Nothing Special   »   [go: up one dir, main page]
Next Issue
Volume 4, December
Previous Issue
Volume 4, June
You seem to have javascript disabled. Please note that many of the page functionalities won't work as expected without javascript enabled.
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
3.8
1.8
Journals
Cryptography
Volume 4
Issue 3
share announcement

Cryptography, Volume 4, Issue 3 (September 2020) – 7 articles

Cover Story (view full-size image): This paper presents a new parameter set for faster commutative supersingular isogeny Diffie–Hellman (CSIDH). A computation of large odd-degree isogenies, the main obstacle of CSIDH, has been settled to some extent by using a two-torsion point. We hope that this work will be helpful for various discussions on optimization for CSIDH. View this paper
  • Issues are regarded as officially published after their release is announced to the table of contents alert mailing list.
  • You may sign up for e-mail alerts to receive table of contents of newly released issues.
  • PDF is the official format for papers published in both, html and pdf forms. To view the papers in pdf format, click on the "PDF Full-text" link, and use the free Adobe Reader to open them.
Order results
Result details
Section
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
22 pages, 854 KiB  
Article
Practical and Provably Secure Distributed Aggregation: Verifiable Additive Homomorphic Secret Sharing
by Georgia Tsaloli, Gustavo Banegas and Aikaterini Mitrokotsa
Cryptography 2020, 4(3), 25; https://doi.org/10.3390/cryptography4030025 - 21 Sep 2020
Cited by 10 | Viewed by 4314
Abstract
Often clients (e.g., sensors, organizations) need to outsource joint computations that are based on some joint inputs to external untrusted servers. These computations often rely on the aggregation of data collected from multiple clients, while the clients want to guarantee that the results [...] Read more.
Often clients (e.g., sensors, organizations) need to outsource joint computations that are based on some joint inputs to external untrusted servers. These computations often rely on the aggregation of data collected from multiple clients, while the clients want to guarantee that the results are correct and, thus, an output that can be publicly verified is required. However, important security and privacy challenges are raised, since clients may hold sensitive information. In this paper, we propose an approach, called verifiable additive homomorphic secret sharing (VAHSS), to achieve practical and provably secure aggregation of data, while allowing for the clients to protect their secret data and providing public verifiability i.e., everyone should be able to verify the correctness of the computed result. We propose three VAHSS constructions by combining an additive homomorphic secret sharing (HSS) scheme, for computing the sum of the clients’ secret inputs, and three different methods for achieving public verifiability, namely: (i) homomorphic collision-resistant hash functions; (ii) linear homomorphic signatures; as well as (iii) a threshold RSA signature scheme. In all three constructions, we provide a detailed correctness, security, and verifiability analysis and detailed experimental evaluations. Our results demonstrate the efficiency of our proposed constructions, especially from the client side. Full article
(This article belongs to the Special Issue Techniques and Protocols to Preserve and Enhance Privacy)
Show Figures

Figure 1

Figure 1
<p><span class="html-italic">n</span> clients outsourcing the joint addition of their joint inputs to <span class="html-italic">m</span> servers.</p> Full article ">Figure 2
<p>Time for <b>PartialEval</b> and <b>PartialProof</b> in our constructions. (<b>a</b>) Time for <b>PartialEval</b> and <b>PartialProof</b> in VAHSS-HSS. (<b>b</b>) Time for <b>PartialEval</b> and <b>PartialProof</b> in VAHSS-LHS. (<b>c</b>) Time for <b>PartialEval</b> and <b>PartialProof</b> in VAHSS-TSS.</p> Full article ">Figure 3
<p>Time for <b>FinalProof</b> in our constructions. (<b>a</b>) Time for the <b>FinalProof</b> algorithm in VAHSS-HSS. (<b>b</b>) Time for the <b>FinalProof</b> algorithm in VAHSS-LHS. (<b>c</b>) Time for the <b>FinalProof</b> algorithm in VAHSS-TSS.</p> Full article ">Figure 4
<p>Time for running <b>Verify</b> for each of our constructions. (<b>a</b>) Time for the <b>Verify</b> algorithm in VAHSS-HSS. (<b>b</b>) Time for the <b>Verify</b> algorithm in VAHSS-LHS. (<b>c</b>) Time for the <b>Verify</b> algorithm in VAHSS-TSS.</p> Full article ">Figure 5
<p>Bandwidth per serve and per client in bytes using VAHSS-HSS.</p> Full article ">Figure 6
<p>Bandwidth per serve and per client in bytes using VAHSS-LHS.</p> Full article ">Figure 7
<p>Bandwidth required per server and per client in bytes using VAHSS-TSS.</p> Full article ">
16 pages, 984 KiB  
Article
Chaotic Quantum Key Distribution
by Noah Cowper, Harry Shaw and David Thayer
Cryptography 2020, 4(3), 24; https://doi.org/10.3390/cryptography4030024 - 31 Aug 2020
Cited by 4 | Viewed by 3908
Abstract
The ability to send information securely is a vital aspect of today’s society, and with the developments in quantum computing, new ways to communicate have to be researched. We explored a novel application of quantum key distribution (QKD) and synchronized chaos which was [...] Read more.
The ability to send information securely is a vital aspect of today’s society, and with the developments in quantum computing, new ways to communicate have to be researched. We explored a novel application of quantum key distribution (QKD) and synchronized chaos which was utilized to mask a transmitted message. This communication scheme is not hampered by the ability to send single photons and consequently is not vulnerable to number splitting attacks like other QKD schemes that rely on single photon emission. This was shown by an eavesdropper gaining a maximum amount of information on the key during the first setup and listening to the key reconciliation to gain more information. We proved that there is a maximum amount of information an eavesdropper can gain during the communication, and this is insufficient to decode the message. Full article
(This article belongs to the Special Issue Cryptographic Protocols 2022)
Show Figures

