Cryptanalysis of RGB,a mixed multivariate signature scheme

Public-Key Cryptography (PKC) based on multivariate quadratic equations is one of the most promising alternatives for classical PKC after the eventual coming of quantum computers. Recently, Shen and Tang proposed a new MQ-signature scheme, RGB, based on three types of variables, Red(r), Green(g) and Blue(b). They claimed that signing for RGB is faster than that of UOV and Rainbow. At ACISP 2016, Tang et al. implemented RGB on S5PV210 and MT6582 microprocessors at 64, 80, 96, 118 and 128-bit security levels for practical use. Their results are much more efficient than other MQ-signature schemes, so RGB is very appealing for resource-limited devices. We show that RGB with their suggested parameters at 64, 80, 96, 118 and 128 security levels are entirely broken by key recovery attacks using good keys. From a practical point of view, we are able to break their parameters at 64, 80, 96, 118 and 128 security levels in less than 0.48 seconds, 1.7 seconds, 90.68 seconds, 11 minutes and 6.82 hours, respectively. Consequently, we show that signing and the key sizes for RGB with secure parameter sets are much slower and larger than those of UOV and Rainbow.     

Efficient public key encryption with smallest ciphertext expansion from factoring

For public key encryption schemes, adaptive chosen ciphertext security is a widely accepted security notion since it captures a wide range of attacks. SAEP and SAEP+ are asymmetric encryption schemes which were proven to achieve semantic security against adaptive chosen ciphertext attacks. However, the bandwidth for message is essentially worse, that is the ciphertext expansion (the length difference between the ciphertext and the plaintext) is too large. In most of the mobile networks and bandwidth constrained communication systems, it is necessary to securely send as many messages as possible. In this article, we propose two chosen-ciphertext secure asymmetric encryption schemes. The first scheme is a generic asymmetric encryption padding scheme based on trapdoor permutations. The second one is its application to the Rabin-Williams function which has a very fast encryption algorithm. These asymmetric encryption schemes both achieve the optimal bandwidth w.r.t. the ciphertext expansion, namely with the smallest ciphertext expansion. Further, tight security reductions are shown to prove the security of these encryption schemes.     

Lattice-based completely non-malleable public-key encryption in the standard model

An encryption scheme is non-malleable if giving an encryption of a message to an adversary does not increase its chances of producing an encryption of a related message (under a given public key). Fischlin introduced a stronger notion, known as complete non-malleability, which requires attackers to have negligible advantage, even if they are allowed to transform the public key under which the related message is encrypted. Ventre and Visconti later proposed a comparison-based definition of this security notion, which is more in line with the well-studied definitions proposed by Bellare et al. The authors also provide additional feasibility results by proposing two constructions of completely non-malleable schemes, one in the common reference string model using non-interactive zero-knowledge proofs, and another using interactive encryption schemes. Therefore, the only previously known completely non-malleable (and non-interactive) scheme in the standard model, is quite inefficient as it relies on generic NIZK approach. They left the existence of efficient schemes in the common reference string model as an open problem. Recently, two efficient public-key encryption schemes have been proposed by Libert and Yung, and Barbosa and Farshim, both of them are based on pairing identity-based encryption. At ACISP 2011, Sepahi et al. proposed a method to achieve completely non-malleable encryption in the public-key setting using lattices but there is no security proof for the proposed scheme. In this paper we review the mentioned scheme and provide its security proof in the standard model. Our study shows that Sepahi’s scheme will remain secure even for post-quantum world since there are currently no known quantum algorithms for solving lattice problems that perform significantly better than the best known classical (i.e., non-quantum) algorithms.     

Inner-product encryption under standard assumptions

Predicate encryption is a generalized notion for public key encryption that enables one to encrypt attributes as well as a message. In this paper, we present a new inner-product encryption (IPE) scheme, as a specialized predicate encryption scheme, whose security relies on the well-known Decision Bilinear Diffie-Hellman (BDH) and Decision Linear assumptions. Our IPE scheme uses prime order groups equipped with a bilinear map and works in both symmetric and asymmetric bilinear maps. Our result is the first construction of IPE under the standard assumptions. Prior to our work, all IPE schemes known to date require non-standard assumptions to prove security, and moreover some of them use composite-order groups. To achieve our goal, we introduce a novel technique for attribute-hiding, which may be of independent interest.     

