Secret Key Research Articles

Generating of A Dynamic and Secure S-Box for AES Block Cipher System Based on Modified Hexadecimal Playfair Cipher

In today's digital world, the extensive use of devices, including smartphones, tablets, IoT devices, and the internet, emphasizes the necessity for strong security measures. These measures are essential to safeguard both user data and sensitive government information. As technology advances, the enhancement of cryptographic methods becomes imperative, ensuring alignment with this rapid progression. This paper introduces a novel approach to encrypting classified data using the modified AES cipher system. It employs a dynamic and secure substitution byte operation with a 4×4 matrix, replacing the static and public 16×16 S-box found in the original version of AES. To construct the presented S-box, the system makes a secret key of 56 bytes (4×14 Rounds), where each round of the AES-256 utilizes 4 bytes to generate a 4×4 Hexadecimal Playfair matrix. By altering the S-boxes in each round and block (where each block utilizes AES key expansion to generate a 56-byte secret key for the Playfair matrix), it becomes feasible to produce distinct encrypted blocks even when the original blocks remain identical. In terms of security, the effectiveness of the provided method has been verified by experimental and analytical studies including the Avalanche effect, Balanced output, Hamming distance, and Time complexity. The result shows that the Avalanche effect of the proposed method exceeds 50% and increase the time of brute force attack. Moreover, the proposed algorithm exhibits impressive execution speed, handling approximately 200 KB in just one second.

Features of Structural Hardware Transformation of Information in Cryptosystems

The article considers types, functions and some features of cryptosystems, as well as circuit design options for expanding their functionality. Options for generating keys and ciphers used in cryptosystems with a typical structural organization, and technologies for creating encryption chains are presented. An encryption scheme is described, in the recurrent formula of the algorithm of which the previous blocks of both encryption and plaintext are used. This scheme reliably protects against any unauthorized modification of the encrypted text. Structural diagrams of the organization of symmetric and asymmetric cryptosystems are given. A variant of implementing a decoding procedure in a threshold MIMA cryptomodule for sharing a secret with a masking transformation is proposed, in which the necessary time and hardware costs for performing the procedure of reconstructing the original secret are minimized. The presented material can be the part of the original sections of a necessary and sufficiently provided in mathematical terms textbook on the basics and modern problems of cryptography.

Features of Structural Hardware Transformation of Information in Cryptosystems

The article considers types, functions and some features of cryptosystems, as well as circuit design options for expanding their functionality. Options for generating keys and ciphers used in cryptosystems with a typical structural organization, and technologies for creating encryption chains are presented. An encryption scheme is described, in the recurrent formula of the algorithm of which the previous blocks of both encryption and plaintext are used. This scheme reliably protects against any unauthorized modification of the encrypted text. Structural diagrams of the organization of symmetric and asymmetric cryptosystems are given. A variant of implementing a decoding procedure in a threshold MIMA cryptomodule for sharing a secret with a masking transformation is proposed, in which the necessary time and hardware costs for performing the procedure of reconstructing the original secret are minimized. The presented material can be the part of the original sections of a necessary and sufficiently provided in mathematical terms textbook on the basics and modern problems of cryptography.

Block-based color image encryption algorithm by a novel memristor chaotic system and new RNA computation

The security of images is closely related to the protection of information privacy. We proposed a novel 5D memory resistive chaotic system (5D-MRCS), which exhibits good chaotic characteristics. Therefore, we employed it to design an image encryption algorithm aimed at ensuring secure image transmission. To further enhance the complexity of the algorithm and obtain more chaotic sequences, we combine the 5D-MRCS with the Hodgkin-Huxley (HH) model and use this combination in algorithm design. Initially, we combine the plain image with the hash function SHA-384 to devise and generate the secret key. Subsequently, the algorithm determines whether to pad the plain image based on different block size requirements. Then, we use multiple chaotic sequences generated by the 5D-MRCS and HH model to perform the global image permutation operation. Our designed permutation algorithm includes two parts: Block-based permutation and a new pixel-level permutation. Next, the scrambled image undergoes block-based random RNA diffusion, incorporating two newly proposed methods in the RNA operations, ultimately resulting in the ciphertext image. The algorithm’s NPCR, UACI, information entropy, and other security performance metrics are very close to the ideal values, and it possess characteristics such as resistance to differential, cutting, chosen plaintext, and noise attacks. Compared with other algorithms, it still has some advantages across multiple images and demonstrates excellent image encryption performance.

