On the Security Analysis of Weak Cryptographic Primitive Based Key Derivation Function

Multiparty weighted threshold quantum secret sharing based on the Chinese remainder theorem to share quantum information

Scientific Reports ◽

10.1038/s41598-021-85703-7 ◽

2021 ◽

Vol 11 (1) ◽

Author(s):

Yao-Hsin Chou ◽

Guo-Jyun Zeng ◽

Xing-Yu Chen ◽

Shu-Yu Kuo

Keyword(s):

Quantum Information ◽

Phase Shift ◽

Quantum State ◽

Secret Sharing ◽

Chinese Remainder Theorem ◽

Security Analysis ◽

Quantum Secret Sharing ◽

Security Protocol ◽

Multiple Quantum ◽

Cryptographic Primitive

AbstractSecret sharing is a widely-used security protocol and cryptographic primitive in which all people cooperate to restore encrypted information. The characteristics of a quantum field guarantee the security of information; therefore, many researchers are interested in quantum cryptography and quantum secret sharing (QSS) is an important research topic. However, most traditional QSS methods are complex and difficult to implement. In addition, most traditional QSS schemes share classical information, not quantum information which makes them inefficient to transfer and share information. In a weighted threshold QSS method, each participant has each own weight, but assigning weights usually costs multiple quantum states. Quantum state consumption will therefore increase with the weight. It is inefficient and difficult, and therefore not able to successfully build a suitable agreement. The proposed method is the first attempt to build multiparty weighted threshold QSS method using single quantum particles combine with the Chinese remainder theorem (CRT) and phase shift operation. The proposed scheme allows each participant has its own weight and the dealer can encode a quantum state with the phase shift operation. The dividing and recovery characteristics of CRT offer a simple approach to distribute partial keys. The reversibility of phase shift operation can encode and decode the secret. The proposed weighted threshold QSS scheme presents the security analysis of external attacks and internal attacks. Furthermore, the efficiency analysis shows that our method is more efficient, flexible, and simpler to implement than traditional methods.

Download Full-text

A Framework for Security Analysis of Key Derivation Functions

Information Security Practice and Experience - Lecture Notes in Computer Science ◽

10.1007/978-3-642-29101-2_14 ◽

2012 ◽

pp. 199-216 ◽

Cited By ~ 5

Author(s):

Chuah Chai Wen ◽

Edward Dawson ◽

Juan Manuel González Nieto ◽

Leonie Simpson

Keyword(s):

Security Analysis ◽

Key Derivation

Download Full-text

Towards Region Queries with Strong Location Privacy in Mobile Network

Mobile Information Systems ◽

10.1155/2021/5972486 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Songtao Yang ◽

Qingfeng Jiang

Keyword(s):

Location Privacy ◽

New Technologies ◽

Security Analysis ◽

Mobile Network ◽

Sensitive Information ◽

Location Based Service ◽

Cryptographic Primitive ◽

The Common ◽

Query Semantics ◽

The Relationship

With the interaction of geographic data and social data, the inference attack has been mounting up, calling for new technologies for privacy protection. Although there are many tangible contributions of spatial-temporal cloaking technologies, traditional technologies are not enough to resist privacy intrusion. Malicious attackers still steal user-sensitive information by analyzing the relationship between location and query semantics. Reacting to many interesting issues, oblivious transfer (OT) protocols are introduced to guarantee location privacy. To our knowledge, OT is a cryptographic primitive between two parties and can be used as a building block for any arbitrary multiparty computation protocol. Armed with previous privacy-preserving technologies, for example, OT, in this work, we first develop a novel region queries framework that can provide robust privacy for location-dependent queries. We then design an OT-assist privacy-aware protocol (or OTPA) for location-based service with rigorous security analysis. In short, the common query of the client in our solution can be divided into two parts, the region query R q and the content query C q , to achieve location k -anonymity, location m -diversity, and query r -diversity, which ensure the privacy of two parties (i.e., client and server). Lastly, we instantiate our OTPA protocol, and experiments show that the proposed OTPA protocol is reasonable and effective.

Download Full-text

A Modified Symmetric Key Fully Homomorphic Encryption Scheme Based on Read-Muller Code

Baghdad Science Journal ◽

10.21123/bsj.2021.18.2(suppl.).0899 ◽

2021 ◽

Vol 18 (2(Suppl.)) ◽

pp. 0899

Author(s):

RatnaKumari Challa ◽

VijayaKumari Gunta

Keyword(s):

Coding Theory ◽

Homomorphic Encryption ◽

Security Analysis ◽

Encryption Scheme ◽

Fully Homomorphic Encryption ◽

Chosen Plaintext Attack ◽

Security Proof ◽

Expansion Technique ◽

Cryptographic Primitive ◽

Symmetric Key

Homomorphic encryption became popular and powerful cryptographic primitive for various cloud computing applications. In the recent decades several developments has been made. Few schemes based on coding theory have been proposed but none of them support unlimited operations with security. We propose a modified Reed-Muller Code based symmetric key fully homomorphic encryption to improve its security by using message expansion technique. Message expansion with prepended random fixed length string provides one-to-many mapping between message and codeword, thus one-to many mapping between plaintext and ciphertext. The proposed scheme supports both (MOD 2) additive and multiplication operations unlimitedly. We make an effort to prove the security of the scheme under indistinguishability under chosen-plaintext attack (IND-CPA) through a game-based security proof. The security proof gives a mathematical analysis and its complexity of hardness. Also, it presents security analysis against all the known attacks with respect to the message expansion and homomorphic operations.

