Key Generation Algorithm Research Articles

Adaptively Secure KP-ABE For Circuits With Fan-In n And Fan-Out 1

Abstract The attribute-based encryption (ABE) scheme is suitable for access control of ciphertext in cloud computing. Kowalczyk and Wee proposed an adaptively secure attribute encryption scheme that supports $NC^1$ circuits. However, the circuit depth increases because this scheme supports only circuits with fan-in 2, which increases the key length and computational complexity of the key generation and decryption algorithms. To improve efficiency, we designed a secret sharing scheme for circuits with fan-in $n$, and we proposed a key-policy ABE scheme that supports circuits with fan-in $n$. We also designed pebbling rules for secret sharing in circuits with fan-in $n$, improving the compactness of the security reduction. Finally, we proved the adaptive security of the scheme by using a piecewise guessing framework and dual-system encryption. Compared with existing schemes, our scheme reduces the key size, improves the efficiency of the key generation algorithm and the decryption algorithm and provides tighter security reduction.

Modifikasi Tanda Tangan Digital Pada Skema Esign Berbasis Kurva Eliptik

Digital signature has an important role in the digital era, where more and more people are joining the paperless life. Many cryptographic researchers support digital development by creating cryptographic schemes that are safe to use, and one of them is digital signature. This paper proposes a digital signature scheme based on an elliptic curve defined over with , where and are private keys of prime number elements. This scheme utilizes the advantages of elliptic curve cryptography in terms of security by using points that satisfy the elliptic curve equation. Additionally, the shorter key size increases the speed, making this scheme faster in signature values generation and verification process.This research was conducted to determine the differences between the modified ESIGN scheme based on elliptic curve and the original ESIGN scheme. The process of finding the point on the ring , with a large , resulted in a more complex key generation algorithm. However, the selection of two points in this key generation is precomputed. This means the actual signature value generation algorithm took significantly less time than the original. This is one of the advantages of the proposed scheme.

Fast Generation of RSA Keys Using Smooth Integers

Primality generation is the cornerstone of several essential cryptographic systems. The problem has been a subject of deep investigations, but there is still a substantial room for improvements. Typically, the algorithms used have two parts trial divisions aimed at eliminating numbers with small prime factors and primality tests based on an easy-to-compute statement that is valid for primes and invalid for composites. In this paper, we will showcase a technique that will eliminate the first phase of the primality testing algorithms. The computational simulations show a reduction of the primality generation time by about 30% in the case of 1024-bit RSA key pairs. This can be particularly beneficial in the case of decentralized environments for shared RSA keys as the initial trial division part of the key generation algorithms can be avoided at no cost. This also significantly reduces the communication complexity. Another essential contribution of the paper is the introduction of a new one-way function that is computationally simpler than the existing ones used in public-key cryptography. This function can be used to create new random number generators, and it also could be potentially used for designing entirely new public-key encryption systems.

Analysis of methods and algorithms for generating key data for FALCON-like electronic signature algorithms

At present and in the future, mathematical methods, mechanisms and algorithms of standardized asymmetric cryptotransformations such as electronic signature (ES) are and will be used for information cryptographic protection. Electronic signature is the main and essential component of cybersecurity, in terms of providing quality information security services such as integrity, irresistibility and authenticity of information and data being processed. However, there are well-founded suspicions that in the post-quantum period the existing ES standards will be broken and compromised using classical and quantum cryptanalytic systems with appropriate mathematical, software and hardware-software. An analysis was performed, which confirms that quantum computers have already been developed, manufactured and used. This work is devoted to the analysis of methods and algorithms for generating key data for Falcon-like algorithms of electronic signature. Some of the basic algorithms for Falcon-shaped algorithms of electronic signature are considered, namely the algorithm of key data generation and algorithm of random polynomials f, g generation, which satisfy the Gauss distribution. The Falcon algorithm itself is the finalist of the post-quantum electronic signature contest due to the satisfactory value of the public key and signature lengths, but the key data generation algorithm uses many methods and difficult to implement. The Falcon authors use this algorithm for polynomials n=512, 1024. To increase the sixth level of cryptostability, this algorithm can be expanded for n=2048. This work is devoted to study the Falcon algorithm, taking into account its expansion for n=512, 1024, 2048 in terms of generating key data. Also, the paper considers the results of justifying the choice of a mathematical apparatus for implementing a software package for generating a key pair of a cryptographic algorithm for an electronic signature in order to create reliable electronic signatures.

