On the (im)possibility of ElGamal blind signatures

In the current paper we investigate the possibility of designing secure blind signature scheme based on ElGamal signature equation. We define the generalized construction and analyze its security. We consider two types of schemes with the proposed construction, that cover all existing schemes. For schemes of the first type we provide generic ROS-style attack that violates unforgeability in the parallel setting. For schemes of the second type we prove that they do not provide either blindness, or unforgeability. As the result, we prove that all known ElGamal blind signature schemes are not secure. Moreover, these results show that the existence of secure ElGamal blind signature scheme is potentially possible only for small set of signature equations and requires the non-standard way of generating the first component of the signature

On methods of shortening ElGamal-type signatures

Development of signature schemes providing short signatures is a quite relevant non-trivial challenge for cryptographers. Since the late 1980’s many short signature schemes have been proposed. The most perspective schemes are multivariate schemes and schemes based on Weil pairing. Unfortunately, the cryptographic tools used in these schemes are still not supported by most cryptographic software that complicates their effortless use in practice. In the current paper we investigate the opportunity of shortening the standard ElGamal-type signatures. We propose three methods of shortening signatures (for any ElGamal-type schemes such as ECDSA, GOST and SM2) and analyze how applying these methods affects the security. Applying all three methods to the GOST signature scheme with elliptic curve subgroup order $q$, $2^{255} < q < 2^{256}$, can reduce the signature size from $512$ to $320$ bits. The modified scheme provides sufficient security and acceptable (for non-interactive protocols) signing and verifying time

Consideration of soil strata heterogeneity influence on differential foundation settlements of overpasses for high-speed railways

The implementation of projects for the construction of high-speed railways actualizes the search of effective approaches to accounting the influence of soil strata heterogeneity along the course of the track on differential foundation settlements of overpasses. Russian special technical conditions prescribe sufficiently stringent regulation limits of absolute values of overpasses' foundation soil settlements (20 mm for ballastless track) and angles of break in profile (the differential foundation soil settlement), which should not exceed 1 ‰ for ballastless track. These requirements make it necessary to develop the calculation method, which is based on the criterion of deformation. To ensure compliance of design solutions to the specified regulations it is appropriate to use the method of the predefined equated soil settlements for design of shallow foundations of overpasses for high-speed railways. Several features of application of this method are presented in this article

Security bound for CTR-ACPKM internally re-keyed encryption mode

In 2018 the CTR-ACPKM internally re-keyed block cipher mode was adopted in Russian Standardization System and must pass through the last formal standardization stages in IETF. The main distinctive feature of this mode is that during each message processing, the key, used for data blocks transformation, is periodically changed. In the current paper we obtained the security bound for this mode in the standard IND-CPNA security model

sMGM: parameterizable AEAD-mode

The paper introduces a new AEAD-mode called sMGM (strong Multilinear Galois Mode). The proposed construction can be treated as an extension of the Russian standardized MGM mode and its modification MGM2 mode presented at the CTCrypt\u2721 conference. The distinctive feature of the new mode is that it provides an interface allowing one to choose specific security properties required for a certain application case. Namely, the mode has additional parameters allowing to switch on/off misuse-resistance or re-keying mechanisms. The sMGM mode consists of two main building blocks that are a CTR-style gamma generation function with incorporated re-keying and a multilinear function that lies in the core of the original MGM mode. Different ways of using these functions lead to achieving different sets of security properties. Such an approach to constructing parameterizable AEAD-mode allows for reducing the code size which can be crucial for constrained devices. We provide security bounds for the proposed mode. We focus on proving the misuse-resistance of the sMGM mode, since the standard security properties were already analyzed during the development of the original MGM and MGM2 modes

Misuse-resistant MGM2 mode

We introduce a modification of the Russian standardized AEAD MGM mode — an MGM2 mode, for which a nonce is not encrypted anymore before using it as an initial counter value. For the new mode we provide security bounds regarding security notions in the nonce-misuse setting (MRAE-integrity and CPA-resilience). The obtained bounds are even better than the bounds obtained for the original MGM mode regarding standard security notions

Two-party GOST in two parts: fruitless search and fruitful synthesis

oai:eprint.iacr.org:2024/089In the current paper we investigate the possibility of designing secure two-party signature scheme with the same verification algorithm as in the Russian standardized scheme (GOST scheme). We solve this problem in two parts. The first part is a (fruitless) search for an appropriate scheme in the literature. It turned out that all existing schemes are insecure in the strong security models. The second part is a synthesis of new signature scheme and ends fruitfully. We synthesize a new two-party GOST signature scheme, additionally using the commitment scheme, guided by the features of the GOST signature scheme, as well as the known attacks on existing schemes. We prove that this scheme is secure in a bijective random oracle model in the case when one of the parties is malicious under the assumption that the classical GOST scheme is unforgeable in a bijective random oracle model and the commitment scheme is modelled as a random oracle

On the Security of One Password Authenticated Key Exchange Protocol

In this paper the Security Evaluated Standardized Password Authenticated Key Exchange (SESPAKE) protocol is proposed (this protocol is approved in the standardization system of the Russian Federation) and its cryptographic properties are analyzed. The SESPAKE protocol includes a key agreement step and a key authentication step. We define new indistinguishability-based adversary model with a threat of false authentication that is an extension of the original indistinguishability-based model up to the case of protocols with authentication step without key diversification. We prove the protocol security under two types of threats: a classic threat of distinguishing a generated session key from a random string and a threat of false authentication. This protocol is the first password authenticated key exchange protocol (PAKE) protocol without key diversification for a full version of which a security proof has been obtained. The paper also contains a brief review of the known results dedicated to analysis of cryptographic properties of PAKE protocols

On the properties of the CTR encryption mode of the Magma and Kuznyechik block ciphers with re-keying method based on CryptoPro Key Meshing

This paper presents a security bound in the standard security model for the Magma cipher CTR encryption mode and the «CryptoPro Key Meshing» (CPKM) re-keying method that was previously used with the GOST 28147-89 cipher. We enumerate the main requirements that should be followed during the development of re-keying methods, then we propose a modified method and justify its advantages over CPKM. We also obtain certain results about the operational features of the Kuznyechik cipher CTR encryption mode with several re-keying methods

The introduction of resource-saving technology in water treatment plants

The purpose of a technological research is the development of a technology that would allow eliminating the discharge of untreated washing water from a water station in Omsk into the Irtysh, with their repeated use. The paper presents the results of a technological research, which made it possible to determine the optimal technology option for reuse of wash water filters. The studies were carried out by the trial coagulation method, introducing a different amount of contaminated wash water from 10 to 30% into the initial river water and the reagents used in the waterworks. When the combined purification of river and untreated washing water, the turbidity in the settling process decreases to 4.35 mg / l. The efficiency of purification increases with an increase in the amount of raw washing water also increases up to 30%. The technological solutions adopted on the basis of the conducted studies formed the basis for the design documentation for the facilities aimed at developing the re-use of wash water from the Omsk waterworks. The facilities have been built and are being successfully operated now. The proposed solutions made it possible to reduce the intake of water from the source by 10-16.5% and to eliminate the discharge of the contaminated wastewater from the station into the river of Irtysh up to a volume of 51 thousand m3/day