Showing papers on "40-bit encryption published in 2015"

Evaluating the security of logic encryption algorithms

Abstract: Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. One class of techniques to combat these threats is logic encryption. Logic encryption modifies an IC design such that it operates correctly only when a set of newly introduced inputs, called key inputs, are set to the correct values. In this paper, we use algorithms based on satisfiability checking (SAT) to investigate the security of logic encryption. We present a SAT-based algorithm which allows an attacker to “decrypt” an encrypted netlist using a small number of carefully-selected input patterns and their corresponding output observations. We also present a “partial-break” algorithm that can reveal some of the key inputs even when the attack is not fully successful. We conduct a thorough evaluation of our attack by examining six proposals for logic encryption from the literature. We find that all of these are vulnerable to our attack. Among the 441 encrypted circuits we examined, we were able to decrypt 418 (95%). We discuss the strengths and limitations of our attack and suggest directions that may lead to improved logic encryption algorithms.

Cyber-security enhancement of networked control systems using homomorphic encryption

Abstract: This paper proposes a new concept of controller encryption for enhancement of the cyber-security of networked control systems and presents how to encrypt a linear controller using our modified homomorphic encryption schemes based on public-key RSA and ElGamal encryption systems. A remarkable advantage of the controller encryption is to be able to conceal several informations processed inside the controller device, such as controller parameters, references (recipes), measurements, control commands, and parameters of plant models in the internal model principal, maintaining an original function of the controller. Therefore, even if malicious users hacked the controller device by unauthorized accesses, it would take much time and cost to decipher and steal the control system's information. Finally, numerical examples confirm that only the scrambled parameters and signals can be seen in the controller device of the security-enhanced networked control system.

Semantically Secure Order-Revealing Encryption: Multi-input Functional Encryption Without Obfuscation

Abstract: Deciding “greater-than” relations among data items just given their encryptions is at the heart of search algorithms on encrypted data, most notably, non-interactive binary search on encrypted data. Order-preserving encryption provides one solution, but provably provides only limited security guarantees. Two-input functional encryption is another approach, but requires the full power of obfuscation machinery and is currently not implementable.

Efficient Statically-Secure Large-Universe Multi-Authority Attribute-Based Encryption

Abstract: We propose an efficient large-universe multi-authority ciphertext - policy attribute-based encryption system. In a large-universe ABE scheme, any string can be used as an attribute of the system, and these attributes are not necessarily enumerated during setup. In a multi-authority ABE scheme, there is no central authority that distributes the keys to users. Instead, there are several authorities, each of which is responsible for the authorized key distribution of a specific set of attributes. Prior to our work, several schemes have been presented that satisfy one of these two properties but not both.

Secure Deduplication of Encrypted Data without Additional Independent Servers

Abstract: Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Frequency-Hiding Order-Preserving Encryption

Abstract: Order-preserving encryption allows encrypting data, while still enabling efficient range queries on the encrypted data. This makes its performance and functionality very suitable for data outsourcing in cloud computing scenarios, but the security of order-preserving is still debatable. We present a scheme that achieves a strictly stronger notion of security than any other scheme so far. The basic idea is to randomize the ciphertexts to hide the frequency of plaintexts. Still, the client storage size remains small, in our experiments up to 1/15 of the plaintext size. As a result, one can more securely outsource large data sets, since we can also show that our security increases with larger data sets.

Efficient Public Key Encryption With Equality Test Supporting Flexible Authorization

Abstract: We reformalize and recast the notion of public key encryption with equality test (PKEET), which was proposed in CT-RSA 2010 and supports to check whether two ciphertexts encrypted under different public keys contain the same message. PKEET has many interesting applications, for example, in constructing searchable encryption and partitioning encrypted data. However, the original PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others’. In this paper, we study the authorization mechanism for PKEET, and propose four types of authorization policies to enhance the privacy of users’ data. We give the definitions of the policies, propose a PKEET scheme supporting these four types of authorization at the same time, and prove its security based on the computational Diffie–Hellman assumption in the random oracle model. To the best of our knowledge, it is the only PKEET scheme supporting flexible authorization.

