Public Key Research Articles

Game on: a performance comparison of interpolation techniques applied to Shamir’s secret sharing

Abstract Public-key encryption is typically managed through a public key infrastructure. However, it relies on a central control point, the certification authority, which acts as a single point of failure. Recent technological advancements have led to the need for decentralized cryptographic protocols. This paper presents a comprehensive study on enhancing public-key encryption via threshold cryptography and multiparty computation to ensure robust security in decentralized systems. The focus lies in exploring various polynomial interpolation techniques within Shamir’s secret sharing scheme, particularly addressing the efficiency and practicality of Newton interpolation, fast Fourier transformation (FFT), and advanced versions of Lagrange’s method. Utilizing SageMath for a dedicated testing environment, the research investigates the swiftest interpolation methods for secret recovery, introducing new shares into the system, and evaluating the impact of optimizations on performance. The findings highlight FFT as the most effective interpolation method in speed and efficiency, albeit with limitations on the number of shares that can be processed. This paper critically evaluates these interpolation techniques against practical constraints and aims to answer pivotal research questions regarding the optimal approach for large-scale scenarios, challenging existing notions on the efficiency of Newton’s method and providing experimental evidence to support the superiority of FFT in specific contexts.

Timed Interpreted Systems as a New Agent-Based Formalism for Verification of Timed Security Protocols

This article introduces a new method for modelling and verifying the execution of timed security protocols (TSPs) and their time-dependent security properties. The method, which is novel and reliable, uses an extension of interpreted systems, accessible semantics in multi-agent systems, and timed interpreted systems (TISs) with dense time semantics to model TSP executions. We enhance the models of TSPs by incorporating delays and varying lifetimes to capture real-life aspects of protocol executions. To illustrate the method, we model a timed version of the Needham–Schroeder Public Key Authentication Protocol. We have also developed a new bounded model checking reachability algorithm for the proposed structures, based on Satisfiability Modulo Theories (SMTs), and implemented it within the tool. The method comprises a new procedure for modelling TSP executions, translating TSPs into TISs, and translating TISs’ reachability problem into the SMT problem. The paper also includes thorough experimental results for nine protocols modelled by TISs and discusses the findings in detail.

Secure Data Integrity Check Based on Verified Public Key Encryption With Equality Test for Multi-Cloud Storage

Secure Data Integrity Check Based on Verified Public Key Encryption With Equality Test for Multi-Cloud Storage

Another Look at the Security Analysis of the Modulus N = p2q by Utilizing an Approximation Approach for ϕ(N)

Newly developed techniques have been recently documented, which capitalize on the security provided by prime power modulus denoted as N = prqs where2 ≤ s < r. Previousresearchprimarilyconcentrated on the factorization of the modulus of type at minimum N = p3q2. In contrast, within the context of 2 ≤ s < r, we address scenarios in the modulus N = p2q (i.e. r = 2 and s = 1) still need to be covered, showing a significant result to the field of study. This work presents two factorization approaches for the multiple moduli Ni = p2 iqi, relying on a good approximation of the Euler’s totient function ϕ(Ni). The initial method for factorization deals with the multiple moduli Ni = p2 iqi derived from m public keys (Ni,ei) and is interconnected through the equation eid − kiϕ(Ni) = 1. In contrast, the second factorization method is associated with the eidi − kϕ(Ni) = 1. By reorganizing the equations as a simultaneous Diophantine approximation problem and implementing the LLL algorithm, it becomes possible to factorize the list of moduli Ni = p2 iqi concurrently, given that the unknowns d, di, k, and ki are suff iciently small. The key difference between our results and the referenced work is that we cover a real-world cryptosystem that uses the modulus N =p2q. In contrast, the previous work covers a hypothetical situation of modulus in the form of N = prqs.

A novel method for generating public keys involving matrix operations.

With the rise of the Internet of things, the limitations of traditional PKI certificate authentication technology have progressively emerged. Hence, identity-based public key algorithms have been proposed. In this paper, we propose a new approach to generate an identity key, named identity public key (IPK). IPK identity key generation protocol is based on SM2 elliptic curve cryptography and random matrix theory. It builds upon the concept of combined public key (CPK) and resolves the linear collusion issue of CPK as well as the authenticity verification problem of the declared public key of the simplified TF-CPK by enhancing the identity mapping approach. Another main aim of this paper is to prove the security of the IPK identity key generation protocol. Roughly speaking, we verify the security of each part of the private key and the security of the composite private key. We also increase the function and performance comparison with other schemes, such as IBC(SM9) and TF-CPK. Our scheme has the lowest computation cost, which demonstrates its rationality.

