scispace - formally typeset
Search or ask a question

Showing papers on "Cryptography published in 2018"


Proceedings ArticleDOI
24 Apr 2018
TL;DR: This paper introduces Kyber, a portfolio of post-quantum cryptographic primitives built around a key-encapsulation mechanism (KEM), based on hardness assumptions over module lattices, and introduces a CPA-secure public-key encryption scheme and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticated-key-exchange schemes.
Abstract: Rapid advances in quantum computing, together with the announcement by the National Institute of Standards and Technology (NIST) to define new standards for digitalsignature, encryption, and key-establishment protocols, have created significant interest in post-quantum cryptographic schemes. This paper introduces Kyber (part of CRYSTALS – Cryptographic Suite for Algebraic Lattices – a package submitted to NIST post-quantum standardization effort in November 2017), a portfolio of post-quantum cryptographic primitives built around a key-encapsulation mechanism (KEM), based on hardness assumptions over module lattices. Our KEM is most naturally seen as a successor to the NEWHOPE KEM (Usenix 2016). In particular, the key and ciphertext sizes of our new construction are about half the size, the KEM offers CCA instead of only passive security, the security is based on a more general (and flexible) lattice problem, and our optimized implementation results in essentially the same running time as the aforementioned scheme. We first introduce a CPA-secure public-key encryption scheme, apply a variant of the Fujisaki–Okamoto transform to create a CCA-secure KEM, and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticated-key-exchange schemes. The security of our primitives is based on the hardness of Module-LWE in the classical and quantum random oracle models, and our concrete parameters conservatively target more than 128 bits of postquantum security.

370 citations


Journal ArticleDOI
10 Apr 2018
TL;DR: PASH is introduced, a privacy-aware s-health access control system, in which the key ingredient is a large universe CP-ABE with access policies partially hidden, and attribute values of access policies are hidden in encrypted SHRs and only attribute names are revealed.
Abstract: With the rapid development of the Internet of Things and cloud computing technologies, smart health (s-health) is expected to significantly improve the quality of health care. However, data security and user privacy concerns in s-health have not been adequately addressed. As a well-received solution to realize fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has the potential to ensure data security in s-health. Nevertheless, direct adoption of the traditional CP-ABE in s-health suffers two flaws. For one thing, access policies are in cleartext form and reveal sensitive health-related information in the encrypted s-health records (SHRs). For another, it usually supports small attribute universe, which places an undesirable limitation on practical deployments of CP-ABE because the size of its public parameters grows linearly with the size of the universe. To address these problems, we introduce PASH, a privacy-aware s-health access control system, in which the key ingredient is a large universe CP-ABE with access policies partially hidden. In PASH, attribute values of access policies are hidden in encrypted SHRs and only attribute names are revealed. In fact, attribute values carry much more sensitive information than generic attribute names. Particularly, PASH realizes an efficient SHR decryption test which needs a small number of bilinear pairings. The attribute universe can be exponentially large and the size of public parameters is small and constant. Our security analysis indicates that PASH is fully secure in the standard model. Performance comparisons and experimental results show that PASH is more efficient and expressive than previous schemes.

337 citations


Journal ArticleDOI
TL;DR: This paper presents a comprehensive analysis of the data security and privacy threats, protection technologies, and countermeasures inherent in edge computing, and proposes several open research directions of data security in the field of edge computing.
Abstract: With the explosive growth of Internet of Things devices and massive data produced at the edge of the network, the traditional centralized cloud computing model has come to a bottleneck due to the bandwidth limitation and resources constraint. Therefore, edge computing, which enables storing and processing data at the edge of the network, has emerged as a promising technology in recent years. However, the unique features of edge computing, such as content perception, real-time computing, and parallel processing, has also introduced several new challenges in the field of data security and privacy-preserving, which are also the key concerns of the other prevailing computing paradigms, such as cloud computing, mobile cloud computing, and fog computing. Despites its importance, there still lacks a survey on the recent research advance of data security and privacy-preserving in the field of edge computing. In this paper, we present a comprehensive analysis of the data security and privacy threats, protection technologies, and countermeasures inherent in edge computing. Specifically, we first make an overview of edge computing, including forming factors, definition, architecture, and several essential applications. Next, a detailed analysis of data security and privacy requirements, challenges, and mechanisms in edge computing are presented. Then, the cryptography-based technologies for solving data security and privacy issues are summarized. The state-of-the-art data security and privacy solutions in edge-related paradigms are also surveyed. Finally, we propose several open research directions of data security in the field of edge computing.

