Cryptography, Volume 6, Issue 1 (March 2022) – 13 articles

Fully homomorphic encryption (FHE) is a powerful tool in cryptography that allows one to perform arbitrary computations on encrypted material without having to decrypt it first. There are numerous FHE schemes, all of which are expanded from somewhat homomorphic encryption (SHE) schemes, and some of which are considered viable in practice. However, while these FHE schemes are semantically (IND-CPA) secure, the question of their IND-CCA1 security is much less studied, and we therefore provide an overview of the IND-CCA1 security of all acknowledged FHE schemes in this paper. To give this overview, we grouped the SHE schemes into broad categories based on their similarities and underlying hardness problems. For each category, we show that the SHE schemes are susceptible to either known adaptive key recovery attacks, a natural extension of known attacks, or our proposed attacks. Finally, we discuss the known techniques to achieve IND-CCA1-secure FHE and SHE schemes. We concluded that none of the proposed schemes were IND-CCA1-secure and that the known general constructions all had their shortcomings. Full article

Cryptography is an unexpected revolution in information security in the recent decades, where remarkable improvements have been created to provide confidentiality and integrity. Quantum cryptography is one such improvement that has grown rapidly since the first announced protocol. Quantum cryptography contains substantial elements that must be addressed to ensure secure communication between legitimate parties. Quantum key distribution (QKD), a technique for creating a secret key, is one of the most interesting areas in quantum cryptography. This paper reviews some well-known quantum key distribution techniques that have been demonstrated in the past three decades. Furthermore, this paper discusses the process of creating a secret key using quantum mechanics and cryptography methods. Moreover, it explains the relationships between many basic aspects of QKD protocols and suggests some improvements in the cryptosystem. An accurate quantitative comparison between the QKD protocols is presented, especially the runtime execution for each QKD protocol. In addition, the paper will demonstrate a general model of each considered QKD protocol based on security principles. Full article

Many Internet of Things (IoT) devices use an Advanced Encryption Standard (AES) algorithm to secure data stored and transmitted during the communication process. The AES algorithm often suffers DC (DC) attacks. Little has been done to prevent DC attacks, particularly on an AES algorithm. This study focuses on preventing Differential Cryptanalysis attacks. DC attacks are practiced on an AES algorithm that is found on IoT devices. The novel approach of using a Khumbelo Difference Muthavine (KDM) function and changing the 8 × 8 S-Boxes to be the 8 × 32 S-Boxes successfully prevents DC attacks on an AES algorithm. A KDM function is a newly mathematically developed function, coined and used purposely in this study. A KDM function was never produced, defined, or utilized before by any researcher except for in this study. A KDM function makes a new 32-Bit S-Box suitable for the new Modified AES algorithm and confuses the attacker since it comprises many mathematical modulo operators. Additionally, these mathematical modulo operators are irreversible. The study managed to prevent the DC attack of a minimum of $70\%$ on AES and a maximum of $100\%$ on a Simplified DES. The attack on the new Modified AES Algorithm is $0\%$ since no S-Box is used as a building block. Full article

A novel, trusted, and secure durable medium electronic service is proposed in the paper. The proposed idea joins cryptographic methods (such as signing with an electronic seal and data encryption) with blockchain techniques. The e-service and blockchain databases were implemented on the TTP side, which made the presented concept trusted and secure. The proposed electronic service was oriented towards practical implementations, and it has commonly been developed together with a company from the cybersecurity field (which is considered a TTP in the proposed approach). The concept has been designed to meet the requirements of Polish law (i.e., the conditions and regulations related to the implementation of the durable medium in Poland); nevertheless, it can easily be adapted for other regions. The functionality of the presented e-service is illustrated by the example case study. Full article

