• ETRI Journal
• /
• v.45 no.6
• /
• pp.1090-1102
• /
• 2023

Authenticated multiple key agreement (AMKA) protocols provide participants with multiple session keys after one round of authentication. Many schemes use Diffie-Hellman or authenticated key agreement schemes that rely on hard integer factorizations that are vulnerable to quantum algorithms. Lattice cryptography provides quantum resistance to authenticated key agreement protocols, but the certificate always incurs excessive public key infrastructure management overhead. Thus, a lightweight lattice-based secure system is needed that removes this overhead. To answer this need, we provide a two-party lattice- and identity-based AMKA scheme based on bilateral short integer or computational bilateral inhomogeneous small integer solutions, and we provide a security proof based on the random oracle model. Compared with existing AMKA protocols, our new protocol has higher efficiency and stronger security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1329-1342
• /
• 2018

Recent advances in quantum computer development have raised the issue of the security of RSA and elliptic curve cryptography, which are widely used. In response, the National Institute of Standards and Technology(NIST) is working on the standardization of public key cryptosystem which is secure in the quantum computing environment. Lattice-based cryptography is a typical post-quantum cryptography(PQC), and various lattice-based cryptographic schemes have been proposed for NIST's PQC standardization contest. Among them, EMBLEM proposed a new multi-bit encryption method which is more intuitive and efficient for encryption and decryption phases than the existing LWE-based encryption schemes. In this paper, we propose a multi-bit encryption scheme with improved efficiency using LWR assumption. In addition, we prove the security of our schemes and analyze the efficiency by comparing with EMBLEM and R.EMBLEM.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.76-82
• /
• 2023

In the 4th industrial revolution, the blockchain that distributes and manages data through a P2P network is used as a new decentralized networking paradigm in various fields such as manufacturing, culture, and public service. However, with the advent of quantum computers, quantum algorithms that are able to break existing cryptosystems such as hash function, symmetric key, and public key cryptography have been introduced. Currently, because most major blockchain systems use an elliptic curve cryptography to generate signatures for transactions, they are insecure against the quantum adversary. For this reason, the research on the quantum-resistant blockchain that utilizes lattice-based cryptography for transaction signatures is needed. Therefore, in this paper, we propose a blind signature scheme for the blockchain in which the contents of the signature can be verified later, as well as signing by hiding the contents to be signed using lattice-based cryptography with the property of quantum resistance. In addition, we prove the security of the proposed scheme using a random oracle model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4203-4225
• /
• 2014

Fuzzy identity-based cryptography introduces the threshold structure into identity-based cryptography, changes the receiver of a ciphertext from exact one to dynamic many, makes a cryptographic scheme more efficient and flexible. In this paper, we propose the first fuzzy identity-based signcryption scheme in lattice-based cryptography. Firstly, we give a fuzzy identity-based signcryption scheme that is indistinguishable against chosen plaintext attack under selective identity model. Then we apply Fujisaki-Okamoto method to obtain a fuzzy identity-based signcryption scheme that is indistinguishable against adaptive chosen ciphertext attack under selective identity model. Thirdly, we prove our scheme is existentially unforgeable against chosen message attack under selective identity model. As far as we know, our scheme is the first fuzzy identity-based signcryption scheme that is secure even in the quantum environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.8
• /
• pp.2816-2830
• /
• 2022

Number Theoretic Transform (NTT) is a method to design efficient multiplier for large integer multiplication, which is widely used in cryptography and scientific computation. On top of that, it has also received wide attention from the research community to design efficient hardware architecture for large size RSA, fully homomorphic encryption, and lattice-based cryptography. Existing NTT hardware architecture reported in the literature are mainly designed based on radix-2 NTT, due to its small area consumption. However, NTT with larger radix (e.g., radix-4) may achieve faster speed performance in the expense of larger hardware resources. In this paper, we present the performance evaluation on NTT architecture in terms of hardware resource consumption and the latency, based on the proposed radix-2 and radix-4 technique. Our experimental results show that the 16-point radix-4 architecture is 2× faster than radix-2 architecture in expense of approximately 4× additional hardware. The proposed architecture can be extended to support the large integer multiplication in cryptography applications (e.g., RSA). The experimental results show that the proposed 3072-bit multiplier outperformed the best 3k-multiplier from Chen et al. [16] by 3.06%, but it also costs about 40% more LUTs and 77.8% more DSPs resources.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.47-57
• /
• 2004

