New Publications are available for Cryptography theory
http://dl-live.theiet.org
New Publications are available now online for this publication.
Please follow the links to view the publication.The fine structures of three idempotent Latin squares with small orders
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1024
Latin squares have wide application in communication and cipher. Denote by IdFin(v) the set of all integer pairs (t, s) for which there exist three idempotent Latin squares of order r on the same set having fine structure (t, s). We obtain that (6, 17), (4, 18)∈IdFin(7), which gives some new examples (6, 17), (4, 18)∈Fin(7). We prove that (t, 16)∉IdFin(v) with 0t3 for order v with 8 v 11, and determine the set IdFin(11).A method to construct elements of IdFin(2v+1) by using elements in IdFin(v)
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1026
Latin squares have wide application in communication and cipher. Denote by IdFin(r) the set of all integer pairs (t, s) for which there exist three idempotent Latin squares of order v on the same set having fine structure (t, s). A method to construct elements of IdFin(2v+1) by using elements in IdFin(v) is presented.A QoS-supported scheme for quantum key distribution
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1461
As a technology of providing different service qualities to the different applications/users, QoS is a research hotspot in communication field. For quantum key distribution (QKD) networks which provide unconditional security for distribution of cryptographic keys, its unique characteristics, like extreme quantum key resource constraint and the different time requirements of secure key distribution, pose unprecedented challenges for the QoS support in QKD networks. In this paper, a service model is presented firstly, which includes three service classes with different distribution time requirements: key-guaranteed service, key-prioritized service and key-best-effort service. Then, a QoS-supported scheme is proposed to support this service model. Particularly, Quantum Key Reservation Approach (QKRA) is designed to reserve quantum keys for the key-guaranteed service. The simulation is conducted to investigate the performance of this QoS-supported scheme.Re-keying scheme for secure multicast based on multi-group key tree
http://dl-live.theiet.org/content/conferences/10.1049/cp.2010.0722
A re-keying scheme with multi-group key tree shared between multicast groups under group members (GMs) overlapping condition was presented in this paper, and solved the problem that re-keying cost of multicast groups had a linear relationship with the number of multicast groups. In this scheme, leaf nodes on tree were private keys of GMs, extended root nodes were group keys and keys corresponding to all nodes were updated using Pseudo. Random Function (PRF) and Exclusive OR (XOR) operation. The simulation results of verification system show that this scheme obviously improves re-keying performance to some extent under communication scene with multicast groups.Experimental validation of a true random binary digit generator fusion with a pseudo random number generator for cryptographic module application
http://dl-live.theiet.org/content/conferences/10.1049/cp.2009.1708
In this paper the experimental validation of a novel, modified double scroll chaotic attractor circuit, employed as a true random binary generator (TRBG) is presented. The double scroll attractor is modeled on Chua's circuit constituted as independent chaotic oscillator using passive only nonlinear device for nonlinear operation leading to chaotic behavior. The output from the chaotic circuit which is a correlated binary sequence is scrambled with a pseudo random binary sequence generator (PRBSG) topology to yield a true random binary source for key stream generation. The modified chaotic circuit has been first modeled in PSpice software. The randomness attributes of the modified generator, obtained from both the PSpice model and hardware implementation, using the PRBSG de-correlator were successfully tested by the well known NIST Test Suite and Diehard Test Set for statistical validation. Output binary streams from the proposed modified generator were examined for randomness using both Test Suites with all tests successfully passed for both PSpice model and experimental chaotic circuit generator. A physical TRBG has been constructed on the basis of the proposed PRBSG modification with all statistical tests successfully passed confirming theoretical expectations. (6 pages)Practical comparison of differential power analysis techniques on an ASIC implementation of the AES algorithm
http://dl-live.theiet.org/content/conferences/10.1049/cp.2009.1734
