75 research outputs found
Embedded Multilayer Equations: a New Hard Problem for Constructing Post-Quantum Signatures Smaller than RSA (without Hardness Assumption)
We propose a new hard problem, called the Embedded Multilayer Equations (eMLE) problem in this paper. An example of eMLE, with one secret variable x and three layers, is given below.
6268 = 57240 * x + (1248 * x + (9 * x mod 16) mod 2053) mod 65699
In this example, the eMLE problem is to find x from the above equation. eMLE in this paper has the same number of variables and equations. The hardness of eMLE problem lies in its layered structure. Without knowing the eMLE value of lower layer (i.e., the layer with modulus 2053), the top layer (i.e., the layer with modulus 65699) has many candidate solutions; the adversary has to search the solution space for a few valid ones. A lower-bound for the number of searches has been proven in the paper, together with the expected number of valid solutions. The hardness of eMLE can be increased by adding more layers, without changing the number of variables and equations; no existing NP-complete problems have this feature.
Over the hardness of eMLE, a post-quantum signature scheme, eMLE-Sig, is constructed. Compared with all existing signature schemes (conventional and post-quantum), eMLE-Sig might be the simplest to understand, analyze, instantiate, and implement. At the security level above 128 bits, five configurations are provided; all of them have keys and signatures smaller than RSA keys and signatures (above 380 bytes) at the 128-bit security level. The smallest configuration is with two variables and three layers, having 84.1/52.2 bytes for private/public key and
168.4 bytes for signatures
Privacy-Preserving and Outsourced Multi-User k-Means Clustering
Many techniques for privacy-preserving data mining (PPDM) have been
investigated over the past decade. Often, the entities involved in the data
mining process are end-users or organizations with limited computing and
storage resources. As a result, such entities may want to refrain from
participating in the PPDM process. To overcome this issue and to take many
other benefits of cloud computing, outsourcing PPDM tasks to the cloud
environment has recently gained special attention. We consider the scenario
where n entities outsource their databases (in encrypted format) to the cloud
and ask the cloud to perform the clustering task on their combined data in a
privacy-preserving manner. We term such a process as privacy-preserving and
outsourced distributed clustering (PPODC). In this paper, we propose a novel
and efficient solution to the PPODC problem based on k-means clustering
algorithm. The main novelty of our solution lies in avoiding the secure
division operations required in computing cluster centers altogether through an
efficient transformation technique. Our solution builds the clusters securely
in an iterative fashion and returns the final cluster centers to all entities
when a pre-determined termination condition holds. The proposed solution
protects data confidentiality of all the participating entities under the
standard semi-honest model. To the best of our knowledge, ours is the first
work to discuss and propose a comprehensive solution to the PPODC problem that
incurs negligible cost on the participating entities. We theoretically estimate
both the computation and communication costs of the proposed protocol and also
demonstrate its practical value through experiments on a real dataset.Comment: 16 pages, 2 figures, 5 table
model-based script synthesis for fuzzing
Kernel fuzzing is important for finding critical kernel vulnerabilities.
Close-source (e.g., Windows) operating system kernel fuzzing is even more
challenging due to the lack of source code. Existing approaches fuzz the kernel
by modeling syscall sequences from traces or static analysis of system codes.
However, a common limitation is that they do not learn and mutate the syscall
sequences to reach different kernel states, which can potentially result in
more bugs or crashes.
In this paper, we propose WinkFuzz, an approach to learn and mutate traced
syscall sequences in order to reach different kernel states. WinkFuzz learns
syscall dependencies from the trace, identifies potential syscalls in the trace
that can have dependent subsequent syscalls, and applies the dependencies to
insert more syscalls while preserving the dependencies into the trace. Then
WinkFuzz fuzzes the synthesized new syscall sequence to find system crashes.
