125 research outputs found
Improved Integral Cryptanalysis of FOX Block Cipher
FOX is a new family of block ciphers presented recently, which is
based upon some results on proven security and has high
performances on various platforms. In this paper, we construct
some distinguishers between 3-round FOX and a random permutation
of the blocks space. By using integral attack and
collision-searching techniques, the distinguishers are used to
attack on 4, 5, 6 and 7-round of FOX64, 4 and 5-round FOX128. The
attack is more efficient than previous integral attack on FOX. The
complexity of improved integral attack is on 4-round
FOX128, against 5-round FOX128 respectively. For
FOX64, the complexity of improved integral attack is on
4-round FOX64, against 5-round FOX64,
against 6-round FOX64, against 7-round FOX64
respectively. Therefore, 4-round FOX64/64, 5-round FOX64/128,
6-round FOX64/192, 7-round FOX64/256 and 5-round FOX128/256 are
not immune to the attack in this paper
Fully Secure (Doubly-)Spatial Encryption under Simpler Assumptions
Spatial encryption was first proposed by Boneh and Hamburg in 2008. It is one implementation of the generalized identity-based encryption schemes and many systems with a variety of properties can be derived from it. Recently, Hamburg improved the notion by presenting a variant called doubly-spatial encryption. The doubly spatial encryption is more powerful and expressive. More useful cryptography systems can be builded from it, such as attribute-based encryption, etc. However, most presented spatial encryption schemes are proven to be selectively secure. Only a few spatial encryption schemes achieve adaptive security, but not under standard assumptions. And no fully secure doubly-spatial encryption scheme has been presented before.
In this paper, we primarily focus on the adaptive security of (doubly-)spatial encryption. A spatial encryption scheme and a doubly-spatial encryption scheme have been proposed. Then we apply the dual system methodology proposed by Waters in the security proof. Both of the schemes can be proven adaptively secure under standard assumptions, the decisional linear (DLIN) assumption and the decisional bilinear Diffie-Hellman (DBDH) assumption, over prime order groups in the standard model. To the best of our knowledge, our second scheme is the first fully secure construction of doubly-spatial encryption
NEV: Faster and Smaller NTRU Encryption using Vector Decoding
In this paper, we present NEV -- a faster and smaller NTRU Encryption using Vector decoding, which is provably IND-CPA secure in the standard model under the decisional NTRU and RLWE assumptions over the cyclotomic ring . Our main technique is a novel and non-trivial way to integrate a previously known plaintext encoding and decoding mechanism into the provably IND-CPA secure NTRU variant by Stehl\\u27e and Steinfeld (Eurocrypt 2011).
Unlike the original NTRU encryption and its variants which encode the plaintext into the least significant bits of the coefficients of a message polynomial, we encode each plaintext bit into the most significant bits of multiple coefficients of the message polynomial,
so that we can use a vector of noised coefficients to decode each plaintext bit in decryption,
and significantly reduce the size of with a reasonably negligible decryption failure.
Concretely, we can use to obtain public keys and ciphertexts of 615 bytes with decryption failure at NIST level 1 security, and 1229 bytes with decryption failure at NIST level 5 security. By applying the Fujisaki-Okamoto transformation in a standard way, we obtain an IND-CCA secure KEM from our basic PKE scheme. Compared to NTRU and Kyber in the NIST Round 3 finalists at the same security levels, our KEM is 33-48% more compact and 5.03-29.94X faster than NTRU in the round-trip time of ephemeral key exchange, and is 21% more compact and 1.42-1.74X faster than Kyber.
We also give an optimized encryption scheme NEV\u27 with better noise tolerance (and slightly better efficiency) based on a variant of the RLWE problem, called Subset-Sum Parity RLWE problem, which we show is polynomially equivalent to the standard decisional RLWE problem (with different parameters), and maybe of independent interest
Identity Based Threshold Proxy Signature
Identity-based (ID-based) public key cryptosystem can be a good
alternative for certificate-based public key setting, especially
when efficient key management and moderate security are required.