Multiple-image authentication method based on phase-only holograms and a logistic map

An interesting security method for a multiple-image authentication scheme is proposed based on computer-generated holograms and a logistic map. First, each original image is encoded as the complex-valued hologram under the point light source model. The resulting hologram is then converted to a phase-only hologram using the Floyd-Steinberg dithering algorithm. Second, each phase-only hologram is randomly sampled with the aid of a binary mask. Through the catenation of all selected pixels, a phase-only pixel sequence is formed. Finally, a non-periodic and non-converging sequence generated with the logistic map is used to scramble this sequence. After only preserving the phase data of the scrambled sequence, the real-valued ciphertext carrying the information of all original images is obtained. In the process of authentication, although no valid information can be discerned from noisy reconstructed images at a small sampling rate, the verification of original images can be efficiently accomplished using the nonlinear correlation maps. Besides binary masks, the parameters of the logistic map are served as secret keys. Due to their high sensitivity, the security of the proposed method is greatly enhanced. The proposed authentication mechanism has been demonstrated to be effective and robust through experiments. To our knowledge, it is the first time to implement multiple-image authentication using phase-only holograms, which can provide a new perspective for optical information security.

Security of partially corrupted quantum repeater networks

Abstract Quantum Key Distribution allows two parties to establish a secret key that is secure against computationally unbounded adversaries. To extend the distance between parties, quantum networks are vital. Typically, security in such scenarios assumes the absolute worst case: namely, an adversary has complete control over all repeaters and fiber links in a network and is able to replace them with perfect devices, thus allowing her to hide her attack within the expected natural noise. In a large-scale network, however, such a powerful attack may be infeasible. In this paper, we analyze the case where the adversary can only corrupt a subset of the repeater network connecting Alice and Bob, while some portion of the network near Alice and Bob may be considered safe from attack (though still noisy). We derive a rigorous finite key proof of security assuming this attack model, and show that improved performance and noise tolerances are possible. Our proof methods may be useful to other researchers investigating partially corrupted quantum networks, and our main result may be beneficial to future network operators.

Resilience evaluation of memristor based PUF against machine learning attacks

Physical unclonable functions (PUFs) have emerged as a favorable hardware security primitive, they exploit the process variations to provide unique signatures or secret keys amidst other critical cryptographic applications. CMOS-based PUFs are the most popular type, they generate unique bit strings using process variations in semiconductor fabrication. However, most existing CMOS PUFs are found to be vulnerable to modeling attacks based on machine learning (ML) algorithms. Memristors leveraging nanotechnology fabrication processes and highly nonlinear behavior became an interesting alternative to the existing CMOS-based PUF technology, introducing cryptographic and resilient random outputs. Memristor-based PUFs are emerging due to the inherent randomness at both the memristor level due to the cycle-to-cycle (C2C) programming variation of the device and the fabrication process level such as the cross-sectional area and variations. Our study focuses on building a machine learning analysis and attack framework of tools on Cu/HfO2-x/p++Si\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$Cu/HfO_{2-x}/p^{++}Si$$\\end{document} memristor-based PUF (MR-PUF). Our objective is to test the resiliency of the security margins of the presented PUF using machine learning analysis tools, on-top of holistic NIST cryptographic randomness testing initially provided, to provide a high level of certainty in predicting the randomness output of the verified Memrister-based PUF. Our main contribution is a holistic study that focuses on attacking the randomness output resiliency based on building randomness predictors using Logistic Regression (LR), Support Vector Machine (SVM), Gaussian Mixture Models (GMM), K-means, K-means++\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$++$$\\end{document}, Random Forest, XGBoost and LSTM, within efficient time, and data complexity. Our results yield low accuracy and ROC results of within 0.49-0.52\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$0.49-0.52$$\\end{document} and 0.49-0.52\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$0.49-0.52$$\\end{document} respectively, indicating failure in predicting random data demonstrates efficient randomness prediction resiliency of the MR-PUF. The efficient time and data complexities of these attacks illustrated in this study are yielded to be linear and quadratic resulting in attack execution time in seconds and 5032 training samples combined with 2157 testing samples to verify the randomness of PUF.