Tradeoffs in Key Rotation Strategies for Industrial Internet of Things Devices and Firmware

This paper provides an overview of several secure boot architectures with a focus on key rotation. It expands on a practitioner note that the authors submitted to the 2023 IEEE Secure Development Conference. Key rotation is important due to the frequency of lost signing keys and the difficulty of managing secret keys for the long lifetimes of Industrial Internet of Things (IIOT) devices. Key rotation is not simple for IIOT due to limited resources during a secure boot process and the constraints of the firmware utilities that come from the chip vendors. This paper reviews and compares five common architectures for a secure boot that are seen across the IIOT community. For each architecture, it provides some key strengths and weaknesses associated with that architecture. The paper then provides a detailed comparison and analysis of the architectures to convince the IIOT community to move towards a strong use of certificates (instead of the traditional use of raw public keys). The intent of this paper is to provide a practitioner’s perspective on these challenges and the tradeoffs in hopes of inviting comments from chip vendors and the broader community.

A quantum group signature scheme with reusable keys based on four-particle Cluster states

Abstract With the continuous development of quantum technology, researchers are constantly improving the research on quantum signatures. In the public-key cryptosystem, a quantum group signature scheme based on four-particle Cluster states is proposed. In this scheme, the four-particle Cluster states are used as quantum channels. The signer randomly generates his private key according to the public key generated by the group manager, and uses the private key to sign. The verifier uses the public key to verify the signature. The features of the scheme are as follows: the public key and private key can be reused, thus reducing the number of keys that need to be saved by the communication parties; The length of the message to be signed does not need to be the same as the length of the public and private keys, which increases the flexibility of the signature; The random sequence is used in the signature process to ensure the unpredictability of the key, thus improving the security of the scheme; The scheme has unforgeability and non-repudiation.

Time-Based Cryptosystem

In this paper we introduce a Time-Based Cryptosystem (TBC) scheme. This scheme requires a Time-Based Key Generation Center (TBKGC) to broadcast a set of public keys based on the Multi-prime RSA (MPRSA) at every new interval. The sender encrypts the plaintext with a specified period of time and the corresponding public key broadcast by the TBKGC. And the receiver acquires the corresponding key from the TBKGC to decrypt the ciphertext. We discuss the difference between TBC and Time-Specific Encryption (TSE). Finally we suggest extension and directions of improvement of TBC.

Role of Linear Diophantine Equations in RSA Encryption

Abstract. Diophantine equations are mathematical equations that include only integer solutions and two or more unknown variables. To illustrate, the most elementary form of Diophantine equations are linear Diophantine equations when two different one-degree monomials added up to a constant value. Such equations were given the name of the extraordinary Greek mathematician Diophantus who made great contribution to algebra and number theory. In addition, they help in defining concepts in algebraic geometry and contribute to the development of algorithms for cryptography. They work in the same way as public keys do in cryptocurrencies within blockchain technology to curb cyber threats and scams targeting public systems. They serve as a means of securing transactions on a computer network when using cryptocurrencies such as bitcoins. These encryption techniques also permit cryptographers and mathematicians to create new ideas in relation to these number systems, thus making it possible for further cryptographic techniques to be put into place.

An Enhanced Learning with Error-Based Cryptosystem: A Lightweight Quantum-Secure Cryptography Method

Quantum-secure cryptography is a dynamic field due to its crucial role in various domains. This field aligns with the ongoing efforts in data security. Post-quantum encryption (PQE) aims to counter the threats posed by future quantum computers, highlighting the need for further improvement. Based on the learning with error (LWE) system, this paper introduces a novel asymmetric encryption technique that encrypts entire messages of n bits rather than just 1 bit. This technique offers several advantages including an additive homomorphic cryptosystem. The robustness of the proposed lightweight public key encryption method, which is based on a new version of LWE, ensures that private keys remain secure and that original data cannot be recovered by an attacker from the ciphertext. By improving encryption and decryption execution time—which achieve speeds of 0.0427 ms and 0.0320 ms, respectively—and decreasing ciphertext size to 708 bits for 128-bit security, the obtained results are very promising.