Figure 1

Figure 1
<p>Diagram of communication protocol.</p> Full article ">Figure 2
<p>(<b>A</b>) Differences in the y values between systems 1 and 2; (<b>B</b>) differences in the z values between systems 1 and 2.</p> Full article ">Figure 3
<p>(<b>A</b>) Differences in the y values between systems 1 and 2; (<b>B</b>) differences in the z values between systems 1 and 2. From these two graphs it can be seen the solutions tend to converge as <math display="inline"><semantics> <mrow> <mi>t</mi> <mo>→</mo> <mo>∞</mo> </mrow> </semantics></math>.</p> Full article ">Figure 4
<p>Convergence (difference) of the y and z solutions versus the decimal point precision of the drive solution.</p> Full article ">Figure 5
<p>(<b>A</b>) Information read by Bob, (<b>B</b>) information read by Eve, (<b>C</b>) masked message using ordinary QKD.</p> Full article ">Figure 6
<p>Error correction on one block of bits.</p> Full article ">Figure 7
<p>The graph represents the error between Alice and Bob’s key associated with Eve’s measurement as the probability of double-photon emission goes up.</p> Full article ">Figure 8
<p>The error in Eve’s key during the reconciliation protocol as the probability of two-photon emission goes up.</p> Full article ">Figure 9
<p>(<b>A</b>) Differences in the y values between Eve and Alice; (<b>B</b>) differences in the z values between Eve and Alice.</p> Full article ">Figure 10
<p>(<b>A</b>) Message read by Bob after subtraction of his chaotic solution, (<b>B</b>) message read by Eve after subtraction of her chaotic solution, (<b>C</b>) message masked with Alice’s chaotic solutions.</p> Full article ">
18 pages, 3389 KiB  
Article
Hardware Performance Evaluation of Authenticated Encryption SAEAES with Threshold Implementation
by Takeshi Sugawara
Cryptography 2020, 4(3), 23; https://doi.org/10.3390/cryptography4030023 - 9 Aug 2020
Cited by 2 | Viewed by 4386
Abstract
SAEAES is the authenticated encryption algorithm instantiated by combining the SAEB mode of operation with AES, and a candidate of the NIST’s lightweight cryptography competition. Using AES gives the advantage of backward compatibility with the existing accelerators and coprocessors that the industry has [...] Read more.
SAEAES is the authenticated encryption algorithm instantiated by combining the SAEB mode of operation with AES, and a candidate of the NIST’s lightweight cryptography competition. Using AES gives the advantage of backward compatibility with the existing accelerators and coprocessors that the industry has invested in so far. Still, the newer lightweight block cipher (e.g., GIFT) outperforms AES in compact implementation, especially with the side-channel attack countermeasure such as threshold implementation. This paper aims to implement the first threshold implementation of SAEAES and evaluate the cost we are trading with the backward compatibility. We design a new circuit architecture using the column-oriented serialization based on the recent 3-share and uniform threshold implementation (TI) of the AES S-box based on the generalized changing of the guards. Our design uses 18,288 GE with AES’s occupation reaching 97% of the total area. Meanwhile, the circuit area is roughly three times the conventional SAEB-GIFT implementation (6229 GE) because of a large memory size needed for the AES’s non-linear key schedule and the extended states for satisfying uniformity in TI. Full article
(This article belongs to the Special Issue Side Channel and Fault Injection Attacks and Countermeasures)
Show Figures

