Papers by Olivier Markowitch
The main contributions of this paper are efficient distinguishing attacks against block ciphers t... more The main contributions of this paper are efficient distinguishing attacks against block ciphers that are conventionally modeled as pseudorandom permutations (PRP). Formally, block ciphers operate on fixed-length blocks of n bits, for example, n = 128 for the Advanced Encryption Standard (AES). Our analysis takes place in the setting in which the messages are m bits long, representing the entire input plaintext, where m is variable and unrelated to n. We show distinguish-fromrandom attacks for any n-bit block cipher in the standard modes of operation for confidentiality: ECB, CBC, CFB, OFB, CTR and XTS. We demonstrate that in all these 1-pass modes any n-bit block cipher leaves 'footprints' that allows an adversary to efficiently (in time and memory) distinguish them from a random permutation. We claim that two passes (in opposite directions) over the m-bit message, with textdependent feedforward (chaining) and in streaming mode are sufficient to circumvent the presented attacks.
International Journal of Quantum Information, Sep 1, 2009
Zeng and Keitel proposed an arbitrated quantum signature scheme in 2002. Recently, Curty and Lütk... more Zeng and Keitel proposed an arbitrated quantum signature scheme in 2002. Recently, Curty and Lütkenhaus pointed out that the protocol is not operationally specified. In a reply, Zeng gave more details of the scheme. The author also claimed that the scheme is suitable for unknown messages. In this letter, we remark that the invented scenario in the original scheme is artificial. This is because its security entirely depends on the presence of a trustworthy arbitrator. Moreover, the claim that the original scheme is suitable for unknown messages is not sound.
Workshop in Information Security Theory and Practice, 2009
In this paper we propose a new generic authentication and key agreement protocol intended to be u... more In this paper we propose a new generic authentication and key agreement protocol intended to be used in wireless environments. The protocol is designed to be implemented on devices with limited computing and storage resources.
IACR Cryptology ePrint Archive, 2018
In this document, most readers should be easily introduced to the challengesoffered to a designer... more In this document, most readers should be easily introduced to the challengesoffered to a designer, an implementer and a user when using electronic voting.Some of these challenges are receiving an answer in the second part of thedocument where we introduce and describe several distinct scientific resultsobtained during our years as PhD student covering essentially the years 2009 to2011 included. All these results are aimed towards either better understandingthe issues of electronic voting or solving them. Nonetheless, a reader might beinterested in picking one of these contributions to use for his own electronicvoting system while leaving the rest. That is, the different chapters of thesecond part of the document are able to stand on their own most of the timeand could be used without the others which leads us to introduce each of themseparately.After concluding in the third part, we provide a certain amount of appendicesthat were not thoroughly discussed within the second part of the documentbut that might be of interest to the reader. These appendices are made ofvarious researches, collaborations and analyzes that we performed during thosesame years and which are related to electronic voting.
Distributed Multimedia Systems, 2003
In this paper, we propose a new practical fair exchange protocol allowing the exchange of an elec... more In this paper, we propose a new practical fair exchange protocol allowing the exchange of an electronic item against a signature. The protocol is based on the Guillou-Quisquater scheme and assumes the existence of a trusted third party that is involved in the protocol only in the setup phase and when one of the parties does not follow the protocol or some technical problems occur during the execution of the protocol. The interesting feature of the protocol is the low communication and computational costs required by the parties. Moreover, in case of problems during the main protocol, the trusted third party acts transparently.
In this paper we present how multi-party designated verifier signatures can be used as generic so... more In this paper we present how multi-party designated verifier signatures can be used as generic solution to provide coercion-freeness in electronic voting schemes. We illustrate the concept of multi-party designated verifier signatures with an enhanced version of Ghodosi and Pieprzyk [GP06]'s threshold signature scheme. The proposed scheme is efficient, secure, allows distributed computations of the signature on the ballot receipt, and can be parameterized to set a threshold on the number of required signers. The security of the designated verifier property is evaluated using the simulation paradigm [Gol00] based on the security analysis of [GHKR08]. Unlike previously provable schemes, ours is ideal, i.e. the bit-length of each secret key share is bounded by the bit-length of the RSA modulus.
