Time filter

Source Type

Wang H.,Nanjing University of Posts and Telecommunications | Wang H.,State Key Laboratory of Cryptology | He D.,Wuhan University | Tang S.,South China University of Technology
IEEE Transactions on Information Forensics and Security | Year: 2016

More and more clients would like to store their data to public cloud servers (PCSs) along with the rapid development of cloud computing. New security problems have to be solved in order to help more clients process their data in public cloud. When the client is restricted to access PCS, he will delegate its proxy to process his data and upload them. On the other hand, remote data integrity checking is also an important security problem in public cloud storage. It makes the clients check whether their outsourced data are kept intact without downloading the whole data. From the security problems, we propose a novel proxy-oriented data uploading and remote data integrity checking model in identity-based public key cryptography: identity-based proxy-oriented data uploading and remote data integrity checking in public cloud (ID-PUIC). We give the formal definition, system model, and security model. Then, a concrete ID-PUIC protocol is designed using the bilinear pairings. The proposed ID-PUIC protocol is provably secure based on the hardness of computational Diffie-Hellman problem. Our ID-PUIC protocol is also efficient and flexible. Based on the original client's authorization, the proposed ID-PUIC protocol can realize private remote data integrity checking, delegated remote data integrity checking, and public remote data integrity checking. © 2016 IEEE.


He D.,Wuhan University | He D.,Fujian Normal University | Zeadally S.,University of Kentucky | Xu B.,Nanjing University | And 2 more authors.
IEEE Transactions on Information Forensics and Security | Year: 2015

By broadcasting messages about traffic status to vehicles wirelessly, a vehicular ad hoc network (VANET) can improve traffic safety and efficiency. To guarantee secure communication in VANETs, security and privacy issues must be addressed before their deployment. The conditional privacy-preserving authentication (CPPA) scheme is suitable for solving security and privacy-preserving problems in VANETs, because it supports both mutual authentication and privacy protection simultaneously. Many identity-based CPPA schemes for VANETs using bilinear pairings have been proposed over the last few years to enhance security or to improve performance. However, it is well known that the bilinear pairing operation is one of the most complex operations in modern cryptography. To achieve better performance and reduce computational complexity of information processing in VANET, the design of a CPPA scheme for the VANET environment that does not use bilinear paring becomes a challenge. To address this challenge, we propose a CPPA scheme for VANETs that does not use bilinear paring and we demonstrate that it could supports both the mutual authentication and the privacy protection simultaneously. Our proposed CPPA scheme retains most of the benefits obtained with the previously proposed CPPA schemes. Moreover, the proposed CPPA scheme yields a better performance in terms of computation cost and communication cost making it be suitable for use by the VANET safety-related applications. © 2005-2012 IEEE.


Yu Y.,Shanghai JiaoTong University | Yu Y.,Chinese Academy of Sciences | Yu Y.,State Key Laboratory of Cryptology | Steinberger J.,Tsinghua University
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2016

Pseudorandom functions (PRFs) play a central role in symmetric cryptography. While in principle they can be built from any one-way functions by going through the generic HILL (SICOMP 1999) and GGM (JACM 1986) transforms, some of these steps are inherently sequential and far from practical. Naor, Reingold (FOCS 1997) and Rosen (SICOMP 2002) gave parallelizable constructions of PRFs in NC2 and TC0 based on concrete number-theoretic assumptions such as DDH, RSA, and factoring. Banerjee, Peikert, and Rosen (Eurocrypt 2012) constructed relatively more efficient PRFs in NC1 and TC0 based on “learning with errors” (LWE) for certain range of parameters. It remains an open problem whether parallelizable PRFs can be based on the “learning parity with noise” (LPN) problem for both theoretical interests and efficiency reasons (as the many modular multiplications and additions in LWE would then be simplified to AND and XOR operations under LPN). In this paper, we give more efficient and parallelizable constructions of randomized PRFs from LPN under noise rate n−c (for any constant 0 < c < 1) and they can be implemented with a family of polynomialsize circuits with unbounded fan-in AND, OR and XOR gates of depth ω(1), where ω(1) can be any small super-constant (e.g., log log log n or even less). Our work complements the lower bound results by Razborov and Rudich (STOC 1994) that PRFs of beyond quasi-polynomial security are not contained in AC0(MOD2), i.e., the class of polynomial-size, constant-depth circuit families with unbounded fan-in AND, OR, and XOR gates. Furthermore, our constructions are security-lifting by exploiting the redundancy of low-noise LPN. We show that in addition to parallelizability (in almost constant depth) the PRF enjoys either of (or any tradeoff between) the following: – A PRF on a weak key of sublinear entropy (or equivalently, a uniform key that leaks any (1 − o(1))-fraction) has comparable security to the underlying LPN on a linear size secret. – A PRF with key length λ can have security up to 2O( λ/ log λ), which goes much beyond the security level of the underlying low-noise LPN. where adversary makes up to certain super-polynomial amount of queries. © International Association for Cryptologic Research 2016.