Intensity correlations in measurement-device-independent quantum key distribution

The intensity correlations due to imperfect modulation during the quantum-state preparation in a measurement-device-independent quantum key distribution (MDI QKD) system compromise its security performance. Therefore, it is crucial to assess the impact of intensity correlations on the practical security of MDI QKD systems. In this work, we propose a theoretical model that quantitatively analyzes the secure key rate of MDI QKD systems under intensity correlations. Furthermore, we apply the theoretical model to a practical MDI QKD system with measured intensity correlations, which shows that the system struggles to generate keys efficiently under this model. We also explore the boundary conditions of intensity correlations to generate secret keys. This study extends the security analysis of intensity correlations to MDI QKD protocols, providing a methodology to evaluate the practical security of MDI QKD systems.

Unpacking Needs Protection

Most of the previous attacks on Dilithium exploit side-channel information which is leaked during the computation of the polynomial multiplication cs1, where s1 is a small-norm secret and c is a verifier's challenge. In this paper, we present a new attack utilizing leakage during secret key unpacking in the signing algorithm. The unpacking is also used in other post-quantum cryptographic algorithms, including Kyber, because inputs and outputs of their API functions are byte arrays. Exploiting leakage during unpacking is more challenging than exploiting leakage during the computation of cs1 since c varies for each signing, while the unpacked secret key remains constant. Therefore, post-processing is required in the latter case to recover a full secret key. We present two variants of post-processing. In the first one, a half of the coefficients of the secret s1 and the error s2 is recovered by profiled deep learning-assisted power analysis and the rest is derived by solving linear equations based on t = As1 + s2, where A and t are parts of the public key. This case assumes knowledge of the least significant bits of t, t0. The second variant uses lattice reduction to derive s1 without the knowledge of t0. However, it needs a larger portion of s1 to be recovered by power analysis. We evaluate both variants on an ARM Cortex-M4 implementation of Dilithium-2. The experiments show that the attack assuming the knowledge of t0 can recover s1 from a single trace captured from a different from profiling device with a non-negligible probability.

State‐of‐the‐Art 3DES Pipelined Cryptographic Engine Design Against Side‐Channel Attacks

ABSTRACTIn this paper, a high‐speed, low‐latency, and high‐security hardware‐implemented triple data encryption standard (3DES) cryptographic algorithm is proposed for securing data privacy. In order to achieve a high throughput for the 3DES architecture, the whole circuit is optimized with a 24‐stage pipelined design at first. For breaking the correlation between the processed data and power dissipation of the 3DES circuit against differential power analysis (DPA) attacks, two pseudo‐random number generators (PRNGs) are embedded to randomly alter the number of pipelined stages and data substitution locations within the 3DES circuit, respectively. Under such a circumstance, the proposed 3DES circuit is able to achieve high performance and strong robustness against DPA attacks without causing much overhead. As shown in the results, under the synthesis of SMIC 14‐nm process design kits (PDK), the clock frequency, area, power dissipation, and throughput of the proposed 3DES circuit, respectively, are achieved as 1.2 GHz, 26,435 m2, 21.05 mW, and 64 Gbps. Furthermore, when DPA attacks are executed on the proposed 3DES circuit, the corresponding secret key cannot be revealed even if 2 million plaintexts are enabled. In contrast, only 40,000 plaintexts are adequate to disclose the secret key of a regular pipelined 3DES circuit.

