Indistinguishability under chosen-ciphertext attack (IND-CCA) is now considered the de facto security notion for public-key encryption. However, this sometimes offers a stronger security guarantee than what is needed. In this study, the authors consider a weaker security notion, termed as indistinguishability under plaintext-checking attacks (IND-PCA), in which the adversary has only access to an oracle indicating whether or not a given ciphertext encrypts a given message. After formalising this notion, the authors design a new public-key encryption scheme satisfying it. The new scheme is a variant of the Cramer–Shoup encryption scheme with shorter ciphertexts. Its security is also based on the plain decisional Diffie–Hellman (DDH) assumption. Additionally, the algebraic properties of the new scheme allow proving plaintext knowledge using Groth–Sahai non-interactive zero-knowledge proofs or smooth projective hash functions. Finally, as a concrete application, the authors show that, for many password-based authenticated key exchange (PAKE) schemes in the Bellare–Pointcheval–Rogaway security model, they can safely replace the underlying IND-CCA encryption schemes with their new IND-PCA one. By doing so, they reduce the overall communication complexity of these protocols and obtain the most efficient PAKE schemes to date based on plain DDH.

The authors show that two well-known and widely employed public-key encryption schemes – RSA optimal asymmetric encryption padding (RSA-OAEP) and Diffie–Hellman integrated encryption scheme (DHIES), instantiated with a one-time pad, – are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model. Both schemes are obtained via known generic transformations that transform relatively weak primitives (with security in the sense of one-wayness) to indistinguishability (IND)-CCA secure encryption schemes. The authors also show a similar result for the well-known Fujisaki–Okamoto transformation that can generically turn a one-way secure public key encryption system and a one-time pad into a IND-CCA-secure public-key encryption system. The authors prove that selective opening security comes for free in these transformations. Both DHIES and RSA-OAEP are important building blocks in several standards for public key encryption and key exchange protocols. The Fujisaki–Okamoto transformation is very versatile and has successfully been utilised to build efficient lattice-based cryptosystems. The considered schemes are the first practical cryptosystems that meet the strong notion of simulation-based selective opening (SIM-SO-CCA) security.

The authors define a notion of adaptive proofs of knowledge (PoKs) in the random oracle model (ROM). These are proofs where the malicious prover can adaptively issue multiple statements and proofs, and where the extractor is supposed to extract a witness for each statement. They begin by studying the traditional notion of zero-knowledge PoKs in the ROM and then show how to extend it to the case of adaptive adversaries and to simulation soundness, where the adversary can also learn simulated proofs. The authors’ first main result is negative. Under common assumptions, they can show that the well-known Fiat–Shamir–Schnorr proof system is not adaptively secure. As for the second result, they prove that an existing construction due to Fischlin (Crypto 2005) yields adaptively secure simulation-sound PoKs in the ROM. Since the purpose of this work is to motivate and introduce adaptive proofs, they only briefly discuss some applications to other areas, for example that adaptive proofs seem to be exactly what one requires to construct chosen-ciphertext attack-secure public-key encryption from indistinguishability under chosen plaintext attack secure schemes.

Divisible e-cash systems allow users to withdraw a unique coin of value 2 ⁿ units from a bank, but then to spend it in several times to distinct merchants. In such a system, whereas users want anonymity of their transactions, the bank wants to prevent, or at least detect, double-spending, and trace defrauders. While this primitive was introduced two decades ago, quite a few (really) anonymous constructions have been proposed. In addition, all but one were just proven secure in the random oracle model, but still with either weak security models or quite complex settings and thus costly constructions. The unique proposal, secure in the standard model, appeared recently and is unpractical. As evidence, the authors left the construction of an efficient scheme secure in this model as an open problem. In this study, the authors answer it with the first efficient divisible e-cash system secure in the standard model. It is based on a new way of building the coins, with a unique and public global tree structure for all the coins. Actually, they propose two constructions which offer a tradeoff between efficiency and security. They both achieve constant time for withdrawing and spending amounts of 2^ℓ units, while allowing the bank to quickly detect double-spendings by a simple comparison of the serial numbers of deposited coins to the ones of previously spent coins.