To prevent eavesdropping and tampering, network security protocols take advantage of asymmetric ciphers to establish session-specific shared keys with which further communication is encrypted using symmetric ciphers. Commonly used asymmetric algorithms include public key encryption, key exchange, and identity-based encryption (IBE). However, network security protocols based on classic identity-based encryption schemes do not have perfect forward secrecy. To solve this problem, we construct the first quantum IBE (QIBE) scheme based on the learning with errors (LWE) problem, which is also the first cryptographic scheme that applies the LWE problem to quantum encryption. We prove that our scheme is fully secure under the random oracle model and highlight the following advantages: (1) Network security protocols with our QIBE scheme provide perfect forward secrecy. The ciphertext is transmitted in the form of a quantum state unknown to the adversary and cannot be copied and stored. Thus, in network security protocols based on QIBE construction, the adversary does not have any previous quantum ciphertext to decrypt for obtaining the previous session key, even if the private identity key is threatened. (2) Classic key generation centre (KGC) systems can still be used in the QIBE scheme to generate and distribute private identity keys, reducing the cost when implementing this scheme. The classic KGC systems can be used because the master public and secret keys of our scheme are both in the form of classic bits. Finally, we present quantum circuits to implement this QIBE scheme and analyse its required quantum resources for given numbers of qubits, Hadamard gates, phase gates, T gates, and CNOT (controlled-NOT) gates. One of our main findings is that the quantum resources required by our scheme increase linearly with the number of plaintext bits to be encrypted. Full article

Cloud computing offers the possibility of providing suitable access within a network for a set of resources. Many users use different services for outsourcing their data within the cloud, saving and mitigating the local storage and other resources involved. One of the biggest concerns is represented by storing sensitive data on remote servers, which can be found to be extremely challenging within different situations related to privacy. Searchable Encryption (SE) represents a particular case of Fully Homomorphic Encryption (FHE) and at the same time represents a method composed from a set of algorithms meant to offer protection for users’ sensitive data, while it preserves the searching functionality on the server-side. There are two main types of SE: Searchable Symmetric Encryption (SSE), where the ciphertexts and trapdoors for searching are performed using private key holders, and Public Key Searchable Encryption (PKSE), in which a specific number of users have the public key based on which are capable of outputting ciphertexts and giving the possibility of producing the trapdoors by using the private key from the holder. In this article, we propose a searchable encryption system that uses biometric authentication. Additionally, biometric data are used in the trapdoor generation process, such that an unauthorized user cannot submit search queries. The proposed system contains three components: classic user authentication (based on username, password, and a message with a code using short message service (SMS), biometric authentication, and the searchable encryption scheme. The first two components can be seen as two-factor authentication (2FA), and the second component represents the initialization step of the searchable encryption scheme. In the end, we show and demonstrate that the proposed scheme can be implemented with success for medium to complex network infrastructures. We have granted special attention to the trapdoor function, which generates a value that can be used to perform the search process and search function that is based on the trapdoor pair for searching within the index structure. We provide the correctness and security proof of the operations, which gives us the guarantee that the cloud servers return the correct documents. Additionally, we discuss measuring the performance of the authentication scheme in terms of performance indicators, introducing two indicators for measuring purposes—namely, cloud average number of non-legitim the user actions for cloud purposes ($C_{ANNL}$) and cloud average number of legitim user actions$\left(C_{ANLU}\right)$. Full article

An adaptor signature can be viewed as a signature concealed with a secret value and, by design, any two of the trio yield the other. In a multiparty setting, an initial adaptor signature allows each party to create additional adaptor signatures without the original secret. Adaptor signatures help address scalability and interoperability issues in blockchain. They can also bring some important advantages to cryptocurrencies, such as low on-chain cost, improved transaction fungibility, and fewer limitations of a blockchain’s scripting language. In this paper, we propose a new two-party adaptor signature scheme that relies on quantum-safe hard problems in coding theory. The proposed scheme uses a hash-and-sign code-based signature scheme introduced by Debris-Alazard et al. and a code-based hard relation defined from the well-known syndrome decoding problem. To achieve all the basic properties of adaptor signatures formalized by Aumayr et al., we introduce further modifications to the aforementioned signature scheme. We also give a security analysis of our scheme and its application to the atomic swap. After providing a set of parameters for our scheme, we show that it has the smallest pre-signature size compared to existing post-quantum adaptor signatures. Full article

This paper defines a new practical construction for a code-based signature scheme. We introduce a new protocol that is designed to follow the recent paradigm known as “Sigma protocol with helper”, and prove that the protocol’s security reduces directly to the Syndrome Decoding Problem. The protocol is then converted to a full-fledged signature scheme via a sequence of generic steps that include: removing the role of the helper; incorporating a variety of protocol optimizations (using e.g., Merkle trees); applying the Fiat–Shamir transformation. The resulting signature scheme is EUF-CMA secure in the QROM, with the following advantages: (a) Security relies on only minimal assumptions and is backed by a long-studied NP-complete problem; (b) the trusted setup structure allows for obtaining an arbitrarily small soundness error. This minimizes the required number of repetitions, thus alleviating a major bottleneck associated with Fiat–Shamir schemes. We outline an initial performance estimation to confirm that our scheme is competitive with respect to existing solutions of similar type. Full article

