Provably Secure Research Articles

Improved decoy-state and flag-state squashing methods

In this work we present an improved analysis for decoy-state methods, enhancing both achievable key rates and recovering analytical results for the single intensity scenario. Our primary focus is improving the shortcomings observed in current decoy-state methods, in particular recovering results when employing no decoy intensities. Our methods enable the continuous interpolation across varying numbers of intensity settings. Additionally, we extend decoy-state techniques to encompass scenarios where intensities vary depending on the signal state, thereby relaxing the constraints on experimental implementations. Our findings demonstrate that a minimum of one decoy intensity is sufficient for high asymptotic secret key rates, thereby further softening experimental requirements. We also address inherent imperfections within detection setups like imperfect beamsplitters. We derive provable secure lower bounds on the subspace population estimation, which is required for certain squashing methods such as the flag-state squasher. These analytical bounds allow us to encompass arbitrary passive linear optical setups and, together with intensities varying with each signal state, let us include a broad class of experimental setups. Published by the American Physical Society 2024

Secure fuzzy retrieval protocol for multiple datasets

With the diversification of data sources and the massive growth of datasets, data retrieval has become increasingly complex and time-consuming. In the traditional retrieval method, if a user wants to query multiple datasets, the general approach is to retrieve them one by one in order, which may lead to duplication of work and waste of resources. Private set intersection is a specific issue in secure multi-party computation. It allows several participants, each holding different sets, to jointly calculate the intersection of their sets without revealing any information other than the intersection. This method is naturally suitable for data fusion. In this work, we propose a secure fuzzy retrieval protocol for multiple datasets. First, we use private set intersection technology to fuse multiple datasets. Then, we perform secure retrieval based on this fused dataset, effectively avoiding the waste of resources caused by separate retrievals, thereby maximizing resource efficiency. It is worth mentioning that the protocol proposed in this paper can also be used for fuzzy retrieval to improve the user’s search experience. More importantly, the protocol can maximize privacy protection during the retrieval process, including strict protection of sensitive information such as retrieval keywords, ensuring that user data and query intentions will not be leaked during the entire retrieval process. Finally, we provide a rigorous security proof and demonstrate the effectiveness of the protocol through simulation experiments.

Practical Heterogeneous Pairing-Free Signcryption Scheme for Internet of Medical Things Communications with Edge Computing

Internet of Medical Things technology is becoming popular because of recent advancements in sensor node technology. A sensor node is characterized as a resource-limited device. This characteristic has led to several security challenges that underpin the necessity for cryptosystems that are both more effective and robust in protecting vital data. We propose an efficient and secure access control scheme where the transmitting node and receiving node are in certificateless cryptography and identity-based cryptographic environment, respectively. The design of the access control protocol for use in Internet of Medical Things with mobile edge computing is based on a heterogeneous signcryption scheme, and it is supported by 5G network. Random oracle model was used to provide the security proof of the proposed scheme. The proposed heterogeneous access control scheme provides public verifiability and ciphertext authentication properties. In addition, we have compared the efficiency of our access control scheme with other related existing schemes, and our scheme has low energy consumption and computation cost.

SMKA: Secure multi-key aggregation with verifiable search for IoMT

The Internet of Medical Things (IoMT) aggregates numerous smart medical devices and fully employs the collected health data to enhance patients’ experiences. In IoMT, patients generate various encryption keys and receive keyword information sent by data requesters to securely share selected health data, which increases the potential risk of key leakage. Besides, the cloud server may tamper with search results. The existing schemes did not consider that patients may inadvertently disclose the keyword information of data requesters. Additionally, these schemes entail a significant cost for verifying the search results. To deal with these challenges, we innovatively propose a secure multi-key aggregation (SMKA) scheme with verifiable search for IoMT. Firstly, the SMKA scheme is built upon key-aggregate searchable encryption, utilizing an oblivious search request and blockchain technology to achieve secure key aggregation. Secondly, a dual verifiable algorithm is integrated into the scheme to provide lightweight verification for the search results. The proposed scheme can achieve access control, requester privacy, accountability, and dual verification while ensuring secure search. Furthermore, the security analysis and proof have shown the effectiveness of the proposed protocol in achieving the intended security goals. Finally, the performance analysis indicates the significant feasibility and scalability of the proposed scheme.

