Abstract: Fully homomorphic encryption (FHE) enables secure computation over the encrypted data of a single party. We explore how to extend this to multiple parties, using threshold fully homomorphic encryption (TFHE). In such scheme, the parties jointly generate a common FHE public key along with a secret key that is shared among them; they can later cooperatively decrypt ciphertexts without learning anything but the plaintext. We show how to instantiate this approach efficiently, by extending the recent FHE schemes of Brakerski, Gentry and Vaikuntanathan (CRYPTO '11, FOCS '11, ITCS '12) based on the (ring) learning with errors assumption. Our main tool is to exploit the property that such schemes are additively homomorphic over their keys. Using TFHE, we construct simple multiparty computation protocols secure against fully malicious attackers, tolerating any number of corruptions, and providing security in the universal composability framework. Our protocols have the following properties: Low interaction: 3 rounds of interaction given a common random string, or 2 rounds with a public-key infrastructure. Low communication: independent of the function being computed (proportional to just input and output sizes). Cloud-assisted computation: the bulk of the computation can be efficiently outsourced to an external entity (e.g. a cloud service) so that the computation of all other parties is independent of the complexity of the evaluated function.

Abstract: As the data produced by individuals and enterprises that need to be stored and utilized are rapidly increasing, data owners are motivated to outsource their local complex data management systems into the cloud for its great flexibility and economic savings. However, as sensitive cloud data may have to be encrypted before outsourcing, which obsoletes the traditional data utilization service based on plaintext keyword search, how to enable privacy-assured utilization mechanisms for outsourced cloud data is thus of paramount importance. Considering the large number of on-demand data users and huge amount of outsourced data files in cloud, the problem is particularly challenging, as it is extremely difficult to meet also the practical requirements of performance, system usability, and high-level user searching experiences. In this paper, we investigate the problem of secure and efficient similarity search over outsourced cloud data. Similarity search is a fundamental and powerful tool widely used in plaintext information retrieval, but has not been quite explored in the encrypted data domain. Our mechanism design first exploits a suppressing technique to build storage-efficient similarity keyword set from a given document collection, with edit distance as the similarity metric. Based on that, we then build a private trie-traverse searching index, and show it correctly achieves the defined similarity search functionality with constant search time complexity. We formally prove the privacy-preserving guarantee of the proposed mechanism under rigorous security treatment. To demonstrate the generality of our mechanism and further enrich the application spectrum, we also show our new construction naturally supports fuzzy search, a previously studied notion aiming only to tolerate typos and representation inconsistencies in the user searching input. The extensive experiments on Amazon cloud platform with real data set further demonstrate the validity and practicality of the proposed mechanism.

Abstract: In this paper, we investigate a category of public key encryption schemes that supports plaintext equality test and user-specified authorization. With this new primitive, two users, who possess their own public/private key pairs, can issue token(s) to a proxy to authorize it to perform plaintext equality test from their ciphertexts. We provide a formal formulation for this primitive and present a construction with provable security in our security model. To mitigate the risks against the semi-trusted proxies, we enhance the proposed cryptosystem by integrating the concept of computational client puzzles. As a showcase, we construct a secure personal health record application on the basis of this primitive. Copyright © 2012 John Wiley & Sons, Ltd.

Abstract: Recently, a novel image encryption scheme based on improved hyperchaotic sequences was proposed. A pseudo-random number sequence, generated by a hyper-chaos system, is used to determine two involved encryption functions, bitwise exclusive or (XOR) operation and modulo addition. It was reported that the scheme can be broken with some pairs of chosen plain-images and the corresponding cipherimages. This paper re-evaluates the security of the encryption scheme and finds that the encryption scheme can be broken with only one known plain-image. The performance of the known-plaintext attack, in terms of success probability and computation load, become even much better when two known plain-images are available. In addition, security defects on insensitivity of the encryption result with respect to changes of secret key and plain-image are also reported.

Abstract: With the fast progression of digital data exchange in electronic way, information security is becoming much more important in data storage and transmission. Cryptography has come up as a solution which plays a vital role in information security system against malicious attacks. This security mechanism uses some algorithms to scramble data into unreadable text which can be only being decoded or decrypted by party those possesses the associated key. These algorithms consume a significant amount of computing resources such as CPU time, memory and computation time. In this paper two most widely used symmetric encryption techniques i.e. data encryption standard (DES) and advanced encryption standard (AES) have been implemented using MATLAB software. After the implementation, these techniques are compared on some points. These points are avalanche effect due to one bit variation in plaintext keeping the key constant, avalanche effect due to one bit variation in key keeping the plaintext constant, memory required for implementation and simulation time required for encryption.