Figure 1

Figure 1
<p>Diagram of <tt>SAEAES_128_64_128</tt>. <math display="inline"><semantics> <msub> <mi mathvariant="sans-serif">Com</mi> <mi mathvariant="sans-serif">INIT</mi> </msub> </semantics></math>, <math display="inline"><semantics> <msub> <mi mathvariant="sans-serif">Com</mi> <mi mathvariant="sans-serif">E</mi> </msub> </semantics></math>, <math display="inline"><semantics> <msub> <mi mathvariant="sans-serif">Com</mi> <mi mathvariant="sans-serif">N</mi> </msub> </semantics></math>, <math display="inline"><semantics> <msub> <mi mathvariant="sans-serif">Com</mi> <mi mathvariant="sans-serif">D</mi> </msub> </semantics></math>, and <math display="inline"><semantics> <msub> <mi mathvariant="sans-serif">Com</mi> <mi mathvariant="sans-serif">T</mi> </msub> </semantics></math> correspond to the commands supported in our implementation (see <a href="#sec5dot4-cryptography-04-00023" class="html-sec">Section 5.4</a>).</p> Full article ">Figure 2
<p>The changing-of-the-guards sharing (<b>left</b>) and its unshared representation (<b>right</b>).</p> Full article ">Figure 3
<p>3-share and uniform TI of the AES S-box based on the generalized <span class="html-italic">changing of the guards</span> [<a href="#B27-cryptography-04-00023" class="html-bibr">27</a>].</p> Full article ">Figure 4
<p>The row-oriented state and key arrays in the conventional compact AES implementation [<a href="#B23-cryptography-04-00023" class="html-bibr">23</a>].</p> Full article ">Figure 5
<p>The column-oriented state and key arrays. The all registers have an enable signal for controlling their data flow.</p> Full article ">Figure 6
<p>Datapath diagram of our design without threshold implementation (TI). (C1)–(C8) are identifiers used in Table 6.</p> Full article ">Figure 7
<p>The active datapaths in each of the <math display="inline"><semantics> <msub> <mi mathvariant="sans-serif">Com</mi> <mi mathvariant="sans-serif">INIT</mi> </msub> </semantics></math>, <math display="inline"><semantics> <msub> <mi mathvariant="sans-serif">Com</mi> <mi mathvariant="sans-serif">E</mi> </msub> </semantics></math>, <math display="inline"><semantics> <msub> <mi mathvariant="sans-serif">Com</mi> <mi mathvariant="sans-serif">N</mi> </msub> </semantics></math>, <math display="inline"><semantics> <msub> <mi mathvariant="sans-serif">Com</mi> <mi mathvariant="sans-serif">D</mi> </msub> </semantics></math>, and <math display="inline"><semantics> <msub> <mi mathvariant="sans-serif">Com</mi> <mi mathvariant="sans-serif">T</mi> </msub> </semantics></math> command.</p> Full article ">Figure 8
<p>Datapath diagram of our design with TI. (C1)–(C8) are identifiers used in Table 6.</p> Full article ">
10 pages, 709 KiB  
Article
Security Analysis of Lightweight IoT Cipher: Chaskey
by Ashutosh Dhar Dwivedi
Cryptography 2020, 4(3), 22; https://doi.org/10.3390/cryptography4030022 - 5 Aug 2020
Cited by 18 | Viewed by 4988
Abstract
This paper presents the differential cryptanalysis of ARX based cipher Chaskey using tree search based heuristic approach. ARX algorithms are suitable for resource-constrained devices such as IoT and very resistant to standard cryptanalysis such as linear or differential. To make a differential attack, [...] Read more.
This paper presents the differential cryptanalysis of ARX based cipher Chaskey using tree search based heuristic approach. ARX algorithms are suitable for resource-constrained devices such as IoT and very resistant to standard cryptanalysis such as linear or differential. To make a differential attack, it is important to make differential characteristics of the cipher. Finding differential characteristics in ARX is the most challenging task nowadays. Due to the bigger block size, it is infeasible to calculate lookup tables for non-linear components. Transition through the non-linear layer of cipher faces a huge state space problem. The problem of huge state space is a serious research topic in artificial intelligence (AI). The proposed heuristic tool use such methods inspired by Nested Tree-based sampling to find differential paths in ARX cipher and successfully applied to get a state of art results for differential cryptanalysis with a very fast and simpler framework. The algorithm can also be applied in different research areas in cryptanalysis where such huge state space is a problem. Full article
Show Figures