298 citations


Journal ArticleDOI
TL;DR: Some blockchain-enabled e-voting implementations and the approach’s potential benefits and challenges are highlighted.
Abstract: Blockchain-enabled e-voting (BEV) could reduce voter fraud and increase voter access. Eligible voters cast a ballot anonymously using a computer or smartphone. BEV uses an encrypted key and tamper-proof personal IDs. This article highlights some BEV implementations and the approach’s potential benefits and challenges.

284 citations


Proceedings ArticleDOI
29 May 2018
TL;DR: Chameleon as mentioned in this paper is a hybrid mixed protocol for secure function evaluation (SFE) which enables two parties to jointly compute a function without disclosing their private inputs, but does not support signed fixed-point numbers.
Abstract: We present Chameleon, a novel hybrid (mixed-protocol) framework for secure function evaluation (SFE) which enables two parties to jointly compute a function without disclosing their private inputs. Chameleon combines the best aspects of generic SFE protocols with the ones that are based upon additive secret sharing. In particular, the framework performs linear operations in the ring $\mathbbZ _2^l $ using additively secret shared values and nonlinear operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson protocol. Chameleon departs from the common assumption of additive or linear secret sharing models where three or more parties need to communicate in the online phase: the framework allows two parties with private inputs to communicate in the online phase under the assumption of a third node generating correlated randomness in an offline phase. Almost all of the heavy cryptographic operations are precomputed in an offline phase which substantially reduces the communication overhead. Chameleon is both scalable and significantly more efficient than the ABY framework (NDSS'15) it is based on. Our framework supports signed fixed-point numbers. In particular, Chameleon's vector dot product of signed fixed-point numbers improves the efficiency of mining and classification of encrypted data for algorithms based upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer convolutional deep neural network shows 133x and 4.2x faster executions than Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively.

258 citations


Journal ArticleDOI
TL;DR: A new cryptographic primitive is introduced, called combined attribute-based/identity-based encryption and signature (C-AB/IB-ES), which greatly facilitates the management of the system, and does not need to introduce different cryptographic systems for different security requirements.
Abstract: To achieve confidentiality, authentication, integrity of medical data, and support fine-grained access control, we propose a secure electronic health record (EHR) system based on attribute-based cryptosystem and blockchain technology. In our system, we use attribute-based encryption (ABE) and identity-based encryption (IBE) to encrypt medical data, and use identity-based signature (IBS) to implement digital signatures. To achieve different functions of ABE, IBE and IBS in one cryptosystem, we introduce a new cryptographic primitive, called combined attribute-based/identity-based encryption and signature (C-AB/IB-ES). This greatly facilitates the management of the system, and does not need to introduce different cryptographic systems for different security requirements. In addition, we use blockchain techniques to ensure the integrity and traceability of medical data. Finally, we give a demonstrating application for medical insurance scene.

249 citations


Journal ArticleDOI
TL;DR: A location privacy protection method that satisfies differential privacy constraint to protect location data privacy and maximizes the utility of data and algorithm in Industrial IoT is proposed.
Abstract: In the research of location privacy protection, the existing methods are mostly based on the traditional anonymization, fuzzy and cryptography technology, and little success in the big data environment, for example, the sensor networks contain sensitive information, which is compulsory to be appropriately protected. Current trends, such as “Industrie 4.0” and Internet of Things (IoT), generate, process, and exchange vast amounts of security-critical and privacy-sensitive data, which makes them attractive targets of attacks. However, previous methods overlooked the privacy protection issue, leading to privacy violation. In this paper, we propose a location privacy protection method that satisfies differential privacy constraint to protect location data privacy and maximizes the utility of data and algorithm in Industrial IoT. In view of the high value and low density of location data, we combine the utility with the privacy and build a multilevel location information tree model. Furthermore, the index mechanism of differential privacy is used to select data according to the tree node accessing frequency. Finally, the Laplace scheme is used to add noises to accessing frequency of the selecting data. As is shown in the theoretical analysis and the experimental results, the proposed strategy can achieve significant improvements in terms of security, privacy, and applicability.

