TRIVIUM is a stream cipher of the finalists by eSTREAM project and has been accepted as ISO standard. Although the design has a simple structure, no attack on its full cipher has been found yet. In this study, based on Maximov and Biryukov's attack, the authors present an improved guess-and-determine attack on TRIVIUM. Analysis details are provided corresponding to TRIVIUM specifications for better comprehension, and errors that may lead to higher attack complexity in the original attack are pointed and corrected. They further bring in some techniques like backward-clock equation collection, quadratic equations, linear transformation to improve the attack. In addition, they integrate with time-memory-data tradeoffs from the framework, based on the analysis of the coefficient matrices form of derived linear equation systems on the internal state. In this way, better use of the imposed quadratic conditions can be made, which leads to reduced attack complexity by filtering out the impossible keystreams before solving the equation systems. Their attack offers more parameter selections, and gives several borderline results compared with the key exhaustive search. The new attack behaves better in the original case. It also verifies the necessity of data requirement imposed on TRIVIUM, which is questioned in TRIVIUM specifications.

Different from conventional key-based cryptography schemes, physical-layer security (PLS) techniques have drawn much attention recently to realise unconditional security from the information theory perspective. As an important performance metric in PLS, the ergodic secrecy rate (ESR) for a multi-input multi-output wireless communication network over a Nakagami fading channel is analysed. The network is consisted of a multi-antenna transmitter (Alice), a multi-antenna legitimate receiver (Bob), and a multi-antenna eavesdropper (Eve). By using the selective transmission (ST) at Alice and the maximum ratio combining (MRC) at Bob and Eve, an exact expression of the ESR is derived. However, due to the infinite summation, it is very hard to evaluate the ESR performance. To reduce computational complexity and obtain more insights, a lower bound of the ESR is then obtained, which is in a closed form. As special cases, the lower bounds of the ESR for the signal-antenna scenario and Rayleigh fading channel are also obtained, respectively. Numerical results show that the derived expressions of the ESR and its lower bound are very accurate to evaluate system performance.

Leakage of private information has become a threat to the security of computing systems. It has become a common security requirement that a cryptography scheme should withstand various leakage attacks, even the continuous leakage attacks. However, in the current constructions on the (continuous) leakage-resilient identity-based encryption (CLR-IBE) scheme, the leakage parameter is a fixed value. Aiming to solve these problems, in this study, the authors show how to construct the CLR-IBE scheme, and the adaptive chosen-ciphertext attacks security of proposed construction can be proved in the standard model. To further improve the practicability of CLR-IBE scheme, they design an improved IBE scheme with continuous leakage amplified property, and the leakage parameter has an arbitrary length.

This study studies the influence of country attributes on the number of secure shell attacks originating from it detected by the author's honeynet. Four statistical models are described, based on three sources of data from various countries. The studied attributes of the countries can be broadly divided into demographic, technological, and economic, with each source providing a slightly different set of attributes. Statistical methods such as partial least-squares path modelling are used, clustering countries by their assessed similarity. The population size has the greatest effect on the number of attacks, as expected, though it has to be noted that developing countries did not provide relevant data to the sources used and thus were not included. The following influential attributes were technical such as the access to information and communication technologies (ICT), and the use of ICT, with the economic influence being notable only in rather small countries. The Netherlands was an interesting anomaly, being clustered alongside large countries, even though its country attributes were very much like those of its neighbours.

Algebraic analysis of block ciphers aims at finding the secret key by solving a collection of polynomial equations that describe the internal structure of a cipher for chosen observations of plaintext/ciphertext pairs. Although algebraic attacks are addressed for cryptanalysis of block and stream ciphers, there is a lack of understanding of the impact of algebraic representation of the cipher on efficiency of solving the resulting collection of equations. The study investigates some different S-box representations and their effect on complexity of algebraic attacks. In particular, the authors observe that a S-box representation defined in the work as forward–backward (FWBW) leads to a collection of equations that can be solved efficiently. They show that the SR(10,2,1,4) cipher can be broken with algebraic cryptanalysis using standard algebra software Singular and FGb. This is the best result achieved so far. The effect of description of S-boxes for some light-weight block ciphers is investigated. A by-product of this result is that some improvements have been achieved on the algebraic cryptanalysis of LBlock, PRESENT and MIBS light-weight block ciphers. The authors’ study and experiments confirm a counter-intuitive conclusion that algebraic attacks work best for the FWBW S-box representation. This contradicts a common belief that algebraic attacks are more efficient with quadratic S-box representation.

In a designated verifier signature (DVS) scheme, the validity of the signature can only be checked by a designated entity chosen by the signer. Furthermore, the designated entity cannot convince a third party that the signature is generated by the signer. A multi-designated verifiers signature (MDVS) scheme is an extension of a DVS which includes multiple designated verifiers. To the best of the authors’ knowledge, there are two existing patterns for an MDVS scheme. In the first pattern, every verifier of the set of designated verifiers can check the validity of the signature independently. In the second pattern, the cooperation of all designated verifiers is required for checking the validity of the signature. In this study, the authors propose a generic new pattern for an MDVS scheme in which a threshold number of the set of designated verifiers can check the validity of the signature. They also present a concrete MDVS scheme with threshold verifiability in the standard model. Moreover, they compare their scheme with other existing MDVS schemes. Finally, they briefly explain scenarios in which the proposed pattern can be applicable.

