Cryptography — Open Access Journal

We introduce a private quantum money scheme with the note verification procedure based on sampling matching, a problem in a one-way communication complexity model. Our scheme involves a bank who produces and distributes quantum notes, noteholders who are untrusted, and trusted local verifiers of the bank to whom the holders send their notes in order to carry out transactions. The key aspects of our money scheme include: note verification procedure requiring a single round classical interaction between the local verifier and bank; fixed verification circuit that uses only passive linear optical components; re-usability of each note in our scheme which grows linearly with the size of note; and an unconditional security against any adversary trying to forge the banknote while tolerating the noise of up to 21.4%. We further describe a practical implementation technique of our money scheme using weak coherent states of light and the verification circuit involving a single 50/50 beam splitter and two single-photon threshold detectors. Previous best-known matching based money scheme proposal involves a verification circuit where the number of optical components increase proportional to the increase in desired noise tolerance (robustness). In contrast, we achieve any desired noise tolerance (up to a maximal threshold value) with only a fixed number of optical components. This considerable reduction of components in our scheme enables us to reach the robustness values that is not feasible for any existing money scheme with the current technology. Full article

Optical physical unclonable keys are currently considered to be rather promising candidates for the development of entity authentication protocols, which offer security against both classical and quantum adversaries. In this work, we investigate the robustness of a continuous-variable protocol, which relies on the scattering of coherent states of light from the key, against three different types of intercept–resend emulation attacks. The performance of the protocol is analyzed for a broad range of physical parameters, and our results are compared to existing security bounds. Full article

In an era of tremendous development in information technology and the Internet of Things (IoT), security plays a key role in safety devices connected with the Internet. Authentication is vital in the security field, and to achieve a strong authentication scheme, there are several systems using a Multi-Factor Authentication (MFA) scheme based on a smart card, token, and biometric. However, these schemes have suffered from the extra cost; lost, stolen or broken factor, and malicious attacks. In this paper, we design an MFA protocol to be the authenticated administrator of IoT’s devices. The main components of our protocol are a smart mobile device and the fuzzy extractor of the administrator’s fingerprint. The information of the authenticated user is stored in an anomalous manner in mobile devices and servers to resist well-known attacks, and, as a result, the attacker fails to authenticate the system when they obtain a mobile device or password. Our work overcomes the above-mentioned issues and does not require extra cost for a fingerprint device. By using the AVISPA tool to analysis protocol security, the results are good and safe against known attacks. Full article

This paper describes a cloud-scale encryption system. It discusses the constraints that shaped the design of Amazon Web Services’ Key Management Service, and in particular, the challenges that arise from using a standard mode of operation such as AES-GCM while safely supporting huge amounts of encrypted data that is (simultaneously) generated and consumed by a huge number of users employing different keys. We describe a new derived-key mode that is designed for this multi-user-multi-key scenario typical at the cloud scale. Analyzing the resulting security bounds of this model illustrates its applicability for our setting. This mode is already deployed as the default mode of operation for the AWS key management service. Full article

Backdooring cryptographic algorithms is an indisputable taboo in the cryptographic literature for a good reason: however noble the intentions, backdoors might fall in the wrong hands, in which case security is completely compromised. Nonetheless, more and more legislative pressure is being produced to enforce the use of such backdoors. In this work we introduce the concept of disposable cryptographic backdoors which can be used only once and become useless after that. These exotic primitives are impossible in the classical digital world without stateful and secure trusted hardware support, but, as we show, are feasible assuming quantum computation and access to classical stateless hardware tokens. Concretely, we construct a disposable (single-use) version of message authentication codes, and use them to derive a black-box construction of stateful hardware tokens in the above setting with quantum computation and classical stateless hardware tokens. This can be viewed as a generic transformation from stateful to stateless tokens and enables, among other things, one-time programs and memories. This is to our knowledge the first provably secure construction of such primitives from stateless tokens. As an application of disposable cryptographic backdoors we use our constructed primitive above to propose a middle-ground solution to the recent legislative push to backdoor cryptography: the conflict between Apple and FBI. We show that it is possible for Apple to create a one-time backdoor which unlocks any single device, and not even Apple can use it to unlock more than one, i.e., the backdoor becomes useless after it is used. We further describe how to use our ideas to derive a version of CCA-secure public key encryption, which is accompanied with a disposable (i.e., single-use, as in the above scenario) backdoor. Full article

