Cryptography doi: 10.3390/cryptography5020013

Authors: Ehsan Aerabi David Hély Cyril Bresch Athanasios Papadimitriou Mahdi Fazeli

CONFISCA is the first generic SIMD-based software countermeasure that can concurrently resist against Side-Channel Attack (SCA) and Fault Injection (FI). Its promising strength is presented in a PRESENT cipher case study and compared to software-based Dual-rail with Pre-charge Logic concurrent countermeasure. It has lower overhead, wider usability, and higher protection. Its protection has been compared using Correlation Power Analysis, Welch’s T-Test, Signal-to-Noise Ratio and Normalized Inter-Class Variance testing methods. CONFISCA can on-the-fly switch between its two modes of operation: The High-Performance and High-Security by having only one instance of the cipher. This gives us the flexibility to trade performance/energy with security, based on the actual critical needs.

]]>Cryptography doi: 10.3390/cryptography5020012

Authors: Yu-Cheng Chen Vincent John Mooney Santiago Grijalva

The progression of cyber-attacks on the cyber-physical system is analyzed by the Probabilistic, Learning Attacker, and Dynamic Defender (PLADD) model. Although our research does apply to all cyber-physical systems, we focus on power grid infrastructure. The PLADD model evaluates the effectiveness of moving target defense (MTD) techniques. We consider the power grid attack scenarios in the AND configurations and OR configurations. In addition, we consider, for the first time ever, power grid attack scenarios involving both AND configurations and OR configurations simultaneously. Cyber-security managers can use the strategy introduced in this manuscript to optimize their defense strategies. Specifically, our research provides insight into when to reset access controls (such as passwords, internet protocol addresses, and session keys), to minimize the probability of a successful attack. Our mathematical proof for the OR configuration of multiple PLADD games shows that it is best if all access controls are reset simultaneously. For the AND configuration, our mathematical proof shows that it is best (in terms of minimizing the attacker′s average probability of success) that the resets are equally spaced apart. We introduce a novel concept called hierarchical parallel PLADD system to cover additional attack scenarios that require combinations of AND and OR configurations.

]]>Cryptography doi: 10.3390/cryptography5010011

Authors: Jürgen Freudenberger Johann-Philipp Thiers

The McEliece cryptosystem is a promising candidate for post-quantum public-key encryption. In this work, we propose q-ary codes over Gaussian integers for the McEliece system and a new channel model. With this one Mannheim error channel, errors are limited to weight one. We investigate the channel capacity of this channel and discuss its relation to the McEliece system. The proposed codes are based on a simple product code construction and have a low complexity decoding algorithm. For the one Mannheim error channel, these codes achieve a higher error correction capability than maximum distance separable codes with bounded minimum distance decoding. This improves the work factor regarding decoding attacks based on information-set decoding.

]]>Cryptography doi: 10.3390/cryptography5010010

Authors: Niluka Amarasinghe Xavier Boyen Matthew McKague

The modern financial world has seen a significant rise in the use of cryptocurrencies in recent years, partly due to the convincing lure of anonymity promised by these schemes. Bitcoin, despite being considered as the most widespread among all, is claimed to have significant lapses in relation to its anonymity. Unfortunately, studies have shown that many cryptocurrency transactions can be traced back to their corresponding participants through the analysis of publicly available data, to which the cryptographic community has responded by proposing new constructions with improved anonymity claims. Nevertheless, the absence of a common metric for evaluating the level of anonymity achieved by these schemes has led to numerous disparate ad hoc anonymity definitions, making comparisons difficult. The multitude of these notions also hints at the surprising complexity of the overall anonymity landscape. In this study, we introduce such a common framework to evaluate the nature and extent of anonymity in (crypto) currencies and distributed transaction systems, thereby enabling one to make meaningful comparisons irrespective of their implementation. Accordingly, our work lays the foundation for formalizing security models and terminology across a wide range of anonymity notions referenced in the literature, while showing how “anonymity” itself is a surprisingly nuanced concept, as opposed to existing claims that are drawn upon at a higher level, thus missing out on the elemental factors underpinning anonymity.

]]>Cryptography doi: 10.3390/cryptography5010009

Authors: Mukhil Azhagan Mallaiyan Sathiaseelan Olivia P. Paradis Shayan Taheri Navid Asadizanjani

In this paper, we present the need for specialized artificial intelligence (AI) for counterfeit and defect detection of PCB components. Popular computer vision object detection techniques are not sufficient for such dense, low inter-class/high intra-class variation, and limited-data hardware assurance scenarios in which accuracy is paramount. Hence, we explored the limitations of existing object detection methodologies, such as region based convolutional neural networks (RCNNs) and single shot detectors (SSDs), and compared them with our proposed method, the electronic component localization and detection network (ECLAD-Net). The results indicate that, of the compared methods, ECLAD-Net demonstrated the highest performance, with a precision of 87.2% and a recall of 98.9%. Though ECLAD-Net demonstrated decent performance, there is still much progress and collaboration needed from the hardware assurance, computer vision, and deep learning communities for automated, accurate, and scalable PCB assurance.

]]>Cryptography doi: 10.3390/cryptography5010008

Authors: Bertrand Cambou Donald Telesca Sareh Assiri Michael Garrett Saloni Jain Michael Partridge

Schemes generating cryptographic keys from arrays of pre-formed Resistive Random Access (ReRAM) cells, called memristors, can also be used for the design of fast true random number generators (TRNG’s) of exceptional quality, while consuming low levels of electric power. Natural randomness is formed in the large stochastic cell-to-cell variations in resistance values at low injected currents in the pre-formed range. The proposed TRNG scheme can be designed with three interconnected blocks: (i) a pseudo-random number generator that acts as an extended output function to generate a stream of addresses pointing randomly at the array of ReRAM cells; (ii) a method to read the resistance values of these cells with a low injected current, and to convert the values into a stream of random bits; and, if needed, (iii) a method to further enhance the randomness of this stream such as mathematical, Boolean, and cryptographic algorithms. The natural stochastic properties of the ReRAM cells in the pre-forming range, at low currents, have been analyzed and demonstrated by measuring a statistically significant number of cells. Various implementations of the TRNGs with ReRAM arrays are presented in this paper.

]]>Cryptography doi: 10.3390/cryptography5010007

Authors: Holden Gordon Jack Edmonds Soroor Ghandali Wei Yan Nima Karimian Fatemeh Tehranipoor

Over the last two decades, hardware security has gained increasing attention in academia and industry. Flash memory has been given a spotlight in recent years, with the question of whether or not it can prove useful in a security role. Because of inherent process variation in the characteristics of flash memory modules, they can provide a unique fingerprint for a device and have thus been proposed as locations for hardware security primitives. These primitives include physical unclonable functions (PUFs), true random number generators (TRNGs), and integrated circuit (IC) counterfeit detection. In this paper, we evaluate the efficacy of flash memory-based security primitives and categorize them based on the process variations they exploit, as well as other features. We also compare and evaluate flash-based security primitives in order to identify drawbacks and essential design considerations. Finally, we describe new directions, challenges of research, and possible security vulnerabilities for flash-based security primitives that we believe would benefit from further exploration.

]]>Cryptography doi: 10.3390/cryptography5010006

Authors: Malek Safieh Jürgen Freudenberger

Modular arithmetic over integers is required for many cryptography systems. Montgomery reduction is an efficient algorithm for the modulo reduction after a multiplication. Typically, Montgomery reduction is used for rings of ordinary integers. In contrast, we investigate the modular reduction over rings of Gaussian integers. Gaussian integers are complex numbers where the real and imaginary parts are integers. Rings over Gaussian integers are isomorphic to ordinary integer rings. In this work, we show that Montgomery reduction can be applied to Gaussian integer rings. Two algorithms for the precision reduction are presented. We demonstrate that the proposed Montgomery reduction enables an efficient Gaussian integer arithmetic that is suitable for elliptic curve cryptography. In particular, we consider the elliptic curve point multiplication according to the randomized initial point method which is protected against side-channel attacks. The implementation of this protected point multiplication is significantly faster than comparable algorithms over ordinary prime fields.

]]>Cryptography doi: 10.3390/cryptography5010005

Authors: Cryptography Editorial Office Cryptography Editorial Office

Peer review is the driving force of journal development, and reviewers are gatekeepers who ensure that Cryptography maintains its standards for the high quality of its published papers [...]

]]>Cryptography doi: 10.3390/cryptography5010004

Authors: Bayan Alabdullah Natalia Beloff Martin White

Data security has become crucial to most enterprise and government applications due to the increasing amount of data generated, collected, and analyzed. Many algorithms have been developed to secure data storage and transmission. However, most existing solutions require multi-round functions to prevent differential and linear attacks. This results in longer execution times and greater memory consumption, which are not suitable for large datasets or delay-sensitive systems. To address these issues, this work proposes a novel algorithm that uses, on one hand, the reflection property of a balanced binary search tree data structure to minimize the overhead, and on the other hand, a dynamic offset to achieve a high security level. The performance and security of the proposed algorithm were compared to Advanced Encryption Standard and Data Encryption Standard symmetric encryption algorithms. The proposed algorithm achieved the lowest running time with comparable memory usage and satisfied the avalanche effect criterion with 50.1%. Furthermore, the randomness of the dynamic offset passed a series of National Institute of Standards and Technology (NIST) statistical tests.

]]>Cryptography doi: 10.3390/cryptography5010003

Authors: Alexandru Cojocaru Léo Colisson Elham Kashefi Petros Wallden

Classical client remote state preparation (CC − RSP) is a primitive where a fully classical party (client) can instruct the preparation of a sequence of random quantum states on some distant party (server) in a way that the description is known to the client but remains hidden from the server. This primitive has many applications, most prominently, it makes blind quantum computing possible for classical clients. In this work, we give a protocol for classical client remote state preparation, that requires minimal resources. The protocol is proven secure against honest-but-curious servers and any malicious third party in a game-based security framework. We provide an instantiation of a trapdoor (approximately) 2-regular family of functions whose security is based on the hardness of the Learning-With-Errors problem, including a first analysis of the set of usable parameters. We also run an experimentation on IBM’s quantum cloud using a toy function. This is the first proof-of-principle experiment of classical client remote state preparation.

]]>Cryptography doi: 10.3390/cryptography5010002

Authors: Tushar Kanti Saha Takeshi Koshiba

Conjunctive queries play a key role in retrieving data from a database. In a database, a query containing many conditions in its predicate, connected by an “and/&amp;/∧” operator, is called a conjunctive query. Retrieving the outcome of a conjunctive query from thousands of records is a heavy computational task. Private data access to an outsourced database is required to keep the database secure from adversaries; thus, private conjunctive queries (PCQs) are indispensable. Cheon, Kim, and Kim (CKK) proposed a PCQ protocol using search-and-compute circuits in which they used somewhat homomorphic encryption (SwHE) for their protocol security. As their protocol is far from being able to be used practically, we propose a practical batch private conjunctive query (BPCQ) protocol by applying a batch technique for processing conjunctive queries over an outsourced database, in which both database and queries are encoded in binary format. As a main technique in our protocol, we develop a new data-packing method to pack many data into a single polynomial with the batch technique. We further enhance the performances of the binary-encoded BPCQ protocol by replacing the binary encoding with N-ary encoding. Finally, we compare the performance to assess the results obtained by the binary-encoded BPCQ protocol and the N-ary-encoded BPCQ protocol.

]]>Cryptography doi: 10.3390/cryptography5010001

Authors: Sarah A. Alzakari Poorvi L. Vora

We apply McKay&rsquo;s pseudo-linear approximation of addition modular 2n to lightweight ARX block ciphers with large words, specifically the Speck family. We demonstrate that a pseudo-linear approximation can be combined with a linear approximation using the meet-in-the-middle attack technique to recover several key bits. Thus we illustrate improvements to Speck linear distinguishers based solely on Cho&ndash;Pieprzyk approximations by combining them with pseudo-linear approximations, and propose key recovery attacks.

]]>Cryptography doi: 10.3390/cryptography4040037

Authors: Bei Liang Gustavo Banegas Aikaterini Mitrokotsa

Cohen, Goldwasser, and Vaikuntanathan (TCC&rsquo;15) introduced the concept of aggregate pseudo-random functions (PRFs), which allow efficiently computing the aggregate of PRF values over exponential-sized sets. In this paper, we explore the aggregation augmentation on verifiable random function (VRFs), introduced by Micali, Rabin and Vadhan (FOCS&rsquo;99), as well as its application to e-lottery schemes. We introduce the notion of static aggregate verifiable random functions (Agg-VRFs), which perform aggregation for VRFs in a static setting. Our contributions can be summarized as follows: (1) we define static aggregate VRFs, which allow the efficient aggregation of VRF values and the corresponding proofs over super-polynomially large sets; (2) we present a static Agg-VRF construction over bit-fixing sets with respect to product aggregation based on the q-decisional Diffie&ndash;Hellman exponent assumption; (3) we test the performance of our static Agg-VRFs instantiation in comparison to a standard (non-aggregate) VRF in terms of costing time for the aggregation and verification processes, which shows that Agg-VRFs lower considerably the timing of verification of big sets; and (4) by employing Agg-VRFs, we propose an improved e-lottery scheme based on the framework of Chow et al.&rsquo;s VRF-based e-lottery proposal (ICCSA&rsquo;05). We evaluate the performance of Chow et al.&rsquo;s e-lottery scheme and our improved scheme, and the latter shows a significant improvement in the efficiency of generating the winning number and the player verification.

