Key Agreement

Homomorphic encryption (HE) is a promising technology for protecting data in use, with considerable recent years progress towards attaining practical runtime performance. However the high storage overhead associated with HE remains an obstacle preventing its large scale adoption. In this work we propose a new storage solution in the twoserver model resolving the high storage overhead associated with HE, while preserving data confidentiality. Our solution attains the following desired properties: 1. Compact storage with zero overhead over storing AES ciphertexts, and 10× to 10× better than storing CKKS ciphertexts. 2. Fast runtime performance for storage and retrieval, only twice the time of directly storing and retrieving HE ciphertexts. 3. Dynamic control during retrieval of the HE parameters and the data items to be packed in each HE ciphertext. 4. Plug-and-play compatibility with any homomorphic computation. We implemented our solution into a proof-of-concept system running on AW...

The Diffie-Hellman protocol (DHP) is one of the most studied protocols in cryptography. Much work has been dedicated to armor the original protocol against active attacks while incurring a minimal performance overhead relative to the basic (unauthenticated) DHP. This line of work has resulted in some remarkable protocols, e.g., MQV, where the protocol's communication cost is identical to that of the basic DHP and the computation overhead is small. Unfortunately, MQV and similar 2-message "implicitly authenticated" protocols do not achieve full security against active attacks since they cannot provide forward secrecy (PFS), a major security goal of DHP, against active attackers. In this paper we investigate the question of whether one can push the limits of authenticated DHPs even further, namely, to achieve communication complexity as in the original DHP (two messages with a single group element per message), maintain low computational overhead, and yet achieve full PFS against active attackers in a provable way. We answer this question in the affirmative by resorting to an old and elegant key agreement protocol: the Okamoto-Tanaka protocol . We present a variant of the protocol (denoted mOT) which achieves the above minimal communication, incurs a computational overhead relative to the basic DHP that is practically negligible, and yet achieves full provable key agreement security, including PFS, against active attackers. Moreover, due to the identity-based properties of mOT, even the sending of certificates (typical for authenticated DHPs) can be avoided in the protocol. As additional contributions, we apply our analysis to prove the security of a recent multi-domain extension of the Okamoto-Tanaka protocol by Schridde et al. and show how to adapt mOT to the (non id-based) certificate-based setting.

The swift advancement of mobile intelligent terminals and services enables users to seamlessly access ubiquitous services across global mobile networks. Ensuring the authentication and safeguarding of the privacy of network entities is crucial. Numerous authentication and privacy schemes have been put forth over time, yet many of them have faced security and privacy challenges. A recent contribution introduces a lightweight authentication scheme (LAS) designed for roaming services within global mobile networks. They assert that their scheme offers user anonymity, mutual authentication, fair key agreement, and user-friendliness, claiming resilience against various attacks in global mobile networks. This paper, however, identifies two design flaws in the LAS and highlights its vulnerability to two masquerading attacks and a mobile user (MU) trace attack. Consequently, we propose a privacy-preserving LAS tailored for global mobile networks. Our analysis demonstrates that the proposed authentication scheme is secure and delivers enhanced privacy with efficient performance.

Many authentication and key agreement protocols were proposed for protecting communicated messages. In previous protocols, if the user's identity is transmitted in plaintext, an adversary can tap the communications and employ it to launch some attacks. In most protocols with user anonymity, they focus on satisfaction of several security requirements. From a client's point of view, those protocols are not admired since the cost of storage, computation and communication is high. In pervasive computing, a client usually uses a limited-resource device to access multiple servers. The storage and computation are very important issues especially in this kind of environments. Also, for a convenience of designing protocol, most protocols use timestamps to prevent the replay attack. As we know, the serious time synchronization problem exists in timestamp-based protocols. Finally, most protocols do not have formal proofs for the security. In this paper, we propose a secure and efficient identification and key agreement protocol with user anonymity based on the difficulty of cracking the elliptic curve Diffie-Hellman assumption. In addition, we also propose an augmented protocol for providing the explicit mutual authentication. Compared with the related protocols, the proposed protocols' computation cost is lower and the key length is shorter. Therefore, our protocols are suitable even for applications in low power computing environments. Finally, we formally prove the security of the proposed protocols by employing the random oracle model.

