Home  •  Research  •  Résumé (PDF/DOC/TEXT)  •  Teaching  •  Photos  •  FunStuff  •  Contact  •  SPACE 2016


An Evaluation of Lightweight Block Ciphers for Resource-Constrained Applications: Area, Performance, and Security
with R.Sadhukhan, S.Patranabis, A.Ghoshal, D.Mukhopadhyay and S.Ghosh, Journal of Hardware and Systems Security 1 (3), pp.203-218, Springer, 2017.
Abstract: In March 2017, NIST (National Institute of Standards and Technology) has announced to create a portfolio of lightweight algorithms through an open process. The report emphasizes that with emerging applications like automotive systems, sensor networks, healthcare, distributed control systems, the Internet of Things (IoT), cyber-physical systems, and the smart grid, a detailed evaluation of the so called light-weight ciphers helps to recommend algorithms in the context of profiles, which describe physical, performance, and security characteristics. In recent years, a number of lightweight block ciphers have been proposed for encryption/decryption of data which makes such choices complex. Each such cipher offers a unique combination of resistance to classical cryptanalysis and resource-efficient implementations. At the same time, these implementations must be protected against implementation-based attacks such as side-channel analysis. In this paper, we present a holistic comparison study of four lightweight block ciphers, PRESENT, SIMON, SPECK, and KHUDRA, along with the more traditional Advanced Encryption Standard (AES). We present a uniform comparison of the performance and efficiency of these block ciphers in terms of area and power consumption, on ASIC and FPGA-based platforms. Additionally, we also compare the amenability to side-channel secure implementations for these ciphers on ASIC-based platforms. Our study is expected to help designers make suitable choices when securing a given application, across a wide range of implementation platforms.
A Secure Anonymous Proxy Signcryption Scheme
with R.A.Sahu and A.K.Awasthi, Journal of Mathematical Cryptology 11 (2), pp.63-84, DeGruyter, 2017.
Abstract: We introduce a new cryptographic primitive identity-based anonymous proxy signcryption which provides anonymity to the proxy sender while also providing a mechanism to the original sender to expose the identity of the proxy sender in case of misuse. We introduce a formal definition of an identity-based anonymous proxy signcryption (IBAPS) scheme and give a security model for it. We also construct an IBAPS scheme and prove its security under the discrete logarithm assumption and computational Diffie–Hellman assumption. Moreover, we do an efficiency comparison with the existing identity-based signcryption schemes and anonymous signcryption schemes and show that our scheme is much more efficient than those schemes, we also compare the efficiency of our scheme with the available proxy signcryption schemes and show that our scheme provides anonymity to the proxy sender at cost less than those of existing proxy signcryption schemes.
Analysis-Preserving Protection of User Privacy against Information Leakage of Social-Network Likes
with F.Buccafurri, L.Fotia, and G.Lax. Information Sciences 328, pp.340-358, Elsevier 2015
Abstract: Recent scientific results have shown that social network Likes, such as the "Like Button" records of Facebook, can be used to automatically and accurately predict even highly sensitive personal attributes. Although this could be the goal of a number of non-malicious activities, to improve products, services, and targeting, it represents a dangerous invasion of privacy with possible intolerable consequences. However, completely defusing the information power of Likes appears improper. In this paper, we propose a protocol able to keep Likes unlinkable to the identity of their authors, in such a way that the user may choose every time she expresses a Like, those non-identifying (even sensitive) attributes she wants to reveal. This way, analysis anonymously relating Likes to various characteristics of people is preserved, with no risk for users' privacy. The protocol is shown to be secure and also ready to the possible future evolution of social networks towards P2P fully distributed models.
An Anonymous Proxy Multi-signature with Accountability
with R.A.Sahu, E-Business and Telecommunications, CCIS 554, pp.234 254, Springer, 2014
Abstract: A proxy signature scheme enables a signer to delegate its signing rights to any other user, called the proxy signer, to produce a signature on its behalf. In a proxy multi-signature scheme, the proxy signer can produce one single signature on behalf of multiple original signers. [18] proposed an efficient and provably secure threshold-anonymous identity-based proxy multi-signature (IBPMS) scheme which provides anonymity to the proxy signer while also providing a threshold mechanism to the original signers to expose the identity of the proxy signer in case of misuse. The scheme in [18] provided proxy anonymity using a verifiable secret sharing scheme. We propose an anonymous proxy multi-signature without the need of the verifiable secret sharing scheme when the threshold is 1. Thus we reduce the reliance on a secret sharing scheme and reduce the corresponding computation. We also save one round of communication from the original signers to the proxy signer. Thus our scheme requires significantly less operation time in the practical implementation and also increases the actual security by reducing the components available to an adversary to attack. Finally, we compare our scheme with a recently proposed anonymous proxy multi-signature scheme and other ID-based proxy multi-signature schemes, and show that our scheme requires significantly less operation time in the practical implementation and thus it is more efficient in computation than the existing schemes.
