A Novel Attack to the Permuted Kernel Problem

The Permuted Kernel Problem (PKP) asks to find a permutation of a given vector belonging to the kernel of a given matrix. The PKP is at the basis of PKP-DSS, a post-quantum signature scheme deriving from the identification scheme proposed by Shamir in 1989. The most efficient solver for PKP is due to a recent paper by Koussa et al. In this paper we propose an improvement of such an algorithm, which we achieve by considering an additional collision search step applied on kernel equations involving a small number of coordinates. We study the conditions for such equations to exist from a coding theory perspective, and we describe how to efficiently find them with methods borrowed from coding theory, such as information set decoding. We assess the complexity of the resulting algorithm and show that it outperforms previous approaches in several cases. We also show that, taking the new solver into account, the security level of some instances of PKP-DSS turns out to be slightly overestimated

On the complexity of the Permuted Kernel Problem

In 1989, A. Shamir introduced an interesting public-key scheme of a new nature, a Zero-Knowledge (ZK) Identification scheme, based on PKP: the Permuted Kernel Problem. PKP is an NP-hard algebraic problem which has been extensively studied. Among all the attacks, the problem PKP is in spite of the research effort, still exponential. This problem was used to develop an Identification Scheme (IDS) which has a very efficient implementation on low-cost smart cards. There has been recently a renewed interest in PKP-based cryptography due to post quantum security considerations, simple security proofs, and the design of new PKP-based signature algorithm. In 2018 and through the Fiat-Shamir transform, the PKP-IDS was used to construct a post-quantum signature scheme which was submitted to a Chinese competition for the design of post-quantum cryptographic algorithms (organized by the Chinese Association CACR). This latter was improved later. The aim of this document is two-fold. First, we investigate the complexity of the combinatorial problem - namely PKP. We also present a summary of previously known algorithms devoted to solve this problem. Contrary to what is shown previously, and after a thorough analysis of the State-of-the-art attacks of PKP, we claim that the Joux-Jaulmes attack is not the most efficient algorithm for solving PKP. In fact, the complexity of the Joux-Jaulmes attack underestimate the amount of certain important phase of the algorithm. Second, we examine the complexity given by various algorithms, specifically the ones introduced by Patarin-Chauvaud and Poupard. It is relatively complex to obtain a general complexity formula due to the very numerous variants. However, we have been able to develop a program and provide its approximate space and time complexities which allow us to identify hard instances and secure sets of parameters of this problem with respect to the best attack currently known

A Step Towards QC Blind Signatures

In this paper we propose a conversion from signature schemes connected to coding theory into blind signature schemes. We give formal security reductions to combinatorial problems not connected to number theory. This is the first blind signature scheme which can not be broken by quantum computers via cryptanalyzing the underlying signature scheme employing Shor’s algorithms. We thus present a step towards diversifying computational assumptions on which blind signatures can be based. We achieve blind signatures by a different concept of blinding: Instead of blinding the message, we blind the public key, such that generating a (blind) signature for the blinded key requires the interaction of the holder of the original secret key. To verify the blind signature, the connection between the original and the blinded key is proven by a static ZK proof. The major ingredient for our conversion is the PKP protocol by Shamir

Cryptanalysis of the Binary Permuted Kernel Problem

In 1989, Shamir presented an efficient identification scheme (IDS) based on the permuted kernel problem (PKP). After 21 years, PKP was generalized by Lampe and Patarin, who were able to build an IDS similar to Shamir\u27s one, but using the binary field. This binary variant presented some interesting advantages over Shamir\u27s original IDS, such as reduced number of operations and inherently resistance against side-channel attacks. In the security analysis, considering the best attacks against the original PKP, the authors concluded that none of these existing attacks appeared to have a significant advantage when attacking the binary variant. In this paper, we propose the first attack that targets the binary PKP. The attack is analyzed in detail, and its practical performance is compared with our theoretical models. For the proposed parameters originally targeting 79 and 98 bits of security, our attack can recover about 100% of all keys using less than $2^{63}$ and $2^{77}$ operations, respectively