Cryptography is the foundation of modern IT security, it provides algorithms and protocols that c... more Cryptography is the foundation of modern IT security, it provides algorithms and protocols that can be used for secure communications. Cryptographic algorithms ensure properties such as confidentiality and data integrity. Confidentiality can be ensured using encryption algorithms. Encryption algorithms require a secret information called a key. These algorithms are implemented in cryptographic devices. There exist many types of attacks against such cryptosystems, the main goal of these attacks is the extraction of the secret key. Side-channel attacks are among the strongest types of attacks against cryptosystems. xxiii ронним каналам. Затем, в данной работе представлен симулятор Ascold, он может быть использован для обнаружения утечек информации в реализациях алгоритмов, которые используют маскировку в качестве защиты от атак по сторонним каналам. Этот инструмент основан на анализе программы на языке ассемблера. И наконец, эта работа демонстрирует, как симулятор Savrasca может быть использован для обнаружения утечек информации на основе анализа скомпилированного исполняемого файла. Этот симулятор был успешно использован для анализа реализации алгоритма шифрования с использованием маскировки в качестве контрмеры против атак по сторонним каналам, данный алгоритм был представлен на конкурсе атак по сторонним каналам (4-я версия конкурса DPA Contest [дипиэй контест]). В результате анализа с помощью нашего симулятора в данной реализации были обнаружены ранее неизвестные уязвимости, которые могут быть использованы для атак по сторонним каналам. В ходе этой работы результаты атак, основанных на симуляторах, были сравнены с результатами атак на реализациях алгоритмов шифрования в микроконтроллерах. Было успешно показано, что проблемы, обнаруженные с помощью симуляторов, также присущи шифровальным устройствам. В общем, эта работа подчеркивает, что симуляторы являются очень ценным инструментом для обнаружения утечек информации и для анализа атак по сторонним каналам на ранних стадиях в процессе разработки криптографических систем.
International Conference on Software Engineering, Feb 16, 2007
In this paper we consider the confidentiality aspects of particular Grid's applications such as, ... more In this paper we consider the confidentiality aspects of particular Grid's applications such as, for example, genetic applications. The search of DNA similarities is one of the interesting areas of genetic biology. However, DNA sequences comparisons need greedy and sensitive computations. We propose a model allowing to search DNA similarities in a public DNA database on the Grid. The model is related to the private approximate string matching problem where neither the inputs nor the outputs of the comparisons are revealed. We analyze the performance of our proposed DNA disguising method by taking into account how the edit distances between the client's queries and their corresponding disguises are distributed along the DNA sequences.
Lecture Notes in Computer Science, 2018
In many privacy-preserving protocols, protection of the user's identity, called anonymity, is a d... more In many privacy-preserving protocols, protection of the user's identity, called anonymity, is a desirable feature. Another issue is that, if a signed document is leaked then anyone can be convinced of the authenticated data, which is strictly not allowed for sensitive data, instead the authentication only by a designated receiver is recommended. There are many scenarios in real life, for example e-auction, where both the functionalities-anonymity and designated verification are required simultaneously. For such an objective, in this paper we introduce a compact scheme of identity-based strong designated verifier group signature (ID-SDVGS) by combining the good features of strong designated verifier signature and group signature in ID-based setting. This scheme provides anonymity to the signer of a designated verifier signature with the feature of the revocation of signer's identity in case of misuse or dispute. Moreover, our scheme fulfils all the security properties of the individual components. We have obtained an ID-based instantiation of the generic group signature given by Bellare et al. in Eurocrypt 2003, and have proposed our scheme on that framework. To the best of our knowledge, this is the first construction of ID-SDVGS.
IEEE Transactions on Cloud Computing, Jul 1, 2019
We show that Chen et al.'s schemes [IEEE TCC, 2(4), 2014, 499-508] for outsourcing linear regress... more We show that Chen et al.'s schemes [IEEE TCC, 2(4), 2014, 499-508] for outsourcing linear regression computation to the cloud are not unquestioned. In scheme 1, the client has to generate an orthogonal matrix. Its computational complexity is almost equal to that of solving a linear regression problem locally. In such case, the client has no necessary to outsource the computations to the cloud. In scheme 2, it masks a matrix by multiplying two diagonal matrixes. The linear transformation is very vulnerable to statistical attack.
Springer eBooks, 2003
The aim of this paper is to give an overview of the most classical definitions of fairness in exc... more The aim of this paper is to give an overview of the most classical definitions of fairness in exchange protocols. We show the evolution of the definition, while putting forward that certain definitions are rather vague or too specialized. We propose a structured and generalized definition of fairness and of the security of exchange protocols.