Based on the addressability of quantum superposition and its unitary transformation, a network-compatible, unconditionally secured key distribution protocol is presented for arbitrary networking in a classical regime with potential applications of one-time-pad cryptography. The network capability is due to the addressable unitary transformation between arbitrary point-to-point connections in a network through commonly shared double transmission channels. The unconditional security is due to address-sensitive eavesdropping randomness via network authentication. The proposed protocol may offer a solid platform of unconditionally secured classical cryptography for mass-data communications in a conventional network, which would be otherwise impossible. Full article

This survey reviews the two most prominent group-oriented anonymous signature schemes and analyzes the existing approaches for their problem: balancing anonymity against traceability. Group signatures and ring signatures are the two leading competitive signature schemes with a rich body of research. Both group and ring signatures enable user anonymity with group settings. Any group user can produce a signature while hiding his identity in a group. Although group signatures have predefined group settings, ring signatures allow users to form ad-hoc groups. Preserving user identities provided an advantage for group and ring signatures. Thus, presently many applications utilize them. However, standard group signatures enable an authority to freely revoke signers’ anonymity. Thus, the authority might weaken the anonymity of innocent users. On the other hand, traditional ring signatures maintain permanent user anonymity, allowing space for malicious user activities; thus achieving the requirements of privacy-preserved traceability in group signatures and controlled anonymity in ring signatures has become desirable. This paper reviews group and ring signatures and explores the existing approaches that address the identification of malicious user activities. We selected many papers that discuss balancing user tracing and anonymity in group and ring signatures. Since this paper scrutinizes both signatures from their basic idea to obstacles including tracing users, it provides readers a broad synthesis of information about two signature schemes with the knowledge of current approaches to balance excessive traceability in group signatures and extreme anonymity in ring signatures. This paper will also shape the future research directions of two critical signature schemes that require more awareness. Full article

In recent years, several new notions of security have begun receiving consideration for public-key cryptosystems, beyond the standard of security against adaptive chosen ciphertext attack (CCA2). Among these are security against randomness reset attacks, in which the randomness used in encryption is forcibly set to some previous value, and against constant secret-key leakage attacks, wherein the constant factor of a secret key’s bits is leaked. In terms of formal security definitions, cast as attack games between a challenger and an adversary, a joint combination of these attacks means that the adversary has access to additional encryption queries under a randomness of his own choosing along with secret-key leakage queries. This implies that both the encryption and decryption processes of a cryptosystem are being tampered under this security notion. In this paper, we attempt to address this problem of a joint combination of randomness and secret-key leakage attacks through two cryptosystems that incorporate hash proof system and randomness extractor primitives. The first cryptosystem relies on the random oracle model and is secure against a class of adversaries, called non-reversing adversaries. We remove the random oracle oracle assumption and the non-reversing adversary requirement in our second cryptosystem, which is a standard model that relies on a proposed primitive called $L^M$ lossy functions. These functions allow up to M lossy branches in the collection to substantially lose information, allowing the cryptosystem to use this loss of information for several encryption and challenge queries. For each cryptosystem, we present detailed security proofs using the game-hopping procedure. In addition, we present a concrete instantation of $L^M$ lossy functions in the end of the paper—which relies on the DDH assumption. Full article

We propose a new functional encryption for pattern matching scheme with a hidden string. In functional encryption for pattern matching (FEPM), access to a message is controlled by its description and a private key that is used to evaluate the description for decryption. In particular, the description with which the ciphertext is associated is an arbitrary string w and the ciphertext can only be decrypted if its description matches the predicate of a private key which is also a string. Therefore, it provides fine-grained access control through pattern matching alone. Unlike related schemes in the literature, our scheme hides the description that the ciphertext is associated with. In many practical scenarios, the description of the ciphertext cannot be public information as an attacker may abuse the message description to identify the data owner or classify the target ciphertext before decrypting it. Moreover, some data owners may not agree to reveal any ciphertext information since it simply gives greater advantage to the adversary. In this paper, we introduce the first FEPM scheme with a hidden string, such that the adversary cannot get any information about the ciphertext from its description. The security of our scheme is formally analyzed. The proposed scheme provides both confidentiality and anonymity while maintaining its expressiveness. We prove these security properties under the interactive general Diffie–Hellman assumption (i-GDH) and a static assumption introduced in this paper. Full article