Extreme learning with projection relational algebraic secured data transmission for big cloud data

SummaryCloud Computing (CC) and big data are growing technology in the business. Big data is demonstrated in terms of volume, variety, and velocity. CC is employed for storing, processing, and accessing data. Many cryptographic techniques have been developed to enhance big data security in cloud computing. However, security and privacy are the primary concerns in protecting data, as it is highly sensitive. Yet, it faces the major problems of inefficient performance, increased time consumption, and lack of data confidentiality and integrity. To address this issue, proposed Extreme Learning with Projection Relational Algebraic Secured Data Transmission (ELPRA‐SDT) is introduced to secure data transactions from cloud users to cloud servers with enhanced data confidentiality and reduced time consumption for big cloud data. The proposed ELPRA‐SDT consists of two major processes namely registration and key generation. At first, the user's IP address is registered employing a transitive advanced set relation theory graph model in a cloud server (CS) for retrieving the numerous services. The CS generates private and public keys for each registered user's IP address using the Transitive Operational and Time Synchronized Random Winternitz Key generation model. After, the user sends a request to the CS for acquiring data. The CS validates the requested user based on security policy attributes. Second, the Projection Relational Algebraic Signcryption and Unsigncryption algorithm performs signature verification to ensure secure data access for protecting the data. Results of experiments carried out by using Coburg Intrusion Detection Data Sets‐001 dataset in Java. ELPRA‐SDT method is more efficient and more suitable for providing security and privacy to network traces in the Cloud. The result shows maximum performance with data confidentiality by 10% and data integrity by 13%. In addition, delay is reduced by 32%, and data delivery time and communication complexity is decreased by 28% and 24% to other existing methods.

Biometric CNN Model for Verification Based on Blockchain and Hyperparameter Optimization

Nowadays, fingerprints as biometrics are among the most popular means of identity verification for various applications. However, they are susceptible to theft, tampering, or alteration by attackers after storage. Hence, it is critical to guarantee the privacy of these fingerprint templates because standard privacy techniques are not secure enough. Additionally, fingerprint templates are verified using a deep learning model to distinguish between authentic and fake fingerprints, making them more protected and secure by storing them inside a blockchain, which has become the most common secure technique in recent years. This paper implements the proposed efficient and secure biometric system for verification based on blockchain technology and hyperparameter optimization. First, for the storing phase, each user’s authentic fingerprint template, private, and public keys are saved in the block and linked to the previous block in the chain by a hash function. If a hacker attempts to assault a fingerprint, all prior blocks must be changed. Second, for the authentication phase, the user logs in with his fingerprint and looks up the required template in the chain. If the required fingerprint exists, it creates a new block with the login details, and the number 1 is returned, which means that the authentication is valid; if it does not exist, it is verified to see if it is authentic or fake using the proposed biometric convolutional neural network (CNN). The proposed CNN uses the Grid Search (GS) algorithm to tune hyperparameters to distinguish between authentic and fake fingerprints. The SOCOFing dataset is used for evaluating our experiment. According to the experimental results, the proposed CNN model achieved the highest accuracy of 99.52%. As a result of the blockchain, our system can return authentication information after looking up the chain in 300 ms.

The Perils of Limited Key Reuse: Adaptive and Parallel Mismatch Attacks with Post-processing Against Kyber

The Module Learning With Errors (MLWE)-based Key Encapsulation Mechanism (KEM) Kyber is NIST's new standard scheme for post-quantum encryption. As a building block, Kyber uses a Chosen Plaintext Attack (CPA)-secure Public Key Encryption (PKE) scheme, referred to as Kyber.CPAPKE. In this paper we study the robustness of Kyber.CPAPKE against key mismatch attacks. We demonstrate that Kyber's security levels can be compromised if having access to a few mismatch queries of Kyber.CPAPKE, by striking a balance between the parallelization level and the cost of lattice reduction for post-processing. This highlights the imperative need to strictly prohibit key reuse in Kyber.CPAPKE. We further propose an adaptive method to enhance parallel mismatch attacks, initially proposed by Shao et al. at AsiaCCS 2024, thereby significantly reducing query complexity. This method combines the adaptive attack with post-processing via lattice reduction to retrieve the final secret key entries. Our method proves its efficacy by reducing query complexity by 14.6 % for Kyber512 and 7.5 % for Kyber768/Kyber1024. Furthermore, this approach has the potential to improve multi-value Plaintext-Checking (PC) oracle-based side-channel attacks and fault-injection attacks against Kyber itself.

