4,304 research outputs found
On the Key-Uncertainty of Quantum Ciphers and the Computational Security of One-way Quantum Transmission
We consider the scenario where Alice wants to send a secret (classical)
-bit message to Bob using a classical key, and where only one-way
transmission from Alice to Bob is possible. In this case, quantum communication
cannot help to obtain perfect secrecy with key length smaller then . We
study the question of whether there might still be fundamental differences
between the case where quantum as opposed to classical communication is used.
In this direction, we show that there exist ciphers with perfect security
producing quantum ciphertext where, even if an adversary knows the plaintext
and applies an optimal measurement on the ciphertext, his Shannon uncertainty
about the key used is almost maximal. This is in contrast to the classical case
where the adversary always learns bits of information on the key in a known
plaintext attack. We also show that there is a limit to how different the
classical and quantum cases can be: the most probable key, given matching
plain- and ciphertexts, has the same probability in both the quantum and the
classical cases. We suggest an application of our results in the case where
only a short secret key is available and the message is much longer.Comment: 19 pages, 2 figures. This is a revised version of an earlier version
that appeared in the proc. of Eucrocrypt'04:LNCS3027, 200
Quantifying Shannon's Work Function for Cryptanalytic Attacks
Attacks on cryptographic systems are limited by the available computational
resources. A theoretical understanding of these resource limitations is needed
to evaluate the security of cryptographic primitives and procedures. This study
uses an Attacker versus Environment game formalism based on computability logic
to quantify Shannon's work function and evaluate resource use in cryptanalysis.
A simple cost function is defined which allows to quantify a wide range of
theoretical and real computational resources. With this approach the use of
custom hardware, e.g., FPGA boards, in cryptanalysis can be analyzed. Applied
to real cryptanalytic problems, it raises, for instance, the expectation that
the computer time needed to break some simple 90 bit strong cryptographic
primitives might theoretically be less than two years.Comment: 19 page
Survey and Benchmark of Block Ciphers for Wireless Sensor Networks
Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications
Quantum Noise Randomized Ciphers
We review the notion of a classical random cipher and its advantages. We
sharpen the usual description of random ciphers to a particular mathematical
characterization suggested by the salient feature responsible for their
increased security. We describe a concrete system known as AlphaEta and show
that it is equivalent to a random cipher in which the required randomization is
effected by coherent-state quantum noise. We describe the currently known
security features of AlphaEta and similar systems, including lower bounds on
the unicity distances against ciphertext-only and known-plaintext attacks. We
show how AlphaEta used in conjunction with any standard stream cipher such as
AES (Advanced Encryption Standard) provides an additional, qualitatively
different layer of security from physical encryption against known-plaintext
attacks on the key. We refute some claims in the literature that AlphaEta is
equivalent to a non-random stream cipher.Comment: Accepted for publication in Phys. Rev. A; Discussion augmented and
re-organized; Section 5 contains a detailed response to 'T. Nishioka, T.
Hasegawa, H. Ishizuka, K. Imafuku, H. Imai: Phys. Lett. A 327 (2004) 28-32
/quant-ph/0310168' & 'T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, H.
Imai: Phys. Lett. A 346 (2005) 7
Low-complexity Multiclass Encryption by Compressed Sensing
The idea that compressed sensing may be used to encrypt information from
unauthorised receivers has already been envisioned, but never explored in depth
since its security may seem compromised by the linearity of its encoding
process. In this paper we apply this simple encoding to define a general
private-key encryption scheme in which a transmitter distributes the same
encoded measurements to receivers of different classes, which are provided
partially corrupted encoding matrices and are thus allowed to decode the
acquired signal at provably different levels of recovery quality.
The security properties of this scheme are thoroughly analysed: firstly, the
properties of our multiclass encryption are theoretically investigated by
deriving performance bounds on the recovery quality attained by lower-class
receivers with respect to high-class ones. Then we perform a statistical
analysis of the measurements to show that, although not perfectly secure,
compressed sensing grants some level of security that comes at almost-zero cost
and thus may benefit resource-limited applications.
In addition to this we report some exemplary applications of multiclass
encryption by compressed sensing of speech signals, electrocardiographic tracks
and images, in which quality degradation is quantified as the impossibility of
some feature extraction algorithms to obtain sensitive information from
suitably degraded signal recoveries.Comment: IEEE Transactions on Signal Processing, accepted for publication.
Article in pres
Chaotic Compilation for Encrypted Computing: Obfuscation but Not in Name
An `obfuscation' for encrypted computing is quantified exactly here, leading
to an argument that security against polynomial-time attacks has been achieved
for user data via the deliberately `chaotic' compilation required for security
properties in that environment. Encrypted computing is the emerging science and
technology of processors that take encrypted inputs to encrypted outputs via
encrypted intermediate values (at nearly conventional speeds). The aim is to
make user data in general-purpose computing secure against the operator and
operating system as potential adversaries. A stumbling block has always been
that memory addresses are data and good encryption means the encrypted value
varies randomly, and that makes hitting any target in memory problematic
without address decryption, yet decryption anywhere on the memory path would
open up many easily exploitable vulnerabilities. This paper `solves (chaotic)
compilation' for processors without address decryption, covering all of ANSI C
while satisfying the required security properties and opening up the field for
the standard software tool-chain and infrastructure. That produces the argument
referred to above, which may also hold without encryption.Comment: 31 pages. Version update adds "Chaotic" in title and throughout
paper, and recasts abstract and Intro and other sections of the text for
better access by cryptologists. To the same end it introduces the polynomial
time defense argument explicitly in the final section, having now set that
denouement out in the abstract and intr
Roadmap on optical security
Postprint (author's final draft
- …