A Provably Secure and Lightweight Two-Factor Authentication Protocol for Wireless Sensor Network

Wireless Sensor Networks (WSNs) are rapidly being integrated into various fields, significantly impacting and facilitating many aspects of human life. However, the increasingly prominent security issues associated with WSNs have become a significant challenge. This paper provides an in-depth analysis of the security challenges faced by WSNs in resource constrained and open communication environments. As a key component of the Internet of Things (IoT), a WSN can perceive, collect and transmit physical environmental data in real-time, and is widely used in military, medical, agricultural and other fields. However, the insecurity of communication channels and unauthorized user access pose severe threats to network security and data integrity. To address these challenges, this paper proposes a provably secure two-factor authentication protocol. This protocol utilizes a Chebyshev chaotic map and a two-factor authentication mechanism, which not only enhances security in WSNs but also improves authentication efficiency. The protocol is validated through security proof and performance experiments, demonstrating excellent security, functionality and efficiency. This provides strong support for secure and efficient communication in WSNs across various application scenarios.

LPSRUA–MIoT: Lightweight and Provable Secure Remote User Authentication Scheme for Multi‐Gateway Computing Framework in Internet of Things

ABSTRACTInternet of Things (IoT) has evolved into a new era of information and communication technology where several day‐to‐day usable physical objects have been interconnected to form an intelligent ad‐hoc network that is deployed into various hostile environments to monitor, gather and process the surveillance data. However, there is a huge potential gap between communication in traditional wired network and wireless IoT network. IoT network is susceptible to several security threats due to their distributed and decentralized architecture, open nature of communication channel, dynamic nodal infrastructure, high possibilities of malicious penetrations, and so forth. In this scenario, a secure, efficient, and lightweight remote user authentication and key agreement scheme can play a significant role to mitigate the above‐mentioned issues and to provide well‐protected communication between the communicating entities in the IoT environment. Therefore in this paper, we have proposed a provable secure, robust and lightweight biometric‐enabled mutual authentication scheme for a multi‐gateway IoT environment using an irreversible hash function and fuzzy extractor. To support our claim, we have formally verified our scheme using the broadly accepted Random Oracle Model (ROM) and further simulated using the widely used AVISPA simulation tool. Additionally, the performance analysis in terms of computation and communication overheads of the proposed scheme is compared with other existing relevant authentication schemes that clearly shows that the proposed protocol maintains an acceptable efficiency security trade‐off for implementation in real‐life scenarios.

Securing Internet of Vehicles with a provable secure post-quantum mutually authenticated protocol based on Small Integer Solution

Securing Internet of Vehicles with a provable secure post-quantum mutually authenticated protocol based on Small Integer Solution

Robust continuous-variable quantum key distribution in the finite-size regime

Quantum key distribution (QKD) has been proven to be theoretically unconditionally secure. However, any theoretical security proof relies on certain assumptions. In QKD, the assumption in the theoretical proof is that the security of the protocol is considered under the asymptotic case where Alice and Bob exchange an infinite number of signals. In the continuous-variable QKD (CV-QKD), the finite-size effect imposes higher requirements on block size and excess noise control. However, the local local oscillator (LLO) CV-QKD system cannot be considered time-invariant under long blocks, especially in cases of environmental disturbances. Thus, we propose an LLO CV-QKD scheme with time-variant parameter estimation and compensation. We first establish an LLO CV-QKD theoretical model under the temporal modes of continuous-mode states. Then, a robust method is used to compensate for arbitrary frequency shift and arbitrary phase drift in CV-QKD systems with longer blocks, which cannot be achieved under traditional time-invariant parameter estimation. Besides, the digital signal processing method predicated on high-speed reference pilots can achieve a time complexity of O(1). In the experiment, the frequency shift is up to 89.05 MHz/s and phase drift is up to 3.036 Mrad/s using a piezoelectric transducer (PZT) to simulate the turbulences in the practical channel. With a signal-to-interference ratio (SIR) of −51.67 dB, we achieve a secret key rate (SKR) of 0.29 Mbits/s with an attenuation of 16 dB or a standard fiber of 80 km. This work paves the way for future long-distance field-test experiments in the finite-size regime.