Figure 1

Figure 1
<p>One round of the Chaskey permutation.</p> Full article ">Figure 2
<p>Difference propagation of plaintext pair.</p> Full article ">Figure 3
<p>A differential characteristic over a sequence of rounds.</p> Full article ">Figure 4
<p>4-bit S-box.</p> Full article ">Figure 5
<p>Difference distribution table for 4-bit S-box.</p> Full article ">Figure 6
<p>Transition through modular addition box.</p> Full article ">Figure 7
<p>Nested tree search.</p> Full article ">
19 pages, 398 KiB  
Article
Implementation of a New Strongly-Asymmetric Algorithm and Its Optimization
by Koki Jimbo, Satoshi Iriyama and Massimo Regoli
Cryptography 2020, 4(3), 21; https://doi.org/10.3390/cryptography4030021 - 30 Jul 2020
Cited by 1 | Viewed by 3168
Abstract
A new public key agreement (PKA) algorithm, called the strongly-asymmetric algorithm (SAA-5), was introduced by Accardi et al. The main differences from the usual PKA algorithms are that Bob has some independent public keys and Alice produces her public key by using some [...] Read more.
A new public key agreement (PKA) algorithm, called the strongly-asymmetric algorithm (SAA-5), was introduced by Accardi et al. The main differences from the usual PKA algorithms are that Bob has some independent public keys and Alice produces her public key by using some part of the public keys from Bob. Then, the preparation and calculation processes are essentially asymmetric. This algorithms has several free parameters more than the usual symmetric PKA algorithms and the velocity of calculation is largely dependent on the parameters chosen; however, the performance of it has not yet been tested. The purpose of our study was to discuss efficient parameters to share the key with high speeds in SAA-5 and to optimize SAA-5 in terms of calculation speed. To find efficient parameters of SAA-5, we compared the calculation speed with Diffie–Hellman (D-H) while varying values of some parameters under the circumstance where the length of the secret shared key (SSK) was fixed. For optimization, we discuss a more general framework of SAA-5 to find more efficient operations. By fixing the parameters of the framework properly, a new PKA algorithm with the same security level as SAA-5 was produced. The result shows that the calculation speed of the proposed PKA algorithm is faster than D-H, especially for large key lengths. The calculation speed of the proposed PKA algorithm increases linearly as the SSK length increases, whereas D-H increases exponentially. Full article
(This article belongs to the Special Issue Cryptographic Protocols 2022)
Show Figures