]]>Cryptography doi: 10.3390/cryptography4040036

Authors: Rinat Breuer Itamar Levi

Cryptographic designs are vulnerable to side-channel analysis attacks. Evaluating their security during design stages is of crucial importance. The latter is achieved by very expensive (slow) analog transient-noise simulations over advanced fabrication process technologies. The main challenge of such rigorous security-evaluation analysis lies in the fact that technologies are becoming more and more complex and the physical properties of manufactured devices vary significantly due to process variations. In turn, a detailed security evaluation process imposes exponential time complexity with the circuit-size, the number of physical implementation corners (statistical variations) and the accuracy of the circuit-simulator. Given these circumstances, what is the cost of not exhausting the entire implementation space? In terms of simulation-time complexity, the benefits would clearly be significant; however, we are interested in evaluating the security implications. This question can be formulated for many other interesting side-channel contexts such as for example, how would an attack-outcome vary when the adversary is building a leakage template over one device, i.e., one physical corner, and it performs an evaluation (attack) phase of a device drawn from a different statistical corner? Alternatively, is it safe to assume that a typical (average) corner would represent the worst case in terms of security evaluation or would it be advisable to perform a security evaluation over another specific view? Finally, how would the outcome vary concretely? We ran in-depth experiments to answer these questions in the hope of finding a nice tradeoff between simulation efforts and expertise, and security-evaluation degradation. We evaluate the results utilizing methodologies such as template-attacks with a clear distinction between profiling and attack-phase statistical views. This exemplary view of what an adversary might capture in these scenarios is followed by a more complete statistical evaluation analysis utilizing tools such as the Kullback&ndash;Leibler (KL) divergence and the Jensen-Shannon (JS) divergence to draw conclusions.

]]>Cryptography doi: 10.3390/cryptography4040035

Authors: Oleg Evsutin Kristina Dzhanashia

With the huge transfers of data involved in the modern world, it is both crucial and challenging to maintain the security of data. This paper proposes a novel algorithm of information embedding into digital images that could be used to protect confidential information. The presented algorithm makes use of the Chinese remainder theorem and adaptive embedding to achieve good imperceptibility along with the possibility of hiding a decent amount of confidential information. The algorithm is evaluated via computing experiments and evaluation results, as well as comparison with similar works, demonstrate good imperceptibility qualities of the proposed scheme.

]]>Cryptography doi: 10.3390/cryptography4040034

Authors: Sergey Bezzateev Vadim Davydov Aleksandr Ometov

Security and access control aspects are becoming more and more essential to consider during the design of various systems and the tremendous growth of digitization. One of the related key building blocks in this regard is, essentially, the authentication process. Conventional schemes based on one or two authenticating factors can no longer provide the required levels of flexibility and pro-activity of the access procedures, thus, the concept of threshold-based multi-factor authentication (MFA) was introduced, in which some of the factors may be missing, but the access can still be granted. In turn, secret sharing is a crucial component of the MFA systems, with Shamir&rsquo;s schema being the most widely known one historically and based on Lagrange interpolation polynomial. Interestingly, the older Newtonian approach to the same problem is almost left without attention. At the same time, it means that the coefficients of the existing secret polynomial do not need to be re-calculated while adding a new factor. Therefore, this paper investigates this known property of Newton&rsquo;s interpolation formula, illustrating that, in specific MFA cases, the whole system may become more flexible and scalable, which is essential for future authentication systems.

]]>Cryptography doi: 10.3390/cryptography4040033

Authors: Maharage Nisansala Sevwandi Perera Takeshi Koshiba

An efficient member revocation mechanism is a desirable feature when group signature schemes are applied in practical scenarios. Revocation methods, such as verifier-local revocation (VLR), provide an efficient member revocation in applications of group signatures. However, VLR-group signatures rely on a weaker security notion. On the other hand, group signature schemes for static groups gain stronger security with the full-anonymity security notion. Even though an outsider sees the secret signing keys of all group members in the full-anonymity, the signer is still anonymous. Achieving the full-anonymity for VLR group signature schemes is challenging due to the structure of secret signing keys. The secret signing keys of those schemes consist of tokens, which are used to manage revocation. The reveal of tokens may destroy the anonymity of the signers. We obtain stronger security for the lattice-based VLR group signature schemes by providing a new key generation method, which outputs revocation tokens without deriving from the members&rsquo; secret signing keys. We propose a new group signature scheme from lattices with VLR, which achieves stronger security than the previous related works. To avoid signature forgeries, we suggest a new zero-knowledge proof system that requires signers to validate themselves. Moreover, we output an efficient tracing mechanism.

]]>Cryptography doi: 10.3390/cryptography4040032

Authors: Jeff Nijsse Alan Litchfield

For a blockchain, consensus is the foundation protocol that enables cryptocurrencies such as Bitcoin to maintain state. Additionally, to ensure safety and liveness for a publicly accessible and verifiable ledger, fault tolerance must be robust. However, there appears to be a degree of misunderstanding about how consensus is applied across blockchains. To assist researchers considering variations between them, this study presents a rational classification of consensus methods applied to current blockchains. The study provides a survey of 19 methods classified by the scarce resource they employ: clock-cycles, bits, tokens, votes, time, and biometrics. Blockchain implementations are split between consensus algorithms requiring proof of resource and those that use majority voting to update the ledger.

]]>Cryptography doi: 10.3390/cryptography4040031

Authors: Georgios M. Nikolopoulos Marc Fischlin

In conventional cryptography, information-theoretically secure message authentication can be achieved by means of universal hash functions, and requires that the two legitimate users share a random secret key, which is at least twice as long as the tag. We address the question of whether quantum resources can offer any advantage over classical unconditionally secure message authentication codes. It is shown that a broad class of symmetric prepare-and-measure quantum message-authentication schemes cannot do better than their classical counterparts.

]]>Cryptography doi: 10.3390/cryptography4040030

Authors: Debayan Das Shreyas Sen

Electromagnetic and power side-channel analysis (SCA) provides attackers a prominent tool to extract the secret key from the cryptographic engine. In this article, we present our cross-device deep learning (DL)-based side-channel attack (X-DeepSCA) which reduces the time to attack on embedded devices, thereby increasing the threat surface significantly. Consequently, with the knowledge of such advanced attacks, we performed a ground-up white-box analysis of the crypto IC to root-cause the source of the electromagnetic (EM) side-channel leakage. Equipped with the understanding that the higher-level metals significantly contribute to the EM leakage, we present STELLAR, which proposes to route the crypto core within the lower metals and then embed it within a current-domain signature attenuation (CDSA) hardware to ensure that the critical correlated signature gets suppressed before it reaches the top-level metal layers. CDSA-AES256 with local lower metal routing was fabricated in a TSMC 65 nm process and evaluated against different profiled and non-profiled attacks, showing protection beyond 1B encryptions, compared to &sim;10K for the unprotected AES. Overall, the presented countermeasure achieved a 100&times; improvement over the state-of-the-art countermeasures available, with comparable power/area overheads and without any performance degradation. Moreover, it is a generic countermeasure and can be used to protect any crypto cores while preserving the legacy of the existing implementations.

]]>Cryptography doi: 10.3390/cryptography4040029

Authors: Bharath K. Samanthula Divya Karthikeyan Boxiang Dong K. Anitha Kumari

With the rapid growth of smart devices and technological advancements in tracking geospatial data, the demand for Location-Based Services (LBS) is facing a constant rise in several domains, including military, healthcare and transportation. It is a natural step to migrate LBS to a cloud environment to achieve on-demand scalability and increased resiliency. Nonetheless, outsourcing sensitive location data to a third-party cloud provider raises a host of privacy concerns as the data owners have reduced visibility and control over the outsourced data. In this paper, we consider outsourced LBS where users want to retrieve map directions without disclosing their location information. Specifically, our paper aims to address the following problem: Given a user&rsquo;s location s, a target destination t, and a graph G stored in a cloud, can users retrieve the shortest path route from s to t in a privacy-preserving manner? Although there exist a few solutions to this problem, they are either inefficient or insecure. For example, existing solutions either leak intermediate results to untrusted cloud providers or incur significant costs on the end-user. To address this gap, we propose an efficient and secure solution based on homomorphic encryption properties combined with a novel data aggregation technique. We formally show that our solution achieves semantic security guarantees under the semi-honest model. Additionally, we provide complexity analysis and experimental results to demonstrate that the proposed protocol is significantly more efficient than the current state-of-the-art techniques.

]]>Cryptography doi: 10.3390/cryptography4040028

Authors: Yunhong Zhou Shihui Zheng Licheng Wang

In the area of searchable encryption, public key encryption with keyword search (PEKS) has been a critically important and promising technique which provides secure search over encrypted data in cloud computing. PEKS can protect user data privacy without affecting the usage of the data stored in the untrusted cloud server environment. However, most of the existing PEKS schemes concentrate on data users&rsquo; rich search functionalities, regardless of their search permission. Attribute-based encryption technology is a good method to solve the security issues, which provides fine-grained access control to the encrypted data. In this paper, we propose a privacy-preserving and efficient public key encryption with keyword search scheme by using the ciphertext-policy attribute-based encryption (CP-ABE) technique to support both fine-grained access control and keyword search over encrypted data simultaneously. We formalize the security definition, and prove that our scheme achieves selective indistinguishability security against an adaptive chosen keyword attack. Finally, we present the performance analysis in terms of theoretical analysis and experimental analysis, and demonstrate the efficiency of our scheme.

]]>Cryptography doi: 10.3390/cryptography4040027

Authors: Sylvain Guilley Khaled Karray Thomas Perianin Ritu-Ranjan Shrivastwa Youssef Souissi Sofiane Takarabt

Cryptographic implementations need to be robust amidst the widespread use of crypto-libraries and attacks targeting their implementation, such as side-channel attacks (SCA). Many certification schemes, such as Common Criteria and FIPS 140, continue without addressing side-channel flaws. Research works mostly tackle sophisticated attacks with simple use-cases, which is not the reality where end-to-end evaluation is not trivial. In this study we used all due diligence to assess the invulnerability of a given implementation from the shoes of an evaluator. In this work we underline that there are two kinds of SCA: horizontal and vertical. In terms of quotation, measurement and exploitation, horizontal SCA is easier. If traces are constant-time, then vertical attacks become convenient, since there is no need for specific alignment (&ldquo;value based analysis&rdquo;). We introduce our new methodology: Vary the key to select sensitive samples, where the values depend upon the key, and subsequently vary the mask to uncover unmasked key-dependent leakage, i.e., the flaws. This can be done in the source code (pre-silicon) for the designer or on the actual traces (post-silicon) for the test-lab. We also propose a methodology for quotations regarding SCA unlike standards that focus on only one aspect (like number of traces) and forgets about other aspects (such as equipment; cf. ISO/IEC 20085-1.

]]>Cryptography doi: 10.3390/cryptography4040026

Authors: Ali Shuja Siddiqui Yutian Gui Fareena Saqib

Reconfigurable computing is becoming ubiquitous in the form of consumer-based Internet of Things (IoT) devices. Reconfigurable computing architectures have found their place in safety-critical infrastructures such as the automotive industry. As the target architecture evolves, it also needs to be updated remotely on the target platform. This process is susceptible to remote hijacking, where the attacker can maliciously update the reconfigurable hardware target with tainted hardware configuration. This paper proposes an architecture of establishing Root of Trust at the hardware level using cryptographic co-processors and Trusted Platform Modules (TPMs) and enable over the air updates. The proposed framework implements a secure boot protocol on Xilinx based FPGAs. The project demonstrates the configuration of the bitstream, boot process integration with TPM and secure over-the-air updates for the hardware reconfiguration.

]]>Cryptography doi: 10.3390/cryptography4030025

Authors: Georgia Tsaloli Gustavo Banegas Aikaterini Mitrokotsa

Often clients (e.g., sensors, organizations) need to outsource joint computations that are based on some joint inputs to external untrusted servers. These computations often rely on the aggregation of data collected from multiple clients, while the clients want to guarantee that the results are correct and, thus, an output that can be publicly verified is required. However, important security and privacy challenges are raised, since clients may hold sensitive information. In this paper, we propose an approach, called verifiable additive homomorphic secret sharing (VAHSS), to achieve practical and provably secure aggregation of data, while allowing for the clients to protect their secret data and providing public verifiability i.e., everyone should be able to verify the correctness of the computed result. We propose three VAHSS constructions by combining an additive homomorphic secret sharing (HSS) scheme, for computing the sum of the clients&rsquo; secret inputs, and three different methods for achieving public verifiability, namely: (i) homomorphic collision-resistant hash functions; (ii) linear homomorphic signatures; as well as (iii) a threshold RSA signature scheme. In all three constructions, we provide a detailed correctness, security, and verifiability analysis and detailed experimental evaluations. Our results demonstrate the efficiency of our proposed constructions, especially from the client side.