Postselection Technique for Optical Quantum Key Distribution with Improved de Finetti Reductions

The postselection technique is an important proof technique for proving the security of quantum key distribution protocols against coherent attacks via the uplift of any security proof against independent identically distributed collective attacks. In this work, we go through multiple steps to rigorously apply the postselection technique to optical quantum key distribution protocols. First, we place the postselection technique on a rigorous mathematical foundation by fixing a technical flaw in the original postselection paper. Second, we extend the applicability of the postselection technique to prepare-and-measure protocols by using a de Finetti reduction with a fixed marginal. Third, we show how the postselection technique can be used for decoy-state protocols by tagging the source. Finally, we extend the applicability of the postselection technique to realistic optical setups by developing a new variant of the flag-state squasher. We also improve existing de Finetti reductions, which reduce the effect of using the postselection technique on the key rate. These improvements can be more generally applied to other quantum information processing tasks. As an example to demonstrate the applicability of our work, we apply our results to the time-bin-encoded three-state protocol. We observe that the postselection technique performs better than all other known proof techniques against coherent attacks. Published by the American Physical Society 2024

Quantum Security of a Compact Multi-Signature

With the rapid advances in quantum computing, quantum security is now an indispensable property for any cryptographic system. In this paper, we study how to prove the security of a complex cryptographic system in the quantum random oracle model. We first give a variant of Zhandry’s compressed random oracle (CStO), called a compressed quantum random oracle with adaptive special points (CStOs). Then, we extend the on-line extraction technique of Don et al. (EUROCRYPT’22) from CStO to CStOs. We also extend the random experiment technique of Liu and Zhandry (CRYPTO’19) for extracting the CStO query that witnesses the future adversarial output. With these preparations, a systematic security proof in the quantum random oracle model can start with a random CStO experiment (that extracts the witness for the future adversarial output) and then converts this game to one involving CStOs. Next, the online extraction technique for CStOs can be applied to extract the witness for any online commitment. With this strategy, we give a security proof of our recent compact multi-signature framework that is converted from any weakly secure linear ID scheme. We also prove the quantum security of our recent lattice realization of this linear ID scheme by iteratively applying the weakly collapsing protocol technique of Liu and Zhandry (CRYPTO 2019). Combining these two results, we obtain the first quantum security proof for a compact multi-signature.

TrustCNAV: Certificateless aggregate authentication of civil navigation messages in GNSS

The Global Navigation Satellite System (GNSS) is capable of accurate positioning because it can provide high-precision data. These data are transmitted to the receiver in the form of navigation messages, called civil navigation messages (CNAV). As it is transmitted in an open, transparent environment without data integrity protection mechanisms and secure data transmission measures, the CNAV is suspected to spoofing attacks. In 2023, the OPSGROUP has received approximately 50 reports of GPS spoofing activity. A spoofed plane's navigation system will show it as being in a different place - a security risk if a jet is guided to fly into a hostile country's airspace. To prevent the forging of GNSS positioning data by spoofing attacks targeting CNAV, we propose a certificateless aggregation authentication for CNAV by using the elliptic curve discrete logarithm problem and the combination of the GNAV structural characteristics, called TrustCNAV. Security proof and performance analysis indicate that this authentication scheme can resist spoofing attacks and ensure data security of CNAV, also it avoids pairing operations with high computational complexity, thus meeting security requirements without causing too much time and communication consumption.

Security of partially corrupted quantum repeater networks

Abstract Quantum Key Distribution allows two parties to establish a secret key that is secure against computationally unbounded adversaries. To extend the distance between parties, quantum networks are vital. Typically, security in such scenarios assumes the absolute worst case: namely, an adversary has complete control over all repeaters and fiber links in a network and is able to replace them with perfect devices, thus allowing her to hide her attack within the expected natural noise. In a large-scale network, however, such a powerful attack may be infeasible. In this paper, we analyze the case where the adversary can only corrupt a subset of the repeater network connecting Alice and Bob, while some portion of the network near Alice and Bob may be considered safe from attack (though still noisy). We derive a rigorous finite key proof of security assuming this attack model, and show that improved performance and noise tolerances are possible. Our proof methods may be useful to other researchers investigating partially corrupted quantum networks, and our main result may be beneficial to future network operators.