The authors describe a method to bootstrap a packed BGV ciphertext which does not depend (as much) on any special properties of the plaintext and ciphertext moduli. Prior ‘efficient’ methods such as that of Gentry et al. (PKC 2012) required a ciphertext modulus q which was close to a power of the plaintext modulus p. This enables the authors’ method to be applied in a larger number of situations. The authors’ basic bootstrapping technique makes use of a representation based on polynomials of the group over the finite field , followed by polynomial interpolation of the reduction mod p map over the coefficients of the algebraic group. This technique is then extended to the full BGV packed ciphertext space, using a method whose depth depends only logarithmically on the number of packed elements. This method may be of interest as an alternative to the method of Alperin-Sheriff and Peikert (CRYPTO 2013). To aid efficiency, the authors utilise the ring/field switching technique of Gentry et al. (SCN 2012, JCS 2013).

Recent work on structure-preserving signatures (SPS) studies optimality of these schemes in terms of the number of group elements needed in the verification key and the signature, and the number of pairing-product equations in the verification algorithm. While these measures are crucial for many applications, another important aspect to consider for performance is verification time, which for these schemes is dominated by pairings computation. Although prior work considers optimality in terms of number of pairing-product equations, this measure does not capture the exact number of pairings needed in verification. To fill this gap, we study the minimal number of pairings needed in verification of SPS. First, we prove lower bounds for schemes in the Type~II setting secure under chosen message attacks in the generic group model. We show that three pairings are necessary and at most one of these pairings can be precomputed. Second, we build an automated tool to search for schemes matching our lower bounds. Using this tool, we find a new randomisable SPS in the Type~II setting that is optimal with respect to our lower bound on the number of pairings, and minimal in terms of group operations to be computed during verification.

Cryptographic schemes based on the learning parity with noise (LPN) problem have several very desirable aspects: low computational overhead, simple implementation and conjectured post-quantum hardness. Choosing the LPN noise parameter sufficiently low allows for public key cryptography. In this study, the authors construct the first standard model public key encryption scheme with key dependent message security based solely on the low-noise LPN problem. Additionally, they establish a new connection between LPN with a bounded number of samples and LPN with an unbounded number of samples. In essence, they show that if LPN with a small error and a small number of samples is hard, then LPN with a slightly larger error and an unbounded number of samples is also hard. The key technical ingredient to establish both results is a variant of the LPN problem called the extended LPN problem.

This study deals with the design and implementation of an Embedded Cooperative-Hybrid Intrusion Detection System (ECHIDS) for a solar energy harvested Road Side Unit(RSU). In order to offer a high level of defense against the various attacks and to cope against the limited processing and energy resources of RSU, we suggest a cooperative IDS approach. In this approach, the RSUs do not depend only on their local view to make conclusions about the security status of their network, but also cooperate with their VANET server by exchanging security reports to create a more global and precise idea about the security situation of the whole network, the possible attacks and their origins. The other main contribution in this paper is the attempt to insert a Hybrid Intrusion Detection System functionality (combines all the three IDS techniques :signature based IDS, anomaly based IDS and behavioral based IDS) into the RSU itself. Each one of these IDSs has its own resistance strategy against certain classes of attacks which enhances RSUs’ immunity. The suggested IDS was prototyped using an experimental model based on the Ubicom IP2022 network processor development kit and different practical tests were performed to evaluate the effectiveness of the suggested solutions.

The authors present a new general construction of public key encryption (PKE) based on the restricted subset membership (RSM) assumption, which can achieve the bounded-memory leakage resilient security and the auxiliary-input leakage resilient security simultaneously. The construction is BHHO-type, as Brakerski et al. work, but the message space is much larger and the proof is more concise benefiting from the RSM assumption. Instantiating the construction with the QR assumption, the authors get the first QR-based auxiliary-input secure PKE with a larger message space than {0,1}. Moreover, the authors generalise the Goldreich–Levin theorem to large rings. This theorem helps to improve the construction to achieve the same security level with fewer public parameters and shorter ciphertexts compared with Brakerski et al. work. For the bounded-memory leakage resilient security, the construction can achieve leakage rate of 1 − o(1) and avoid the dependence between the message length and the amount of leakage. Based on the general construction, the authors also can achieve both bounded-memory leakage resilient chosen ciphertext attack (CCA) security and the auxiliary-input leakage resilient CCA security via the well-known Naor–Yung paradigm.