Indistinguishability Obfuscation from Functional Encryption

Abstract: Indistinguishability obfuscation (IO) is a tremendous notion, powerful enough to give rise to almost any known cryptographic object. So far, candidate IO constructions were based on specific assumptions on algebraic objects called multi-linear graded encodings. We present a generic construction of indistinguishability obfuscation from public-key functional encryption with succinct cipher texts and sub-exponential security. This shows the equivalence of indistinguishability obfuscation and public-key functional encryption, a primitive that has so far seemed to be much weaker, lacking the power and the staggering range of applications of indistinguishability obfuscation. As an application, we obtain a new candidate IO construction based on the functional encryption scheme of Garg, Gentry, Halevi, and Zhan dry [Eprint 14] under their assumptions on multi-linear graded encodings. We also show that, under the Learning with Errors assumptions, our techniques imply that any indistinguishability obfuscator can be converted to one where obfuscated circuits are of linear size in the size of the original circuit plus a polynomial overhead in its depth. Our reduction highlights the importance of cipher text succinctness in functional encryption schemes, which we hope will serve as a pathway to new IO constructions based on solid cryptographic foundations.

Quantum Homomorphic Encryption for Circuits of Low T-gate Complexity

Abstract: Fully homomorphic encryption is an encryption method with the property that any computation on the plaintext can be performed by a party having access to the ciphertext only. Here, we formally define and give schemes for quantum homomorphic encryption, which is the encryption of quantum information such that quantum computations can be performed given the ciphertext only. Our schemes allow for arbitrary Clifford group gates, but become inefficient for circuits with large complexity, measured in terms of the non-Clifford portion of the circuit (we use the “\(\pi /8\)” non-Clifford group gate, also known as the \(\mathsf{T}\)-gate).

A secure and efficient Ciphertext-Policy Attribute-Based Proxy Re-Encryption for cloud data sharing

Abstract: Proxy Re-Encryption (PRE) is a useful cryptographic primitive that allows a data owner to delegate the access rights of the encrypted data stored on a cloud storage system to others without leaking the information of the data to the honest-but-curious cloud server. It provides effectiveness for data sharing as the data owner even using limited resource devices (e.g. mobile devices) can offload most of the computational operations to the cloud. Since its introduction many variants of PRE have been proposed. A Ciphertext-Policy Attribute-Based Proxy Re-Encryption (CP-ABPRE), which is regarded as a general notion for PRE, employs the PRE technology in the attribute-based encryption cryptographic setting such that the proxy is allowed to convert an encryption under an access policy to another encryption under a new access policy. CP-ABPRE is applicable to many network applications, such as network data sharing. The existing CP-ABPRE systems, however, leave how to achieve adaptive CCA security as an interesting open problem. This paper, for the first time, proposes a new CP-ABPRE to tackle the problem by integrating the dual system encryption technology with selective proof technique. Although the new scheme supporting any monotonic access structures is built in the composite order bilinear group, it is proven adaptively CCA secure in the standard model without jeopardizing the expressiveness of access policy. We further make an improvement for the scheme to achieve more efficiency in the re-encryption key generation and re-encryption phases. This paper proposes a new Ciphertext-Policy Attribute-Based Proxy Re-Encryption scheme.The scheme is proved adaptively chosen ciphertext secure by leveraging dual system encryption technology and selective proof technique.The paper also proposes an improvement for re-encryption key generation and re-encryption phases so as to reduce computational and communication cost.

Forward Secure Asynchronous Messaging from Puncturable Encryption

Abstract: In this paper we investigate new mechanisms for achieving forward secure encryption in store and forward messaging systems such as email and SMS. In a forward secure encryption scheme, a user periodically updates her secret key so that past messages remain confidential in the event that her key is compromised. A primary contribution of our work is to introduce a new form of encryption that we name puncturable encryption. Using a puncturable encryption scheme, recipients may repeatedly update their decryption keys to revoke decryption capability for selected messages, recipients or time periods. Most importantly, this update process does not require the recipients to communicate with or distribute new key material to senders. We show how to combine puncturable encryption with the forward-secure public key encryption proposal of Canetti et al. To achieve practical forward-secure messaging with low overhead. We implement our schemes and provide experimental evidence that the new constructions are practical.

Revisiting Attribute-Based Encryption With Verifiable Outsourced Decryption

Abstract: Attribute-based encryption (ABE) is a promising technique for fine-grained access control of encrypted data in a cloud storage, however, decryption involved in the ABEs is usually too expensive for resource-constrained front-end users, which greatly hinders its practical popularity. In order to reduce the decryption overhead for a user to recover the plaintext, Green et al. suggested to outsource the majority of the decryption work without revealing actually data or private keys. To ensure the third-party service honestly computes the outsourced work, Lai et al. provided a requirement of verifiability to the decryption of ABE, but their scheme doubled the size of the underlying ABE ciphertext and the computation costs. Roughly speaking, their main idea is to use a parallel encryption technique, while one of the encryption components is used for the verification purpose. Hence, the bandwidth and the computation cost are doubled. In this paper, we investigate the same problem. In particular, we propose a more efficient and generic construction of ABE with verifiable outsourced decryption based on an attribute-based key encapsulation mechanism, a symmetric-key encryption scheme and a commitment scheme. Then, we prove the security and the verification soundness of our constructed ABE scheme in the standard model. Finally, we instantiate our scheme with concrete building blocks. Compared with Lai et al. ’s scheme, our scheme reduces the bandwidth and the computation costs almost by half.