]]>Cryptography doi: 10.3390/cryptography4030024

Authors: Noah Cowper Harry Shaw David Thayer

The ability to send information securely is a vital aspect of today&rsquo;s society, and with the developments in quantum computing, new ways to communicate have to be researched. We explored a novel application of quantum key distribution (QKD) and synchronized chaos which was utilized to mask a transmitted message. This communication scheme is not hampered by the ability to send single photons and consequently is not vulnerable to number splitting attacks like other QKD schemes that rely on single photon emission. This was shown by an eavesdropper gaining a maximum amount of information on the key during the first setup and listening to the key reconciliation to gain more information. We proved that there is a maximum amount of information an eavesdropper can gain during the communication, and this is insufficient to decode the message.

]]>Cryptography doi: 10.3390/cryptography4030023

Authors: Takeshi Sugawara

SAEAES is the authenticated encryption algorithm instantiated by combining the SAEB mode of operation with AES, and a candidate of the NIST&rsquo;s lightweight cryptography competition. Using AES gives the advantage of backward compatibility with the existing accelerators and coprocessors that the industry has invested in so far. Still, the newer lightweight block cipher (e.g., GIFT) outperforms AES in compact implementation, especially with the side-channel attack countermeasure such as threshold implementation. This paper aims to implement the first threshold implementation of SAEAES and evaluate the cost we are trading with the backward compatibility. We design a new circuit architecture using the column-oriented serialization based on the recent 3-share and uniform threshold implementation (TI) of the AES S-box based on the generalized changing of the guards. Our design uses 18,288 GE with AES&rsquo;s occupation reaching 97% of the total area. Meanwhile, the circuit area is roughly three times the conventional SAEB-GIFT implementation (6229 GE) because of a large memory size needed for the AES&rsquo;s non-linear key schedule and the extended states for satisfying uniformity in TI.

]]>Cryptography doi: 10.3390/cryptography4030022

Authors: Ashutosh Dhar Dwivedi

This paper presents the differential cryptanalysis of ARX based cipher Chaskey using tree search based heuristic approach. ARX algorithms are suitable for resource-constrained devices such as IoT and very resistant to standard cryptanalysis such as linear or differential. To make a differential attack, it is important to make differential characteristics of the cipher. Finding differential characteristics in ARX is the most challenging task nowadays. Due to the bigger block size, it is infeasible to calculate lookup tables for non-linear components. Transition through the non-linear layer of cipher faces a huge state space problem. The problem of huge state space is a serious research topic in artificial intelligence (AI). The proposed heuristic tool use such methods inspired by Nested Tree-based sampling to find differential paths in ARX cipher and successfully applied to get a state of art results for differential cryptanalysis with a very fast and simpler framework. The algorithm can also be applied in different research areas in cryptanalysis where such huge state space is a problem.

]]>Cryptography doi: 10.3390/cryptography4030021

Authors: Koki Jimbo Satoshi Iriyama Massimo Regoli

A new public key agreement (PKA) algorithm, called the strongly-asymmetric algorithm (SAA-5), was introduced by Accardi et al. The main differences from the usual PKA algorithms are that Bob has some independent public keys and Alice produces her public key by using some part of the public keys from Bob. Then, the preparation and calculation processes are essentially asymmetric. This algorithms has several free parameters more than the usual symmetric PKA algorithms and the velocity of calculation is largely dependent on the parameters chosen; however, the performance of it has not yet been tested. The purpose of our study was to discuss efficient parameters to share the key with high speeds in SAA-5 and to optimize SAA-5 in terms of calculation speed. To find efficient parameters of SAA-5, we compared the calculation speed with Diffie&ndash;Hellman (D-H) while varying values of some parameters under the circumstance where the length of the secret shared key (SSK) was fixed. For optimization, we discuss a more general framework of SAA-5 to find more efficient operations. By fixing the parameters of the framework properly, a new PKA algorithm with the same security level as SAA-5 was produced. The result shows that the calculation speed of the proposed PKA algorithm is faster than D-H, especially for large key lengths. The calculation speed of the proposed PKA algorithm increases linearly as the SSK length increases, whereas D-H increases exponentially.

]]>Cryptography doi: 10.3390/cryptography4030020

Authors: Donghoe Heo Suhri Kim Kisoon Yoon Young-Ho Park Seokhie Hong

The implementation of isogeny-based cryptography mainly use Montgomery curves, as they offer fast elliptic curve arithmetic and isogeny computation. However, although Montgomery curves have efficient 3- and 4-isogeny formula, it becomes inefficient when recovering the coefficient of the image curve for large degree isogenies. Because the Commutative Supersingular Isogeny Diffie-Hellman (CSIDH) requires odd-degree isogenies up to at least 587, this inefficiency is the main bottleneck of using a Montgomery curve for CSIDH. In this paper, we present a new optimization method for faster CSIDH protocols entirely on Montgomery curves. To this end, we present a new parameter for CSIDH, in which the three rational two-torsion points exist. By using the proposed parameters, the CSIDH moves around the surface. The curve coefficient of the image curve can be recovered by a two-torsion point. We also proved that the CSIDH while using the proposed parameter guarantees a free and transitive group action. Additionally, we present the implementation result using our method. We demonstrated that our method is 6.4% faster than the original CSIDH. Our works show that quite higher performance of CSIDH is achieved while only using Montgomery curves.

]]>Cryptography doi: 10.3390/cryptography4030019

Authors: Mayssa Tayachi Saleh Mulhem Wael Adi Laurent Nana Anca Pascu Faouzi Benzarti

Telemedicine applications are more and more used due to the rapid development of digital imaging and information and communication technologies. Medical information which include digital medical images and patient&rsquo;s information are extracted and transmitted over insecure networks for clinical diagnosis and treatments. Digital watermarking is one of the main approaches used to ensure the security of medical images. Nevertheless, in some cases, the only use of digital watermarking is not sufficient to reach a high level of security. Indeed, the watermark could carry essential patient information and needs to be protected. In such cases, cryptography may be used to protect the watermark and to improve the overall secured management in the medical environment. In this paper, we propose a clone-resistant watermarking approach combining a difference expansion watermarking technique with a cryptographic technique based on secret keys generated by a clone-resistant device called Secret Unknown Ciphers (SUCs). The use of SUCs to sign the watermark enforces the security of medical images during their transfer and storage. Experimental results show that the system provides a high level of security against various forms of attacks.

]]>Cryptography doi: 10.3390/cryptography4020018

Authors: Mohammed Abu Taha Wassim Hamidouche Naty Sidaty Marko Viitanen Jarno Vanne Safwan El Assad Olivier Deforges

Video protection and access control have gathered steam over recent years. However, the most common methods encrypt the whole video bit stream as unique data without taking into account the structure of the compressed video. These full encryption solutions are time and power consuming and, thus, are not aligned with the real-time applications. In this paper, we propose a Selective Encryption (SE) solution for Region of Interest (ROI) security based on the tile concept in High Efficiency Video Coding (HEVC) standards and selective encryption of all sensitive parts in videos. The SE solution depends on a chaos-based stream cipher that encrypts a set of HEVC syntax elements normatively, that is, the bit stream can be decoded with a standard HEVC decoder, and a secret key is only required for ROI decryption. The proposed ROI encryption solution relies on the independent tile concept in HEVC that splits the video frame into independent rectangular areas. Tiles are used to pull out the ROI from the background and only the tiles figuring the ROI are encrypted. In inter coding, the independence of tiles is guaranteed by limiting the motion vectors of non-ROI to use only the unencrypted tiles in the reference frames. Experimental results have shown that the encryption solution performs secure video encryption in a real time context, with a diminutive bit rate and complexity overheads.

]]>Cryptography doi: 10.3390/cryptography4020017

Authors: Bertrand Cambou Michael Gowanlock Julie Heynssens Saloni Jain Christopher Philabaum Duane Booher Ian Burke Jack Garrard Donald Telesca Laurent Njilla

Blockchain technology is a game-changing, enhancing security for the supply chain of smart additive manufacturing. Blockchain enables the tracking and recording of the history of each transaction in a ledger stored in the cloud that cannot be altered, and when blockchain is combined with digital signatures, it verifies the identity of the participants with its non-repudiation capabilities. One of the weaknesses of blockchain is the difficulty of preventing malicious participants from gaining access to public&ndash;private key pairs. Groups of opponents often interact freely with the network, and this is a security concern when cloud-based methods manage the key pairs. Therefore, we are proposing end-to-end security schemes by both inserting tamper-resistant devices in the hardware of the peripheral devices and using ternary cryptography. The tamper-resistant devices, which are designed with nanomaterials, act as Physical Unclonable Functions to generate secret cryptographic keys. One-time use public&ndash;private key pairs are generated for each transaction. In addition, the cryptographic scheme incorporates a third logic state to mitigate man-in-the-middle attacks. The generation of these public&ndash;private key pairs is compatible with post quantum cryptography. The third scheme we are proposing is the use of noise injection techniques used with high-performance computing to increase the security of the system. We present prototypes to demonstrate the feasibility of these schemes and to quantify the relevant parameters. We conclude by presenting the value of blockchains to secure the logistics of additive manufacturing operations.

]]>Cryptography doi: 10.3390/cryptography4020016

Authors: Maki Kihara Satoshi Iriyama

Single sign-on (SSO) techniques allow access control for multiple systems with a single login. The aim of our study is to construct an authentication algorithm that provides the authentication information of a user to a requester without requiring any specific token, thereby achieving domain-free access control. In this study, we propose an authentication algorithm for SSO based on a verifiable encryption (VE)-based authentication algorithm and implementation. VE is a kind of cryptosystem that allows calculation on cyphertexts, generating an encrypted result, which matches the distance between two plaintexts when decrypting. In our approach, we first construct the mathematical SSO algorithm based on the VE-based algorithm, and then implement the algorithm by applying the one-time pad to the algorithm and using sample data. We also consider robustness against theoretical attacks such as man-in-the-middle attack. In addition to that, our algorithm is robust against the well-known classical and theoretical attacks, the man-in-the-middle attack against the proposed algorithm is also impracticable. Furthermore, with security analysis using Proverif, the algorithm has been shown to be secure. The execution speed is less than 1 ms even with a text length of 8192 bits. Based on our results, it is evident that the computational burden of trusted third parties, such as a certificate authority, can be alleviated because the public key agreement is not required in our algorithm. Moreover, since only the authentication information is disclosed to the service provider, big tech such as GAFA cannot obtain personal information of the user without consent. As for the originality of our algorithm, any personal information, such as biometric information and non-contact magnetic IC cards in addition to the pair of ID and password, which is used for common SSO algorithms, is available.

]]>Cryptography doi: 10.3390/cryptography4020015

Authors: Mark Randolph William Diehl

Physical cryptographic implementations are vulnerable to so-called side-channel attacks, in which sensitive information can be recovered by analyzing physical phenomena of a device during operation. In this survey, we trace the development of power side-channel analysis of cryptographic implementations over the last twenty years. We provide a foundation by exploring, in depth, several concepts, such as Simple Power Analysis (SPA), Differential Power Analysis (DPA), Template Attacks (TA), Correlation Power Analysis (CPA), Mutual Information Analysis (MIA), and Test Vector Leakage Assessment (TVLA), as well as the theories that underpin them. Our introduction, review, presentation, and survey of topics are provided for the &ldquo;non expert&rdquo;, and are ideal for new researchers entering this field. We conclude the work with a brief introduction to the use of test statistics (specifically Welch&rsquo;s t-test and Pearson&rsquo;s chi-squared test) as a measure of confidence that a device is leaking secrets through a side-channel and issue a challenge for further exploration.

]]>Cryptography doi: 10.3390/cryptography4020014

Authors: Aysajan Abidin

As RFID technology is being widely used in access control systems to identify and track both objects and people, relay attacks on RFID systems continue to pose serious threats to security. To mitigate relay attacks, distance bounding protocols can be used. Until recently, all distance bounding protocols were based on classical cryptography and communication techniques. In this paper, we take a closer look at a recently proposed protocol by Jannati and Ardeshir-Larijani [Quantum Information Processing 2016, 18] to detect relay attacks using qubits. We first observe that the protocol has a weakness which allows an adversary to mount a successful attack on the protocol. We then propose a countermeasure to restore security and compare the fixed protocol with the state of the art.

