Syh-Yuan Tan

Java implementation for pairing-based cryptosystems

We present a Java implementation for Tate pairing over the supersingular curve y2=x3+x in

On the Security of an Attribute-Based Signature Scheme

\mathbb{F}_p

Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage

. We show some available optimisations for group operations by manipulating the mathematical equations. Besides, we also show that it is easy to hash a string into a point for our chosen parameters. A variant of Java’s BigInteger data type, namely CpxBigInteger is created to serve equation with complex number and the Java data types are constructed: Curve, Point and Line based on CpxBigInteger. Using these data types and J2SE JDK 1.6.0_02, we implement BLS identity-based identification (IBI) scheme, which is the first rigorously defined pairing-based IBI scheme. The timings show that the Tate pairing took only 133.12 milliseconds.

An implementation of enhanced public key infrastructure

In ISA 2008, Guo and Zeng proposed an attribute-based signature (ABS) scheme. They claimed that their ABS scheme is existentially unforgeable under adaptive chosen-message attack based on the strong extended Diffe-Hellman (EDH) assumption. In this paper, we show that Guo and Zeng’s attribute-based signature scheme is vulnerable to the partial key replacement attack.

Cryptanalysis of a CP-ABE scheme with policy in normal forms

Ensuring the cloud data security is a major concern for corporate cloud subscribers and in some cases for the private cloud users. Confidentiality of the stored data can be managed by encrypting the data at the client side before outsourcing it to the remote cloud storage server. However, once the data is encrypted, it will limit server’s capability for keyword search since the data is encrypted and server simply cannot make a plaintext keyword search on encrypted data. But again we need the keyword search functionality for efficient retrieval of data. To maintain user’s data confidentiality, the keyword search functionality should be able to perform over encrypted cloud data and additionally it should not leak any information about the searched keyword or the retrieved document. This is known as privacy preserving keyword search. This paper aims to study privacy preserving keyword search over encrypted cloud data. Also, we present our implementation of a privacy preserving data storage and retrieval system in cloud computing. For our implementation, we have chosen one of the symmetric key primitives due to its efficiency in mobile environments. The implemented scheme enables a user to store data securely in the cloud by encrypting it before outsourcing and also provides user capability to search over the encrypted data without revealing any information about the data or the query.

Reset-Secure Identity-Based Identification Schemes Without Pairings

In this paper, we present the implementation of an enhanced public key infrastructure (PKI) which supports not only conventional public key cryptography (PKC) but also identity-based cryptography (IBC). In addition, we discuss the possible way of placing together IBC and PKI as well as solving the problems of user secret key revocation of PKI and IBC. As a proof of concept, an IBC framework is incorporated into Enterprise Java Bean Certified Authority (EJBCA) and the performance is reported.

A Client-Server Prototype of a Symmetric Key Searchable Encryption Scheme Using Open-Source Applications

In 2013, Rao and Dutta constructed an efficient attribute based access control mechanism for vehicular ad hoc network (VANET) based on a newly proposed ciphertext-policy attribute-based encryption (CP-ABE) scheme. As the CP-ABE scheme views access policy in normal forms, the length of ciphertext is independent against the number of attributes in the policy besides having constant number of pairing operations for both encryption and decryption functions. In this paper, we cryptanalyze Rao and Duttas CP-ABE scheme by mounting a chosen plaintext attack to demonstrate that a registered node in VANET can (eavesdrop the conversation to) decrypt a ciphertext with unsatisfied disjunctive normal form policy. Since the security of Rao and Duttas proposed attribute based access control mechanism for VANET relies on the proposed CP-ABE scheme, our attack indicates that the proposed access control mechanism is insecure. Subsequently, the root cause of the attack and possible solutions are presented to serve as important remarks in designing a secure CP-ABE scheme. We cryptanalyzed Rao and Duttas CP-ABE scheme by mounting a CPA.A registered node in VANET can decrypt a ciphertext with unsatisfied DNF policy.Root cause of the attack exists in all CP-ABE schemes with normal forms policy.We propose a solution to serve as remarks in designing a secure CP-ABE scheme.

Implementation of a Conditional Searchable Encryption System for Data Storage

Identity-based identification IBI schemes are generally insecure against reset attacks since they are commonly constructed from three-move

Fuzzy Identity-Based Identification Scheme

\varSigma