A multivariate cryptosystem inspired by random linear codes

We introduce a new multivariate encryption scheme inspired by random linear codes. The construction is similar to that of UOV, one of the oldest and most trusted multivariate signature schemes, but with a parameterization nothing like that of UOV. The structure of the scheme admits many generic modifications providing an array of security and performance properties. The scheme also supports an embedding modifier which allows any efficiently invertible multivariate system to be incorporated into the scheme. The product of this methodology is the fastest secure multivariate encryption scheme targeting CCA security at the 128-bit level.     

Generic cryptographic weakness of k-normal Boolean functions in certain stream ciphers and cryptanalysis of grain-128

This paper considers security implications of k-normal Boolean functions when they are employed in certain stream ciphers. A generic algorithm is proposed for cryptanalysis of the considered class of stream ciphers based on a security weakness of k-normal Boolean functions. The proposed algorithm yields a framework for mounting cryptanalysis against particular stream ciphers within the considered class. Also, the proposed algorithm for cryptanalysis implies certain design guidelines for avoiding certain weak stream cipher constructions. A particular objective of this paper is security evaluation of stream cipher Grain-128 employing the developed generic algorithm. Contrary to the best known attacks against Grain-128 which provide complexity of a secret key recovery lower than exhaustive search only over a subset of secret keys which is just a fraction (up to 5%) of all possible secret keys, the cryptanalysis proposed in this paper provides significantly lower complexity than exhaustive search for any secret key. The proposed approach for cryptanalysis primarily depends on the order of normality of the employed Boolean function in Grain-128. Accordingly, in addition to the security evaluation insights of Grain-128, the results of this paper are also an evidence of the cryptographic significance of the normality criteria of Boolean functions.     

Generic Groups,Collision Resistance,and ECDSA

Proved here is the sufficiency of certain conditions to ensure the Elliptic Curve Digital Signature Algorithm (ECDSA) existentially unforgeable by adaptive chosen-message attacks. The sufficient conditions include (i) a uniformity property and collision-resistance for the underlying hash function, (ii) pseudorandomness in the private key space for the ephemeral private key generator, (iii) generic treatment of the underlying group, and (iv) a further condition on how the ephemeral public keys are mapped into the private key space. For completeness, a brief survey of necessary security conditions is also given. Some of the necessary conditions are weaker than the corresponding sufficient conditions used in the security proofs here, but others are identical. Despite the similarity between DSA and ECDSA, the main result is not appropriate for DSA, because the fourth condition above seems to fail for DSA. (The corresponding necessary condition is plausible for DSA, but is not proved here nor is the security of DSA proved assuming this weaker condition.) Brickell et al. [Vol. 1751 of Lecture Notes in computer Science, pp. 276--292], Jakobsson et al. [Vol. 1976 of Lecture Notes in computer Science, pp. 73--89] and Pointcheval et al. [Vol. 13 of Journal of Cryptology, pp. 361--396] only consider signature schemes that include the ephemeral public key in the hash input, which ECDSA does not do, and moreover, assume a condition on the hash function stronger than the first condition above. This work seems to be the first advance in the provable security of ECDSA.AMS classification: 94A60Supported in part by a National Science and Engineering Research Council of Canada Industrial Research Fellowship.     

Signcryption schemes with threshold unsigncryption,and applications

The goal of a signcryption scheme is to achieve the same functionalities as encryption and signature together, but in a more efficient way than encrypting and signing separately. To increase security and reliability in some applications, the unsigncryption phase can be distributed among a group of users, through a (t, n)-threshold process. In this work we consider this task of threshold unsigncryption, which has received very few attention from the cryptographic literature up to now (maybe surprisingly, due to its potential applications). First we describe in detail the security requirements that a scheme for such a task should satisfy: existential unforgeability and indistinguishability, under insider chosen message/ciphertext attacks, in a multi-user setting. Then we show that generic constructions of signcryption schemes (by combining encryption and signature schemes) do not offer this level of security in the scenario of threshold unsigncryption. For this reason, we propose two new protocols for threshold unsigncryption, which we prove to be secure, one in the random oracle model and one in the standard model. The two proposed schemes enjoy an additional property that can be very useful. Namely, the unsigncryption protocol can be divided in two phases: a first one where the authenticity of the ciphertext is verified, maybe by a single party; and a second one where the ciphertext is decrypted by a subset of t receivers, without using the identity of the sender. As a consequence, the schemes can be used in applications requiring some level of anonymity, such as electronic auctions.     

When are all group codes of a noncommutative group Abelian (a computational approach)?

