On the Linear Transformation in White-box Cryptography

Linear transformations are applied to the white-box cryptographic implementation for the diffusion effect to prevent key-dependent intermediate values from being analyzed. However, it has been shown that there still exists a correlation before and after the linear transformation, and thus this is not enough to protect the key against statistical analysis. So far, the Hamming weight of rows in the invertible matrix has been considered the main cause of the key leakage from the linear transformation. In this study, we present an in-depth analysis of the distribution of intermediate values and the characteristics of block invertible binary matrices. Our mathematical analysis and experimental results show that the balanced distribution of the key-dependent intermediate value is the main cause of the key leakage

Table Redundancy Method for Protecting against Fault Attacks

Fault attacks (FA) intentionally inject some fault into the encryption process for analyzing a secret key based on faulty intermediate values or faulty ciphertexts. One of the easy ways for software-based countermeasures is to use time redundancy. However, existing methods can be broken by skipping comparison operations or by using non-uniform distributions of faulty intermediate values. In this paper, we propose a secure software-based redundancy, aptly named table redundancy, applying different linear and nonlinear transformations to redundant computations of table-based block cipher structures. To reduce the table size and the number of lookups, some outer tables that are not subjected to FA are shared, while the inner tables are protected by table redundancy. The basic idea is that different transformations protecting redundant computations are correctly decoded if the redundant outcomes are combined without faulty values. In addition, this recombination provides infective computations because a faulty byte is likely to propagate its error to adjacent bytes due to the use of 32-bit linear transformations. Our method also presents a stateful feature in the connection with detected faults and subsequent plaintexts for preventing iterative fault injection. We demonstrate the protection of AES-128 against FA and show a negligible advantage of FA

BROADCAST ENCRYPTION π\pi

We propose a new broadcast encryption scheme $\pi$ based on the idea of `one key per each punctured interval\u27. Let $N$ and $r$ be the numbers of total users and revoked users, respectively. In our scheme with $p$-punctured $c$-intervals, the transmission overhead is asymptotically {\normalsize$\frac r{p+1}$} as $r$ grows. We also introduce two variants of our scheme to improve the efficiency for small $r$. Our scheme is very flexible with two parameters $p$ and $c$. We may take $p$ as large as possible if a user device allows a large key storage, and set $c$ as small as possible if the storage size and the computing power is limited. Our scheme also possesses another remarkable feature that any number of new users can join at any time without key refreshment, which is not possible in other known practical schemes

Direct Inhibition of GSK3β by the Phosphorylated Cytoplasmic Domain of LRP6 in Wnt/β-Catenin Signaling

Wnt/β-catenin signaling plays a central role in development and is also involved in a diverse array of diseases. Binding of Wnts to the coreceptors Frizzled and LRP6/5 leads to phosphorylation of PPPSPxS motifs in the LRP6/5 intracellular region and the inhibition of GSK3β bound to the scaffold protein Axin. However, it remains unknown how GSK3β is specifically inhibited upon Wnt stimulation. Here, we show that overexpression of the intracellular region of LRP6 containing a Ser/Thr rich cluster and a PPPSPxS motif impairs the activity of GSK3β in cells. Synthetic peptides containing the PPPSPxS motif strongly inhibit GSK3β in vitro only when they are phosphorylated. Microinjection of these peptides into Xenopus embryos confirms that the phosphorylated PPPSPxS motif potentiates Wnt-induced second body axis formation. In addition, we show that the Ser/Thr rich cluster of LRP6 plays an important role in LRP6 binding to GSK3β. These observations demonstrate that phosphorylated LRP6/5 both recruits and directly inhibits GSK3β using two distinct portions of its cytoplasmic sequence, and suggest a novel mechanism of activation in this signaling pathway

Dynamic Membership Management in Anonymous and Deniable Distance Bounding

For secure location proof in many applications, distance bounding protocols are considered as one of the useful tools that can be used in practice. In distance bounding protocols, a prover and a verifier can measure the distance between them by performing an interactive protocol. In general, the verifier is regarded as an honest service provider, and thus, an adversarial verifier is not considered for security analysis. However, we cannot ignore the possibility of the corruption of the verifier, which can spoil the prover’s privacy. To handle the security problem, a prover-anonymous and deniable distance bounding protocol is proposed, which can guarantee the privacy of the prover even though the verifier is corrupted. In this paper, we review the prover-anonymous and deniable distance bounding protocol in terms of the membership management, and we show that the communication overhead in the protocol for each membership change is O(n) where n is the number of users. Then, we propose an improved membership management technique, which can efficiently support membership change in terms of the communication overhead. The improved technique requires O(1) for each membership change instead of O(n), as in the existing protocol

Blockchain-Based Data Sharing and Trading Model for the Connected Car

Currently, “connected cars” are being actively designed over smart cars and autonomous cars, to establish a two-way communication network between the vehicle and all infrastructure. Additionally, because vehicle black boxes are becoming more common, specific processes for secure and efficient data sharing and transaction via vehicle networks must be developed. In this paper, we propose a Blockchain-based vehicle data marketplace platform model, along with a data sharing scheme, using Blockchain-based data-owner-based attribute-based encryption (DO-ABE). The proposed model achieves the basic requirements such as data confidentiality, integrity, and privacy. The proposed system securely and effectively handles large-capacity and privacy-sensitive black box video data by storing the metadata on Blockchain (on-chain) and encrypted raw data on off-chain (external) storage, and adopting consortium Blockchain. Furthermore, the data owners of the proposed model can control their own data by applying the Blockchain-based DO-ABE and owner-defined access control lists

Skipping, Cascade, and Combined Chain Schemes for Broadcast Encryption

We develop a couple of new methods to reduce transmission overheads in broadcast encryption. The methods are based on the idea of assigning one key per each partition using one-way key chains after partitioning the users. One method adopts skipping chains on partitions containing up to p revoked users and the other adopts cascade chains on partitions with layer structure. The scheme using the former reduces the transmission overhead down to p+1 asymptotically as r grows, and the scheme using the latter keeps the transmission overhead very small when r approaches 0, where r is the number of revoked users. Combining the two schemes, we propose a new broadcast encryption scheme with least transmission overhead. Our schemes also possess a remarkable feature that any number of new users can join at any time without key update, which is not available for most of known practical schemes