# Breaking An Identity-Based Encryption Scheme based on DHIES

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Breaking An Identity-Based Encryption Scheme based on DHIES Martin R. Albrecht 1 Kenneth G. Paterson 2 1 SALSA Project - INRIA, UPMC, Univ Paris 06 2 Information Security Group, Royal Holloway, University of London IMA Cryptography and Coding 2011

2 Introduction The search for efficient Identity-Based Encryption (IBE) schemes has resulted in many proposals for schemes. A recent proposal, due to Chen et al., has very efficient encryption and decryption and claims to have security based on the security of the DHIES public key encryption scheme. Y. Chen, M. Charlemagne, Z. Guan, J. Hu and Z. Chen. Identity-based encryption based on DHIES. In D. Feng, D.A. Basin and P. Liu Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp , ACM, 2010.

3 Our Contribution We present collusion attacks against the scheme which recover the Trusted Authority s master secret key. Our attacks allow to trade various parameters off one another such as the number of private keys and computational cost; apply to the parameters suggested by Chen et al. to mitigate such attacks; improve upon an independent attack by Susilo and Baek. Since both Chen et al. and Susilo and Baek share a misunderstanding about the complexity of polynomial system solving, we also give an account of the state of the art.

4 The IBE Scheme I Setup: This algorithm has as input a security parameter k and a value n. 1. Run a pairing parameter generator G to generate a prime q, two groups G 1, G 2 of order q and a pairing e : G 1 G 1 G 2. Let P generate G Set msk = (u 0,..., u n 1 ) (Z q ) n where u i R Z q for 0 i < n. 3. Set mpk = (u 0 P,..., u n 1 P) (G 1 ) n. 4. Let H 0 be a hash function which takes as inputs elements of {0, 1} and outputs subsets of size t of {0, 1,..., n 1}. 5. Select a pseudo-random number generator (PRNG) F having elements of {0, 1} as seeds and outputs in Z q.

5 The IBE Scheme II KeyGen: Given an identity id {0, 1}, this algorithm proceeds as follows: 1. Produce {s 0,..., s t 1 } := H 0 (id). 2. Use F with seed id to produce vectors a = (a 0,..., a t 1 ) (Z q ) t and b = (b 00,..., b t 1,t 1 ) (Z q ) (t+1 2 ). 3. Output as the private key for identity id the value: x id = 0 i<t a i u si + 0 i j<t b ij u si u sj Z q. For our attack we do not use the Encrytion and Decryption routines, hence we do not present them here.

6 The IBE Scheme III The private key corresponding to the identity id is the evaluation of a quadratic function f id over Z q in t on the values u 0,..., u n 1 from msk. The specific quadratic function f id is determined by H 0 and F and can be readily calculated using only the string id and public information. This observation forms the basis of all known attacks against the scheme including ours.

7 An Attack on the Underlying Hard Problem Consider an attacker who has access to private keys x id for strings id. The attacker makes about n 2 queries for random identities. Each yields x id for some f id. We set up a polynomial system of quadratic polynomials 0 i<t a i x si + corresponding to f id and x id. 0 i j<t b ij x si x sj x id After roughly n 2 queries, this system can be linearised and solved in O(n 6 ). Chen et al. suggest to mitigate this attack by limiting the number of key extraction queries that are allowed by the adversary to 0.1n 2.

8 Hardness of Polynomial System Solving I If a system of equations has a unique solution, solving is equivalent to computing a Gröbner basis. Theorem (F 5 Complexity) Computing a Gröbner basis of a zero-dimensional semi-regular system of m polynomials in n variables can be computed with the F 5 algorithm in (( ) ω ) n + D O D operations, where D is the index of the first non-positive coefficient of c k z k = k 0 m 1 i=0 (1 zd i ) (1 z) n. and 2 ω < 3 is the linear algebra constant.

9 Hardness of Polynomial System Solving II Using this theorem and the standard assumption that random systems are semi-regular, we can estimate the complexity of solving a random system of equations. m = n n + 1 n log n n log n n n 2 0.5n m < n m < n m < n 15 Table: log 2 of field ops for solving m equations in n unknowns.