Attackers can reveal the secret key stored in an electronic cryptographic device from the instantaneous power consumption using statistical analysis. The technique used to attack such devices by monitoring the power consumption is called Differential Power Analysis (DPA). To date, two variants of the basic DPA attack have been developed, which are Correlation Power Analysis (CPA) and Differential Frequency-based Analysis (DFA). In this research DPA, CPA and DFA attacks are performed on an Application Specific Integrated Circuit (ASIC) implementation of the Advanced Encryption Standard (AES) algorithm using a Side-channel Attack Standard Evaluation Board (SASEBO-R). SASEBO-R is a circuit board that contains an ASIC cryptographic device and which was specifically designed with features to perform DPA attacks. In this paper improved DPA and DFA techniques are proposed to reduce the time complexity of both attacks as well as the number of samples required to reveal the secret key. Finally, a comparison between all of the attacks is provided in terms of both time complexity and effectiveness. (6 pages)A novel efficient m-out-of-n oblivious transfer scheme
http://dl-live.theiet.org/content/conferences/10.1049/ic.2009.0174
Oblivious Transfer is an important cryptographic protocol in various security applications. In this paper, we propose an efficient two-pass m-out-of-n Oblivious Transfer protocol in which the sender S initializes the system with n public messages, the receiver R sends j messages to S, where j is strictly less than m, and S sends j messages back to R. The protocol provides unconditional security for R. The computational security for S is based on the RSA assumption. Analyses show that the proposed protocol is most efficient in terms of the communication cost either in number of passes of information exchange or in the number of messages, and in terms of the computational cost number of modular exponentiations. (4 pages)Fault injection platform for block ciphers
http://dl-live.theiet.org/content/conferences/10.1049/cp_20080631
Block ciphers are typically resistant to direct attacks, such as an exhaustive key search or cryptanalysis, all of which require too many resources to achieve an efficient attack. Many block ciphers are examined for their resistance to less direct attacks that target a given implementation. Of these attacks, fault attacks are amongst the most effective at retrieving information on secret key, and require specific countermeasures to be included in an implementation. In this paper we describe a simple platform for the study of fault injection and analysis in the context of fault attacks block ciphers based on a Feistel structure (e.g. DES). We show that an attacker who can successfully inject faults into a block cipher can reduce the complexity of an attack to derive the secret key. We also present a novel version of the attack than can be applied to Triple-DES by independently injecting faults in the second and third instantiations of DES involved in a Triple- DES computation.Time hopping encryption techniques
http://dl-live.theiet.org/content/conferences/10.1049/cp_20081040
Different from the encryption techniques based on frequency hopping(FH), this paper discusses the fundamental of order changing operation, puts forward the basic encryption techniques based on time hopping(TH) and discussed some problems in the actual application. Results of the pilot study illuminate that the TH encryption techniques is practical since its high encrypt intensity, simple hardware implement and short running delay that could be adopted in the channel coding to enhance the security of information.Secure steganographic method
http://dl-live.theiet.org/content/conferences/10.1049/cp_20080298
A new data hiding method completely secure against the first-order statistical attack is proposed. This method separates the selective and non-selective blocks first, selects the selective blocks next, and shifts the position of last non-zero AC coefficients to embed secret messages. Even after hiding data, non-zero JPEG coefficients remain unchanged. Since this method does not change the AC coefficients, but changes their positions, the produced histogram of the image after data hiding remains the same as that of original image.Analysis of reconciliation protocol in quantum key distribution using coherent states
http://dl-live.theiet.org/content/conferences/10.1049/cp_20080812
In this report, the security condition as well as the security key rate of the main three methods of reconciliation - direct reconciliation (DR), reverse reconciliation (RR) and postselection (PS) are discussed in a lossy and noisy channel, whose parameters are affected by individual attacks, using the channel model. Also disadvantage and advantage of each reconciliation protocol are researched.An authentication and session key agreement protocol based on identity signature
http://dl-live.theiet.org/content/conferences/10.1049/cp_20080815
A new authentication and session key agreement protocol based on identity signature is proposed. The proposed protocol is composed of four parts: the registration of users, user identity initialization, the authentication of user's identity and the generation of session key. The proposed system involves three partners, user A, user B and the trusted party (TP). The existence of TP prevents the man-in-middle attack. During the generation of session key, TP is allowed to be offline. Our protocol combines the public key with the identity of user, and makes it feasible that the network identity of a user is represented by the public key. The generation of private key and session key is accomplished by user alone, without the participation of a TP. During the generation of session key, the users authenticate the identity of each other using the corresponding user signatures. The authentication is performed without the participation of a TP, thus reducing the risk of exposing of the master key. The proposed protocol is highly efficient and secure.Design of LDPC-based error correcting cipher