Abstract: In this short note we observe that the Peikert-Vaikuntanathan-Waters (PVW) method of packing many plaintext elements in a single Regev-type ciphertext, can be used for performing SIMD homomorphic operations on packed ciphertext. This provides an alternative to the Smart-Vercauteren (SV) ciphertextpacking technique that relies on polynomial-CRT. While the SV technique is only applicable to schemes that rely on ring-LWE (or other hardness assumptions in ideal lattices), the PVW method can be used also for cryptosystems whose security is based on standard LWE (or more broadly on the hardness of “General-LWE”). Although using the PVW method with LWE-based schemes leads to worse asymptotic efficiency than using the SV technique with ring-LWE schemes, the simplicity of this method may still offer some practical advantages. Also, the two techniques can be used in tandem with “general-LWE” schemes, suggesting yet another tradeoff that can be optimized for different settings.

Abstract: Recently, a colour image encryption algorithm based on chaos was proposed by cascading two position permutation operations and one substitution operation, which are all determined by some pseudo-random number sequences generated by iterating the logistic map. This paper evaluates the security level of this encryption algorithm and finds that the position permutation-only part and the substitution part can be separately broken with only ⌈(log2(3MN))/8⌉ and 2 chosen plain-images, respectively, where MN is the size of the plain-image. The effectiveness of the proposed chosen-plaintext attack is supported by concise theoretical analyses, and is verified by experimental results.

Abstract: The proliferation and ever-increasing capabilities of mobile devices such as smart phones give rise to a variety of mobile sensing applications. This paper studies how an untrusted aggregator in mobile sensing can periodically obtain desired statistics over the data contributed by multiple mobile users, without compromising the privacy of each user. Although there are some existing works in this area, they either require bidirectional communications between the aggregator and mobile users in every aggregation period, or has high computation overhead and cannot support large plaintext spaces. Also, they do not consider the Min aggregate which is quite useful in mobile sensing. To address these problems, we propose an efficient protocol to obtain the Sum aggregate, which employs an additive homomorphic encryption and a novel key management technique to support large plaintext space. We also extend the sum aggregation protocol to obtain the Min aggregate of time-series data. Evaluations show that our protocols are orders of magnitude faster than existing solutions.

Abstract: In PKC 2010, Herranz et al. proposed the first ciphertext policy attribute-based encryption (CP-ABE) scheme with constant size ciphertexts for threshold predicates. However, their scheme was only secure against chosen plaintext attacks (CPA), which was impossible to obtain security against chosen ciphertext attacks (CCA) in the standard model, and they left open the following three problems for CP-ABE schemes with constant size ciphertexts, i.e., how to achieve full security (i.e., not only the selective security), CCA security in the standard model, and security reduction to a more standard mathematical problem. In this paper, we answer the last two of these three problems affirmatively. Towards our goal, we first design a CPA secure threshold CP-ABE scheme, which can be further upgraded to the CCA security. The security of our schemes can be proved under the decisional q-Bilinear Diffie-Hellman Exponent (q-BDHE) assumption in the selective model. To the best of our knowledge, this is the first construction of CCA secure CP-ABE scheme with constant size ciphertexts that can support flexible threshold access structure in the standard model.

Abstract: We propose a software-hardware architecture, DataSafe, that realizes the concept of self-protecting data: data that is protected by a given policy whenever it is accessed by any application -- including unvetted third-party applications. Our architecture provides dynamic instantiations of secure data compartments (SDCs), with hardware monitoring of the information flows from the compartment using hardware policy tags associated with the data at runtime. Unbypassable hardware output control prevents confidential information from being leaked out. Unlike previous hardware information flow tracking systems, DataSafe software architecture bridges the semantic gap by supporting flexible, high-level software policies for the data, seamlessly translating these policies to efficient hardware tags at runtime. Applications need not be modified to interface to these software-hardware mechanisms. DataSafe architecture is designed to prevent illegitimate secondary dissemination of protected plaintext data by authorized recipients, to track and protect data derived from sensitive data, and to provide lifetime enforcement of the confidentiality policies associated with the sensitive data.