10 Hardness of Polynomial System Solving III Figure: Experimental verification for t {4, 8, n} with m = 0.1n 2.

11 Hardness of Polynomial System Solving IV Hence, the problem is much easier than expected by Chen et al. and Susilo and Baek. W. Susilo and J. Baek. On the Security of the Identity-based Encryption based on DHIES from ASIACCS 2010 (short paper). Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, ACM, 2011.

12 Refining the Basic Attack I Key Idea We can precompute the hash function H 0 in an effort to find identities leading to simpler sets of equations. Partition the set of unknowns into subsets of equal size, and search for identities yielding systems of equations with unknowns restricted to these sets. To this end, we write n = 2 d. For some value s 0 with 2 d s t, we partition the set {0,..., n 1} into 2 s sets S i each containing 2 d s integers by setting S i = {i2 d s,..., (i + 1)2 d s 1}. For example: {0, 1, 2, 3}, {4, 5, 6, 7},... }

13 Refining the Basic Attack II Set ID i :=, c i := 0 for 0 i < 2 s Set c := 0 and c 2 s := 0. repeat c := c + 1 id R {0, 1} if H 0 (id) S i for some i then ID i = ID i id c i := c i + 1 else c 2 s := c 2 s + 1 end if until c i m for 0 i < 2 s Obtain x id for m elements in each ID i using key extraction queries. for 0 i < 2 s do solve a system of m equations in {x j : j S i }. end for

14 Refining the Basic Attack III The attack involves three main stages: 1. a pre-computation to generate sets of identities ID i suitable for building systems of equations; cost needs to be established 2. making key extraction queries to obtain the required private keys; m2 s extraction queries 3. generating and solving 2 s systems of equations, each containing m equations in 2 d s unknowns. table on earlier slide

15 Refining the Basic Attack IV We need enough queries to H 0 to obtain at least m identities id in each of the sets ID i. We assume that H 0 selects t-subsets of {0, 1,..., n 1} uniformly at random for random id. Then the probability that H 0 (id) S i is equal to p := ( ) ( 2 d s t / n ) t. After c iterations of main loop in the algorithm, the vector (c 0,..., c 2 s 1, c 2 s ) follows a multinomial distribution with parameters c and (p,..., p, 1 2 s p). It then follows from standard results on the multinomial distribution that, for each 0 i < 2 s, the random variable c i follows a binomial distribution with mean cp and variance cp(1 p). The covariance between c i and c j is small and we may treat the first 2 s values c i as independent identically distributed random variables.

16 Refining the Basic Attack V We have, for any real number a: Pr[c i cp a] > 1 e a2 /2pc Under our assumption that the c i may be treated as independent random variables, we then have: Pr[ 2 /2pc ) 2s. 0 i<2 s c i cp a] > (1 e a Setting a = m and c = 2m/p, we then obtain: Pr[ 0 i<2 s c i m] > (1 e m/4p ) 2 s 1 2 s e m/4p 1 n t e m/4p. The algorithm terminates with high probability if the main loop is executed c = 2m/p times.

17 A concrete example We take n = 512 (so d = 9) and t = 8 which are the concrete suggested parameters by Chen et al. We select s = 4 and m = 0.5(2 d s ) 2 = 2 9. For these parameters, we have p = Our attack requires 2m/p = evaluations of H 0, and m2 s = 2 13 key extraction queries to build 2 s = 16 sets of 2 9 equations in 32 variables. The complexity of solving the 16 systems of equations is = 2 30 field operations.

18 Minimising key extractions We again take n = 512 (so d = 9) and t = 8. We select s = 6 and m = 9. Our attack requires evaluations of H key extraction queries and field operations to recover the master secret key of the scheme.

19 Conclusion To achieve 80-bit security against the simple attack one needs at least n = In that case, solving the system of equations would cost n 6 = = 2 84 finite field operations. With such parameters the master public key mpk would have a size of /8 = 320kb. However, this variant would still be vulnerable to the refined attacks. For example, if we were to pick s = 4, we would need evaluations of H 0, 2 23 key extraction queries and just 2 31 field operations in the Gröbner basis step. We conclude that the scheme does not offer an attractive trade-off between security and efficiency.