http://dl-live.theiet.org/content/conferences/10.1049/cp_20081038
In this paper, we propose a LDPC error correcting cipher which joints the Advanced Encryption Standard (AES) and LDPC code together. The LDPC error correcting cipher which is based on the wide trail strategy is a six round block cipher that encrypts 256 bit plaintexts using secret key to produce 512 bit ciphertexts, and the key is composed of 128 bit AES secret key and LDPC generator matrix. By using the LDPC generator matrix with high performance in diffusion property, we made the LDPC error correcting cipher as secure as the Advanced Encryption Standard (AES) against linear, differential attacks in fewer rounds. Even the square attack has no effect on attacking the cipher. Lastly, the process of encrypting/decrypting is implemented, and the security and error correction capacity is analyzed also.Cryptanalysis of a robust protocol for generating shared RSA parameters
http://dl-live.theiet.org/content/conferences/10.1049/cp_20070341
At IMA-Crypto & Coding' 99, A. M. Barmawi et al. proposed a robust protocol for generating shared RSA parameters, which was claimed to be secure and robust from cheaters and malicious parties. In this paper, we propose a cryptanalysis of A. M. Barmawi's protocol and show that every valid participating party can recover the factorization of the RSA modulus N with the computational complexity O(log<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">3</sup>N). Therefore, the secret RSA key parameters p, q, d axe exposed to all the participating parties and A. M. Barmawi' s protocol is totally broken.A fast fixed-base comb method resistant against SPA
http://dl-live.theiet.org/content/conferences/10.1049/cp_20061581
According to the fixed-base comb method's features, this paper apply the direct computations of 2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">k</sup>P and 2P+Q to the comb method's precomputation and evaluation stage respectively. Taking advantage of trading inversions for multiplications, the improved method is able to obtain about 73%~83% improvement in precomputation stage and a range of 38%~43% in evaluation stage over prime field, furthermore, our improved method is resistant to simple power analysis by pretreating the scalar k. (4 pages)Key reconciliation in quantum key distribution
http://dl-live.theiet.org/content/conferences/10.1049/ic_20050587
This paper presents a slide presentation on the key reconciliation in quantum key distribution. The classical communication, error correction protocols, and performance comparison are included in the presentation. (20 pages)Entangled state quantum key distribution
http://dl-live.theiet.org/content/conferences/10.1049/ic_20050580
This paper presents a slide presentation on entanglement based quantum key distribution (QKD). It first introduced entanglement then discussed the BBM92 protocol for quantum cryptography using entangled states. Then a demonstration of QKD outside the laboratory using entangled photons. A new type of entangled source for long distance QKD is also presented. (8 pages)Will QC make a difference for business-to-business security?
http://dl-live.theiet.org/content/conferences/10.1049/ic_20050578
This paper presents a slide presentation of the business impact of quantum cryptography. The pragmatics of quantum cryptography are also included in the presentation. (3 pages)Fast and simple one-way quantum key distribution
http://dl-live.theiet.org/content/conferences/10.1049/ic_20050583
This paper presents a slide presentation on a fast and simple one-way quantum key distribution. A new time coding scheme and high speed IR photon counters are presented. (7 pages)Free space quantum cryptography
http://dl-live.theiet.org/content/conferences/10.1049/ic_20050582
This paper presents a slide presentation on free space quantum cryptography. The presentation includes: the BB84 quantum key distribution protocol, the current status of QKD experiments; and a stand alone QKD system. (14 pages)Development of an ultra high-secure and 1 Gbps optical transmission system using quantum noise diffusion cryptography
http://dl-live.theiet.org/content/conferences/10.1049/cp_20050606
We demonstrate high-speed (1 Gbps) data encryption and optical transmission using 'quantum noise diffusion cryptography'. M-ary amplitude modulating scheme over 100 levels will enhance the quantum noise effect on encrypted data and prevents eavesdropping. (2 pages)Effect of a weak magnetic field on quantum cryptography links
http://dl-live.theiet.org/content/conferences/10.1049/cp_20050856