Lecture Notes in Computer Science, 2017
Many Internet users deploy several cloud services for storing sensitive data. Cloud services prov... more Many Internet users deploy several cloud services for storing sensitive data. Cloud services provide the opportunity to perform cheap and efficient storage techniques. In order to guarantee secrecy of uploaded data, users need first to encrypt it before uploading it to the cloud servers. There are also certain services which allow user to perform search operations according to certain attributes without revealing any information about the encrypted content. In the cryptographic community this service is known as the public key encryption with keyword search. In order to enable user control during performed search operations there exists an attribute-based encryption scheme that provides the required functionality. We introduce the first Key-Policy Multi-Authority Attribute-Based Encryption (KP-MABE) on lattices assuming existence of multiple servers, where each of these servers contributes to the decryption process by computing decryption shares using its own secret share. Furthermore we construct a Key-Policy Distributed Attribute-Based Searchable Encryption (DABSE) which is based on lattices and use the introduced KP-MABE as a building block for the transformation to DABSE. We prove our scheme secure against chosen ciphertext attacks under the assumption that the underlying KP-MABE is secure under the hardness of learning with errors (LWE) problem.
Iet Information Security, Jul 1, 2017
Side-channel attacks provide tools to analyse the degree of resilience of a cryptographic device ... more Side-channel attacks provide tools to analyse the degree of resilience of a cryptographic device against adversaries measuring leakages (e.g. power traces) on the target device executing cryptographic algorithms. In 2002, Chari et al. introduced template attacks (TA) as the strongest parametric profiled attacks in an information theoretic sense. Few years later, Schindler et al. proposed stochastic attacks (representing other parametric profiled attacks) as improved attacks (with respect to TA) when the adversary has information on the data-dependent part of the leakage. Less than ten years later, the machine learning field provided non-parametric profiled attacks especially useful in high dimensionality contexts. In this study, the authors provide new contexts in which profiled attacks based on machine learning outperform conventional parametric profiled attacks: when the set of leakages contains errors or distortions. More precisely, the authors found that (i) profiled attacks based on machine learning remain effective in a wide range of scenarios, and (ii) TA are more sensitive to distortions and errors in the profiling and attacking sets.
Lecture Notes in Computer Science, 2001
Traditional pen and paper transactions are becoming more and more replaced by equivalent electron... more Traditional pen and paper transactions are becoming more and more replaced by equivalent electronic services. Therefore electronic e-mail should also provide enhanced services as those provided by traditional mail. In this paper we present new optimistic protocols for certified e-mail. The major contribution of our paper is the definition of a new property, specific to certified no author-based selective receipt. This property requires that once the identity of the author of the mail is known, the receipt can not be refused any more. We present two certified e-mail protocols respecting this property.
Lecture Notes in Computer Science, 2004
This paper proposes a designated verifier signature scheme based on the Schnorr signature and the... more This paper proposes a designated verifier signature scheme based on the Schnorr signature and the Zheng signcryption schemes. One of the advantages of the new scheme compared with all previously proposed schemes is that it achieves the "strong designated verifier" property without encrypting any part of the signatures. This is because the designated verifier's secret key is involved in the verification phase. Another advantage of the proposed scheme is the low communication and computational cost. Generating a signature requires only one modular exponentiation, while this amount is two for the verification. Also, a signature in our scheme is more than four times shorter than those of known designated verifier schemes.
International Conference on Networks, Mar 1, 2006
The growing use of the Internet promotes the replacement of traditional manual transactions by eq... more The growing use of the Internet promotes the replacement of traditional manual transactions by equivalent electronic services. Research was carried out to investigate enhanced services related to electronic mail. This paper points out that a certified email protocol has to provide the sender of a certified email with an evidence that this email has been either received or refused by its recipient, and proposes a new definition of the fairness property, specific to the certified email field. Finally, a new efficient certified email protocol respecting this property is presented.
Social Science Research Network, 2017
Feature extraction and feature selection are the first tasks in pre-processing of input logs in o... more Feature extraction and feature selection are the first tasks in pre-processing of input logs in order to detect cyber security threats and attacks while utilizing machine learning. When it comes to the analysis of heterogeneous data derived from different sources, these tasks are found to be time-consuming and difficult to be managed efficiently. In this paper, we present an approach for handling feature extraction and feature selection for security analytics of heterogeneous data derived from different network sensors. The approach is implemented in Apache Spark, using its python API, named pyspark.
Uploads
Papers by Olivier Markowitch