Netinfo Security

Research of Privacy-Preserving Proximity Test

LI Zengpeng, WANG Siyang, WANG Mei

2024, 24 (6): 817-830. doi: 10.3969/j.issn.1671-1122.2024.06.001

Abstract ( 309 )

HTML ( 49 )

PDF (27378KB) ( 141 )

With the rapid development of emerging technologies such as mobile computing and the Internet of Things, location-based services (LBS) are playing an increasingly important role in people's daily lives. Many applications (e.g., mobile dating) use LBS to capture and collect the user's precise location, and perform proximity user discovery by performing distance calculations. However, while LBS brings convenience to users, it also exposes it to the risk of leaking private location information. At present, most LBS applications record the user's precise location in plaintext, which is easy to leak information such as the user's location and mobility patterns. In addition, most existing research efforts that can protect the user's private location data have some shortcomings, such as high communication overhead, long communication time, or a lack of computational security. Therefore, this paper proposed an efficient privacy-preserving proximity test solution to protect user's location privacy, and constructd a optimized privacy-preserving proximity test protocol for circles based on Brakerski/Fan-Vercauteren (B/FV) homomorphic encryption. Compared with the existing work, the proposed scheme used lattice-based encryption and had better communication performance. In addition, this paper implementd a prototype system based on B/FV homomorphic encryption, and gove the potential application in scenarios with high privacy protection requirements and low arithmetic speed limitations. The experimental results of the prototype system show that the proposed scheme has a broad practical application prospect in practical deployment applications.

Figures and Tables | References | Related Articles | Metrics

Subversion Attacks and Countermeasures of SM9 Encryption

OUYANG Mengdi, SUN Qinshuo, LI Fagen

2024, 24 (6): 831-842. doi: 10.3969/j.issn.1671-1122.2024.06.002

Abstract ( 230 )

HTML ( 31 )

PDF (13790KB) ( 171 )

China’s independently developed identity-based encryption algorithm SM9 has been successfully selected as an ISO/IEC international standard. However, adversary can tamper components of cryptographic algorithms to undermine their security. During the initial design of SM9 encryption algorithm, such subversion attacks were not considered. Whether SM9 encryption algorithm is vulnerable to subversion attacks and how to resist subversion attacks is still an unknown issue. To answer the above question, this paper introduced a subversion attack model for identity-based encryption(IBE) and defined two properties: plaintext recoverability and undetectability. In addition, this paper implemented a subversion attack on SM9 encryption algorithm and found that an adversary could recover a plaintext with only two successive ciphertexts. Moreover, this paper proposed a subversion-resilient SM9 encryption(SR-SM9), and proved SR-SM9 was not only secure under the adaptive chosen identity and ciphertext attack(ID-IND-CCA2) but also was subversion-resilient. Finally, this paper implemented SR-SM9 based on gmalg library and Python language. Compared with SM9, SR-SM9 only adds 0.6% computation cost with no additional communication cost.

Figures and Tables | References | Related Articles | Metrics

Efficient Searchable Symmetric Encryption Scheme for Size Pattern Protection

LI Qiang, SHEN Yuanhai, LIU Tianxu, HUANG Yanyu, SUN Jianguo

2024, 24 (6): 843-854. doi: 10.3969/j.issn.1671-1122.2024.06.003

Abstract ( 148 )

HTML ( 17 )

PDF (13680KB) ( 71 )

