Authors:Timothy Dee, Ian Richardson, Akhilesh Tyagi First page: 14 Abstract: Mobile banking, shopping, and in-app purchases utilize persistent authentication states for access to sensitive data. One-shot authentication permits access for a fixed time period. For instance, a username/password-based authentication allows a user access to all the shopping and payments data in the Amazon shopping app. Traditional user passwords and lock screens are easily compromised. Snooping attacks—observing an unsuspecting user entering passwords—and smudge attacks—examining touchscreen finger oil residue—enable compromised user authentication. Mobile device interactions provide robust human and device identity data. Such biometrics enhance authentication. In this paper, behavioral attributes during user input constitute the password. Adversary password reproduction difficulty increases since pure observation is insufficient. Current mobile continuous authentication schemes use, among others, touchscreen–swipe interactions or keyboard input timing. Many of these methods require cumbersome training or intrusive authentication. Software keyboard interactions provide a consistent biometric data stream. We develop biometric profiles using touch pressure, location, and timing. New interactions authenticate against a profile using a divergence measure. In our limited user–device data sets, the classification achieves virtually perfect accuracy. Citation: Cryptography PubDate: 2022-03-23 DOI: 10.3390/cryptography6020014 Issue No:Vol. 6, No. 2 (2022)
Authors:Brian Goncalves, Atefeh Mashatan First page: 15 Abstract: The development of increasingly sophisticated quantum computers poses a long-term threat to current cryptographic infrastructure. This has spurred research into both quantum-resistant algorithms and how to safely transition real-world implementations and protocols to quantum-resistant replacements. This transition is likely to be a gradual process due to both the complexity and cost associated with transitioning. One method to ease the transition is the use of classical–quantum hybrid schemes, which provide security against both classical and quantum adversaries. We present a new combiner for creating hybrid encryption schemes directly from traditional encryption schemes. Our construction is the only existing proposal in the literature with IND-CCA-security in the classical and quantum random oracle models, respectively. Citation: Cryptography PubDate: 2022-03-29 DOI: 10.3390/cryptography6020015 Issue No:Vol. 6, No. 2 (2022)
Authors:Haogang Feng, Gaoze Mu, Shida Zhong, Peichang Zhang, Tao Yuan First page: 16 Abstract: In the 5G intelligent edge scenario, more and more accelerator-based single-board computers (SBCs) with low power consumption and high performance are being used as edge devices to run the inferencing part of the artificial intelligence (AI) model to deploy intelligent applications. In this paper, we investigate the inference workflow and performance of the You Only Look Once (YOLO) network, which is the most popular object detection model, in three different accelerator-based SBCs, which are NVIDIA Jetson Nano, NVIDIA Jetson Xavier NX and Raspberry Pi 4B (RPi) with Intel Neural Compute Stick2 (NCS2). Different video contents with different input resize windows are detected and benchmarked by using four different versions of the YOLO model across the above three SBCs. By comparing the inference performance of the three SBCs, the performance of RPi + NCS2 is more friendly to lightweight models. For example, the FPS of detected videos from RPi + NCS2 running YOLOv3-tiny is 7.6 times higher than that of YOLOv3. However, in terms of detection accuracy, we found that in the process of realizing edge intelligence, how to better adapt a AI model to run on RPi + NCS2 is much more complex than the process of Jetson devices. The analysis results indicate that Jetson Nano is a trade-off SBCs in terms of performance and cost; it achieves up to 15 FPSs of detected videos when running YOLOv4-tiny, and this result can be further increased by using TensorRT. Citation: Cryptography PubDate: 2022-04-01 DOI: 10.3390/cryptography6020016 Issue No:Vol. 6, No. 2 (2022)
Authors:Antonios Patergianakis, Konstantinos Limniotis First page: 17 Abstract: Stylometry is a well-known field, aiming to identify the author of a text, based only on the way she/he writes. Despite its obvious advantages in several areas, such as in historical research or for copyright purposes, it may also yield privacy and personal data protection issues if it is used in specific contexts, without the users being aware of it. It is, therefore, of importance to assess the potential use of stylometry methods, as well as the implications of their use for online privacy protection. This paper aims to present, through relevant experiments, the possibility of the automated identification of a person using stylometry. The ultimate goal is to analyse the risks regarding privacy and personal data protection stemming from the use of stylometric techniques to evaluate the effectiveness of a specific stylometric identification system, as well as to examine whether proper anonymisation techniques can be applied so as to ensure that the identity of an author of a text (e.g., a user in an anonymous social network) remains hidden, even if stylometric methods are to be applied for possible re-identification. Citation: Cryptography PubDate: 2022-04-07 DOI: 10.3390/cryptography6020017 Issue No:Vol. 6, No. 2 (2022)