]]>Cryptography doi: 10.3390/cryptography4020013

Authors: Ivan Bow Nahome Bete Fareena Saqib Wenjie Che Chintan Patel Ryan Robucci Calvin Chan Jim Plusquellic

This paper investigates countermeasures to side-channel attacks. A dynamic partial reconfiguration (DPR) method is proposed for field programmable gate arrays (FPGAs)s to make techniques such as differential power analysis (DPA) and correlation power analysis (CPA) difficult and ineffective. We call the technique side-channel power resistance for encryption algorithms using DPR, or SPREAD. SPREAD is designed to reduce cryptographic key related signal correlations in power supply transients by changing components of the hardware implementation on-the-fly using DPR. Replicated primitives within the advanced encryption standard (AES) algorithm, in particular, the substitution-box (SBOX)s, are synthesized to multiple and distinct gate-level implementations. The different implementations change the delay characteristics of the SBOXs, reducing correlations in the power traces, which, in turn, increases the difficulty of side-channel attacks. The effectiveness of the proposed countermeasures depends greatly on this principle; therefore, the focus of this paper is on the evaluation of implementation diversity techniques.

]]>Cryptography doi: 10.3390/cryptography4020012

Authors: Robert Cockell Basel Halak

This paper proposes a portable hardware token for user&rsquo;s authentication; it is based on the use of keystroke dynamics to verify users biometrically. The proposed approach allows for a multifactor authentication scheme, in which a user cannot be granted access unless they provide a correct password on a hardware token and their biometric signature. The latter is extracted while the user is typing their password. This paper explains the design rationale of the proposed system and provides a comprehensive insight in the development of a hardware prototype of the same. The paper also presents a feasibility study that included a systematic analysis based on training data obtained from 32 users. Our results show that dynamic keystroke can be employed to construct a cost-efficient solution for biometric user authentication with an average error rate of 4.5%.

]]>Cryptography doi: 10.3390/cryptography4020011

Authors: Mitchell Martin Jim Plusquellic

Physical Unclonable Functions (PUFs) are primitives that are designed to leverage naturally occurring variations to produce a random bitstring. Current PUF designs are typically implemented in silicon or utilize variations found in commercial off-the-shelf (COTS) parts. Because of this, existing designs are insufficient for the authentication of Printed Circuit Boards (PCBs). In this paper, we propose a novel PUF design that leverages board variations in a manufactured PCB to generate unique and stable IDs for each PCB. In particular, a single copper trace is used as a source of randomness for bitstring generation. The trace connects three notch filter structures in series, each of which is designed to reject specific but separate frequencies. The bitstrings generated using data measured from a set of PCBs are analyzed using statistical tests to illustrate that high levels of uniqueness and randomness are achievable.

]]>Cryptography doi: 10.3390/cryptography4010010

Authors: Gorjan Alagic Stacey Jeffery Maris Ozols Alexander Poremba

Large-scale quantum computing poses a major threat to classical public-key cryptography. Recently, strong &ldquo;quantum access&rdquo; security models have shown that numerous symmetric-key cryptosystems are also vulnerable. In this paper, we consider classical encryption in a model that grants the adversary quantum oracle access to encryption and decryption, but where we restrict the latter to non-adaptive (i.e., pre-challenge) queries only. We formalize this model using appropriate notions of ciphertext indistinguishability and semantic security (which are equivalent by standard arguments) and call it QCCA 1 in analogy to the classical CCA 1 security model. We show that the standard pseudorandom function ( PRF )-based encryption schemes are QCCA 1 -secure when instantiated with quantum-secure primitives. Our security proofs use a strong bound on quantum random-access codes with shared randomness. Revisiting plain IND &minus; CPA -secure Learning with Errors ( LWE ) encryption, we show that leaking only a single quantum decryption query (and no other leakage or queries of any kind) allows the adversary to recover the full secret key with constant success probability. Information-theoretically, full recovery of the key in the classical setting requires at least a linear number of decryption queries. Our results thus challenge the notion that LWE is unconditionally &ldquo;just as secure&rdquo; quantumly as it is classically. The algorithm at the core of our attack is a new variant of the well-known Bernstein&ndash;Vazirani algorithm. Finally, we emphasize that our results should not be interpreted as a weakness of these cryptosystems in their stated security setting (i.e., post-quantum chosen-plaintext secrecy). Rather, our results mean that, if these cryptosystems are exposed to chosen-ciphertext attacks (e.g., as a result of deployment in an inappropriate real-world setting) then quantum attacks are even more devastating than classical ones.

]]>Cryptography doi: 10.3390/cryptography4010009

Authors: Reham Almukhlifi Poorvi L. Vora

We present attacks on 21-rounds of Simon 32/64, 21-rounds of Simon 48/96, 25-rounds of Simon 64/128, 35-rounds of Simon 96/144 and 43-rounds of Simon 128/256, often with direct recovery of the full master key without repeating the attack over multiple rounds. These attacks result from the observation that, after four rounds of encryption, one bit of the left half of the state of 32/64 Simon depends on only 17 key bits (19 key bits for the other variants of Simon). Further, linear cryptanalysis requires the guessing of only 16 bits, the size of a single round key of Simon 32/64. We partition the key into smaller strings by focusing on one bit of state at a time, decreasing the cost of the exhaustive search of linear cryptanalysis to 16 bits at a time for Simon 32/64. We also present other example linear cryptanalysis, experimentally verified on 8, 10 and 12 rounds for Simon 32/64.

]]>Cryptography doi: 10.3390/cryptography4010008

Authors: Md Jubayer al Mahmod Ujjwal Guin

The edge devices connected to the Internet of Things (IoT) infrastructures are increasingly susceptible to piracy. These pirated edge devices pose a serious threat to security, as an adversary can get access to the private network through these non-authentic devices. It is necessary to authenticate an edge device over an unsecured channel to safeguard the network from being infiltrated through these fake devices. The implementation of security features demands extensive computational power and a large hardware/software overhead, both of which are difficult to satisfy because of inherent resource limitation in the IoT edge devices. This paper presents a low-cost authentication protocol for IoT edge devices that exploits power-up states of built-in SRAM for device fingerprint generations. Unclonable ID generated from the on-chip SRAM could be unreliable, and to circumvent this issue, we propose a novel ID matching scheme that alleviates the need for enhancing the reliability of the IDs generated from on-chip SRAMs. Security and different attack analysis show that the probability of impersonating an edge device by an adversary is insignificant. The protocol is implemented using a commercial microcontroller, which requires a small code overhead. However, no modification of device hardware is necessary.

]]>Cryptography doi: 10.3390/cryptography4010007

Authors: Luca Mazzarella Christopher Lowe David Lowndes Siddarth Koduru Joshi Steve Greenland Doug McNeil Cassandra Mercury Malcolm Macdonald John Rarity Daniel Kuan Li Oi

Quantum key distribution (QKD) offers future proof security based on fundamental laws of physics. Long-distance QKD spanning regions such as the United Kingdom (UK) may employ a constellation of satellites. Small satellites, CubeSats in particular, in low Earth orbit are a relatively low-cost alternative to traditional, large platforms. They allow the deployment of a large number of spacecrafts, ensuring greater coverage and mitigating some of the risk associated with availability due to cloud cover. We present our mission analysis showing how a constellation comprising 15 low-cost 6U CubeSats can be used to form a secure communication backbone for ground-based and metropolitan networks across the UK. We have estimated the monthly key rates at 43 sites across the UK, incorporating local meteorological data, atmospheric channel modelling and orbital parameters. We have optimized the constellation topology for rapid revisit and thus low-latency key distribution.

]]>Cryptography doi: 10.3390/cryptography4010005

Authors: Eric Järpe

The Diffie&ndash;Hellman protocol, ingenious in its simplicity, is still the major solution in protocols for generating a shared secret in cryptography for e-trading and many other applications after an impressive number of decades. However, lately, the threat from a future quantum computer has prompted successors resilient to quantum computer-based attacks. Here, an algorithm similar to Diffie&ndash;Hellman is presented. In contrast to the classic Diffie&ndash;Hellman, it involves floating point numbers of arbitrary size in the generation of a shared secret. This can, in turn, be used for encrypted communication based on symmetric cyphers. The validity of the algorithm is verified by proving that a vital part of the algorithm satisfies a one-way property. The decimal part is deployed for the one-way function in a way that makes the protocol a post-quantum key generation procedure. This is concluded from the fact that there is, as of yet, no quantum computer algorithm reverse engineering the one-way function. An example illustrating the use of the protocol in combination with XOR encryption is given.

]]>Cryptography doi: 10.3390/cryptography4010006

Authors: Saleh Mulhem Ayoub Mars Wael Adi

New large classes of permutations over ℤ 2 n based on T-Functions as Self-Inverting Permutation Functions (SIPFs) are presented. The presented classes exhibit negligible or low complexity when implemented in emerging FPGA technologies. The target use of such functions is in creating the so called Secret Unknown Ciphers (SUC) to serve as resilient Clone-Resistant structures in smart non-volatile Field Programmable Gate Arrays (FPGA) devices. SUCs concepts were proposed a decade ago as digital consistent alternatives to the conventional analog inconsistent Physical Unclonable Functions PUFs. The proposed permutation classes are designed and optimized particularly to use non-consumed Mathblock cores in programmable System-on-Chip (SoC) FPGA devices. Hardware and software complexities for realizing such structures are optimized and evaluated for a sample expected target FPGA technology. The attained security levels of the resulting SUCs are evaluated and shown to be scalable and usable even for post-quantum crypto systems.

]]>Cryptography doi: 10.3390/cryptography4010004

Authors: Cryptography Editorial Office Cryptography Editorial Office

The editorial team greatly appreciates the reviewers who have dedicated their considerable time and expertise to the journal&rsquo;s rigorous editorial process over the past 12 months, regardless of whether the papers are finally published or not [...]

]]>Cryptography doi: 10.3390/cryptography4010003

Authors: Damian Markham Alexandra Krause

We present a simple protocol for certifying graph states in quantum networks using stabiliser measurements. The certification statements can easily be applied to different protocols using graph states. We see, for example, how it can be used for measurement based verified quantum computation, certified sampling of random unitaries, quantum metrology and sharing quantum secrets over untrusted channels.

]]>Cryptography doi: 10.3390/cryptography4010002

Authors: Alexander Sauer Gernot Alber

Loophole-free violations of Bell inequalities are crucial for fundamental tests of quantum nonlocality. They are also important for future applications in quantum information processing, such as device-independent quantum key distribution. Based on a detector model which includes detector inefficiencies and dark counts, we estimate the minimal requirements on detectors needed for performing loophole-free bipartite and tripartite Bell tests. Our numerical investigation is based on a hierarchy of semidefinite programs for characterizing possible quantum correlations. We find that for bipartite setups with two measurement choices and our detector model, the optimal inequality for a Bell test is equivalent to the Clauser&ndash;Horne inequality.

]]>Cryptography doi: 10.3390/cryptography4010001

Authors: Emad Hamadaqa Ayoub Mars Wael Adi

Fleet Management (FM) deals with the management of transport, distribution, and logistics of national and international goods exchange, in which many operators worldwide are involved. Fleet management involves many security-relevant participating entities, such as vehicles, FM mobile clients, smart trackers with goods, drivers, etc. Existing automated fleet management systems are basically vulnerable to physical replacement attacks when managed by mass-produced electronic identities. Analog Physical Unclonable Functions (PUFs) failed to serve as unclonable electronic identities due to being costly, unstable and inefficient for such mass-usage. We propose in this paper to deploy the Secret Unknown Ciphers (SUCs) techniques introduced a decade ago as digital low-cost clone-resistant identities to be embedded in selected participating electronic Fleet Management System (FMS) units. SUCs, as stable self-created digital modules to be embedded in future smart non-volatile (NV)-FPGA devices, are expected to cover all emerging FMS physical security requirements. Such information-retaining units (when switched-off) are emerging to become widely used as ultra-low-power mass-products in automotive environment. We propose a new FMS security architecture based on embedding SUC modules in each security-relevant entity in the FMS such as vehicles, mobile clients, smart trackers and goods. This paper investigates the expected technical impacts when using SUCs technology as physical security anchors in a standard FMS configuration. Several SUC-related generic security protocols adapted to the FM environment show how to securely-link tracing of goods, tracks routing, and personnel in such FM system. It is also shown how to combine other biometric fingerprints to simplify personal liability and enhance the security management in such globally-operating automated procedures. The presented security analysis of the resulting FMS shows that the major security concerns in existing FMSs can be resolved. One major advantage of SUC technique, is that device-manufacturers can be largely-excluded as security players. The FPGA technology required for the SUC solution is currently not available and is thought for future use. The concept is ultimately applicable if the future electronic mass products would deploy self-reconfiguring non-volatile (flash-based) System on Chip smart units. Such units are expected to dominate future Internet of Things (IoT) ultra-low-energy applications, as power-off does not lose any information. The proposed SUC strategy is highly flexible, scalable, and applicable to cover a large class of globally operating protection mechanisms similar to those of the addressed FMS scenarios.