In recent years, with the popularity of cloud services and the increasing demand for data security protection, dynamic searchable symmetric encryption (DSSE) has attracted widespread attention from academia due to its ability to update and query in encrypted databases. Due to considerations of search and update efficiency, DSSE often needs to disclose some information, mainly search pattern, access pattern, and size pattern. At present, the main use of oblivious random access machine (ORAM) is to protect search and access pattern, but ORAM cannot guarantee the security of size pattern leakage. The article explained the harm of size pattern leakage to security and extended the existing DSSE privacy concept to achieve protection of size patterns, namely proposing strong forward backward privacy. Based on this enhanced security objective, the article proposed an efficient searchable symmetric encryption scheme for size pattern protection named Eurus, aiming to solve the size pattern leakage problem in existing solutions. By combining multi-server ORAM architecture, update slot mechanism and fine tree path elimination technology, Eurus provided strong forward and reversed privacy protection to prevent the disclosure of sensitive keywords and file information. Multi-server ORAM hided search and access patterns, update slots confuse file identifiers, and fine tree path elimination techniques disrupted the actual order of files. The experimental results show that Eurus improves the search and update efficiency while maintaining privacy, improving the search performance by about 46% compared with the existing scheme, and improving the update performance by 4.73 times.

Figures and Tables | References | Related Articles | Metrics

An Algorithm for Sampling Exactly from Exponential Bernoulli Distributions with Resistance against Timing Attacks

DU Yusong, JIANG Siwei, SHEN Jing, ZHANG Jiahao

2024, 24 (6): 855-862. doi: 10.3969/j.issn.1671-1122.2024.06.004

Abstract ( 124 )

HTML ( 10 )

PDF (11008KB) ( 47 )

Discrete Gaussian sampling over the integers is one of the fundamental building blocks of lattice-based cryptography. Rejection sampling is one of the main methods for the discrete Gaussian sampling over the integers. The key of using rejection sampling is to implement a sampling procedure for Bernoulli distributions with exponential functions as parameters, and this sampling procedure is also the key to determine whether the whole sampling algorithm can resist timing attacks. For a real x > 0, based on the isochronous sampling algorithm given by SUN et al. for the “exponential Bernoulli distribution” β_2-_x, an alternative exact sampling algorithm with timing attack resistance is proposed for β_2-_x. It can prevent the leakage of the information on the value of x caused by timing attacks, and does not require (online) floating-point arithmetic, and can also avoid the statistical error in the practical implementation of the sampling algorithm of SUN et al., so as to ensure the exactness of sampling results in practice. Experimental results demonstrate the effectiveness of this exact sampling algorithm.

Figures and Tables | References | Related Articles | Metrics

Verifiable and Revocable Attribute Encryption Scheme Based on Blockchain

GUO Rui, YANG Xin, WANG Junming

2024, 24 (6): 863-878. doi: 10.3969/j.issn.1671-1122.2024.06.005

Abstract ( 126 )

HTML ( 15 )

PDF (33065KB) ( 100 )

In view of the issues of privacy leakage and user rights management in data sharing in electronic medical systems, and the fact that cloud storage servers may return incomplete and incorrect ciphertext results, this paper proposed a verifiable and revocable attribute encryption scheme based on blockchain. This solution used ciphertext-policy attribute-based encryption technology to ensure the confidentiality of shared data in the electronic medical record system and achieve fine-grained access control of private data. At the same time, a user revocation algorithm was designed using the chameleon hash function so that unauthorized users cannot continue to access shared data. In addition, a result verification algorithm was designed using a cryptographic accumulator, which was executed by a smart contract deployed on the blockchain to ensure the correctness and integrity of the data returned to the user by the cloud server. In terms of security, it is proved that the ciphertext information of this scheme was indistinguishable under a chosen plaintext attack. Finally, the JPBC cryptographic library and Hyperledger Fabric blockchain platform were used to simulate the scheme proposed in this article and similar schemes. The results show that this scheme has high computational efficiency in the key generation, encryption, decryption and user revocation stages.