Let G be a finite group and F be a field. Any linear code over F that is permutation equivalent to some code defined by an ideal of the group ring FG will be called a G-code. The theory of these ??abstract?? group codes was developed in 2009. A code is called Abelian if it is an A-code for some Abelian group A. Some conditions were given that all G-codes for some group G are Abelian but no examples of non-Abelian group codes were known at that time. We use a computer algebra system GAP to show that all G-codes over any field are Abelian if |G|?<?128 and |G| ? {24, 48, 54, 60, 64, 72, 96, 108, 120}, but for F?=? $ {\mathbb{F}_5} $ and G?=?S₄ there exist non-Abelian G-codes over F. It is also shown that the existence of left non-Abelian group codes for a given group depends in general on the field of coefficients, while for (two-sided) group codes the corresponding question remains open.     

Complexity in close binary evolution

The complex nature of close binary evolution is briefly reviewed. Population synthesis calculations of zero‐age cataclysmic variable stars (ZACVs) are presented using a common envelope (CE) efficiency parameter, α_CE, that is a function of the core mass of the primary. Specifically, we investigate the possibility that α_CE is different for CE evolution involving red giant branch (RGB) primaries than for asymptotic giant branch (AGB) primaries. We calculate a sequence of model orbital period distributions in present‐day ZACVs for 11 different combinations of efficiency parameters (α_RGB, α_AGB). We find that if CE evolution is much less efficient for RGB primaries than for AGB primaries (α_RGB ～ 0.1 or less), the number of CVs that form below 2 h is significantly decreased compared with standard constant α_CE models. © 2008 Wiley Periodicals, Inc. Complexity, 2008.     

Some observations on HC-128

In this paper, we study HC-128 in detail from cryptanalytic point of view. First, we use linear approximation of the addition modulo 2 ⁿ of three n-bit integers to identify linear approximations of g ₁, g ₂, the feedback functions of HC-128. This, in turn, shows that the process of keystream output generation of HC-128 can be well approximated by linear functions. In this direction, we show that the ??least significant bit?? based distinguisher (presented by the designer himself) of HC-128 works for the complete 32-bit word. Using the above linear approximations of g ₁, g ₂, we present a new distinguisher for HC-128 which is slightly weaker than Wu??s distinguisher. Finally, in the line of Dunkelman??s observation, we also study how HC-128 keystream words leak secret state information of the cipher due to the properties of the functions h ₁, h ₂ and present improved results.     

Comments on ID-based multi-signature with distinguished signing authorities

A multi-signature scheme with distinguished signing authorities is a multi-signature scheme where the signed document is divided into several parts and each signer signs only on the part which he is responsible for. This article shows the security weakness of Wu–Hsu’s ID-based multi-signature scheme with distinguished signing authorities.     

Analysis and improvement of a chaos-based Hash function construction

The construction of a new Hash function attracts much attention recently. In Kwok and Tang (2005) [Kwok HS, Tang WKS. A chaos-based cryptographic Hash function for message authentication. Int J Bifurcat Chaos 2005;15:4043–50], a chaos-based Hash function has been proposed. In this paper, the potential flaws in the original algorithm are analyzed in detail, and then the corresponding improving measures are proposed. We enhance the influence that each bit of the final Hash value is closely related to all the bits of the message or key and a single bit change in message or key results in great changes in the final Hash value. Simulation results show that the proposed improving algorithm has strong diffusion and confusion capability, good collision resistance, extreme sensitivity to message and secret key.     

Development of effective algorithms for detecting breakdowns in models of systems

For a linear dynamic system with undetermined parameters we discuss the construction of algorithms and programs to exhibit breakdown criteria for breakdowns using Kalman filtering and sequential statistical analysis. Translated fromAlgoritmy Upravleniya i Identifikatsii, pp. 118–128, 1997.     

Weak Keys in MST 1

The public key cryptosystem MST₁ has been introduced by Magliveras et al. [12] (Public Key Cryptosystems from Group Factorizations. Jatra Mountain Mathematical Publications). Its security relies on the hardness of factoring with respect to wild logarithmic signatures. To identify ‘wild-like’ logarithmic signatures, the criterion of being totally-non-transversal has been proposed. We present tame totally-non-transversal logarithmic signatures for the alternating and symmetric groups of degree ≥ 5. Hence, basing a key generation procedure on the assumption that totally-non-transversal logarithmic signatures are ‘wild like’ seems critical. We also discuss the problem of recognizing ‘weak’ totally-non-transversal logarithmic signatures, and demonstrate that another proposed key generation procedure based on permutably transversal logarithmic signatures may produce weak keys. Communicated by: P. Wild     

Unconditionally secure key assignment schemes

In this paper we propose an information-theoretic approach to the access control problem in a scenario where a group of users is divided into a number of disjoint classes. The set of rules that specify the information flow between different user classes in the system defines an access control policy. An access control policy can be implemented by using a key assignment scheme, where a trusted central authority (CA) assigns an encryption key and some private information to each class.We consider key assignment schemes where the key assigned to each class is unconditionally secure with respect to an adversary controlling a coalition of classes of a limited size. Our schemes are characterized by a security parameter r, the size of the adversary coalition. We show lower bounds on the size of the private information that each class has to store and on the amount of randomness needed by the CA to set up any key assignment scheme. Finally, we propose some optimal constructions for unconditionally secure key assignment schemes.     