Wang H.,Dalian Ocean University | Wang H.,State Key Laboratory of Cryptology | He D.,Wuhan University
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2016

Since public clouds are untrusted by many consumers, it is important to check whether their remote data keeps intact. Sometimes, it is necessary for many clients to cooperate to store their data in the public clouds. For example, a file needs many clients’ approval before it is stored in the public clouds. Specially, different files need different client subsets’ approval. After that, these stored remote data will be proved possession by the verifier. In some cases, the verifier has no ability to perform remote data possession proof, for example, the verifier is in the battlefield because of the war. It will delegate this task to its proxy. In this paper, we propose the concept of proxy provable data possession (PPDP) which supports a general access structure. We propose the corresponding system model, security model and a concrete PPDP protocol from n-multilinear map. Our concrete PPDP protocol is provably secure and efficient by security analysis and performance analysis. Since our proposed PPDP protocol supports the general access structure, only the clients of an authorized subset can cooperate to store the massive data to PCS (Public Cloud Servers), and it is impossible for those of an unauthorized subset to store the data to PCS. © Springer International Publishing Switzerland 2016.


Wang T.,Purdue University | Zhaoy Y.,Fudan University | Zhaoy Y.,State Key Laboratory of Cryptology
ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security | Year: 2016

Cloud storage services such as Dropbox [1] and Google Drive [2] are becoming more and more popular. On the one hand, they provide users with mobility, scalability, and convenience. However, privacy issues arise when the storage becomes not fully controlled by users. Although modern encryption schemes are effective at protecting content of data, there are two drawbacks of the encryption-before-outsourcing approach: First, one kind of sensitive information, Access Pattern of the data is left unprotected. Moreover, encryption usually makes the data difficult to use. In this paper, we propose AIS (Access Indistinguishable Storage), the first client-side system that can partially conceal access pattern of the cloud storage in constant time. Besides data content, AIS can conceal information about the number of initial files, and length of each initial file. When it comes to the access phase after initiation, AIS can effectively conceal the behavior (read or write) and target file of the current access. Moreover, the existence and length of each file will remain confidential as long as there is no access after initiation. One application of AIS is SSE (Searchable Symmetric Encryption), which makes the encrypted data searchable. Based on AIS, we propose SBA (SSE Built on AIS). To the best of our knowledge, SBA is safer than any other SSE systems of the same complexity, and SBA is the first to conceal whether current keyword was queried before, the first to conceal whether current operation is an addition or deletion, and the first to support direct modification of files. © 2016 Copyright held by the owner/author(s).


Zhang B.,CAS Institute of Software | Zhang B.,State Key Laboratory of Cryptology | Gong X.,CAS Institute of Software
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2015

Sprout is a new lightweight stream cipher with shorter internal state proposed at FSE 2015, using key-dependent state updating in the keystream generation phase. Some analyses have been available on eprint so far. In this paper, we extend the design paradigm in general and study the security of Sprout-like ciphers in a unified framework. Our new penetration is to investigate the k-normality of the augmented function, a vectorial Boolean function derived from the primitive. Based on it, a dedicated time/memory/data tradeoff attack is developed for such designs. It is shown that Sprout can be broken in 279 −x −y time, given [c (2x + 2y − 58) · 271 −x −y]-bit memory and 29+x+y-bit keystream, where x/y is the number of forward/backward steps and c is a small constant. Our attack is highly flexible and compares favorably to all the previous results. With carefully chosen parameters, the new attack is at least 220 times faster than Lallemand/Naya-Plasencia attack at Crypto 2015, Maitra et al. attack and Banik attack, 210 times faster than Esgin/Kara attack with much less memory. © International Association for Cryptologic Research 2015.


Qu L.,National University of Defense Technology | Qu L.,State Key Laboratory of Cryptology
IEEE Transactions on Information Theory | Year: 2016

Planar functions over finite fields give rise to finite projective planes. They were also used in the constructions of DES-like iterated ciphers, error-correcting codes, and codebooks. They were originally defined only in finite fields with odd characteristic, but recently Zhou introduced pesudo-planar functions in even characteristic which yields similar applications. All known pesudo-planar functions are quadratic and hence they give presemifields. In this paper, a new approach to constructing quadratic pseudo-planar functions is given. Then five explicit families of pseudo-planar functions are constructed, one of which is a binomial, two of which are trinomials, and the other two are quadrinomials. All known pesudo-planar functions are revisited, some of which are generalized. These functions not only lead to projective planes, relative difference sets and presemifields, but also give optimal codebooks meeting the Levenstein bound, complete sets of mutually unbiased bases (MUB) and compressed sensing matrices with low coherence. © 2016 IEEE.