Short Integrated PKE+PEKS in Standard Model
with R.A.Sahu. SPACE 2017, LNCS 10662, Springer, 2017
Abstract: At SeCrypt 2015, Buccafurri et al. [BLSS15] presented an integrated public-key encryption (PKE) and public-key encryption with keyword search (PEKS) scheme (PKE+PEKS) whose security relies on the Symmetric eXternal Diffie-Hellman (SXDH) assumption but they did not provide a security proof. We present a construction of PKE+PEKS and prove its security in the standard model under the SXDH assumption. We prove that our scheme is both IND-PKE-CCA secure, that is, it provides message confidentiality against an adaptive chosen ciphertext adversary, and IND-PEKS-CCA secure, that is, it provides keyword privacy against an adaptive chosen ciphertext adversary. Ours is the first secure PKE+PEKS construction to use asymmetric pairings which enable an extremely fast implementation useful for practical applications. Our scheme has much shorter ciphertexts than the scheme in [BLSS15] and all other publicly known PKE+PEKS schemes. Finally, we compare our scheme with other proposed PEKS and integrated PKE+PEKS schemes and provide a relative analysis of various parameters including assumption, security and efficiency.
Offline Outdoor Navigation System with Full Privacy
with P.Kaushik and F.Buccafurri. WINSYS 2017, SciTePress, 2017
Abstract: GPS navigation systems are a potential threat to user privacy in case of curious providers, espionage and many other aspects. Users tend to place blind trust into GPS applications without realizing the ease at which the GPS can be spoofed or their position compromised via either the hardware or software. Thus, when a high level of privacy assurance is required, the GPS should be completely switched off. This paper presents an efficient method, a smartphone-based alternative solution, for an outdoor offline navigation system, which works in the absence of GPS, wireless, and cellular signals. The proposed approach exploits the various digital and mathematical resources present to use DEM data and sensor data to minimize errors in the calculated position data.
Adaptively Secure Strong Designated Signature
with N.Sharma, R.A.Sahu and B.K.Sharma. IndoCrypt 2016, LNCS 10095, Springer, 2016
Abstract: Almost all the available strong designated verifier signature (SDVS) schemes are either insecure or inefficient for practical implementation. Hence, an efficient and secure SDVS algorithm is desired. In this paper, we propose an efficient strong designated verifier signature on identity-based setting, we call it ID-SDVS scheme. The proposed scheme is strong existentially unforgeable against adaptive chosen message and adaptive chosen identity attack under standard assumptions, the hardness of the decisional and computational Bilinear Diffie-Hellman Problem (BDHP). Though the unverifiability by a non-designated verifier and the strongness are essential security properties of a SDVS, the proofs for these properties are not provided in most of the literature on SDVS we reviewed. We provide the proofs of unverifiability and of strongness of the proposed scheme. Moreover, we show that the proposed scheme is significantly more efficient in the view of computation and operation time than the existing similar schemes.
Efficient Proxy Signature Scheme from Pairings
with F.Buccafurri and R.A.Sahu. SeCrypt 2016, SciTePress, 2016
Abstract: A proxy signature enables an entity to transfer its signing rights to another entity, called the proxy signer, without actually sharing its signing key. Most of the proxy signatures in literature have been designed using bilinear pairing on the elliptic curve group with the aim of providing either the property of being identity-based or efficiency or security. But almost all of these schemes do not provide all these three desirable properties together and most of the identity-based proxy signature (IBPS) schemes are either too inefficient or their security is based on non-standard assumptions to have practical significance. In this paper, we propose an efficient and provably secure identity-based proxy signature scheme from bilinear pairing based on a standard assumption, the hardness of the computational Diffie-Hellman problem. The proposed scheme is secure against existential forgery on adaptive chosen-message and adaptive chosen-ID attack in the random oracle model. Moreover, we do an efficiency analysis and show that our scheme is significantly more efficient in the view of computation and operation time than the existing similar schemes.
Differential Fault Attack on SIMECK
with V.Nalla and R.A.Sahu. CS2, HiPEAC 2016, ACM, 2016
Abstract: In 2013, researchers from the National Security Agency of the USA (NSA) proposed two lightweight block ciphers SIMON and SPECK [3]. While SIMON is tuned for optimal performance in hardware, SPECK is tuned for optimal performance in software. At CHES 2015, Yang et al. [6] combined the "good" design components from both SIMON and SPECK and proposed a new lightweight block cipher SIMECK that is even more compact and efficient. In this paper we show that SIMECK is vulnerable to fault attacks and demonstrate two fault attacks on SIMECK. The first is a random bit-flip fault attack which recovers the n-bit last round key of Simeck using on average about n/2 faults and the second is a more practical, random byte fault attack which recovers the n-bit last round key of SIMECK using on average about n/6.5 faults.
