scholarly journals Two-Round Password-Based Authenticated Key Exchange from Lattices

2020 ◽  
Vol 2020 ◽  
pp. 1-13
Author(s):  
Anqi Yin ◽  
Yuanbo Guo ◽  
Yuanming Song ◽  
Tongzhou Qu ◽  
Chen Fang
Keyword(s):  
Communication Systems ◽  
Large Scale ◽  
Mutual Authentication ◽  
Key Exchange ◽  
Public Key ◽  
Public Key Encryption ◽  
Authenticated Key Exchange ◽  
Low Entropy ◽  
Chosen Ciphertext Attack

Password-based authenticated key exchange (PAKE) allows participants sharing low-entropy passwords to agree on cryptographically strong session keys over insecure networks. In this paper, we present two PAKE protocols from lattices in the two-party and three-party settings, respectively, which can resist quantum attacks and achieve mutual authentication. The protocols in this paper achieve two rounds of communication by carefully utilizing the splittable properties of the underlying primitive, a CCA (Chosen-Ciphertext Attack)-secure public key encryption (PKE) scheme with associated nonadaptive approximate smooth projection hash (NA-ASPH) system. Compared with other related protocols, the proposed two-round PAKE protocols have relatively less communication and computation overhead. In particular, the two-round 3PAKE is more practical in large-scale communication systems.

scholarly journals An efficient 3D Diffie-Hellman based Two-Server password-only authenticated key exchange

2019 ◽  
Vol 16 (1) ◽  
Author(s):  
Anitha Kumari K ◽  
Sudha Sadasivam G
Keyword(s):  
Large Scale ◽  
Communication Complexity ◽  
Mutual Authentication ◽  
Formal Proof ◽  
Key Exchange ◽  
Authenticated Key Exchange ◽  
Diffie Hellman ◽  
Technological World ◽  
Client Side ◽  
Evaluation Parameters

In emerging technological world, security potentially remains as a highest challenge in the large-scale distributed systems, as it is suffering extensively with adversarial attacks due to insufficient mutual authentication. In order to address this, a state-of-art tetrahedron (3D) based two-server Password Authenticated and Key Exchange (PAKE) protocol has been formulated with formal proof of security by incorporating the elementary properties of plane geometry. The main intention of this work is, obtaining a password from the stored credentials must be infeasible when both the servers compromised together. At the outset to realize these goals, in this paper, the properties of the tetrahedron are utilized along with Diffie-Hellman (DH) key exchange algorithm to withstand against malicious attacks. A significant aspect of the proposed 3D PAKE protocol is, client side complexity has been reduced to a greater extent in terms of computation and communication. Both theoretically and practically, 3D PAKE protocol is the first demonstrable secure two-server PAKE protocol that breaks the assumptions of the Yang et al. and Yi et al. protocol that the two servers must not compromise together. Computational complexity, communication complexity, security key principles, best of all attacks happening dubiously are considered as the evaluation parameters to compare the performance of the proposed 3D PAKE protocol.

Unlinkable Affiliation-Hiding Authenticated Key Exchange

2011 ◽  
Vol 467-469 ◽  
pp. 640-644
Author(s):  
Yong Ding ◽  
Bin Li ◽  
Zheng Tao Jiang
Keyword(s):  
Key Agreement ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Key Exchange ◽  
Public Key ◽  
Authenticated Key Exchange ◽  
Key Exchange Protocol ◽  
Authentication And Key Agreement ◽  
Other Information ◽  
Authenticated Key Exchange Protocol

Affiliation-hiding authenticated key exchange protocol, also called secret handshake, makes two parties from the same organization realize mutual authentication and key agreement via public key certificates without leaking the organization information to any others. Moreover, if the peer involved in the protocol is not from the same group, no any information of the affiliation can be known. In previous secret handshakes protocols, there is a problem which is linkability. That is to say, two activities of the same people can be associated by the attackers. It is not desirable for privacy because the association may deduce it’s affiliation with some other information. In this paper, an unlinkable affiliation-hiding authenticated key exchange protocol is brought out to conquer the linkability. Security analysis is given finally.

scholarly journals An efficient 3D Diffie-Hellman based Two-Server password-only authenticated key exchange

2018 ◽  
Vol 16 (1) ◽  
Author(s):  
Anitha Kumari K ◽  
Sudha Sadasivam G
Keyword(s):  
Large Scale ◽  
Communication Complexity ◽  
Mutual Authentication ◽  
Formal Proof ◽  
Key Exchange ◽  
Authenticated Key Exchange ◽  
Diffie Hellman ◽  
Technological World ◽  
Client Side ◽  
Evaluation Parameters

In emerging technological world, security potentially remains as a highest challenge in the large-scale distributed systems, as it is suffering extensively with adversarial attacks due to insufficient mutual authentication. In order to address this, a state-of-art tetrahedron (3D) based two-server Password Authenticated and Key Exchange (PAKE) protocol has been formulated with formal proof of security by incorporating the elementary properties of plane geometry. The main intention of this work is, obtaining a password from the stored credentials must be infeasible when both the servers compromised together. At the outset to realize these goals, in this paper, the properties of the tetrahedron are utilized along with Diffie-Hellman (DH) key exchange algorithm to withstand against malicious attacks. A significant aspect of the proposed 3D PAKE protocol is, client side complexity has been reduced to a greater extent in terms of computation and communication. Both theoretically and practically, 3D PAKE protocol is the first demonstrable secure two-server PAKE protocol that breaks the assumptions of the Yang et al. and Yi et al. protocol that the two servers must not compromise together. Computational complexity, communication complexity, security key principles, best of all attacks happening dubiously are considered as the evaluation parameters to compare the performance of the proposed 3D PAKE protocol.