20 Thank you for your attention Questions?

### Fuzzy Identity-Based Encryption

Fuzzy Identity-Based Encryption Janek Jochheim June 20th 2013 Overview Overview Motivation (Fuzzy) Identity-Based Encryption Formal definition Security Idea Ingredients Construction Security Extensions

### Certificate Based Signature Schemes without Pairings or Random Oracles

Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying

### Key Privacy for Identity Based Encryption

Key Privacy for Identity Based Encryption Internet Security Research Lab Technical Report 2006-2 Jason E. Holt Internet Security Research Lab Brigham Young University c 2006 Brigham Young University March

### Functional Encryption. Lecture 27

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data,

### Identity-Based Encryption from the Weil Pairing

Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages

### Midterm Exam Solutions CS161 Computer Security, Spring 2008

Midterm Exam Solutions CS161 Computer Security, Spring 2008 1. To encrypt a series of plaintext blocks p 1, p 2,... p n using a block cipher E operating in electronic code book (ECB) mode, each ciphertext

### CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher

Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

### Message Authentication Code

Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44

### Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

### New Efficient Searchable Encryption Schemes from Bilinear Pairings

International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang

### Introduction to Security Proof of Cryptosystems

Introduction to Security Proof of Cryptosystems D. J. Guan November 16, 2007 Abstract Provide proof of security is the most important work in the design of cryptosystems. Problem reduction is a tool to

### 1 Pseudorandom Permutations

Theoretical Foundations of Cryptography Lecture 9 Georgia Tech, Spring 2010 PRPs, Symmetric Encryption 1 Pseudorandom Permutations Instructor: Chris Peikert Scribe: Pushkar Tripathi In the first part of

### An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and

### Secure Computation Martin Beck

Institute of Systems Architecture, Chair of Privacy and Data Security Secure Computation Martin Beck Dresden, 05.02.2015 Index Homomorphic Encryption The Cloud problem (overview & example) System properties

### Identity-Based Encryption: A 30-Minute Tour. Palash Sarkar

Identity-Based Encryption: A 30-Minute Tour Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in Palash Sarkar (ISI, Kolkata) IBE: Some Issues ISI, Kolkata,

### Attribute-Based Cryptography. Lecture 21 And Pairing-Based Cryptography

Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography 1 Identity-Based Encryption 2 Identity-Based Encryption In PKE, KeyGen produces a random (PK,SK) pair 2 Identity-Based Encryption

### MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial

### The application of prime numbers to RSA encryption

The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

### Introduction. Digital Signature

Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

### Strengthen RFID Tags Security Using New Data Structure

International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

### Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet

### Cryptography. Identity-based Encryption. Jean-Sébastien Coron and David Galindo. May 15, 2014. Université du Luxembourg

Identity-based Encryption Université du Luxembourg May 15, 2014 Summary Identity-Based Encryption (IBE) What is Identity-Based Encryption? Difference with conventional PK cryptography. Applications of

### Threshold Identity Based Encryption Scheme without Random Oracles

WCAN 2006 Threshold Identity Based Encryption Scheme without Random Oracles Jin Li School of Mathematics and Computational Science Sun Yat-sen University Guangzhou, P.R. China Yanming Wang Lingnan College

### Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

### Lecture 15 - Digital Signatures

Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.