Authors:Keerthi Nelaturu, Han Du, Duc-Phong Le First page: 18 Abstract: The primary purpose of this paper is to bridge the technology gap between Blockchain and Fintech applications. Blockchain technology is already being explored in a wide number of Fintech sectors. After creating a unique taxonomy for Fintech ecosystems, this paper outlines a number of implementation scenarios. For each of the industries in which blockchain is already in use and has established itself as a complementary technology to traditional systems, we give a taxonomy of use cases. In this procedure, we cover both public and private blockchains. Because it is still believed to be in its infancy, especially when it comes to financial use cases, blockchain has both positive and negative aspects. As a result, it is critical to be aware of all of the open research issues in this field. Our goal is to compile a list of open research challenges related to various aspects of the blockchain’s protocol and application layers. Finally, we will provide a clear understanding of the applications for which blockchain can be valuable, as well as the risks associated with its use in parallel. Citation: Cryptography PubDate: 2022-04-19 DOI: 10.3390/cryptography6020018 Issue No:Vol. 6, No. 2 (2022)
Authors:Ezinam Bertrand Talaki, Olivier Savry, Mathieu Bouvier Des Noes, David Hely First page: 19 Abstract: In the vulnerability analysis of System on Chips, memory hierarchy is considered among the most valuable element to protect against information theft. Many first-order side-channel attacks have been reported on all its components from the main memory to the CPU registers. In this context, memory hierarchy encryption is widely used to ensure data confidentiality. Yet, this solution suffers from both memory and area overhead along with performance losses (timing delays), which is especially critical for cache memories that already occupy a large part of the spatial footprint of a processor. In this paper, we propose a secure and lightweight scheme to ensure the data confidentiality through the whole memory hierarchy. This is done by masking the data in cache memories with a lightweight mask generator that provides masks at each clock cycle without having to store them. Only 8-bit Initialization Vectors are stored for each mask value to enable further recomputation of the masks. The overall security of the masking scheme is assessed through a mutual information estimation that helped evaluate the minimum number of attack traces needed to succeed a profiling side-channel attack to 592 K traces in the attacking phase, which provides an acceptable security level in an analysis where an example of Signal to Noise Ratio of 0.02 is taken. The lightweight aspect of the generator has been confirmed by a hardware implementation that led to resource utilization of 400 LUTs. Citation: Cryptography PubDate: 2022-04-20 DOI: 10.3390/cryptography6020019 Issue No:Vol. 6, No. 2 (2022)
Authors:Maharage Nisansala Sevwandi Perera, Toru Nakamura, Masayuki Hashimoto, Hiroyuki Yokoyama, Chen-Mou Cheng, Kouichi Sakurai First page: 20 Abstract: Vehicular Ad-hoc NETworks (VANETs), a special kind of Mobile Ad-hoc NETworks (MANETs), play an important role in Intelligent Transportation Systems (ITS). Via wireless technology, vehicles exchange information related to road conditions and their status, and, thereby, VANETs enhance transportation safety and efficiency. A critical aspect of VANETs is providing privacy for the vehicles. The employment of pseudonym certificates is a well-known solution to the privacy problems in VANETs. However, certificate management faces challenges in renewing certificates and revoking vehicles. The centralized certificate management, especially resulting in the delay of the revocation process, harms the nodes of VANETs. This paper proposes a blockchain structure-based certificate management for VANETs and voting-based revocation to halt misbehaving vehicles’ actions. Moreover, this paper presents extended privacy for the participants of the voting process using ring signatures. Citation: Cryptography PubDate: 2022-04-25 DOI: 10.3390/cryptography6020020 Issue No:Vol. 6, No. 2 (2022)
Authors:Sara D. Cardell, Verónica Requena, Amparo Fúster-Sabater First page: 21 Abstract: Binary PN-sequences generated by LFSRs exhibit good statistical properties; however, due to their intrinsic linearity, they are not suitable for cryptographic applications. In order to break such a linearity, several approaches can be implemented. For example, one can interleave several PN-sequences to increase the linear complexity. In this work, we present a deep randomness study of the resultant sequences of interleaving binary PN-sequences coming from different characteristic polynomials with the same degree. We analyze the period and the linear complexity, as well as many other important cryptographic properties of such sequences. Citation: Cryptography PubDate: 2022-04-26 DOI: 10.3390/cryptography6020021 Issue No:Vol. 6, No. 2 (2022)