Sigma protocols for MQ, PKP and SIS, and fishy signature schemes

This work presents sigma protocols to prove knowledge of: -a solution to a system of quadratic polynomials, -a solution to an instance of the Permuted Kernel Problem and -a witness for a variety of lattice statements (including SIS). Our sigma protocols have soundness error 1/q\u27, where q\u27 is any number bounded by the size of the underlying finite field. This is much better than existing proofs, which have soundness error 2/3 or (q\u27+1)/2q\u27. The prover and verifier time of our proofs are O(q\u27). We achieve this by first constructing so-called sigma protocols with helper, which are sigma protocols where the prover and the verifier are assisted by a trusted third party, and then eliminating the helper from the proof with a cut-and-choose protocol. We apply the Fiat-Shamir transform to obtain signature schemes with security proof in the QROM. We show that the resulting signature schemes, which we call the MUltivariate quaDratic FIat-SHamir scheme (MUDFISH) and the ShUffled Solution to Homogeneous linear SYstem FIat-SHamir scheme (SUSHSYFISH), are more efficient than existing signatures based on the MQ problem and the Permuted Kernel Problem. Our proof system can be used to improve the efficiency of applications relying on (generalizations of) Stern\u27s protocol. We show that the proof size of our SIS proof is smaller than that of Stern\u27s protocol by an order of magnitude and that our proof is more efficient than existing post-quantum secure SIS proofs

Computational Hardness of the Permuted Kernel and Subcode Equivalence Problems

The Permuted Kernel Problem (PKP) asks to find a permutation which maps an input matrix into the kernel of some given vector space. The literature exhibits several works studying its hardness in the case of the input matrix being mono-dimensional (i.e., a vector), while the multi-dimensional case has received much less attention and, de facto, only the case of a binary ambient finite field has been studied. The Subcode Equivalence Problem (SEP), instead, asks to find a permutation so that a given linear code becomes a subcode of another given code. At the best of our knowledge, no algorithm to solve the SEP has ever been proposed. In this paper we study the computational hardness of solving these problems. We first show that, despite going by different names, PKP and SEP are exactly the same problem. Then we consider the state-of-the-art solver for the mono-dimensional PKP (namely, the KMP algorithm, proposed by Koussa, Macario-Rat and Patarin), generalize it to the multi-dimensional case and analyze both the finite and the asymptotic regimes. We further propose a new algorithm, which can be thought of as a refinement of KMP. In the asymptotic regime our algorithm does not improve on KMP but, in the finite regime (and for parameters of practical interest), we achieve significant improvements, especially for the multi-dimensional version of PKP. As an evidence, we show that it is the fastest algorithm to attack several recommended instances of cryptosystems based on PKP. As a side-effect, given the mentioned equivalence between PKP and SEP, all the algorithms we analyze in this paper can be used to solve instances of the latter problem

