Some New Bounds For Cover-Free Families Through Biclique Cover

An $(r,w;d)$ cover-free family $(CFF)$ is a family of subsets of a finite set such that the intersection of any $r$ members of the family contains at least $d$ elements that are not in the union of any other $w$ members. The minimum number of elements for which there exists an $(r,w;d)-CFF$ with $t$ blocks is denoted by $N((r,w;d),t)$. In this paper, we show that the value of $N((r,w;d),t)$ is equal to the $d$-biclique covering number of the bipartite graph $I_t(r,w)$ whose vertices are all $w$- and $r$-subsets of a $t$-element set, where a $w$-subset is adjacent to an $r$-subset if their intersection is empty. Next, we introduce some new bounds for $N((r,w;d),t)$. For instance, we show that for $r\geq w$ and $r\geq 2$ $$N((r,w;1),t) \geq c{{r+w\choose w+1}+{r+w-1 \choose w+1}+ 3 {r+w-4 \choose w-2} \over \log r} \log (t-w+1),$$ where $c$ is a constant satisfies the well-known bound $N((r,1;1),t)\geq c\frac{r^2}{\log r}\log t$. Also, we determine the exact value of $N((r,w;d),t)$ for some values of $d$. Finally, we show that $N((1,1;d),4d-1)=4d-1$ whenever there exists a Hadamard matrix of order 4d

A New Secure and Efficient Ownership Transfer Protocol based on Quadric Residue and Homomorphic Encryption

In systems equipped with radio frequency identification (RFID) technology, several security concerns may arise when the ownership of a tag should be transferred from one owner to another, e.g., the confidentiality of information related to the old owner or the new owner. Therefore, this transfer is usually done via a security protocol called the ownership transfer protocol. If the ownership of several things together transmitted from one owner to another during a single session, the protocol is referred to as the group ownership transfer protocol. Lee et al. recently proposed a new group ownership transfer protocol by using cloud server, as a trusted third-party, and based on homomorphic encryption and quadratic residue. In this paper, at first, we explain some important security attacks against this recently proposed RFID group ownership transfer protocol. The success probability of any attack that is presented in this paper is $1$ and the complexity is just a run of the protocol. Zhu et al. also in order to provide simultaneous transfer of group of tags in multi-owner environment proposed a lightweight anonymous group ownership transfer protocol. In this paper, we show that it suffers from desynchronization attack. The success probability of this attack is 1 and its complexity is only five runs of group ownership transfer protocol. In addition, to overcome the Lee \textit{et al.} protocol security weaknesses, we present a new group ownership transfer protocol which is resistant against all known active and passive attacks, including the attacks presented in this paper. The provided security proof through informal methods and also formal methods such as Barrows-Abadi-Needham logic and Scyther tool show the proposed protocol\u27s security correctness

Cryptanalysis of an Anonymous Authentication and Key Agreement Protocol for Secure Wireless Body Area Network

Recently, Kumar and Chand proposed an anonymous authentication protocol for wireless body area network. They claimed that their scheme meets major security requirements and is able to resist known attacks. However, in this paper we demonstrate that their scheme is prone to traceability attack. Followed by this attack, an attacker can launch a man-in-the-middle attack and share a session key with the victim node, and hence the scheme does not achieve secure authentication. Also, we show that this protocol does not provide perfect forward secrecy which considered as a key security property in the design of any secure key agreement protocol

Impossible Differential Cryptanalysis on Deoxys-BC-256

Deoxys is a third-round candidate of the CAESAR competition. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round ID characteristic by utilizing a miss-in-the-middle-approach. We then present several cryptanalyses based upon the 4.5 rounds distinguisher against round-reduced Deoxys-BC-256 in both single-key and related-key settings. Our contributions include impossible differential attacks on up to 8-rounds Deoxys-BC-256 in the tweak-key model which is, to the best of our knowledge, the first independent investigation of the security of Deoxys-BC-256 in the single-key model. Our attack reaches 9 rounds in the related-key related-tweak model which has a slightly higher data complexity than the best previous results obtained by a rectangle attack presented at FSE 2018 but requires a lower memory complexity with an equal time complexity

New Single-Trace Side-Channel Attacks on a Specific Class of Elgamal Cryptosystem

In 2005, Yen et al. proposed the first $N-1$ attack on the modular exponentiation algorithms such as BRIP and square-and-multiply-always methods. This attack makes use of the ciphertext $N-1$ as a distinguisher of low order to obtain a strong relation between side-channel leakages and secret exponent. The so-called $N-1$ attack is one of the most important order-2 element attacks, as it requires a non-adaptive chosen ciphertext which is considered as a more realistic attack model compared to adaptive chosen ciphertext scenario. To protect the implementation against $N-1$ attack, several literatures propose the simplest solution, i.e. \textquotedblleft block the special message $N-1$ . In this paper, we conduct an in-depth research on the $N-1$ attack based on the square-and-multiply-always (SMA) and Montgomery Ladder (ML) algorithms. We show that despite the unaccepted ciphertext $N-1$ countermeasure, other types of $N-1$ attacks is applicable to specific classes of Elgamal cryptosystems. We propose new chosen-message power-analysis attacks with order-4 elements which utilize a chosen ciphertext $c$ such that $c^2= -1 \bmod p$ where $p$ is the prime number used as a modulus in Elgamal. Such a ciphertext can be found simply when $p\equiv 1\mod 4$. We demonstrate that ML and SMA algorithms are subjected to our new $N-1$-type attack by utilizing a different ciphertext. We implement the proposed attacks on the TARGET Board of the ChipWhisperer CW1173 and our experiments validate the feasibility and effectiveness of the attacks by using only a single power trace