| 书目名称 | Information Security and Privacy | | 副标题 | 20th Australasian Co | | 编辑 | Ernest Foo,Douglas Stebila | | 视频video | | | 丛书名称 | Lecture Notes in Computer Science | | 图书封面 |  | | 描述 | .This book constitutes the refereed conference proceedings of the 20th Australasian Conference on Information Security and Privacy, ACISP 2015, held in Brisbane, QLD, Australia, in June/July 2015..The 28 revised full papers presented in this volume were carefully revised and selected from 112 submissions. The papers are organized in topical sections on symmetric cryptanalysis; public key cryptography; identity-based encryption; digital signatures; security protocols; privacy protocols; symmetric constructions; homomorphic encryption and obfuscation.. | | 出版日期 | Conference proceedings 2015 | | 关键词 | Cloud storage; Cryptanalysis; Cryptographic module; Cryptographic protocols; Cryptography; Data integrity | | 版次 | 1 | | doi | https://doi.org/10.1007/978-3-319-19962-7 | | isbn_softcover | 978-3-319-19961-0 | | isbn_ebook | 978-3-319-19962-7Series ISSN 0302-9743 Series E-ISSN 1611-3349 | | issn_series | 0302-9743 | | copyright | Springer International Publishing Switzerland 2015 |
| 1 |
Front Matter |
|
|
Abstract
|
| 2 |
|
|
|
Abstract
|
| 3 |
Weak-Key and Related-Key Analysis of Hash-Counter-Hash Tweakable Enciphering Schemes |
Zhelei Sun,Peng Wang,Liting Zhang |
|
Abstract
We analyze three tweakable enciphering schemes (TES) XCB, HCTR and HCH, which all consist of polynomial evaluation hash function as their first and third layers and CTR mode in the middle. The weak keys of polynomial evaluation hash in message authentication code and authenticated encryption have been thoroughly analyzed, but have never applied in TES. We point out that XCB, HCTR and HCH (and two variations of HCH: HCHp and HCHfp) can not resist distinguishing attack, key-recovery attack and plaintext-recovery attack once the weak key is recognized. We also analyze the security of related-key attacks against these schemes, showing that HCTR, HCHp and HCHfp suffer related-key attack and XCB and HCH can resist related-key attack under the assumption that the underlying block cipher resists related-key attack.
|
| 4 |
Cryptanalysis of Reduced-Round , |
Bingke Ma,Bao Li,Ronglin Hao,Xiaoqian Li |
|
Abstract
The . hash function, which outputs a 512-bit digest, was designed by Barreto . and published by . in 2010. In this paper, we provide a thorough cryptanalysis on .. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round .. In order to launch the preimage attack, we have to slightly tweak the original Meet-in-the-Middle preimage attack framework on .-like compression functions by partially fixing the values of the state. Based on this slightly tweaked framework, we are able to construct several new and interesting preimage attacks on reduced-round . and . hashing modes as well. Secondly, we investigate security properties of the reduced-round components of ., including semi-free-start and free-start (near) collision attacks on the compression function, and a limited-birthday distinguisher on the inner permutation. As far as we know, our results are currently the best cryptanalysis on ..
|
| 5 |
Improving the Biclique Cryptanalysis of AES |
Biaoshuai Tao,Hongjun Wu |
|
Abstract
Biclique attack is currently the only key-recovery attack on the full AES with a single key. Bogdanov . applied it to all the three versions of AES by constructing bicliques with size . and reducing the number of S-boxes computed in the matching phase. Their results were improved later by better selections of differential characteristics in the biclique construction. In this paper, we improve the biclique attack by increasing the biclique size to . and .. We have a biclique attack on each of the following AES versions:. Our results have the best time complexities among all the existing key-recovery attacks with data less than the entire code book.
|
| 6 |
|
|
|
Abstract
|
| 7 |
A New General Framework for Secure Public Key Encryption with Keyword Search |
Rongmao Chen,Yi Mu,Guomin Yang,Fuchun Guo,Xiaofen Wang |
|
Abstract
Public Key Encryption with Keyword Search (PEKS), introduced by Boneh et al. in ., allows users to search encrypted documents on an untrusted server without revealing any information. This notion is very useful in many applications and has attracted a lot of attention by the cryptographic research community. However, one limitation of all the existing PEKS schemes is that they cannot resist the Keyword Guessing Attack (KGA) launched by a malicious server. In this paper, we propose a new PEKS framework named Dual-Server Public Key Encryption with Keyword Search (DS-PEKS). This new framework can withstand all the attacks, including the KGA from the two untrusted servers, as long as they do not collude. We then present a generic construction of DS-PEKS using a new variant of the Smooth Projective Hash Functions (SPHFs), which is of independent interest.