234 citations


Journal ArticleDOI
TL;DR: A property of entropy, termed “entropy accumulation”, is presented, which asserts that the total amount of entropy of a large system is the sum of its parts, which is used to prove the security of cryptographic protocols, including device-independent quantum key distribution, while achieving essentially optimal parameters.
Abstract: Device-independent cryptography goes beyond conventional quantum cryptography by providing security that holds independently of the quality of the underlying physical devices. Device-independent protocols are based on the quantum phenomena of non-locality and the violation of Bell inequalities. This high level of security could so far only be established under conditions which are not achievable experimentally. Here we present a property of entropy, termed “entropy accumulation”, which asserts that the total amount of entropy of a large system is the sum of its parts. We use this property to prove the security of cryptographic protocols, including device-independent quantum key distribution, while achieving essentially optimal parameters. Recent experimental progress, which enabled loophole-free Bell tests, suggests that the achieved parameters are technologically accessible. Our work hence provides the theoretical groundwork for experimental demonstrations of device-independent cryptography.

214 citations


Journal ArticleDOI
TL;DR: The proposed checklist is thought to be a good starting point for researchers who are considering to work in chaos-based cryptography and actually not as secure as they are expressed although these algorithms do pass several statistical and randomness tests.
Abstract: Chaos-based cryptology has become one of the most common design techniques to design new encryption algorithms in the last two decades. However, many proposals have been observed to be weak against simple known attacks. However, security of proposals cannot be proved. An analysis roadmap is needed for the security analysis of new proposals. This study aims to address this shortcoming. Analysis and test results show that many chaos-based image encryption algorithms previously published in the nonlinear dynamics are actually not as secure as they are expressed although these algorithms do pass several statistical and randomness tests. A checklist has been proposed to solve these problems. The applications of the proposed checklist have been shown for different algorithms. The proposed checklist is thought to be a good starting point for researchers who are considering to work in chaos-based cryptography.

200 citations


Posted Content
TL;DR: Chameleon combines the best aspects of generic SFE protocols with the ones that are based upon additive secret sharing, and improves the efficiency of mining and classification of encrypted data for algorithms based upon heavy matrix multiplications.
Abstract: We present Chameleon, a novel hybrid (mixed-protocol) framework for secure function evaluation (SFE) which enables two parties to jointly compute a function without disclosing their private inputs. Chameleon combines the best aspects of generic SFE protocols with the ones that are based upon additive secret sharing. In particular, the framework performs linear operations in the ring $\mathbb{Z}_{2^l}$ using additively secret shared values and nonlinear operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson protocol. Chameleon departs from the common assumption of additive or linear secret sharing models where three or more parties need to communicate in the online phase: the framework allows two parties with private inputs to communicate in the online phase under the assumption of a third node generating correlated randomness in an offline phase. Almost all of the heavy cryptographic operations are precomputed in an offline phase which substantially reduces the communication overhead. Chameleon is both scalable and significantly more efficient than the ABY framework (NDSS'15) it is based on. Our framework supports signed fixed-point numbers. In particular, Chameleon's vector dot product of signed fixed-point numbers improves the efficiency of mining and classification of encrypted data for algorithms based upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer convolutional deep neural network shows 133x and 4.2x faster executions than Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively.

