Automating computational proofs for public-key-based key exchange

We present an approach to automating computationally sound proofs of key exchange protocols based on public-key encryption. We show that satisfying the property called occultness in the Dolev-Yao model guarantees the security of a related key exchange protocol in a simple computational model. Security in this simpler model has been shown to imply security in a Bellare {Rogaway-like model. Furthermore, the occultness in the Dolev-Yao model can be searched automatically by a mechanisable procedure. Thus automated proofs for key exchange protocols in the computational model can be achieved. We illustrate the method using the well-known Lowe-Needham-Schroeder protocol.

Efficient and secure self-escrowed public-key infrastructures

A self-escrowed public key infrastructure (SE-PKI) combines the usual functionality of a public-key infrastructure with the ability to recover private keys given some trap-door information. We present an additively homomorphic variant of an existing SE-PKI for ElGamal encryption. We also propose a new efficient SE-PKI based on the ElGamal and Okamoto-Uchiyama cryptosystems that is more efficient than the previous SE-PKI. This is the first SE-PKI that does not suffer from a key doubling problem of previous SE-PKI proposals. Additionally, we present the first self-escrowed encryption schemes secure against chosen-ciphertext attack in the standard model. These schemes are also quite efficient and are based on the Cramer-Shoup cryptosystem, and the Kurosawa-Desmedt hybrid variant in different groups.

Effort-release public-key encryption from cryptographic puzzles

Timed-release cryptography addresses the problem of “sending messages into the future”: information is encrypted so that it can only be decrypted after a certain amount of time, either (a) with the help of a trusted third party time server, or (b) after a party performs the required number of sequential operations. We generalise the latter case to what we call effort-release public key encryption (ER-PKE), where only the party holding the private key corresponding to the public key can decrypt, and only after performing a certain amount of computation which may or may not be parallelisable. Effort-release PKE generalises both the sequential-operation-based timed-release encryption of Rivest, Shamir, and Wagner, and also the encapsulated key escrow techniques of Bellare and Goldwasser. We give a generic construction for ER-PKE based on the use of moderately hard computational problems called puzzles. Our approach extends the KEM/DEM framework for public key encryption by introducing a difficulty notion for KEMs which results in effort-release PKE. When the puzzle used in our generic construction is non-parallelisable, we recover timed-release cryptography, with the addition that only the designated receiver (in the public key setting) can decrypt.

Barriers and facilitators to public bicycle scheme use : a qualitative approach

The purpose of this study was to explore barriers and facilitators to using CityCycle, a public bicycle share scheme in Brisbane, Australia. Focus groups were conducted with participants belonging to one of three categories. Group one consisted of infrequent and noncyclists (no bicycle riding over the past month), group two were regular bicycle riders (ridden a bicycle at least once in the past month) and group three was composed of CityCycle members. A thematic analytic method was used to analyse the data. Three main themes were found: Accessibility/spontaneity, safety and weather/topography. The lengthy sign-up process was thought to stifle the spontaneity typically thought to attract people to public bike share. Mandatory helmet legislation was thought to reduce spontaneous use. Safety was a major concern for all groups and this included a perceived lack of suitable bicycle infrastructure, as well as regular riders describing a negative attitude of some car drivers. Interestingly, CityCycle riders unanimously perceived car driver attitudes to improve when on CityCycle bicycles relative to riding on personal bicycles. Conclusions: In order to increase the popularity of the CityCycle scheme, the results of this study suggest that a more accessible, spontaneous sign-up process is required, 24/7 opening hours, and greater incentives to sign up new members and casual users, as seeing people using CityCycle appears critical to further take up.

Distributed public-key cryptography from weak secrets

We introduce the notion of distributed password-based public-key cryptography, where a virtual high-entropy private key is implicitly defined as a concatenation of low-entropy passwords held in separate locations. The users can jointly perform private-key operations by exchanging messages over an arbitrary channel, based on their respective passwords, without ever sharing their passwords or reconstituting the key. Focusing on the case of ElGamal encryption as an example, we start by formally defining ideal functionalities for distributed public-key generation and virtual private-key computation in the UC model. We then construct efficient protocols that securely realize them in either the RO model (for efficiency) or the CRS model (for elegance). We conclude by showing that our distributed protocols generalize to a broad class of “discrete-log”-based public-key cryptosystems, which notably includes identity-based encryption. This opens the door to a powerful extension of IBE with a virtual PKG made of a group of people, each one memorizing a small portion of the master key.

Lattice-based certificateless public-key encryption in the standard model

The notion of certificateless public-key encryption (CL-PKE) was introduced by Al-Riyami and Paterson in 2003 that avoids the drawbacks of both traditional PKI-based public-key encryption (i.e., establishing public-key infrastructure) and identity-based encryption (i.e., key escrow). So CL-PKE like identity-based encryption is certificate-free, and unlike identity-based encryption is key escrow-free. In this paper, we introduce simple and efficient CCA-secure CL-PKE based on (hierarchical) identity-based encryption. Our construction has both theoretical and practical interests. First, our generic transformation gives a new way of constructing CCA-secure CL-PKE. Second, instantiating our transformation using lattice-based primitives results in a more efficient CCA-secure CL-PKE than its counterpart introduced by Dent in 2008.