Figures and Tables | References | Related Articles | Metrics

High-Dimensional Quantum Key Distribution via Time-Bin Multiplexing and Applications

YANG Yuguang, LIU Bingxin, XU Guangbao, JIANG Donghuan

2024, 24 (6): 879-892. doi: 10.3969/j.issn.1671-1122.2024.06.006

Abstract ( 72 )

HTML ( 5 )

PDF (27851KB) ( 30 )

High-dimensional quantum key distribution (HD-QKD) can provide higher secret key rates and tolerate more noise than two-dimensional QKD. However, the manipulation of quantum systems of higher dimensions limits the practicality in quantum communications. This article presented an alternative protocol for HD-QKD based on time-bin multiplexing. Parallel entanglement was first created between multiple pairs of two-dimensional quantum memories (QMs) located as two communicating parties in a heralded way by means of single photons with high-dimensional encoding. Then by performing Bell state measurements on their QMs by twos, two communicating parties could detect eavesdropping and obtain the secret key. No alternative measurements were needed to check security. This made the present HD-QKD protocol cost-effective and efficient. Furthermore, this article obtained the condition that the optimal key capacity was achieved. This article also discussed two other important cryptographic applications based on the present HD-QKD protocol, deterministic secure quantum communication and quantum privacy query, where the significant increased in efficiency over the existing methods can be achieved. In summary, the time-bin multiplexing method has strong capabilities in solving cryptographic problems.

Figures and Tables | References | Related Articles | Metrics

An Identity-Based Deniable Ring Signature Scheme Based on SM9 Signature Algorithm

DING Yong, LUO Shidong, YANG Changsong, LIANG Hai

2024, 24 (6): 893-902. doi: 10.3969/j.issn.1671-1122.2024.06.007

Abstract ( 95 )

HTML ( 8 )

PDF (10973KB) ( 70 )

A deniable ring signature scheme allows a ring member to confirm the fact of signing or disavow the claim of signing via protocols without a trusted third party. It strikes a balance between privacy protection and controllable oversight. Combining deniable ring signature technology with identity-based cryptography can not only preserve the main features of the properties, but also overcome the complex problems of managing user public keys and certificates under the traditional public key infrastructure. This paper proposed an identity-based deniable ring signature scheme based on SM9 digital signature algorithm. The scheme realized the confirmation and disavowal of a ring signature. This paper formally proves that the proposed scheme is deemed to satisfy the correctness, unforgeability, anonymity, traceability, and non-frameability. Through experimental efficiency analysis, the proposed scheme demonstrates a clear advantage in both computational efficiency and communication costs.

Figures and Tables | References | Related Articles | Metrics

Research Progress in Lattice-Based Public-Key Encryption with Keyword Search

YE Qing, HE Junfei, YANG Zhichao

2024, 24 (6): 903-916. doi: 10.3969/j.issn.1671-1122.2024.06.008

Abstract ( 181 )

HTML ( 9 )

PDF (18407KB) ( 105 )

With the explosive growth of data and the rapid development of cloud computing, the demand for data secure sharing and querying is gradually increasing among users. Public-key encryption with keyword search allows resource-constrained users to efficiently search for encrypted data stored in the cloud servers, providing an effective solution for cloud data secure queries. However, with the arrival of the quantum era, the existing cryptosystems are facing a huge impact. Lattice-based cryptography has received widespread attention for the advantages of being reducible to the worst-case difficulty assumption, resistance to quantum attacks, and high security. The article provided an overview of the recent research progress of lattice-based public-key encryption with keyword search from the perspective of security and functionality. Firstly, it outlined the research progress of lattice-based public key cryptography, the definition and the security model of public-key encryption with keyword search. Then, it focused on analyzing the recent lattice-based public-key encryption with keyword search schemes, analyzed the research on the security of the schemes from the starting point of attacking means, and compared the algorithmic efficiencies of the schemes in terms of the communication overhead and the computational complexity. Finally, it summarized the application scenarios and the future research trends.