Small Public Exponent Brings More: Improved Partial Key Exposure Attacks against RSA

Let (N,e) be a public key of the RSA cryptosystem, and d be the corresponding private key. In practice, we usually choose a small e for quick encryption. In this paper, we improve partial private key exposure attacks against RSA with a small public exponent e. The key idea is that under such a setting we can usually obtain more information about the prime factor of N and then by solving a univariate modular polynomial with Coppersmith's method, N can be factored in polynomial time. Compared to previous results, we reduce the number of d's leaked bits needed to mount the attack by log_2 (e) bits. Furthermore, our experiments show that for 1024-bit N, our attack can achieve the theoretical bound on a personal computer, which verified our attack.

The Security of SSH Protocol Public Key Sharing in the Post-Quantum Era

The security of traditional cryptographic schemes is based on mathematical puzzles that cannot be cracked by current computers. However, the rapid development of quantum computers has the potential to greatly reduce the time and resources required to crack these encryption schemes. Although true quantum supremacy may still be years away, it is imperative to adopt anti-quantum algorithms proactively. This preemptive approach aims to thwart "catch first, decrypt later" attacks, wherein attackers intercept and store encrypted data with the intent of decrypting it once quantum computing becomes sufficiently advanced. This threat is particularly critical for protocols like Secure Shell (SSH), which is widely used for secure communication over unsecured networks. In this paper, we propose an innovative approach to enhance the security of public-key distribution within the SSH protocol. Our method integrates quantum-resistant algorithms to ensure that even with the advent of quantum computing, the confidentiality and integrity of SSH sessions are maintained. We emphasize the importance of using cryptographic protocols that operate over open channels, which, while not necessarily confidential, must be authenticated to prevent tampering. In such scenarios, attackers may be able to intercept and even extract information, but they should not be able to alter the data.

Enhancing the Vehicular Public Key Infrastructure to Develop Privacy-Preserving Authentication Scheme for Vanet by Using PCM and MSS Scheme

This article proposes a security-based authentication as well as efficient certificate management approach for VANET to detect fraudulent nodes with better precision, less latency and overhead. The primary purpose of the developed system is to establish effectual and heftiness of VANET security that lead to the stability of overall network. VANETs are composed of vehicles and Road Side Units (RSUs) assisting with network management and the vehicles connect with one another and RSUs to furnish roadside information and safety solutions. Security is an essential factor in VANETs because the confidentiality of humans (passengers) is paramount; hence, Vehicular Public Key Infrastructure (VPKI) is utilised to offer authentication and safety services in VANETs. The developed structure provides an encrypted VANET transmission infrastructure by utilising the concepts of Merkle Signature Scheme (MSS) and Pseudo-code Certificate Management (PCM) to minimise overhead for communication and latency while ensuring entity authenticity. Messages are authenticated by sender, encoded with a vehicular public key distributed by a PCM-MSS and decrypted by the destination, resulting in every transmission including a certification from a reliable authority. During that verification, the transmitter and receiver of message’s authentication and validation is accomplished. Simulation findings show that the proposed approach improves the reliability of identifying hostile nodes and PDR while reducing authentication delays and overhead.

Secure device authentication and key agreement mechanism for LoRaWAN based IoT networks

SummaryThe proposed work introduces two schemes for secure device authentication and key agreement (SDA & KA) mechanisms. Initially, an efficient implicit certificate approach based on the Elliptic curve Qu–Vanstone (EIC‐EcQuV) scheme is developed in the first stage to instantly concur on the session key. The proposed scheme implicitly performs quick authentication of the public key. Also, this scheme prevents the attacker from creating fake key combinations. Through EIC‐EcQuV, the implicit certificate (IC) is distributed which helps to implicitly authenticate the user. This work also proposes ithe developed Public Key Certificateless Cryptosystem (PKCIC) scheme in the second stage, whch was also for the SDA & KA mechanism. In the EIC‐EcQuV scheme, efficient authentication is enabled, but public key theft is possible. However, in the PKCIC scheme, authentication is performed through partial keys, and the public key is secured via the Schnorr signature. The efficiency of the proposed schemes is proved by comparing the attained results with previous schemes. The proposed method obtains the computational cost of 0.0583 s for end‐to‐end devices, 0.06111 for network servers, and 0.00071 s for the gateway, with an execution time of 78.624 for 1000 devices. The attained key agreement of the proposed EIC‐EcQuV is 0.953 s, and PKCIC is 0.9988 s.