Securing Public Key Encryption Against Adaptive Chosen Ciphertext Attacks

2018 ◽  
pp. 134-144
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Partial Information ◽  
Hash Functions ◽  
Public Key ◽  
Public Key Encryption ◽  
Public Key Cryptosystems ◽  
Active Attacks ◽  
Chosen Ciphertext Attack ◽  
Decryption Oracle

To deal with active attacks in public key encryptions, the notion of security against an adaptive chosen ciphertext attack has been defined by Researchers. If an adversary can inject messages into a network, these messages may be ciphertexts, and the adversary may be able to extract partial information about the corresponding cleartexts through its interaction with parties in the network. The Security against chosen ciphertext attack is defined using an “decryption oracle.” Given an encryption of a message the “ciphertext” we want to guarantee that the adversary cannot obtain any partial information about the message. A method of securing Public Key Cryptosystems using hash functions is described in this chapter.

scholarly journals CCA Secure Public Key Encryption against After-the-Fact Leakage without NIZK Proofs

2019 ◽  
Vol 2019 ◽  
pp. 1-8
Author(s):  
Yi Zhao ◽  
Kaitai Liang ◽  
Bo Yang ◽  
Liqun Chen
Keyword(s):  
State Model ◽  
Encryption Algorithm ◽  
Public Key ◽  
Public Key Encryption ◽  
Split State ◽  
Leakage Resilient ◽  
Traditional Sense ◽  
Definition Of ◽  
Lossy Trapdoor Functions ◽  
Chosen Ciphertext Attack

In leakage resilient cryptography, there is a seemingly inherent restraint on the ability of the adversary that it cannot get access to the leakage oracle after the challenge. Recently, a series of works made a breakthrough to consider a postchallenge leakage. They presented achievable public key encryption (PKE) schemes which are semantically secure against after-the-fact leakage in the split-state model. This model puts a more acceptable constraint on adversary’s ability that the adversary cannot query the leakage of secret states as a whole but the functions of several parts separately instead of prechallenge query only. To obtain security against chosen ciphertext attack (CCA) for PKE schemes against after-the-fact leakage attack (AFL), existing works followed the paradigm of “double encryption” which needs noninteractive zero knowledge (NIZK) proofs in the encryption algorithm. We present an alternative way to achieve AFL-CCA security via lossy trapdoor functions (LTFs) without NIZK proofs. First, we formalize the definition of LTFs secure against AFL (AFLR-LTFs) and all-but-one variants (ABO). Then, we show how to realize this primitive in the split-state model. This primitive can be used to construct AFLR-CCA secure PKE scheme in the same way as the method of “CCA from LTFs” in traditional sense.

scholarly journals Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption

2001 ◽  
Vol 8 (37) ◽  
Author(s):  
Ronald Cramer ◽  
Victor Shoup
Keyword(s):  
Special Kind ◽  
Public Key ◽  
Proof System ◽  
Reasonable Assumption ◽  
Encryption Scheme ◽  
Public Key Encryption ◽  
Proof Systems ◽  
Encryption Schemes ◽  
Hash Proof System ◽  
Chosen Ciphertext Attack

We present several new and fairly practical public-key encryption schemes and prove them secure against adaptive chosen ciphertext attack. One scheme is based on Paillier's Decision Composite Residuosity (DCR) assumption, while another is based in the classical Quadratic Residuosity (QR) assumption. The analysis is in the standard cryptographic model, i.e., the security of our schemes does not rely on the Random Oracle model.<br /> <br />We also introduce the notion of a universal hash proof system. Essentially, this is a special kind of non-interactive zero-knowledge proof system for an NP language. We do not show that universal hash proof systems exist for all NP languages, but we do show how to construct very efficient universal hash proof systems for a general class of group-theoretic language membership problems.<br /> <br />Given an efficient universal hash proof system for a language with certain natural cryptographic indistinguishability properties, we show how to construct an efficient public-key encryption schemes secure against adaptive chosen ciphertext attack in the standard model. Our construction only uses the universal hash proof system as a primitive: no other primitives are required, although even more efficient encryption schemes can be obtained by using hash functions with appropriate collision-resistance properties. We show how to construct efficient universal hash proof systems for languages related to the DCR and QR assumptions. From these we get corresponding public-key encryption schemes that are secure under these assumptions. We also show that the Cramer-Shoup encryption scheme (which up until now was the only practical encryption scheme that could be proved secure against adaptive chosen ciphertext attack under a reasonable assumption, namely, the Decision Diffie-Hellman assumption) is also a special case of our general theory.