### Network Security. Chapter 6 Random Number Generation. Prof. Dr.-Ing. Georg Carle

Network Security Chapter 6 Random Number Generation Prof. Dr.-Ing. Georg Carle Chair for Computer Networks & Internet Wilhelm-Schickard-Institute for Computer Science University of Tübingen http://net.informatik.uni-tuebingen.de/

### Network Security. Chapter 6 Random Number Generation

Network Security Chapter 6 Random Number Generation 1 Tasks of Key Management (1)! Generation:! It is crucial to security, that keys are generated with a truly random or at least a pseudo-random generation

### Paillier Threshold Encryption Toolbox

Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created

### Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian

### An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood

An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of public-key cryptography is its dependence on a public-key infrastructure

### Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen - Huawei, Singapore Ye Zhang - Pennsylvania State University, USA Siu Ming

### Index Calculation Attacks on RSA Signature and Encryption

Index Calculation Attacks on RSA Signature and Encryption Jean-Sébastien Coron 1, Yvo Desmedt 2, David Naccache 1, Andrew Odlyzko 3, and Julien P. Stern 4 1 Gemplus Card International {jean-sebastien.coron,david.naccache}@gemplus.com

### CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

### Applied Cryptography Public Key Algorithms

Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin

### CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

### Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies

### Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

### Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella

Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by

### Lecture 3: One-Way Encryption, RSA Example

ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

### Victor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract

Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart

### Fast Batch Verification for Modular Exponentiation and Digital Signatures

An extended abstract of this paper appears in Advances in Cryptology Eurocrypt 98 Proceedings, Lecture Notes in Computer Science Vol. 1403, K. Nyberg ed., Springer-Verlag, 1998. This is the full version.

### Identity-based encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012

Identity-based encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012 Identity-based encryption Public-key encryption, where public key = name

### Lecture 5 - CPA security, Pseudorandom functions

Lecture 5 - CPA security, Pseudorandom functions Boaz Barak October 2, 2007 Reading Pages 82 93 and 221 225 of KL (sections 3.5, 3.6.1, 3.6.2 and 6.5). See also Goldreich (Vol I) for proof of PRF construction.

### Key Refreshing in Identity-based Cryptography and its Application in MANETS

Key Refreshing in Identity-based Cryptography and its Application in MANETS Shane Balfe, Kent D. Boklan, Zev Klagsbrun and Kenneth G. Paterson Royal Holloway, University of London, Egham, Surrey, TW20

### Asymmetric Encryption. With material from Jonathan Katz, David Brumley, and Dave Levin

Asymmetric Encryption With material from Jonathan Katz, David Brumley, and Dave Levin Warmup activity Overview of asymmetric-key crypto Intuition for El Gamal and RSA And intuition for attacks Digital

### 1 Message Authentication

Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

### Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

### CS 4803 Computer and Network Security

pk CA User ID U, pk U CS 4803 Computer and Network Security Verifies the ID, picks a random challenge R (e.g. a message to sign) R I want pk U Alexandra (Sasha) Boldyreva PKI, secret key sharing, implementation

### A Factoring and Discrete Logarithm based Cryptosystem

Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

### A New Approach for Algebraically Homomorphic Encryption

A New Approach for Algebraically Homomorphic Encryption Joint work with Ahmad Reza Sadeghi, supported by the EU project SPEED Frederik Armknecht Group for Cryptographic Mechanisms and Security Models Horst

### An Introduction to the RSA Encryption Method

April 17, 2012 Outline 1 History 2 3 4 5 History RSA stands for Rivest, Shamir, and Adelman, the last names of the designers It was first published in 1978 as one of the first public-key crytographic systems

### International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

### Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,

### Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring

Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2

### Computer Science 308-547A Cryptography and Data Security. Claude Crépeau

Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)

### 3-6 Toward Realizing Privacy-Preserving IP-Traceback

3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems

### IEEE Draft P1363.3. Identity Based Public Key Cryptography Based On Pairings. Daniel Schliebner. 14. Dezember 2009

Identity Based Public Key Cryptography Based On Pairings 14. Dezember 2009 Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion About The Headline Identity

### Homomorphic Encryption from Ring Learning with Errors

Homomorphic Encryption from Ring Learning with Errors Michael Naehrig Technische Universiteit Eindhoven michael@cryptojedi.org joint work with Kristin Lauter (MSR Redmond) Vinod Vaikuntanathan (University