|
| 8 |
Dynamic Threshold Public-Key Encryption with Decryption Consistency from Static Assumptions |
Yusuke Sakai,Keita Emura,Jacob C.N. Schuldt,Goichiro Hanaoka,Kazuo Ohta |
|
Abstract
. (dynamic TPKE) is a natural extension of ordinary TPKE which allows decryption servers to join the system dynamically after the system is set up, and allows the sender to dynamically choose the authorized set and the decryption threshold at the time of encryption. Currently, the only known dynamic TPKE scheme is a scheme proposed by Delerablée and Pointcheval (CRYPTO 2008). This scheme is proven to provide message confidentiality under a .-type assumption, but to achieve decryption consistency, a random oracle extension is required..In this paper we show . methods for constructing dynamic TPKE schemes with decryption consistency from only static assumptions (e.g., the decisional linear assumption in bilinear groups) without relying on random oracles. Our first construction is a purely generic construction from public-key encryption with non-interactive opening (PKENO) formalized by Damgård et al. (CT-RSA 2008). However, this construction achieves a slightly weaker notion of decryption consistency compared to the random oracle extension of the Delerablée and Pointcheval scheme, which satisfies the notion defined by Boneh, Boyen and Halevi (CT-RSA 2005). Our second construction use
|
| 9 |
Sponge Based CCA2 Secure Asymmetric Encryption for Arbitrary Length Message |
Tarun Kumar Bansal,Donghoon Chang,Somitra Kumar Sanadhya |
|
Abstract
OAEP and other similar schemes proven secure in Random-Oracle Model require one or more hash functions with output size larger than those of standard hash functions. In this paper, we show that by utilizing popular Sponge constructions in OAEP framework, we can eliminate the need of such hash functions. We provide a new scheme in OAEP framework based on Sponge construction and call our scheme . (SpAEP). SpAEP is based on 2 functions: Sponge and SpongeWrap, and requires only standard output sizes proposed and standardized for Sponge functions. Our scheme is CCA2 secure for any trapdoor one-way permutation in the ideal permutation model for arbitrary length messages. Our scheme utilizes the versatile Sponge function to enhance the capability and efficiency of the OAEP framework. SpAEP with any trapdoor one-way permutation can also be used as a key encapsulation mechanism and a tag-based key encapsulation mechanism for hybrid encryption. Our scheme SpAEP utilizes the permutation model efficiently in the setting of public key encryption in a novel manner.
|
| 10 |
Trade-Off Approaches for Leak Resistant Modular Arithmetic in RNS |
Christophe Negre,Guilherme Perin |
|
Abstract
On an embedded device, an implementation of cryptographic operation, like an RSA modular exponentiation [.], can be attacked by side channel analysis. In particular, recent improvements on horizontal power analysis [., .] render ineffective the usual counter-measures which randomize the data at the very beginning of the computations [., .]. To counteract horizontal analysis it is necessary to randomize the computations all along the exponentiation. The leak resistant arithmetic (LRA) proposed in [.] implements modular arithmetic in residue number system (RNS) and randomizes the computations by randomly changing the RNS bases. We propose in this paper a variant of the LRA in RNS: we propose to change only one or a few moduli of the RNS basis. This reduces the cost of the randomization and makes it possible to be executed at each loop of a modular exponentiation.
|
| 11 |
|
|
|
Abstract
|
| 12 |
Towards Forward Security Properties for PEKS and IBE |
Qiang Tang |
|
Abstract
In cryptography, forward secrecy is a well-known property for key agreement protocols. It ensures that a session key will remain private even if one of the long-term secret keys is compromised in the future. In this paper, we investigate some forward security properties for Public-key Encryption with Keyword Search (PEKS) schemes, which allow a client to store encrypted data and delegate search operations to a server. The proposed properties guarantee that the client’s privacy is protected to the maximum extent even if his private key is compromised in the future. Motivated by the generic transformation from anonymous Identity-Based Encryption (IBE) to PEKS, we correspondingly propose some forward security properties for IBE, in which case we assume the attacker learns the master secret key. We then study several existing PEKS and IBE schemes, including a PEKS scheme by Nishioka, an IBE scheme by Boneh, Raghunathan and Segev, and an IBE scheme by Arriaga, Tang and Ryan. Our analysis indicates that the proposed forward security properties can be achieved by some of these schemes if the attacker is RO-non-adaptive (the attacker does not define its distributions based on the random or
|
| 13 |
IBE Under ,-LIN with Shorter Ciphertexts and Private Keys |
Kaoru Kurosawa,Le Trieu Phong |
|
Abstract
Many identity-based encryption schemes under the .-LIN assumption contain . group elements in the ciphertext overhead and private keys. In this paper,. The shortened size inherently leads to less exponentiations and pairings in encryption and decryption, and hence yielding schemes with better computational efficiency under .-LIN.