We study the performance of a commercial bidirectional quantum key distribution system in the presence of a weak magnetic field (about 50 μT) applied along the fiber axis. We observe a quadratic increase in quantum bit error rate with the angle of Faraday rotation. (2 pages)Investigation of signal preprocessing on blind steganalysis performance
http://dl-live.theiet.org/content/conferences/10.1049/cp_20040546
Steganalysis is the art of detecting and/or decoding secret messages embedded in multimedia content. The topic has received considerable attention in recent years due to the malicious use of multimedia documents for covert communication. An investigation of steganalysis performance using de-noising filters and support vector machines is performed.Signalling-efficient signature based PKI authentication method for wireless communication systems
http://dl-live.theiet.org/content/conferences/10.1049/cp_20030305
The trend in wireless communication systems is that they will become more flexible and customised One application area envisaged in this regard is the introduction of third party players for provision of enhanced new services. This will require specific security techniques to support new features. Developing the security solutions should take into account requirements of multiparty operation on the one hand and limitation of the wireless bearers on the other hand. This paper addresses issues of provision of fundamental authentication in the multiparty system using a public key infrastructure (PKI), with some preliminary assessment of the proposed technique.Combining digital watermarks and collusion secure fingerprints for customer copy monitoring
http://dl-live.theiet.org/content/conferences/10.1049/ic_20000217
Digital watermarking is the enabling technology to prove ownership on copyrighted material, detect originators of illegally made copies, monitor the usage of the copyrighted multimedia data and analyze the spread spectrum of the data over networks and servers. Embedding of unique customer identification as a watermark into data is called fingerprinting to identify illegal copies of documents. Basically, watermarks embedded into multimedia data for enforcing copyrights must uniquely identify the data and must be difficult to remove, even after various media transformation processes. Digital fingerprinting raises the additional problem that we produce different copies for each customer. Attackers can compare several fingerprinted copies to find and destroy the embedded identification string by altering the data in those places where a difference was detected. In our paper we present a technology for combining a collusion-secure fingerprinting scheme based on finite geometries and a watermarking mechanism with special marking points for digital images. The only marking positions the pirates can not detect are those positions which contain the same letter in all the compared documents, called intersection of different fingerprints. The proposed technology for a maximal number d of pirates, puts enough information in the intersection of up to d fingerprints to uniquely identify all the pirates. (6 pages)Towards ‘robust' watermarks
http://dl-live.theiet.org/content/conferences/10.1049/ic_20000213
Digital watermarking remains a very empirical area of research so an immediate question which stands out is whether we can develop a comprehensive theory of information hiding, in the sense that Shannon provided us with a proof that one-time pad is secure regardless of the computational power of the opponent. Quite apart from intellectual curiosity, there is a strong practical reason to seek constructions whose security is mathematically provable. This is because copyright protection mechanisms may be subjected to attack over an extraordinarily long period of time. Copyright subsists for typically 50-70 years after the death of the artist, depending on the country and the medium; this means that mechanisms fielded today might be attacked using the resources available in a hundred years' time. This paper gives a general introduction to digital watermarking, its weaknesses and the challenging opportunities for future research. (7 pages)An introduction to JPEG 2000 and watermarking
http://dl-live.theiet.org/content/conferences/10.1049/ic_20000214
This paper discusses the following topics: background; JPEG 2000-what, where and when? how does JPEG 2000 stack up? protection of IPR in JPEG DCT and JPEG 2000 images; does watermarking have a future in JPEG 2000? (6 pages)A blind watermarking scheme based on structured codebooks
http://dl-live.theiet.org/content/conferences/10.1049/ic_20000215
Blind digital watermarking is the communication of information via multimedia host data, where the unmodified host data is not available to the watermark detector. Many watermarking schemes suffer considerably from the remaining host-signal interference. For the additive white Gaussian case, M.H.M. Costa (1983) showed theoretically that interference from the host can be eliminated. However, the proof involves a huge, unstructured, random codebook, which is not feasible in practical systems. We present a suboptimal, practical scheme that employs a lattice-structured codebook to reduce complexity. The performance of the proposed scheme is compared to the information-theoretic limit and similar recent proposals. (21 pages)From security to trust - creating confidence to trade electronically
