Biblio

We discuss the performance of a new quantumsafe multivariate digital signature scheme proposed recently, called the Multivariate Polynomial Public Key Digital Signature (MPPK DS) scheme. Leveraging MPPK KEM or key exchange mechanism, the MPPK DS scheme is established using modular exponentiation with a randomly chosen secret base from a prime field. The security of the MPPK DS algorithm largely benefits from a generalized safe prime associated with the said field and the Euler totient function. We can achieve NIST security levels I, III, and V over a 64-bit prime field, with relatively small public key sizes of 128 bytes, 192 bytes, and 256 bytes for security levels I, III, and V, respectively. The signature sizes are 80 bytes for level I, 120 bytes for level III, and 160 bytes for level V. The MPPK DS scheme offers probabilistic procedures for signing and verification. That is, for each given signing message, a signer can randomly pick a base integer to be used for modular exponentiation with a private key, and a verifier can verify the signature with the digital message, based on the verification relationship, using any randomly selected noise variables. The verification process can be repeated as many times as the verifier wishes for different noise values, however, for a true honest signature, the verification will always pass. This probabilistic feature largely restricts an adversary to perform spoofing attacks. In this paper, we conduct some performance analyses by implementing MPPK DS in Java. We compare its performance with benchmark performances of NIST PQC Round 3 finalists: Rainbow, Dilithium, and Falcon. Overall, the MPPK DS scheme demonstrates equivalent or better performance, and much smaller public key, as well as signature sizes, compared to the three NIST PQC Round 3 finalists.

Research on post-quantum cryptography (PQC) to improve the security against quantum computers has been actively conducted. In 2020, NIST announced the final PQC candidates whose design rationales rely on NP-hard or NP-complete problems. It is believed that cryptography based on NP-hard problem might be secure against attacks using quantum computers. N. Koblitz introduced the concept of public-key cryptography using a 3-regular graph with a perfect dominating set in the 1990s. The proposed cryptosystem is based on NP-complete problem to find a perfect dominating set in the given graph. Later, S. Yoon proposed a variant scheme using a perfect minus dominating function. However, their works have not received much attention since these schemes produce huge ciphertexts and are hard to implement efficiently. Also, the security parameters such as key size and plaintext-ciphertext size have not been proposed yet. We conduct security and performance analysis of their schemes and discuss the practical range of security parameters. As an application, the scheme with one-wayness property can be used as an encoding method in the white-box cryptography (WBC).

The modular exponentiation is crucial to the RSA cryptographic protocol, and variants inspired by the Montgomery ladder have been studied to provide more secure algorithms. In this paper, we abstract away the iterative conditional branching used in the Montgomery ladder, and formalize systems of equations necessary to obtain what we call the semi-interleaved and fully-interleaved ladder properties. In particular, we design fault-injection attacks able to obtain bits of the secret against semi-interleaved ladders, including the Montgomery ladder, but not against fully-interleaved ladders that are more secure. We also apply these equations to extend the Montgomery ladder for both the semi- and fully-interleaved cases, thus proposing novel and more secure algorithms to compute the modular exponentiation.

Public-key cryptography is a ubiquitous buildingblock of modern telecommunication technology. Among the most historically important, the knapsack-based encryption schemes, from the early years of public-key cryptography, performed particularly well in computational resources (time and memory), and mathematical and algorithmic simplicity. Although effective cryptanalyses readily curtailed their widespread adoption to several different attempts, the possibility of actual usage of knapsack-based asymmetric encryption schemes remains unsettled. This paper aims to present a novel construction that offers consistent security improvements on knapsack-based cryptography. We propose two improvements upon the original knapsack cryptosystem that address the most important types of attacks: the Diophantine approximationsbased attacks and the lattice problems oracle attacks. The proposed defences demonstrably preclude the types of attacks mentioned above, thus contributing to revive knapsack schemes or settle the matter negatively. Finally, we present the http://t3infosecurity.com/nepsecNep.Sec, a contest that is offering a prize for breaking our proposed cryptosystem.