|
| 14 |
Improved Identity-Based Online/Offline Encryption |
Jianchang Lai,Yi Mu,Fuchun Guo,Willy Susilo |
|
Abstract
The notion of online/offline encryption was put forth by Guo, Mu and Chen (FC 2008), where they proposed an identity-based scheme called . (IBOOE). An online/offline encryption separates an encryption into two stages: offline and online. The offline phase carries much more computational load than the online phase, where the offline phase does not require the information of the message to be encrypted and the identity of the receiver. Subsequently, many applications of IBOOE have been proposed in the literature. As an example, Hobenberger and Waters (PKC 2014) have recently applied it to attribute-based encryption. In this paper, we move one step further and explore a much more efficient variant. We propose an efficient semi-generic transformation to obtain an online/offline encryption from a tradition identity-based encryption (IBE). Our transformation provides a new method to separate the computation of receiver’s identity into offline and online phases. The IBOOE schemes using our transformation saves one group element in both offline and online phases compared to other IBOOE schemes in identity computing. The transformed scheme still maintains the same level of security as in th
|
| 15 |
Constructions of CCA-Secure Revocable Identity-Based Encryption |
Yuu Ishida,Yohei Watanabe,Junji Shikata |
|
Abstract
Key revocation functionality is important for identity-based encryption (IBE) to manage users dynamically. Revocable IBE (RIBE) realizes such revocation functionality with scalability. In PKC 2013, Seo and Emura first considered decryption key exposure resistance (DKER) as a new realistic threat, and proposed the first RIBE scheme with DKER. Their RIBE scheme is adaptively secure against chosen plaintext attacks (CPA), and there is no concrete RIBE scheme adaptively secure against chosen ciphertext attacks (CCA) even without DKER so far. In this paper, we first propose two constructions of adaptively CCA-secure RIBE schemes with DKER. The first scheme is based on an existing transformation, which is called a BCHK transformation, that a CPA-secure hierarchical IBE scheme can be transformed into a CCA-secure scheme. The second scheme is constructed via the KEM/DEM framework. Specifically, we newly propose a revocable identity-based key encapsulation mechanism (RIB-KEM), and we show a generic construction of a CCA-secure RIBE scheme from the RIB-KEM and a data encapsulation mechanism (DEM). The second scheme is more efficient than the first one in terms of the ciphertext size.
|
| 16 |
|
|
|
Abstract
|
| 17 |
Linkable Message Tagging: Solving the Key Distribution Problem of Signature Schemes |
Felix Günther,Bertram Poettering |
|
Abstract
Digital signatures guarantee practical security only if the corresponding verification keys are distributed authentically; however, arguably, satisfying solutions for the latter haven’t been found yet. This paper introduces a novel approach for cryptographic message authentication where this problem does not arise: A . scheme (LMT) identifies pairs of messages and accompanying authentication tags as related if and only if these tags were created using the same secret key. Importantly, our primitive fully avoids public keys, and hence elegantly sidesteps the key distribution problem of signature schemes..As an application of LMT we envision an email authentication system with minimal user interaction. Email clients could routinely equip all outgoing messages with corresponding tags and verify for incoming messages whether they indeed originate from the same entity as previously or subsequently received messages with identical sender address..As technical contributions we formalize the notions of LMT and its (more efficient) variant CMT (.), including corresponding notions of unforgeability. For both variants we propose a range of provably secure constructions, basing on different ha
|
| 18 |
Generic Transformation to Strongly Existentially Unforgeable Signature Schemes with Continuous Leaka |
Yuyu Wang,Keisuke Tanaka |
|
Abstract
In ProvSec 2014, Wang and Tanaka proposed a transformation which converts weakly existentially unforgeable (wEUF) signature schemes into strongly existentially unforgeable (sEUF) ones in the bounded leakage model. To obtain the construction, they combined the leakage resilient (LR) chameleon hash functions with the Generalised Boneh-Shen-Waters (GBSW) transformation proposed by Steinfeld, Pieprzyk, and Wang. However, their transformation cannot be used in a more realistic model called continual leakage model since the secret key of the LR chameleon hash functions cannot be updated..In this paper, we propose a transformation which can convert wEUF signature schemes into sEUF ones in the continual leakage model. To achieve our goal, we give a new definition of continuous leakage resilient (CLR) chameleon hash function and construct it based on the CLR signature scheme proposed by Malkin, Teranishi, Vahlis, and Yung. Although the CLR chameleon hash functions satisfy the property of strong collision-resistance, because of the existence of the updating algorithm, an adversary may find the kind of collisions such that messages are the same but randomizers are different. From this fact, w
|
| 19 |
Constant Size Ring Signature Without Random Oracle |
Priyanka Bose,Dipanjan Das,Chandrasekharan Pandu Rangan |
|
Abstract
Ring signature enables an user to anonymously sign a message on behalf of a group of users termed as ‘ring’ formed in an ‘ad-hoc’ manner. A naive scheme produces a signature linear in the size of the ring, but this is extremely inefficient when ring size is large. Dodis . proposed a constant size scheme in ., but its security is provided in random oracle model. Best known result without random oracle is a sub-linear size construction by Chandran . in . and a follow-up work by Essam Ghadafi in .. Therefore, construction of a constant size ring signature scheme without random oracle meeting stringent security requirement still remained as an interesting open problem..Our first contribution is a generic technique to convert a . signature scheme to a constant-sized ring signature scheme. The technique employs a constant size set membership check that may be of independent interest. Our construction is instantiated with asymmetric pairing over groups of composite order and meets strongest security requirements, . anonymity under full key exposure and unforgeability against insider-corruption without using random oracle under simple hardness assumptions. We also demonstrate a concrete in
|
| 20 |
|
|
|
Abstract
|
|
|
发表于 2025-3-21 20:02:56