Authors:Abhrajit Sengupta, Mohammed Nabeel, Mohammed Ashraf, Johann Knechtel, Ozgur Sinanoglu First page: 22 Abstract: Split manufacturing was introduced as a countermeasure against hardware-level security threats such as IP piracy, overbuilding, and insertion of hardware Trojans. However, the security promise of split manufacturing has been challenged by various attacks which exploit the well-known working principles of design tools to infer the missing back-end-of-line (BEOL) interconnects. In this work, we define the security of split manufacturing formally and provide the associated proof, and we advocate accordingly for a novel, formally secure paradigm. Inspired by the notion of logic locking, we protect the front-end-of-line (FEOL) layout by embedding secret keys which are implemented through the BEOL in such a way that they become indecipherable to foundry-based attacks. At the same time, our technique is competitive with prior art in terms of layout overhead, especially for large-scale designs (ITC’99 benchmarks). Furthermore, another concern for split manufacturing is its practicality (despite successful prototyping). Therefore, we promote an alternative implementation strategy, based on package-level routing, which enables formally secure IP protection without splitting at all, and thus, without the need for a dedicated BEOL facility. We refer to this as “poor man’s split manufacturing” and we study the practicality of this approach by means of physical-design exploration. Citation: Cryptography PubDate: 2022-05-05 DOI: 10.3390/cryptography6020022 Issue No:Vol. 6, No. 2 (2022)
Authors:Linir Zamir, Mehrdad Nojoumian First page: 23 Abstract: Consensus algorithms are the building block of any decentralized network where the risk of malicious users is high. These algorithms are required to be robust, scalable, and secure in order to operate properly. Localized state-change consensus (LSC) is a consensus algorithm that is specifically designed to handle state-change consensus, where the state value of given data points can dynamically change and the new value needs to be reflected in the system. LSC utilizes a trust measurement mechanism to validate messages and also enforce cooperation among users. Consensus algorithms, and specifically LSC, can be a practical solution for the immutable and secured communication of autonomous systems with limited computational resources. Indeed, distributed autonomous systems are growing rapidly and the integrity of their communication protocols for coordination and planning is still vulnerable because several units are required to act independently and securely. Therefore, this paper proposes a new localized consensus algorithm for immense and highly dynamic environments with validations through reputation values. The proposed solution can be considered as an efficient and practical consensus solution for any paradigms with resource-constrained devices where a regular encrypted communication method can negatively affect the system performance. Citation: Cryptography PubDate: 2022-05-06 DOI: 10.3390/cryptography6020023 Issue No:Vol. 6, No. 2 (2022)
Authors:Mohammad Almseidin, Mouhammad Alkasassbeh, Maen Alzubi, Jamil Al-Sawwa First page: 24 Abstract: This paper introduces a novel detection method for phishing website attacks while avoiding the issues associated with the deficiencies of the knowledge-based representation and the binary decision. The suggested detection method was performed using Fuzzy Rule Interpolation (FRI). The FRI reasoning methods added the benefit of enhancing the robustness of fuzzy systems and effectively reducing the system’s complexity. These benefits help the Intrusion Detection System (IDS) to generate more realistic and comprehensive alerts in case of phishing attacks. The proposed method was applied to an open-source benchmark phishing website dataset. The results show that the proposed detection method obtained a 97.58% detection rate and effectively reduced the false alerts. Moreover, it effectively smooths the boundary between normal and phishing attack traffic because of its fuzzy nature. It has the ability to generate the required security alert in case of deficiencies in the knowledge-based representation. In addition, the results obtained from the proposed detection method were compared with other literature results. The results showed that the accuracy rate of this work is competitive with other methods. In addition, the proposed detection method can generate the required anti-phishing alerts even if one of the anti-phishing sparse rules does not cover some input parameters (observations). Citation: Cryptography PubDate: 2022-05-07 DOI: 10.3390/cryptography6020024 Issue No:Vol. 6, No. 2 (2022)
