Chik How Tan

Analysis and enhancement of random number generator in FPGA based on oscillator rings

A true random number generator (TRNG) is an important component in cryptographic systems. Designing a fast and secure TRNG in an FPGA is a challenging task. In this paper, we analyze the TRNG designed by Sunar et al. (2007) based on XOR of the outputs of several oscillator rings. We propose an enhanced TRNG with better randomness characteristics that does not require postprocessing and passes the statistical tests. We have shown by experiment that the frequencies of the equal length oscillator rings in the TRNG are not identical. The difference is due to the placement of the inverters in the FPGA and the resulting routing between the inverters. We have implemented our proposed TRNG in an Altera Cyclone II FPGA. Our implementation has passed the NIST and DIEHARD statistical tests with a throughput of 100 Mbps and with a usage of less than 100 logic elements in the FPGA. The restart experiments have shown that the output from our TRNG behaves truly random and not pseudorandom.

Certificateless authenticated two-party key agreement protocols

In their seminal paper on certificateless public key cryptography, Al-Riyami and Paterson (AP) proposed a certificateless authenticated key agreement protocol. Key agreement protocols are one of the fundamental primitives of cryptography, and allow users to establish session keys securely in the presence of an active adversary. APs protocol essentially requires each party to compute four bilinear pairings. Such operations can be computationally expensive, and should therefore be used moderately in key agreement. In this paper, we propose a new certificateless authenticated two-party key agreement protocol that only requires each party to compute two pairings. We analyze the security of the protocol and show that it achieves the desired security attributes. Furthermore, we show that our protocol can be used to establish keys between users of different key generation centers.

Probabilistic public key encryption with equality test

We present a (probabilistic) public key encryption (PKE) scheme such that when being implemented in a bilinear group, anyone is able to check whether two ciphertexts are encryptions of the same message. Interestingly, bilinear map operations are not required in key generation, encryption or decryption procedures of the PKE scheme, but is only required when people want to do an equality test (on the encrypted messages) between two ciphertexts that may be generated using different public keys. We show that our PKE scheme can be used in different applications such as searchable encryption and partitioning encrypted data. Moreover, we show that when being implemented in a non-bilinear group, the security of our PKE scheme can be strengthened from One-Way CCA to a weak form of IND-CCA.

Constructing Differentially 4-Uniform Permutations Over

Many block ciphers use permutations defined on F(22k ) with low differential uniformity, high nonlinearity, and high algebraic degree as their S-boxes to provide confusion. It is well known that, for a function on F(2n), the lowest differential uniformity is 2 and the functions achieving this lower bound are called almost perfect nonlinear (APN) functions. However, due to the lack of knowledge on APN permutations on F(22k ), differentially 4-uniform permutations are usually chosen as S-boxes. For example, the currently endorsed Advanced Encryption Standard chooses one such function, the multiplicative inverse function, as its S-box. By a recent survey on differentially 4-uniform permutations over F(22k ), there are only five known infinite families of such functions, and most of them have small algebraic degrees. In this paper, we apply the powerful switching method to discover many CCZ-inequivalent infinite families of such functions on F(22k ) with optimal algebraic degree, where k is an arbitrary positive integer. This greatly expands the list of differentially 4-uniform permutations and hence provide more choices for the S-boxes. Furthermore, lower bounds for the nonlinearity of the functions obtained in this paper are presented and they imply that some infinite families have high nonlinearity.

{\BBF}_{2^{2k}}

Abstract Differentially 4 uniform permutations with high nonlinearity on fields of even degree are crucial to the design of S-boxes in many symmetric cryptographic algorithms. Until now, there are not many known such functions and all functions known are power functions. In this paper, we construct the first class of binomial differentially 4 uniform permutations with high nonlinearity on F 2 6 m , where m is an odd integer. This result gives a positive answer to an open problem proposed in Bracken and Leander (2010) [7] .

via the Switching Method

A true random number generator (TRNG) is an important component in cryptographic systems. Designing a fast and secure TRNG in an FPGA is a challenging task. In this paper we analyze the TRNG designed by Sunar et al. based on XOR of the outputs of many oscillator rings. We propose an enhanced TRNG that does not require post-processing to pass statistical tests and with better randomness characteristics on the output. We have shown by experiment that the frequencies of the equal length oscillator rings in the TRNG are not identical but different due to the placement of the inverters in the FPGA. We have implemented our proposed TRNG in an Altera Cyclone II FPGA. Our implementation has passed the NIST and DIEHARD statistical tests with a throughput of 100 Mbps and with a usage of less than 100 logic elements in the FPGA.

Binomial differentially 4 uniform permutations with high nonlinearity

In certificateless cryptography, a user secret key is derived from two partial secrets: one is the identity-based secret key (corresponding to the user identity) generated by a Key Generation Center (KGC), and the other is the user self-generated secret key (corresponding to a user self-generated and uncertified public key). Two types of adversaries are considered for certificateless cryptography: a Type-I adversary who can replace the user self-generated public key (in transmission or in a public directory), and a Type-II adversary who is an honest-but-curious KGC. In this paper, we present a formal study on certificateless key exchange (CLKE). We show that the conventional definition of Type-I and Type-II security may not be suitable for certificateless key exchange when considering the notion of forward secrecy which is important for key exchange protocols. We then present a new security model in which a single adversary (instead of Type-I and Type-II adversaries) is considered. We also construct a strongly secure certificateless key exchange protocol without expensive pairing operations. As far as we know, our proposed protocol is the first proven secure CLKE protocol without pairing.

Analysis and Enhancement of Random Number Generator in FPGA Based on Oscillator Rings

Wireless ad hoc networks are gaining popularity as these networks are self organizing without requiring fixed infrastructure such as servers or access points. Nodes in wireless ad hoc networks are typically low-power devices and in some large scale ad hoc networks such as wireless sensor networks (WSNs), there might be tens of thousands of low-power energy constrained nodes in the network. In order to secure group communication for a wireless ad hoc network, the low-power nature of the nodes and the network size has to be taken into consideration. In this paper, we propose an energy-efficient and scalable group key agreement (GKA) scheme for wireless ad hoc networks, which uses a generalized circular hierarchical (C-H) group model, where the network is partitioned into subgroups at

Strongly secure certificateless key exchange without pairing

h

Energy-efficient and scalable group key agreement for large ad hoc networks

different layers and each subgroup is arranged in a circle. Next, we describe the computational and communication energy analysis of a typical node found in ad hoc networks and provide some formulas that can be used to calculate the energy consumption costs for protocols implemented using different microprocessors and radio transceiver modules. A complexity analysis and energy consumption costs analysis conclude that our proposed scheme is the most energy-efficient and scalable GKA scheme as compared to three other GKA protocols.