In this work, a reversible watermarking technique is proposed for DICOM (Digital Imaging and Communications in Medicine) image that offers high embedding capacity (payload), security and fidelity of the watermarked image. The goal is achieved by embedding watermark based on companding in lifting based discrete wavelet transform (DWT) domain. In the embedding process, the companding technique is used to increase the data hiding capacity. On the other hand, a simple linear function is used in companding to make the scheme easy to implement, and content dependant watermark is used to make the scheme robust to collusion operation. Moreover, unlike previously proposed reversible watermarking techniques, this novel approach does not embed the location map in the host image that ultimately helps to achieve high fidelity of the watermarked image. The advantage of the proposed scheme is demonstrated by simulation results and also compared with selected other related schemes. Full article

The potential benefits of the Internet of Things (IoT) are hampered by malicious interventions of attackers when the fundamental security requirements such as authentication and authorization are not sufficiently met and existing measures are unable to protect the IoT environment from data breaches. With the spectrum of IoT application domains increasing to include mobile health, smart homes and smart cities in everyday life, the consequences of an attack in the IoT network connecting billions of devices will become critical. Due to the challenges in applying existing cryptographic standards to resource constrained IoT devices, new security solutions being proposed come with a tradeoff between security and performance. While much research has focused on developing lightweight cryptographic solutions that predominantly adopt RSA (Rivest–Shamir–Adleman) authentication methods, there is a need to identify the limitations in the usage of such measures. This research paper discusses the importance of a better understanding of RSA-based lightweight cryptography and the associated vulnerabilities of the cryptographic keys that are generated using semi-primes. In this paper, we employ mathematical operations on the sum of four squares to obtain one of the prime factors of a semi-prime that could lead to the attack of the RSA keys. We consider the even sum of squares and show how a modified binary greatest common divisor (GCD) can be used to quickly recover one of the factors of a semi-prime. The method presented in this paper only uses binary arithmetic shifts that are more suitable for the resource-constrained IoT landscape. This is a further improvement on previous work based on Euler’s method which is demonstrated using an illustration that allows for the faster testing of multiple sums of squares solutions more quickly. Full article

We propose a new authentication algorithm for small internet of things (IoT) devices without key distribution and secure servers. Encrypted private data are stored on the cloud server in the registration step and compared with incoming encrypted data without decryption in the verification step. We call a set of encryptions that can verify two encrypted data items without decryption a verifiable encryption (VE). In this paper, we define VE, and claim that several cryptosystems belong to the VE class. Moreover, we introduce an authentication algorithm based on VE, and show an example of the algorithm and discuss its performance and security. As the algorithm neither shares any secret keys nor decrypts, its computation time becomes very small. Full article

Electronic money (e-money or e-Cash) is the digital representation of physical banknotes augmented by added use cases of online and remote payments. This paper presents a novel, anonymous e-money transaction protocol, built based on physical unclonable functions (PUFs), titled PUF-Cash. PUF-Cash preserves user anonymity while enabling both offline and online transaction capability. The PUF’s privacy-preserving property is leveraged to create blinded tokens for transaction anonymity while its hardware-based challenge–response pair authentication scheme provides a secure solution that is impervious to typical protocol attacks. The scheme is inspired from Chaum’s Digicash work in the 1980s and subsequent improvements. Unlike Chaum’s scheme, which relies on Rivest, Shamir and Adlemans’s (RSA’s) multiplicative homomorphic property to provide anonymity, the anonymity scheme proposed in this paper leverages the random and unique statistical properties of synthesized integrated circuits. PUF-Cash is implemented and demonstrated using a set of Xilinx Zynq Field Programmable Gate Arrays (FPGAs). Experimental results suggest that the hardware footprint of the solution is small, and the transaction rate is suitable for large-scale applications. An in-depth security analysis suggests that the solution possesses excellent statistical qualities in the generated authentication and encryption keys, and it is robust against a variety of attack vectors including model-building, impersonation, and side-channel variants. Full article

As a result of the increased use of contract foundries, intellectual property (IP) theft, excess production and reverse engineering are major concerns for the electronics and defense industries. Hardware obfuscation and IP locking can be used to make a design secure by replacing a part of the circuit with a key-locked module. In order to ensure each chip has unique keys, previous work has proposed using physical unclonable functions (PUF) to lock the circuit. However, these designs are area intensive. In this work, we propose a strong PUF-based hardware obfuscation scheme to uniquely lock each chip. Full article