Quantum key distribution with unbounded pulse correlations

Abstract Typical security proofs of quantum key distribution (QKD) require that the emitted signals are independent and identically distributed. In practice, however, this assumption is not met because intrinsic device flaws inevitably introduce correlations between the emitted signals. Although analyses addressing this issue have been recently proposed, they only consider a restrictive scenario in which the correlations have a finite and known maximum length that is much smaller than the total number of emitted signals. While it is expected that the magnitude of the correlations decreases as the pulse separation increases, the assumption that this magnitude is exactly zero after a certain point does not seem to have any physical justification. Concerningly, this means that the available analyses cannot guarantee the security of current QKD implementations. Here, we solve this pressing problem by developing a rigorous framework that, when combined with existing results, can guarantee security against pulse correlations of unbounded length. Our framework is rather general and could be applied to other situations for which the existing analyses consider a scenario that differs slightly from the actual one.

Generalised Entropy Accumulation

Consider a sequential process in which each step outputs a system Ai\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$A_i$$\\end{document} and updates a side information register E. We prove that if this process satisfies a natural “non-signalling” condition between past outputs and future side information, the min-entropy of the outputs A1,⋯,An\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$A_1, \\dots , A_n$$\\end{document} conditioned on the side information E at the end of the process can be bounded from below by a sum of von Neumann entropies associated with the individual steps. This is a generalisation of the entropy accumulation theorem (EAT) (Dupuis et al. in Commun Math Phys 379: 867–913, 2020), which deals with a more restrictive model of side information: there, past side information cannot be updated in subsequent rounds, and newly generated side information has to satisfy a Markov condition. Due to its more general model of side-information, our generalised EAT can be applied more easily and to a broader range of cryptographic protocols. As examples, we give the first multi-round security proof for blind randomness expansion and a simplified analysis of the E91 QKD protocol. The proof of our generalised EAT relies on a new variant of Uhlmann’s theorem and new chain rules for the Rényi divergence and entropy, which might be of independent interest.

REPACA: Robust ECC based privacy-controlled mutual authentication and session key sharing protocol in coalmines application with provable security

REPACA: Robust ECC based privacy-controlled mutual authentication and session key sharing protocol in coalmines application with provable security

Design of Provably Secure and Lightweight Authentication Protocol for Unmanned Aerial Vehicle systems

Drones also called Unmanned Aerial Vehicles (UAVs) have become more prominent in several applications such as package delivery, real-time object detection, tracking, traffic monitoring, security surveillance systems, and many others. As a key member of IoT, the group of Radio Frequency IDentification (RFID) technologies is referred to as Automatic Identification and Data Capturing (AIDC). In particular, RFID technology is becoming a contactless and wireless technique used to automatically identify and track the tagged objects via radio frequency signals. It also has drawn a lot of attention among researchers, scientists, industries, and practitioners due to its broad range of real-world applications in various fields. However, RFID systems face two key concerns related to security and privacy, where an adversary performs eavesdropping, tampering, modification, and even interception of the secret information of the RFID tags, which may cause forgery and privacy problems. In contrast to security and privacy, RFID tags have very limited computational power capability. To deal with these issues, this paper puts forward an RFID-based Lightweight and Provably Secure Authentication Protocol (LPSAP) for Unmanned Aerial Vehicle Systems. The proposed protocol uses secure Physically Unclonable Functions (PUFs), Elliptic-Curve Cryptography (ECC), secure one-way hash, bitwise XOR, and concatenation operations. We use Ouafi and Phan’s formal security model for analyzing security and privacy features such as traceability and mutual authentication. The rigorous informal analysis is carried out which ensures that our proposed protocol achieves various security and privacy features as well as resists various known security attacks. The performance analysis demonstrates that our proposed protocol outperforms other existing protocols. In addition, Scyther and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool simulation results demonstrates that there is no security attack possible within bounds. Therefore, our proposed LPSAP protocol achieves an acceptable high level of security with the least computational, communication, and storage costs on passive RFID tags.

Capybara and Tsubaki: Verifiable Random Functions from Group Actions and Isogenies