193 citations


Journal ArticleDOI
TL;DR: It is demonstrated that several statistical tests, commonly used to assess the security of chaos-based encryption schemes, are insufficient metrics for security analysis.
Abstract: Over the past years, an enormous variety of different chaos-based image and video encryption algorithms have been proposed and published. While any algorithm published undergoes some more or less strict experimental security analysis, many of those schemes are being broken in subsequent publications. In this paper, we show that two main motivations for preferring chaos-based image encryption over classical strong cryptographic encryption, namely computational effort and security benefits, are highly questionable. We demonstrate that several statistical tests, commonly used to assess the security of chaos-based encryption schemes, are insufficient metrics for security analysis. We do this experimentally by constructing obviously insecure encryption schemes and demonstrating that they perform well and/or pass several of these tests. In conclusion, these tests can only give a necessary, but by no means a sufficient condition for security. As a consequence of this paper, several security analyses in related work are questionable; further, methodologies for the security assessment for chaos-based encryption schemes need to be entirely reconsidered.

Journal ArticleDOI
TL;DR: This work proposes an efficient and privacy-preserving aggregation system with the aid of Fog computing architecture, named PPFA, which enables the intermediate Fog nodes to periodically collect data from nearby SMs and accurately derive aggregate statistics as the fine-grained Fog level aggregation.
Abstract: For constrained end devices in Internet of Things, such as smart meters (SMs), data transmission is an energy-consuming operation. To address this problem, we propose an efficient and privacy-preserving aggregation system with the aid of Fog computing architecture, named PPFA , which enables the intermediate Fog nodes to periodically collect data from nearby SMs and accurately derive aggregate statistics as the fine-grained Fog level aggregation. The Cloud/utility supplier computes overall aggregate statistics by aggregating Fog level aggregation. To minimize the privacy leakage and mitigate the utility loss, we use more efficient and concentrated Gaussian mechanism to distribute noise generation among parties, thus offering provable differential privacy guarantees of the aggregate statistic on both Fog level and Cloud level. In addition, to ensure aggregator obliviousness and system robustness, we put forward a two-layer encryption scheme: the first layer applies OTP to encrypt individual noisy measurement to achieve aggregator obliviousness, while the second layer uses public-key cryptography for authentication purpose. Our scheme is simple, efficient, and practical, it requires only one round of data exchange among a SM, its connected Fog node and the Cloud if there are no node failures, otherwise, one extra round is needed between a meter, its connected Fog node, and the trusted third party.

Journal ArticleDOI
TL;DR: This paper constructs a new ID-based linear homomorphic signature scheme, which avoids the shortcomings of the use of public-key certificates and is proved secure against existential forgery on adaptively chosen message and ID attack under the random oracle model.
Abstract: Identity-based cryptosystems mean that public keys can be directly derived from user identifiers, such as telephone numbers, email addresses, and social insurance number, and so on. So they can simplify key management procedures of certificate-based public key infrastructures and can be used to realize authentication in blockchain. Linearly homomorphic signature schemes allow to perform linear computations on authenticated data. And the correctness of the computation can be publicly verified. Although a series of homomorphic signature schemes have been designed recently, there are few homomorphic signature schemes designed in identity-based cryptography. In this paper, we construct a new ID-based linear homomorphic signature scheme, which avoids the shortcomings of the use of public-key certificates. The scheme is proved secure against existential forgery on adaptively chosen message and ID attack under the random oracle model. The ID-based linearly homomorphic signature schemes can be applied in e-business and cloud computing. Finally, we show how to apply it to realize authentication in blockchain.

Journal ArticleDOI
TL;DR: The aim of this paper is to elucidate the implications of quantum computing in present cryptography and to introduce the reader to basic post-quantum algorithms.
Abstract: The aim of this paper is to elucidate the implications of quantum computing in present cryptography and to introduce the reader to basic post-quantum algorithms. In particular the reader can delve into the following subjects: present cryptographic schemes (symmetric and asymmetric), differences between quantum and classical computing, challenges in quantum computing, quantum algorithms (Shor’s and Grover’s), public key encryption schemes affected, symmetric schemes affected, the impact on hash functions, and post quantum cryptography. Specifically, the section of Post-Quantum Cryptography deals with different quantum key distribution methods and mathematicalbased solutions, such as the BB84 protocol, lattice-based cryptography, multivariate-based cryptography, hash-based signatures and code-based cryptography.