Authors:Binh Kieu-Do-Nguyen, Cuong Pham-Quoc, Ngoc-Thinh Tran, Cong-Kha Pham, Trong-Thuc Hoang First page: 25 Abstract: In cryptography, elliptic curve cryptography (ECC) is considered an efficient and secure method to implement digital signature algorithms (DSAs). ECC plays an essential role in many security applications, such as transport layer security (TLS), internet protocol security (IPsec), and wireless sensor networks (WSNs). The proposed designs of ECC hardware implementation only focus on a single ECC variant and use many resources. These proposals cannot be used for resource-constrained applications or for the devices that need to provide multiple levels of security. This work provides a multi-functional elliptic curve digital signature algorithm (ECDSA) and Edwards-curve digital signature algorithm (EdDSA) hardware implementation. The core can run multiple ECDSA/EdDSA algorithms in a single design. The design consumes fewer resources than the other single-functional design, and is not based on digital signal processors (DSP). The experiments show that the proposed core could run up to 112.2 megahertz with Virtex-7 devices while consuming only 10,259 slices in total. Citation: Cryptography PubDate: 2022-05-10 DOI: 10.3390/cryptography6020025 Issue No:Vol. 6, No. 2 (2022)
Authors:Alessandro Barenghi, Gioele Falcetti, Gerardo Pelosi First page: 26 Abstract: Side channel attacks provide an effective way to extract secret information from the execution of cryptographic algorithms run on a variety of computing devices. One of the crucial steps for a side channel attack to succeed is the capability to locate the time instant in which the cryptographic primitive being attacked is effectively leaking information on the side channel itself, and synchronize the data obtained from the measurements on that instant. In this work, we propose an efficient and effective solution relying on the digital signal processing technique known as matched filters. We derive our matched filter with a small amount of profiling information which can be obtained from a device matching the one under attack. Our technique reliably identifies the cryptographic operation being computed, even when system interrupts or software multithreading are enabled on our target platform. We validate our approach through a successful attack against an unprotected AES implementation running on a Cortex-M4-based microcontroller. Citation: Cryptography PubDate: 2022-05-30 DOI: 10.3390/cryptography6020026 Issue No:Vol. 6, No. 2 (2022)
Authors:Bartosz Drzazga, Łukasz Krzywiecki First page: 27 Abstract: Public-key cryptography provides security for digital systems and communication. Traditional cryptographic solutions are constantly improved, e.g., to suppress brute-force attacks. However, Shor’s algorithm suited for quantum computers can break the bedrock of most currently used systems, i.e., the RSA problem and discrete logarithm problem. Post-quantum cryptography can withstand attacks carried out by quantum computers. Several families of post-quantum systems exist; one of them is isogeny-based cryptography. As a main contribution, in this paper, we provide a survey of chosen, fundamental isogeny-based schemes. The target audience of this review is researchers interested in practical aspects of this field of cryptography; therefore the survey contains exemplary implementations. Our goal was not to develop an efficient implementation, but to provide materials that make it easier to analyze isogeny-based cryptography. Citation: Cryptography PubDate: 2022-05-31 DOI: 10.3390/cryptography6020027 Issue No:Vol. 6, No. 2 (2022)
Authors:Dina Ibrahim, Kareem Ahmed, Mohamed Abdallah, AbdElmgeid A. Ali First page: 28 Abstract: Due to great interest in the secure storage and transmission of color images, the necessity for an efficient and robust RGB image encryption technique has grown. RGB image encryption ensures the confidentiality of color images during storage and transmission. In the literature, a large number of chaotic-based image encryption techniques have been proposed, but there is still a need for a robust, efficient and secure technique against different kinds of attacks. In this paper, a novel RGB image encryption technique is proposed for encrypting individual pixels of RGB images using chaotic systems and 16 rounds of DNA encoding, transpositions and substitutions. First, round keys are generated randomly using a logistic chaotic function. Then, these keys are used across different rounds to alter individual pixels using a nonlinear randomly generated 16×16 DNA Playfair matrix. Experimental results show the robustness of the proposed technique against most attacks while reducing the consumed time for encryption and decryption. The quantitative metrics show the ability of the proposed technique to maintain reference evaluation values while resisting statistical and differential attacks. The obtained horizontal, vertical and diagonal correlation is less than 0.01, and the NPCR and UACI are larger than 0.99 and 0.33, respectively. Finally, NIST analysis is presented to evaluate the randomness of the proposed technique. Citation: Cryptography PubDate: 2022-06-08 DOI: 10.3390/cryptography6020028 Issue No:Vol. 6, No. 2 (2022)