scholarly journals Parallel network file systems using authenticated key exchange protocols

2017 ◽  
Vol 2 (3) ◽  
pp. 161
Author(s):  
S. Sathya ◽  
M. Ranjith Kumar ◽  
K. Madheswaran
Keyword(s):  
Large Scale ◽  
File Systems ◽  
Key Exchange ◽  
Distributed File Systems ◽  
Authenticated Key Exchange ◽  
Forward Secrecy ◽  
Storage Devices ◽  
Key Exchange Protocols ◽  
Parallel Network ◽  
Metadata Server

The keyestablishment for secure many-to-many communications is very important nowadays. The problem is inspired by the proliferation of large-scale distributed file systems supporting parallel access to multiple storage devices. In this, a variety of authenticated key exchange protocols that are designed to address the issues. This shows that these protocols are capable of reducing the workload of the metadata server and concurrently supporting forward secrecy and escrow-freeness. All this requires only a small fraction of increased computation overhead at the client. This proposed three authenticated key exchange protocols for parallel network file system (pNFS). The protocols offer three appealing advantages over the existing Kerberos-based protocol. First, the metadata server executing these protocols has much lower workload than that of the Kerberos-based approach. Second, two of these protocols provide forward secrecy: one is partially forward secure (with respect to multiple sessions within a time period), while the other is fully forward secure (with respect to a session). Third, designed a protocol which not only provides forward secrecy, but is also escrow-free.

scholarly journals Quantum Election Protocol Based on Quantum Public Key Cryptosystem

2021 ◽  
Vol 2021 ◽  
pp. 1-15
Author(s):  
Wenhua Gao ◽  
Li Yang
Keyword(s):  
Digital Signature ◽  
Large Scale ◽  
Third Party ◽  
Public Key ◽  
General Construction ◽  
Public Key Cryptosystem ◽  
Public Key Encryption ◽  
Quantum Digital Signature ◽  
Quantum Public Key ◽  
Quantum Public Key Cryptosystem

There is no quantum election protocol that can fulfil the eight requirements of an electronic election protocol, i.e., completeness, robustness, privacy, legality, unreusability, fairness, verifiability, and receipt-freeness. To address this issue, we employ the general construction of quantum digital signature and quantum public key encryption, in conjunction with classic public key encryption, to develop and instantiate a general construction of quantum election protocol. The proposed protocol exhibits the following advantages: (i) no pre-shared key between any two participants is required, and no trusted third party or anonymous channels are required. The protocol is suitable for large-scale elections with numerous candidates and voters and accommodates the situation in which multiple voters vote simultaneously. (ii) It is the first protocol that dismantles the contradiction between verifiability and receipt-freeness in a quantum election protocol. It satisfies all eight requirements stated earlier under the physical assumptions that there exists a one-way untappable channel from the administrator to the voter and that there is no collusion between any of the three parties in the protocol. Compared with current election protocols with verifiability and receipt-freeness, this protocol relies upon fewer physical assumptions. (iii) This construction is flexible and can be instantiated into an election scheme having post-quantum security by applying cryptographic algorithms conveying post-quantum security. Moreover, utilizing quantum digital signature and public key encryption yields a good result: the transmitted ballots are in quantum states, so owing to the no-cloning theorem, ballot privacy is less likely to be compromised, even if private keys of the signature and public key encryption are leaked after the election. However, in existing election protocols employing classic digital signatures and public key encryption, ballot privacy can be easily violated if attackers obtain private keys. Thus, our construction enhances privacy.

Pairing-Free Identity-Based Encryption with Authorized Equality Test in Online Social Networks

2019 ◽  
Vol 30 (04) ◽  
pp. 647-664
Author(s):  
Libing Wu ◽  
Yubo Zhang ◽  
Kim-Kwang Raymond Choo ◽  
Debiao He
Keyword(s):  
Social Networking ◽  
Online Social Networks ◽  
Keyword Search ◽  
Public Key ◽  
Encryption Scheme ◽  
Public Key Encryption ◽  
Identity Based Encryption ◽  
Identity Based ◽  
Equality Test ◽  
Chosen Ciphertext Attack

Online social networking applications have become more and more popular in the advance of the technological age. Much of our personal information has been disclosed in social networking activities and privacy-preserving still remains a research challenge in social network. Public key encryption scheme with equality test(PKEET), which is an extension of public key encryption with keyword search (PEKS), seems to be a solution. PKEET enables the tester to check whether two given ciphertexts are derived from the same plaintext. Recently, Zhu et al. proposed a pairing-free public key encryption scheme with equality test based on the traditional public key cryptosystem. However, it suffers from certificates management issue. In this paper, we propose a pairing-free identity-based encryption scheme with authorized equality test(PF-IBEAET). The PF-IBEAET scheme also provides fine-grained authorizations. We prove that the scheme is one way secure against chosen identity and chosen ciphertext attack (OW-ID-CCA) and indistinguishable against chosen-identity and chosen-ciphertext attack (IND-ID-CCA) in the random oracle model (ROM). Performance analysis shows that the scheme achieves a better performance than similar schemes.

Sign in / Sign up

Export Citation Format

Share Document