Proceedings ArticleDOI
15 Oct 2018
TL;DR: This paper introduces a new form of symmetric encryption, named symmetric puncturable encryption (SPE), and construct a generic primitive from simple cryptographic tools, and presents a backward-secure SSE scheme that can revoke a server's searching ability on deleted data.
Abstract: Symmetric Searchable Encryption (SSE) has received wide attention due to its practical application in searching on encrypted data. Beyond search, data addition and deletion are also supported in dynamic SSE schemes. Unfortunately, these update operations leak some information of updated data. To address this issue, forward-secure SSE is actively explored to protect the relations of newly updated data and previously searched keywords. On the contrary, little work has been done in backward security, which enforces that search should not reveal information of deleted data. In this paper, we propose the first practical and non-interactive backward-secure SSE scheme. In particular, we introduce a new form of symmetric encryption, named symmetric puncturable encryption (SPE), and construct a generic primitive from simple cryptographic tools. Based on this primitive, we then present a backward-secure SSE scheme that can revoke a server's searching ability on deleted data. We instantiate our scheme with a practical puncturable pseudorandom function and implement it on a large dataset. The experimental results demonstrate its efficiency and scalability. Compared to the state-of-the-art, our scheme achieves a speedup of almost 50x in search latency, and a saving of 62% in server storage consumption.

Journal ArticleDOI
TL;DR: A comprehensive survey of authentication and privacy-preserving schemes for 4G and 5G cellular networks can be found in this paper, where the authors provide a taxonomy and comparison of authentication schemes in terms of tables.

Journal ArticleDOI
TL;DR: This paper proposes a lightweight privacy-preserving authentication protocol for the RFID system by considering the ideal PUF environment, and introduces an enhanced protocol which can support the noisyPUF environment.
Abstract: Radio frequency identification (RFID) has been considered one of the imperative requirements for implementation of Internet-of-Things applications. It helps to solve the identification issues of the things in a cost-effective manner, but RFID systems often suffer from various security and privacy issues. To solve those issues for RFID systems, many schemes have been recently proposed by using the cryptographic primitive, called physically uncloneable functions (PUFs), which can ensure a tamper-evident feature. However, to the best of our knowledge, none of them has succeeded to address the problem of privacy preservation with the resistance of DoS attacks in a practical way. For instance, existing schemes need to rely on exhaustive search operations to identify a tag, and also suffer from several security and privacy related issues. Furthermore, a tag needs to store some security credentials (e.g., secret shared keys), which may cause several issues such as loss of forward and backward secrecy and large storage costs. Therefore, in this paper, we first propose a lightweight privacy-preserving authentication protocol for the RFID system by considering the ideal PUF environment. Subsequently, we introduce an enhanced protocol which can support the noisy PUF environment. It is argued that both of our protocols can overcome the limitations of existing schemes, and further ensure more security properties. By analyzing the performance, we have shown that the proposed solutions are secure, efficient, practical, and effective for the resource-constraint RFID tag.

Journal ArticleDOI
TL;DR: A survey of lightweight cryptographic algorithms, presenting recent advances in the field and identifying opportunities for future research is provided, examining lightweight implementations of symmetric-key block ciphers in hardware and software architectures.
Abstract: Embedded systems are deployed in various domains, including industrial installations, critical and nomadic environments, private spaces and public infrastructures. Their operation typically involves access, storage and communication of sensitive and/or critical information that requires protection, making the security of their resources and services an imperative design concern. The demand for applicable cryptographic components is therefore strong and growing. However, the limited resources of these devices, in conjunction with the ever-present need for smaller size and lower production costs, hinder the deployment of secure algorithms typically found in other environments and necessitate the adoption of lightweight alternatives. This paper provides a survey of lightweight cryptographic algorithms, presenting recent advances in the field and identifying opportunities for future research. More specifically, we examine lightweight implementations of symmetric-key block ciphers in hardware and software architectures. We evaluate 52 block ciphers and 360 implementations based on their security, performance and cost, classifying them with regard to their applicability to different types of embedded devices and referring to the most important cryptanalysis pertaining to these ciphers.