Figures and Tables | References | Related Articles | Metrics

Security Analysis of Cryptographic Application Code Generated by Large Language Model

GUO Xiangxin, LIN Jingqiang, JIA Shijie, LI Guangzheng

2024, 24 (6): 917-925. doi: 10.3969/j.issn.1671-1122.2024.06.009

Abstract ( 320 )

HTML ( 42 )

PDF (19521KB) ( 165 )

With the extensive application of large language model(LLM) in software development, the role in enhancing development efficiency has also introduced new security risks, particularly in the field of cryptography applications that demand high security. This paper proposed an open-source prompt dataset named LLMCryptoSE, containing 460 natural language description prompts of cryptographic scenarios. It aimed to assess the security of code generated by LLM for cryptographic applications. At the same time, through an in-depth analysis of code snippets generated by LLM, this paper primarily evaluated the misuse of cryptographic API, employing the methodology that combined the static analysis tool CryptoGuard with manual review to conduct a detailed evlatuation of 1380 code snippets. The assessment of three mainstream LLM, including ChatGPT 3.5, ERNIE 3.5, and Spark 3.5, revealed that 52.90% of the code snippets contained at least one instance of cryptographic misuse, with Spark 3.5 showing a relatively better performance with a misuse rate of 48.48%. Based on these findings, the study not only reveals the current challenges in cryptographic application security faced by LLM, but also offers a series of recommendations for LLM users and developers to enhance security. These are aims at providing practical guidance for improving the application of LLM in cryptographic fields.

Figures and Tables | References | Related Articles | Metrics

Improved Decoy State Method for Measurement-Device-Independent Quantum Key Distribution

BAI Junlin, YIN Hualei

2024, 24 (6): 926-936. doi: 10.3969/j.issn.1671-1122.2024.06.010

Abstract ( 97 )

HTML ( 3 )

PDF (21678KB) ( 43 )

Measurement-device-independent quantum key distribution (MDI-QKD) is regarded as an efficient and practical building block of quantum networks because it eliminates loopholes on the detection side. Current MDI-QKD protocols implement non-ideal single-photon sources, and the decoy state method has been introduced to improve the key rate. A data processing method for MDI-QKD named the double-scanning method has performed excellently for processing statistical fluctuations. The double-scanning method enables higher key rates when estimating single-photon pair components using the decoy state method. However, this method suffers from requires time-consuming optimization. The article proposed a choosing solution, a novel decoy-state method, to achieve better performance of MDI-QKD than the original decoy-state method while requiring less optimization time than the double-scanning method. In simulations with some experimental parameter values, the article proposed method yielded a higher key rate than the decoy state method. Because no additional scanning optimization is needed, the MDI-QKD protocol with our method is advantageous to its speed and good hardware compatibility.

Figures and Tables | References | Related Articles | Metrics

Lattice-Based Round-Optimal Password Authenticated Secret Sharing Protocol

HU Chengcong, HU Honggang

2024, 24 (6): 937-947. doi: 10.3969/j.issn.1671-1122.2024.06.011

Abstract ( 131 )

HTML ( 11 )

PDF (13919KB) ( 171 )

The combination of password authentication and secret sharing in Password-Protected Secret Sharing (PPSS) schemes presents a distributed solution that aligns with practical user needs. This protocol allows a user to share secrets among multiple servers, only requiring the memorization of a short password for subsequent simultaneous authentication and secret reconstruction. The security ensures that as long as the adversary does not corrupt servers beyond a threshold, it cannot reveal any information related to password or the secrets from the protocol.The PPSS schemes were initially based on discrete-log-hardness assumptions and their variants, making them vulnerable to quantum attacks. Finding a quantum-secure construction has thus become an urgent problem to address. Roy et al. introduced a quantum-secure construction against malicious adversaries, but its communication rounds are not optimal and even not be constant in the presence of malicious adversaries. Addressing the issue of optimizing protocol rounds, this paper firstly introduced a lattice-based quantum-secure construction with optimal rounds, using a Verifiable Oblivious Pseudorandom Function (V-OPRF) primitive and then rigorously proved security of the protocol. Furthermore, the protocol ensured that in scenarios with a majority of honest servers, an honest user will always successfully reconstruct the correct secret within the optimal number of rounds, demonstrating strong robustness.

