Ik Rae Jeong

One-Round Protocols for Two-Party Authenticated Key Exchange

Cryptographic protocol design in a two-party setting has of tel ignored the possibility of simultaneous message transmission by each of the two parties (i.e., using a duplex channel). In particular, most protocols for two-party key exchange have been designed assuming that parties alternate sending their messages (i.e., assuming a bidirectional half-duplex channel). However, by taking advantage of the communication characteristics of the network it may be possible to design protocols with improved latency. This is the focus of the present work. We present three provably-secure protocols for two-party authenticated key exchange (AKE) which require only a single round. Our first, most efficient protocol provides key independence but not forward secrecy. Our second scheme additionally provides forward secrecy but requires some additional computation. Security of these two protocols is analyzed in the random oracle model. Our final protocol provides the same strong security guarantees as our second protocol, but is proven secure in the standard model. This scheme is only slightly less efficient (from a computational perspective) than the previous ones. Our work provides the first provably- secure one-round protocols for two-party AKE which achieve forward secrecy.

Password-Authenticated Key Exchange between Clients with Different Passwords

Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.

Constructing PEKS schemes secure against keyword guessing attacks is possible

Byun et al. suggested keyword guessing attacks and showed that some PEKS (public-key encryption with keyword search) schemes are not secure to keyword guessing attacks, when the number of possible keywords is bounded by some polynomial. Abdalla et al. showed that robust PEKS schemes should satisfy consistency which ensures the PEKS schemes fulfil their functions. In the paper, we show a negative result about the open problem to construct secure PEKS schemes against keyword guessing attacks. Our result shows that consistency implies insecurity to keyword guessing attacks in PEKS. This means that constructing secure and consistent PEKS schemes against keyword guessing attacks is impossible, when the number of possible keywords is bounded by some polynomial.

Efficient verifier-based password-authenticated key exchange in the three-party setting

In the last few years, researchers have extensively studied the password-authenticated key exchange (PAKE) in the three-party setting. The fundamental security goal of PAKE is security against dictionary attacks. The protocols for verifier-based PAKE are additionally required to be secure against server compromise. Some verifier-based PAKE schemes in the three-party setting have been suggested to solve the server compromise problem. Unfortunately, the protocols are vulnerable to an off-line dictionary attack. In this paper, we present an efficient verifier-based PAKE protocol for three-parties that is secure against known-key attacks and provides forward secrecy. To the best of our knowledge, the proposed protocol is the first secure three-party verifier-based PAKE protocol in the literature.

Identity-based proxy signature from lattices

Most of the provably-secure proxy signature schemes rely on the average-case hardness problems such as the integer factorization problems and the discrete logarithm problems. Therefore, those schemes are insecure to quantum analysis algorithms, since there exist quantum algorithms efficiently solving the factorization and logarithm problems. To make secure proxy signature schemes against quantum analysis, some lattice-based proxy signature schemes are suggested. However, none of the suggested lattice-based proxy signature schemes is proxy-protected in the adaptive security model. In the paper, we propose a provably-secure ID-based proxy signature scheme based on the lattice problems. Our scheme is proxy-protected in the adaptive security model.

A diffie-hellman key exchange protocol without random oracles

The MQV protocol of Law, Menezes, Qu, Slinas and Vanstone has been regarded as the most efficient authenticated Diffie-Hellman key exchange protocol, and standardized by many organizations including the US NSA. In Crypto 2005, Hugo Krawczyk showed vulnerabilities of MQV to several attacks and suggested a hashed variant of MQV, called HMQV, which provides the same superb performance of MQV and provable security in the random oracle model. In this paper we suggest an efficient authenticated Diffie-Hellman key exchange protocol providing the same functionalities and security of HMQV without random oracles. There exist some provably secure key exchange schemes using signatures in the standard model, but all of the schemes do not provide the same level of security of HMQV. So far there are no authenticated Diffie-Hellman protocols which are proven secure in the standard model and achieve the same level of security goals of HMQV efficiently yet. Dispensing of random oracles in our protocol does not require any expensive signature and encryption schemes.

Strong Diffie-Hellman-DSA Key Exchange

To provide authentication to the Diffie-Hellman key exchange, a few integrated key exchange schemes which provide authentication using the DSA signature have been proposed in the literature. In this letter we point out that all of the previous Diffie-Hellman-DSA schemes do not provide security against session state reveal attacks. We also suggest a strong Diffie-Hellman-DSA scheme providing security against session state reveal attacks as well as forward secrecy and key independence

Efficient secret broadcast in the broadcasting networks

One of the basic problems in the broadcasting networks is a secret broadcast problem. The problem is how to securely send a message to the receivers while guaranteeing consistency. Consistency means that each receiver can assure that all of the receivers have received the same message. In other words, secret broadcast guarantees that a sender cannot broadcast a secret message to the receivers in a way that each receiver receives a different secret message. In the paper, we suggest an efficient secret broadcast scheme using binding encryption in the broadcasting networks.

Scalable hierarchical identity-based signature scheme from lattices

Unsupervised methods for image segmentation are recently drawing attention because most images do not have labels or tags. A topic model is such an unsupervised probabilistic method that captures latent aspects of data, where each latent aspect, or a topic, is associated with one homogeneous region. The results of topic models, however, usually have noises, which decreases the overall segmentation performance. In this paper, to improve the performance of image segmentation using topic models, we propose two topic masks applicable to topic assignments of homogeneous regions obtained from topic models. The topic masks capture the noises among the assigned topic assignments or topic labels, and remove the noises by replacements, just like image masks for pixels. However, as the nature of topic assignments is different from image pixels, the topic masks have properties that are different from the existing image masks for pixels. There are two contributions of this paper. First, the topic masks can be used to reduce the noises of topic assignments obtained from topic models for image segmentation tasks. Second, we test the effectiveness of the topic masks by applying them to segmented images obtained from the Latent Dirichlet Allocation model and the Spatial Latent Dirichlet Allocation model upon the MSRC image dataset. The empirical results show that one of the masks successfully reduces the topic noises.

Ring Signature with Weak Linkability and Its Applications

We suggest a linkable ring signature scheme providing strong anonymity and weak linkability. We show that our linkable ring signature scheme can be used to construct a selectively linkable ring signature scheme, an efficient convertible (verifiable) ring signature scheme, and an efficient deductible ring signature scheme.