]]>Cryptography doi: 10.3390/cryptography3040028

Authors: Saleh Mulhem Wael Adi

The Secret Unknown Cipher (SUC) concept was introduced a decade ago as a promising technique for creating pure digital clone-resistant electronic units as alternatives to the traditional non-consistent Physical Unclonable Functions (PUFs). In this work, a very special unconventional cipher design is presented. The design uses hard-core FPGA (Field Programmable Gate Arrays) -Mathblocks available in modern system-on-chip (SoC) FPGAs. Such Mathblocks are often not completely used in many FPGA applications; therefore, it seems wise to make use of such dead (unused) modules to fabricate usable physical security functions for free. Standard cipher designs usually avoid deploying multipliers in the cipher mapping functions due to their high complexity. The main target of this work is to design large cipher classes (e.g., cipher class size &gt;2600) by mainly deploying the FPGA specific mathematical cores. The proposed cipher designs are novel hardware-oriented and new in the public literature, using fully new unusual mapping functions. If a random unknown selection of one cipher out of 2600 ciphers is self-configured in a device, then a Secret Unknown Cipher module is created within a device, making it physically hard to clone. We consider the cipher module for free (for zero cost) if the major elements in the cipher module are making use of unused reanimated Mathblocks. Such ciphers are usable in many future mass products for protecting vehicular units against cloning and modeling attacks. The required self-reconfigurable devices for that concept are not available now; however, they are expected to emerge in the near future.

]]>Cryptography doi: 10.3390/cryptography3040027

Authors: Brian Coyle Elham Kashefi Matty J. Hoban

The generation of certifiable randomness is one of the most promising applications of quantum technologies. Furthermore, the intrinsic non-locality of quantum correlations allow us to certify randomness in a device-independent way, i.e., we do not need to make assumptions about the devices used. Due to the work of Curchod et al. a single entangled two-qubit pure state can be used to produce arbitrary amounts of certified randomness. However, the obtaining of this randomness is experimentally challenging as it requires a large number of measurements, both projective and general. Motivated by these difficulties in the device-independent setting, we instead consider the scenario of one-sided device independence where certain devices are trusted, and others are not; a scenario motivated by asymmetric experimental set-ups such as ion-photon networks. We show how certain aspects of previous works can be adapted to this scenario and provide theoretical bounds on the amount of randomness that can be certified. Furthermore, we give a protocol for unbounded randomness certification in this scenario, and provide numerical results demonstrating the protocol in the ideal case. Finally, we numerically test the possibility of implementing this scheme on near-term quantum technologies, by considering the performance of the protocol on several physical platforms.

]]>Cryptography doi: 10.3390/cryptography3040026

Authors: Niraj Kumar

We introduce a private quantum money scheme with the note verification procedure based on sampling matching, a problem in a one-way communication complexity model. Our scheme involves a bank who produces and distributes quantum notes, noteholders who are untrusted, and trusted local verifiers of the bank to whom the holders send their notes in order to carry out transactions. The key aspects of our money scheme include: note verification procedure requiring a single round classical interaction between the local verifier and bank; fixed verification circuit that uses only passive linear optical components; re-usability of each note in our scheme which grows linearly with the size of note; and an unconditional security against any adversary trying to forge the banknote while tolerating the noise of up to 21.4%. We further describe a practical implementation technique of our money scheme using weak coherent states of light and the verification circuit involving a single 50/50 beam splitter and two single-photon threshold detectors. Previous best-known matching based money scheme proposal involves a verification circuit where the number of optical components increase proportional to the increase in desired noise tolerance (robustness). In contrast, we achieve any desired noise tolerance (up to a maximal threshold value) with only a fixed number of optical components. This considerable reduction of components in our scheme enables us to reach the robustness values that is not feasible for any existing money scheme with the current technology.

]]>Cryptography doi: 10.3390/cryptography3040025

Authors: Lukas Fladung Georgios M. Nikolopoulos Gernot Alber Marc Fischlin

Optical physical unclonable keys are currently considered to be rather promising candidates for the development of entity authentication protocols, which offer security against both classical and quantum adversaries. In this work, we investigate the robustness of a continuous-variable protocol, which relies on the scattering of coherent states of light from the key, against three different types of intercept&ndash;resend emulation attacks. The performance of the protocol is analyzed for a broad range of physical parameters, and our results are compared to existing security bounds.

]]>Cryptography doi: 10.3390/cryptography3030024

Authors: Alzahraa J. Mohammed Ali A. Yassin

In an era of tremendous development in information technology and the Internet of Things (IoT), security plays a key role in safety devices connected with the Internet. Authentication is vital in the security field, and to achieve a strong authentication scheme, there are several systems using a Multi-Factor Authentication (MFA) scheme based on a smart card, token, and biometric. However, these schemes have suffered from the extra cost; lost, stolen or broken factor, and malicious attacks. In this paper, we design an MFA protocol to be the authenticated administrator of IoT&rsquo;s devices. The main components of our protocol are a smart mobile device and the fuzzy extractor of the administrator&rsquo;s fingerprint. The information of the authenticated user is stored in an anomalous manner in mobile devices and servers to resist well-known attacks, and, as a result, the attacker fails to authenticate the system when they obtain a mobile device or password. Our work overcomes the above-mentioned issues and does not require extra cost for a fingerprint device. By using the AVISPA tool to analysis protocol security, the results are good and safe against known attacks.

]]>Cryptography doi: 10.3390/cryptography3030023

Authors: Matthew Campagna Shay Gueron

This paper describes a cloud-scale encryption system. It discusses the constraints that shaped the design of Amazon Web Services&rsquo; Key Management Service, and in particular, the challenges that arise from using a standard mode of operation such as AES-GCM while safely supporting huge amounts of encrypted data that is (simultaneously) generated and consumed by a huge number of users employing different keys. We describe a new derived-key mode that is designed for this multi-user-multi-key scenario typical at the cloud scale. Analyzing the resulting security bounds of this model illustrates its applicability for our setting. This mode is already deployed as the default mode of operation for the AWS key management service.

]]>Cryptography doi: 10.3390/cryptography3030022

Authors: Kai-Min Chung Marios Georgiou Ching-Yi Lai Vassilis Zikas

Backdooring cryptographic algorithms is an indisputable taboo in the cryptographic literature for a good reason: however noble the intentions, backdoors might fall in the wrong hands, in which case security is completely compromised. Nonetheless, more and more legislative pressure is being produced to enforce the use of such backdoors. In this work we introduce the concept of disposable cryptographic backdoors which can be used only once and become useless after that. These exotic primitives are impossible in the classical digital world without stateful and secure trusted hardware support, but, as we show, are feasible assuming quantum computation and access to classical stateless hardware tokens. Concretely, we construct a disposable (single-use) version of message authentication codes, and use them to derive a black-box construction of stateful hardware tokens in the above setting with quantum computation and classical stateless hardware tokens. This can be viewed as a generic transformation from stateful to stateless tokens and enables, among other things, one-time programs and memories. This is to our knowledge the first provably secure construction of such primitives from stateless tokens. As an application of disposable cryptographic backdoors we use our constructed primitive above to propose a middle-ground solution to the recent legislative push to backdoor cryptography: the conflict between Apple and FBI. We show that it is possible for Apple to create a one-time backdoor which unlocks any single device, and not even Apple can use it to unlock more than one, i.e., the backdoor becomes useless after it is used. We further describe how to use our ideas to derive a version of CCA-secure public key encryption, which is accompanied with a disposable (i.e., single-use, as in the above scenario) backdoor.

]]>Cryptography doi: 10.3390/cryptography3030021

Authors: Amit Phadikar Poulami Jana Himadri Mandal

In this work, a reversible watermarking technique is proposed for DICOM (Digital Imaging and Communications in Medicine) image that offers high embedding capacity (payload), security and fidelity of the watermarked image. The goal is achieved by embedding watermark based on companding in lifting based discrete wavelet transform (DWT) domain. In the embedding process, the companding technique is used to increase the data hiding capacity. On the other hand, a simple linear function is used in companding to make the scheme easy to implement, and content dependant watermark is used to make the scheme robust to collusion operation. Moreover, unlike previously proposed reversible watermarking techniques, this novel approach does not embed the location map in the host image that ultimately helps to achieve high fidelity of the watermarked image. The advantage of the proposed scheme is demonstrated by simulation results and also compared with selected other related schemes.

]]>Cryptography doi: 10.3390/cryptography3030020

Authors: Sitalakshmi Venkatraman Anthony Overmars

The potential benefits of the Internet of Things (IoT) are hampered by malicious interventions of attackers when the fundamental security requirements such as authentication and authorization are not sufficiently met and existing measures are unable to protect the IoT environment from data breaches. With the spectrum of IoT application domains increasing to include mobile health, smart homes and smart cities in everyday life, the consequences of an attack in the IoT network connecting billions of devices will become critical. Due to the challenges in applying existing cryptographic standards to resource constrained IoT devices, new security solutions being proposed come with a tradeoff between security and performance. While much research has focused on developing lightweight cryptographic solutions that predominantly adopt RSA (Rivest&ndash;Shamir&ndash;Adleman) authentication methods, there is a need to identify the limitations in the usage of such measures. This research paper discusses the importance of a better understanding of RSA-based lightweight cryptography and the associated vulnerabilities of the cryptographic keys that are generated using semi-primes. In this paper, we employ mathematical operations on the sum of four squares to obtain one of the prime factors of a semi-prime that could lead to the attack of the RSA keys. We consider the even sum of squares and show how a modified binary greatest common divisor (GCD) can be used to quickly recover one of the factors of a semi-prime. The method presented in this paper only uses binary arithmetic shifts that are more suitable for the resource-constrained IoT landscape. This is a further improvement on previous work based on Euler&rsquo;s method which is demonstrated using an illustration that allows for the faster testing of multiple sums of squares solutions more quickly.

]]>Cryptography doi: 10.3390/cryptography3030019

Authors: Maki Kihara Satoshi Iriyama

We propose a new authentication algorithm for small internet of things (IoT) devices without key distribution and secure servers. Encrypted private data are stored on the cloud server in the registration step and compared with incoming encrypted data without decryption in the verification step. We call a set of encryptions that can verify two encrypted data items without decryption a verifiable encryption (VE). In this paper, we define VE, and claim that several cryptosystems belong to the VE class. Moreover, we introduce an authentication algorithm based on VE, and show an example of the algorithm and discuss its performance and security. As the algorithm neither shares any secret keys nor decrypts, its computation time becomes very small.

]]>Cryptography doi: 10.3390/cryptography3030018

Authors: Jeff Calhoun Cyrus Minwalla Charles Helmich Fareena Saqib Wenjie Che Jim Plusquellic

Electronic money (e-money or e-Cash) is the digital representation of physical banknotes augmented by added use cases of online and remote payments. This paper presents a novel, anonymous e-money transaction protocol, built based on physical unclonable functions (PUFs), titled PUF-Cash. PUF-Cash preserves user anonymity while enabling both offline and online transaction capability. The PUF&rsquo;s privacy-preserving property is leveraged to create blinded tokens for transaction anonymity while its hardware-based challenge&ndash;response pair authentication scheme provides a secure solution that is impervious to typical protocol attacks. The scheme is inspired from Chaum&rsquo;s Digicash work in the 1980s and subsequent improvements. Unlike Chaum&rsquo;s scheme, which relies on Rivest, Shamir and Adlemans&rsquo;s (RSA&rsquo;s) multiplicative homomorphic property to provide anonymity, the anonymity scheme proposed in this paper leverages the random and unique statistical properties of synthesized integrated circuits. PUF-Cash is implemented and demonstrated using a set of Xilinx Zynq Field Programmable Gate Arrays (FPGAs). Experimental results suggest that the hardware footprint of the solution is small, and the transaction rate is suitable for large-scale applications. An in-depth security analysis suggests that the solution possesses excellent statistical qualities in the generated authentication and encryption keys, and it is robust against a variety of attack vectors including model-building, impersonation, and side-channel variants.

]]>Cryptography doi: 10.3390/cryptography3030017

Authors: Md Shahed Enamul Quadir John A. Chandy

As a result of the increased use of contract foundries, intellectual property (IP) theft, excess production and reverse engineering are major concerns for the electronics and defense industries. Hardware obfuscation and IP locking can be used to make a design secure by replacing a part of the circuit with a key-locked module. In order to ensure each chip has unique keys, previous work has proposed using physical unclonable functions (PUF) to lock the circuit. However, these designs are area intensive. In this work, we propose a strong PUF-based hardware obfuscation scheme to uniquely lock each chip.

]]>Cryptography doi: 10.3390/cryptography3020016

Authors: Ibou Sene Abdoul Aziz Ciss Oumar Niang

The Internet of Things (IoT) is very attractive because of its promises. However, it brings many challenges, mainly issues about privacy preservation and lightweight cryptography. Many schemes have been designed so far but none of them simultaneously takes into account these aspects. In this paper, we propose an efficient attribute-based credential scheme for IoT devices. We use elliptic curve cryptography without pairing, blind signing, and zero-knowledge proof. Our scheme supports block signing, selective disclosure, and randomization. It provides data minimization and transaction unlinkability. Our construction is efficient since smaller key size can be used, and computing time can be reduced. As a result, it is a suitable solution for IoT devices characterized by three major constraints, namely low-energy power, small storage capacity, and low computing power.