References | Related Articles | Metrics

Research on the Construction of Zero-Correlation Linear Discriminator for CLEFIA Dynamic Cipher Structure

SHEN Xiamin, XIONG Tao, LI Hua, SHEN Xuan

2024, 24 (6): 948-958. doi: 10.3969/j.issn.1671-1122.2024.06.012

Abstract ( 83 )

HTML ( 4 )

PDF (10909KB) ( 45 )

With the deepening of the research on block cipher application, the design of “dynamic variable” block cipher can effectively improve the application flexibility and deployment security of block cipher algorithm. CLEFIA algorithm follows the idea of “dynamic variable”, some scholars have improved the linear transformation layer of CLEFIA algorithm, so that the diffusion layer in the 6t(t≥1) round can be arbitrarily selected from the {0,1}⁴multiple linear bijection transforms. In order to analyze and evaluate the security performance of CLEFIA dynamic cipher structure, this paper mainly adopted the theory of zero-correlation linear analysis, and used the miss-in-the-middle technique and matrix representation method to analyze the zero-correlation linear discriminator of CLEFIA dynamic cipher structure. The results show that under the condition that the wheel function is bijective, no matter what the control parameters μ_i∈F₂,(0≤i≤4) of the dynamic linear layer of CLEFIA dynamic cipher structure are, there are always 8 rounds of zero-correlation linear discriminators. When controlling parameters μ₀=0, there are 9 rounds of zero-correlation linear discriminators.

Figures and Tables | References | Related Articles | Metrics

An Area Efficient Dual-State Configurable NTT Hardware Accelerator

ZHU Min, XIAO Hao

2024, 24 (6): 959-967. doi: 10.3969/j.issn.1671-1122.2024.06.013

Abstract ( 92 )

HTML ( 7 )

PDF (18408KB) ( 38 )

Matrix-vector multiplication is the main computational bottleneck of lattice-based Post-Quantum Cryptography (PQC) schemes. Utilizing the number theoretic transform (NTT) can reduce the computational complexity of matrix-vector multiplication from O(N²) to O(Nlog₂N), thereby further improving the computational speed of post-quantum cryptographic schemes. This article proposed an area-efficient dual-mode configurable NTT hardware accelerator based on field programmable gate array (FPGA), capable of efficiently executing NTT operations in the Kyber and Dilithium algorithms. The multiplier used in the proposed design compresses data bit width and reduced modulo costs using table lookup techniques, followed by reduction of results using the KRED algorithm. Furthermore, by combining optimized non-conflicting NTT data streams, the proposed dual-mode configurable NTT accelerator can efficiently complete computations. The NTT hardware accelerator proposed in this article is validated on the Xilinx Artix-7 platform. Compared to the reference work, the proposed dual-mode configurable NTT hardware accelerator performs better in terms of computational performance and hardware overhead while maintaining generality for Kyber and Dilithium algorithms.

Figures and Tables | References | Related Articles | Metrics

Research on Power Security Trading Platform Based on IPFS and Blockchain Technology

LING Zhi, YANG Ming, YU Jiangyin

2024, 24 (6): 968-976. doi: 10.3969/j.issn.1671-1122.2024.06.014

Abstract ( 123 )

HTML ( 11 )

PDF (17805KB) ( 59 )

In recent years, a large number of new energy entities have connected to power trading platforms, and core business data volume has surged, resulting in issues such as excessive operational pressure, data insecurity, and opaque transactions on the current centralized power trading platform. Blockchain is essentially a distributed account book with decentralized characteristics, which is difficult to tamper with and has high security technical features. The application of Inter planetary file system(IPFS) in blockchain can reduce the size of data stored in the blockchain, have the function of file deduplication, and effectively avoid some security issues and limitations in centralized storage. This paper proposed a power security trading platform model based on IPFS and blockchain technology, which achieved data storage optimization and established a market credit mechanism. Simulation experiments show that the proposed model can effectively alleviate the storage pressure on physical nodes, improve system operation efficiency, and effectively quantify the credit of market entities.

Figures and Tables | References | Related Articles | Metrics

Table of Content