The security of international date encryption algorithm (IDEA(16)), a mini IDEA cipher, against differential cryptanalysis is investigated. The results show that [DEA(16) is secure against differential cryptanalysis attack after 5 rounds while IDEA(8) needs 7 rounds for the same level of security. The transition matrix for IDEA(16) and its eigenvalue of second largest magnitude are computed. The storage method for the transition matrix has been optimized to speed up file I/O. The emphasis of the work lies in finding out an effective way of computing the eigenvalue of the matrix. To lower time complexity, three mature algorithms in finding eigenvalues are compared from one another and subspace iteration algorithm is employed to compute the eigenvalue of second largest module, with a precision of 0.001.
Leakage of the private key has become a serious problem of menacing the cryptosystem security. To reduce the underlying danger induced by private key leakage, Dodis et al.(2003) proposed the first key-insulated signature scheme. To handle issues concerning the private key leakage in certificateless signature schemes, we devise the first certificateless key-insulated signature scheme. Our scheme applies the key-insulated mechanism to certificateless cryptography, one with neither certificate nor key escrow. We incorporate Waters (2005)’s signature scheme, Paterson and Schuldt (2006)’s identity-based signature scheme, and Liu et al.(2007)’s certificateless signature scheme to obtain a certificateless key-insulated signature scheme. Our scheme has two desirable properties. First, its security can be proved under the non-pairing-based generalized bilinear Diffie-Hellman (NGBDH) conjecture, without utilizing the random oracle model; second, it solves the key escrow problem in identity-based key-insulated signatures.
Zhong-mei WANXue-jia LAIJian WENGSheng-li LIUYu LONGXuan HONG
To describe the design approaches of IND-CCA2 (adaptive chosen ciphertext attack) secure public key encryption schemes systematically, the gaps between different kinds of intractable problems and IND-CCA2 security are studied. This paper points out that the construction of IND-CCA2 secure schemes is essentially to bridge these gaps. These gaps are categorized, analyzed and measured. Finally the methods to bridge these gaps are described. This explains the existing design approaches and gives an intuition about the difficulty of designing IND-CCA2 secure public key encryption schemes based on different types of assumptions.
Multivariate hash functions are a type of hash functions whose compression function is explicitly defined as a sequence of multivariate equations. Billet et al designed the hash function MQ-HASH and Ding et al proposed a similar construction. In this paper, we analyze the security of multivariate hash functions and conclude that low degree multivariate functions such as MQ-HASH are neither pseudo-random nor unpredictable. There may be trivial collisions and fixed point attacks if the parameters of the compression function have been chosen. And they are also not computation-resistance, which makes MAC forgery easily.
In proxy signature schemes, an original signer A delegates its signing capability to a proxy signer B, in such a way that B can sign message on behalf of A.The recipient of the final message verifies at the same time that B computes the signature and that A has delegated its signing capability to B.Recently many identity-based(ID-based) proxy signature schemes have been proposed, however, the problem of key escrow is inherent in this setting.Certificateless cryptography can overcome the key escrow problem.In this paper, we present a general security model for certificateless proxy signature scheme.Then, we give a method to construct a secure certificateless proxy scheme from a secure certificateless signature scheme, and prove that the security of the construction can be reduced to the security of the original certificateless signature scheme.
A highly practical parallel signcrypUon scheme named PLSC from trapdoor permutations (TDPs for short) was built to perform long messages directly. The new scheme follows the Idea "scramble all, and encrypt small", using some scrambling operation on message m along with the user's Identities, and then passing, In paraliel, small parts of the scrambling result through corresponding TOPs. This design enables the scheme to flexibly perform long messages of arbitrary length while avoid repeatedly invoking TDP operations such as the CBC mode, or verbosely black-box composing symmetric encryption and slgncryption, resulting in noticeable practical sevlngs in both message bandwidth and efficiency. Concretely, the signcryptlon scheme requires exactly one computation of the "receiver's TDP" (for "encryptlon") and one Inverse computation of the "sender's TDP" (for "authentication"), which Is of great practical significance in directly performing long messages, since the major bottleneck for many public encryptlon schemes is the excessive computational overhead of performing TDP operations. Cutting out the verbosely repeated padding, the newly proposed scheme Is more efficient than a black-box hybrid scheme. Most importantly, the proposed scheme has been proven to be tightly semanUcaiiy secure under adaptive chosen clphertext attacks (iND-CCA2) and to provide integrity of clphertext (INT-CTXT) as well as non-repudiation in the random oracle model. All of these security guarantees are provided in the full multi-user, insider-security setting. Moreover, though the scheme is designed to perform long messages, it may also be appropriate for settings where It is Impractical to perform large block of messages (i.e. extremely low memory environments such as smart cards).