Secure Token–Key Implications in an Enterprise Multi-Tenancy Environment Using BGV–EHC Hybrid Homomorphic Encryption

Authentication, authorization, and data access control are playing major roles in data security and privacy. The proposed model integrated the multi-factor authentication–authorization process with dependable and non-dependable factors and parameters based on providing security for tenants through a hybrid approach of fully homomorphic encryption methodology: the enhanced homomorphic cryptosystem (EHC) and the Brakersky–Gentry–Vaikuntanathan (BGV) scheme. This research was composed of four major elements: the fully homomorphic encryption blended schemes, EHC and BGV; secure token and key implications based on dependable and don-dependable factors; an algorithm for generating the tokens and the suitable keys, depending on the user’s role; and the execution of experimental test cases by using the EHC algorithm for key and token generation, based on dependable and non-dependable parameters and time periods. The proposed approach was tested with 152 end-users by integrating six multi-tenants, five head tenants, and two enterprise levels; and achieved a 92 percent success rate. The research integrated 32-bit plain text in the proposed hybrid approach by taking into consideration the encryption time, decryption time, and key generation time of data transmission via cloud servers. The proposed blended model was efficient in preventing data from ciphertext attacks and achieved a high success rate for transmitting data between the multi-tenants, based on the user-role-user type of enterprise cloud servers.

Algorithm substitution attacks against receivers

This work describes a class of Algorithm Substitution Attack (ASA) generically targeting the receiver of a communication between two parties. Our work provides a unified framework that applies to any scheme where a secret key is held by the receiver; in particular, message authentication schemes (MACs), authenticated encryption (AEAD) and public key encryption (PKE). Our unified framework brings together prior work targeting MAC schemes (FSE’19) and AEAD schemes (IMACC’19); we extend prior work by showing that public key encryption may also be targeted. ASAs were initially introduced by Bellare, Paterson and Rogaway in light of revelations concerning mass surveillance, as a novel attack class against the confidentiality of encryption schemes. Such an attack replaces one or more of the regular scheme algorithms with a subverted version that aims to reveal information to an adversary (engaged in mass surveillance), while remaining undetected by users. Previous work looking at ASAs against encryption schemes can be divided into two groups. ASAs against PKE schemes target key generation by creating subverted public keys that allow an adversary to recover the secret key. ASAs against symmetric encryption target the encryption algorithm and leak information through a subliminal channel in the ciphertexts. We present a new class of attack that targets the decryption algorithm of an encryption scheme for symmetric encryption and public key encryption, or the verification algorithm for an authentication scheme. We present a generic framework for subverting a cryptographic scheme between a sender and receiver, and show how a decryption oracle allows a subverter to create a subliminal channel which can be used to leak secret keys. We then show that the generic framework can be applied to authenticated encryption with associated data, message authentication schemes, public key encryption and KEM/DEM constructions. We consider practical considerations and specific conditions that apply for particular schemes, strengthening the generic approach. Furthermore, we show how the hybrid subversion of key generation and decryption algorithms can be used to amplify the effectiveness of our decryption attack. We argue that this attack represents an attractive opportunity for a mass surveillance adversary. Our work serves to refine the ASA model and contributes to a series of papers that raises awareness and understanding about what is possible with ASAs.

Security Model for Randomization-based Protected Caches

Cache side-channel attacks allow adversaries to learn sensitive information about co-running processes by using only access latency measures and cache contention.This vulnerability has been shown to lead to several microarchitectural attacks. As a promising solution, recent work proposes Randomization-based Protected Caches (RPCs). RPCs randomize cache addresses, changing keys periodically so as to avoid long-term leakage. Unfortunately, recent attacks have called the security of state-of-the-art RPCs into question.In this work, we tackle the problem of formally defining and analyzing the security properties of RPCs. We first give security definitions against access-based cache sidechannel attacks that capture security against known attacks such as Prime+Probe and Evict+Probe. Then, using these definitions, we obtain results that allow to guarantee security by adequately choosing the rekeying period, the key generation algorithm and the cache randomizer, thus providing security proofs for RPCs under certain assumptions.

Data privacy and data protection security algorithms for big data in cloud

Data security is the primary concern in the world, while storing large and confidential data in the cloud. Cloud Computing is a powerful internet-oriented technology which gives demand-based services to the users. But security is the major problem here when we use cloud computing networks. So, using secured cryptography algorithms only will protect data from attackers and gives security to the big data in cloud. It is mainly used for transmission of data in secured format. This paper proposed new enhanced hybrid security algorithm to give better security for Big Data in cloud. They are Hybrid Matrix hash key generation algorithm (HMHA) and Anonymous Multi-Fusion Shuffling Algorithm (AMSA).