Journal ArticleDOI
TL;DR: This paper has put forwarded an RFID-based authentication architecture for distributed IoT (Internet of Things) applications suitable for the future smart city environments and designed for IoT-based infrastructure in smart city environment.

Journal ArticleDOI
TL;DR: This special issue presents existing state-of-the-art advances reported by the 21 accepted papers and concludes the special issue with a number of potential research agenda.
Abstract: Industrial Internet of Things (IIoT) is an emerging trend, including in nontraditional technological sector (e.g., oil and gas industry). There are, however, a number of research challenges such using cryptography and other techniques to ensure security and privacy in IIoT applications and services. In this special issue, we present existing state-of-the-art advances reported by the 21 accepted papers. We then conclude the special issue with a number of potential research agenda.

Journal ArticleDOI
Junxin Chen1, Yu Zhang1, Lin Qi1, Chong Fu1, Lisheng Xu1 
TL;DR: A solution for simultaneous image encryption and compression using compressed sensing using structurally random matrix (SRM), and permutation-diffusion type image encryption using 3-D cat map is presented.
Abstract: This paper presents a solution for simultaneous image encryption and compression. The primary introduced techniques are compressed sensing (CS) using structurally random matrix (SRM), and permutation-diffusion type image encryption. The encryption performance originates from both the techniques, whereas the compression effect is achieved by CS. Three-dimensional (3-D) cat map is employed for key stream generation. The simultaneously produced three state variables of 3-D cat map are respectively used for the SRM generation, image permutation and diffusion. Numerical simulations and security analyses have been carried out, and the results demonstrate the effectiveness and security performance of the proposed system.

Journal ArticleDOI
01 Jan 2018
TL;DR: This paper proposes the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing, and the security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie–Hellman assumption.
Abstract: Fog computing as an extension of cloud computing provides computation, storage and application services to end users. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality and fine-grained data access control. It enables data owners to define flexible access policy for data sharing. However, in CP-ABE systems, the problems of the time required to encrypt, decrypt and attribute update are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing. Specifically, the heavy computation operations of encryption and decryption are outsourced to fog nodes, thus the computation operations for data owners to encrypt and users to decrypt are irrelevant to the number of attributes in the access structure and secret keys, respectively. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertext associated with the corresponding updated attribute. The security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie–Hellman assumption. The proposed scheme is efficient, and the time of encryption for data owners and decryption for users are small and constant. The computational ability of fog nodes are fully utilizing during the access control, so the tiny computing cost is left to end users with resource-constrained devices.

Journal ArticleDOI
TL;DR: A novel identity-based key establishment protocol which employs elliptic curves at its core and has the lowest computational overhead among current secure protocols, especially at the meter side is proposed.
Abstract: Security is fundamental to the operation of smart grid and its advanced metering infrastructure (AMI). Key establishment is the core component in key management schemes and plays a crucial role in satisfying the security requirements. In recent years, many key establishment protocols have been proposed in the context of smart grids. However, their high overhead and complexity have undermined their ability to be practically employed in AMI. In this paper, we propose a novel identity-based key establishment protocol which employs elliptic curves at its core and has the lowest computational overhead among current secure protocols, especially at the meter side. We have given a detailed and comparative analysis of both security and computational burden for the proposed protocol as well as the previous efforts. We have evaluated the resilience of different protocols to well-known attacks by discussion, however, for the proposed protocol, we have also used AVISPA tool to formally verify its security. Compared to the previous solutions, the proposed protocol either is more secure or scores higher in performance benchmarks run on the same hardware.

