1,849 research outputs found
Review of the NIST Light-weight Cryptography Finalists
Since 2016, NIST has been assessing lightweight encryption methods, and, in
2022, NIST published the final 10: ASCON, Elephant, GIFT-COFB, Grain128-AEAD,
ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak. At the time that
the article was written, NISC announced ASCOn as the chosen method that will be
published as NIST'S lightweight cryptography standard later in 2023. In this
article, we provide a comparison between these methods in terms of energy
efficiency, time for encryption, and time for hashing.Comment: 6 page
Recent Progress in the Quantum-to-the-Home Networks
For secure data transmission to the end users in a conventional fiber-to-the-home (FTTH) network, quantum cryptography (QC) is getting much consideration nowadays. QC or more specifically quantum key distribution (QKD) promises unconditionally secure protocol, the Holy Grail of communication and information security that is based on the fundamental laws of quantum physics. In this chapter, we discuss the design issues in a hybrid quantum-classical communication network, performance of the cost-effective off-the-shelf telecommunication equipment, our latest results on a four-state (Quadrature Phase Shift Keying, ‘QPSK’) RF sub-carrier assisted continuous-variable quantum key distribution (CV-QKD) multiuser network based on ultra-low loss quantum channel (pure silica core fiber, ‘PSCF’) and microelectromechanical systems (MEMS) based add/drop switch. The results are thoroughly compared with the commercially available high-cost encryption modules. It is expected that the discussed cost-effective and energy efficient QKD network can facilitate the practical applications of the CV-QKD protocol on the commercial scale in near future for smart access networks
SklCoin: Toward a Scalable Proof-of-Stake and Collective Signature Based Consensus Protocol for Strong Consistency in Blockchain
The proof-of-work consensus protocol suffers from two main limitations: waste
of energy and offering only probabilistic guarantees about the status of the
blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol
and its corresponding software architecture. This protocol leverages two ideas:
1) the proof-of-stake concept to dynamically form stake proportionate consensus
groups that represent block miners (stakeholders), and 2) scalable collective
signing to efficiently commit transactions irreversibly. SklCoin has immediate
finality characteristic where all miners instantly agree on the validity of
blocks. In addition, SklCoin supports high transaction rate because of its fast
miner election mechanis
TRUSTD: Combat Fake Content using Blockchain and Collective Signature Technologies
The growing trend of sharing news/contents, through social media platforms
and the World Wide Web has been seen to impact our perception of the truth,
altering our views about politics, economics, relationships, needs and wants.
This is because of the growing spread of misinformation and disinformation
intentionally or unintentionally by individuals and organizations. This trend
has grave political, social, ethical, and privacy implications for society due
to 1) the rapid developments in the field of Machine Learning (ML) and Deep
Learning (DL) algorithms in creating realistic-looking yet fake digital content
(such as text, images, and videos), 2) the ability to customize the content
feeds and to create a polarized so-called "filter-bubbles" leveraging the
availability of the big-data. Therefore, there is an ethical need to combat the
flow of fake content. This paper attempts to resolve some of the aspects of
this combat by presenting a high-level overview of TRUSTD, a blockchain and
collective signature-based ecosystem to help content creators in getting their
content backed by the community, and to help users judge on the credibility and
correctness of these contents.Comment: arXiv admin note: text overlap with arXiv:1812.00315,
arXiv:1807.06346, arXiv:1904.05386 by other author
Double Public Key Signing Function Oracle Attack on EdDSA Software Implementations
EdDSA is a standardised elliptic curve digital signature scheme introduced to
overcome some of the issues prevalent in the more established ECDSA standard.
Due to the EdDSA standard specifying that the EdDSA signature be deterministic,
if the signing function were to be used as a public key signing oracle for the
attacker, the unforgeability notion of security of the scheme can be broken.
This paper describes an attack against some of the most popular EdDSA
implementations, which results in an adversary recovering the private key used
during signing. With this recovered secret key, an adversary can sign arbitrary
messages that would be seen as valid by the EdDSA verification function. A list
of libraries with vulnerable APIs at the time of publication is provided.
Furthermore, this paper provides two suggestions for securing EdDSA signing
APIs against this vulnerability while it additionally discusses failed attempts
to solve the issue
Majority Voting Approach to Ransomware Detection
Crypto-ransomware remains a significant threat to governments and companies
alike, with high-profile cyber security incidents regularly making headlines.
Many different detection systems have been proposed as solutions to the
ever-changing dynamic landscape of ransomware detection. In the majority of
cases, these described systems propose a method based on the result of a single
test performed on either the executable code, the process under investigation,
its behaviour, or its output. In a small subset of ransomware detection
systems, the concept of a scorecard is employed where multiple tests are
performed on various aspects of a process under investigation and their results
are then analysed using machine learning. The purpose of this paper is to
propose a new majority voting approach to ransomware detection by developing a
method that uses a cumulative score derived from discrete tests based on
calculations using algorithmic rather than heuristic techniques. The paper
describes 23 candidate tests, as well as 9 Windows API tests which are
validated to determine both their accuracy and viability for use within a
ransomware detection system. Using a cumulative score calculation approach to
ransomware detection has several benefits, such as the immunity to the
occasional inaccuracy of individual tests when making its final classification.
The system can also leverage multiple tests that can be both comprehensive and
complimentary in an attempt to achieve a broader, deeper, and more robust
analysis of the program under investigation. Additionally, the use of multiple
collaborative tests also significantly hinders ransomware from masking or
modifying its behaviour in an attempt to bypass detection.Comment: 17 page
- …