In this advanced era, it is important to keep up an abnormal state of security for online exchanges. Public Key cryptography assumes an indispensable job in the field of security. Rivest, Shamir and Adleman (RSA) algorithm is being utilized for quite a long time to give online security. RSA is considered as one of the famous Public Key cryptographic algorithm. Nevertheless, a few fruitful assaults are created to break this algorithm because of specific confinements accepted in its derivation. The algorithm's security is principally founded on the issue of factoring large number. If the process factorization is done then, at that point the entire algorithm can end up fragile. This paper presents a methodology which is more secure than RSA algorithm by doing some modifications in it. Public Key exponent n, which is termed as common modulus replaced by phony modulus to avoid the factorization attack and it is constructed by Mersenne prime numbers to provide more efficiency and security. Paper presents a comparative analysis of the proposed algorithm with the conventional RSA algorithm and Dual RSA.

Modular exponentiation of large number is widely applied in public-key cryptosystem, also the bottleneck in the computation of public-key algorithm. Modular multiplication is the key calculation in modular exponentiation. An improved Montgomery algorithm is utilized to achieve modular multiplication and converted into systolic array to increase the running frequency. A high efficiency fast modular exponentiation structure is developed to bring the best out of the modular multiplication module and enhance the ability of defending timing attacks and power attacks. For 1024-bit key operands, the design can be run at 170MHz and finish a modular exponentiation in 4,402,374 clock cycles.

This paper shows that stochastic heuristic approach for implicitly solving addition chain problem (ACP) in public-key cryptosystem (PKC) enhances the efficiency of the PKC and improves the security by blinding the multiplications/squaring operations involved against side-channel attack (SCA). We show that while the current practical heuristic approaches being deterministic expose the fixed pattern of the operations, using stochastic method blinds the pattern by being unpredictable and generating diffident pattern of operation for the same exponent at a different time. Thus, if the addition chain (AC) is generated implicitly every time the exponentiation operation is being made, needless for such approaches as padding by insertion of dummy operations and the operation is still totally secured against the SCA. Furthermore, we also show that the stochastic approaches, when carefully designed, further reduces the length of the operation than state-of-the-art practical methods for improving the efficiency. We demonstrated our investigation by implementing RSA cryptosystem using the stochastic approach and the results benchmarked with the existing current methods.

This paper targets the efficient implementation of digital signatures and signcryption schemes on typical internet-of-things (IoT) devices, i.e. embedded processors with constrained computation power and storage. Both signcryption schemes (providing digital signatures and encryption simultaneously) and digital signatures rely on computation-intensive public-key cryptography. When the number of signatures or encrypted messages the device needs to generate after deployment is limited, a trade-off can be made between performing the entire computation on the embedded device or moving part of the computation to a precomputation phase. The latter results in the storage of the precomputed values in the memory of the processor. We examine this trade-off on a health sensor platform and we additionally apply storage encryption, resulting in five implementation variants of the considered schemes.

Nowadays public-key cryptography is based on number theory problems, such as computing the discrete logarithm on an elliptic curve or factoring big integers. Even though these problems are considered difficult to solve with the help of a classical computer, they can be solved in polynomial time on a quantum computer. Which is why the research community proposed alternative solutions that are quantum-resistant. The process of finding adequate post-quantum cryptographic schemes has moved to the next level, right after NIST's announcement for post-quantum standardization. One of the oldest quantum-resistant proposition goes back to McEliece in 1978, who proposed a public-key cryptosystem based on coding theory. It benefits of really efficient algorithms as well as a strong mathematical background. Nonetheless, its security has been challenged many times and several variants were cryptanalyzed. However, some versions remain unbroken. In this paper, we propose to give some background on coding theory in order to present some of the main flawless in the protocols. We analyze the existing side-channel attacks and give some recommendations on how to securely implement the most suitable variants. We also detail some structural attacks and potential drawbacks for new variants.

Embedded electronic devices and sensors such as smartphones, smart watches, medical implants, and Wireless Sensor Nodes (WSN) are making the “Internet of Things” (IoT) a reality. Such devices often require cryptographic services such as authentication, integrity and non-repudiation, which are provided by Public-Key Cryptography (PKC). As these devices are severely resource-constrained, choosing a suitable cryptographic system is challenging. Pairing Based Cryptography (PBC) is among the best candidates to implement PKC in lightweight devices. In this research, we present a fast and energy efficient implementation of PBC based on Barreto-Naehrig (BN) curves and optimal Ate pairing using hardware/software co-design. Our solution consists of a hardware-based Montgomery multiplier, and pairing software running on an ARM Cortex A9 processor in a Zynq-7020 System-on-Chip (SoC). The multiplier is protected against simple power analysis (SPA) and differential power analysis (DPA), and can be instantiated with a variable number of processing elements (PE). Our solution improves performance (in terms of latency) over an open-source software PBC implementation by factors of 2.34 and 2.02, for 256- and 160-bit field sizes, respectively, as measured in the Zynq-7020 SoC.