]]>Cryptography doi: 10.3390/cryptography3020015

Authors: Sally Lin Pei Ching Faridah Yunos

A cryptography system was developed previously based on Cipher Polygraphic Polyfunction transformations, C i &times; j ( t ) &equiv; A i &times; i t P i &times; j m o d N where C i &times; j , P i &times; j , A i &times; i are cipher text, plain text, and encryption key, respectively. Whereas, ( t ) is the number of transformations of plain text to cipher text. In this system, the parameters ( A i &times; i , ( t ) ) are kept in secret by a sender of messages. The security of this system, including its combination with the second order linear recurrence Lucas sequence (LUC) and the Ron Rivest, Adi Shamir and Leonard Adleman (RSA) method, until now is being upgraded by some researchers. The studies found that there is some type of self-invertible A 4 &times; 4 should be not chosen before transforming a plain text to cipher text in order to enhance the security of Cipher Tetragraphic Trifunction. This paper also seeks to obtain some patterns of self-invertible keys A 6 &times; 6 and subsequently examine their effect on the system of Cipher Hexagraphic Polyfunction transformation. For that purpose, we need to find some solutions L 3 &times; 3 for L 3 &times; 3 2 &equiv; A 3 &times; 3 mod N when A 3 &times; 3 are diagonal and symmetric matrices and subsequently implement the key L 3 &times; 3 to get the pattern of A 6 &times; 6 .

]]>Cryptography doi: 10.3390/cryptography3020014

Authors: Mohamad Ali Mehrabi

Modular reduction of large values is a core operation in most common public-key cryptosystems that involves intensive computations in finite fields. Within such schemes, efficiency is a critical issue for the effectiveness of practical implementation of modular reduction. Recently, Residue Number Systems have drawn attention in cryptography application as they provide a good means for extreme long integer arithmetic and their carry-free operations make parallel implementation feasible. In this paper, we present an algorithm to calculate the precise value of &ldquo; X mod p &rdquo; directly in the RNS representation of an integer. The pipe-lined, non-pipe-lined, and parallel hardware architectures are proposed and implemented on XILINX FPGAs.

]]>Cryptography doi: 10.3390/cryptography3020013

Authors: Tariq Shah Ayesha Qureshi

In substitution&ndash;permutation network as a cryptosystem, substitution boxes play the role of the only nonlinear part. It would be easy for adversaries to compromise the security of the system without them. 8-bit S-boxes are the most used cryptographic components. So far, cryptographers were constructing 8-bit S-boxes used in cryptographic primitives by exhaustive search of permutations of order 256. However, now for cryptographic techniques with 8-bit S-boxes as confusion layers, researchers are trying to reduce the size of S-box by working with a small unit of data. The aim is to make the techniques compact, fast and elegant. The novelty of this research is the construction of S-box on the elements of the multiplicative subgroup of the Galois field instead of the entire Galois field. The sturdiness of the proposed S-box against algebraic attacks was hashed out by employing the renowned analyses, including balance, nonlinearity, strict avalanche criterion, and approximation probabilities. Furthermore, the statistical strength of the S-box was tested by the majority logic criterion. The fallouts show that the S-box is appropriate for applications for secure data communications. The S-box was also used for watermarking of grayscale images with good outcomes.

]]>Cryptography doi: 10.3390/cryptography3020012

Authors: Bhupendra Tiwari Jude Kuipo Joshua Adeegbe Ninoslav Marina

The AKS algorithm is an important breakthrough in showing that primality testing of an integer can be done in polynomial time. In this paper, we study the optimization of its runtime. Namely, given a finite cardinality set of alphabets of a deterministic polynomial runtime Turing machine and the number of strings of an arbitrary input integer whose primality is to be tested as the system parameters, we consider the randomized AKS primality testing function as the objective function. Under randomization of the system parameters, we have shown that there are definite signatures of the local and global instabilities in the AKS algorithm. We observe that instabilities occur at the extreme limits of the parameters. It is worth mentioning that Fermat’s little theorem and Chinese remaindering help with the determination of the underlying stability domains. On the other hand, in the realm of the randomization theory, our study offers fluctuation theory structures of the AKS primality testing of an integer through its maximum number of irreducible factors. Finally, our optimization theory analysis anticipates a class of real-world applications for future research and developments, including optimal online security, system optimization and its performance improvements, (de)randomization techniques, and beyond, e.g., polynomial time primality testing, identity testing, machine learning, scientific computing, coding theory, and other stimulating optimization problems in a random environment.

]]>Cryptography doi: 10.3390/cryptography3020011

Authors: Ayoub Mars Wael Adi

A concept for creating a large class of lightweight stream ciphers as Key Stream Generators KSGs is presented. The resulting class-size exceeds 2323 possible different KSGs. If one unknown cipher from the KSG-class is randomly picked-up and stored irreversibly within a VLSI device, the device becomes physically hard-to-clone. The selected cipher is only usable by the device itself, therefore cloning it requires an invasive attack on that particular device. Being an unknown selection out of 2323 possible KSGs, the resulting cipher is seen as a Secret Unknown Cipher (SUC). The SUC concept was presented a decade ago as a digital alternative to the inconsistent traditional analog Physically Unclonable Functions (PUFs). This work presents one possible practical self-creation technique for such PUFs as hard-to-clone unknown KSGs usable to re-identify VLSI devices. The proposed sample cipher-structure is based on non-linear merging of randomly selected 16 Nonlinear Feedback Shift Registers (NLFSRs). The created KSGs exhibit linear complexities exceeding 281 and a period exceeding 2161. The worst-case device cloning time complexity approaches 2162. A simple lightweight identification protocol for physically identifying such SUC structures in FPGA-devices is presented. The required self-reconfiguring FPGAs for embedding such SUCs are not yet available, however, expected to emerge in the near future. The security analysis and hardware complexities of the resulting clone-resistant structures are evaluated and shown to offer scalable security levels to cope even with the post-quantum cryptography.

]]>Cryptography doi: 10.3390/cryptography3010010

Authors: Syed Kamran Haider Marten van Dijk

Oblivious RAM (ORAM) is a cryptographic primitive which obfuscates the access patterns to a storage, thereby preventing privacy leakage. So far in the current literature, only ‘fully functional’ ORAMs are widely studied which can protect, at a cost of considerable performance penalty, against the strong adversaries who can monitor all read and write operations. However, recent research has shown that information can still be leaked even if only the write access pattern (not reads) is visible to the adversary. For such weaker adversaries, a fully functional ORAM turns out to be an overkill, causing unnecessary overheads. Instead, a simple ‘write-only’ ORAM is sufficient, and, more interestingly, is preferred as it can offer far better performance and energy efficiency than a fully functional ORAM. In this work, we present Flat ORAM: an efficient write-only ORAM scheme which outperforms the closest existing write-only ORAM called HIVE. HIVE suffers from performance bottlenecks while managing the memory occupancy information vital for correctness of the protocol. Flat ORAM introduces a simple idea of Occupancy Map (OccMap) to efficiently manage the memory occupancy information resulting in far better performance. Our simulation results show that, compared to HIVE, Flat ORAM offers 50 % performance gain on average and up to 80 % energy savings.

]]>Cryptography doi: 10.3390/cryptography3010009

Authors: Luigi Accardi Satoshi Iriyama Koki Jimbo Massimo Regoli

A new class of public key agreement (PKA) algorithms called strongly-asymmetric algorithms (SAA) was introduced in a previous paper by some of the present authors. This class can be shown to include some of the best-known PKA algorithms, for example the Diffie&ndash;Hellman and several of its variants. In this paper, we construct a new version of the previous construction, called SAA-5, improving it in several points, as explained in the Introduction. In particular, the construction complexity is reduced, and at the same time, robustness is increased. Intuitively, the main difference between SAA-5 and the usual PKA consists of the fact that in the former class, B (Bob) has more than one public key and A (Alice) uses some of them to produce her public key and others to produce the secret shared key (SSK). This introduces an asymmetry between the sender of the message (B) and the receiver (A) and motivates the name for this class of algorithms. After describing the main steps of SAA-5, we discuss its breaking complexity assuming zero complexity of discrete logarithms and the computational complexity for both A and B to create SSK.

]]>Cryptography doi: 10.3390/cryptography3010008

Authors: Le Van Luyen

Multivariate Public Key Cryptography (MPKC) is one of the main candidates for post-quantum cryptography, especially in the area of signature schemes. In this paper, we instantiate a certificate Identity-Based Signature (IBS) scheme based on Rainbow, one of the most efficient and secure multivariate signature schemes. In addition, we revise the previous identity-based signature scheme IBUOV based on the Unbalanced Oil and Vinegar (UOV) scheme on the security and choice of parameters and obtain that our scheme is more efficient than IBUOV in terms of key sizes and signature sizes.

]]>Cryptography doi: 10.3390/cryptography3010007

Authors: Karuna Pande Joshi Agniva Banerjee

An essential requirement of any information management system is to protect data and resources against breach or improper modifications, while at the same time ensuring data access to legitimate users. Systems handling personal data are mandated to track its flow to comply with data protection regulations. We have built a novel framework that integrates semantically rich data privacy knowledge graph with Hyperledger Fabric blockchain technology, to develop an automated access-control and audit mechanism that enforces users&rsquo; data privacy policies while sharing their data with third parties. Our blockchain based data-sharing solution addresses two of the most critical challenges: transaction verification and permissioned data obfuscation. Our solution ensures accountability for data sharing in the cloud by incorporating a secure and efficient system for End-to-End provenance. In this paper, we describe this framework along with the comprehensive semantically rich knowledge graph that we have developed to capture rules embedded in data privacy policy documents. Our framework can be used by organizations to automate compliance of their Cloud datasets.

]]>Cryptography doi: 10.3390/cryptography3010006

Authors: Yasir Naseer Tariq Shah Dawood Shah Sadam Hussain

The role of substitution boxes is very important in block ciphers. Substitution boxes are utilized to create confusion in the cryptosystem. However, to create both confusion and diffusion in any cryptosystem p-boxes and chaos base substitution boxes are designed. In this work, a simple method is presented that serves both ways. This method is based on composition of the action of symmetric group on Galois field and inversion map. This construction method provides a large number of highly non-linear substitution permutation boxes having the property of confusion as well as diffusion. These substitution permutation boxes have all the cryptography properties. Their utilization in the image encryption application is measured by majority logic criterion. We named these newly designed substitution boxes (S-boxes) as substitution permutation boxes (S-p-boxes), because they serve as both substitution boxes (S-boxes) as well as permutation boxes (p-boxes).

]]>Cryptography doi: 10.3390/cryptography3010005

Authors: Cryptography Editorial Office

Rigorous peer-review is the corner-stone of high-quality academic publishing [...]

]]>Cryptography doi: 10.3390/cryptography3010004

Authors: Ashutosh Dhar Dwivedi Shalini Dhar Gautam Srivastava Rajani Singh

In this work, we focus on LS-design ciphers Fantomas, Robin, and iSCREAM. LS-designs are a family of bitslice ciphers aimed at efficient masked implementations against side-channel analysis. We have analyzed Fantomas and Robin with a technique that previously has not been applied to both algorithms or linear cryptanalysis. The idea behind linear cryptanalysis is to build a linear characteristic that describes the relation between plaintext and ciphertext bits. Such a relationship should hold with probability 0.5 (bias is zero) for a secure cipher. Therefore, we try to find a linear characteristic between plaintext and ciphertext where bias is not equal to zero. This non-random behavior of cipher could be converted to some key-recovery attack. For Fantomas and Robin, we find 5 and 7-round linear characteristics. Using these characteristics, we attack both the ciphers with reduced rounds and recover the key for the same number of rounds. We also apply linear cryptanalysis to the famous CAESAR candidate iSCREAM and the closely related LS-design Robin. For iScream, we apply linear cryptanalysis to the round-reduced cipher and find a 7-round best linear characteristics. Based on those linear characteristics we extend the path in the related-key scenario for a higher number of rounds.

]]>Cryptography doi: 10.3390/cryptography3010003

Authors: Asad Ali Siyal Aisha Zahid Junejo Muhammad Zawish Kainat Ahmed Aiman Khalil Georgia Soursou

Blockchain technology has gained considerable attention, with an escalating interest in a plethora of numerous applications, ranging from data management, financial services, cyber security, IoT, and food science to healthcare industry and brain research. There has been a remarkable interest witnessed in utilizing applications of blockchain for the delivery of safe and secure healthcare data management. Also, blockchain is reforming the traditional healthcare practices to a more reliable means, in terms of effective diagnosis and treatment through safe and secure data sharing. In the future, blockchain could be a technology that may potentially help in personalized, authentic, and secure healthcare by merging the entire real-time clinical data of a patient&rsquo;s health and presenting it in an up-to-date secure healthcare setup. In this paper, we review both the existing and latest developments in the field of healthcare by implementing blockchain as a model. We also discuss the applications of blockchain, along with the challenges faced and future perspectives.