http://dl-live.theiet.org/content/conferences/10.1049/ic_19980782
The Internet is widely predicted to revolutionise commerce over the next few years. However, the full potential of e-Commerce will only be realised if buyers and sellers have the confidence to trade electronically. Concerns over the security of the Internet, much hyped by the media, have done little to reassure users that the Internet is a safe place to trade. These concerns must clearly be addressed if e-Commerce is to prosper. However, commercial transactions ultimately rely on the establishment of trust and co-operation between buyers and sellers, not just the security of the trading environment. This paper therefore first outlines some of the technologies which are being developed to address security concerns and then move on to discuss how these can be applied to facilitate trust in electronic trading. (6 pages)Attribute-based signature scheme with constant size signature in the standard model
http://dl-live.theiet.org/content/journals/10.1049/iet-ifs.2011.0094
In this study, the authors propose a new efficient attribute-based signature (ABS) scheme. This scheme achieves existential unforgeability against selective predicate attack and attributes signer privacy in the standard model. The signature scheme only needs three pairing operations, and the signature size is constant, regardless of the number of attributes. Compared with other existing schemes, this construction provides better efficiency in terms of the computational cost and communication cost. To the best of author's knowledge, this is the first ABS scheme that can achieve constant signature size and constant number of pairing operations. In addition, after the analysis of Wang and Chen's attribute-based ring signature scheme, the authors show that their scheme is incorrect.Internal state recovery of Grain-v1 employing normality order of the filter function
http://dl-live.theiet.org/content/journals/10.1049/iet-ifs.2011.0107
A novel technique for cryptanalysis of the stream cipher Grain-v1 is given. In a particular setting, the algorithms proposed in this study provide recovery of an internal state of Grain-v1 with the expected time complexity of only 2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">54</sup> table look-up operations employing a memory of dimension ∼2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">70</sup>, assuming availability of 2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">34</sup> keystream sequences each of length 2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">38</sup> generated for different initial values, and the pre-processing time complexity of ∼2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">88</sup>. These figures appear as significantly better in comparison with the previously reported ones. The proposed approach for cryptanalysis primarily depends on the order of normality of the employed Boolean function in Grain-v1. Accordingly, in addition to the security evaluation insights of Grain-v1, the results of this study are also an evidence of the cryptographic significance of the normality criteria of Boolean functions.Enhanced multiparty quantum secret sharing of classical messages by using entanglement swapping
http://dl-live.theiet.org/content/journals/10.1049/iet-ifs.2011.0233
Based on the multiparty quantum secret sharing (QSS) protocol called Zhang–Man protocol, the authors proposed two schemes to enhance the transmission efficiency of whole protocol. In the proposed improved protocol, the dealer can transmit double amount of secret messages at a time securely instead of doing the original Zhang–Man protocol twice. Besides, the authors save a lot of cost of whole QSS system. When the amount of secret messages is large and the number of agents is more, the performance of our protocol is much better than the Zhang–Man protocol. The authors also proposed a reuse scheme, after the secret message had been deduced, the left qubits can be reused for a new round. All of the scheme the authors mentioned above could be extended to multiparty cases in practice.Statistical attack against fuzzy commitment scheme
http://dl-live.theiet.org/content/journals/10.1049/iet-bmt.2011.0001
In this study a statistical attack against fuzzy commitment schemes is presented. Comparisons of different pairs of binary biometric feature vectors yield binomial distributions, the standard deviations of which are bounded by the entropy of biometric templates. In case error correction consists of a series of chunks, like in the vast majority of approaches, helper data become vulnerable to statistical attacks. Error-correction codewords are bound to separate parts of a binary template among which biometric entropy is dispersed. As a consequence, chunks of the helper data are prone to statistical significant false acceptance. In experimental evaluations the proposed attack is applied to different iris-biometric fuzzy commitment schemes retrieving cryptographic keys at alarming low effort.Fast inversion algorithm in GF(2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/"><i>m</i></sup>) suitable for implementation with a polynomial multiply instruction on GF(2)