A novel image encryption scheme based on an improper fractional-order chaotic system

Abstract: Based on the features of digital image encryption and high-dimensional chaotic sequences, the paper proposes a symmetric digital image encryption algorithm by a new improper fractional-order chaotic system. The initial conditions, parameters and fractional orders of chaos are influenced by gray value of all pixels and used as secret key. Therefore, the total key length is large enough to resist any brute-force attacks. The original image is divided into four parts and encrypted by different encryption formulas. Theoretical analysis results show that the proposed encryption scheme has effective encryption and efficiencies.

GRECS: Graph Encryption for Approximate Shortest Distance Queries

Abstract: We propose graph encryption schemes that efficiently support approximate shortest distance queries on large-scale encrypted graphs. Shortest distance queries are one of the most fundamental graph operations and have a wide range of applications. Using such graph encryption schemes, a client can outsource large-scale privacy-sensitive graphs to an untrusted server without losing the ability to query it. Other applications include encrypted graph databases and controlled disclosure systems. We propose GRECS (stands for GRaph EnCryption for approximate Shortest distance queries) which includes three oracle encryption schemes that are provably secure against any semi-honest server. Our first construction makes use of only symmetric-key operations, resulting in a computationally-efficient construction. Our second scheme makes use of somewhat-homomorphic encryption and is less computationally-efficient but achieves optimal communication complexity (i.e. uses a minimal amount of bandwidth). Finally, our third scheme is both computationally-efficient and achieves optimal communication complexity at the cost of a small amount of additional leakage. We implemented and evaluated the efficiency of our constructions experimentally. The experiments demonstrate that our schemes are efficient and can be applied to graphs that scale up to 1.6 million nodes and 11 million edges.

Substring-Searchable Symmetric Encryption

Abstract: In this paper, we consider a setting where a client wants to outsource storage of a large amount of private data and then perform substring search queries on the data – given a data string s and a search string p, find all occurrences of p as a substring of s. First, we formalize an encryption paradigm that we call queryable encryption, which generalizes searchable symmetric encryption (SSE) and structured encryption. Then, we construct a queryable encryption scheme for substring queries. Our construction uses suffix trees and achieves asymptotic efficiency comparable to that of unencrypted suffix trees. Encryption of a string of length n takes O(λn) time and produces a ciphertext of size O(λn), and querying for a substring of length m that occurs k times takes O(λm + k) time and three rounds of communication. Our security definition guarantees correctness of query results and privacy of data and queries against a malicious adversary. Following the line of work started by Curtmola et al. (ACM CCS 2006), in order to construct more efficient schemes we allow the query protocol to leak some limited information that is captured precisely in the definition. We prove security of our substring-searchable encryption scheme against malicious adversaries, where the query protocol leaks limited information about memory access patterns through the suffix tree of the encrypted string.

Efficient software implementation of ring-LWE encryption

Abstract: Present-day public-key cryptosystems such as RSA and Elliptic Curve Cryptography (ECC) will become insecure when quantum computers become a reality. This paper presents the new state of the art in efficient software implementations of a post-quantum secure public-key encryption scheme based on the ring-LWE problem. We use a 32-bit ARM Cortex-M4F microcontroller as the target platform. Our contribution includes optimization techniques for fast discrete Gaussian sampling and efficient polynomial multiplication. Our implementation beats all known software implementations of ring-LWE encryption by a factor of at least 7. We further show that our scheme beats ECC-based public-key encryption schemes by at least one order of magnitude. At medium-term security we require 121 166 cycles per encryption and 43 324 cycles per decryption, while at a long-term security we require 261 939 cycles per encryption and 96 520 cycles per decryption. Gaussian sampling is done at an average of 28.5 cycles per sample.

Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data

Abstract: We show a technique to transform a linearly-homomorphic encryption into a scheme capable of evaluating degree-2 computations on ciphertexts. Our transformation is surprisingly simple and requires only one very mild property on the underlying linearly-homomorphic scheme: the message space must be a public ring in which it is possible to sample elements uniformly at random. This allows us to instantiate our transformation with virtually all existing number-theoretic linearly-homomorphic schemes, such as Goldwasser-Micali, Paillier, or ElGamal. Our resulting schemes achieve circuit privacy and are compact when considering a subclass of degree-2 polynomials where the number of additions of degree-2 terms is bounded by a constant. As an additional contribution we extend our technique to build a protocol for outsourcing computation on encrypted data using two (non-communicating) servers. Somewhat interestingly, in this case we can boost a linearly-homomorphic scheme to support the evaluation of any degree-2 polynomial while achieving full compactness.

Cryptanalysis of a new image alternate encryption algorithm based on chaotic map

Abstract: Wang and Guo (Nonlinear Dyn 76(4):1943–1950, 2014) proposed a new image alternate encryption algorithm based on chaotic map. The image alternate encryption can be conceptually treated as a block cipher where a round function which provides both confusion and diffusion is applied on a plain image iteratively. After performing the round function for \(T\) iterations, the processed image is denoted as the encrypted image. We analyse the security of Wang and Guo image encryption scheme, especially from cryptographic point of view, in line with the designers’ approach in their security analyses. Negatively, we show that the image encryption scheme is vulnerable to an impossible differential attack (a type of chosen plaintext attack) and a divide-and-conquer attack when a large all black image is encrypted. This paper serves as another important security result showing that any future design of image encryption schemes based on chaotic map should be evaluated through systematic cryptanalytic approaches which include impossible differential attack. To the best of our knowledge, this is the first impossible differential attack applied on an image encryption algorithm.

Revocable Quantum Timed-Release Encryption

Abstract: Timed-release encryption is a kind of encryption scheme in which a recipient can decrypt only after a specified amount of time T (assuming that we have a moderately precise estimate of his computing power). A revocable timed-release encryption is one where, before the time T is over, the sender can “give back” the timed-release encryption, provably loosing all access to the data. We show that revocable timed-release encryption without trusted parties is possible using quantum cryptography (while trivially impossible classically).Along the way, we develop two proof techniques in the quantum random oracle model that we believe may have applications also for other protocols.Finally, we also develop another new primitive, unknown recipient encryption, which allows us to send a message to an unknown/unspecified recipient over an insecure network in such a way that at most one recipient will get the message.

From Single-Bit to Multi-bit Public-Key Encryption via Non-malleable Codes

Abstract: One approach towards basing public-key encryption (PKE) schemes on weak and credible assumptions is to build “stronger” or more general schemes generically from “weaker” or more restricted ones. One particular line of work in this context was initiated by Myers and shelat (FOCS ’09) and continued by Hohenberger, Lewko, and Waters (Eurocrypt ’12), who provide constructions of multi-bit CCA-secure PKE from single-bit CCA-secure PKE.

A Hybrid Scheme of Public-Key Encryption and Somewhat Homomorphic Encryption

Abstract: We introduce a hybrid homomorphic encryption that combines public-key encryption (PKE) and somewhat homomorphic encryption (SHE) to reduce the storage requirements of most somewhat or fully homomorphic encryption (FHE) applications. In this model, messages are encrypted with a PKE and computations on encrypted data are carried out using SHE or FHE after homomorphic decryption. To obtain efficient homomorphic decryption, our hybrid scheme combines IND-CPA PKE without complicated message padding with SHE with a large integer message space. Furthermore, if the underlying PKE is multiplicative, the proposed scheme has the advantage that polynomials of arbitrary degree can be evaluated without bootstrapping. We construct this scheme by concatenating the ElGamal and Goldwasser–Micali schemes over a ring $ {\mathbb Z}_{N}$ for a composite integer $N$ whose message space is $ {\mathbb Z}_{N}^\times \vphantom {\sum _{R_{R_{R}}}}$ . To accelerate the homomorphic evaluation of the PKE decryption, we introduce a method to reduce the degree of the exponentiation circuit at the cost of additional public keys. Using the same technique, we present an efficient partial solution to an open problem which is to evaluate $\mod q \bmod p$ arithmetic homomorphically for large $p$ . As an independent interest, we also obtain a generic method for converting from private-key SHE to public-key SHE. Unlike the method described by Rothblum, we are free to choose the SHE message space.

Identity-Based Encryption with (Almost) Tight Security in the Multi-instance, Multi-ciphertext Setting

Abstract: We construct an identity-based encryption (IBE) scheme that is tightly secure in a very strong sense. Specifically, we consider a setting with many instances of the scheme and many encryptions per instance. In this setting, we reduce the security of our scheme to a variant of a simple assumption used for a similar purpose by Chen and Wee (Crypto 2013). The security loss of our reduction is (\(\mathbf {O}\) (\(k\)) ) (where \(k \) is the security parameter). Our scheme is the first IBE scheme to achieve this strong flavor of tightness under a simple assumption.

