellman --- p.60Chapter 8.3.2 --- Knapsack Algorithm --- p.60Chapter 8.3.3 --- RSA --- p.62Chapter 8.3.4 --- Elliptic Curve Cryptosystem --- p.63Chapter 8.3.5 --- Public Key vs. Private Key Cryptosystem --- p.64Chapter 8.4 --- Digital Signature --- p.65Chapter 8.4.1 --- ElGamal Signature Scheme --- p.66Chapter 8.4.2 --- Digital Signature Standard (DSS) --- p.67Chapter 8.5 --- Cryptanalysis to Current Cryptosystems --- p.68Chapter 8.5.1 --- Differential Cryptanalysis --- p.68Chapter 8.5.2 --- An Attack to RC4 in Netscapel.l --- p.69Chapter 8.5.3 --- "An Timing Attack to Diffie-Hellman, RSA" --- p.71Chapter 9 --- Network Security and Electronic Commerce --- p.73Chapter 9.1 --- Network Security --- p.73Chapter 9.1.1 --- Password --- p.73Chapter 9.1.2 --- Network Firewalls --- p.76Chapter 9.2 --- Implementation for Network Security --- p.79Chapter 9.2.1 --- Kerberos --- p.79Chapter 9.2.2 --- Privacy-Enhanced Mail (PEM) --- p.80Chapter 9.2.3 --- Pretty Good Privacy (PGP) --- p.82Chapter 9.3 --- Internet Commerce --- p.83Chapter 9.3.1 --- Electronic Cash --- p.85Chapter 9.4 --- Internet Browsers --- p.87Chapter 9.4.1 --- Secure NCSA Mosaic --- p.87Chapter 9.4.2 --- Netscape Navigator --- p.89Chapter 9.4.3 --- SunSoft HotJava --- p.91Chapter 10 --- Examples of Electronic Commerce System --- p.94Chapter 10.1 --- CyberCash --- p.95Chapter 10.2 --- DigiCash --- p.97Chapter 10.3 --- The Financial Services Technology Consortium --- p.98Chapter 10.3.1 --- Electronic Check Project --- p.99Chapter 10.3.2 --- Electronic Commerce Project --- p.101Chapter 10.4 --- FirstVirtual --- p.103Chapter 10.5 --- Mondex --- p.104Chapter 10.6 --- NetBill --- p.106Chapter 10.7 --- NetCash --- p.108Chapter 10.8 --- NetCheque --- p.111Chapter 11 --- Conclusion --- p.113Chapter A --- An Essay on Chinese Remainder Theorem and RSA --- p.115Bibliography --- p.11