Efficient and Secure Many-to-One Signature Delegation
with R.A.Sahu. ICICS 2015, LNCS 9543, Springer, 2015
Abstract: We propose an IBPMS scheme from pairings, which is more efficient in the sense of computation and operation time than the existing schemes. We also prove on random oracle that the propose d scheme is secure against existential forgery on adaptive chosen-message and adaptive-chosen ID attack under the k-CAA assumption. Additionally, our scheme fulfills all the security requirements of a proxy signature scheme. Moreover we do an efficiency analysis and show that our scheme is significantly more efficient than the existing IBPMS schemes in the sense of computation and operation time.
Strengthening NTRU against message recovery attacks
Arithmetic 2015: Elliptic curves, diophantine geometry, and arithmetic dynamics, Brown University, Providence, RI, USA, 2015
Abstract: There are two basic attacks on the NTRU cryptosystem: 1. ciphertext decryption attack (using lattice reduction to recover the plaintext from the ciphertext), and 2. key recovery attack (using lattice reduction to recover the secret key from the public key). In the most basic form, the complexity of the second attack is about the square of the first attack. We propose a twist in NTRU to increase the complexity of the message recovery attacks to be the same as that of the key recovery attack.
Practical and Secure Integrated PKE+PEKS with Keyword Privacy
with Francesco Buccafurri, Gianluca Lax and Rajeev Anand Sahu. SeCrypt 2015, SciTePress, 2015.
Abstract: Public-key encryption with keyword search (PEKS) schemes are useful to delegate searching capabilities on encrypted data to a third party, who does not hold the entire secret key, but only an appropriate token which allows searching operations but preserves data privacy. We propose an efficient and practical integrated public-key encryption (PKE) and public-key encryption with keyword search (PEKS) scheme (PKE+PEKS) which we prove to be secure in the strongest security notion for PKE+PEKS schemes. In particular, we provide a unified security proof of its joint CCA-security in standard model. The security of our scheme relies on Symmetric eXternal Diffie-Hellman (SXDH) assumption which is a much simpler and more standard hardness assumption than the ones used in most of the comparable schemes. Ours is the first construction to use asymmetric pairings which enable an extremely fast implementation useful for practical applications. Finally we compare our scheme with other proposed integrated PKE+PEKS schemes and provide a relative analysis of its efficiency.
Secure and Efficient Scheme for Delegation of Signing Rights
with Rajeev Anand Sahu. ICICS 2014, LNCS vol. 8958, pp. 1-15, Springer, 2014.
Abstract: A proxy signature scheme enables a signer to transfer its signing rights to any other user, called the proxy signer, to produce a signature on its behalf. Multi-proxy signature is a proxy signature primitive which enables a user to transfer its signing rights to a group of proxy signers in such a way that every member of the authorized group must ``participate'' to sign a document on behalf of the original signer. We propose an efficient and provably secure identity-based multi-proxy signature scheme from bilinear map based on the hardness of the computational Diffie-Hellman problem. The proposed scheme is proved secure against adaptive chosen message and adaptive chosen-ID attack in random oracle model under the computational Diffie-Hellman assumption. Moreover, we do an efficiency comparison with the existing identity-based multi-proxy signature schemes and show that our scheme is upto 56\% more efficient in computation than the existing schemes.
How to Leak a Secret and Reap the Rewards too
with Sumit Kumar Pandey. LatinCrypt 2014, LNCS vol. 8895, pp. 348-367, Springer, 2014.
Abstract: We introduce the notion of the designated identity verifier ring signature (DIVRS) and give a generic construction from any given ordinary ring signature scheme. In a DIVRS scheme, the signer S of a message has the additional capability to prove, at time of his choice, to a designated identity verifier V that S is the actual signer without revealing his identity to anyone else. Our definition of a DIVRS retains applicability for all previous applications of a ring signature with an additional capability which can be seen as mix of a designated verifier signature [7] and an anonymous signature [14,18]. Our generic transformation preserves all the properties of the original ring signature without significant overhead.
A Secure Anonymous Proxy Multi-signature Scheme
with Rajeev Anand Sahu. SeCrypt 2014, pp. 55-66, SciTePress, 2014.
Abstract: A proxy signature scheme enables a signer to delegate its signing rights to any other user, called the proxy signer, to produce a signature on its behalf. In a proxy multi-signature scheme, the proxy signer can produce one single signature on behalf of multiple original signers. We propose an efficient and provably secure threshold-anonymous identity-based proxy multi-signature (IBPMS) scheme which provides anonymity to the proxy signer while also providing a threshold mechanism to the original signers to expose the identity of the proxy signer in case of misuse. The proposed scheme is proved secure against adaptive chosen-message and adaptive chosen-ID attacks under the computational Diffie-Hellman assumption. We compare our scheme with the recently proposed anonymous proxy multi-signature scheme and other ID-based proxy multi-signature schemes, and show that our scheme requires significantly less operation time in the practical implementation and thus it is more efficient in computation than the existing schemes.
