Multi-key Security Research Articles

Pocket Diagnosis: Secure Federated Learning Against Poisoning Attack in the Cloud

Federated learning has become prevalent in medical diagnosis due to its effectiveness in training a federated model among multiple health institutions (i.e., Data Islands (DIs)). However, increasingly massive DI-level poisoning attacks have shed light on a vulnerability in federated learning, which inject poisoned data into certain DIs to corrupt the availability of the federated model. Previous works on federated learning have been inadequate in ensuring the privacy of DIs and the availability of the final federated model. In this article, we design a secure federated learning mechanism with multiple keys to prevent DI-level poisoning attacks for medical diagnosis, called <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">SFAP</small> . Concretely, <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">SFAP</small> provides privacy-preserving random forest-based federated learning by using the multi-key secure computation, which guarantees the confidentiality of DI-related information. Meanwhile, a secure defense strategy over encrypted locally-submitted models is proposed to resist DI-level poisoning attacks. Finally, our formal security analysis and empirical tests on a public cloud platform demonstrate the security and efficiency of <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">SFAP</small> as well as its capability of resisting DI-level poisoning attacks.

Constructions of Beyond-Birthday Secure PRFs from Random Permutations, Revisited.

In CRYPTO 2019, Chen et al. showed how to construct pseudorandom functions (PRFs) from random permutations (RPs), and they gave one beyond-birthday secure construction from sum of Even-Mansour, namely in the single-key setting. In this paper, we improve their work by proving the multi-key security of , and further tweaking but still preserving beyond birthday bound (BBB) security. Furthermore, we use only one random permutation to construct parallelizable and succinct beyond-birthday secure PRFs in the multi-key setting, and then tweak this new construction. Moreover, with a slight modification of our constructions of tweakable PRFs, two parallelizable nonce based MACs for variable length messages are obtained.

LPPA: Lightweight Privacy-Preserving Authentication From Efficient Multi-Key Secure Outsourced Computation for Location-Based Services in VANETs

Location-based service (LBS) in vehicular ad hoc networks (VANETs) has significantly benefited information acquisition from geographically-based social networking. Authentication guarantees the unforgeability and the effectiveness of the LBS information. Unfortunately, owing to a large quantity of redundant or useless LBS messages disseminated in VANETs, the heavy authentication overhead of the existing work adopting a periodically released authentication key, filtering with message identifiers or exploiting public key (fully) homomorphic encryption (FHE), is either intolerable by resource-constrained on-board units (OBUs) or inappropriate to the realtime controlling requirement for VANETs. In this paper, an efficient multi-key secure outsourced computation scheme MSOC without exploiting public key FHE is first proposed, in the setting of two non-colluding servers, namely the cloud and the cryptographic service provider (CSP). Then, based on MSOC, an efficient and secure comparison protocol LSCP is devised, without the interaction between the server and the users. Furthermore, a lightweight privacy-preserving authentication protocol LPPA for LBS in VANETs is proposed, by eliminating duplicate and useless encrypted LBS messages before authentication is executed, through a newly devised efficient privacy-preserving information filtering system. Both user&#x2019;s location privacy and interest privacy are well protected against even the collusion between the roadside units (RSUs) serving as the cloud (or CSP) and malicious users. Especially, the property of ciphertext re-encryption of our proposed MSOC also guarantees the interest pattern privacy whether two users accept the same LBS information. Finally, formal security proof and extensive simulation results verify the effectiveness and practicability of our proposed LPPA.

Generalized Tweakable Even-Mansour Cipher and Its Applications

This paper describes a generalized tweakable blockcipher HPH (Hash-Permutation-Hash), which is based on a public random permutation P and a family of almost-XOR-universal hash functions $$ \mathcal{H}={\left\{ HK\right\}}_{K\in \mathcal{K}} $$ as a tweak and key schedule, and defined as y = HPHK((t1, t2), x) = P(x ⊕ HK(t1)) ⊕ HK(t2), where K is a key randomly chosen from a key space $$ \mathcal{K} $$ , (t1, t2) is a tweak chosen from a valid tweak space $$ \mathcal{T} $$ , x is a plaintext, and y is a ciphertext. We prove that HPH is a secure strong tweakable pseudorandom permutation (STPRP) by using H-coefficients technique. Then we focus on the security of HPH against multi-key and related-key attacks. We prove that HPH achieves both multi-key STPRP security and related-key STPRP security. HPH can be extended to wide applications. It can be directly applied to authentication and authenticated encryption modes. We apply HPH to PMAC1 and OPP, provide an improved authentication mode HPMAC and a new authenticated encryption mode OPH, and prove that the two modes achieve single-key security, multi-key security, and related-key security.