We applied WinkFuzz to four seed applications and found a total increase in
syscall number of 70.8\%, with a success rate of 61\%, within three insert
levels. The average time for tracing, dependency analysis, recovering model
script, and synthesizing script was 600, 39, 34, and 129 seconds respectively.
The instant fuzzing rate is 3742 syscall executions per second. However, the
average fuzz efficiency dropped to 155 syscall executions per second when the
initializing time, waiting time, and other factors were taken into account. We
fuzzed each seed application for 24 seconds and, on average, obtained 12.25
crashes within that time frame.Comment: 12 pages, conference pape
Compact-LWE-MQ^{H}: Public Key Encryption without Hardness Assumptions
Modern public key encryption relies on various hardness assumptions for its security. Hardness assumptions may cause security uncertainty, for instance, when a hardness problem is no longer hard or the best solution to a hard problem might not be publicly released.
In this paper, we propose a public key encryption scheme Compact-LWE-MQ^{H} to
demonstrate the feasibility of constructing public key encryption without relying on hardness assumptions. Instead, its security is based on problems that are called factually hard. The two factually hard problems we propose in this work are stratified system of linear and quadratic equations, and layered learning with relatively big errors. The factually hard problems are characterized by their layered structures, which ensure that the secrets at a lower layer can only be recovered after the secrets in a upper layer have been found {\it correctly} (i.e., leading to consistent lower layer secrets, not necessarily the original upper layer ones). On the other hand, without knowing the secrets in the lower layer, the upper layer subproblem can only be solved by exhaustive search.
Based on the structure of factually hard problems, we prove that without brute-force search the adversary cannot recover plaintexts or correct private key, and then discuss CPA-security and CCA-security of Compact-LWE-MQ^{H}. We have implemented Compact-LWE-MQ^{H} with a number of lines of SageMath code. Simplicity of Compact-LWE-MQ^{H} makes it easy for understanding, cryptanalysis, and implementation.
In our configuration for 128-bit security, the dimensional parameter is ( has the same meaning as in LWE). For such a tiny parameter, the current analysis tools like LLL lattice reduction algorithm are already efficient enough to perform attacks if the security claim of Compact-LWE-MQ^{H} does not hold. That is, the security of Compact-LWE-MQ^{H} is not assumed with the capability of cryptanalysis tools. SageMath code of verifying Compact-LWE-MQ^{H} security is also included in Appendix
PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses
Rowhammer is a hardware vulnerability in DRAM memory, where repeated access
to memory can induce bit flips in neighboring memory locations. Being a
hardware vulnerability, rowhammer bypasses all of the system memory protection,
allowing adversaries to compromise the integrity and confidentiality of data.
Rowhammer attacks have shown to enable privilege escalation, sandbox escape,
and cryptographic key disclosures. Recently, several proposals suggest
exploiting the spatial proximity between the accessed memory location and the
location of the bit flip for a defense against rowhammer. These all aim to deny
the attacker's permission to access memory locations near sensitive data. In
this paper, we question the core assumption underlying these defenses. We
present PThammer, a confused-deputy attack that causes accesses to memory
locations that the attacker is not allowed to access. Specifically, PThammer
exploits the address translation process of modern processors, inducing the
processor to generate frequent accesses to protected memory locations. We
implement PThammer, demonstrating that it is a viable attack, resulting in a
system compromise (e.g., kernel privilege escalation). We further evaluate the
effectiveness of proposed software-only defenses showing that PThammer can
overcome those.Comment: Preprint of the work accepted at the International Symposium on
Microarchitecture (MICRO) 2020. arXiv admin note: text overlap with
arXiv:1912.0307
On the vanishing of the coefficients of CM eta quotients
This work characterizes the vanishing of the Fourier coefficients of all CM (Complex Multiplication) eta quotients. As consequences, we recover Serre’s characterization about that of η(12z)2 and recent results of Chang on the pth coefficients of η(4z)6 and η(6z)4 . Moreover, we generalize the results on the cases of weight 1 to the setting of binary quadratic forms
- …