Figure 1

Figure 1
<p>Changing time to compute a fixed-length key when <span class="html-italic">d</span> is a variable.</p> Full article ">Figure 2
<p>Comparison of the time to generate SSK.</p> Full article ">Figure 3
<p>Calculation speed for each SSK Length with strongly-asymmetric algorithm (SAA-5) while <math display="inline"><semantics> <mrow> <mi>d</mi> <mo>=</mo> <mn>10</mn> </mrow> </semantics></math> and <math display="inline"><semantics> <mrow> <mo>|</mo> <mi>I</mi> <mo>|</mo> <mo>=</mo> <mn>10</mn> </mrow> </semantics></math>.</p> Full article ">Figure 4
<p>Comparison of the generation time of the SSK with SAA-5.</p> Full article ">
13 pages, 379 KiB  
Article
Optimized CSIDH Implementation Using a 2-Torsion Point
by Donghoe Heo, Suhri Kim, Kisoon Yoon, Young-Ho Park and Seokhie Hong
Cryptography 2020, 4(3), 20; https://doi.org/10.3390/cryptography4030020 - 29 Jul 2020
Cited by 3 | Viewed by 3322
Abstract
The implementation of isogeny-based cryptography mainly use Montgomery curves, as they offer fast elliptic curve arithmetic and isogeny computation. However, although Montgomery curves have efficient 3- and 4-isogeny formula, it becomes inefficient when recovering the coefficient of the image curve for large degree [...] Read more.
The implementation of isogeny-based cryptography mainly use Montgomery curves, as they offer fast elliptic curve arithmetic and isogeny computation. However, although Montgomery curves have efficient 3- and 4-isogeny formula, it becomes inefficient when recovering the coefficient of the image curve for large degree isogenies. Because the Commutative Supersingular Isogeny Diffie-Hellman (CSIDH) requires odd-degree isogenies up to at least 587, this inefficiency is the main bottleneck of using a Montgomery curve for CSIDH. In this paper, we present a new optimization method for faster CSIDH protocols entirely on Montgomery curves. To this end, we present a new parameter for CSIDH, in which the three rational two-torsion points exist. By using the proposed parameters, the CSIDH moves around the surface. The curve coefficient of the image curve can be recovered by a two-torsion point. We also proved that the CSIDH while using the proposed parameter guarantees a free and transitive group action. Additionally, we present the implementation result using our method. We demonstrated that our method is 6.4% faster than the original CSIDH. Our works show that quite higher performance of CSIDH is achieved while only using Montgomery curves. Full article
(This article belongs to the Special Issue Post-Quantum Cryptography: From Theoretical Foundations to Practical Deployments)
24 pages, 5043 KiB  
Article
Tamper and Clone-Resistant Authentication Scheme for Medical Image Systems
by Mayssa Tayachi, Saleh Mulhem, Wael Adi, Laurent Nana, Anca Pascu and Faouzi Benzarti
Cryptography 2020, 4(3), 19; https://doi.org/10.3390/cryptography4030019 - 6 Jul 2020
Cited by 2 | Viewed by 4448
Abstract
Telemedicine applications are more and more used due to the rapid development of digital imaging and information and communication technologies. Medical information which include digital medical images and patient’s information are extracted and transmitted over insecure networks for clinical diagnosis and treatments. Digital [...] Read more.
Telemedicine applications are more and more used due to the rapid development of digital imaging and information and communication technologies. Medical information which include digital medical images and patient’s information are extracted and transmitted over insecure networks for clinical diagnosis and treatments. Digital watermarking is one of the main approaches used to ensure the security of medical images. Nevertheless, in some cases, the only use of digital watermarking is not sufficient to reach a high level of security. Indeed, the watermark could carry essential patient information and needs to be protected. In such cases, cryptography may be used to protect the watermark and to improve the overall secured management in the medical environment. In this paper, we propose a clone-resistant watermarking approach combining a difference expansion watermarking technique with a cryptographic technique based on secret keys generated by a clone-resistant device called Secret Unknown Ciphers (SUCs). The use of SUCs to sign the watermark enforces the security of medical images during their transfer and storage. Experimental results show that the system provides a high level of security against various forms of attacks. Full article
Show Figures

Figure 1

Figure 1
<p>Two state of the art proposals of secure medical image transmission systems.</p> Full article ">Figure 2
<p>Medical image system deploying the physical unclonable function (PUF) together with an encryption algorithm and RSA system. Adapted from [<a href="#B6-cryptography-04-00019" class="html-bibr">6</a>].</p> Full article ">Figure 3
<p>Possible secret unknown cipher (SUC) generation scenario. Adapted from [<a href="#B32-cryptography-04-00019" class="html-bibr">32</a>].</p> Full article ">Figure 4
<p>Mutating an SUC into a system-on-chip (SoC) [<a href="#B32-cryptography-04-00019" class="html-bibr">32</a>].</p> Full article ">Figure 5
<p>SUC-based generic identification protocol. Adapted from [<a href="#B32-cryptography-04-00019" class="html-bibr">32</a>].</p> Full article ">Figure 6
<p>The proposed concept of making medical images clone-resistant by embedding the SUC technique.</p> Full article ">Figure 7
<p>A proposed system operation scenario.</p> Full article ">Figure 8
<p>An example of a patient’s record in the database (DB).</p> Full article ">Figure 9
<p>Clone-resistant watermark generation and embedding process.</p> Full article ">Figure 10
<p>Watermark extraction process.</p> Full article ">Figure 11
<p>Medical device-server authentication protocol for secured logging of a medical image transaction and image verification.</p> Full article ">Figure 12
<p>User-server authentication protocol for exchanging registered medical images.</p> Full article ">Figure 13
<p>Original images and corresponding watermarks examples.</p> Full article ">Figure 14
<p>DICOM images used in experiments.</p> Full article ">Figure 15
<p>Hands image and generated watermark used in experiments.</p> Full article ">Figure 16
<p>An example of the original image, corresponding generated and signed watermarks, and the resulting watermarked image.</p> Full article ">
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-7
Previous Issue
Next Issue
Back to TopTop