Authors:Damiano Azzolini, Fabrizio Riguzzi First page: 29 Abstract: The Lightning Network (LN) has emerged as one of the prominent solutions to overcome the biggest limit of blockchain based on PoW: scalability. LN allows for creating a layer on top of an existing blockchain where users can send payments and micro-payments without waiting long confirmation times. One of the key features of LN is that payments can also be sent towards nodes that are not directly connected. From the routing perspective, the balance of an edge that connects two nodes is known, but the distribution between the two involved ends is unknown. Thus, the process of sending payments is based on a trial and error approach, and the routing can be considered probabilistic. Probabilistic Logic Programming (PLP) is a powerful formalism that allows the representation of complex relational domains characterized by uncertainty. In this paper, we study the problem of reasoning about the existence of a path between two nodes that can route a payment of a given size leveraging multiple models based on PLP. We adopt some recently proposed extensions of PLP and develop several models that can be adapted to represent multiple scenarios. Citation: Cryptography PubDate: 2022-06-15 DOI: 10.3390/cryptography6020029 Issue No:Vol. 6, No. 2 (2022)
Authors:Ronaldo Serrano, Ckristian Duran, Marco Sarmiento, Cong-Kha Pham, Trong-Thuc Hoang First page: 30 Abstract: Transport Layer Security (TLS) provides a secure channel for end-to-end communications in computer networks. The ChaCha20–Poly1305 cipher suite is introduced in TLS 1.3, mitigating the sidechannel attacks in the cipher suites based on the Advanced Encryption Standard (AES). However, the few implementations cannot provide sufficient speed compared to other encryption standards with Authenticated Encryption with Associated Data (AEAD). This paper shows ChaCha20 and Poly1305 primitives. In addition, a compatible ChaCha20–Poly1305 AEAD with TLS 1.3 is implemented with a fault detector to reduce the problems in fragmented blocks. The AEAD implementation reaches 1.4-cycles-per-byte in a standalone core. Additionally, the system implementation presents 11.56-cycles-per-byte in an RISC-V environment using a TileLink bus. The implementation in Xilinx Virtex-7 XC7VX485T Field-Programmable Gate-Array (FPGA) denotes 10,808 Look-Up Tables (LUT) and 3731 Flip-Flops (FFs), represented in 23% and 48% of ChaCha20 and Poly1305, respectively. Finally, the hardware implementation of ChaCha20–Poly1305 AEAD demonstrates the viability of using a different option from the conventional cipher suite based on AES for TLS 1.3. Citation: Cryptography PubDate: 2022-06-17 DOI: 10.3390/cryptography6020030 Issue No:Vol. 6, No. 2 (2022)
Authors:Alfonso Labao, Henry Adorna First page: 2 Abstract: In recent years, several new notions of security have begun receiving consideration for public-key cryptosystems, beyond the standard of security against adaptive chosen ciphertext attack (CCA2). Among these are security against randomness reset attacks, in which the randomness used in encryption is forcibly set to some previous value, and against constant secret-key leakage attacks, wherein the constant factor of a secret key’s bits is leaked. In terms of formal security definitions, cast as attack games between a challenger and an adversary, a joint combination of these attacks means that the adversary has access to additional encryption queries under a randomness of his own choosing along with secret-key leakage queries. This implies that both the encryption and decryption processes of a cryptosystem are being tampered under this security notion. In this paper, we attempt to address this problem of a joint combination of randomness and secret-key leakage attacks through two cryptosystems that incorporate hash proof system and randomness extractor primitives. The first cryptosystem relies on the random oracle model and is secure against a class of adversaries, called non-reversing adversaries. We remove the random oracle oracle assumption and the non-reversing adversary requirement in our second cryptosystem, which is a standard model that relies on a proposed primitive called LM lossy functions. These functions allow up to M lossy branches in the collection to substantially lose information, allowing the cryptosystem to use this loss of information for several encryption and challenge queries. For each cryptosystem, we present detailed security proofs using the game-hopping procedure. In addition, we present a concrete instantation of LM lossy functions in the end of the paper—which relies on the DDH assumption. Citation: Cryptography PubDate: 2022-01-04 DOI: 10.3390/cryptography6010002 Issue No:Vol. 6, No. 1 (2022)