Paillier-based publicly verifiable (non-interactive) secret sharing

A verifiable secret sharing is a secret sharing scheme with an untrusted dealer that allows participants to verify validity of their own shares. A publicly verifiable secret sharing (PVSS) scheme is a verifiable secret sharing scheme that allows a third party to verify correctness of the distributed shares. We propose an efficient non-interactive PVSS scheme using Paillier additively homomorphic encryption system, and analyze its security in a model that we define in line with the classic semantic-security definition and offering stronger security compared to the previous models. We reduce security of our PVSS scheme to the well studied decisional composite residuosity assumption in this model.     

Image encryption using chaotic coupled map lattices with time-varying delays

In this paper, a novel image encryption scheme using coupled map lattices (CML) with time delay is proposed. By employing discretized tent map to shuffle the positions of image pixels and then using delayed coupled map lattices (DCML) to confuse the relationship between the plain-image and the cipher-image, image encryption algorithms with permutation-diffusion structure are introduced in detail. In the process of generating keystream, the time-varying delay is also embedded in our proposed scheme to enhance the security. Theoretical analysis and computer experiments confirm that the new algorithm possesses high security for practical image encryption.     

A method for image encryption based on fractional-order hyperchaotic systems

By using sequences generated from fractional-order hyperchaotic systems, a color image encryption scheme is investigated. Firstly, a plain image, which is known to users in advance, is chosen as a secret key to confuse the original image. Then, the confused image is encrypted by the sequences generated from the fractional-order hyperchaotic systems. With this simple encryption method, we can get an encrypted image that is fully scrambled and diused. For chaos-based image cryptosystems, this encryption scheme enhances the security and improves the eectiveness. Furthermore, the cryptosystem resists the dierential attack. Experiments show that the algorithm is suitable for image encryption, and some statistical tests are provided to show the high security in the end     

Polynomial-time key recovery attack on the Faure–Loidreau scheme based on Gabidulin codes

Encryption schemes based on the rank metric lead to small public key sizes of order of few thousands bytes which represents a very attractive feature compared to Hamming metric-based encryption schemes where public key sizes are of order of hundreds of thousands bytes even with additional structures like the cyclicity. The main tool for building public key encryption schemes in rank metric is the McEliece encryption setting used with the family of Gabidulin codes. Since the original scheme proposed in 1991 by Gabidulin, Paramonov and Tretjakov, many systems have been proposed based on different masking techniques for Gabidulin codes. Nevertheless, over the years most of these systems were attacked essentially by the use of an attack proposed by Overbeck. In 2005 Faure and Loidreau designed a rank-metric encryption scheme which was not in the McEliece setting. The scheme is very efficient, with small public keys of size a few kiloBytes and with security closely related to the linearized polynomial reconstruction problem which corresponds to the decoding problem of Gabidulin codes. The structure of the scheme differs considerably from the classical McEliece setting and until our work, the scheme had never been attacked. We show in this article that for a range of parameters, this scheme is also vulnerable to a polynomial-time attack that recovers the private key by applying Overbeck’s attack on an appropriate public code. As an example we break in a few seconds parameters with 80-bit security claim. Our work also shows that some parameters are not affected by our attack but at the cost of a lost of efficiency for the underlying schemes.     

An image encryption scheme with a pseudorandom permutation based on chaotic maps

Many research efforts for image encryption schemes have elaborated for designing nonlinear functions since security of these schemes closely depends on inherent characteristics of nonlinear functions. It is commonly believed that a chaotic map can be used as a good candidate of a nonlinear component for image encryption schemes. We propose a new image encryption algorithm using a large pseudorandom permutation which is combinatorially generated from small permutation matrices based on chaotic maps. The random-like nature of chaos is effectively spread into encrypted images by using the permutation matrix. The experimental results show that the proposed encryption scheme provides comparable security with that of the conventional image encryption schemes based on Baker map or Logistic map.     

