• East Asian mathematical journal
• /
• v.39 no.3
• /
• pp.291-298
• /
• 2023

Recently, a new type of encryption called Homomorphic Authenticated Encryption (HAE) has been proposed. This combines the functionality of homomorphic encryption with authentication. Several concrete HAE schemes have been developed and security results for homomorphic authenticated encryption, designed by combining a homomorphic message authentication scheme with a homomorphic secret-key encryption, have been partially reported. In this paper, we analyze the security of a design method that combines homomorphic message authentication and homomorphic encryption, with a focus on the encryption after authentication (EAA) type. The results of our analysis show that while non-forgeability and indistinguishability are maintained, strong non-forgeability is not.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.5
• /
• pp.284-290
• /
• 2002

We propose a new authenticated encryption scheme that does not require any block encryption algorithm. Our scheme is based on the Horster-Michels-Petersen authenticated encryption scheme, and it uses a technique in the Bae~Deng signcryption scheme so that the sender's signature can be verified by an arbitrary third party. Since our scheme does not use any block encryption algorithm, we can reduce the code size in its implementation. The computation and communication costs of the proposed scheme are almost the same as those of the Bao-Deng scheme that uses a block encryption algorithm. Our scheme also satisfies all the security properties such as confidentiality, authenticity and nonrepudiation.

• Journal of Information Processing Systems
• /
• v.17 no.2
• /
• pp.253-270
• /
• 2021

In January 2013, the National Institute of Standards and Technology (NIST) announced the CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness) contest to identify authenticated ciphers that are suitable for a wide range of applications. A total of 57 submissions made it into the first round of the competition out of which 6 were announced as winners in March 2019. In the process of the competition, NIST realized that most of the authenticated ciphers submitted were not suitable for resource-constrained devices used as end nodes in the Internet-of-Things (IoT) platform. For that matter, the NIST Lightweight Cryptography Standardization Process was set up to identify authenticated encryption and hashing algorithms for IoT devices. The call for submissions was initiated in 2018 and in April 2019, 56 submissions made it into the first round of the competition. In August 2019, 32 out of the 56 submissions were selected for the second round which is due to end in the year 2021. This work surveys the 32 authenticated encryption schemes that made it into the second round of the NIST lightweight cryptography standardization process. The paper presents an easy-to-understand comparative overview of the recommended parameters, primitives, mode of operation, features, security parameter, and hardware/software performance of the 32 candidate algorithms. The paper goes further by discussing the challenges of the Lightweight Cryptography Standardization Process and provides some suitable recommendations.

• Journal of Internet Computing and Services
• /
• v.9 no.3
• /
• pp.43-50
• /
• 2008

Authenticated Encryption scheme in RFID system is the important issue for ID security. But, implementing authenticated Encryption scheme in RFID systems is not an easy proposition and systems are often delivered for reasons of complexity, limited resources, or implementation, fail to deliver required levels of security. RFID system is so frequently limited by memory, performance (or required number of gates) and by power drain, that lower levels of security are installed than required to protect the information. In this paper, we design a new authenticated encryption scheme based on the EC(Elliptic Curve)'s x-coordinates and scalar operation. Our scheme will be offers enhanced security feature in RFID system with respect to user privacy against illegal attack allowing a ECC point addition and doubling operation.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.33-44
• /
• 2021

Data outsourcing utilizing the Cloud faces a problem of the third-party exposure, modulation, and reliability for the provided computational delegation results. In order to solve those problematic security issues, homomorphic encryption(HE) which executes calculation and analysis on encrypted data becomes popular. By extension, a new type of HE with a authentication functionality, homomorphic authenticated encryption(HAE) is suggested. However, a research on the HAE is on the initial stage. Furthermore, based on a message authenticated scheme with HE, the method and analysis to design is still absent. This paper aims to analyze an HAE, with a generic combination of a message authenticated scheme and a HE, known as "Encrypt with Authentication". Following a series of analysis, we show that by adopting a unforgeable message authenticated scheme, the generically constructed HAE demonstrated an unforgeability as well. Though, a strong unforgeability is not the case. This paper concludes that although indistinguishable HE can be applied to design the HAE, a security issue on the possibility of indistinguishability is still not satisfied.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.139-146
• /
• 2006