Security Analysis on One-to-Many Order Preserving Encryption-Based Cloud Data Search

Abstract: For ranked search in encrypted cloud data, order preserving encryption (OPE) is an efficient tool to encrypt relevance scores of the inverted index. When using deterministic OPE, the ciphertexts will reveal the distribution of relevance scores. Therefore, Wang et al. proposed a probabilistic OPE, called one-to-many OPE, for applications of searchable encryption, which can flatten the distribution of the plaintexts. In this paper, we proposed a differential attack on one-to-many OPE by exploiting the differences of the ordered ciphertexts. The experimental results show that the cloud server can get a good estimate of the distribution of relevance scores by a differential attack. Furthermore, when having some background information on the outsourced documents, the cloud server can accurately infer the encrypted keywords using the estimated distributions.

Efficient Attribute-Based Comparable Data Access Control

Abstract: With the proliferation of mobile devices in recent years, there is a growing concern regarding secure data storage, secure computation, and fine-grained access control in data sharing for these resource-constrained devices in a cloud computing environment. In this work, we propose a new efficient framework named Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) with the support of negative attributes and wildcards. It embeds the comparable attribute ranges of all the attributes into the user’s key, and incorporates the attribute constraints of all the attributes into one piece of ciphertext during the encryption process to enforce flexible access control policies with various range relationships. Accordingly, CCP-CABE achieves the efficiency because it generates constant-size keys and ciphertext regardless of the number of involved attributes, and it also keeps the computation cost constant on lightweight mobile devices. We further discuss how to extend CCP-CABE to fit a scenario with multiple attribute domains, such that the decryption proceeds from the least privileged attribute domain to the most privileged one to help protect the privacy of the access policy. We provide security analysis and performance evaluation to demonstrate their efficiency at the end.

Efficient Secure-Channel Free Public Key Encryption with Keyword Search for EMRs in Cloud Storage

Abstract: Searchable encryption is an important cryptographic primitive that enables privacy-preserving keyword search on encrypted electronic medical records (EMRs) in cloud storage. Efficiency of such searchable encryption in a medical cloud storage system is very crucial as it involves client platforms such as smartphones or tablets that only have constrained computing power and resources. In this paper, we propose an efficient secure-channel free public key encryption with keyword search (SCF-PEKS) scheme that is proven secure in the standard model. We show that our SCF-PEKS scheme is not only secure against chosen keyword and ciphertext attacks (IND-SCF-CKCA), but also secure against keyword guessing attacks (IND-KGA). Furthermore, our proposed scheme is more efficient than other recent SCF-PEKS schemes in the literature.

A Survey on Cryptography using Optimization algorithms in WSNs

Abstract: Objective: The main intent of this research is to provide the secure communication in the wireless sensor networks. For that, several cryptography using optimization algorithms is investigated. Methods: In this manuscript, a survey has been made on the cryptography using optimization methods for secure communication. Several optimization algorithms are presented for cryptography to create the keys for the encryption. One of the suggested techniques is ant Colony Optimization Key Generation based image encryption method that is used to create the keys for encryption of text. The ant colony optimization method is used to generate the keys for encryption. Results: This survey comprehensively studies the issues in the cryptographic optimization methods for providing security in the wireless sensor networks. The performance of the different methods is compared with various parameters such as maximum number of keys stored, battery capacity, and runtime. The maximum number of keys store in the Ant Colony Optimization based key generation is 52, for Novel stream cipher cryptosystem 256, for fast and secure stream cipher 256, and also for RC4 256 keys. Conclusion: This survey investigates the several cryptographic optimization methods and provides the idea for efficient methods for future work.

Security analysis of logic encryption against the most effective side-channel attack: DPA

Abstract: Logic encryption has recently gained interest as a countermeasure against IP piracy and reverse engineering attacks. A secret key is used to lock/encrypt an IC such that the IC will not be functional without being activated with the correct key. Existing attacks against logic encryption are of theoretical and/or algorithmic nature. In this paper, we evaluate for the first time the security of logic encryption against side-channel attacks. We present a differential power analysis attack against random and strong logic encryption techniques. The proposed attack is highly effective against random logic encryption, revealing more than 70% of the key bits correctly in 50% of the circuits. However, in the case of strong logic encryption, which exhibits an inherent DPA-resistance, the attack could reveal more than 50% of the key bits in only 25% of the circuits.