The Goldreich-Goldwasser-Halevi(GGH)'s signature scheme from Crypto '97 is cryptanalyzed, which is based on the well-blown lattice problem. We mount a chosen message attack on the signature scheme, and show the signature scheme is vulnerable to the attack. We collects n lattice points that are linearly independent each other, and constructs a new basis that generates a sub-lattice of the original lattice. The sub-lattice is shown to be sufficient to generate a valid signature. Empirical results are presented to show the effectiveness of the attack Finally, we show that the cube-like parameter used for the private-key generation is harmful to the security of the scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3911-3924
• /
• 2016

Compared to the classical cryptography, lattice-based cryptography is more secure, flexible and simple, and it is believed to be secure against quantum computers. In this paper, an efficient signature scheme is proposed from the ring learning with errors (R-LWE), which avoids sampling from discrete Gaussians and has the characteristics of the much simpler description etc. Then, the scheme is implemented in C/C++ and makes a comparison with the RSA signature scheme in detail. Additionally, a linearly homomorphic signature scheme without trapdoor is proposed from the R-LWE assumption. The security of the above two schemes are reducible to the worst-case hardness of shortest vectors on ideal lattices. The security analyses indicate the proposed schemes are unforgeable under chosen message attack model, and the efficiency analyses also show that the above schemes are much more efficient than other correlative signature schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.1
• /
• pp.74-96
• /
• 2023

At present, the smart grid has become one of the indispensable infrastructures in people's lives. As a commonly used communication method, wireless communication is gradually, being widely used in smart grid systems due to its convenient deployment and wide range of serious challenges to security. For the insecurity of the schemes based on large integer factorization and discrete logarithm problem in the quantum environment, an identity-based key management scheme for smart grid over lattice is proposed. To assure the communication security, through constructing intra-cluster and inter-cluster multi-hop routing secure mechanism. The time parameter and identity information are introduced in the relying phase. Through using the symmetric cryptography algorithm to encrypt improve communication efficiency. Through output the authentication information with probability, the protocol makes the private key of the certification body no relation with the distribution of authentication information. Theoretic studies and figures show that the efficiency of keys can be authenticated, so the number of attacks, including masquerade, reply and message manipulation attacks can be resisted. The new scheme can not only increase the security, but also decrease the communication energy consumption.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1001-1011
• /
• 2017

A lattice-based cryptography is known as one of the post-quantum cryptographies. Ring-LWE problem is an algebraic variant of LWE, which operates over elements of polynomial rings instead of vectors. It is already known that post-quantum cryptography has side-channel analysis vulnerability. In 2016, Park et al. reported a SPA vulnerability of the public key cryptosystem, which is proposed by Roy et al., based on the ring-LWE problem. In 2015 and 2016, Reparaz et al. proposed DPA attack and countermeasures against Roy cryptosystem. In this paper, we show that the chosen ciphertext SPA attack is also possible for Lyubashevsky cryptosystem which does not use NTT. And then we propose a countermeasure against CCSPA(Chosen Ciphertext SPA) attack and we also show through experiment that our proposed countermeasure is secure.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.12
• /
• pp.3261-3273
• /
• 2013

In the paper, we propose a novel adaptively secure hierarchical identity-based signature scheme from lattices. The size of signatures in our scheme is shortest among the existing hierarchical identity-based signature schemes from lattices. Our scheme is motivated by Gentry et al.'s signature scheme and Agrawal et al.'s hierarchical identity-based encryption scheme.