New Key Generation and Encryption Algorithms for Privacy Preservation in Mobile Ad Hoc Networks

Mobile Ad Hoc Networks (MANETs) get widespread applications along with the evolving technologies. However, MANETs are at risk due to the shortage of security mechanisms. In this paper, we propose new algorithms for key generation and encryption for privacy preservation in MANETs. Our key generation algorithm modified Fibonacci sequence by adding scrambling factors to generate random key sequences with required length but incurred low computational overhead, whereas the encryption/decryption algorithm utilizes the One Time Pad (OTP) system by adding scrambling factors for data confidentiality which satisfies the randomness, diffusion, and confusion tests. Simulation of the proposed algorithms was conducted using Matlab and NS-2. Experiment results showed that the proposed algorithms produced random key sequences and random Ciphertexts. Through several tests i.e. speed, correlation and autocorrelation, diffusion, and confusion tests, the simulation result showed the superiority of our algorithms over the other algorithms. For the proof of concept, the proposed algorithms have been simulated in the network simulator, where the result showed that along with the increase of the number of nodes, the throughput of the network increased, while the delay is relatively constant around 6000 ms for 20 up to 70 nodes.

A Ring Learning with Errors-Based Ciphertext-Policy Attribute-Based Proxy Re-Encryption Scheme for Secure Big Data Sharing in Cloud Environment.

Owing to the huge volume of big data, users generally use the cloud to store big data. However, because the data are out of the control of users, sensitive data need to be protected. The ciphertext-policy attribute-based encryption scheme can not only effectively control the access of big data, but also decrypt the ciphertext as long as the user's attributes satisfy the access structure of ciphertext, so as to realize one to many big data sharing. When the user's attributes do not satisfy the access structure of ciphertext, the attribute-based proxy re-encryption scheme can be used for big data sharing. The ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) scheme combines the characteristics of the ciphertext-policy attribute-based encryption scheme and proxy re-encryption scheme. In a CP-ABPRE scheme, on the one hand, the data owner can use the ciphertext-policy attribute-based encryption scheme to encrypt the big data for cloud storage, to realize the access control of the big data. On the other hand, the proxy (cloud service provider) can convert ciphertext under one access structure into ciphertext under another access structure, thus realizing big data sharing between users of different attribute sets. In this article, we modify the existing attribute-based encryption scheme based on Ring Learning With Errors (RLWE), add re-encryption key generation algorithm, re-encryption ciphertext generation algorithm, and re-encryption ciphertext decryption algorithm, and construct CP-ABPRE scheme. In the construction of the re-encryption key, we introduce a random vector and hide the vector in the key by threshold technology. Finally, a CP-ABPRE scheme supporting threshold access structure is constructed based on RLWE. Compared with the existing attribute-based proxy re-encryption schemes, our scheme has smaller public parameters, can encrypt multiple plaintext bits at a time, and can resist selective access structure and chosen plaintext attack, so it is more suitable for big data sharing in cloud environment.

Helper Data Masking for Physically Unclonable Function-Based Key Generation Algorithms

Key exchange protocols are a crucial part of the internet-based communication between connected devices in IoT. In this regard, Physically Unclonable Function (PUF) has been an enabler to provide intrinsic highly randomized source for key generation without requiring extra storage components. PUF however, is an unstable source. In that sense, Fuzzy Extractor (FE) methods with Error Correction Code (ECC) are used to ensure reliability of the key value. FE methods incorporate publicly available helper data to recreate an originally enrolled encryption key from the PUF in mission mode. It is crucial to ensure that the publicly available helper data leaks no valuable information from the source key value to allow untrusted parties to recreate the key. Here the adversary’s work is to modify the helper data to decrease the entropy of the recovered codes by the ECC, and push the communicating parties in generating the key that is known to the adversary as well. In this work, we propose to protect helper data via a PUF-based masking mechanism with variable positioning. Masking with variable positioning adds a new fold of complexity for the adversary which is capable to considerably increase the guessing entropy. Our experimental results show that for 256-bit helper data, a 16-bit mask value can increase the guessing entropy by 5 folds against a Reed Muller majority logic vote decoder. Moreover, we show that an increased number of masking such as 4 times a 16-bit masking, can increase the guessing entropy against the same Reed Muller decoding function by 20 folds.