A Signcryption proposed by Yuliang Zheng in 1997 is a hybrid public key primitive that combines a digital signature and a encryption. It provides more efficient method than a straightforward composition of an signature scheme with a encryption scheme. In a mobile communication environment, the authenticated key agreement protocol should be designed to have lower computational complexity and memory requirements. The password-based authenticated key exchange protocol is to authenticate a client and a server using an easily memorable password. This paper proposes an secure Authenticated Key Exchange protocol using Signcryption scheme. In Addition we also show that it is secure and a more efficient that other exiting authenticated key exchange protocol.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.8
• /
• pp.4060-4075
• /
• 2019

ACORN is an authenticated encryption algorithm proposed as a candidate in the currently ongoing CAESAR competition. ACORN has a good performance on security and efficiency which has been a third-round candidate. This paper mainly concentrates on the security of ACORN under the forgery attack and the non-repudiation of ACORN. Firstly, we analyze the differential properties of the feedback function in ACRON are analyzed. By taking advantage of these properties, the forgery attacks on round-reduced ACORN are proposed with a success probability higher than $2^{-128}$ when the number of finalization rounds is less than 87. Moreover, the non-repudiation of ACRON in the nonce-reuse setting is analyzed. The known collision can be used to deny the authenticated message with probability $2^{-120}$. This paper demonstrates that ACORN cannot generate the non-repudiation completely. We believe it is an undesirable property indeed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.3
• /
• pp.1157-1177
• /
• 2014

Convertible authenticated encryption (CAE) schemes enable the signer to send a confidential message and its corresponding signature to the designated recipient. The recipient can also convert the signature into a conventional one which can be verified by anyone. Integrating the properties of self-certified public key systems, this paper presents efficient and computationally indistinguishable self-certified CAE schemes for strengthening the security of E-Commerce applications. Additionally, we also adapt the proposed schemes to elliptic curve systems for facilitating the applications of limited computing power and insufficient storage space. The proposed schemes are secure against known existential active attacks, satisfy the semantic security requirement, and have the following advantages: (i) No extra certificate is required since the tasks of authenticating the public key and verifying the signature can be simultaneously carried out within one step, which helps reducing computation efforts and communication overheads. (ii) In case of a later dispute, the recipient can convert the signature into an ordinary one for the public arbitration. (iii) The signature conversion can be solely performed by the recipient without additional computation efforts or communication overheads. (iv) The recipient of the signature can prove himself, if needed, to anyone that he is actually the designated recipient.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.103-107
• /
• 2007

This paper represents a forgery attack on new authenticated encryption mode $NAE^{[1]}$ which was proposed at JCCI 2003. NAE is a new authenticated encryption mode which is combined with CFB mode and CTR mode. And it provides confidentiality. In this paper, we show that it is possible to make a valid ciphertext-tag pair only by modifying a ciphertext.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.8
• /
• pp.1519-1527
• /
• 2007

In order to combat the security threats that sensor networks are exposed to, a cryptography protocol is implemented at sensor nodes for point-to-point encryption between nodes. Given that nodes have limited resources, symmetric cryptography that is proven to be efficient for low power devices is implemented. Data protection is integrated into a sensor's packet by the means of symmetric encryption with the Dragon stream cipher and incorporating the newly designed Dragon-MAC Message Authentication Code. The proposed algorithm was designed to employ some of the data already computed by the underlying Dragon stream cipher for the purpose of minimizing the computational cost of the operations required by the MAC algorithm. In view that Dragon is a word based stream cipher with a fast key stream generation, it is very suitable for a constrained environment. Our protocol regarded the entity authentication and message authentication through the implementation of authenticated encryption scheme in wireless sensor nodes.