International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Bo Yang

Publications

Year
Venue
Title
2015
EPRINT
2015
EPRINT
2010
EPRINT
On the Public Key Replacement and Universal Forgery Attacks of Short Certificateless Signature
Certificateless cryptography eliminates the need of certificates in the PKI and solves the inherent key escrow problem in the ID-based cryptography. Recently, Du and Wen proposed a short certi¯cateless signature scheme without MapToPoint hash function, and the signature size is short enough with only half of the DSA signature. In this paper, after the detailing the formal of certificateless signature scheme, we show that the Du and Wen's short certificateless signature scheme is insecure which is broken by a type-I adversary who has the ability in replacing users' public keys and accessing to the signing oracles, and it also cannot resist on the universal forgery attack for any third user.
2010
EPRINT
Homomorphic One-Way Function Trees and Application in Collusion-Free Multicast Key Distribution
Jing Liu Bo Yang
Efficient multicast key distribution (MKD) is essential for secure multicast communications. Although Sherman et al. claimed that their MKD scheme — OFT (One-way Function Tree) achieves both perfect forward and backward secrecy, several types of collusion attacks on it still have been found. Solutions to prevent these attacks have also been proposed, but at the cost of a higher communication overhead. In this paper, we prove falsity of a recently-proposed necessary and sufficient condition for existence of collusion attack on the OFT scheme by a counterexample and give a new necessary and sufficient condition for nonexistence of any type of collusion attack on it. We extend the notion of OFT to obtain a new type of cryptographic construction — homomorphic one-way function tree (HOFT). We propose two graph operations on HOFTs, tree product as well as tree blinding, and prove that both are structure-preserving. We provide algorithms for adding/removing leaf nodes in a HOFT by performing a tree product of the HOFT and a corresponding incremental tree. Employing HOFTs and related algorithms, we provide a collusion-free MKD scheme, which has not only the same leave-rekeying communication efficiency as the original OFT scheme, but also even better join-rekeying communication efficiency.
2006
EPRINT
Design and Analysis of a Hash Ring-iterative Structure
The authors propose a new type of hash iterative structure ─ the ring-iterative structure with feedback which is subdivided into the single feedback ring iteration and the multiple feedback ring iteration, namely SFRI and MFRI. Prove that SFRI is at least equivalent to the MD structure in security, and MFRI is at least equivalent to SFRI in security (property 1 makes people incline to believe MFRI is more secure than MD). Analyze the resistance of MFRI, which results from the joint event on message modification, endless loop on message modification and incompatibility of the sufficient conditions, to the multi-block differential collision attack. Argue the ineffectiveness of the D-way second preimage attack on MFRI. Discuss the time and space expenses of MFRI, and point out the advantage of MFRI over the tree-iterative structure and the zipper-iterative structure.
2005
EPRINT
A High Speed Architecture for Galois/Counter Mode of Operation (GCM)
In this paper we present a fully pipelined high speed hardware architecture for Galois/Counter Mode of Operation (GCM) by analyzing the data dependencies in the GCM algorithm at the architecture level. We show that GCM encryption circuit and GCM authentication circuit have similar critical path delays resulting in an efficient pipeline structure. The proposed GCM architecture yields a throughput of 34 Gbps running at 271 MHz using a 0.18 um CMOS standard cell library.
2004
EPRINT
Scan Based Side Channel Attack on Data Encryption Standard
Scan based test is a double edged sword. On one hand, it is a powerful test technique. On the other hand, it is an equally powerful attack tool. In this paper we show that scan chains can be used as a side channel to recover secret keys from a hardware implementation of the Data Encryption Standard (DES). By loading pairs of known plaintexts with one-bit difference in the normal mode and then scanning out the internal state in the test mode, we first determine the position of all scan elements in the scan chain. Then, based on a systematic analysis of the structure of the non-linear substitution boxes, and using three additional plaintexts we discover the DES secret key. Finally, some assumptions in the attack are discussed.
2003
EPRINT
Divide and Concatenate: A Scalable Hardware Architecture for Universal MAC
We present a cryptographic architecture optimization technique called divide-and-concatenate based on two observations: (i) the area of a multiplier and associated data path decreases exponentially and their speeds increase linearly as their operand size is reduced. (ii) in hash functions, message authentication codes and related cryptographic algorithms, two functions are equivalent if they have the same collision probability property. In the proposed approach we divide a 2w-bit data path (with collision probability 2-2w) into two w-bit data paths (each with collision probability 2-w) and concatenate their results to construct an equivalent 2w-bit data path (with a collision probability 2-2w). We applied this technique on NH hash, a universal hash function that uses multiplications and additions. When compared to the 100% overhead associated with duplicating a straightforward 32-bit pipelined NH hash data path, the divide-and-concatenate approach yields a 94% increase in throughput with only 40% hardware overhead. The NH hash associated message authentication code UMAC architecture with collision probability 2-32 that uses four equivalent 8-bit divide-and-concatenate NH hash data paths yields a throughput of 79.2 Gbps with only 3840 FPGA slices when implemented on a Xilinx XC2VP7-7 Field Programmable Gate Array (FPGA).