Remote cache-timing attacks against AES
with Daniel Feldman, Denis Foo Kune and Satyajit Das. CS2, HiPEAC 2014, pp. 45-48, ACM, 2014.
Abstract: We present a cache-timing attack on the Advanced Encryption Standard (AES) [14] with the potential to be applied remotely and develop an evaluation framework for comparing the relative performance of the attacks under various simulated network conditions. We examine Bernstein's original AES cache-timing attack [3], and its variants [6, 12, 10]. We conduct an analysis of network noise and develop a hypothesis fishing concept in order to reduce the number of samples required to recover a key in our implementation of the attacks of [3]. Our rough estimate for the number of samples required is about 2×109 which is comparable to the estimate 4×109 of our month-long experiment using Bernstein's technique [3].
Anonymous Signatures Revisited
with Dr. Aaram Yun. ProvSec 2009, LNCS vol. 5848, pp. 140-153, Springer-Verlag, 2009. Updated version available at Cryptology ePrint Archive: Report 2009/307.
Abstract: We revisit the notion of the anonymous signature, first formalized by Yang, Wong, Deng and Wang [11], and then further developed by Fischlin [5] and Zhang and Imai [12]. We present a new formalism of anonymous signature, where instead of the message, a part of the signature is withheld to maintain anonymity. We introduce the notion unpretendability to guarantee infeasibility for someone other than the correct signer to pretend authorship of the message and signature. Our definition retains applicability for all previous applications of the anonymous signature, provides stronger security, and is conceptually simpler. We give a generic construction from any ordinary signature scheme, and also show that the short signature scheme by Boneh and Boyen [2] can be naturally regarded as such a secure anonymous signature scheme according to our formalism.
Public-Key Encryption with Searchable Keywords based on Jacobi Symbols
with Dr. Giovanni Di Crescenzo. IndoCrypt 2007, LNCS vol. 4859, pp. 282-296, Springer-Verlag, 2007.
Abstract: Public-key encryption schemes with searchable keywords are useful to delegate searching capabilities on encrypted data to a third party, who does not hold the entire secret key, but only an appropriate token which allows searching operations but preserves data privacy. Such notion was previously proved to imply identity-based public-key encryption [5] and to be equivalent to anonymous (or key-private) identity-based encryption which are useful for fully-private communication. So far all presented public-key encryption with keyword search (PEKS) schemes were based on bilinear forms and finding a PEKS that is not based on bilinear forms has been an open problem since the notion of PEKS was first introduced in [5]. We construct a public-key encryption scheme with keyword search based on a variant of the quadratic residuosity problem. We obtain our scheme using a non-trivial transformation of Cocks' identity-based encryption scheme [9]. Thus we show that the primitive of PEKS can be based on additional intractability assumptions which is a conventional desiderata about all cryptographic primitives.
Here is the proof for the equivalence of the Quadratic Indistinguishability Problem and the Quadratic Residuosity Problem.
Attacks on Elliptic Curve Discrete Log Problem, Indian Statistical Institute, Delhi, June 2015 - Present
Post Quantum Cryptology, CRRao AIMSCS, Hyderabad, October 2014 - Present
Side Channel Cryptanalysis (of block/stream ciphers), CRRao AIMSCS, Hyderabad, May 2012 - Present
Development of an Indigenous Lightweight Block Cipher, CRRao AIMSCS, Hyderabad, May 2012 - Present
Design of a Lattice Based Cryptosystem, CRRao AIMSCS, Hyderabad, May 2012 - September 2013
Software Methodologies for Lattice Based Cryptanalysis, CRRao AIMSCS, Hyderabad, May 2012 - September 2013
Counterparty Credit Risk in Over The Counter Derivatives, Minnesota Center for Financial and Actuarial Mathematics (MCFAM), UMN, January 2012
Pursuit Evasion Games with Multiple Pursuers, Institute of Mathematics and its Applications (IMA), UMN, June 2010 - August 2010
Secure and Efficient Long Term Data Management, Intelligent Storage Consortium, Digital Technology Center (DTC), UMN, Jun 2007 - May 2008
Long Term Key Management, Intelligent Storage Consortium, DTC, UMN, Jun 2007 - May 2008
Applied Remote Cache-timing Attacks Against AES, Institute of Technology, UMN, Sept 2006 - Apr 2007
A Note on Cryptographic Multilinear Maps, Institute of Technology, UMN, Twin Cities, May 2005
Basic Lie Theory, School of Mathematics, Tata Institute of Fundamental Research (TIFR), Bombay, July 2003