A multi-key SMC protocol and multi-key FHE based on some-are-errorless LWE

We study the hardness of learning with errors (LWE) problem with some equation constraints ( $$\hbox {LWE}_{n,l,q,\chi }$$ , some-are-errorless LWE). Previously, it was proved that LWE with one equation (first-is-errorless LWE) can be made as hard as the standard $$\hbox {LWE}_{n,q,\chi }$$ , given a large lattice dimension n. We show that the some-are-errorless LWE problem can also be made equivalently hard as long as n is big enough and $$n \gg l$$ (A similar conclusion was given using fuzzy extrators by Fuller). A second work in this paper is to construct a multi-key secure multi-party computation (SMC) protocol, whose security relies on LWE and the some-are-errorless LWE problem in semi-honest and semi-malicious environments assuming the common random string model. We study the Gentry–Sahai–Waters (GSW13) fully homomorphic encryption (FHE) scheme and its key homomorphism, which is essential for the construction of our multi-key SMC protocol. The proposed protocol naturally constitutes a multi-key FHE scheme in the same settings. Finally, we show the excellence of the proposed SMC protocol in time and space complexity by comparisons with existing relative schemes.

Connecting tweakable and multi-key blockcipher security

The significance of understanding blockcipher security in the multi-key setting is highlighted by the extensive literature on attacks, and how effective key size can be significantly reduced. Nevertheless, little attention has been paid in formally understanding the design of multi-key secure blockciphers. In this work, we formalize the multi-key security of tweakable blockciphers in case of general key derivation functions. We show an equivalence between blockcipher multi-key security and tweakable blockcipher security. Our equivalence connects two objects of study, the iterated Even–Mansour (EUROCRYPT 2012) and the iterated Tweakable Even–Mansour (CRYPTO 2015), which establishes that results in both areas are, to a certain extent, transferable. Using our novel equivalence relation, we derive new bounds for both constructions, pave the path towards the solution of two well-studied conjectures, and show that, contrary to common knowledge, key derivation functions need not necessarily be pseudorandom functions in order to provide security: for the iterated Even–Mansour universal hash functions suffice.

Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP

The tweakable Even-Mansour construction generalizes the conventional Even-Mansour scheme through replacing round keys by strings derived from a master key and a tweak. Besides providing plenty of inherent variability, such a design builds a tweakable block cipher from some lower level primitive. In the present paper, we evaluate the multi-key security of TEM-1, one of the most commonly used one-round tweakable Even-Mansour schemes (formally introduced at CRYPTO 2015), which is constructed from a single n-bit permutation P and a function f(k, t) linear in k from some tweak space to {0, 1} n. Based on giant component theorem in random graph theory, we propose a collision-based multi-key attack on TEM-1 in the known-plaintext setting. Furthermore, inspired by the methodology of Fouque et al. presented at ASIACRYPT 2014, we devise a novel way of detecting collisions and eventually obtain a memory-efficient multi-key attack in the adaptive chosen-plaintext setting. As important applications, we utilize our techniques to analyze the authenticated encryption algorithms Minalpher (a second-round candidate of CAESAR) and OPP (proposed at EUROCRYPT 2016) in the multi-key setting. We describe knownplaintext attacks on Minalpher and OPP without nonce misuse, which enable us to recover almost all O(2n/3) independent masks by making O(2n/3) queries per key and costing O(22n/3) memory overall. After defining appropriate iterated functions and accordingly changing the mode of creating chains, we improve the basic blockwiseadaptive chosen-plaintext attack to make it also applicable for the nonce-respecting setting. While our attacks do not contradict the security proofs of Minalpher and OPP in the classical setting, nor pose an immediate threat to their uses, our results demonstrate their security margins in the multi-user setting should be carefully considered. We emphasize this is the very first third-party analysis on Minalpher and OPP.