Fed-DFE: A Decentralized Function Encryption-Based Privacy-Preserving Scheme for Federated Learning

Federated learning is a distributed learning framework which trains global models by passing model parameters instead of raw data. However, the training mechanism for passing model parameters is still threatened by gradient inversion, inference attacks, etc. With a lightweight encryption overhead, function encryption is a viable secure aggregation technique in federation learning, which is often used in combination with differential privacy. The function encryption in federal learning still has the following problems: a) Traditional function encryption usually requires a trust third party (TTP) to assign the keys. If a TTP colludes with a server, the security aggregation mechanism can be compromised. b) When using differential privacy in combination with function encryption, the evaluation metrics of incentive mechanisms in the traditional federal learning become invisible. In this paper, we propose a hybrid privacy-preserving scheme for federated learning, called Fed-DFE. Specifically, we present a decentralized multi-client function encryption algorithm. It replaces the TTP in traditional function encryption with an interactive key generation algorithm, avoiding the problem of collusion. Then, an embedded incentive mechanism is designed for function encryption. It models the real parameters in federated learning and finds a balance between privacy preservation and model accuracy. Subsequently, we implemented a prototype of Fed-DFE and evaluated the performance of decentralized function encryption algorithm. The experimental results demonstrate the effectiveness and efficiency of our scheme.

A novel DICOM image encryption with JSMP map

Recent times have seen a massive rise in the transmission and storage of DICOM images. This work proposes a cryptosystem with the sturdy JSMP map, for the pixel data of the DICOM file. The proposed system is designed to work in the bit plane level for high resilience. To achieve an effective cryptosystem, the number of bit planes generated depends on the bits stored attribute and not on the conventional method of bits allocated of each pixel. Only the MSB bit planes that contribute more to the details of the image are shuffled with the JSMP chaotic keys. Then the shuffled image is reconstructed by combining all the MSB and LSB bit planes. Finally, a robust cipher image is generated by diffusing the reconstructed image with a random image generated with JSMP map. The novelty and uniqueness of the system lie in its capability of encrypting DICOM images with any pixel depth. The distinctive feature of this system is the unique key generation algorithm and the variable number of keys, which contributes to high sensitivity and entropy. Performance measures of the encrypted image illustrate the robustness of the cryptosystem in the health information system.

Modified device key generation algorithm and A* algorithm to optimize the security measures based on trust value in device-to-device communications

Security plays a vital role in communication networks. Since the nodes are mobile in mobile ad hoc networks (MANET), they are vulnerable to different types of attacks. Because of its mobility nature, any node can enter the network at any time based on the coverage of the network. No centralized mechanism is found to verify or authenticate the nodes that are arriving/leaving the network. An algorithm is proposed for secure communication between source and destination based on the QoS parameters is called modified device key generation algorithm (MDKGA). This algorithm elects an agent node based on the QoS parameters. Agent node is responsible for secure key generation and distribution of keys among the nodes. The neighboring node selection is based on trust value which acts as a heuristic function to select the node using A* algorithm. Various performance metrics are also analyzed. Comparison study has been carried out between the protocols of MANET.

Security Challenges for Light Emitting Systems

Although visible light communication (VLC) channels are more secure than radio frequency channels, the broadcast nature of VLC links renders them open to eavesdropping. As a result, VLC networks must provide security in order to safeguard the user’s data from eavesdroppers. In the literature, keyless security techniques have been developed to offer security for VLC. Even though these techniques provide strong security against eavesdroppers, they are difficult to deploy. Key generation algorithms are critical for securing wireless connections. Nonetheless, in many situations, the typical key generation methods may be quite complicated and costly. They consume scarce resources, such as bandwidth. In this paper, we propose a novel key extraction procedure that uses error-correcting coding and one time pad (OTP) to improve the security of VLC networks and the validity of data. This system will not have any interference problems with other devices. We also explain error correction while sending a message across a network, and suggest a change to the Berlekamp–Massey (BM) algorithm for error identification and assessment. Because each OOK signal frame is encrypted by a different key, the proposed protocol provides high physical layer security; it allows for key extraction based on the messages sent, so an intruder can never break the encryption system, even if the latter knows the protocol with which we encrypted the message; our protocol also enables for error transmission rate correction and bit mismatch rates with on-the-fly key fetch. The results presented in this paper were performed using MATLAB.

