Wun-She Yap

An efficient certificateless signature scheme

Certificateless public key cryptography (CLPKC) is a paradi-gm to solve the inherent key escrow problem suffered by identity-based cryptography (IBC). While certificateless signature is one of the most important security primitives in CLPKC, there are relatively few proposed schemes in the literature. In this paper, we manage to construct an efficient certificateless signature scheme based on the intractability of the computational Diffie-Hellman problem. By using a shorter public key, two pairing computations can be saved in the verification algorithm. Besides, no pairing computation is needed in the signing algorithm. The proposed scheme is existential unforgeable in the random oracle model. We also present an extended construction whose trust level is the same as that of a traditional signature scheme.

Security Mediated Certificateless Signatures

In PKC 2006, Chow, Boyd and Gonzalez Neito introduced the notion of security mediated certificateless (SMC) cryptography. SMC cryptography equips certificateless cryptography with instantaneous revocation. They presented a formal security model with two constructions for SMC encryption. This paper studies SMC signatures. We first present a security analysis of a previous attempt by Ju et al.in constructing a SMC signature scheme. We then formalize the notion of SMC signatures and propose the first concrete provable scheme without bilinear pairing. Our scheme is existential unforgeable in the random oracle model based on the intractability of the discrete logarithm problem, has a short public key size, and achieves a trust level which is the same as that of a traditional public key signature.

Comments on "Analysis and Improvement of a Secure and Efficient Handover Authentication Based on Bilinear Pairing Functions"

Usually the main primitive in building a secure wireless authentication is a cryptographic algorithm, such as digital signature scheme. He et al. proposed a handover authentication protocol in [1] (IEEE Trans. Wireless Commun., vol. 11, no. 1, 2011) and a distributed reprogramming protocol in [3] (IEEE Trans. Ind. Electron., vol. 59, no. 11, 2012) for wireless networks. Both protocols are based on an identity-based signature scheme which is claimed to be secure yet efficient. Very recently, He et al. pointed out that such a signature scheme is vulnerable to the key compromised problem. They proposed a simple modification to fix this problem without losing the efficiency and security of the scheme in both [2] (IEEE Commun. Lett., vol. 16, no. 8, 2012) and [4] (IEEE Trans. Ind. Electron., to appear). In this letter, we show that the proposed modification remains vulnerable to the key compromised problem.

Cryptanalysis of some proxy signature schemes without certificates

The concept of proxy signature was introduced by Mambo et al. to delegate signing capability in the digital world. In this paper, we show that three existing proxy signature schemes without certificates, namely, the Qian and Cao identity-based proxy signature (IBPS) scheme, the Guo et al. IBPS scheme and the Li et al. certificateless proxy signature (CLPS) scheme are insecure against universal forgery. More precisely, we show that any user who has a valid public-private key pair can act as a cheating proxy signer and forge the proxy signature on behalf of the original signer at will, without obtaining the official delegation from the original signer.

Side-channel analysis of the K2 stream cipher

In this paper we provide the first side-channel analysis of the K2 stream cipher. K2 is a fast and secure stream cipher built upon the strengths of SNOW 2.0. We apply timing attacks, power analysis, and differential fault analysis to K2. We show that naively implemented K2 is vulnerable to cache-timing attacks, and describe how to implement efficient countermeasures to protect K2 against side-channel attacks in hardware and software.

Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage

Ensuring the cloud data security is a major concern for corporate cloud subscribers and in some cases for the private cloud users. Confidentiality of the stored data can be managed by encrypting the data at the client side before outsourcing it to the remote cloud storage server. However, once the data is encrypted, it will limit server’s capability for keyword search since the data is encrypted and server simply cannot make a plaintext keyword search on encrypted data. But again we need the keyword search functionality for efficient retrieval of data. To maintain user’s data confidentiality, the keyword search functionality should be able to perform over encrypted cloud data and additionally it should not leak any information about the searched keyword or the retrieved document. This is known as privacy preserving keyword search. This paper aims to study privacy preserving keyword search over encrypted cloud data. Also, we present our implementation of a privacy preserving data storage and retrieval system in cloud computing. For our implementation, we have chosen one of the symmetric key primitives due to its efficiency in mobile environments. The implemented scheme enables a user to store data securely in the cloud by encrypting it before outsourcing and also provides user capability to search over the encrypted data without revealing any information about the data or the query.

Cryptanalysis of a High-Definition Image Encryption Based on AES Modification

AbstractWadi and Zainal recently proposed a high definition image encryption algorithm based on a modified AES-128 block cipher in (Wirel Pers Commun 79(2):811–829, 2014). In this paper, we show that the core component of their image encryption algorithm, a modified AES-128 cipher, is insecure against impossible differential attack. The proposed impossible differential attack on the full rounds of the modified AES-128 cipher has a time complexity of around

Improved Cryptanalysis of the Common Scrambling Algorithm Stream Cipher

2^{88.74}