Aaram Yun

Batch Fully Homomorphic Encryption over the Integers

We extend the fully homomorphic encryption scheme over the integers of van Dijk et al.(DGHV) into a batch fully homomorphic encryption scheme, i.e. to a scheme that supports encrypting and homomorphically processing a vector of plaintexts as a single ciphertext.

Measuring the mixing time of social graphs

Social networks provide interesting algorithmic properties that can be used to bootstrap the security of distributed systems. For example, it is widely believed that social networks are fast mixing, and many recently proposed designs of such systems make crucial use of this property. However, whether real-world social networks are really fast mixing is not verified before, and this could potentially affect the performance of such systems based on the fast mixing property. To address this problem, we measure the mixing time of several social graphs, the time that it takes a random walk on the graph to approach the stationary distribution of that graph, using two techniques. First, we use the second largest eigenvalue modulus which bounds the mixing time. Second, we sample initial distributions and compute the random walk length required to achieve probability distributions close to the stationary distribution. Our findings show that the mixing time of social graphs is much larger than anticipated, and being used in literature, and this implies that either the current security systems based on fast mixing have weaker utility guarantees or have to be less efficient, with less security guarantees, in order to compensate for the slower mixing.

A simple variant of the Merkle-Damgård scheme with a permutation

We propose a new composition scheme for hash functions. It is a variant of the Merkle-Damgard construction with a permutation applied right before the processing of the last message block. We analyze the security of this scheme using the indifferentiability formalism, which was first adopted by Coron et al. to the analysis of hash functions. And we study the security of simple MAC constructions out of this scheme. Finally, we also discuss the random oracle indifferentiability of this scheme with a double-block-length compression function or the Davies-Meyer compression function composed of a block cipher.

On protecting integrity and confidentiality of cryptographic file system for outsourced storage

A cryptographic network file system has to guarantee confidentiality and integrity of its files, and also it has to support random access. For this purpose, existing designs mainly rely on(often ad-hoc) combination of Merkle hash tree with a block cipher mode of encryption. In this paper, we propose a new design based on a MAC tree construction which uses a universal-hash based stateful MAC. This new design enables standard model security proof and also better performance compared with Merkle hash tree. We formally define the security notions for file encryption and prove that our scheme provides both confidentiality and integrity. We implement our scheme in coreFS, a user-level network file system, and evaluate the performance in comparison with the standard design. Experimental results confirm that our construction provides integrity protection at a smaller cost.

A Simple Variant of the Merkle–Damgård Scheme with a Permutation

We propose a new composition scheme for hash functions. It is a variant of the Merkle–Damgård construction with a permutation applied right before the processing of the last message block. We analyze the security of this scheme using the indifferentiability formalism, which was first adopted by Coron et al. to the analysis of hash functions. We also study the security of simple MAC constructions out of this scheme. Finally, we discuss the random oracle indifferentiability of this scheme with a double-block-length compression function or the Davies–Meyer compression function composed of a block cipher.

Cryptanalysis of the full HAVAL with 4 and 5 passes

HAVAL is a cryptographic hash function with variable digest size proposed by Zheng, Pieprzyk and Seberry in 1992. It has three variants, 3-, 4-, and 5-pass HAVAL. Previous results on HAVAL suggested only practical collision attacks for 3-pass HAVAL. In this paper, we present collision attacks for 4 and 5 pass HAVAL. For 4-pass HAVAL, we describe two practical attacks for finding 2-block collisions, one with 243 computations and the other with 2 36 computations. In addition, we show that collisions for 5-pass HAVAL can be found with about 2 123 computations, which is the first attack more efficient than the birthday attack.

On Homomorphic Signatures for Network Coding

In this paper, we examine homomorphic signatures that can be used to protect the integrity of network coding. In particular, Yu et al. proposed an RSA-based homomorphic signature scheme recently for this purpose. We show that their scheme in fact does not satisfy the required homomorphic property, and further, even though it can be fixed easily, still it allows no-message forgery attacks.

CRT-based fully homomorphic encryption over the integers

In 1978, Rivest, Adleman and Dertouzos introduced the basic concept of privacy homomorphism that allows computation on encrypted data without decryption. It was an interesting work whose idea precedes the recent development of fully homomorphic encryption, although actual example schemes proposed in the paper are all susceptible to simple known-plaintext attacks.In this paper, we revisit one of their proposals, in particular the third scheme which is based on the Chinese Remainder Theorem and is ring homomorphic. It is known that only a single pair of known plaintext/ciphertext is needed to break this scheme. However, by exploiting the standard technique to insert an error to a message before encryption, we can cope with this problem. We present a secure modification of their proposal by showing that the proposed scheme is fully homomorphic and secure against the chosen plaintext attacks under the approximate GCD assumption and the sparse subset sum assumption when the message space is restricted to Z 2 k .Interestingly, the proposed scheme can be regarded as a generalization of the DGHV scheme with larger plaintext space. Our scheme has O ~ ( λ 5 ) ciphertext expansion overhead while the DGHV has O ~ ( λ 8 ) for the security parameter λ . When restricted to the homomorphic encryption scheme with depth of O ( log λ ) , the overhead is reduced to O ~ ( λ ) . Our scheme can be used in applications requiring a large message space Z Q for log Q = O ( λ 4 ) , or SIMD style operations on Z Q k for log Q = O ( λ ) , k = O ( λ 3 ) , with O ~ ( λ 5 ) ciphertext size as in the DGHV.

Collision search attack for 53-step HAS-160

HAS-160 is a cryptographic hash function which is designed and used widely in Korea. In ICISC 2005, Yun et al. presented a collision search attack for the first 45 steps of HAS-160. In this paper, we extend the result to the first 53 steps of HAS-160. The time complexity of the attack is about 255.

Finding collision on 45-step HAS-160

HAS-160 is a cryptographic hash function designed and used widely in Korea. While similar in structure to SHA-1, up to now there was no published attack or security analysis of the algorithm. Applying techniques introduced by Wang et al. [1], we have found collision in the first 45 steps of HAS-160, with complexity 212.