http://dl-live.theiet.org/content/journals/10.1049/iet-cdt.2010.0006
The authors propose a fast inversion algorithm in Galois field GF(2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/"><i>m</i></sup>). In this algorithm, the operations required in several contiguous iterations of a previously reported algorithm based on the extended Euclid's algorithm are represented as a matrix. These operations are performed at once through the matrix by means of a polynomial multiply instruction on GF(2). When the word size of a processor is 32 or 64 and <i xmlns="http://pub2web.metastore.ingenta.com/ns/">m</i> is larger than 233 for National Institute of Standards and Technology (NIST)-recommended irreducible polynomials, the proposed algorithm computes inversion with less polynomial multiply instructions on GF(2) and exclusive-OR instructions required by previously reported inversion algorithms on an average.Minimum-clock-cycle Itoh-Tsujii algorithm hardware implementation for cryptography applications over <i xmlns="http://pub2web.metastore.ingenta.com/ns/">GF</i>(2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/"><i>m</i></sup>) fields
http://dl-live.theiet.org/content/journals/10.1049/el.2012.1427
Inversion over finite fields is the most costly basic operation for diverse cryptographic applications, such as elliptic curve cryptography and others. The Itoh-Tsujii algorithm (ITA) provides high performance implementations for the inversion operation in standard bases through diverse versions like squarer-ITA, parallel squarer-ITA or quad-ITA. A new modification of the ITA algorithm allows the inversion over finite fields in a minimal number of clock cycles. The proposed implementations complete the inversion over <i xmlns="http://pub2web.metastore.ingenta.com/ns/">GF</i>(2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">233</sup>) or <i xmlns="http://pub2web.metastore.ingenta.com/ns/">GF</i>(2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">409</sup>) from only 10 clock cycles.Cryptanalysis of two identification schemes based on an ID-based cryptosystem
http://dl-live.theiet.org/content/journals/10.1049/ip-com_20050095
Two identification schemes based on the Maurer–Yacobi ID-based cryptosystem are analysed and shown to suffer from serious security problems.GDH group-based signature scheme with linkability
http://dl-live.theiet.org/content/journals/10.1049/ip-com_20050167
Recently, a linkable ring signature scheme (called the LWW signature scheme), exhibiting the properties of anonymity, linkability and spontaneity, was presented. Its security is based on the decision Diffie–Hellman (DDH) problem. The distinguishing feature of the LWW signature scheme that differentiates it from other ring signature schemes is linkability, i.e. two signatures by the same signer can be linked. The LWW scheme can be used to construct new efficient e-voting systems. The drawback of the LWW scheme is that it works well on a group where the DDH problem is hard, but does not work on a GDH group where the DDH problem is easy and the computational Diffie–Hellman (CDH) problem is hard. In this paper, a linkable ring signature scheme is presented, based on a GDH group with anonymity, linkability and spontaneity. The security of the scheme is reduced to the discrete logarithm and a new intractability assumption (called DPDH problem) under the random oracle model.Cryptanalysis of Pomaranch
http://dl-live.theiet.org/content/journals/10.1049/ip-ifs_20060017
Pomaranch is a synchronous stream cipher submitted to eSTREAM, the ECRYPT Stream Cipher Project. The cipher is constructed as a cascade clock control sequence generator, which is based on the notion of jump registers. We present an attack which exploits the cipher's initialisation procedure to recover the 128-bit secret key. The attack requires around 2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">65</sup> computations. An improved version of the attack is also presented, with complexity of the order of 2<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">52</sup> operations.Authenticated key exchange protocols resistant to password guessing attacks
http://dl-live.theiet.org/content/journals/10.1049/ip-com_19982282
A user-chosen password is not appropriate for a shared secret by which an authenticated key exchange protocol is operated. This is because users choose their passwords so that they can be easily memorised and can be typed using an alphabetic keyboard or a numeric keypad. Therefore, the password becomes a weak secret which is vulnerable to guessing attacks. However, users prefer to utilise the short easily memorised passwords. Several protocols, which are resistant to guessing attacks, have been developed to overcome this problem. However, they are inefficient in terms of the computation and communication costs. As a more practical solution, the authors propose new authenticated key exchange protocols by reducing the number of random numbers, cipher operations, and protocol steps. To achieve this goal, they deliberately use a one-time pad and a strong one-way hash function in their protocols.Public key cryptosystem based on two cryptographic assumptions