In 2016 and 2017, Shi et al first proposed two protocols for the communication parties to establish a quantum session key. Both work by rotating the angle of one communicator’s private key on the other party's quantum public key. In their approaches, the session key shared by each pair of communicators is fixed after the key generation phase. Thereafter, the key used in each communication does not change, but for security consideration, the session key should be changed in every time usage. In other words, those key agreement protocols do not satisfy the requirement of key security. In view of this, this paper develops a quantum session key establishment based on the Diffie-Hermann style key exchange to produce different quantum session keys in each communications. After analysis, we confirm that our method can resist various attacks and is therefore secure.

In this article, we discuss the key agreement proposed by Bohio and Miri to implement on the two well-known protocols, Dynamic Source Routing protocol(DSR)and Highly Dynamic Destination-Sequenced Distance-Vector Routing protocol(DSDV), in an ad hoc network. We point out that the weakness existed in their scheme; it cannot resist the Key Compromise Impersonation (KCI) attack when routing. Moreover, we propose a novel scheme to get rid of this weakness.

In this paper, we analyze the protocols of Bindu et al., Goriparthi et al., Wang et al. and Hölbl et al.. After analyses, we found that Bindu et al.' s protocol suffers from the insider attack if the smart card is lost, both Goriparthi et al.' s and Wang et al.' s protocols can' t withstand the DoS attack on the password change phase which makes the password invalid after the protocol run, and Hölbl et al.' s protocol is vulnerable to the insider attack since a malevolent legal user can deduce KGC' s secret key x s .

Key establishment between any pair of nodes is an essential requirement for providing secure services in wireless sensor networks. Blom's scheme is a prominent key management scheme but its shortcomings include large computation overhead and memory cost. We propose a new scheme in this paper that modifies Blom's scheme in a manner that reduces memory and computation costs. This paper also provides the value for secure parameter t such that the network is resilient.

Key establishment between any pair of nodes is an essential requirement for providing secure services in wireless sensor networks. Blom's scheme is a prominent key management scheme but its shortcomings include large computation overhead and memory cost. We propose a new scheme in this paper that modifies Blom's scheme in a manner that reduces memory and computation costs. This paper also provides the value for secure parameter t such that the network is resilient.

Since the invention of electricity, global power grids have been at the forefront of technological advances. The antiquated infrastructure of power system which provides power to the city's homes, factories and businesses are replaced with a new power distribution system. This new infrastructure of power distribution includes the collection of digital systems called the smart grid. In the smart grid, one of the main components is the distribution system, and the consumption reports are transferred from the substations to the control center. Currently, the smart substations use the IEC61850, however, it is not completely safe. IEC 62351 is used to secure this standard. However, the security protocols are provided for IEC 62351 standard, and there are different security issues to this standard. This paper presents a key agreement scheme with an authentication mechanism based on ECC for securing the communication between the data center and substation. In addition, it can cover the standard security weaknesses, and the session key is generated due to the time limit for the two important protocols in IEC 62851 (i.e. GOOSE and SV).

We study the two party problem of randomly selecting a string among all the strings of length n. We want the protocol to have the property that the output distribution has high entropy, even when one of the two parties is dishonest and deviates from the protocol. We develop protocols that achieve high, close to n, entropy. In the literature the randomness guarantee is usually expressed as being close to the uniform distribution or in terms of resiliency. The notion of entropy is not directly comparable to that of resiliency, but we establish a connection between the two that allows us to compare our protocols with the existing ones. We construct an explicit protocol that yields entropy n − O(1) and has 4 log * n rounds, improving over the protocol of Goldreich et al. [3] that also achieves this entropy but needs O(n) rounds. Both these protocols need O(n 2) bits of communication. Next we reduce the communication in our protocols. We show the existence, nonexplicitly, of a protocol that has 6 rounds, 2n + 8 log n bits of communication and yields entropy n − O(log n) and min-entropy n/2 − O(log n). Our protocol achieves the same entropy bound as the recent, also non-explicit, protocol of Gradwohl et al. [4], however achieves much higher min-entropy: n/2 − O(log n) versus O(log n). Finally we exhibit very simple explicit protocols. We connect the security parameter of these geometric protocols with the well studied Kakeya problem motivated by harmonic analysis and analytical number theory. We are only able to prove that these protocols have entropy 3n/4 but still n/2 − O(log n) min-entropy. Therefore they do not perform as well with respect to the explicit constructions of Gradwohl et al. [4] entropy-wise, but still have much better min-entropy. We conjecture that these simple protocols achieve n − o(n) entropy. Our geometric construction and its relation to the Kakeya problem follows a new and different approach to the random selection problem than any of the previously known protocols.

