DAA-related APIs in TPM2.0 Revisited, by Li Xi
In TPM2.0, a single signature primitive is proposed to sup-
port various signature schemes including Direct Anonymous Attestation
(DAA), U-Prove and Schnorr signature. This signature primitive is im-
plemented by several APIs. In this paper, we show these DAA-related
APIs can be used as a static Diffie-Hellman oracle thus the security
strength of these signature schemes can be weakened by 14-bit. We pro-
pose a novel property of DAA called forward anonymity and show how
to utilize these DAA-related APIs to break forward anonymity. Then we
propose new APIs which not only remove the Static Diffie-Hellman oracle
but also support the forward anonymity, thus significantly improve the
security of DAA and the other signature schemes supported by TPM2.0.
We prove the security of our new APIs under the discrete logarithm
assumption in the random oracle model. We prove that DAA satisfy for-
ward anonymity using the new APIs under the Decision Diffie-Hellman
assumption. Our new APIs are almost as efficient as the original APIs
in TPM2.0 specification and can support LRSW-DAA and SDH-DAA
together with U-Prove as the original APIs.
When a Boolean Function can be Expressed as the Sum of two Bent Functions, by Longjiang Qu and Shaojing Fu and Qingping Dai and Chao Li
In this paper we study the problem that when a Boolean function can
be represented as the sum of two bent functions. This problem was
recently presented by N. Tokareva in studying the number of bent
functions. Firstly, many functions, such as
quadratic Boolean functions, Maiorana-MacFarland bent functions,
partial spread functions etc, are proved to be able to be
represented as the sum of two bent functions. Methods to construct
such functions from low dimension ones are also introduced. N.
Tokareva\'s main hypothesis is proved for $n\\leq 6$. Moreover,
two hypotheses which are equivalent to N. Tokareva\'s main hypothesis
are presented. These hypotheses may lead to new ideas or methods to
solve this problem. At last, necessary and sufficient conditions on
the problem when the sum of several bent functions is again a bent
function are given.
Data Security in Cloud Architecture Based on Diffie Hellman and Elliptical Curve Cryptography, by Neha tirthani and Ganesan
Technological advancements in cloud computing due to increased connectivity and exponentially proliferating data has resulted in migration towards cloud architecture. Cloud computing is technology where the users\' can use high end services in form of software that reside on different servers and access data from all over the world. Cloud storage enables users to access and store their data anywhere. It also ensures optimal usage of the available resources. There is no need for the user to maintain the overhead of hardware and software costs. With a promising technology like this, it certainly abdicates users\' privacy, putting new security threats towards the certitude of data in cloud. The user relies entirely for his data protection on the cloud providers, making them solely responsible for safeguarding it. The security threats such as maintenance of data integrity, data hiding and data safety dominate our concerns when the issue of cloud security come up. The voluminous data and time consuming encryption calculations related to applying any encryption method have been proved as a hindrance in this field.
In this research paper, we have contemplated a design for cloud architecture which ensures secured movement of data at client and server end. We have used the non breakability of Elliptic curve cryptography for data encryption and Diffie Hellman Key Exchange mechanism for connection establishment. The proposed encryption mechanism uses the combination of linear and elliptical cryptography methods. It has three security checkpoints: authentication, key generation and encryption of data.
Some Theoretical Conditions for Menezes--Qu--Vanstone Key Agreement to Provide Implicit Key Authentication, by Daniel R. L. Brown
Menezes--Qu--Vanstone key agreement (MQV) is intended to provide implicit key authentication (IKA) and several other security objectives. MQV is approved and specified in five standards.
This report focuses on the IKA of two-pass MQV, without key confirmation. Arguably, implicit key authentication is the most essential security objective in authenticated key agreement. The report examines various necessary or sufficient formal conditions under which MQV may provide IKA.
Incidentally, this report defines, relies on, and inter-relates various conditions on the key deriviation function and Diffie--Hellman groups. While it should be expected that most such definitions and results are already well-known, a reader interested in these topics may be interested in this report as a kind of review, even if they have no interest in MQV whatsoever.
Human Assisted Randomness Generation Using Video Games, by Mohsen Alimomeni and Reihaneh Safavi-Naini
Random number generators have direct applications in information security, online
gaming, gambling, and computer science in general. True random number generators
need an entropy source which is a physical source with inherent uncertainty, to ensure
unpredictability of the output. In this paper we propose a new indirect approach to
collecting entropy using human errors in the game play of a user against a computer. We
argue that these errors are due to a large set of factors and provide a good source of
randomness. To show the viability of this proposal, we design and implement a game,
conduct a user study in which we collect user input in the game, and extract randomness
from it. We measure the rate and the quality of the resulting randomness that clearly
show effectiveness of the approach. Our work opens a new direction for construction of
entropy sources that can be incorporated into a large class of video games.
A New Algorithm for Solving the Approximate Common Divisor Problem and Cryptanalysis of the FHE based on GACD, by Jintai Ding, Chengdong Tao
In this paper, we propose a new algorithm for solving the approximate common divisors problems, which is based on LLL reduction algorithm of certain special lattice and linear equation solving algorithm over integers. Through both theoretical argument and experimental data, we show that our new algorithm is a polynomial time algorithm under reasonable assumptions on the parameters. We use our algorithm to solve concrete problems that no other algorithm could solve before. Further more, we show that our algorithm can break
the fully homomorphic encryption schemes, which are based on the approximate common divisors problem, in polynomial time in terms of the system parameter $\\lambda$.