Mustererkennungsbasierte Verteidgung gegen gezielte Angriffe

The speed at which everything and everyone is being connected considerably outstrips the rate at which effective security mechanisms are introduced to protect them. This has created an opportunity for resourceful threat actors which have specialized in conducting low-volume persistent attacks through sophisticated techniques that are tailored to specific valuable targets. Consequently, traditional approaches are rendered ineffective against targeted attacks, creating an acute need for innovative defense mechanisms. This thesis aims at supporting the security practitioner in bridging this gap by introducing a holistic strategy against targeted attacks that addresses key challenges encountered during the phases of detection, analysis and response. The structure of this thesis is therefore aligned to these three phases, with each one of its central chapters taking on a particular problem and proposing a solution built on a strong foundation on pattern recognition and machine learning. In particular, we propose a detection approach that, in the absence of additional authentication mechanisms, allows to identify spear-phishing emails without relying on their content. Next, we introduce an analysis approach for malware triage based on the structural characterization of malicious code. Finally, we introduce MANTIS, an open-source platform for authoring, sharing and collecting threat intelligence, whose data model is based on an innovative unified representation for threat intelligence standards based on attributed graphs. As a whole, these ideas open new avenues for research on defense mechanisms and represent an attempt to counteract the imbalance between resourceful actors and society at large.In unserer heutigen Welt sind alle und alles miteinander vernetzt. Dies bietet mächtigen Angreifern die Möglichkeit, komplexe Verfahren zu entwickeln, die auf spezifische Ziele angepasst sind. Traditionelle Ansätze zur Bekämpfung solcher Angriffe werden damit ineffektiv, was die Entwicklung innovativer Methoden unabdingbar macht. Die vorliegende Dissertation verfolgt das Ziel, den Sicherheitsanalysten durch eine umfassende Strategie gegen gezielte Angriffe zu unterstützen. Diese Strategie beschäftigt sich mit den hauptsächlichen Herausforderungen in den drei Phasen der Erkennung und Analyse von sowie der Reaktion auf gezielte Angriffe. Der Aufbau dieser Arbeit orientiert sich daher an den genannten drei Phasen. In jedem Kapitel wird ein Problem aufgegriffen und eine entsprechende Lösung vorgeschlagen, die stark auf maschinellem Lernen und Mustererkennung basiert. Insbesondere schlagen wir einen Ansatz vor, der eine Identifizierung von Spear-Phishing-Emails ermöglicht, ohne ihren Inhalt zu betrachten. Anschliessend stellen wir einen Analyseansatz für Malware Triage vor, der auf der strukturierten Darstellung von Code basiert. Zum Schluss stellen wir MANTIS vor, eine Open-Source-Plattform für Authoring, Verteilung und Sammlung von Threat Intelligence, deren Datenmodell auf einer innovativen konsolidierten Graphen-Darstellung für Threat Intelligence Stardards basiert. Wir evaluieren unsere Ansätze in verschiedenen Experimenten, die ihren potentiellen Nutzen in echten Szenarien beweisen. Insgesamt bereiten diese Ideen neue Wege für die Forschung zu Abwehrmechanismen und erstreben, das Ungleichgewicht zwischen mächtigen Angreifern und der Gesellschaft zu minimieren

Online identification of cascading events in power systems with renewable generation using machine learning

This PhD project deals with the Modelling of Cascading Events in Power Systems and their Online Identification with Machine Learning, considering the integration of Renewable Energy Sources. Cascading events involve highly complex dynamic phenomena and in some cases can pose significant challenges to the stability and reliability of power grids, leading even to blackouts. The intermittent nature of renewable generation introduces additional complexities, as the system dynamic behavior following a contingency becomes more unpredictable. Consequently, there is an increasing need for cascading event identification methods that can effectively handle these emerging challenges and ensure secure network operation. Machine Learning methods can extract complex relationships from power system data, by capturing the underlying dynamics, offering a promising tool for the accurate and timely identification of the online system state. In addition, due to the extensive installation of Phasor Measurement Units in modern power systems, it is possible to acquire measurement data related to electrical system variables in close-to-real time. The thesis first delves into the understanding of cascading events appearance, as defined by the discrete action of protection devices, using detailed dynamic simulations and considering uncertainties associated with network operating conditions, contingencies and renewable generation. To address the online nature of the problem, supervised machine learning methods that utilize measurement data are developed. Different contemporary machine learning approaches are investigated, to identify the most suitable techniques for the detection of the appearance of cascading events, formulated as a binary classification problem, and the prediction of the reason of the upcoming cascading event, formulated as a multi-class classification problem. Furthermore, this thesis explores the challenges associated with the application of machine learning models on power system data, such as the online inference time, class imbalance, practical considerations related to measurement data and investigates techniques for model explainability to enhance the trustworthiness of the developed models. The contributions of this thesis lie in the development of machine learning-based techniques for online identification of cascading events in power systems, enabling more proactive and efficient situational awareness. These insights have the potential to significantly enhance the resilience and stability of power grids, minimizing the risk of large-scale blackouts and improving the overall reliability of the system. Georgios Nakas is sponsored through Engineering & Physical Sciences Research Council (EPSRC) Research Excellence Award (REA) and is supervised by Dr. Panagiotis Papadopoulos and Professor Graeme Burt.This PhD project deals with the Modelling of Cascading Events in Power Systems and their Online Identification with Machine Learning, considering the integration of Renewable Energy Sources. Cascading events involve highly complex dynamic phenomena and in some cases can pose significant challenges to the stability and reliability of power grids, leading even to blackouts. The intermittent nature of renewable generation introduces additional complexities, as the system dynamic behavior following a contingency becomes more unpredictable. Consequently, there is an increasing need for cascading event identification methods that can effectively handle these emerging challenges and ensure secure network operation. Machine Learning methods can extract complex relationships from power system data, by capturing the underlying dynamics, offering a promising tool for the accurate and timely identification of the online system state. In addition, due to the extensive installation of Phasor Measurement Units in modern power systems, it is possible to acquire measurement data related to electrical system variables in close-to-real time. The thesis first delves into the understanding of cascading events appearance, as defined by the discrete action of protection devices, using detailed dynamic simulations and considering uncertainties associated with network operating conditions, contingencies and renewable generation. To address the online nature of the problem, supervised machine learning methods that utilize measurement data are developed. Different contemporary machine learning approaches are investigated, to identify the most suitable techniques for the detection of the appearance of cascading events, formulated as a binary classification problem, and the prediction of the reason of the upcoming cascading event, formulated as a multi-class classification problem. Furthermore, this thesis explores the challenges associated with the application of machine learning models on power system data, such as the online inference time, class imbalance, practical considerations related to measurement data and investigates techniques for model explainability to enhance the trustworthiness of the developed models. The contributions of this thesis lie in the development of machine learning-based techniques for online identification of cascading events in power systems, enabling more proactive and efficient situational awareness. These insights have the potential to significantly enhance the resilience and stability of power grids, minimizing the risk of large-scale blackouts and improving the overall reliability of the system. Georgios Nakas is sponsored through Engineering & Physical Sciences Research Council (EPSRC) Research Excellence Award (REA) and is supervised by Dr. Panagiotis Papadopoulos and Professor Graeme Burt