The Internet of Things (IoT) is very attractive because of its promises. However, it brings many challenges, mainly issues about privacy preservation and lightweight cryptography. Many schemes have been designed so far but none of them simultaneously takes into account these aspects. In this paper, we propose an efficient attribute-based credential scheme for IoT devices. We use elliptic curve cryptography without pairing, blind signing, and zero-knowledge proof. Our scheme supports block signing, selective disclosure, and randomization. It provides data minimization and transaction unlinkability. Our construction is efficient since smaller key size can be used, and computing time can be reduced. As a result, it is a suitable solution for IoT devices characterized by three major constraints, namely low-energy power, small storage capacity, and low computing power. Full article

A cryptography system was developed previously based on Cipher Polygraphic Polyfunction transformations, $C_{i\times j}^{(t)}\equiv A_{i\times i}^t{P}_{i\times j}modN$ where $C_{i\times j}$ , $P_{i\times j}$ , $A_{i\times i}$ are cipher text, plain text, and encryption key, respectively. Whereas, $(t)$ is the number of transformations of plain text to cipher text. In this system, the parameters ( $A_{i\times i},(t)$ ) are kept in secret by a sender of messages. The security of this system, including its combination with the second order linear recurrence Lucas sequence (LUC) and the Ron Rivest, Adi Shamir and Leonard Adleman (RSA) method, until now is being upgraded by some researchers. The studies found that there is some type of self-invertible $A_{4\times 4}$ should be not chosen before transforming a plain text to cipher text in order to enhance the security of Cipher Tetragraphic Trifunction. This paper also seeks to obtain some patterns of self-invertible keys $A_{6\times 6}$ and subsequently examine their effect on the system of Cipher Hexagraphic Polyfunction transformation. For that purpose, we need to find some solutions $L_{3\times 3}$ for $L_{3\times 3}^2\equiv A_{3\times 3}modN$ when $A_{3\times 3}$ are diagonal and symmetric matrices and subsequently implement the key $L_{3\times 3}$ to get the pattern of $A_{6\times 6}$ . Full article

Modular reduction of large values is a core operation in most common public-key cryptosystems that involves intensive computations in finite fields. Within such schemes, efficiency is a critical issue for the effectiveness of practical implementation of modular reduction. Recently, Residue Number Systems have drawn attention in cryptography application as they provide a good means for extreme long integer arithmetic and their carry-free operations make parallel implementation feasible. In this paper, we present an algorithm to calculate the precise value of “ $Xmodp$ ” directly in the RNS representation of an integer. The pipe-lined, non-pipe-lined, and parallel hardware architectures are proposed and implemented on XILINX FPGAs. Full article

In substitution–permutation network as a cryptosystem, substitution boxes play the role of the only nonlinear part. It would be easy for adversaries to compromise the security of the system without them. 8-bit S-boxes are the most used cryptographic components. So far, cryptographers were constructing 8-bit S-boxes used in cryptographic primitives by exhaustive search of permutations of order 256. However, now for cryptographic techniques with 8-bit S-boxes as confusion layers, researchers are trying to reduce the size of S-box by working with a small unit of data. The aim is to make the techniques compact, fast and elegant. The novelty of this research is the construction of S-box on the elements of the multiplicative subgroup of the Galois field instead of the entire Galois field. The sturdiness of the proposed S-box against algebraic attacks was hashed out by employing the renowned analyses, including balance, nonlinearity, strict avalanche criterion, and approximation probabilities. Furthermore, the statistical strength of the S-box was tested by the majority logic criterion. The fallouts show that the S-box is appropriate for applications for secure data communications. The S-box was also used for watermarking of grayscale images with good outcomes. Full article

The AKS algorithm is an important breakthrough in showing that primality testing of an integer can be done in polynomial time. In this paper, we study the optimization of its runtime. Namely, given a finite cardinality set of alphabets of a deterministic polynomial runtime Turing machine and the number of strings of an arbitrary input integer whose primality is to be tested as the system parameters, we consider the randomized AKS primality testing function as the objective function. Under randomization of the system parameters, we have shown that there are definite signatures of the local and global instabilities in the AKS algorithm. We observe that instabilities occur at the extreme limits of the parameters. It is worth mentioning that Fermat’s little theorem and Chinese remaindering help with the determination of the underlying stability domains. On the other hand, in the realm of the randomization theory, our study offers fluctuation theory structures of the AKS primality testing of an integer through its maximum number of irreducible factors. Finally, our optimization theory analysis anticipates a class of real-world applications for future research and developments, including optimal online security, system optimization and its performance improvements, (de)randomization techniques, and beyond, e.g., polynomial time primality testing, identity testing, machine learning, scientific computing, coding theory, and other stimulating optimization problems in a random environment. Full article