]]>Cryptography doi: 10.3390/cryptography3010002

Authors: Muhammad Rezal Kamel Ariffin Saidu Isah Abubakar Faridah Yunos Muhammad Asyraf Asbullah

This paper presents new short decryption exponent attacks on RSA, which successfully leads to the factorization of RSA modulus N = p q in polynomial time. The paper has two parts. In the first part, we report the usage of the small prime difference method of the form | b 2 p &minus; a 2 q | &lt; N &gamma; where the ratio of q p is close to b 2 a 2 , which yields a bound d &lt; 3 2 N 3 4 &minus; &gamma; from the convergents of the continued fraction expansion of e N &minus; &lceil; a 2 + b 2 a b N &rceil; + 1 . The second part of the paper reports four cryptanalytic attacks on t instances of RSA moduli N s = p s q s for s = 1 , 2 , &hellip; , t where we use N &minus; &lceil; a 2 + b 2 a b N &rceil; + 1 as an approximation of ϕ ( N ) satisfying generalized key equations of the shape e s d &minus; k s ϕ ( N s ) = 1 , e s d s &minus; k ϕ ( N s ) = 1 , e s d &minus; k s ϕ ( N s ) = z s , and e s d s &minus; k ϕ ( N s ) = z s for unknown positive integers d , k s , d s , k s , and z s , where we establish that t RSA moduli can be simultaneously factored in polynomial time using combinations of simultaneous Diophantine approximations and lattice basis reduction methods. In all the reported attacks, we have found an improved short secret exponent bound, which is considered to be better than some bounds as reported in the literature.

]]>Cryptography doi: 10.3390/cryptography3010001

Authors: Seyed Mojtaba Dehnavi

SIMON and SPECK families of block ciphers are well-known lightweight ciphers designed by the NSA. In this note, based on the previous investigations on SIMON, a closed formula for the squared correlations and differential probabilities of the mapping ϕ ( x ) = x ⊙ S 1 ( x ) on F 2 n is given. From the aspects of linear and differential cryptanalysis, this mapping is equivalent to the core quadratic mapping of SIMON via rearrangement of coordinates and EA -equivalence. Based on the proposed explicit formula, a full description of DDT and LAT of ϕ is provided. In the case of SPECK, as the only nonlinear operation in this family of ciphers is addition mod 2 n , after reformulating the formula for linear and differential probabilities of addition mod 2 n , straightforward algorithms for finding the output masks with maximum squared correlation, given the input masks, as well as the output differences with maximum differential probability, given the input differences, are presented. By the aid of the tools given in this paper, the process of the search for linear and differential characteristics of SIMON and SPECK families of block ciphers could be sped up, and the complexity of linear and differential attacks against these ciphers could be reduced.

]]>Cryptography doi: 10.3390/cryptography2040042

Authors: Jonathan Trostle

In some wireless environments, minimizing the size of messages is paramount due to the resulting significant energy savings. We present CMCC (CBC-MAC-CTR-CBC), an authenticated encryption scheme with associated data (AEAD) that is also nonce misuse resistant. The main focus for this work is minimizing ciphertext expansion, especially for short messages including plaintext lengths less than the underlying block cipher length (e.g., 16 bytes). For many existing AEAD schemes, a successful forgery leads directly to a loss of confidentiality. For CMCC, changes to the ciphertext randomize the resulting plaintext, thus forgeries do not necessarily result in a loss of confidentiality which allows us to reduce the length of the authentication tag. For protocols that send short messages, our scheme is similar to Synthetic Initialization Vector (SIV) mode for computational overhead but has much smaller expansion. We prove both a misuse resistant authenticated encryption (MRAE) security bound and an authenticated encryption (AE) security bound for CMCC. We also present a variation of CMCC, CWM (CMCC With MAC), which provides a further strengthening of the security bounds.

]]>Cryptography doi: 10.3390/cryptography2040041

Authors: Christian Frøystad Inger Anne Tøndel Martin Gilje Jaatun

Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about incidents that occur at upstream CSPs to inform their users. In this paper, we argue the need for commonly agreed-upon incident information exchanges between providers to improve accountability of CSPs, and present both such a format and a prototype implementing it. The solution can handle simple incident information natively as well as embed standard representation formats for incident-sharing, such as IODEF and STIX. Preliminary interviews show a desire for such a solution. The discussion considers both technical challenges and non-technical aspects related to improving the situation for incident response in cloud-computing scenarios. Our solution holds the potential of making incident-sharing more efficient.

]]>Cryptography doi: 10.3390/cryptography2040040

Authors: Filippo Gandino Bartolomeo Montrucchio Maurizio Rebaudengo

Security in wireless sensor networks is commonly based on symmetric encryption and requires key-management systems to establish and exchange secret keys. A constraint that is common to many key-management approaches is an upper bound to the total number of nodes in the network. An example is represented by the schemes based on combinatorial design. These schemes use specific rules for the generation of sets of keys that are distributed to the nodes before deploying the network. The aim of these approaches is to improve the resilience of the network. However, the quantity of data that must be stored by each node is proportional to the number of nodes of the network, so the available memory affects the applicability of these schemes. This paper investigates the opportunity of reducing the storage overhead by distributing the same set of keys to more than one node. In addition, the presence of redundant sets of keys affects the resilience and the security of the network. A careful analysis is conducted to evaluate benefits and drawbacks of redundant key distribution approaches. The results show that the use of redundancy decreases the level of resilience, but it scales well on very large networks.

]]>Cryptography doi: 10.3390/cryptography2040039

Authors: Stefania Loredana Nita Marius Iulian Mihailescu Valentin Corneliu Pau

Authentication systems based on biometrics characteristics and data represents one of the most important trend in the evolution of the society, e.g., Smart City, Internet-of-Things (IoT), Cloud Computing, Big Data. In the near future, biometrics systems will be everywhere in the society, such as government, education, smart cities, banks etc. Due to its uniqueness, characteristic, biometrics systems will become more and more vulnerable, privacy being one of the most important challenges. The classic cryptographic primitives are not sufficient to assure a strong level of secureness for privacy. The current paper has several objectives. The main objective consists in creating a framework based on cryptographic modules which can be applied in systems with biometric authentication methods. The technologies used in creating the framework are: C#, Java, C++, Python, and Haskell. The wide range of technologies for developing the algorithms give the readers the possibility and not only, to choose the proper modules for their own research or business direction. The cryptographic modules contain algorithms based on machine learning and modern cryptographic algorithms: AES (Advanced Encryption System), SHA-256, RC4, RC5, RC6, MARS, BLOWFISH, TWOFISH, THREEFISH, RSA (Rivest-Shamir-Adleman), Elliptic Curve, and Diffie Hellman. As methods for implementing with success the cryptographic modules, we will propose a methodology which can be used as a how-to guide. The article will focus only on the first category, machine learning, and data clustering, algorithms with applicability in the cloud computing environment. For tests we have used a virtual machine (Virtual Box) with Apache Hadoop and a Biometric Analysis Tool. The weakness of the algorithms and methods implemented within the framework will be evaluated and presented in order for the reader to acknowledge the latest status of the security analysis and the vulnerabilities founded in the mentioned algorithms. Another important result of the authors consists in creating a scheme for biometric enrollment (in Results). The purpose of the scheme is to give a big overview on how to use it, step by step, in real life, and how to use the algorithms. In the end, as a conclusion, the current work paper gives a comprehensive background on the most important and challenging aspects on how to design and implement an authentication system based on biometrics characteristics.

]]>Cryptography doi: 10.3390/cryptography2040038

Authors: James Jin Kang Kiran Fahd Sitalakshmi Venkatraman

Due to the prevalence and constantly increasing risk of cyber-attacks, new and evolving security mechanisms are required to protect information and networks and ensure the basic security principles of confidentiality, integrity, and availability&mdash;referred to as the CIA triad. While confidentiality and integrity can be achieved using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates, these depend on the correct authentication of servers, which could be compromised due to man-in-the-middle (MITM) attacks. Many existing solutions have practical limitations due to their operational complexity, deployment costs, as well as adversaries. We propose a novel scheme to detect MITM attacks with minimal intervention and workload to the network and systems. Our proposed model applies a novel inferencing scheme for detecting true anomalies in transmission time at a trusted time server (TTS) using time-based verification of sent and received messages. The key contribution of this paper is the ability to automatically detect MITM attacks with trusted verification of the transmission time using a learning-based inferencing algorithm. When used in conjunction with existing systems, such as intrusion detection systems (IDS), which require comprehensive configuration and network resource costs, it can provide a robust solution that addresses these practical limitations while saving costs by providing assurance.

]]>Cryptography doi: 10.3390/cryptography2040037

Authors: Megha Agrawal Donghoon Chang Jinkeon Kang

A technique of authenticated encryption for memory constrained devices called sp-AELM was proposed by Agrawal et al. at ACISP 2015. The sp-ALEM construction utilizes a sponge-based primitive to support online encryption and decryption functionalities. Online encryption in the construction is achieved in the standard manner by processing plaintext blocks as they arrive to produce ciphertext blocks. However, decryption is achieved by storing only one intermediate state and releasing it to the user upon correct verification. This intermediate state allows a legitimate user to generate the plaintext herself. However, the scheme is nonce-respecting, i.e., the scheme is insecure if the nonce is repeated. Implementation of a nonce is non-trivial in practice, and reuse of a nonce in an AE scheme is often devastating. In this paper, we propose a new AE scheme called dAELM, which stands for deterministic authenticated encryption (DAE) scheme for low memory devices. DAE is used in domains such as the key wrap, where the available message entropy omits the overhead of a nonce. For limiting memory usage, our idea is to use a session key to encrypt a message and share the session key with the user depending upon the verification of a tag. We provide the security proof of the proposed construction in the ideal cipher model.

]]>Cryptography doi: 10.3390/cryptography2040036

Authors: Pratha Anuradha Kameswari Lambadi Jyotsna

In this paper, we gave an attack on RSA (Rivest&ndash;Shamir&ndash;Adleman) Cryptosystem when &phi; ( N ) has small multiplicative inverse modulo e and the prime sum p + q is of the form p + q = 2 n k 0 + k 1 , where n is a given positive integer and k 0 and k 1 are two suitably small unknown integers using sublattice reduction techniques and Coppersmith&rsquo;s methods for finding small roots of modular polynomial equations. When we compare this method with an approach using lattice based techniques, this procedure slightly improves the bound and reduces the lattice dimension. Employing the previous tools, we provide a new attack bound for the deciphering exponent when the prime sum p + q = 2 n k 0 + k 1 and performed an analysis with Boneh and Durfee&rsquo;s deciphering exponent bound for appropriately small k 0 and k 1 .

]]>Cryptography doi: 10.3390/cryptography2040035

Authors: Xavier Boyen Thomas Haines

We present the first linkable ring signature scheme with both unconditional anonymity and forward-secure key update: a powerful tool which has direct applications in elegantly addressing a number of simultaneous constraints in remote electronic voting. We propose a comprehensive security model, and construct a scheme based on the hardness of finding discrete logarithms, and (for forward security) inverting bilinear or multilinear maps of moderate degree to match the time granularity of forward security. We prove efficient security reductions&mdash;which, of independent interest, apply to, and are much tighter than, linkable ring signatures without forward security, thereby vastly improving the provable security of these legacy schemes. If efficient multilinear maps should ever admit a secure realisation, our contribution would elegantly address a number of problems heretofore unsolved in the important application of (multi-election) practical Internet voting. Even if multilinear maps are never obtained, our minimal two-epoch construction instantiated from bilinear maps can be combinatorially boosted to synthesise a polynomial time granularity, which would be sufficient for Internet voting and more.

]]>Cryptography doi: 10.3390/cryptography2040034

Authors: Jialuo Han Jidong Wang

The LoRaWAN is one of the new low-power wide-area network (LPWAN) standards applied to Internet of Things (IoT) technology. The key features of LPWAN are its low power consumption and long-range coverage. The LoRaWAN 1.1 specification includes a basic security scheme. However, this scheme could be further improved in the aspect of key management. In this paper, LoRaWAN 1.1 security is reviewed, and enhanced LoRaWAN security with a root key update scheme is proposed. The root key update will make cryptoanalysis of security keys in LoRaWAN more difficult. The analysis and simulation show that the proposed root key update scheme requires fewer computing resources compared with other key derivation schemes, including the scheme used in the LoRaWAN session key update. The results also show the key generated in the proposed scheme has a high degree of randomness, which is a basic requirement for a security key.