Trustworthy machine learning through the lens of privacy and security

Nowadays, machine learning (ML) becomes ubiquitous and it is transforming society. However, there are still many incidents caused by ML-based systems when ML is deployed in real-world scenarios. Therefore, to allow wide adoption of ML in the real world, especially in critical applications such as healthcare, finance, etc., it is crucial to develop ML models that are not only accurate but also trustworthy (e.g., explainable, privacy-preserving, secure, and robust). Achieving trustworthy ML with different machine learning paradigms (e.g., deep learning, centralized learning, federated learning, etc.), and application domains (e.g., computer vision, natural language, human study, malware systems, etc.) is challenging, given the complicated trade-off among utility, scalability, privacy, explainability, and security. To bring trustworthy ML to real-world adoption with the trust of communities, this study makes a contribution of introducing a series of novel privacy-preserving mechanisms in which the trade-off between model utility and trustworthiness is optimized in different application domains, including natural language models, federated learning with human and mobile sensing applications, image classification, and explainable AI. The proposed mechanisms reach deployment levels of commercialized systems in real-world trials while providing trustworthiness with marginal utility drops and rigorous theoretical guarantees. The developed solutions enable safe, efficient, and practical analyses of rich and diverse user-generated data in many application domains

Wave: A New Code-Based Signature Scheme

preprint IACR disponible sur https://eprint.iacr.org/2018/996/20181022:154324We present here Wave the first "hash-and-sign" code-based signature scheme which strictly follows the GPV strategy [GPV08]. It uses the family of ternary generalized (U, U + V) codes. We prove that Wave achieves existential unforgeability under adaptive chosen message attacks (EUF-CMA) in the random oracle model (ROM) with a tight reduction to two assumptions from coding theory: one is a distinguishing problem that is related to the trapdoor we insert in our scheme, the other one is DOOM, a multiple target version of syndrome decoding. The algorithm produces uniformly distributed signatures through a suitable rejection sampling. Our scheme enjoys efficient signature and verification algorithms. For 128 bits of classical security, signature are 8 thousand bits long and the public key size is slightly smaller than one megabyte. Furthermore, with our current choice of parameters, the rejection rate is limited to one rejection every 3 or 4 signatures