A chaotic block cipher algorithm for image cryptosystems

Recently, many scholars have proposed chaotic cryptosystems in order to promote communication security. However, there are a number of major problems detected in some of those schemes such as weakness against differential attack, slow performance speed, and unacceptable data expansion. In this paper, we introduce a new chaotic block cipher scheme for image cryptosystems that encrypts block of bits rather than block of pixels. It encrypts 256-bits of plainimage to 256-bits of cipherimage within eight 32-bit registers. The scheme employs the cryptographic primitive operations and a non-linear transformation function within encryption operation, and adopts round keys for encryption using a chaotic system. The new scheme is able to encrypt large size of images with superior performance speed than other schemes. The security analysis of the new scheme confirms a high security level and fairly uniform distribution.     

Design of an image encryption scheme based on a multiple chaotic map

In order to solve the problem that chaos is degenerated in limited computer precision and Cat map is the small key space, this paper presents a chaotic map based on topological conjugacy and the chaotic characteristics are proved by Devaney definition. In order to produce a large key space, a Cat map named block Cat map is also designed for permutation process based on multiple-dimensional chaotic maps. The image encryption algorithm is based on permutation–substitution, and each key is controlled by different chaotic maps. The entropy analysis, differential analysis, weak-keys analysis, statistical analysis, cipher random analysis, and cipher sensibility analysis depending on key and plaintext are introduced to test the security of the new image encryption scheme. Through the comparison to the proposed scheme with AES, DES and Logistic encryption methods, we come to the conclusion that the image encryption method solves the problem of low precision of one dimensional chaotic function and has higher speed and higher security.     

An image encryption scheme based on quantum logistic map

The topic of quantum chaos has begun to draw increasing attention in recent years. While a satisfactory definition for it is not settled yet in order to differentiate between its classical counterparts. Dissipative quantum maps can be characterized by sensitive dependence on initial conditions, like classical maps. Considering this property, an implementation of image encryption scheme based on the quantum logistic map is proposed. The security and performance analysis of the proposed image encryption is performed using well-known methods. The results of the reliability analysis are encouraging and it can be concluded that, the proposed scheme is efficient and secure. The results of this study also suggest application of other quantum maps such as quantum standard map and quantum baker map in cryptography and other aspects of security and privacy.     

How to build time-lock encryption

Time-lock encryption is a method to encrypt a message such that it can only be decrypted after a certain deadline has passed. We propose a novel time-lock encryption scheme, whose main advantage over prior constructions is that even receivers with relatively weak computational resources should immediately be able to decrypt after the deadline, without any interaction with the sender, other receivers, or a trusted third party. We build our time-lock encryption on top of the new concept of computational reference clocks and an extractable witness encryption scheme. We explain how to construct a computational reference clock based on Bitcoin. We show how to achieve constant level of multilinearity for witness encryption by using SNARKs. We propose a new construction of a witness encryption scheme which is of independent interest: our scheme, based on Subset-Sum, achieves extractable security without relying on obfuscation. The scheme employs multilinear maps of arbitrary order and is independent of the implementations of multilinear maps.     

On the Security of Two Public Key Cryptosystems Using Non-Abelian Groups

The security of two public key encryption schemes relying on the hardness of different computational problems in non-abelian groups is investigated. First, an attack on a conceptual public key scheme based on Grigorchuk groups is presented. We show that from the public data one can easily derive an “equivalent” secret key that allows the decryption of arbitrary messages encrypted under the public key. Hereafter, a security problem in another conceptual public key scheme based on non-abelian groups is pointed out. We show that in the present form the BMW scheme is vulnerable to an attack, which can recover large parts of the private subgroup chain from the public key.     

The relation and transformation between hierarchical inner product encryption and spatial encryption

Hierarchical inner product encryption (HIPE) and spatial encryption (SE) are two important classes of functional encryption that have numerous applications. Although HIPE and SE both involve some notion of linear algebra, the former works in vectors while the latter is based on (affine) spaces. Moreover, they currently possess different properties in terms of security, anonymity (payload/attribute-hiding) and ciphertext sizes, for example. In this paper, we formally study the relation between HIPE and SE. In our work, we discover some interesting and novel property-preserving transformation techniques that enable generic construction of an SE scheme from an HIPE scheme, and vice versa.     

