Mu-En Wu

Dual RSA and Its Security Analysis

We present new variants of an RSA whose key generation algorithms output two distinct RSA key pairs having the same public and private exponents. This family of variants, called dual RSA, can be used in scenarios that require two instances of RSA with the advantage of reducing the storage requirements for the keys. Two applications for dual RSA, blind signatures and authentication/secrecy, are proposed. In addition, we also provide the security analysis of dual RSA. Compared to normal RSA, the security boundary should be raised when applying dual RSA to the types of small-d, small-e, and rebalanced-RSA.

A communication-efficient private matching scheme in Client–Server model

Abstract In a Private Matching (PM) scheme, the client C has a dataset X of m elements, and the server S has a dataset Y of n elements. The client C can learn the set intersection X ∩ Y without leaking any information to the server S . Previously, the most efficient PM scheme requires communication of complexity O ∼ ( m + n ) , which increases linearly with n . This may not be efficient enough in Client–Server models because the server’s dataset Y is usually large. In this paper, we propose a PM scheme based on Oblivious Transfer (OT) and universal hash function. Our scheme requires communication of complexity O ∼ ( m · log 2 n ) . Thus, our scheme is especially suitable for Client–Server models. We show that our scheme becomes more efficient when log 2 ( mn ) 1 + Δ = O ∼ n m for security parameter Δ > 0 . However, utilizing the universal hash function would cause a mismatch issue which affects the accuracy of the PM scheme. In addition, it leaks the server’s information. Therefore, we define approximate PM by relaxing the definition of PM; it is proved to be almost as secure as a PM scheme in a Client–Server model with proper configurations.

Cryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits

LSBS-RSA denotes an RSA system with modulus primes, p and q , sharing a large number of least significant bits. In ISC 2007 , Zhao and Qi analyzed the security of short exponent LSBS-RSA. They claimed that short exponent LSBS-RSA is much more vulnerable to the lattice attack than the standard RSA. In this paper, we further raise the security boundary of the Zhao-Qi attack by considering another polynomial. Our improvemet supports the result of analogue Fermat factoring on LSBS-RSA, which claims that p and q cannot share more than

CRFID: An RFID system with a cloud database as a back-end server

\frac{n}{4}

Trading decryption for speeding encryption in Rebalanced-RSA

least significant bits, where n is the bit-length of pq . In conclusion, it is a trade-off between the number of sharing bits and the security level in LSBS-RSA. One should be more careful when using LSBS-RSA with short exponents.

Practical RSA signature scheme based on periodical rekeying for wireless sensor networks

Radio-frequency identification (RFID) systems can benefit from cloud databases since information on thousands of tags is queried at the same time. If all RFID readers in a system query a cloud database, data consistency can easily be maintained by cloud computing. Privacy-preserving authentication (PPA) has been proposed to protect RFID security. The time complexity for searching a cloud database in an RFID system is O(N), which is obviously inefficient. Fortunately, PPA uses tree structures to manage tags, which can reduce the complexity from a linear search to a logarithmic search. Hence, tree-based PPA provides RFID scalability. However, in tree-based mechanisms, compromise of a tag may cause other tags in the system to be vulnerable to tracking attacks. Here we propose a secure and efficient privacy-preserving RFID authentication protocol that uses a cloud database as an RFID server. The proposed protocol not only withstands desynchronizing and tracking attacks, but also provides scalability with O(logN) search complexity.

Using trading mechanisms to investigate large futures data and their implications to market trends

In 1982, Quisquater and Couvreur proposed an RSA variant, called RSA-CRT, based on the Chinese Remainder Theorem to speed up RSA decryption. In 1990, Wiener suggested another RSA variant, called Rebalanced-RSA, which further speeds up RSA decryption by shifting decryption costs to encryption costs. However, this approach essentially maximizes the encryption time since the public exponent e is generally about the same order of magnitude as the RSA modulus. In this paper, we introduce two variants of Rebalanced-RSA in which the public exponent e is much smaller than the modulus, thus reducing the encryption costs, while still maintaining low decryption costs. For a 1024-bit RSA modulus, our first variant (Scheme A) offers encryption times that are at least 2.6 times faster than that in the original Rebalanced-RSA, while the second variant (Scheme B) offers encryption times at least 3 times faster. In both variants, the decrease in encryption costs is obtained at the expense of slightly increased decryption costs and increased key generation costs. Thus, the variants proposed here are best suited for applications which require low costs in encryption and decryption.