Considering that the text information might be leaked through electromagnetic radiation from a computer display, a novel algorithm has been developed to detect the text information leakage. Motivated by the observation that the ‘text - space – text’ characteristic for electromagnetic radiation signal contains the text information, the authors proposed a method to describe this characteristic. In this method, sparse decomposition in wavelet was used and sub-band sparsity was defined. Variance mean ratio and correlation coefficients of sub-band sparsity were combined as the features of electromagnetic radiation signals. By using this method, the authors can accurately and efficiently detect the text information leakage in electromagnetic radiation from a computer display without reconstructing the displayed image.

Commodity operating system kernels are vulnerable to a wide range of attacks due to the large code base and broad attack surface. Mitigation mechanisms such as code signing, W⊕X, and code integrity protection have raised the bar for kernel security. In turn, attack mechanisms have also become increasingly advanced. They have evolved from simple injection of malicious code into more sophisticated code-reuse attacks [e.g. return-oriented programming (ROP)]. In this study, the authors describe exception-oriented programming (EOP), a novel code-reuse method to construct kernel malware. Unlike previous ROP that can only reuse a limited part of existing code (gadgets), EOP is able to reuse any instruction in existing code and chain the instructions in any order to generate malicious programmes. As a result, EOP can provide the attackers with more powerful capabilities and less complexity for building kernel malware.

As an ISO/IEC international standard, Camellia has been used in various cryptographic applications. In this study, the authors present the best currently known attacks on Camellia-192/256 with key-dependent layers FL/FL ⁻¹ (without the whitening layers) by taking advantage of the intrinsic weakness of keyed functions, the redundancy of key schedule and the early abort technique. Specifically, the authors mount the first impossible differential attack on 13-round Camellia-192 with 2^124.79 chosen plaintexts, 2^186.09 13-round encryptions and 2^129.79 bytes, while the analysis for the biggest number of rounds in previous results on Camellia-192 worked on 12 rounds. Furthermore, the authors successfully attack on 14-round Camellia-256 with 2^122.14 chosen plaintexts, 2^228.33 14-round encryptions and 2^134.14 bytes. Compared with the previously best known attack on 14-round Camellia-256, the time and memory complexities are reduced by 2^9.87 times and 2^46.06 times, and the data complexity is comparable.

Pseudorandom sequences are very important in the field of cryptography. The characteristics such as non-linearity and random-like behaviours make chaotic systems suited to generate pseudorandom sequences. However, most of chaos-based pseudorandom number generators have a typical shortcoming. That is, the finite precision in all processors may cause the chaotic systems to degenerate into a periodic function or a fixed point. To overcome this shortcoming, a hyperchaos-based generator is proposed. First, a new hyperchaotic system with bigger Lyapunov exponent is constructed. Then the self-shrinking generator, which is superior to many other linear feedback shift register-based generators, is used to perturb the hyperchaotic sequences to decrease the period degeneration and improve the performance of the sequences. The proposed generator is named as hyperchaos with self-shrinking perturbance generator (H-SSP generator). The analysis results show that the H-SSP generator has better performance.

In ideality, cryptographic primitives take for granted that the secret sources are derived from uniform distribution. However, in reality, we may only obtain some ‘weak’ random sources guaranteed with high unpredictability (e.g. biometric data, physical sources, and secrets with partial leakage). Formally, the security of cryptographic primitives is measured by the expectation of some function, called ‘perfect’ expectation in the ideal model and ‘weak’ expectation in the real model. The authors propose some elementary inequalities which show that the ‘weak’ expectation is not much worse than the ‘perfect’ expectation. The authors present how to overcome weak expectations dependent on the Rényi entropy other than the min and collision entropies by Dodis and Yu [TCC 2013]. The authors achieve these results by capturing on two approaches: one is by observing a new relationship between the collision entropy and other Rényi entropy, the other is by developing the connection between different moments of a variable. Furthermore, pseudorandom generator, and pairwise independent hash function family, the authors extend key derivation functions based on the Rényi entropy. The results are applied to all unpredictability applications and ‘square-friendly’ indistinguishability applications including CPA-secure symmetric-key encryption schemes.