To achieve security in wireless sensor networks, it is important to be able to encrypt and authenticate messages sent between sensor nodes. Before doing so, keys for performing encryption and authentication must be agreed upon by the communicating parties. Due to resource constraints, however, achieving key agreement in wireless sensor networks is nontrivial. Many key agreement schemes used in general networks, such as Diffie-Hellman and other public-key based schemes, are not suitable for wireless sensor networks due to the limited computational abilities of the sensor nodes. Predistribution of secret keys for all pairs of nodes is not viable due to the large amount of memory this requires when the network size is large.In this paper, we provide a framework in which to study the security of key predistribution schemes, propose a new key predistribution scheme which substantially improves the resilience of the network compared to previous schemes, and give an in-depth analysis of ou...

In this paper, we propose a non-commutative keyexchange scheme which generalizes the classical ElGamal Cipher to polycyclic groups. We describe the criteria for groups which would provide good candidates for such cryptosystems, we also examine the complexity of the decision problems related to these key exchange.

As a result of the growing popularity of wireless networks, in particular ad hoc networks, security over such networks has become very important. In this paper, we study the problem of secure group communications (SGC) and key management over ad hoc networks. We identify the key features of any SGC protocol for such networks. We also propose an efficient key agreement scheme for SGC. The scheme solves two important problems that exist in most current SGC schemes: requirement of member serialization and existence of a central entity. Besides this, the protocol also has many highly desirable properties such as contributory and efficient computation of group key, uniform work load for all the members, few rounds of rekeying (2 rounds for the initial key formation and join and 1 round for leave), and efficient support for high dynamics. These properties make the protocol well suited for wireless ad hoc networks.

Certificateless Public key Cryptography is a widely studied paradigm due to its advantages of not having the key-escrow problem and the lack of use of certificates. Online-Offline signature schemes are extremely relevant today because of their great practical applications. In an online-offline signature scheme all the heavy computation is done on powerful processors and stored securely in the offline phase, and the online component requires only light computation. Hence, it is widely used in several low-resource devices like mobile phones, etc. Revocation is another important problem of wide interest as it helps to keep a check on misbehaving users. Currently, there are very few revocable certificateless signature schemes in the literature. We have addressed some of the limitations of the previously existing schemes and designed a new model for the same that involves periodic time generated keys. We present a revocable online-offline certificateless signature scheme without pairing. Pairing, though a very useful mathematical function, comes at the cost of heavy computation. Our scheme is proved secure in the random oracle model using a tight security reduction to the computational Diffie-Hellman problem.

This study proposes a Generic Hybrid Encryption System (HES) under mutual committee of symmetric and asymmetric cryptosystems. Asymmetric (public key) Cryptosystems associates several performance issues like computational incompetence, memory wastages, energy consumptions and employment limitations on bulky data sets but they are quite secure and reliable in key exchange over insecure remote communication channels. Symmetric (private key) cryptosystems are 100 times out performed, having no such issues but they cannot fulfill non-repudiation, false modifications in secret key, fake modifications in cipher text and origin authentication of both parties while exchanging information. These contradictory issues can be omitted by utilizing hybrid encryption mechanisms (symmetric+asymmetric) to get optimal benefits of both schemes. Several hybrid mechanisms are available with different logics but our logic differs in infrastructural design, simplicity, computational efficiency and security as compared to prior hybrid encryption schemes. Some prior schemes are either diversified in performance aspects, customer satisfaction, memory utilization or energy consumptions and some are vulnerable against forgery and password guessing (session key recovery) attacks. We have done some functional and design related changes in existing Public Key Infrastructure (PKI) to achieve simplicity, optimal privacy and more customer satisfaction by providing Hybrid Encryption System (HES) that is able to fulfill all set of standardized security constraints. No such PKI based generic hybrid encryption scheme persists as we have provided in order to manage all these kinds of discussed issues.

The notion of a Secretly Embedded Trapdoor with Universal Protection (SETUP) and its variations on attacking black-box cryptosysterns has been recently introduced. The basic definitions, issues, and examples of various setup attacks (called Kleptographic attacks) have also been presented. The goal of this work is to describe a methodological way of attacking cryptosystems which exploits certain relations between cryptosystem instances which exist within cryptosystems. We call such relations "kleptograms'. The identified kleptogram is used as the base for searching for a setup.