Abstract: The majority of current attacks on reduced-round variants of block ciphers seeks to maximize the number of rounds that can be broken, using less data than the entire codebook and less time than exhaustive key search. In this paper, we pursue a different approach, restricting the data available to the adversary to a few plaintext/ciphertext pairs. We argue that consideration of such attacks (which received little attention in recent years) improves our understanding of the security of block ciphers and of other cryptographic primitives based on block ciphers. In particular, these attacks can be leveraged to more complex attacks, either on the block cipher itself or on other primitives (e.g., stream ciphers, MACs, or hash functions) that use a small number of rounds of the block cipher as one of their components. As a case study, we consider the Advanced Encryption Standard (AES)-the most widely used block cipher. The AES round function is used in many cryptographic primitives, such as the hash functions Lane, SHAvite-3, and Vortex or the message authentication codes ALPHA-MAC, Pelican, and Marvin. We present attacks on up to four rounds of AES that require at most three known/chosen plaintexts. We then apply these attacks to cryptanalyze an AES-based stream cipher (which follows the leak extraction methodology), and to mount the best known plaintext attack on six-round AES.

Abstract: Over the last few years, identity (ID)-based encryption (IBE) without requiring certificate management offers a practical alternative to public key encryption. However, how to revoke misbehaving/compromised identities in ID-based public key setting becomes a new and critical issue. In the past, there was little work on studying this revocation problem. In 2008, Boldyreva et al. proposed a revocable IBE (RIBE) and its associated revocation solution that used a binary tree structure to reduce the authority's periodic workload in Boneh and Franklin's IBE. However, Boldyreva et al.'s RIBE raised enormous computation costs for encryption and decryption procedures. Both IBEs require a secure channel between each user and the authority to transmit user's periodic private keys, thus the authority and each user need to encrypt and decrypt the private keys for each period. In this article, we present an efficient RIBE with a public channel, which provides a practical alternative to the previously proposed revocation solutions, while it remains efficient for encryption and decryption. Under the bilinear Diffie–Hellman assumption, we demonstrate that our RIBE with a public channel is semantically secure against adaptive chosen plaintext attacks and adaptive chosen ciphertext attacks.

Abstract: Assume that an adversary observes many ciphertexts, and may then ask for openings, i.e. the plaintext and the randomness used for encryption, of some of them. Do the unopened ciphertexts remain secure? There are several ways to formalize this question, and the ensuing security notions are not known to be implied by standard notions of encryption security. In this work, we relate the two existing flavors of selective opening security. Our main result is that indistinguishability-based selective opening security and simulation-based selective opening security do not imply each other. We show our claims by counterexamples. Concretely, we construct two public-key encryption schemes. One scheme is secure under selective openings in a simulation-based sense, but not in an indistinguishability-based sense. The other scheme is secure in an indistinguishability-based sense, but not in a simulation-based sense. Our results settle an open question of Bellare et al. (Eurocrypt 2009). Also, taken together with known results about selective opening secure encryption, we get an almost complete picture how the two flavors of selective opening security relate to standard security notions.

Abstract: In this paper, the CML-based spatiotemporal chaos system is used for image blocks encryption, which gets higher security. The basic idea is to divide the image into blocks, and then use the block numbers as the spatial parameter of CML to iterate the chaos system. Each lattice generates a chaos sequence, and the number of chaos sequence values is equal to the pixels number of each block. The chaos sequences and the former block plaintext codecide the substitution and diffusion of each block. Simulation results show that the performance and security of the proposed encryption system can encrypt the image effectively and resist various typical attacks.

Abstract: We consider the following challenge: How can a cloud storage provider prove to a tenant that it's encrypting files at rest, when the provider itself holds the corresponding encryption keys? Such proofs demonstrate sound encryption policies and file confidentiality. (Cheating, cost-cutting, or misconfigured providers may bypass the computation/management burdens of encryption and store plaintext only.)To address this problem, we propose hourglass schemes, protocols that prove correct encryption of files at rest by imposing a resource requirement (e.g., time, storage or computation) on the process of translating files from one encoding domain (i.e., plaintext) to a different, target domain (i.e., ciphertext). Our more practical hourglass schemes exploit common cloud infrastructure characteristics, such as limited file-system parallelism and the use of rotational hard drives for at-rest files. For files of modest size, we describe an hourglass scheme that exploits trapdoor one-way permutations to prove correct file encryption whatever the underlying storage medium.We also experimentally validate the practicality of our proposed schemes, the fastest of which incurs minimal overhead beyond the cost of encryption. As we show, hourglass schemes can be used to verify properties other than correct encryption, e.g., embedding of "provenance tags" in files for tracing the source of leaked files. Of course, even if a provider is correctly storing a file as ciphertext, it could also store a plaintext copy to service tenant requests more efficiently. Hourglass schemes cannot guarantee ciphertext-only storage, a problem inherent when the cloud manages keys. By means of experiments in Amazon EC2, however, we demonstrate that hourglass schemes provide strong incentives for economically rational cloud providers against storage of extra plaintext file copies.

