Pseudorandom Functions and Permutations Provably Secure against Related-Key Attacks

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

Download Full-text

Close to Optimally Secure Variants of GCM

Security and Communication Networks ◽

10.1155/2018/9715947 ◽

2018 ◽

Vol 2018 ◽

pp. 1-12

Author(s):

Ping Zhang ◽

Hong-Gang Hu ◽

Qian Yuan

Keyword(s):

Block Cipher ◽

Positive Response ◽

Block Size ◽

Hybrid Technique ◽

Authenticated Encryption ◽

Pseudorandom Functions ◽

Pseudorandom Permutation ◽

Mode Of Operation ◽

Universal Hash Function ◽

Provably Secure

The Galois/Counter Mode of operation (GCM) is a widely used nonce-based authenticated encryption with associated data mode which provides the birthday-bound security in the nonce-respecting scenario; that is, it is secure up to about 2n/2 adversarial queries if all nonces used in the encryption oracle are never repeated, where n is the block size. It is an open problem to analyze whether GCM security can be improved by using some simple operations. This paper presents a positive response for this problem. Firstly, we introduce two close to optimally secure pseudorandom functions and derive their security bound by the hybrid technique. Then, we utilize these pseudorandom functions that we design and a universal hash function to construct two improved versions of GCM, called OGCM-1 and OGCM-2. OGCM-1 and OGCM-2 are, respectively, provably secure up to approximately 2n/67(n-1)2 and 2n/67 adversarial queries in the nonce-respecting scenario if the underlying block cipher is a secure pseudorandom permutation. Finally, we discuss the properties of OGCM-1 and OGCM-2 and describe the future works.

Download Full-text

Cryptanalysis and Improvement of a Provably Secure RFID Ownership Transfer Protocol

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e99.a.130 ◽

2016 ◽

Vol E99.A (1) ◽

pp. 130-138

Author(s):

Daisuke MORIYAMA

Keyword(s):

Ownership Transfer ◽

Provably Secure ◽

Transfer Protocol

Download Full-text

A Provably Secure Certificate-Based Aggregate Signature Scheme

2020 IEEE 6th International Conference on Computer and Communications (ICCC) ◽

10.1109/iccc51575.2020.9344919 ◽

2020 ◽

Author(s):

Weiping Zuo ◽

Yunfang Liu

Keyword(s):

Signature Scheme ◽

Aggregate Signature ◽

Provably Secure

Download Full-text

Security Analysis on an Efficient and Provably Secure Authenticated Key Agreement Protocol for Fog-Based Vehicular Ad-Hoc Networks

2021 International Conference on Artificial Intelligence and Smart Systems (ICAIS) ◽

10.1109/icais50930.2021.9395790 ◽

2021 ◽

Author(s):

Salman Shamshad ◽

Mohammad S. Obaidat ◽

Minahil ◽

Muhammad Asad Saleem ◽

Usman Shamshad ◽

...

Keyword(s):

Ad Hoc Networks ◽

Key Agreement ◽

Vehicular Ad Hoc Networks ◽

Ad Hoc ◽

Security Analysis ◽

Authenticated Key Agreement ◽

Key Agreement Protocol ◽

Hoc Networks ◽

Provably Secure

Download Full-text

A secure and highly efficient first-order masking scheme for AES linear operations

Cybersecurity ◽

10.1186/s42400-021-00082-w ◽

2021 ◽

Vol 4 (1) ◽

Author(s):

Jingdian Ming ◽

Yongbin Zhou ◽

Huizhong Li ◽

Qian Zhang

Keyword(s):