Due to avoiding the key escrow problem in the identity-based cryptosystem, certificateless public key cryptosystem (CLPKC) has received a significant attention. As an important part of the CLPKC, the certificateless authenticated key agreement (CLAKA) protocol also received considerable attention. Most CLAKA protocols are built from bilinear mappings on elliptic curves which need costly operations. To improve the performance, several pairing-free CLAKA protocols have been proposed. In this paper we propose a new pairing-free CLAKA protocol. Compared with the related protocols our protocol has better performance. We also show our protocol is provably secure in a very strong security model, i.e. the extended Canetti-Krawczyk (eCK) model.

This paper studies a variation on classical key-agreement and consensus problems in which the set S of possible keys is the range of a random variable that can be sampled. We give tight upper and lower bounds of log 2 k bits on the communication complexity of agreement on some key in S, using a form of Sperner's Lemma, and give bounds on other problems. In the case where keys are generated by a probabilistic polynomial-time Turing machine, agreement is shown to be possible with zero communication if every fully polynomial-time approximation scheme (fpras) has a certain symmetry-breaking property. Topics Computational complexity, cryptography.

In this thesis we present our contribution in the field of post-quantum cryptography. We introduce a new notion of weakly Random-Self-Reducible public-key cryptosystem and show how it can be used to implement secure Oblivious Transfer. We also show that two recent (Post-quantum) cryptosystems can be considered as weakly Random-Self-Reducible. We introduce a new problem called Isometric Lattice Problem and reduce graph isomorphism and linear code equivalence to this problem. We also show that this problem has a perfect zero-knowledge interactive proof with respect to a malicious verifier; this is the only hard problem in lattices that is known to have this property.

In this paper, we propose a non-commutative keyexchange scheme which generalizes the classical ElGamal Cipher to polycyclic groups. We describe the criteria for groups which would provide good candidates for such cryptosystems, we also examine the complexity of the decision problems related to these key exchange.

Inner product encryption (IPE) is a new cryptographic primitive initially proposed by Abdalla et al. in 2015. IPE can be classified into public-key IPE and secret-key IPE. The currently proposed PK-IPE schemes cannot resist the following collusion attack: an invalid user that holds no private key can "buy" a combined key generated from multiple collusion adversaries, and the user can use this private key to decrypt a ciphertext. Furthermore, the user should not let the collusion adversaries know the ciphertext, and the collusion adversaries should not let the user learn their private keys. We present a new PK-IPE to resist such collusion attack. Our PK-IPE is proven secure under the selective-vector chosen-plaintext attack model. We formalize a selective vector collusion attack model to prove that our scheme is secure under this model.

DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal. If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the "Taverne" license above, please follow below link for the End User Agreement:

We construct a Certificateless Public Key Signature scheme-CL-PKS, i.e., a cryptographic signature scheme which does not require any Digital Certificate to verify a signature generated by a private key, based on asymmetric bilinear pairing functions. Our scheme does not allow the so-called key escrow. We analyze both its efficiency and security: it is more efficient than previously published CL-PKS schemes, with shorter signatures and public keys; we prove it is strong against adaptively chosen message attacks, based on the computational difficulty of the Diffie-Hellman Problems.

This Paper briefly sketches out the usage of security system in Mobile Cloud Computing which is including the monitoring, recording, tracking and giving notification to the user. For encryption-decryption will use Elliptic Curve Cryptography (ECC). The functionality of re-encryption "tag" and "mark" for data access system for every legal user. It suggests the cloud computing based on encryption and decryption services with functional reencryption which the encrypted medical data could be accessed and decryption from anywhere by whomever that has the ability to access according to the access policy. This paper proposed the discussion of the idea of medical usage of the cloud computing and the security accessing data by people who has been authorized according to the access policy.

We propose a new mathematical problem that is applicable to public key cryptography. Based on the Discrete Logarithm Problem (DLP), it uses certain elements formed by two matrices with elements in a finite field and a matrix whose elements are points of an elliptic curve. With this system, we get a larger key space without increasing the underlying elliptic curve and, consequently, without the computational requirements inherent to the set up of elliptic curves at random. Also, we expose the Diffie-Hellman key agreement protocol with this system acting as the underlying mathematical problem.