Privately Generated Key Pairs for Post Quantum Cryptography in a Distributed Network

In the proposed protocol, a trusted entity interacts with the terminal device of each user to verify the legitimacy of the public keys without having access to the private keys that are generated and kept totally secret by the user. The protocol introduces challenge–response–pair mechanisms enabling the generation, distribution, and verification of cryptographic public–private key pairs in a distributed network with multi-factor authentication, tokens, and template-less biometry. While protocols using generic digital signature algorithms are proposed, the focus of the experimental work was to implement a solution based on Crystals-Dilithium, a post-quantum cryptographic algorithm under standardization. Crystals-Dilithium generates public keys consisting of two interrelated parts, a matrix generating seed, and a vector computed from the matrix and two randomly picked vectors forming the secret key. We show how such a split of the public keys lends itself to a two-way authentication of both the trusted entity and the users.

A Deniability Analysis of Signal’s Initial Handshake PQXDH

Many use messaging apps such as Signal to exercise their right to private communication. To cope with the advent of quantum computing, Signal employs a new initial handshake protocol called PQXDH for post-quantum confidentiality, yet keeps guarantees of authenticity and deniability classical. Compared to its predecessor X3DH, PQXDH includes a KEM encapsulation and a signature on the ephemeral key. In this work we show that PQXDH does not meet the same deniability guarantees as X3DH due to the signature on the ephemeral key. Our analysis relies on plaintext awareness of the KEM, which Signal's implementation of PQXDH does not provide. As for X3DH, both parties (initiator and responder) obtain different deniability guarantees due to the asymmetry of the protocol. For our analysis of PQXDH, we introduce a new model for deniability of key exchange that allows a more fine-grained analysis. Our deniability model picks up on the ideas of prior work and facilitates new combinations of deniability notions, such as deniability against malicious adversaries in the big brother model, i.e. where the distinguisher knows all secret keys. Our model may be of independent interest.

RIS-Assisted Multi-Carrier Secret Key Generation in Static Environments

RIS-Assisted Multi-Carrier Secret Key Generation in Static Environments

Secret Key Generation Based on Manipulated Channel Measurement Matching

Secret Key Generation Based on Manipulated Channel Measurement Matching

Encrypted-OFDM: A secured wireless waveform

Wireless communication has been a broadcast system since its inception, which violates security and privacy issues at the physical layer between the intended transmit and receive pairs. Consequently, it is essential to secure the wireless signal such that only the intended receiver can realize the signal properties. In this paper, we propose Encrypted-OFDM, a new waveform, where the signal structure is altered to encrypt the waveform with a shared secret key. We achieve the signal level security by modifying the OFDM signal in time-domain, thus erasing the OFDM properties and obfuscating the signal properties to an eavesdropper. We present a two-stage encryption algorithm to increase the robustness of the transmitted waveform and achieve a high level of secrecy, even when low entropy keys are used. We also introduce a novel channel estimation algorithm by removing the pilots, so that only the intended receiver can estimate the channel correctly. Furthermore, we perform both secrecy and error analysis for the transmitted and received Encrypted-OFDM waveform. Extensive simulation and over-the-air experiments show that the performance of Encrypted-OFDM is comparable to legacy OFDM, and the SNR penalty due to the secured waveform varies between ≈ 1–4 dB. In all these scenarios, Encrypted-OFDM remains unrecognized at the eavesdropper.

Simulations of distributed-phase-reference quantum key distribution protocols

Quantum technology can enable secure communication for cryptography purposes using quantum key distribution. Quantum key distribution protocol establishes a secret key between two users with security guaranteed by the laws of quantum mechanics. To define the proper implementation of a quantum key distribution system using a particular cryptography protocol, it is crucial to critically and meticulously assess the device’s performance due to technological limitations in the components used. We perform simulations on the ANSYS Interconnect platform to study the practical implementation of these devices using distributed-phase-reference protocols: differential-phase-shift and coherent-one-way quantum key distribution. Further, we briefly describe and simulate some possible eavesdropping attempts, backflash attack, trojan-horse attack and detector-blinding attack exploiting the device imperfections. The ideal simulations of these hacking attempts show how partial or complete secret key can be exposed to an eavesdropper, which can be mitigated by the implementation of discussed countermeasures.