### FUZZY CLUSTERING ANALYSIS OF DATA MINING: APPLICATION TO AN ACCIDENT MINING SYSTEM

International Journal of Innovative Computing, Information and Control ICIC International c 0 ISSN 34-48 Volume 8, Number 8, August 0 pp. 4 FUZZY CLUSTERING ANALYSIS OF DATA MINING: APPLICATION TO AN ACCIDENT

### The Feasibility of SET-IBS and SET-IBOOS Protocols in Cluster-Based Wireless Sensor Network

The Feasibility of SET-IBS and SET-IBOOS Protocols in Cluster-Based Wireless Sensor Network R.Anbarasi 1, S.Gunasekaran 2 P.G. Student, Department of Computer Engineering, V.S.B Engineering College, Karur,

### MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public

### CCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction

International Journal of Network Security, Vol.16, No.3, PP.174-181, May 2014 174 CCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction Min Zhou 1, Mingwu Zhang 2, Chunzhi

### Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

Security Aspects of Database Outsourcing Dec, 2012 Vahid Khodabakhshi Hadi Halvachi Security Aspects of Database Outsourcing Security Aspects of Database Outsourcing 2 Outline Introduction to Database

### Data Security in Unattended Wireless Sensor Network

Data Security in Unattended Wireless Sensor Network Roberto Di Pietro UNESCO Chair in Data Privacy Di Ma UCI Prof. Luigi Mancini Università di Roma La Sapienza Claudio Soriente UCI Angelo Spognardi INRIA

### Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

### Introduction to Cryptography CS 355

Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru

### Secure Cloud Storage Meets with Secure Network Coding

Secure Cloud Storage Meets with Secure Network Coding Fei Chen Department of Computer Science and Engineering, Chinese University of Hong Kong, N.T., Hong Kong fchen@cse.cuhk.edu.hk Tao Xiang College of

### EFFICIENT ROOT FINDING OF POLYNOMIALS OVER FIELDS OF CHARACTERISTIC 2

EFFICIENT ROOT FINDING OF POLYNOMIALS OVER FIELDS OF CHARACTERISTIC 2 Vincent Herbert (Joint work with Bhaskar Biswas) WEWoRC 2009 INRIA Paris Rocquencourt V. Herbert (WEWoRC 2009) SECRET Project Team

### Signature Amortization Technique for Authenticating Delay Sensitive Stream

Signature Amortization Technique for Authenticating Delay Sensitive Stream M Bruntha 1, Dr J. Premalatha Ph.D. 2 1 M.E., 2 Professor, Department of Information Technology, Kongu Engineering College, Perundurai,

### A NOVEL APPROACH FOR VERIFIABLE SECRET SHARING BY USING A ONE WAY HASH FUNCTION

A NOVEL APPROACH FOR VERIFIABLE SECRET SHARING BY Abstract USING A ONE WAY HASH FUNCTION Keyur Parmar & Devesh Jinwala Sardar Vallabhbhai National Institute of Technology, Surat Email : keyur.beit@gmail.com

### Multi-Input Functional Encryption for Unbounded Arity Functions

Multi-Input Functional Encryption for Unbounded Arity Functions Saikrishna Badrinarayanan, Divya Gupta, Abhishek Jain, and Amit Sahai Abstract. The notion of multi-input functional encryption (MI-FE) was

MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and

### Certificateless Cryptography II

ICE-EM RNSA 2007 Workshop on Pairing Based Cryptography 1 Certificateless Cryptography II Kenny Paterson kenny.paterson@rhul.ac.uk June 2007 ICE-EM RNSA 2007 Workshop on Pairing Based Cryptography 2 Recapitulation

### Some Identity Based Strong Bi-Designated Verifier Signature Schemes

Some Identity Based Strong Bi-Designated Verifier Signature Schemes Sunder Lal and Vandani Verma Department of Mathematics, Dr. B.R.A. (Agra), University, Agra-282002 (UP), India. E-mail- sunder_lal2@rediffmail.com,

### QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)

### PUBLIC KEY ENCRYPTION

PUBLIC KEY ENCRYPTION http://www.tutorialspoint.com/cryptography/public_key_encryption.htm Copyright tutorialspoint.com Public Key Cryptography Unlike symmetric key cryptography, we do not find historical

### CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.

### Security Analysis for Order Preserving Encryption Schemes

Security Analysis for Order Preserving Encryption Schemes Liangliang Xiao University of Texas at Dallas Email: xll052000@utdallas.edu Osbert Bastani Harvard University Email: obastani@fas.harvard.edu I-Ling

### Information Security Theory vs. Reality

Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 14: More on vulnerability and exploits, Fully homomorphic encryption Eran Tromer Slides credit: Vinod Vaikuntanathan (U. Toronto)

### Notes on Network Security Prof. Hemant K. Soni

Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

### Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm

Error oracle attacks and CBC encryption Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Agenda 1. Introduction 2. CBC mode 3. Error oracles 4. Example 1 5. Example 2 6. Example 3 7. Stream ciphers

### Hybrid Signcryption Schemes with Insider Security (Extended Abstract)

Hybrid Signcryption Schemes with Insider Security (Extended Abstract) Alexander W. Dent Royal Holloway, University of London Egham Hill, Egham, Surrey, TW20 0EX, U.K. a.dent@rhul.ac.uk http://www.isg.rhul.ac.uk/~alex/

### Stream Ciphers. Example of Stream Decryption. Example of Stream Encryption. Real Cipher Streams. Terminology. Introduction to Modern Cryptography

Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function

### Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

### Lecture 9 - Message Authentication Codes

Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,

### Data Mining and Data Warehousing. Henryk Maciejewski. Data Mining Predictive modelling: regression

Data Mining and Data Warehousing Henryk Maciejewski Data Mining Predictive modelling: regression Algorithms for Predictive Modelling Contents Regression Classification Auxiliary topics: Estimation of prediction

### The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm

The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm Maria D. Kelly December 7, 2009 Abstract The RSA algorithm, developed in 1977 by Rivest, Shamir, and Adlemen, is an algorithm

### Algorithms, Integers

CHAPTER 3 Algorithms, Integers 3.1. Algorithms Consider the following list of instructions to find the maximum of three numbers a, b, c: 1. Assign variable x the value of a. 2. If b > x then assign x the

### Discrete Mathematics: Homework 7 solution. Due: 2011.6.03

EE 2060 Discrete Mathematics spring 2011 Discrete Mathematics: Homework 7 solution Due: 2011.6.03 1. Let a n = 2 n + 5 3 n for n = 0, 1, 2,... (a) (2%) Find a 0, a 1, a 2, a 3 and a 4. (b) (2%) Show that

### CS Computer and Network Security: Applied Cryptography

CS 5410 - Computer and Network Security: Applied Cryptography Professor Patrick Traynor Spring 2016 Reminders Project Ideas are due on Tuesday. Where are we with these? Assignment #2 is posted. Let s get

### A Performance Analysis of Identity-Based Encryption Schemes

A Performance Analysis of Identity-Based Encryption Schemes Pengqi Cheng, Yan Gu, Zihong Lv, Jianfei Wang, Wenlei Zhu, Zhen Chen, Jiwei Huang Tsinghua University, Beijing, 084, China Abstract We implemented

### Lecture 2: Complexity Theory Review and Interactive Proofs

600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography

### SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

International Journal of Computer Network and Security(IJCNS) Vol 7. No.1 2015 Pp. 1-8 gopalax Journals, Singapore available at : www.ijcns.com ISSN: 0975-8283 ----------------------------------------------------------------------------------------------------------------------------------------------------------

### Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative

### Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

### Towards High Security and Fault Tolerant Dispersed Storage System with Optimized Information Dispersal Algorithm

Towards High Security and Fault Tolerant Dispersed Storage System with Optimized Information Dispersal Algorithm I Hrishikesh Lahkar, II Manjunath C R I,II Jain University, School of Engineering and Technology,

### Partial Fractions. Combining fractions over a common denominator is a familiar operation from algebra:

Partial Fractions Combining fractions over a common denominator is a familiar operation from algebra: From the standpoint of integration, the left side of Equation 1 would be much easier to work with than