Abstract: In this paper we present improvements of the algebraic side-channel analysis of the Advanced Encryption Standard (AES) proposed in [1]. In particular, we optimize the algebraic representation of AES and the algebraic representation of the obtained side-channel information in order to speed up the attack and increase the success rate. We study the performance of our improvements in both known and unknown plaintext/ciphertext attack scenarios. Our experiments indicate that in both cases the amount of required side-channel information is less than the one required in the attacks introduced in [1]. Furthermore, we introduce a method for error handling, which allows our improved algebraic side-channel attack to escape the assumption of an error-free environment and thus become applicable in practice. We demonstrate the practical use of our improved algebraic side-channel attack by inserting predictions from a single-trace template attack.

Abstract: Traditional definitions of encryption security guarantee secrecy for any plaintext that can be computed by an outside adversary. In some settings, such as anonymous credential or disk encryption systems, this is not enough, because these applications encrypt messages that depend on the secret key. A natural question to ask is do standard definitions capture these scenarios? One area of interest is n-circular security where the ciphertexts $E(pk_1,sk_2),\allowbreak E(pk_2,sk_3)$, …$,\allowbreak E(pk_{n-1},sk_n), E(pk_n, sk_1)$ must be indistinguishable from encryptions of zero. Acar et al. (Eurocrypt 2010) provided a CPA-secure public key cryptosystem that is not 2-circular secure due to a distinguishing attack. In this work, we consider a natural relaxation of this definition. Informally, a cryptosystem is n-weak circular secure if an adversary given the cycle $E(pk_1,sk_2),\allowbreak E(pk_2,sk_3), \dots,\allowbreak E(pk_{n-1},sk_n), E(pk_n, sk_1)$ has no significant advantage in the regular security game, (e.g., CPA or CCA) where ciphertexts of chosen messages must be distinguished from ciphertexts of zero. Since this definition is sufficient for some practical applications and the Acar et al. counterexample no longer applies, the hope is that it would be easier to realize, or perhaps even implied by standard definitions. We show that this is unfortunately not the case: even this weaker notion is not implied by standard definitions. Specifically, we show:For symmetric encryption, under the minimal assumption that one-way functions exist, n -weak circular (CPA) security is not implied by CCA security, for any n . In fact, it is not even implied by authenticated encryption security, where ciphertext integrity is guaranteed. For public-key encryption, under a number-theoretic assumption, 2-weak circular security is not implied by CCA security. In both of these results, which also apply to the stronger circular security definition, we actually show for the first time an attack in which the adversary can recover the secret key of an otherwise-secure encryption scheme after an encrypted key cycle is published. These negative results are an important step in answering deep questions about which attacks are prevented by commonly-used definitions and systems of encryption. They say to practitioners: if key cycles may arise in your system, then even if you use CCA-secure encryption, your system may break catastrophically; that is, a passive adversary might be able to recover your secret keys.

Abstract: Disclosed in the present invention are a system and method for accessing third-party applications based on a cloud platform. The method comprises the steps of: receiving information of a cloud platform account and a cloud platform password inputted by a user; searching a storied bind-information mapping table according to the third-party application selected by the user, acquiring the account information of the third-party application and access information without a plaintext password responding to said third-party application and cloud platform account information and sending the acquired information to a third-party application server; receiving authentication pass information returned from the third-party application server. By applying the present invention, the complexity of frequently logging in operation can be reduced and the security of accessing the third-party application can be improved.

Abstract: Homomorphic encryption allows arithmetic operations to be performed on ciphertext and gives the same result as if the same arithmetic operation is done on the plaintext. Homomorphic encryption has been touted as one of the promising methods to be employed in Smart Grid (SG) to provide data privacy which is one of the main security concerns in SG. In addition to data privacy, real-time data flow is crucial in SG to provide on-time detection and recovery of possible failures. In this paper, we investigate the overhead of using homomorphic encryption in SG in terms of bandwidth and end-to-end data delay when providing data privacy. Specifically, we compare the latency and data size of end-to-end (ETE) and hop-by-hop (HBH) homomorphic encryption within a network of Smart Meters (SMs). In HBH encryption, at each intermediate node, the received encrypted data from downstream nodes are decrypted first before the aggregation, and then the result is encrypted again for transmission to upstream nodes. On the other hand, the intermediate node in ETE encryption only performs aggregation on ciphertexts for transmission to upstream nodes. We implemented secure data aggregation using Paillier cryptosystem and tested it under various conditions. The experiment results have shown that even though HBH homomorphic encryption has additional computational overhead at intermediate nodes, surprisingly it provides comparable latency and fixed data size passing through the network compared to ETE homomorphic encryption.