Group homomorphic encryption: characterizations, impossibility results, and applications

We give a complete characterization both in terms of security and design of all currently existing group homomorphic encryption schemes, i.e., existing encryption schemes with a group homomorphic decryption function such as ElGamal and Paillier. To this end, we formalize and identify the basic underlying structure of all existing schemes and say that such schemes are of shift-type. Then, we construct an abstract scheme that represents all shift-type schemes (i.e., every scheme occurs as an instantiation of the abstract scheme) and prove its IND-CCA1 (resp. IND-CPA) security equivalent to the hardness of an abstract problem called Splitting Oracle-Assisted Subgroup Membership Problem (SOAP) (resp. Subgroup Membership Problem, SMP). Roughly, SOAP asks for solving an SMP instance, i.e., for deciding whether a given ciphertext is an encryption of the neutral element of the ciphertext group, while allowing access to a certain oracle beforehand. Our results allow for contributing to a variety of open problems such as the IND-CCA1 security of Paillier’s scheme, or the use of linear codes in group homomorphic encryption. Furthermore, we design a new cryptosystem which provides features that are unique up to now: Its IND-CPA security is based on the k-linear problem introduced by Shacham, and Hofheinz and Kiltz, while its IND-CCA1 security is based on a new k-problem that we prove to have the same progressive property, namely that if the k-instance is easy in the generic group model, the (k+1)-instance is still hard.     

Efficient image or video encryption based on spatiotemporal chaos system

In this paper, an efficient image/video encryption scheme is constructed based on spatiotemporal chaos system. The chaotic lattices are used to generate pseudorandom sequences and then encrypt image blocks one by one. By iterating chaotic maps for certain times, the generated pseudorandom sequences obtain high initial-value sensitivity and good randomness. The pseudorandom-bits in each lattice are used to encrypt the Direct Current coefficient (DC) and the signs of the Alternating Current coefficients (ACs). Theoretical analysis and experimental results show that the scheme has good cryptographic security and perceptual security, and it does not affect the compression efficiency apparently. These properties make the scheme a suitable choice for practical applications.     

A novel chaotic encryption scheme based on arithmetic coding

In this paper, under the combination of arithmetic coding and logistic map, a novel chaotic encryption scheme is presented. The plaintexts are encrypted and compressed by using an arithmetic coder whose mapping intervals are changed irregularly according to a keystream derived from chaotic map and plaintext. Performance and security of the scheme are also studied experimentally and theoretically in detail.     

A new secured transmission scheme based on chaotic synchronization via smooth adaptive unknown-input observers

We present a new scheme for the secured transmission of information based on master–slave synchronization of chaotic systems, using unknown-input observers. Our approach improves upon state-of-the-art schemes by being compatible with information of relatively large amplitude while improving security against intruders through an intricate encryption system. In addition, our approach is robust to channel noise. The main idea is to separate the encryption and synchronization operations by using two cascaded chaotic systems in the transmitter. Technically, the scheme is based on smooth adaptive unknown-input observers; these have the advantage to estimate the (master) states and to reconstruct the unknown inputs simultaneously. The performance of the communication system is illustrated in numerical simulation.     

On the relations between non-interactive key distribution,identity-based encryption and trapdoor discrete log groups

This paper investigates the relationships between identity-based non-interactive key distribution (ID-NIKD) and identity-based encryption (IBE). It provides a new security model for ID-NIKD, and a construction that converts a secure ID-NIKD scheme satisfying certain conditions into a secure IBE scheme. This conversion is used to explain the relationship between the ID-NIKD scheme of Sakai, Ohgishi and Kasahara and the IBE scheme of Boneh and Franklin. The paper then explores the construction of ID-NIKD and IBE schemes from general trapdoor discrete log groups. Two different concrete instantiations for such groups provide new, provably secure ID-NIKD and IBE schemes. These schemes are suited to applications in which the Trusted Authority is computationally well-resourced, but clients performing encryption/decryption are highly constrained.