A Robust and Flexible Access Control Scheme for Cloud-IoT Paradigm with Application to Remote Mobile Medical Monitoring

Broadcast is an efficient communication channel on wireless sensor networks. Through authentic broadcast, deployed sensors can perform legitimate actions issued by a base station. According to previous literature, a complete solution for authentic broadcast is digital signature based on asymmetric cryptography. However, asymmetric cryptography utilizes expensive operations, which result in computational bottlenecks. Among these cryptosystems, Elliptic Curve Cryptography (ECC) seems to be the most efficient and the most popular choice. Unfortunately, signature verification in ECC is not efficient enough. In this article, we propose an authentic broadcast scheme based on RSA. Unlike conventional approaches, the proposed scheme adopts short moduli to enhance performance. Meanwhile, the weakness of short moduli can be fixed with rekeying strategies. To minimize the rekeying overhead, a Multi-Modulus RSA generation algorithm, which can reduce communication overhead by 50%, is proposed. We implemented the proposed scheme on MICAz. On 512-bit moduli, each verification spends at most 0.077 seconds, which is highly competitive with other public-key cryptosystems.

On the Improvement of the BDF Attack on LSBS-RSA

Market trends have been one of the highly debated phenomena in the financial industries and academia. Prior works show the profitability in exploiting transactions via market trend quantification; on the other hand, traders’ behaviors and effects on the market trends can be better understood by market trend studies. In general, the trading strategies on the market trend include trend following strategies and contrarian strategies. Following the trend, trading strategies exploit the momentum effects. The momentum strategies profit in a long position with the rising market prices, as well as in a short position with the decreasing market prices. On the contrary, the view of contrarian trading strategy is based on the mean-reversion property, i.e., a long position is taken when the price moves down and a short position is taken when the price moves up. In this paper, we apply the stop-loss and stop-profit mechanisms to verify the market trends based on two new simple strategies, i.e., the BuyOp. strategy and the BuyHi.SellLo. strategy. We back-test these two strategies on the Taiwan Stock Exchange Capitalization Weighted Stock Index Futures (TAIEX Futures) during the period from May 25, 2010 to August 19, 2015. We compare the numerical results of its profits and losses through various stop-loss thresholds and stop-profit thresholds, and verify the existence of the momentum effect via applying these two new trading strategies. Besides, we analyze the market trends through the repeated simulations of random trades with the stop-loss and stop-profit mechanisms. Our numerical results reveal that there exist momentum effects in TAIEX Futures, which verifies the market inefficiency and the market profitability in exploiting the market inefficiency. In addition, the techniques of random trades are also applied to the other commodities, such as AAPL in NASDAQ, IBM, GOOG in NYSE, and, TSMC in TPE, and so on. Surprisingly, not all the stocks have the momentum effects. Our experimental results show that some stocks or markets are more suitable for the mean-reverse strategy. Finally, we propose a technique to quantify the momentum effect of a financial market by using Jensen–Shannon divergence.

A shareable keyword search over encrypted data in cloud computing

Cloud computing paradigm is becoming very popular these days. However, it does not include wireless sensors and mobile phones which are needed to enable new emerging applications such as remote home medical monitoring. Therefore, a combined Cloud-Internet of Things (IoT) paradigm provides scalable on-demand data storage and resilient computation power at the cloud side as well as anytime, anywhere health data monitoring at the IoT side. As both the privacy of personal medical data and flexible data access should be provided, the data in the Cloud are always encrypted and access control must be operated upon encrypted data together with being fine-grained to support diverse accessibility. Since a plain combination of encryption before access control is not robust and flexible, we propose a scheme with tailored design. The scheme makes use of cipher-policy attributes based encryption to empower robustness and flexibility. The scheme describes a general framework to solve the secure requirements, and leaves the flexibility of concrete constructions intentionally.