Public-Key encryption resilient against linear Related-Key attacks revisited

Wee (PKC'12) proposed a generic public-key encryption scheme in the setting of related-key attacks. Bellare, Paterson and Thomson (Asiacrypt'12) provided a framework enabling related-key attack (RKA) secure cryptographic primitives for a class of non-linear related-key derivation functions. However, in both of their constructions, the instantiations to achieve the full (not weak) RKA security are given under the scenario regarding the private key composed of single element. In other words, each element of the private key shares the same modification. However, this is impractical in real world. In this paper, we concentrate on the security of public-key encryption schemes under linear related-key attacks in the setting of multielement private keys (that is, the private key is composed of more than one element), where an adversary is allowed to tamper any part of this private key stored in a hardware device, and subsequently observes the outcome of a public key encryption system under this targeted modified private key. We define the security model for RKA secure public-key encryption schemes as chosen-cipher text and related-key attack (CC-RKA) security, which means that a public-key encryption scheme remains secure even when an adversary is allowed to issue the decryption oracle on linear shifts of any component of the private key. After that, we present a detailed public key encryption schemes with the private key formed of several elements, of which the CC-RKA security is under the decisional BDH assumption in the standard model

Analisis kekonduksian lebihan superkonduktor YBa2Cu3O7-δ ditambah nanozarah PbO

Kesan penambahan PbO dengan saiz 10 hingga 30 nm terhadap kekondukisan lebihan YBa2Cu3O7-δ telah dikaji. Kekonduksian lebihan ialah fluktuasi kekonduksian elektrik disebabkan oleh interaksi pasangan Cooper dengan elektron biasa berhampiran suhu genting, Tc. Sampel dengan komposisi permulaan YBa2Cu3O7-δ(PbO)x untuk x = 0.00- 0.45 peratus berat (% bt.) telah disediakan melalui tindak balas keadaan pepejal. Analisis fluktuasi dan kekonduksian lebihan menggunakan teori Aslamazov-Larkin (AL) untuk menentukan dimensi kekonduksian λ telah dijalankan. Teori Lawrence-Donaich (LD) pula digunakan untuk menentukan panjang koheren ξc(0), gandingan Josephson J dan anisotropi γ = (ξab(0)/ξc(0)). Suhu genting mula adalah tertinggi (Tc mula = 94 K) untuk sampel x = 0.35. Analisis kekonduksian menunjukkan PbO menyebabkan peralihan kekonduksian daripada 2 dimensi ke 3 dimensi dengan suhu peralihan, T2D–3D tertinggi bagi sampel x = 0.20 (120 K). Model Lawrence-Donaich menunjukkan panjang koheren ξc(0) adalah terpanjang dan anisotropi terendah bagi sampel x = 0.25. Sampel ini juga menunjukkan gandingan Josephson tertinggi, J = 0.296. Dua kesan yang mungkin berlaku akibat penambahan PbO ialah pembentukan bahan bukan superkonduktor dalam sampel dan peningkatan hubungan antara butiran yang meningkatkan sifat-sifat kesuperkonduksian

A simplified (modified) Duke Activity Status Index (M-DASI) to characterise functional capacity: A secondary analysis of the Measurement of Exercise Tolerance before Surgery (METS) study

Background Accurate assessment of functional capacity, a predictor of postoperative morbidity and mortality, is essential to improving surgical planning and outcomes. We assessed if all 12 items of the Duke Activity Status Index (DASI) were equally important in reflecting exercise capacity. Methods In this secondary cross-sectional analysis of the international, multicentre Measurement of Exercise Tolerance before Surgery (METS) study, we assessed cardiopulmonary exercise testing and DASI data from 1455 participants. Multivariable regression analyses were used to revise the DASI model in predicting an anaerobic threshold (AT) >11 ml kg −1 min −1 and peak oxygen consumption (VO 2 peak) >16 ml kg −1 min −1, cut-points that represent a reduced risk of postoperative complications. Results Five questions were identified to have dominance in predicting AT>11 ml kg −1 min −1 and VO 2 peak>16 ml.kg −1min −1. These items were included in the M-DASI-5Q and retained utility in predicting AT>11 ml.kg −1.min −1 (area under the receiver-operating-characteristic [AUROC]-AT: M-DASI-5Q=0.67 vs original 12-question DASI=0.66) and VO 2 peak (AUROC-VO2 peak: M-DASI-5Q 0.73 vs original 12-question DASI 0.71). Conversely, in a sensitivity analysis we removed one potentially sensitive question related to the ability to have sexual relations, and the ability of the remaining four questions (M-DASI-4Q) to predict an adequate functional threshold remained no worse than the original 12-question DASI model. Adding a dynamic component to the M-DASI-4Q by assessing the chronotropic response to exercise improved its ability to discriminate between those with VO 2 peak>16 ml.kg −1.min −1 and VO 2 peak<16 ml.kg −1.min −1. Conclusions The M-DASI provides a simple screening tool for further preoperative evaluation, including with cardiopulmonary exercise testing, to guide perioperative management