Authors:Maharage Nisansala Sevwandi Perera, Toru Nakamura, Masayuki Hashimoto, Hiroyuki Yokoyama, Chen-Mou Cheng, Kouichi Sakurai First page: 3 Abstract: This survey reviews the two most prominent group-oriented anonymous signature schemes and analyzes the existing approaches for their problem: balancing anonymity against traceability. Group signatures and ring signatures are the two leading competitive signature schemes with a rich body of research. Both group and ring signatures enable user anonymity with group settings. Any group user can produce a signature while hiding his identity in a group. Although group signatures have predefined group settings, ring signatures allow users to form ad-hoc groups. Preserving user identities provided an advantage for group and ring signatures. Thus, presently many applications utilize them. However, standard group signatures enable an authority to freely revoke signers’ anonymity. Thus, the authority might weaken the anonymity of innocent users. On the other hand, traditional ring signatures maintain permanent user anonymity, allowing space for malicious user activities; thus achieving the requirements of privacy-preserved traceability in group signatures and controlled anonymity in ring signatures has become desirable. This paper reviews group and ring signatures and explores the existing approaches that address the identification of malicious user activities. We selected many papers that discuss balancing user tracing and anonymity in group and ring signatures. Since this paper scrutinizes both signatures from their basic idea to obstacles including tracing users, it provides readers a broad synthesis of information about two signature schemes with the knowledge of current approaches to balance excessive traceability in group signatures and extreme anonymity in ring signatures. This paper will also shape the future research directions of two critical signature schemes that require more awareness. Citation: Cryptography PubDate: 2022-01-19 DOI: 10.3390/cryptography6010003 Issue No:Vol. 6, No. 1 (2022)
Authors:Byoung S. Ham First page: 4 Abstract: Based on the addressability of quantum superposition and its unitary transformation, a network-compatible, unconditionally secured key distribution protocol is presented for arbitrary networking in a classical regime with potential applications of one-time-pad cryptography. The network capability is due to the addressable unitary transformation between arbitrary point-to-point connections in a network through commonly shared double transmission channels. The unconditional security is due to address-sensitive eavesdropping randomness via network authentication. The proposed protocol may offer a solid platform of unconditionally secured classical cryptography for mass-data communications in a conventional network, which would be otherwise impossible. Citation: Cryptography PubDate: 2022-01-21 DOI: 10.3390/cryptography6010004 Issue No:Vol. 6, No. 1 (2022)
Authors:Shay Gueron, Edoardo Persichetti, Paolo Santini First page: 5 Abstract: This paper defines a new practical construction for a code-based signature scheme. We introduce a new protocol that is designed to follow the recent paradigm known as “Sigma protocol with helper”, and prove that the protocol’s security reduces directly to the Syndrome Decoding Problem. The protocol is then converted to a full-fledged signature scheme via a sequence of generic steps that include: removing the role of the helper; incorporating a variety of protocol optimizations (using e.g., Merkle trees); applying the Fiat–Shamir transformation. The resulting signature scheme is EUF-CMA secure in the QROM, with the following advantages: (a) Security relies on only minimal assumptions and is backed by a long-studied NP-complete problem; (b) the trusted setup structure allows for obtaining an arbitrarily small soundness error. This minimizes the required number of repetitions, thus alleviating a major bottleneck associated with Fiat–Shamir schemes. We outline an initial performance estimation to confirm that our scheme is competitive with respect to existing solutions of similar type. Citation: Cryptography PubDate: 2022-01-27 DOI: 10.3390/cryptography6010005 Issue No:Vol. 6, No. 1 (2022)
Authors:Jean Belo Klamti, M. Anwar Hasan First page: 6 Abstract: An adaptor signature can be viewed as a signature concealed with a secret value and, by design, any two of the trio yield the other. In a multiparty setting, an initial adaptor signature allows each party to create additional adaptor signatures without the original secret. Adaptor signatures help address scalability and interoperability issues in blockchain. They can also bring some important advantages to cryptocurrencies, such as low on-chain cost, improved transaction fungibility, and fewer limitations of a blockchain’s scripting language. In this paper, we propose a new two-party adaptor signature scheme that relies on quantum-safe hard problems in coding theory. The proposed scheme uses a hash-and-sign code-based signature scheme introduced by Debris-Alazard et al. and a code-based hard relation defined from the well-known syndrome decoding problem. To achieve all the basic properties of adaptor signatures formalized by Aumayr et al., we introduce further modifications to the aforementioned signature scheme. We also give a security analysis of our scheme and its application to the atomic swap. After providing a set of parameters for our scheme, we show that it has the smallest pre-signature size compared to existing post-quantum adaptor signatures. Citation: Cryptography PubDate: 2022-01-27 DOI: 10.3390/cryptography6010006 Issue No:Vol. 6, No. 1 (2022)