http://dl-live.theiet.org/content/journals/10.1049/ip-com_20045278
A new fast public key cryptosystem is proposed, which is based on two dissimilar number-theoretic hard problems, namely the simultaneous Diophantine approximation problem and integer factorisation problem. The adversary has to solve the two hard problems simultaneously to recover the plaintext according to their knowledge about the public keys and the cipher-text. Therefore, the scheme is expected to gain a high level of security. The newly-designed public key cryptosystem is efficient with respect to encryption and decryption. The encryption of this system is about three times faster than that of RSA, and the decryption is six times faster than that of RSA. The cipher-text expansion of the system is about 8:3.Anonymous public-key certificates for anonymous and fair document exchange
http://dl-live.theiet.org/content/journals/10.1049/ip-com_20000778
Two protocols are presented for the issuing and identity tracing of anonymous public-key certificates, used by different parties to engage in an anonymous and fair document exchange without revealing their real identities while still being held accountable for their activities. The certificate issuing protocol allows a party to apply to certificate authorities for anonymous public-key certificates using a certificate already issued. The identity tracing protocol enables a legal authority to trace the pseudonym in an anonymous certificate back to the real identity of the corresponding party. The protocols are also analysed with regard to anonymity and accountability.Model for undirected transitive signatures
http://dl-live.theiet.org/content/journals/10.1049/ip-com_20040330
The author modifies Bellare and Neven's definition of undirected transitive signatures by explicitly introducing node signing and edge signing algorithms. In the proposed model, a signing algorithm defined over a transitive graph consists of a separate vertex signing algorithm and an edge signing algorithm. These two algorithms are allowed to share the state information of the transitive graph. The new model allows easier discussion about its security and extensions. The new model has been successfully applied to further study of directed graph authentication problems posed by Hohenberger and by Molnar. A concrete undirected transitive signature scheme is presented which can be proved to be secure in the standard complexity paradigm in this model.AES implementation on a grain of sand
http://dl-live.theiet.org/content/journals/10.1049/ip-ifs_20055006
The authors present a hardware implementation of the advanced encryption standard (AES) which is optimised for low-resource requirements. The standard-cell implementation on a 0.35 µm CMOS process from Philips Semiconductors occupies an area of only 0.25 mm<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">2</sup>. This compares roughly to 3400 gate equivalents or to the size of a small grain of sand. The authors believe that this size will serve for a long time as a reference for AES-128 implementations that support encryption and decryption including key setup. Their manufactured silicon implementation is fully operational. Measurements verified the excellent performance predicted by simulation. The maximum clock frequency of 80 MHz allows a data throughput rate of 9.9 Mbps. Besides low-resource optimisation, the circuit is optimised for low-power operation. For use in low-throughput applications, the AES module draws only a current of 3.0 µA when operated at 100 kHz and 1.5 V. This nearly ignorable power consumption in combination with the extreme area efficiency allows new fields of applications for AES which were beyond imagination before.Secure buyer–seller watermarking protocol
http://dl-live.theiet.org/content/journals/10.1049/ip-ifs_20055069
In the existing watermarking protocols, a trusted third party (TTP) is introduced to guarantee that a protocol is fair to both the seller and buyer in a digital content transaction. However, the TTP decreases the security and affects the protocol implementation. To address this issue, in this article a secure buyer–seller watermarking protocol without the assistance of a TTP is proposed in which there are only two participants, a seller and a buyer. Based on the idea of sharing a secret, a watermark embedded in digital content to trace piracy is composed of two pieces of secret information, one produced by the seller and one by the buyer. Since neither knows the exact watermark, the buyer cannot remove the watermark from watermarked digital content, and at the same time the seller cannot fabricate piracy to frame an innocent buyer. In other words, the proposed protocol can trace piracy and protect the customer's rights. In addition, because no third party is introduced into the proposed protocol, the problem of a seller (or a buyer) colluding with a third party to cheat the buyer (or the seller), namely, the conspiracy problem, can be avoided.Efficient one-time proxy signatures