In a threshold proxy signature scheme, the original signer
delegates the power of signing messages to a designated proxy
group of members. Any or more proxy signers of the group
can cooperatively issue a proxy signature on behalf of the
original signer, but or less proxy signers cannot. In this
paper, we present an ID-based threshold proxy signature scheme
using bilinear pairings. We show the scheme satisfies all security
requirements in the random oracle model. To the best of authors\u27
knowledge, our scheme is the first ID-based threshold proxy
signature scheme
Expressive and Secure Searchable Encryption in the Public Key Setting (Full Version)
Searchable encryption allows an untrusted server to search
on encrypted data without knowing the underlying data contents. Traditional searchable encryption schemes focus only on single keyword or conjunctive keyword search. Several solutions have been recently proposed to design more expressive search criteria, but most of them are in the setting of symmetric key encryption. In this paper, based on the
composite-order groups, we present an expressive and secure asymmetric
searchable encryption (ESASE) scheme, which is the first that simultaneously supports conjunctive, disjunctive and negation search operations. We analyze the efficiency of ESASE and prove it is secure under the standard model. In addition, we show that how ESASE could be extended to support the range search and the multi-user setting
Scanning tunneling microscopy study of the possible topological surface states in BiTeCl
Recently, the non-centrosymmetric bismuth tellurohalides such as BiTeCl are
being studied as possible candidates of topological insulators. While some
photoemission studies showed that BiTeCl is an inversion asymmetric topological
insulator, others showed that it is a normal semiconductor with Rashba
splitting. Meanwhile, first-principle calculationsfailed to confirm the
existence of topological surface states in BiTeCl so far. Therefore, the
topological nature of BiTeCl requires further investigation. Here we report low
temperature scanning tunneling microscopy study on the surface states of BiTeCl
single crystals. On the tellurium-terminated surfaces with low defect density,
strong evidences for topological surface states are found in the quasi-particle
interference patterns generated by the scattering of these states, both in the
anisotropy of the scattering vectors and the fast decay of the interference
near step edges. Meanwhile, on samples with much higher defect densities, we
observed surface states that behave differently. Our results help to resolve
the current controversy on the topological nature of BiTeCl.Comment: 13pages,4figure
On the Correctness of An Approach Against Side-channel attacks
Side-channel attacks are a very powerful cryptanalytic technique. Li and Gu [ProvSec\u2707] proposed an approach against side-channel attacks, which states that a symmetric encryption scheme is IND-secure in side-channel model, if it is IND-secure in black-box model and there is no adversary who can recover the whole key of the scheme computationally in side-channel model, i.e. WKR-SCA ^ IND -> IND-SCA. Our researches show that it is not the case. We analyze notions of security against key recovery attacks and security against distinguishing attacks, and then construct a scheme which is WKR-SCA-secure and IND-secure, but not IND-SCA-secure in the same side-channel environment. Furthermore, even if the scheme is secure again partial key recovery attacks in side-channel model, this approach still does not hold true
How to Choose Interesting Points for Template Attacks?
Template attacks are widely accepted to be the most powerful side-channel attacks from an information theoretic point of view. For template attacks, many papers suggested a guideline for choosing interesting points which is still not proven. The guideline is that one should only choose one point as the interesting point per clock cycle. Up to now, many different methods of choosing interesting points were introduced. However, it is still unclear that which approach will lead to the best classification performance for template attacks. In this paper, we comprehensively evaluate and compare the classification performance of template attacks when using different methods of choosing interesting points. Evaluation results show that the classification performance of template attacks has obvious difference when different methods of choosing interesting points are used. The CPA based method and the SOST based method will lead to the best classification performance. Moreover, we find that some methods of choosing interesting points provide the same results in the same circumstance. Finally, we verify the guideline for choosing interesting points for template attacks is correct by presenting a new way of conducting template attacks
- …