Group signature schemes with forward secure properties

A group signature scheme allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signature can be revealed by a designated entity. We introduce a forward secure schemes into group signature schemes. When the group public key remains fixed, a group signing key evolves over time. Because the signing key of a group member is evolving at time, the possibility of the signing key being exposed is decreased. We propose a forward secure group signature scheme based on Ateniese and Camenisch et al.’s group signature scheme. The security is analyzed and the comparisons between our scheme with other group signature schemes are made.     

Spherical level-crossing measures for chi-square random fields

Spherical measures of exceeding a low level are considered for strongly dependent chi-square fields. The limit distributions are sums of multiple stochastic integrals.Kiev University. Translated from Vychislitel'naya i Prikladnaya Matematika, No. 68, pp. 118–128, 1989.     

Instrument effects and stochastic dominance

This paper investigates how individual choice is affected by increases in risk when the choice variable (instrument) affects the distribution of the random variable as well as the objective function. The effect of increased risk on optimal choice is shown to depend on attitudes towards risk and the interaction between exogenous uncertainty and the instrument. The latter is described in terms of an extension of the notion of stochastic dominance to a comparison of changes in probability distributions (signed measures) rather than the direct comparison of distributions (probability measures). Sufficiency conditions for signing comparative statistics exercises are presented and applied to an insurance example involving moral hazard.     

Identity-based non-interactive key distribution with forward security

Identity-based non-interactive key distribution (ID-NIKD) is a cryptographic primitive that enables two users to establish a common secret key without exchanging messages. All users of the system have access to public system parameters and a private key, obtained through the help of a trusted key generation center. In this contribution, we discuss how to capture an intuitive form of forward security for ID-NIKD schemes in a security model. Building on results of Sakai et?al. as well as of Paterson and Srinivasan, we discuss how the proposed notion of forward security can be achieved in the random oracle model, using a Bilinear Diffie-Hellman assumption in combination with a forward-secure pseudorandom bit generator. We also show how a forward-secure ID-NIKD scheme can be used to realize forward-secure identity-based encryption.     

A new cryptosystem based on chaotic map and operations algebraic

Based on the study of some existing chaotic encryption algorithms, a new block cipher is proposed. The proposed cipher encrypts 128-bit plaintext to 128-bit ciphertext blocks, using a 128-bit key K and the initial value x₀ and the control parameter mu of logistic map. It consists of an initial permutation and eight computationally identical rounds followed by an output transformation. Round r uses a 128-bit roundkey K^(r) to transform a 128-bit input C^(r-1), which is fed to the next round. The output after round 8 enters the output transformation to produce the final ciphertext. All roundkeys are derived from K and a 128-bit random binary sequence generated from a chaotic map. Analysis shows that the proposed block cipher does not suffer from the flaws of pure chaotic cryptosystems and possesses high security.     

Rank and regularity for averages over submanifolds

This paper establishes endpoint Lp-Lq and Sobolev mapping properties of Radon-like operators which satisfy a homogeneity condition (similar to semiquasihomogeneity) and a condition on the rank of a matrix related to rotational curvature. For highly degenerate operators, the rank condition is generically satisfied for algebraic reasons, similar to an observation of Greenleaf, Pramanik and Tang [A. Greenleaf, M. Pramanik, W. Tang, Oscillatory integral operators with homogeneous polynomial phases in several variables, J. Funct. Anal. 244 (2) (2007) 444-487] concerning oscillatory integral operators.     

A note on Tang and He’s paper

In this paper, we establish new Lyapunov-type inequalities for two classes of one-dimensional quasilinear elliptic systems of resonant type, which improve the recent results of Tang and He [X.H. Tang, X. He, Lower bounds for generalized eigenvalues of the quasilinear systems, J. Math. Anal. Appl. 385 (2012) 72-85] when 1 < p_i < 2 for i = 1, 2, … , n.     

Improved lower bounds on sizes of single-error correcting codes

A construction of codes of length n = q + 1 and minimum Hamming distance 3 over is given. Substitution of the derived codes into a concatenation construction yields nonlinear binary single-error correcting codes with better than known parameters. In particular, new binary single-error correcting codes having more codewords than the best previously known in the range n ≤ 512 are obtained for the lengths 64–66, 128–133, 256–262, and 512.