http://dl-live.theiet.org/content/journals/10.1049/ip-com_20045251
Proxy signatures allow a signer to delegate signing ability to a proxy signer. Many schemes have been proposed for proxy signatures under typical security requirements. The authors propose a proxy signature model with extended security requirements. Based on Shamir's online/offline signature scheme, a proxy signature scheme is proposed for the model. In addition to the typical requirements, the proposed scheme satisfies other very important security requirements. It is shown that the scheme can provide signature indistinguishability, restrict the proxy signing power, provide signature unlinkability, resolve internal disputes, and is more efficient.Attack on Shao's key agreement protocol
http://dl-live.theiet.org/content/journals/10.1049/ip-ifs_20055096
The paper describes a new attack on the improved robust generalised MQV key agreement protocol without using one-way hash functions proposed by Zuhua Shao.Software performance characterisation of block cipher structures using S-boxes and linear mappings
http://dl-live.theiet.org/content/journals/10.1049/ip-com_20045223
A new framework is presented for evaluating the performance characteristics of block cipher structures composed of S-boxes and maximum distance separable (MDS) mappings. In particular, a novel performance metric is introduced and applied to nested substitution-permutation networks and Feistel networks with round functions composed of S-boxes and MDS mappings. Within each cipher structure, many cases are considered based on two types of S-boxes (4×4 and 8×8) and parameterised MDS mappings. In the study of each case, the performance is analysed based on a table lookup implementation. Although this implementation method is the typical approach used for software realisation, it may also be applicable to hardware realisation in some instances. Cipher security, in the form of resistance to differential and linear attacks, is applied as a basis which is used to normalise the performance in the analysis. Because the discussed structures are similar to many existing ciphers such as AES and Camellia, the analysis provides a meaningful mechanism for seeking efficient ciphers through a wide comparison of security, performance, and implementation methods.Authenticated Diffie–Hellman key agreement protocol using a single cryptographic assumption
http://dl-live.theiet.org/content/journals/10.1049/ip-com_20041041
In modern communication systems, a popular way of providing authentication in an authenticated Diffie–Hellman key agreement protocol is to sign the result of a one-way hash function (such as MD5) of a Diffie–Hellman public key. The security of such a protocol is based on the weakest of all the cryptographic assumptions of the algorithms involved: Diffie–Hellman key distribution, digital signature and a one-way hash function. If a protocol can be constructed using one cryptographic assumption, it would be at least as secure as that with multiple assumptions. The authors propose three authenticated Diffie–Hellman key-agreement protocols, each of which is based on one cryptographic assumption. In particular, the first protocol is based on a discrete logarithm, the second on an elliptic curve and the third on RSA factoring. The main objective of the paper is to show that the security of a protocol should be assessed at the protocol level as a whole, rather than at the level of individual algorithms that are used to build the protocol.Hardware accelerators for pairing based cryptosystems
http://dl-live.theiet.org/content/journals/10.1049/ip-ifs_20055009
Polynomial basis hardware architectures are described for the mathematical operations required in pairing based cryptosystems in characteristic <i xmlns="http://pub2web.metastore.ingenta.com/ns/">p</i> = 3. In hardware, arithmetic operations in extension fields of GF(3<sup xmlns="http://pub2web.metastore.ingenta.com/ns/"><i>m</i></sup>) can be parallelised, and this results in high performance dedicated processors for efficient Tate pairing calculation. The implementation aspects of two such hardware processors are discussed through prototyping over GF(3<sup xmlns="http://pub2web.metastore.ingenta.com/ns/">97</sup>) on the Xilinx Virtex2 and Virtex2Pro FPGA technologies.ID-based designated-verifier proxy signatures
http://dl-live.theiet.org/content/journals/10.1049/ip-com_20045270
Designated-verifier proxy signature (DVPS) is a proxy signature that can only be verified by a designated verifier. DVPS has three variants: weak DVPS, strong DVPS and universal DVPS. In a weak DVPS, the designated verifier can further convert a proxy signature into a public verifiable signature. In a strong DVPS, the designated verifier cannot prove to any third party that the signature is generated by the proxy signer. In a universal DVPS, any holder of a proxy signature can designate the signature to any designated verifier. Based on Cha and Cheon’s identity (ID)-based signatures, an ID-based weak DVPS scheme, an ID-based strong DVPS scheme and an ID-based universal DVPS scheme are designed. The proposed schemes satisfy all the desired security properties.