Quantum-Secured Data Centre Interconnect in a field environment

In the evolving landscape of quantum technology, the increasing prominence of quantum computing poses a significant threat to the security of conventional public key infrastructure. Quantum key distribution (QKD), an established quantum technology at a high readiness level, emerges as a viable solution with commercial adoption potential. QKD facilitates the establishment of secure symmetric random bit strings between two geographically separated, trustworthy entities, safeguarding communications from potential eavesdropping. In particular, data centre interconnects can leverage the potential of QKD devices to ensure the secure transmission of critical and sensitive information in preserving the confidentiality, security, and integrity of their stored data. In this article, we present the successful implementation of a QKD field trial within a commercial data centre environment that utilises the existing fibre network infrastructure. The achieved average secret key rate of 2.392 kbps and an average quantum bit error rate of less than 2% demonstrate the commercial feasibility of QKD in real-world scenarios. As a use case study, we demonstrate the secure transfer of files between two data centres through the Quantum-Secured Virtual Private Network, utilising secret keys generated by the QKD devices. %This demonstration marks a significant milestone in the deployment of QKD across Singapore, establishing a foundation for widespread adoption and enhancing the infrastructure for practical, quantum-safe communication in commercial environments.

Asymmetric Optical Scanning Holography Encryption with Elgamal Algorithm

This paper proposes an asymmetric scanning holography cryptosystem based on the Elgamal algorithm. The method encodes images with sine and cosine holograms. Subsequently, each hologram is divided into a signed bit matrix and an unsigned hologram matrix, both encrypted using the sender’s private key and the receiver’s public key. The resulting ciphertext matrices are then transmitted to the receiver. Upon receipt, the receiver decrypts the ciphertext matrices using their private key and the sender’s public key. We employ an asymmetric single-image encryption method for key management and dispatch for securing imaging and transmission. Furthermore, we conducted a sensitivity analysis of the encryption system. The image encryption metrics, including histograms of holograms, adjacent pixel correlation, image correlation, the peak signal-to-noise ratio, and the structural similarity index, were also examined. The results demonstrate the security and stability of the proposed method.

LMKCDEY Revisited: Speeding Up Blind Rotation with Signed Evaluation Keys

Recently, Lee et al. introduced a novel blind rotation technique utilizing ring automorphisms also known as LMKCDEY. Among known prominent blind rotation methods, LMKCDEY stands out because of its minimal key size and efficient runtime for arbitrary secret keys, although Chillotti et al.’s approach, commonly referred to as CGGI, offers faster runtime when using binary or ternary secrets. In this paper, we propose an enhancement to LMKCDEY’s runtime by incorporating auxiliary keys that encrypt the negated values of secret key elements. Our method not only achieves faster execution than LMKCDEY but also maintains a smaller key size compared to the ternary version of CGGI. Moreover, the proposed technique is compatible with LMKCDEY with only minimal adjustments. Experimental results with OpenFHE demonstrate that our approach can improve bootstrapping runtime by 5–28%, depending on the chosen parameters.

An Approach for Cipher Communication Utilizing the Concepts of Elliptic Curve Cryptography

Message encryption is a process of protection of the original data in transmission. Several cryptosystems were designed in the history for different environments. Public key or Asymmetric cryptosystem has become more popular in recent era where the key space consists both public and private keys. Elliptic curve cryptography dominates public key cryptosystems like Diffie Hellman key exchange and RSA. ECC is more powerful and alternative technique of RSA, with a simple replacement of exponent calculations of large prime numbers to mathematical representation of Elliptic curve points. Besides the computation ECC works with shorter key length than RSA. The present paper describes an encryption algorithm using elliptic curves over finite fields. Here a group of authentic users transmit.