New security notions and relations for public-key encryption

Since their introduction, the notions of indistinguishability and non-malleability have been changed and extended by different authors to support different goals. In this paper, we propose new flavors of these notions, investigate their relative strengths with respect to previous notions, and provide the full picture of relationships (i.e., implications and separations) among the security notions for public-key encryption schemes. We take into account the two general security goals of indistinguishability and non-malleability, each in the message space, key space, and hybrid message-key space to find six specific goals, a couple of them, namely complete indistinguishability and key non-malleability, are new. Then for each pair of goals, coming from the indistinguishability or non-malleability classes, we prove either an implication or a separation, completing the full picture of relationships among all these security notions. The implications and separations are respectively supported by formal proofs (i.e., reductions) in the concrete-security framework and by counterexamples.

Fast Public Key Cryptosystem Based On Matrix Rings

A public key cryptosystem is proposed, which is based on the assumption that finding the square root of an element in a large finite ring is computationally infeasible in the absence of a knowledge of the ring structure. The encryption and decryption operations are very fast, and the data expansion is 1:2.

Certificate-less on-demand public key management (CLPKM) for self-organized MANETs

In this paper, we have proposed a novel certificate-less on-demand public key management (CLPKM) protocol for self-organized MANETs. The protocol works on flat network architecture, and distinguishes between authentication layer and routing layer of the network. We put an upper limit on the length of verification route and use the end-to-end trust value of a route to evaluate its strength. The end-to-end trust value is used by the protocol to select the most trusted verification route for accomplishing public key verification. Also, the protocol uses MAC function instead of RSA certificates to perform public key verification. By doing this, the protocol saves considerable computation power, bandwidth and storage space. The saved storage space is utilized by the protocol to keep a number of pre-established routes in the network nodes, which helps in reducing the average verification delay of the protocol. Analysis and simulation results confirm the effectiveness of the proposed protocol.

Self-organized public key management in MANETs with enhanced security and without certificate-chains

In the self-organized public key management approaches, public key verification is achieved through verification routes constituted by the transitive trust relationships among the network principals. Most of the existing approaches do not distinguish among different available verification routes. Moreover, to ensure stronger security, it is important to choose an appropriate metric to evaluate the strength of a route. Besides, all of the existing self-organized approaches use certificate-chains for achieving authentication, which are highly resource consuming. In this paper, we present a self-organized certificate-less on-demand public key management (CLPKM) protocol, which aims at providing the strongest verification routes for authentication purposes. It restricts the compromise probability for a verification route by restricting its length. Besides, we evaluate the strength of a verification route using its end-to-end trust value. The other important aspect of the protocol is that it uses a MAC function instead of RSA certificates to perform public key verifications. By doing this, the protocol saves considerable computation power, bandwidth and storage space. We have used an extended strand space model to analyze the correctness of the protocol. The analytical, simulation, and the testbed implementation results confirm the effectiveness of the proposed protocol. (c) 2014 Elsevier B.V. All rights reserved.

Secure architectures for pairing based public key cryptography

Along with the growing demand for cryptosystems in systems ranging from large servers to mobile devices, suitable cryptogrophic protocols for use under certain constraints are becoming more and more important. Constraints such as calculation time, area, efficiency and security, must be considered by the designer. Elliptic curves, since their introduction to public key cryptography in 1985 have challenged established public key and signature generation schemes such as RSA, offering more security per bit. Amongst Elliptic curve based systems, pairing based cryptographies are thoroughly researched and can be used in many public key protocols such as identity based schemes. For hardware implementions of pairing based protocols, all components which calculate operations over Elliptic curves can be considered. Designers of the pairing algorithms must choose calculation blocks and arrange the basic operations carefully so that the implementation can meet the constraints of time and hardware resource area. This thesis deals with different hardware architectures to accelerate the pairing based cryptosystems in the field of characteristic two. Using different top-level architectures the hardware efficiency of operations that run at different times is first considered in this thesis. Security is another important aspect of pairing based cryptography to be considered in practically Side Channel Analysis (SCA) attacks. The naively implemented hardware accelerators for pairing based cryptographies can be vulnerable when taking the physical analysis attacks into consideration. This thesis considered the weaknesses in pairing based public key cryptography and addresses the particular calculations in the systems that are insecure. In this case, countermeasures should be applied to protect the weak link of the implementation to improve and perfect the pairing based algorithms. Some important rules that the designers must obey to improve the security of the cryptosystems are proposed. According to these rules, three countermeasures that protect the pairing based cryptosystems against SCA attacks are applied. The implementations of the countermeasures are presented and their performances are investigated.