Chen Y.,Chinese Academy of Sciences | Chen Y.,State Key Laboratory of Cryptology | Zhang Z.,Japan National Institute of Advanced Industrial Science and Technology
Journal of Computer Security | Year: 2016

We put forth the notion of publicly evaluable pseudorandom functions (PEPRFs), which can be viewed as a counterpart of standard pseudorandom functions (PRFs) in the public-key setting. Briefly, PEPRFs are defined over domain X containing a language L associated with a hard relation RL, and each secret key sk is associated with a public key pk. For any x ∈ L, in addition to evaluate Fsk (x) using sk as standard PRFs, one is also able to evaluate Fsk (x) with pk, x and a witness w for x ∈ L. We consider two security notions for PEPRFs. The basic one is weak pseudorandomness which stipulates a PEPRF cannot be distinguished from a real random function on uniformly random chosen inputs. The strengthened one is adaptive weak pseudorandomness which requires a PEPRF remains weak pseudorandom even when an adversary is given adaptive access to an evaluation oracle. We conduct a formal study of PEPRFs, focusing on applications, constructions, and extensions. • We show how to construct chosen-plaintext secure (CPA) and chosen-ciphertext secure (CCA) public-key encryption (PKE) schemes from (adaptive) PEPRFs. The construction is simple, black-box, and admits a direct proof of security. We provide evidence that (adaptive) PEPRFs exist by showing constructions from injective trapdoor functions, hash proof systems, extractable hash proof systems, as well as a construction from puncturable PRFs with program obfuscation. • We introduce the notion of publicly sampleable PRFs (PSPRFs), which is a relaxation of PEPRFs, but nonetheless imply PKE. We show (adaptive) PSPRFs are implied by (adaptive) trapdoor relations. This helps us to unify and clarify many PKE schemes from seemingly unrelated general assumptions and paradigms under the notion of PSPRFs. • We explore similar extension on recently emerging constrained PRFs, and introduce the notion of publicly evaluable constrained PRFs, which, as an immediate application, implies attribute-based encryption. • We propose a twist on PEPRFs, which we call publicly evaluable and verifiable functions (PEVFs). Compared to PEPRFs, PEVFs have an additional promising property named public verifiability while the best possible security degrades to unpredictability. We justify the applicability of PEVFs by presenting a simple construction of "hash-and-sign" signatures, both in the random oracle model and the standard model. © 2016 - IOS Press and the authors. All rights reserved.


Heng Z.,Nanjing University of Aeronautics and Astronautics | Heng Z.,State Key Laboratory of Cryptology | Yue Q.,Nanjing University of Aeronautics and Astronautics | Yue Q.,State Key Laboratory of Cryptology
IEEE Transactions on Information Theory | Year: 2016

Cyclic codes with a few weights are very useful in the design of frequency hopping sequences and the development of secret sharing schemes. In this paper, we mainly use Gauss sums to represent the Hamming weights of cyclic codes whose duals have two zeroes. A lower bound of the minimum Hamming distance is determined. In some cases, we give the Hamming weight distributions of the cyclic codes. In particular, we obtain a class of three-weight optimal cyclic codes achieving the Griesmer bound, which generalizes a Vega's result, and several classes of cyclic codes with a few weights, which solve an open problem proposed by Vega. © 1963-2012 IEEE.


Zhang J.,State Key Laboratory of Cryptology | Chen Y.,Chinese Academy of Sciences | Zhang Z.,Information Assurance
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2016

Driven by the open problem raised by Hofheinz and Kiltz [34], we study the formalization of lattice-based programmable hash function (PHF), and give two types of constructions by using several techniques such as a novel combination of cover-free sets and lattice trapdoors. Under the Inhomogeneous Small Integer Solution (ISIS) assumption, we show that any (non-trivial) lattice-based PHF is collisionresistant, which gives a direct application of this new primitive. We further demonstrate the power of lattice-based PHF by giving generic constructions of signature and identity-based encryption (IBE) in the standard model, which not only provide a way to unify several previous lattice-based schemes using the partitioning proof techniques, but also allow us to obtain a new short signature scheme and a new fully secure IBE scheme with keys consisting of a logarithmic number of matrices/ vectors in the security parameter κ. Besides, we also give a refined way of combining two concrete PHFs to construct an improved short signature scheme with short verification keys from weaker assumptions. In particular, our methods depart from the confined guessing technique of Böhl et al. [8] that was used to construct previous standard model short signature schemes with short verification keys by Ducas and Micciancio [24] and by Alperin-Sheriff [6], and allow us to achieve existential unforgeability against chosen message attacks (EUF-CMA) without resorting to chameleon hash functions. © International Association for Cryptologic Research 2016.

Loading State Key Laboratory of Cryptology collaborators
Loading State Key Laboratory of Cryptology collaborators