Privately Generated Key Pairs for Post Quantum Cryptography in a Distributed Network

In the proposed protocol, a trusted entity interacts with the terminal device of each user to verify the legitimacy of the public keys without having access to the private keys that are generated and kept totally secret by the user. The protocol introduces challenge–response–pair mechanisms enabling the generation, distribution, and verification of cryptographic public–private key pairs in a distributed network with multi-factor authentication, tokens, and template-less biometry. While protocols using generic digital signature algorithms are proposed, the focus of the experimental work was to implement a solution based on Crystals-Dilithium, a post-quantum cryptographic algorithm under standardization. Crystals-Dilithium generates public keys consisting of two interrelated parts, a matrix generating seed, and a vector computed from the matrix and two randomly picked vectors forming the secret key. We show how such a split of the public keys lends itself to a two-way authentication of both the trusted entity and the users.

Design and Implementation of Energy-Aware Integration Mechanisms for IoT-Cloud Architectures: Enhancing Efficiency in Resource-Constrained Environments

This study paper suggests a way for the Internet of Things (IoT) and Cloud computing to work together that is smart about energy use. The goal is to solve the problem of IoT-Cloud integration's energy efficiency, which is important for making sensor nodes last longer and making sure that data transfer continues over time. The first step in the process is to plan the IoT nodes and give each sensor node a unique ID and a starting energy level. To make data safer, a homomorphic encryption method is used to make public and private keys. The integration process uses a good Cluster Head Selection Technique that has Random, Energy-Based, Distance-Based, and Density-Based methods to make sure that the sensor nodes are grouped together in the best way possible. The sensor nodes send data to the base station through cluster heads, which use homomorphic encryption to make the connection safe. The public key is used to hash each data packet before it is sent to the cluster head. The cluster head then sends the packets to the base station through the Cloud. At the base station, the data hash is checked one at a time, and then the data is decrypted. This makes sure that the data is correct and safe while it is being sent. Comparing time and energy use across different systems and node numbers is part of the performance assessment. The results show that System 4 did better than the others in terms of how much energy it used and how efficiently it transferred data. This shows that the proposed system can effectively handle IoT-Cloud integration. System 4 kept 28,848 units of energy after starting with 29,442 units, showing that it was much more energy efficient. The results show that using techniques that are aware of energy in IoT-Cloud systems can greatly improve performance. This study adds to the growing body of research on integrating IoT and the cloud by showing a safe, effective, and energy-conscious method that sends data while using the least amount of energy possible.

Unlinkable Policy-Compliant Signatures for Compliant and Decentralized Anonymous Payments

Privacy-preserving payment systems face the difficult task of balancing privacy and accountability: on one hand, users should be able to transact privately and anonymously, on the other hand, no illegal activities should be tolerated. The challenging question of finding the right balance lies at the core of the research on accountable privacy that stipulates the use of cryptographic techniques for policy enforcement. Current state-of-the-art systems are only able to enforce rather limited policies, such as spending or transaction limits, or assertions about single participants, but are unable to enforce more complex policies that for example jointly evaluate both, the private credentials of sender and recipient, situations that occur in cross-border payments, let alone to do this without auditors in the loop during payment. This severely limits the cases where decentralized virtual assets can be used in accordance with regulatory compliance such as the Financial Action Task Force (FATF) travel rule, while retaining strong privacy features. We present unlinkable Policy-Compliant Signatures (ul-PCS), an enhanced cryptographic primitive extending the work of Badertscher et al.~(TCC 21). We give rigorous definitions, formally proven constructions, and benchmarks using our prototype developed using CharmCrypto which gives the first insights into feasibility of PCS. Unlinkable PCS has the following unique combination of features: 1) It is an enhanced signature scheme where the public key encodes in a privacy-preserving way the user's verifiable credentials (obtained from a credential authority). 2) Signatures can be created (and later publicly verified) by additionally specifying a recipient's public key aside of the to-be-signed message. A valid signature can only ever be created if the attributes $x_S$ of the signer and the attributes $x_R$ of the receiver fulfill some global policy $F(x_S,x_R)$. 3) The signature can be created by the signer just knowing the recipient's public key; there is no further interaction needed and no information is leaked (beyond the validity of the policy). 4) Once credentials are obtained, a user can generate fresh public keys without interacting with the credential authority. By merging the act of signing a transaction with the act of providing an assurance about the involved participants being compliant with complex policies, yet retain that participants are able to change public keys without the involvement of an authority, we formally show how ul-PCS is a step towards improving regulatory compliance of privacy coins such as Monero or Zcash.