Journal ArticleDOI
TL;DR: Cheon et al. as discussed by the authors applied the homomorphic encryption scheme for an efficient arithmetic over real numbers, and devised a new encoding method to reduce storage of encrypted database, which was selected as the best solution of Track 3 at iDASH privacy and security competition 2017.
Abstract: Security concerns have been raised since big data became a prominent tool in data analysis. For instance, many machine learning algorithms aim to generate prediction models using training data which contain sensitive information about individuals. Cryptography community is considering secure computation as a solution for privacy protection. In particular, practical requirements have triggered research on the efficiency of cryptographic primitives. This paper presents a method to train a logistic regression model without information leakage. We apply the homomorphic encryption scheme of Cheon et al. (ASIACRYPT 2017) for an efficient arithmetic over real numbers, and devise a new encoding method to reduce storage of encrypted database. In addition, we adapt Nesterov’s accelerated gradient method to reduce the number of iterations as well as the computational cost while maintaining the quality of an output classifier. Our method shows a state-of-the-art performance of homomorphic encryption system in a real-world application. The submission based on this work was selected as the best solution of Track 3 at iDASH privacy and security competition 2017. For example, it took about six minutes to obtain a logistic regression model given the dataset consisting of 1579 samples, each of which has 18 features with a binary outcome variable. We present a practical solution for outsourcing analysis tools such as logistic regression analysis while preserving the data confidentiality.

Journal ArticleDOI
TL;DR: This protocol eradicates the security vulnerabilities associated with the measurement device, and greatly enhances the practical security of quantum secure direct communication, and has an extended communication distance, and a high communication capacity.
Abstract: Security in communication is vital in modern life. At present, security is realized by an encryption process in cryptography. It is unbelievable if a secure communication is achievable without encryption. In quantum cryptography, there is a unique form of quantum communication, quantum secure direct communication, where secret information is transmitted directly over a quantum channel. Quantum secure direct communication is drastically distinct from our conventional concept of secure communication, because it does not require key distribution, key storage and ciphertext transmission, and eliminates the encryption procedure completely. Hence it avoids in principle all the security loopholes associated with key and ciphertext in traditional secure communications. For practical implementation, defects always exist in real devices and it may downgrade the security. Among the various device imperfections, those with the measurement devices are the most prominent and serious ones. Here we report a measurement-device-independent quantum secure direct communication protocol using Einstein-Podolsky-Rosen pairs. This protocol eradicates the security vulnerabilities associated with the measurement device, and greatly enhances the practical security of quantum secure direct communication. In addition to the security advantage, this protocol has an extended communication distance, and a high communication capacity.

Proceedings ArticleDOI
20 May 2018
TL;DR: Oblix is presented, a search index for encrypted data that is oblivious (provably hides access patterns), is dynamic (supports inserts and deletes), and has good efficiency, and is demonstrated in several applications.
Abstract: Search indices are fundamental building blocks of many systems, and there is great interest in running them on encrypted data. Unfortunately, many known schemes that enable search queries on encrypted data achieve efficiency at the expense of security, as they reveal access patterns to the encrypted data. In this paper we present Oblix, a search index for encrypted data that is oblivious (provably hides access patterns), is dynamic (supports inserts and deletes), and has good efficiency. Oblix relies on a combination of novel oblivious-access techniques and recent hardware enclave platforms (e.g., Intel SGX). In particular, a key technical contribution is the design and implementation of doubly-oblivious data structures, in which the client's accesses to its internal memory are oblivious, in addition to accesses to its external memory at the server. These algorithms are motivated by hardware enclaves like SGX, which leak access patterns to both internal and external memory. We demonstrate the usefulness of Oblix in several applications: private contact discovery for Signal, private retrieval of public keys for Key Transparency, and searchable encryption that hides access patterns and result sizes.