]]>Cryptography doi: 10.3390/cryptography2040033

Authors: Ziyuan Hu Shengli Liu Kefei Chen Joseph K. Liu

An Identity-based encryption (IBE) simplifies key management by taking users&rsquo; identities as public keys. However, how to dynamically revoke users in an IBE scheme is not a trivial problem. To solve this problem, IBE scheme with revocation (namely revocable IBE scheme) has been proposed. Apart from those lattice-based IBE, most of the existing schemes are based on decisional assumptions over pairing-groups. In this paper, we propose a revocable IBE scheme based on a weaker assumption, namely Computational Diffie-Hellman (CDH) assumption over non-pairing groups. Our revocable IBE scheme is inspired by the IBE scheme proposed by D&ouml;ttling and Garg in Crypto2017. Like D&ouml;ttling and Garg&rsquo;s IBE scheme, the key authority maintains a complete binary tree where every user is assigned to a leaf node. To adapt such an IBE scheme to a revocable IBE, we update the nodes along the paths of the revoked users in each time slot. Upon this updating, all revoked users are forced to be equipped with new encryption keys but without decryption keys, thus they are unable to perform decryption any more. We prove that our revocable IBE is adaptive IND-ID-CPA secure in the standard model. Our scheme serves as the first revocable IBE scheme from the CDH assumption. Moreover, we extend our scheme to support Decryption Key Exposure Resistance (DKER) and also propose a server-aided revocable IBE to decrease the decryption workload of the receiver. In our schemes, the size of updating key in each time slot is only related to the number of newly revoked users in the past time slot.

]]>Cryptography doi: 10.3390/cryptography2040032

Authors: Terry Lau Chik Tan

We propose a rank metric codes based encryption based on the hard problem of rank syndrome decoding problem. We propose a new encryption with a public key matrix by considering the adding of a random distortion matrix over F q m of full column rank n. We show that IND-CPA security is achievable for our encryption under assumption of the Decisional Rank Syndrome Decoding problem. Furthermore, we also prove some bounds for the number of matrices of a fixed rank with entries over a finite field. Our proposal allows the choice of the error terms with rank up to r 2 , where r is the error-correcting capability of a code. Our encryption based on Gabidulin codes has public key size of 13 . 68 KB, which is 82 times smaller than the public key size of McEliece Cryptosystem based on Goppa codes. For similar post-quantum security level of 2 140 bits, our encryption scheme has a smaller public key size than the key size suggested by LOI17 Encryption.

]]>Cryptography doi: 10.3390/cryptography2040031

Authors: Ted Krovetz

Two of the fastest types of cryptographic algorithms are the stream cipher and the almost-universal hash function. There are secure examples of each that process data in software using less than one CPU cycle per byte. Hashstream combines the two types of algorithms in a straightforward manner yielding a PRF that can both consume inputs of and produce pseudorandom outputs of any desired length. The result is an object useful in many contexts: authentication, encryption, authenticated encryption, random generation, mask generation, etc. The HS1-SIV authenticated-encryption algorithm&mdash;a CAESAR competition second round selection&mdash;was based on Hashstream and showed the promise of such an approach by having provable security and topping the speed charts in several test configurations.

]]>Cryptography doi: 10.3390/cryptography2040030

Authors: Edoardo Persichetti

The design of a practical code-based signature scheme is an open problem in post-quantum cryptography. This paper is the full version of a work appeared at SIN&rsquo;18 as a short paper, which introduced a simple and efficient one-time secure signature scheme based on quasi-cyclic codes. As such, this paper features, in a fully self-contained way, an accurate description of the scheme setting and related previous work, a detailed security analysis, and an extensive comparison and performance discussion.

]]>Cryptography doi: 10.3390/cryptography2040029

Authors: Salome James N.B. Gayathri P. Vasudeva Reddy

With the rapid development of modern technology, personal privacy has become a critical concern in many applications. Various digitalized applications such as online voting systems and the electronic cash systems need authenticity and anonymity. Blind signature is an advanced technique that provides the authenticity and anonymity of the user by obtaining a valid signature for a message without revealing its content to the signer. The message recovery property minimizes the signature size and allows efficient communication in situations where bandwidth is limited. With the advantage of blind signature and message recovery properties, in this paper, we present a new pairing free blind signature scheme with message recovery in Identity-based settings. The proposed scheme is proven to be secure in the random oracle model under the assumption that the Elliptic Curve Discrete Logarithm Problem (ECDLP) is intractable. The proposed scheme meets the security requirements such as blindness, untracebility, and unforgeability. We compare our scheme with the well-known existing schemes in the literature, and the efficiency analysis shows that our scheme is more efficient in terms of computational and communicational point of view.

]]>Cryptography doi: 10.3390/cryptography2040028

Authors: Ying-Yu Chen Bo-Yuan Huang Justie Su-Tzu Juan

Visual cryptography (VC) encrypts a secret image into n shares (transparency). As such, we cannot see any information from any one share, and the original image is decrypted by stacking all of the shares. The general (k, n)-threshold secret sharing scheme (SSS) can similarly encrypt and decrypt the original image by stacking at least k (&le; n) shares. If one stack is fewer than k shares, the secret image is unrecognizable. Another subject is progressive visual secret sharing, which means that when more shares are progressively stacked, the combined share becomes clearer. In this study, we constructed an advanced scheme for (k, n)-threshold SSS that can be encrypted in VC for any positive integers n &ge; k &ge; 2 through the method of combination, and the size of each share is the same as that of the original image. That is, no pixel expansion is required. Our scheme is novel, and the results from the theoretical analysis and simulation reveal that our scheme exhibits favorable contrast to that of other related schemes.

]]>Cryptography doi: 10.3390/cryptography2040027

Authors: Rami Sheikh Rosario Cammarota

We present Value Prediction for Security (VPsec), a novel hardware-only framework to counter fault attacks in modern microprocessors, while preserving the performance benefits of Value Prediction (VP.) VP is an elegant and hitherto mature microarchitectural performance optimization, which aims to predict the data value ahead of the data production with high prediction accuracy and coverage. Instances of VPsec leverage the state-of-the-art Value Predictors in an embodiment and system design to mitigate fault attacks in modern microprocessors. Specifically, VPsec implementations re-architect any baseline VP embodiment with fault detection logic and reaction logic to mitigate fault attacks to both the datapath and the value predictor itself. VPsec also defines a new mode of execution in which the predicted value is trusted rather than the produced value. From a microarchitectural design perspective, VPsec requires minimal hardware changes (negligible area and complexity impact) with respect to a baseline that supports VP, it has no software overheads (no increase in memory footprint or execution time), and it retains most of the performance benefits of VP under realistic attacks. Our evaluation of VPsec demonstrates its efficacy in countering fault attacks, as well as its ability to retain the performance benefits of VP on cryptographic workloads, such as OpenSSL, and non-cryptographic workloads, such as SPEC CPU 2006/2017.

]]>Cryptography doi: 10.3390/cryptography2030026

Authors: William Diehl Abubakr Abdulgadir Farnoud Farahmand Jens-Peter Kaps Kris Gaj

Authenticated ciphers, which combine the cryptographic services of confidentiality, integrity, and authentication into one algorithmic construct, can potentially provide improved security and efficiencies in the processing of sensitive data. However, they are vulnerable to side-channel attacks such as differential power analysis (DPA). Although the Test Vector Leakage Assessment (TVLA) methodology has been used to confirm improved resistance of block ciphers to DPA after application of countermeasures, extension of TVLA to authenticated ciphers is non-trivial, since authenticated ciphers have expanded input and output requirements, complex interfaces, and long test vectors which include protocol necessary to describe authenticated cipher operations. In this research, we upgrade the FOBOS test architecture with capability to perform TVLA on authenticated ciphers. We show that FPGA implementations of the CAESAR Round 3 candidates ACORN, Ascon, CLOC (with AES and TWINE primitives), SILC (with AES, PRESENT, and LED primitives), JAMBU (with AES and SIMON primitives), and Ketje Jr.; as well as AES-GCM, are vulnerable to 1st order DPA. We then use threshold implementations to protect the above cipher implementations against 1st order DPA, and verify the effectiveness of countermeasures using the TVLA methodology. Finally, we compare the unprotected and protected cipher implementations in terms of area, performance (maximum frequency and throughput), throughput-to-area (TP/A) ratio, power, and energy per bit (E/bit). Our results show that ACORN consumes the lowest number of resources, has the highest TP/A ratio, and is the most energy-efficient of all DPA-resistant implementations. However, Ketje Jr. has the highest throughput.

]]>Cryptography doi: 10.3390/cryptography2030025

Authors: Jean-Luc Danger Youssef El Housni Adrien Facon Cheikh T. Gueye Sylvain Guilley Sylvie Herbel Ousmane Ndiaye Edoardo Persichetti Alexander Schaub

Multiplications in G F ( 2 N ) can be securely optimized for cryptographic applications when the integer N is small and does not match machine words (i.e., N &lt; 32 ). In this paper, we present a set of optimizations applied to DAGS, a code-based post-quantum cryptographic algorithm and one of the submissions to the National Institute of Standards and Technology&rsquo;s (NIST) Post-Quantum Cryptography (PQC) standardization call.

]]>Cryptography doi: 10.3390/cryptography2030024

Authors: Joy Jo-Yi Chang Bo-Yuan Huang Justie Su-Tzu Juan

In (2, 2)-visual secret sharing (VSS) schemes, a common type of (k, n)-threshold VSS schemes, secret information can be decoded directly through only two shares by using a human vision system. Several studies have analyzed methods of simplifying the decoding process and refining encoding to pass more secret images through two identical shares. However, limited secret images are retrieved, and the quality of the recovered images is low. This paper proposes an advanced (2, 2)-VSS scheme that can embed N secret images into two rectangular shares. Compared with other related VSS schemes, more secret images can be encrypted and the distortion is adjustable in the proposed scheme, yielding more flexibility in theory and practice.

]]>Cryptography doi: 10.3390/cryptography2030023

Authors: Sadiel De la Fe Carles Ferrer

Modular inversions are widely employed in public key crypto-systems, and it is known that they imply a bottleneck due to the expensive computation. Recently, a new algorithm for inversions modulo p k was proposed, which may speed up the calculation of a modulus dependent quantity used in the Montgomery multiplication. The original algorithm lacks security countermeasures; thus, a straightforward implementation may expose the input. This is an issue if that input is a secret. In the RSA-CRT signature using Montgomery multiplication, the moduli are secrets (primes p and q). Therefore, the moduli dependent quantities related to p and q must be securely computed. This paper presents a security analysis of the novel method considering that it might be used to compute secrets. We demonstrate that a Side Channel Analysis leads to disclose the data being manipulated. In consequence, a secure variant for inversions modulo 2 k is proposed, through the application of two known countermeasures. In terms of performance, the secure variant is still comparable with the original one.

]]>Cryptography doi: 10.3390/cryptography2030021

Authors: Jim Plusquellic Matt Areno

Physical unclonable function (PUF)-based authentication protocols have been proposed as a strong challenge-response form of authentication for internet of things (IoT) and embedded applications. A special class of so called strong PUFs are best suited for authentication because they are able to generate an exponential number of challenge-response-pairs (CRPs). However, strong PUFs must also be resilient to model-building attacks. Model-building utilizes machine learning algorithms and a small set of CRPs to build a model that is able to predict the responses of a fielded chip, thereby compromising the security of chip-server interactions. In this paper, response bitstrings are eliminated in the message exchanges between chips and the server during authentication, and therefore, it is no longer possible to carry out model-building attacks in the traditional manner. Instead, the chip transmits a Helper Data bitstring to the server and this information is used for authentication instead. The server constructs Helper Data bitstrings using enrollment data that it stores for all valid chips in a secure database and computes correlation coefficients (CCs) between the chip&rsquo;s Helper Data bitstring and each of the server-generated Helper Data bitstrings. The server authenticates (and identifies) the chip if a CC is found that exceeds a threshold, which is determined during characterization. The technique is demonstrated using data from a set of 500 Xilinx Zynq 7020 FPGAs, subjected to industrial-level temperature and voltage variations.

]]>Cryptography doi: 10.3390/cryptography2030022

Authors: Yunxi Guo Timothy Dee Akhilesh Tyagi

Physical Unclonable Functions (PUFs) are designed to extract physical randomness from the underlying silicon. This randomness depends on the manufacturing process. It differs for each device. This enables chip-level authentication and key generation applications. We present an encryption protocol using PUFs as primary encryption/decryption functions. Each party has a PUF used for encryption and decryption. This PUF is constrained to be invertible and commutative. The focus of the paper is an evaluation of an invertible and commutative PUF based on a primitive shifting permutation network&mdash;a barrel shifter. Barrel shifter (BS) PUF captures the delay of different shift paths. This delay is entangled with message bits before they are sent across an insecure channel. BS-PUF is implemented using transmission gates for physical commutativity. Post-layout simulations of a common centroid layout 8-level barrel shifter in 0.13 &mu; m technology assess uniqueness, stability, randomness and commutativity properties. BS-PUFs pass all selected NIST statistical randomness tests. Stability similar to Ring Oscillator (RO) PUFs under environmental variation is shown. Logistic regression of 100,000 plaintext&ndash;ciphertext pairs (PCPs) fails to successfully model BS-PUF behavior.

]]>