The scheme introduced by Hwang and Liu in 2008 is shown to be insecure against the key re- placement attack. A more practical attack model is introduced, and according to this model, an efficient cer- tificateless encryption scheme is presented which is IND-CCA secure against both Type I and Type II at- tackers without random oracle. This encryption scheme can defend against the malicious key generation center attack, and can reach Girault's trusted level 3 as in traditional public key infrastructure-based cryp- tography. This certificateless encryption scheme has a shorter public key than other schemes in the stan- dard model.
ARIA is a new block cipher designed as the block cipher standard of South Korea. The current version is 1.0, which is an improvement of version 0.8 with the security using four kinds of S-boxes instead of two and an additional two rounds of encryptions. These improvements are designed to prevent the dedicated linear attack on ARIA version 0.8 by the four different kinds of S-boxes. This paper presents 12 linear approximations of a single round function that succeeds in attacking ARIA version 1.0 on 7, 9, or 9 rounds for key sizes of 128, 192, or 256 bits using any of these approximations. The corresponding data complexities are 2^87, 2^119, and 2^119, the counting complexities are 1.5×2^88, 2^119, and 2^119, the memory required for each attack on all three key versions is 2^64 bits and there are 12 weak key classes. These results are similar to the dedicated linear attack on ARIA version 0.8 and show that the improved version can also not effectively resist this type of attack.
This paper shows that the protocol presented by Goyal et al. can be further simplified for a one-way function, with the simplified protocol being more practical for the decisional Diffie-Hellman assumption. Goyal et al. provided a general transformation from any honest verifier statistical zero-knowledge argument to a concurrent statistical zero-knowledge argument. Their transformation relies only on the existence of one-way functions. For the simplified transformation, the witness indistinguishable proof of knowledge protocols in "parallel" not only plays the role of preamble but also removes some computational zero-knowledge proofs, which Goyal et al. used to prove the existence of the valid openings to the commitments. Therefore, although some computational zero-knowledge proofs are replaced with a weaker notion, the witness indistinguishable protocol, the proof of soundness can still go through.
ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introduce a method to search for them, and then apply a fast correlation attack to break ABC v3 with weak keys. We show that there are at least 2^103.71 new weak keys in ABC v3. Recovering the internal state of a weak key requires 236.05 keystream words and 2^50.56 operations. The attack can be applied to ABC vl and v2 with the same complexity as that of ABC v3. However, the number of weak keys of ABC vl as well as ABC v2 decreases to 2^97 + 20^95.19,It reveals that ABC v3 incurs more weak keys than that of ABC vl and v2.