In this work, we introduce two post-quantum Verifiable Random Function (VRF) constructions based on abelian group actions and isogeny group actions with a twist. The former relies on the standard group action Decisional Diffie-Hellman (GA-DDH) assumption. VRFs serve as cryptographic tools allowing users to generate pseudorandom outputs along with publicly verifiable proofs. Moreover, the residual pseudorandomness of VRFs ensures the pseudorandomness of unrevealed inputs, even when multiple outputs and proofs are disclosed. Our work aims at addressing the growing demand for post-quantum VRFs, as existing constructions based on elliptic curve cryptography (ECC) or classical DDH-type assumptions are vulnerable to quantum threats. In our contributions, our two VRF constructions, rooted in number-theoretic pseudorandom functions, are both simple and secure over the random oracle model. We introduce a new proof system for the factorization of group actions and set elements, serving as the proofs for our VRFs. The first proposal is based on the standard GA-DDH problem, and for its security proof, we introduce the (group action) master Decisional Diffie-Hellman problem over group actions, proving its equivalence to the standard GA-DDH problem. In the second construction, we leverage quadratic twists to enhance efficiency, reducing the key size and the proof sizes, expanding input size. The scheme is based on the square GA-DDH problem. Moreover, we employ advanced techniques from the isogeny literature to optimize the proof size to 39KB and 34KB using CSIDH-512 without compromising VRF notions. The schemes feature fast evaluations but exhibit slower proof generation. To the best of our knowledge, these constructions represent the first two provably secure VRFs based on isogenies.

Tweakable ForkCipher from Ideal Block Cipher

In ASIACRYPT 2019, Andreeva et al. introduced a new symmetric key primitive called the forkcipher, designed for lightweight applications handling short messages. A forkcipher is a keyed function with a public tweak, featuring fixed-length input and fixed-length (expanding) output. They also proposed a specific forkcipher, ForkSkinny, based on the tweakable block cipher SKINNY, and its security was evaluated through cryptanalysis. Since then, several efficient AEAD and MAC schemes based on forkciphers have been proposed, catering not only to short messages but also to various purposes such as leakage resilience and cloud security. While forkciphers have proven to be efficient solutions for designing AEAD schemes, the area of forkcipher design remains unexplored, particularly the lack of provably secure forkcipher constructions. In this work, we propose forkcipher design for various tweak lengths, based on a block cipher as the underlying primitive. We provide proofs of security for these constructions, assuming the underlying block cipher behaves as an ideal block cipher. First, we present a forkcipher, F ~ 1 , for an n -bit tweak and prove its optimal ( n -bit) security. Next, we propose another construction, F ~ 2 , for a 2 n -bit tweak, also proving its optimal ( n -bit) security. Finally, we introduce a construction, F ~ r , for a general r n -bit tweak, achieving n -bit security.

Unforgeability of Blind Schnorr in the Limited Concurrency Setting

Blind signature schemes enable a user to obtain a digital signature on a message from a signer without revealing the message itself. Among the most fundamental examples of such a scheme is blind Schnorr, but recent results show that it does not satisfy the standard notion of security against malicious users, One-More Unforgeability (OMUF), as it is vulnerable to the ROS attack. However, blind Schnorr does satisfy the weaker notion of sequential OMUF, in which only one signing session is open at a time, in the Algebraic Group Model (AGM) + Random Oracle Model (ROM), assuming the hardness of the Discrete Logarithm (DL) problem. This paper serves as a first step towards characterizing the security of blind Schnorr in the limited concurrency setting. Specifically, we show that blind Schnorr satisfies OMUF when at most two signing sessions can be concurrently open (in the AGM+ROM, assuming DL). Our argument suggests that it is plausible that blind Schnorr satisfies OMUF for up to polylogarithmically many concurrent signing sessions. Our security proof involves interesting techniques from linear algebra and combinatorics.

Amortizing Circuit-PSI in the Multiple Sender/Receiver Setting

Private set intersection (PSI) is a cryptographic functionality for two parties to learn the intersection of their input sets, without leaking any other information. Circuit-PSI is a stronger PSI functionality where the parties learn only a secret-shared form of the desired intersection, thus without revealing the intersection directly. These secret shares can subsequently serve as input to a secure multiparty computation of any function on this intersection. In this paper we consider several settings in which parties take part in multiple Circuit-PSI executions with the same input set, and aim to amortize communications and computations. To that end, we build up a new framework for Circuit-PSI around generalizations of oblivious (programmable) PRFs that are extended with offline setup phases. We present several efficient instantiations of this framework with new security proofs for this setting. As a side result, we obtain a slight improvement in communication and computation complexity over the state-of-the-art semi-honest Circuit-PSI protocol by Bienstock et al. (USENIX '23). Additionally, we present a novel Circuit-PSI protocol from a PRF with secret-shared outputs, which has linear communication and computation complexity in the parties' input set sizes, and is able to realize a stronger security notion. Lastly, we derive the potential amortizations over multiple protocol executions, and observe that each of the presented instantiations is favorable in at least one of the multiple-execution settings.