Yi-Shiung Yeh

A new cryptosystem using matrix transformation

An improvement of the Hill cipher is proposed. In the Hill cipher, a randomly generated nonsingular matrix is used as an encryption key, and the inverse of the matrix is used as the decryption key. The weakness of Hill cipher is that the matrix may be revealed under known-plaintext attack. In the proposed cryptosystem a plaintext message is first partitioned into some suitable length of blocks and each block b concatenates with a random string r and a special control symbol c as r.//c//.b The new string is converted to a vector. The components of the vector are positive integers. To overcome the drawbacks of the Hill cipher, a more secure number system with different bases and an enforced transformation of the enciphering matrix are provided.<<ETX>>

Reliability optimization of distributed computing systems subject to capacity constraints

In this paper, we propose a simple, easily programmed exact method for obtaining the optimal design of a distributed computing system in terms of maximizing reliability subject to memory capacity constraints. We assume that a given amount of resources are available for linking the distributed computing system. The method is based on the partial order relation. To speed up the procedure, some rules are proposed to indicate conditions under which certain vectors in the numerical ordering that do not satisfy the capacity constraints can be skipped over. Simulation results show that the proposed algorithm requires less time and space than exhaustive method.

Efficient proxy signcryption scheme with provable CCA and CMA security

For facilitating the confidential transaction with delegation such as on-line proxy auction and business contract signing by an authorized proxy, we propose an efficient proxy signcryption scheme from pairings. Our scheme allows an original signer to delegate his signing power to a proxy one such that the latter can signcrypt a plaintext on behalf of the former. The signcrypted message can only be decrypted by a designated recipient who is also responsible for verifying the recovered proxy signature. To deal with a later dispute over repudiation, the designated recipient can easily announce the ordinary proxy signature for public verification without extra computational efforts. To guarantee the realistic applicability, we demonstrate that our scheme outperforms previous works in terms of functionalities and computational efficiency. Moreover, the security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and that of unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA) are proved in random oracle models.

A Study on Parallel RSA Factorization

The RSA cryptosystem is one of the widely used public key systems. The security of it is based on the intractability of factoring a large composite integer into two component primes, which is referred to as the RSA assumption. So far, the Quadratic Sieve (QS) is the fastest and general-purpose method for factoring composite numbers having less than about 110 digits. In this paper, we present our study on a variant of the QS, i.e., the Multiple Polynomial Quadratic Sieve (MPQS) for simulating the parallel RSA factorization. The parameters of our enhanced methods (such as the size of the factor base and the length of the sieving interval) are benefit to reduce the overall running time and the computation complexity is actually lower. The experimental result shows that it only takes 6.6 days for factoring larger numbers of 100 digits using the enhanced MPQS by 32 workstations.

A NEW HEURISTIC APPROACH FOR RELIABILITY OPTIMIZATION OF DISTRIBUTED COMPUTING SYSTEMS SUBJECT TO CAPACITY CONSTRAINTS

Distri buted Computing Systems (DCS) have become a major trend in computer sys- tem design today, because of their high speed and reliable performance. Reliability is an important performance parameter in DCS design. In the reliability analysis of a DCS, the term of K-Node Re- liability (KNR) is defined as the probability that all nodes in K (a subset of all processing elements) are connected. In this paper, we propose a simple, easily programmed heuristic method for obtaining the optimal design of a DCS in terms of maximizing reliability subject to a capacity constraint. The first part of this paper presents a heuristic algorithm which selects an optimal set of K-nodes that maximizes the KNR in a DCS subject to the capacity constraint. The second part of the paper describes a new approach that uses a K-tree disjoint reduction method to speed up the KNR evaluation. Compared with existing algorithms on various DCS topologies, the proposed algorithm finds a suboptimal design much more efficiently in terms of both execution time and space than an exact and exhaustive method for a large DCS.

Algebraic operations on encrypted relational databases

Abstract In this paper, we consider the problem of performing algebraic operations and their extensions with encrypted relational databases. Each tuple of a relation is enciphered by a cryptosystem based on the extended Chinese remainder theorem. We show that one can perform the Projection, the Cartesian Product and their composite operations, such as performing the Projection followed by the Cartesian Product and performing Cartesian Product followed by the Projection, with the encrypted tuples directly without deciphering them. We also show that there does not exist a secure way to protect data for performing Comparison operations, such as Selection, Union, … , etc., with encrypted relational databases.

Self-Certified Proxy Convertible Authenticated Encryption Scheme

A proxy convertible authenticated encryption (CAE) scheme allows an original signer to delegate his signing power to a proxy signer such that the proxy signer can generate an authenticated ciphertext on behalf of the original signer. The generated authenticated ciphertext can only be decrypted and verified by the specific recipient instead of everyone else for the purpose of confidentiality. Integrating with self-certified public key systems, the proposed scheme can save more communication overheads and computation efforts, since it is not necessary to transmit and verify the public key certificate. That is, authenticating the public key can be combined with subsequent cryptographic operations such as the signature verification. In case of a later repudiation, the specific recipient has the ability to convert the signature into an ordinary one for convincing anyone of the signers dishonesty.

An Authentication-Combined Access Control Scheme Using a One-Way Function

Abstract In this paper, we propose an authentication-combined access control scheme for information protection systems. Let a ij be the access privilege of User i to File j . Initially, by the Diffie-Hellman public key distribution scheme, the system and the users are assigned distinct secret keys, and their corresponding public keys, respectively. Let K s be the secret key and y s be the public key of the system, and let K i be the secret key and y i be the public key of the User i . By using a predefined one-way function F , we compute r ij = F ( K i , y s , a ij ). Reversely, the access privilege can be retained as a ij = F ( K s , y i , r ij ). Being different from the previously proposed schemes, our scheme is safer and the users secret key is used not only for computing the corresponding access privilege to the intended file, but also for authenticating the requesting user not to illegitimately access the protected files. The proposed scheme is simple to establish. Besides, it can perform the access control in dynamic environments, such as change access privileges and insert/delete users or files.

A private key cryptosystem based upon enforced random substitution scheme

Proposes a private key cryptosystem in which a specially designed permutation table is used as an enciphering/deciphering key. By the permutation table, an enforced random substitution scheme substitutes the characters in a plaintext message. It is hard to guess the correct plaintext characters from known ciphertext characters. The secure measurement and some possible attacks on the proposed cryptosystem are also discussed.<<ETX>>

Structural Binary CBC Encryption Mode

A block cipher is a kind of symmetric encryption algorithm that operates on blocks of fixed length, often 64 or 128 bits. It transforms blocks of plaintext into blocks of ciphertext of the same length under the provided secret key. A common characteristic of currently widely used modes of operation such as CBC, CFB and OFB is the sequential procedure, i.e., the encryption/decryption algorithm can not start to process until the previous operation finished, which is considered to be inefficient in multi-processor structures. In this paper, we combine CBC mode of operation and the binary tree data structure to propose a new structural binary CBC encryption mode allowing parallelized computing. A significant property of the proposed mode of operation is independent branch operations. When applied in multi-processor structures, different branch operations can make effective use of CPUs to perform in parallel, which will lead to shorter computing time and greatly improve the overall performance.