Cooperative spectrum sensing is often necessary in cognitive radios systems to localize a transmitter by fusing the measurements from multiple sensing radios. However, revealing spectrum sensing information also generally leaks information about the location of the radio that made those measurements. We propose a protocol for performing cooperative spectrum sensing while preserving the privacy of the sensing radios. In this protocol, radios fuse sensing information through a distributed particle filter based on a tree structure. All sensing information is encrypted using public-key cryptography, and one of the radios serves as an anonymizer, whose role is to break the connection between the sensing radios and the public keys they use. We consider a semi-honest (honest-but-curious) adversary model in which there is at most a single adversary that is internal to the sensing network and complies with the specified protocol but wishes to determine information about the other participants. Under this scenario, an adversary may learn the sensing information of some of the radios, but it does not have any way to tie that information to a particular radio's identity. We test the performance of our proposed distributed, tree-based particle filter using physical measurements of FM broadcast stations.

Recently, the chaotic public-key cryptography attracts much attention of researchers, due to the great characters of chaotic maps. With the security superiorities and computation efficiencies of chaotic map over other cryptosystems, in this paper, a novel Identity-based signcryption scheme is proposed using extended chaotic maps. The difficulty of chaos-based discrete logarithm (CDL) problem lies the foundation of the security of proposed ECM-IBSC scheme.

IP technology for resource-constrained devices enables transparent end-to-end connections between a vast variety of devices and services in the Internet of Things (IoT). To protect these connections, several variants of traditional IP security protocols have recently been proposed for standardization, most notably the DTLS protocol. In this paper, we identify significant resource requirements for the DTLS handshake when employing public-key cryptography for peer authentication and key agreement purposes. These overheads particularly hamper secure communication for memory-constrained devices. To alleviate these limitations, we propose a delegation architecture that offloads the expensive DTLS connection establishment to a delegation server. By handing over the established security context to the constrained device, our delegation architecture significantly reduces the resource requirements of DTLS-protected communication for constrained devices. Additionally, our delegation architecture naturally provides authorization functionality when leveraging the central role of the delegation server in the initial connection establishment. Hence, in this paper, we present a comprehensive, yet compact solution for authentication, authorization, and secure data transmission in the IP-based IoT. The evaluation results show that compared to a public-key-based DTLS handshake our delegation architecture reduces the memory overhead by 64 %, computations by 97 %, network transmissions by 68 %.
 

Novel Internet services are emerging around an increasing number of sensors and actuators in our surroundings, commonly referred to as smart devices. Smart devices, which form the backbone of the Internet of Things (IoT), enable alternative forms of user experience by means of automation, convenience, and efficiency. At the same time new security and safety issues arise, given the Internet-connectivity and the interaction possibility of smart devices with human's proximate living space. Hence, security is a fundamental requirement of the IoT design. In order to remain interoperable with the existing infrastructure, we postulate a security framework compatible to standard IP-based security solutions, yet optimized to meet the constraints of the IoT ecosystem. In this ongoing work, we first identify necessary components of an interoperable secure End-to-End communication while incorporating Public-key Cryptography (PKC). To this end, we tackle involved computational and communication overheads. The required components on the hardware side are the affordable hardware acceleration engines for cryptographic operations and on the software side header compression and long-lasting secure sessions. In future work, we focus on integration of these components into a framework and the evaluation of an early prototype of this framework.

Novel Internet services are emerging around an increasing number of sensors and actuators in our surroundings, commonly referred to as smart devices. Smart devices, which form the backbone of the Internet of Things (IoT), enable alternative forms of user experience by means of automation, convenience, and efficiency. At the same time new security and safety issues arise, given the Internet-connectivity and the interaction possibility of smart devices with human's proximate living space. Hence, security is a fundamental requirement of the IoT design. In order to remain interoperable with the existing infrastructure, we postulate a security framework compatible to standard IP-based security solutions, yet optimized to meet the constraints of the IoT ecosystem. In this ongoing work, we first identify necessary components of an interoperable secure End-to-End communication while incorporating Public-key Cryptography (PKC). To this end, we tackle involved computational and communication overheads. The required components on the hardware side are the affordable hardware acceleration engines for cryptographic operations and on the software side header compression and long-lasting secure sessions. In future work, we focus on integration of these components into a framework and the evaluation of an early prototype of this framework.