Authors:Marius Iulian Mihailescu, Stefania Loredana Nita First page: 8 Abstract: Cloud computing offers the possibility of providing suitable access within a network for a set of resources. Many users use different services for outsourcing their data within the cloud, saving and mitigating the local storage and other resources involved. One of the biggest concerns is represented by storing sensitive data on remote servers, which can be found to be extremely challenging within different situations related to privacy. Searchable Encryption (SE) represents a particular case of Fully Homomorphic Encryption (FHE) and at the same time represents a method composed from a set of algorithms meant to offer protection for users’ sensitive data, while it preserves the searching functionality on the server-side. There are two main types of SE: Searchable Symmetric Encryption (SSE), where the ciphertexts and trapdoors for searching are performed using private key holders, and Public Key Searchable Encryption (PKSE), in which a specific number of users have the public key based on which are capable of outputting ciphertexts and giving the possibility of producing the trapdoors by using the private key from the holder. In this article, we propose a searchable encryption system that uses biometric authentication. Additionally, biometric data are used in the trapdoor generation process, such that an unauthorized user cannot submit search queries. The proposed system contains three components: classic user authentication (based on username, password, and a message with a code using short message service (SMS), biometric authentication, and the searchable encryption scheme. The first two components can be seen as two-factor authentication (2FA), and the second component represents the initialization step of the searchable encryption scheme. In the end, we show and demonstrate that the proposed scheme can be implemented with success for medium to complex network infrastructures. We have granted special attention to the trapdoor function, which generates a value that can be used to perform the search process and search function that is based on the trapdoor pair for searching within the index structure. We provide the correctness and security proof of the operations, which gives us the guarantee that the cloud servers return the correct documents. Additionally, we discuss measuring the performance of the authentication scheme in terms of performance indicators, introducing two indicators for measuring purposes—namely, cloud average number of non-legitim the user actions for cloud purposes (CANNL) and cloud average number of legitim user actionsCANLU. Citation: Cryptography PubDate: 2022-02-14 DOI: 10.3390/cryptography6010008 Issue No:Vol. 6, No. 1 (2022)
Authors:Wenhua Gao, Li Yang, Daode Zhang, Xia Liu First page: 9 Abstract: To prevent eavesdropping and tampering, network security protocols take advantage of asymmetric ciphers to establish session-specific shared keys with which further communication is encrypted using symmetric ciphers. Commonly used asymmetric algorithms include public key encryption, key exchange, and identity-based encryption (IBE). However, network security protocols based on classic identity-based encryption schemes do not have perfect forward secrecy. To solve this problem, we construct the first quantum IBE (QIBE) scheme based on the learning with errors (LWE) problem, which is also the first cryptographic scheme that applies the LWE problem to quantum encryption. We prove that our scheme is fully secure under the random oracle model and highlight the following advantages: (1) Network security protocols with our QIBE scheme provide perfect forward secrecy. The ciphertext is transmitted in the form of a quantum state unknown to the adversary and cannot be copied and stored. Thus, in network security protocols based on QIBE construction, the adversary does not have any previous quantum ciphertext to decrypt for obtaining the previous session key, even if the private identity key is threatened. (2) Classic key generation centre (KGC) systems can still be used in the QIBE scheme to generate and distribute private identity keys, reducing the cost when implementing this scheme. The classic KGC systems can be used because the master public and secret keys of our scheme are both in the form of classic bits. Finally, we present quantum circuits to implement this QIBE scheme and analyse its required quantum resources for given numbers of qubits, Hadamard gates, phase gates, T gates, and CNOT (controlled-NOT) gates. One of our main findings is that the quantum resources required by our scheme increase linearly with the number of plaintext bits to be encrypted. Citation: Cryptography PubDate: 2022-02-16 DOI: 10.3390/cryptography6010009 Issue No:Vol. 6, No. 1 (2022)