Cost Reduction ◽

Provable Security ◽

State Of The Art ◽

Side Channel ◽

First Order ◽

Highly Efficient ◽

Non Linear ◽

Device Independence ◽

Practical Implications ◽

Provably Secure

AbstractDue to its provable security and remarkable device-independence, masking has been widely accepted as a noteworthy algorithmic-level countermeasure against side-channel attacks. However, relatively high cost of masking severely limits its applicability. Considering the high tackling complexity of non-linear operations, most masked AES implementations focus on the security and cost reduction of masked S-boxes. In this paper, we focus on linear operations, which seems to be underestimated, on the contrary. Specifically, we discover some security flaws and redundant processes in popular first-order masked AES linear operations, and pinpoint the underlying root causes. Then we propose a provably secure and highly efficient masking scheme for AES linear operations. In order to show its practical implications, we replace the linear operations of state-of-the-art first-order AES masking schemes with our proposal, while keeping their original non-linear operations unchanged. We implement four newly combined masking schemes on an Intel Core i7-4790 CPU, and the results show they are roughly 20% faster than those original ones. Then we select one masked implementation named RSMv2 due to its popularity, and investigate its security and efficiency on an AVR ATMega163 processor and four different FPGA devices. The results show that no exploitable first-order side-channel leakages are detected. Moreover, compared with original masked AES implementations, our combined approach is nearly 25% faster on the AVR processor, and at least 70% more efficient on four FPGA devices.

Download Full-text

Breaking and (Partially) Fixing Provably Secure Onion Routing

2020 IEEE Symposium on Security and Privacy (SP) ◽

10.1109/sp40000.2020.00039 ◽

2020 ◽

Cited By ~ 1

Author(s):

Christiane Kuhn ◽

Martin Beck ◽

Thorsten Strufe

Keyword(s):

Onion Routing ◽

Provably Secure

Download Full-text

Leakage-Free and Provably Secure Certificateless Signcryption Scheme Using Bilinear Pairings

The Computer Journal ◽

10.1093/comjnl/bxv002 ◽

2015 ◽

Vol 58 (10) ◽

pp. 2636-2648 ◽

Cited By ~ 7

Author(s):

SK Hafizul Islam ◽

Fagen Li

Keyword(s):

Bilinear Pairings ◽

Signcryption Scheme ◽

Provably Secure

Download Full-text

Provably secure server-aided verification signatures

Computers & Mathematics with Applications ◽

10.1016/j.camwa.2011.01.036 ◽

2011 ◽

Vol 61 (7) ◽

pp. 1705-1723 ◽

Cited By ~ 17

Author(s):

Wei Wu ◽

Yi Mu ◽

Willy Susilo ◽

Xinyi Huang

Keyword(s):

Secure Server ◽

Provably Secure

Download Full-text

A Mathematical Problem for Security Analysis of Hash Functions and Pseudorandom Generators

International Journal of Foundations of Computer Science ◽

10.1142/s0129054115500100 ◽

2015 ◽

Vol 26 (02) ◽

pp. 169-194 ◽

Cited By ~ 1

Author(s):

Koji Nuida ◽

Takuro Abe ◽

Shizuo Kaji ◽

Toshiaki Maeno ◽

Yasuhide Numata

Keyword(s):

Mathematical Problem ◽

Security Analysis ◽

Hash Functions ◽

Future Research ◽

Theoretical Frameworks ◽

Pseudorandom Generators ◽

Mathematical Problems ◽

Security Evaluations ◽

Security Property ◽

Provably Secure

In this paper, we specify a class of mathematical problems, which we refer to as “Function Density Problems” (FDPs, in short), and point out novel connections of FDPs to the following two cryptographic topics; theoretical security evaluations of keyless hash functions (such as SHA-1), and constructions of provably secure pseudorandom generators (PRGs) with some enhanced security property introduced by Dubrov and Ishai (STOC 2006). Our argument aims at proposing new theoretical frameworks for these topics (especially for the former) based on FDPs, rather than providing some concrete and practical results on the topics. We also give some examples of mathematical discussions on FDPs, which would be of independent interest from mathematical viewpoints. Finally, we discuss possible directions of future research on other crypto-graphic applications of FDPs and on mathematical studies on FDPs themselves.

Download Full-text