The authors analyse the security of Keccak (the winner in SHA-3 competition) by focusing on the zero-sum distinguishers of its underlying permutation (named Keccak-f). The authors’ analyses are developed by using the division property, a generalised integral property that was initially used in the integral cryptanalysis of symmetric-key algorithms. Following the work pioneered by Todo at CRYPTO 2015, they first formalise and prove a more delicate propagation rule of the division property under the assumption that the S-box's specification is known to attackers. Then, they apply this rule to the inverse S-box in Keccak-f with a further study on properties of its algebraic degree. They find that the rate of decline in the division property is gentler than that of a randomly chosen S-box. Meanwhile, they get the same results for the S-box in Ascon permutation. Thanks to this vulnerable property, they can improve the higher-order differential characteristics against the inverse of Keccak-f in terms of the required number of chosen plaintexts. As an application, they give new zero-sum distinguishers on full 24-round Keccak-f of size . To the authors’ knowledge, this is currently the best zero-sum distinguishers of full-round Keccak-f permutation. Incidentally, they give the corresponding results for 12-round Ascon permutation.

Based on the method of the H-representation of the convex hull, the linear inequalities of all possible differential patterns of 4-bit S-boxes in the mix integer linear programming (MILP) model can be generated easily by the SAGE software. Whereas this method cannot be apply to 8-bit S-boxes. In this study, the authors propose a new method to obtain the inequalities for large S-boxes with the coefficients belonging to integer. The relationship between the coefficients of the inequalities and the corresponding excluded impossible differential patterns is obtained. As a result, the number of inequalities can be lower than 4000 for the AES S-box. Then, the new method for finding the best probability of the differential characteristics of 4–15 rounds SM4 in the single-key setting is presented. Especially, the authors found that the 15-round SM4 exists four differential characteristics with 12 active S-boxes. The exact lower bound of the number of differentially active S-boxes of the 16-round SM4 is 15. The authors also found eight differential characteristics of the 19-round SM4 with the probability .

High-bandwidth network analysis is challenging, resource consuming, and inaccurate due to the high volume, velocity, and variety characteristics of the network traffic. The infinite stream of incoming traffic forms a dynamic environment with unexpected changes, which requires analysing approaches to satisfy the high-bandwidth network processing challenges such as incremental learning, inline processing, and outlier handling. This study proposes an inline high-bandwidth network stream clustering algorithm designed to incrementally mine large amounts of continuously transmitting network traffic when some outliers can be dropped before determining the network traffic behaviour. Maintaining extended-meta-events as abstracting data structures over a sliding window, enriches the algorithm to address the high-bandwidth network processing challenges. Evaluating the algorithm indicates its robustness, efficiency, and accuracy in analysing high-bandwidth networks.

Escrowed decryption schemes (EDSs) are public-key encryption schemes with an escrowed decryption functionality that allows authorities to decrypt encrypted messages under investigation, following a protocol that involves a set of trusted entities called ‘custodians’; only if custodians collaborate, the requesting authority is capable of decrypting encrypted data. This type of cryptosystem represents an interesting trade-off to privacy versus surveillance dichotomy. In this study, the authors propose two EDSs where they use proxy re-encryption to build the escrowed decryption capability, so that custodians re-encrypt ciphertexts, in a distributed way, upon request from an escrow authority, and the re-encrypted ciphertexts can be opened only by the escrow authority. Their first scheme, called EDS, follows an all-or-nothing approach, which means that escrow decryption only works when all custodians collaborate. Their second scheme, called threshold EDS, supports a threshold number of custodians for the escrow decryption operation. They propose definitions of semantic security with respect to the authorities, custodians and external entities, and prove the security of their schemes, under standard pairing-based hardness assumptions. Finally, they present a theoretical and experimental analysis of the performance of both schemes, which show that they are applicable to real-world scenarios.

The -protocols for homomorphism relations are one of the cryptographic protocols which are used to prove knowledge of homomorphism relations. The Schnorr protocol is one of the most famous -protocols used for proving knowledge of discrete logarithm (DL) relation in which the verifier essentially performs one double-exponentiation (i.e. a group computation of the form a^xb^y ). A direct application of the Schnorr protocol for proving simultaneous knowledge of n DLs with a common base leads to a -protocol in which the verifier performs n double-exponentiations. In this study, the authors propose another -protocol for homomorphism relations. The proposed -protocol has fast verification when is used to prove the simultaneous homomorphism relations with a common homomorphism. Also, when the DL instantiation (DL-instantiation) of the proposed -protocol is used to prove simultaneous knowledge of n DLs with a common base, it leads to a -protocol in which the verifier performs n+1 single-exponentiations.

Here, the authors correct the proof in the reference when explaining that the produced plateaued functions have no non-zero linear structures. Moreover, a new class of plateaued functions with the best algebraic degree is given.