Abstract: We study the problem of searching on encrypted data, where the search is performed using a plaintext message or a keyword, rather than a message-specific trapdoor as done by state-of-the-art schemes. The use cases include delegation of key-word search e.g. to a cloud data storage provider or to an email server, using a plaintext message. We define a new cryptographic primitive called plaintext-checkable encryption (PCE), which extends public-key encryption by the following functionality: given a plaintext, a ciphertext and a public key, it is universally possible to check whether the ciphertext encrypts the plaintext under the key. We provide efficient generic random-oracle constructions for PCE based on any probabilistic or deterministic encryption scheme; we also give a practical construction in the standard model. As another application we show how PCE can be used to improve the efficiency in group signatures with verifier-local revocation (VLR) and backward unlinkability. These group signatures provide efficient revocation of group members, which is a key issue in practical applications.

Abstract: We further the study of order-preserving symmetric encryption (OPE), a primitive for allowing ecient range queries on encrypted data, recently initiated (from a cryptographic perspective) by Boldyreva et al. (Eurocrypt ’09). First, we address the open problem of characterizing what encryption via a random order-preserving function (ROPF) leaks about underlying data (ROPF being the \ideal object" in the security denition, POPF, satised by their scheme.) In particular, we show that, for a database of randomly distributed plaintexts and appropriate choice of parameters, ROPF encryption leaks neither the precise value of any plaintext nor the precise distance between any two of them. The analysis here introduces useful new techniques. On the other hand, we show that ROPF encryption leaks approximate value of any plaintext as well as approximate distance between any two plaintexts, each to an accuracy of about square root of the domain size. We then study schemes that are not order-preserving, but which nevertheless allow ecient range queries and achieve security notions stronger than POPF. In a setting where the entire database is known in advance of key-generation (considered in several prior works), we show that recent constructions of \monotone minimal perfect hash functions" allow to eciently

Abstract: One embodiment of the present invention provides a system for performing secure multiparty cloud computation During operation, the system receives multiple encrypted datasets from multiple clients An encrypted dataset associated with a client is encrypted from a corresponding plaintext dataset using a unique, client-specific encryption key The system re-encrypts the multiple encrypted datasets to a target format, evaluates a function based on the re-encrypted multiple datasets to produce an evaluation outcome, and sends the evaluation outcome to the multiple clients, which are configured to cooperatively decrypt the evaluation outcome to obtain a plaintext evaluation outcome

Abstract: Encryption is the process of transforming plaintext into the ciphertext where plaintext is the input to the encryption process and ciphertext is the output of the encryption process. Decryption is the process of transforming ciphertext into the plaintext where ciphertext is the input to the decryption process and plaintext is the output of the decryption process. There are various encryption algorithms exist classified as symmetric and asymmetric encryption algorithms. Here, I present an algorithm for data encryption and decryption which is based on ASCII values of characters in the plaintext. This algorithm is used to encrypt data by using ASCII values of the data to be encrypted. The secret used will be modifying o another string and that string is used as a key to encrypt or decrypt the data. So, it can be said that it is a kind of symmetric encryption algorithm because it uses same key for encryption and decryption but by slightly modifying it. This algorithm operates when the length of input and the length

Abstract: The revenue from Security v/s its financial and performance cost debate has its fingerprints shown in EPS's 3GPP Technical specification, where some contradiction between the security philosophy v/s design caught the attention of the research community. Example of these contradictions is the shown in 3GPP's technical specification where the user's identity must be confidential to third parties, while in the design, the user's permanent Identifier is sent in plaintext over radio channel. Radio channels is susceptible to eavesdropping thus Users can be tracked for a short period before the temporary identifier is used, but this time is more than enough for a terrorist attack. Most of the papers published related to this topic, are proposing solutions for the above contradiction. In our work, some of these papers' security robustness will be evaluated by exploiting its vulnerabilities, and simulating newly proposed attack (Intelligent Brute Force), thus sizing the confidence in its proposals. A new mechanism, Ensured confidentiality Authentication and Key agreement (EC-AKA), is proposed to enhance the user's confidentiality and cover the identified AKA's vulnerabilities, thus fulfilling the market's long term needs, which LTE was developed for.

Abstract: A secure remote-data-storage system stores encrypted data and both plaintext and encrypted keys at a server, where data at the server is inadequate to recover the plaintext of the encrypted data; and stores at least one encrypted key at a client system. To decrypt the data, the client must obtain a copy of the encrypted data from the server, and a key to decrypt its locally-stored encrypted key. Once decrypted, the locally-stored key can be used to decrypt the encrypted data, or to decrypt an encrypted key from the server, which may then be used decrypt the encrypted data.