Modifying Advanced Encryption Standard (AES) Algorithm

This paper presents modifications on AES algorithm to improve the security of Standard AES, the improving has been done by three modifications. The first modification use key-dependent dynamic S-box (10 S-box) instead of static S-box (1 S-box), that used by Standard AES in order to improve "confusion" properties represented by Byte Substitution layer. The second modification use key-dependent variable values for shifting "state-matrix" rows process instead of fixed values that used by Standard AES in order to improve "diffusion" properties represented by ShiftRows layer. The third modification is by using two keys instead of one key that used by Standard AES, both of them used for encryption and decryption process instead of one key that used by Standard AES in order to improve the general structure and key generation algorithm of AES. The Modified AES tested and evaluated by five scales (Basic Five Statistical Tests, NIST Tests Suite, Encryption Run Time, Brute-Force Attack and Cryptanalytic Attack) to prove the functionality of modifying.

A Framework for Secure Data Acquisition In VANET

Abstract: Recent advances in software, hardware communication technologies are enabling the design and implementation of whole range of different type of network that are various environments. Vehicular Ad-Hoc network is received a lot of interest in the couple years in the one of the networks. A Vehicular Ad-Hoc Network or VANET is a technology that uses moving cars as nodes in a network to create a mobile network. In VANET improving the driving comfort and safety information message are broadcasted regularly. VANET turns every participating car approximately 100 to 300 meters to connect and turn create network with a wide range. In enable vehicle to communicate which other with roadside units (RSUs). Vehicular network are special types of VANET that supported infrastructure based real time traffic management, including internet access, video streaming and content distribution. Privacy - preserving data Acquisition and forwarding scheme by introducing the novel cryptographic algorithm for key generation and powerful encryption. This paper introduces system that takes Advantages of the RSUs that are the connected to the internet provide various types of information to VANET users. Keywords: VANET, RSU, Ad-Hoc Network, URE, ITS

LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding

We propose the new rank-metric code-based cryptosystem LIGA which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. LIGA is an improved variant of the Faure–Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail—hence LIGA resists the GOT attack. We also prove that the public-key encryption version of LIGA is IND-CPA secure in the standard model and the key encapsulation mechanisms version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of LIGA are short ciphertext sizes and (relatively) small key sizes. Further, LIGA guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.

Analysis of Key Generation Methods for Enable Secured Communication in the IoTs System

The open stack communication protocol of the internet of things always in security threats. The vulnerability of protocol faces a problem of man in middle attacks and loss of integrity of communication. Cryptography plays a vital role in security authentication on IoT based enable communication system. IoT devices' limited resource constraints cannot offer any security mechanism on the physical level and network level. The key generation methods uplift the security provision in IoT enables communication model. The process of key generation applied three types of cryptography algorithm, symmetric, asymmetric and hybrid algorithm. The complexity of key generation methods needs more computational time and memory; this is the limitation of IoT devices. So various authors proposed a lightweight key generation algorithm for security and authentication. This paper analyzed the performance of key generation methods based on different cryptography approaches and measured their security strength. For the analysis process, use MATLAB software and sample text data file for the communication of two parties. Some ADHOC methods apply to measure protocol weakness during the communication network compromised with a man in the middle attack. The variable key size also reflects the security strength of IoTs enable devices.

Privacy-preserving hierarchical deterministic key generation based on a lattice of rings in public blockchain

Blockchain has revolutionized numerous fields, which include financial services, health care, the Internet of things, academia and supply chain management. Blockchain technology enables us to have an immutable, distributed ledger for managing the transactions of untrusted users. However, the technology has many open challenges, such as privacy leaks, scalability, and energy consumption. User identity can be easily tracked using network analysis, as transactions are accessible to everyone, which is a serious concern of blockchain. In this paper, we propose a new efficient, privacy-preserving, and quantum-resistant key generation algorithm, namely, lattice-based hierarchical deterministic key generation (LB-HDKG), for maintaining user privacy in the public blockchain. The LB-HDKG scheme generates many cryptographic keys in a tree-like structure from a single seed to hide the links between transactions of the same user. Our proposal uses the lattice NTRU cryptosystem, the security of which relies on the shortest vector problem (SVP) and closest vector problem (CVP) over the polynomial ring. Operations on the lattice NTRU cryptosystem are efficient and secure against classical computers and quantum computers. Security and performance analyses of our scheme show that the model is more secure and efficient and should replace current models to safeguard data from quantum computers.