Download Full-text

A Pairing-based Homomorphic Encryption Scheme for Multi-User Settings

Cryptography ◽

10.4018/978-1-7998-1763-5.ch017 ◽

2020 ◽

pp. 295-305

Author(s):

Zhang Wei

Keyword(s):

Decision Problem ◽

Homomorphic Encryption ◽

Security Analysis ◽

Information Leakage ◽

Public Key ◽

Encryption Scheme ◽

Security Model ◽

Multiplication Operation ◽

Cryptographic Primitive ◽

Single User

A new method is presented to privately outsource computation of different users. As a significant cryptographic primitive in cloud computing, homomorphic encryption (HE) can evaluate on ciphertext directly without decryption, thus avoid information leakage. However, most of the available HE schemes are single-user, which means that they could only evaluate on ciphertexts encrypted by the same public key. Adopting the idea of proxy re-encryption, and focusing on the compatibility of computation, the authors provide a pairing-based multi-user homomorphic encryption scheme. The scheme is a somewhat homomorphic one, which can do infinite additions and one multiplication operation. Security of the scheme is based on subgroup decision problem. The authors give a concrete security model and detailed security analysis.

Download Full-text

Reconsidering the Security Bound of AES-GCM-SIV

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2017.i4.240-267 ◽

2017 ◽

pp. 240-267 ◽

Cited By ~ 1

Author(s):

Tetsu Iwata ◽

Yannick Seurin

Keyword(s):

Research Group ◽

Security Analysis ◽

Encryption Scheme ◽

Authenticated Encryption ◽

Simple Modification ◽

Security Guarantees ◽

Security Bound ◽

Key Derivation

We make a number of remarks about the AES-GCM-SIV nonce-misuse resistant authenticated encryption scheme currently considered for standardization by the Crypto Forum Research Group (CFRG). First, we point out that the security analysis proposed in the ePrint report 2017/168 is incorrect, leading to overly optimistic security claims. We correct the bound and re-assess the security guarantees offered by the scheme for various parameters. Second, we suggest a simple modification to the key derivation function which would improve the security of the scheme with virtually no efficiency penalty.

Download Full-text

A Pairing-based Homomorphic Encryption Scheme for Multi-User Settings

International Journal of Technology and Human Interaction ◽

10.4018/ijthi.2016040106 ◽

2016 ◽

Vol 12 (2) ◽

pp. 72-82 ◽

Cited By ~ 8

Author(s):

Zhang Wei

Keyword(s):

Decision Problem ◽

Homomorphic Encryption ◽

Security Analysis ◽

Information Leakage ◽

Public Key ◽

Encryption Scheme ◽

Security Model ◽

Multiplication Operation ◽

Cryptographic Primitive ◽

Single User

A new method is presented to privately outsource computation of different users. As a significant cryptographic primitive in cloud computing, homomorphic encryption (HE) can evaluate on ciphertext directly without decryption, thus avoid information leakage. However, most of the available HE schemes are single-user, which means that they could only evaluate on ciphertexts encrypted by the same public key. Adopting the idea of proxy re-encryption, and focusing on the compatibility of computation, the authors provide a pairing-based multi-user homomorphic encryption scheme. The scheme is a somewhat homomorphic one, which can do infinite additions and one multiplication operation. Security of the scheme is based on subgroup decision problem. The authors give a concrete security model and detailed security analysis.

Download Full-text

Lightweight Crypto Stack for TPMS Using Lesamnta-LW

Security and Communication Networks ◽

10.1155/2020/5738215 ◽

2020 ◽

Vol 2020 ◽

pp. 1-12

Author(s):

Yuhei Watanabe ◽

Hideki Yamamoto ◽

Hirotaka Yoshida

Keyword(s):

Low Cost ◽

Tire Pressure ◽

Session Key ◽

Pseudorandom Functions ◽

Cryptographic Primitive ◽

Tire Pressure Monitoring System ◽

And Performance ◽

The Cost ◽

Cyberphysical System ◽

Key Derivation

Modern vehicles which have internal sensor networks are one of the examples of a cyberphysical system (CPS). The tire pressure monitoring system (TPMS) is used to monitor the pressure of the tires and to inform the driver of them. This system is mandatory for vehicles in the US and EU. To ensure the security of TPMS, it is important to reduce the cost of the cryptographic mechanisms implemented in resource-constrained devices. To address this problem, previous works have proposed countermeasures employing lightweight block ciphers such as PRESENT, SPECK, or KATAN. However, it is not clear to us that any of these works have addressed the issues of software optimization that considers TPMS packet protection as well as session key updates for architectures consisting of the vehicle TPMS ECU and four low-cost TPMS sensors equipped with the tires. In this paper, we propose the application of ISO/IEC 29192-5 lightweight hash function Lesamnta-LW to address these issues. When we apply cryptographic mechanisms to a practical system, we consider the lightweight crypto stack which contains cryptographic mechanisms, specifications for the implementation, and performance evaluation. Our approach is to apply the known method of converting Lesamnta-LW to multiple independent pseudorandom functions (PRFs) in TPMS. In our case, we generate five PRFs this way and then use one PRF for MAC generation and four for key derivation. We use the internal AES-based block cipher of Lesamnta-LW for encryption. Although we follow the NIST SP 800-108 framework of converting PRFs to key derivation functions, we confirm the significant advantage of Lesamnta-LW-based PRFs over HMAC-SHA-256 by evaluating the performance on AVR 8-bit microcontrollers, on which we consider simulating TPMS sensors. We expect that our method to achieve multiple purposes with a single cryptographic primitive will help us to reduce the total implementation cost required for TPMS security.

Download Full-text