Authors:Grzegorz Bazydło, Remigiusz Wiśniewski, Kamil Kozdrój First page: 10 Abstract: A novel, trusted, and secure durable medium electronic service is proposed in the paper. The proposed idea joins cryptographic methods (such as signing with an electronic seal and data encryption) with blockchain techniques. The e-service and blockchain databases were implemented on the TTP side, which made the presented concept trusted and secure. The proposed electronic service was oriented towards practical implementations, and it has commonly been developed together with a company from the cybersecurity field (which is considered a TTP in the proposed approach). The concept has been designed to meet the requirements of Polish law (i.e., the conditions and regulations related to the implementation of the durable medium in Poland); nevertheless, it can easily be adapted for other regions. The functionality of the presented e-service is illustrated by the example case study. Citation: Cryptography PubDate: 2022-02-21 DOI: 10.3390/cryptography6010010 Issue No:Vol. 6, No. 1 (2022)
Authors:Khumbelo Difference Muthavhine, Mbuyu Sumbwanyambe First page: 11 Abstract: Many Internet of Things (IoT) devices use an Advanced Encryption Standard (AES) algorithm to secure data stored and transmitted during the communication process. The AES algorithm often suffers DC (DC) attacks. Little has been done to prevent DC attacks, particularly on an AES algorithm. This study focuses on preventing Differential Cryptanalysis attacks. DC attacks are practiced on an AES algorithm that is found on IoT devices. The novel approach of using a Khumbelo Difference Muthavine (KDM) function and changing the 8 × 8 S-Boxes to be the 8 × 32 S-Boxes successfully prevents DC attacks on an AES algorithm. A KDM function is a newly mathematically developed function, coined and used purposely in this study. A KDM function was never produced, defined, or utilized before by any researcher except for in this study. A KDM function makes a new 32-Bit S-Box suitable for the new Modified AES algorithm and confuses the attacker since it comprises many mathematical modulo operators. Additionally, these mathematical modulo operators are irreversible. The study managed to prevent the DC attack of a minimum of 70% on AES and a maximum of 100% on a Simplified DES. The attack on the new Modified AES Algorithm is 0% since no S-Box is used as a building block. Citation: Cryptography PubDate: 2022-02-22 DOI: 10.3390/cryptography6010011 Issue No:Vol. 6, No. 1 (2022)
Authors:Abdulbast A. Abushgra First page: 12 Abstract: Cryptography is an unexpected revolution in information security in the recent decades, where remarkable improvements have been created to provide confidentiality and integrity. Quantum cryptography is one such improvement that has grown rapidly since the first announced protocol. Quantum cryptography contains substantial elements that must be addressed to ensure secure communication between legitimate parties. Quantum key distribution (QKD), a technique for creating a secret key, is one of the most interesting areas in quantum cryptography. This paper reviews some well-known quantum key distribution techniques that have been demonstrated in the past three decades. Furthermore, this paper discusses the process of creating a secret key using quantum mechanics and cryptography methods. Moreover, it explains the relationships between many basic aspects of QKD protocols and suggests some improvements in the cryptosystem. An accurate quantitative comparison between the QKD protocols is presented, especially the runtime execution for each QKD protocol. In addition, the paper will demonstrate a general model of each considered QKD protocol based on security principles. Citation: Cryptography PubDate: 2022-03-04 DOI: 10.3390/cryptography6010012 Issue No:Vol. 6, No. 1 (2022)
Authors:Prastudy Fauzi, Martha Norberg Hovd, Håvard Raddum First page: 13 Abstract: Fully homomorphic encryption (FHE) is a powerful tool in cryptography that allows one to perform arbitrary computations on encrypted material without having to decrypt it first. There are numerous FHE schemes, all of which are expanded from somewhat homomorphic encryption (SHE) schemes, and some of which are considered viable in practice. However, while these FHE schemes are semantically (IND-CPA) secure, the question of their IND-CCA1 security is much less studied, and we therefore provide an overview of the IND-CCA1 security of all acknowledged FHE schemes in this paper. To give this overview, we grouped the SHE schemes into broad categories based on their similarities and underlying hardness problems. For each category, we show that the SHE schemes are susceptible to either known adaptive key recovery attacks, a natural extension of known attacks, or our proposed attacks. Finally, we discuss the known techniques to achieve IND-CCA1-secure FHE and SHE schemes. We concluded that none of the proposed schemes were IND-CCA1-secure and that the known general constructions all had their shortcomings. Citation: Cryptography PubDate: 2022-03-17 DOI: 10.3390/cryptography6010013 Issue No:Vol. 6, No. 1 (2022)
Open Access journal
[84 journals]