Journal ArticleDOI
TL;DR: An efficient Cross-Domain HandShake (CDHS) scheme is constructed that allows symptoms-matching within MHSNs and proves the security of the scheme, and a comparative summary demonstrates that the proposed CDHS scheme requires fewer computation and lower communication costs.
Abstract: With rapid developments of sensor, wireless and mobile communication technologies, Mobile Healthcare Social Networks (MHSNs) have emerged as a popular means of communication in healthcare services. Within MHSNs, patients can use their mobile devices to securely share their experiences, broaden their understanding of the illness or symptoms, form a supportive network, and transmit information (e.g., state of health and new symptoms) between users and other stake holders (e.g., medical center). Despite the benefits afforded by MHSNs, there are underlying security and privacy issues (e.g., due to the transmission of messages via a wireless channel). The handshake scheme is an important cryptographic mechanism, which can provide secure communication in MHSNs (e.g., anonymity and mutual authentication between users, such as patients). In this paper, we present a new framework for the handshake scheme in MHSNs, which is based on hierarchical identity-based cryptography. We then construct an efficient Cross-Domain HandShake (CDHS) scheme that allows symptoms-matching within MHSNs. For example, using the proposed CDHS scheme, two patients registered with different healthcare centers can achieve mutual authentication and generate a session key for future secure communications. We then prove the security of the scheme, and a comparative summary demonstrates that the proposed CDHS scheme requires fewer computation and lower communication costs. We also implement the proposed CDHS scheme and three related schemes in a proof of concept Android app to demonstrate utility of the scheme. Findings from the evaluations demonstrate that the proposed CDHS scheme achieves a reduction of 18.14 and 5.41 percent in computation cost and communication cost, in comparison to three other related handshake schemes.

ReportDOI
01 May 2018
TL;DR: This note describes the eXtended Merkle Signature Scheme (XMSS), a hash-based digital signature system that is suitable for compact implementations, relatively simple to implement, and naturally resists side-channel attacks.
Abstract: This note describes the eXtended Merkle Signature Scheme (XMSS), a hash-based digital signature system. It follows existing descriptions in scientific literature. The note specifies the WOTS+ one-time signature scheme, a single-tree (XMSS) and a multi-tree variant (XMSS^MT) of XMSS. Both variants use WOTS+ as a main building block. XMSS provides cryptographic digital signatures without relying on the conjectured hardness of mathematical problems. Instead, it is proven that it only relies on the properties of cryptographic hash functions. XMSS provides strong security guarantees and is even secure when the collision resistance of the underlying hash function is broken. It is suitable for compact implementations, relatively simple to implement, and naturally resists side-channel attacks. Unlike most other signature systems, hash-based signatures can withstand so far known attacks using quantum computers.

Journal ArticleDOI
TL;DR: In this paper, the authors investigated the security of a classic diffusion mechanism used as the core cryptographic primitive in some image cryptosystems based on the aforementioned complex dynamic phenomena and theoretically found that regardless of the key schedule process, the data complexity for recovering each element of the equivalent secret key from these diffusion mechanisms is only ${O}$ (1).
Abstract: The need for fast and strong image cryptosystems motivates researchers to develop new techniques to apply traditional cryptographic primitives in order to exploit the intrinsic features of digital images. One of the most popular and mature technique is the use of complex dynamic phenomena, including chaotic orbits and quantum walks, to generate the required key stream. In this paper, under the assumption of plaintext attacks we investigate the security of a classic diffusion mechanism (and of its variants) used as the core cryptographic primitive in some image cryptosystems based on the aforementioned complex dynamic phenomena. We have theoretically found that regardless of the key schedule process, the data complexity for recovering each element of the equivalent secret key from these diffusion mechanisms is only ${O}$ (1). The proposed analysis is validated by means of numerical examples. Some additional cryptographic applications of this paper are also discussed.

Journal ArticleDOI
TL;DR: This Tutorial Review highlights the diversity of the molecular platforms and the analytical techniques used for this purpose, some of which are highlighted in this Tutorial Review, and how those molecular systems can be used to emulate a broad spectrum of security measures.
Abstract: The idea of using molecules in the context of information security has sparked the interest of researchers from many scientific disciplines. This is clearly manifested in the diversity of the molecular platforms and the analytical techniques used for this purpose, some of which we highlight in this Tutorial Review. Moreover, those molecular systems can be used to emulate a broad spectrum of security measures. For a long time, molecular keypad locks enjoyed a clear preference and the review starts off with a description of how these devices developed. In the last few years, however, the field has evolved into something larger. Examples include more complex authentication protocols (multi-factor authentication and one-time passwords), the recognition of erroneous procedures in data transmission (parity devices), as well as steganographic and cryptographic protection.