A concept for creating a large class of lightweight stream ciphers as Key Stream Generators KSGs is presented. The resulting class-size exceeds 2³²³ possible different KSGs. If one unknown cipher from the KSG-class is randomly picked-up and stored irreversibly within a VLSI device, the device becomes physically hard-to-clone. The selected cipher is only usable by the device itself, therefore cloning it requires an invasive attack on that particular device. Being an unknown selection out of 2³²³ possible KSGs, the resulting cipher is seen as a Secret Unknown Cipher (SUC). The SUC concept was presented a decade ago as a digital alternative to the inconsistent traditional analog Physically Unclonable Functions (PUFs). This work presents one possible practical self-creation technique for such PUFs as hard-to-clone unknown KSGs usable to re-identify VLSI devices. The proposed sample cipher-structure is based on non-linear merging of randomly selected 16 Nonlinear Feedback Shift Registers (NLFSRs). The created KSGs exhibit linear complexities exceeding 2⁸¹ and a period exceeding 2¹⁶¹. The worst-case device cloning time complexity approaches 2¹⁶². A simple lightweight identification protocol for physically identifying such SUC structures in FPGA-devices is presented. The required self-reconfiguring FPGAs for embedding such SUCs are not yet available, however, expected to emerge in the near future. The security analysis and hardware complexities of the resulting clone-resistant structures are evaluated and shown to offer scalable security levels to cope even with the post-quantum cryptography. Full article

Oblivious RAM (ORAM) is a cryptographic primitive which obfuscates the access patterns to a storage, thereby preventing privacy leakage. So far in the current literature, only ‘fully functional’ ORAMs are widely studied which can protect, at a cost of considerable performance penalty, against the strong adversaries who can monitor all read and write operations. However, recent research has shown that information can still be leaked even if only the write access pattern (not reads) is visible to the adversary. For such weaker adversaries, a fully functional ORAM turns out to be an overkill, causing unnecessary overheads. Instead, a simple ‘write-only’ ORAM is sufficient, and, more interestingly, is preferred as it can offer far better performance and energy efficiency than a fully functional ORAM. In this work, we present Flat ORAM: an efficient write-only ORAM scheme which outperforms the closest existing write-only ORAM called HIVE. HIVE suffers from performance bottlenecks while managing the memory occupancy information vital for correctness of the protocol. Flat ORAM introduces a simple idea of Occupancy Map (OccMap) to efficiently manage the memory occupancy information resulting in far better performance. Our simulation results show that, compared to HIVE, Flat ORAM offers $50\%$ performance gain on average and up to $80\%$ energy savings. Full article

A new class of public key agreement (PKA) algorithms called strongly-asymmetric algorithms (SAA) was introduced in a previous paper by some of the present authors. This class can be shown to include some of the best-known PKA algorithms, for example the Diffie–Hellman and several of its variants. In this paper, we construct a new version of the previous construction, called SAA-5, improving it in several points, as explained in the Introduction. In particular, the construction complexity is reduced, and at the same time, robustness is increased. Intuitively, the main difference between SAA-5 and the usual PKA consists of the fact that in the former class, B (Bob) has more than one public key and A (Alice) uses some of them to produce her public key and others to produce the secret shared key (SSK). This introduces an asymmetry between the sender of the message (B) and the receiver (A) and motivates the name for this class of algorithms. After describing the main steps of SAA-5, we discuss its breaking complexity assuming zero complexity of discrete logarithms and the computational complexity for both A and B to create SSK. Full article

Multivariate Public Key Cryptography (MPKC) is one of the main candidates for post-quantum cryptography, especially in the area of signature schemes. In this paper, we instantiate a certificate Identity-Based Signature (IBS) scheme based on Rainbow, one of the most efficient and secure multivariate signature schemes. In addition, we revise the previous identity-based signature scheme IBUOV based on the Unbalanced Oil and Vinegar (UOV) scheme on the security and choice of parameters and obtain that our scheme is more efficient than IBUOV in terms of key sizes and signature sizes. Full article