Anonymous broadcast encryption with an untrusted gateway

We propose a verifiable and anonymous broadcast encryption scheme, where an 'untrusted' gateway can verify incoming communication flows to ensure only the intended (anonymous) receivers in the target domain can receive them. This scenario is interesting while the privacy of receivers should be considered. The difficulty in this setting is how to achieve both confidentiality of the message and anonymity of receivers during the gateway verification. To achieve this goal, we introduce a new notion of encrypted identity search, which allows the gateway blindly verifies the incoming traffic. Our scheme captures security properties: confidentiality and anonymity against dishonest gateway, corrupted receivers and collusion attacks. We present a concrete construction of gateway-based verifiable and anonymous broadcast encryption system from bilinear pairings, and give its security reduction under the computational assumptions related to bilinear pairings

Public-Key encryption resilient to linear related-key attacks

In this paper, we consider the security of public-key encryption schemes under linear related-key attacks, where an adversary is allowed to tamper the private key stored in a hardware device, and subsequently observe the outcome of a public-key encryption system under this modified private key. Following the existing work done in recent years, we define the security model for related-key attack (RKA) secure public-key encryption schemes as chosen-ciphertext and related-key attack (CC-RKA) security, in which we allow an adversary to issue queries to the decryption oracle on the linear shifts of the private keys. On the basis of the adaptive trapdoor relations via the one-time signature schemes, Wee (PKC’12) proposed a generic construction of public-key encryption schemes in the setting of related-key attacks, and some instantiations from Factoring, BDDH with CC-RKA security, and DDH but with a weaker CC-RKA security. These schemes are efficient, but one-time signatures still have their price such that in some cases they are not very efficient compared to those without one-time signatures. Bellare, Paterson and Thomson (ASIACRYPT’12) put forward a generic method to build RKA secure public-key encryption schemes, which is transformed from the identity-based encryption schemes. However, so far, the efficient identity-based encryption schemes are generally based on parings. To generate a specific construction of public-key encryption schemes against related-key attacks without pairings, after analyzing the related-key attack on the Cramer-Shoup basic public-key encryption scheme, we present an efficient public-key encryption scheme resilient against related-key attacks without using one-time signature schemes from DDH. Finally, we prove the CC-RKA security of our scheme without random oracles

Anonymous signcryption against linear Related-Key attacks

A related-key attack (RKA) occurs when an adversary tampers the private key stored in a cryptographic hardware device and observes the result of the cryptographic primitive under this modified private key. In this paper, we concentrate on the security of anonymous signcryption schemes under related-key attacks, in the sense that a signcryption system should contain no information that identifies the sender of the signcryption and the receiver of the message, and yet be decipherable by the targeted receiver. To achieve this, we consider our anonymous signcryption scheme being semantically secure against chosen ciphertext and related-key attacks (CC-RKA), existentially unforgeable against chosen message and related-key attacks (CM-RKA), and anonymous against chosen ciphertext and related-key attacks (ANON-RKA). Specifically, we require that an anonymous signcryption scheme remains secure even when an adversary is allowed to access the signcryption oracle and the designcryption oracle on linear shifts of the private keys of the sender and the receiver, respectively. After reviewing some basic definitions related to our construction, based on the existing work on cryptographic primitives in the setting of related-key attacks, we give a concrete anonymous signcryption scheme from BDH which achieves CC-RKA security, CM-RKA security, ANON-RKA security in the random oracle model

Complete robustness in Identity-Based encryption

Complete robustness (CROB) was proposed to guarantee that for a public key encryption scheme, decryption attempts will fail with high probability if the wrong decryption key is used to decrypt a ciphertext, even if the keys are maliciously generated by the adversary. In this paper, we extend the notion of complete robustness to the identity-based setting. We firstly formalize the CROB for identity-based encryption, and present a generic construction achieving CROB from an arbitrary identity-based encryption scheme. After that, we investigate whether there exist some kind of relations between CROB and related-key attack (RKA) security for the case of identity-based encryption. We conclude that these two notions (CROB and RKA security) are separable for identity-based encryption, but with a slight modification to our generic construction, an identity-based encryption scheme offering complete robustness with security against related-key attacks can be constructed from any identity-based encryption scheme