This paper considers the problem of information-theoretic Secret Key Establishment (SKE) in the presence of a passive adversary, Eve, when Alice and Bob are connected by a pair of independent discrete memoryless broadcast channels in opposite directions. We refer to this setup as 2DMBC. We define the secret-key capacity in the 2DMBC setup and prove lower and upper bounds on this capacity. The lower bound is achieved by a two-round SKE protocol that uses a two-level coding construction. We show that the lower and the upper bounds coincide in the case of degraded DMBCs.

The Leftover Hash Lemma states that the output of a two-universal hash function applied to an input with sufficiently high entropy is almost uniformly random. In its standard formulation, the lemma refers to a notion of randomness that is (usually implicitly) defined with respect to classical side information. Here, we prove a (strictly) more general version of the Leftover Hash Lemma that is valid even if side information is represented by the state of a quantum system. Furthermore, our result applies to arbitrary δ-almost two-universal families of hash functions. The generalized Leftover Hash Lemma has applications in cryptography, e.g., for key agreement in the presence of an adversary who is not restricted to classical information processing.

Cryptography is the science of information and communication security. Up to now, for efficiency reasons cryptographic algorithm has been written in an imperative language. But to get acquaintance with a functional programming language a question arises: functional programming offers some new for secure communication or not? This article investigates this question giving an overview on some cryptography algorithms and presents how the RSA encryption in the functional language Clean can be implemented and how can be measured the efficiency of a certain application.

In this paper we consider the security of two recently proposed anonymous conference key distribution schemes. We show that neither scheme is as practical as the authors claim and that, in certain circumstances, both schemes also suffer from security vulnerabilities. We also show that the attack described in one paper is invalid.

A well known result by Kilian (ACM 1988) asserts that general secure two computation (2PC) with statistical security, can be based on OT. Specifically, in the client-server model, where only one party-the client-receives an output, Kilian's result shows that given the ability to call an ideal oracle that computes OT, two parties can securely compute an arbitrary function of their inputs with unconditional security. Ishai et al. (EUROCRYPT 2011) further showed that this can be done efficiently for every two-party functionality in NC 1 in a single round. However, their results only achieve statistical security, namely, it is allowed to have some error in security. This leaves open the natural question as to which client-server functionalities can be computed with perfect security in the OT-hybrid model, and what is the round complexity of such computation. So far, only a handful of functionalities were known to have such protocols. In addition to the obvious theoretical appeal of the question towards better understanding secure computation, perfect, as opposed to statistical reductions, may be useful for designing secure multiparty protocols with high concrete efficiency, achieved by eliminating the dependence on a security parameter. In this work, we identify a large class of client-server functionalities f : X ×Y → {0, 1}, where the server's domain X is larger than the client's domain Y, that have a perfect reduction to OT. Furthermore, our reduction is 1-round using an oracle to secure evaluation of many parallel invocations of 1-out-of-2 bit OT, as done by Ishai et al. (EUROCRYPT 2011). Interestingly, the set of functions that we are able to compute was previously identified by Asharov (TCC 2014) in the context of fairness in two-party computation, naming these functions full-dimensional. Our result also extends to randomized non-Boolean functions f : X × Y → {0,. .. , k − 1} satisfying |X | > (k − 1) • |Y|.

In this work we introduce a new method of cryptography based on the matrices over a finite field Fq, were q is a power of a prime number p. The first time we construct the matrix M = A 1 A 2 0 A 3 were A 1 , A 2 and A 3 are matrices of order n with coefficients in Fq and 0 is the zero matrix of order n. We prove that M l = A l 1

Let F q be the finite field of q elements, where q is a prime power. In this paper, we study the Montgomery curves over the ring F q [X] X 2 −X , denoted by M A,B (F q [X] X 2 −X); (A, B) ∈ (F q [X] X 2 −X) 2. Using the Montgomery equation, we define the Montgomery curves M A,B (F q [X] X 2 −X) and we give a bijection between this curve and product of two Montgomery curves defined on F q. Furthermore, we study the addition law of Montgomery curves over the ring F q [X] X 2 −X. We close this paper by introducing a public key cryptosystem which is a variant of the ElGamal cryptosystem on a Montgomery curves over the same ring.

Mutual distance bounding (DB) protocols enable two distrusting parties to establish an upper-bound on the distance between them. DB has been so far mainly considered in classical settings and for classical applications, especially in wireless settings, e.g., to prevent relay attacks in wireless authentication and access control systems, and for secure localization. While recent research has started exploring DB in quantum settings, all current quantum DB (QDB) protocols employ quantum-bits (qubits) in the rapid-bit exchange phase, and only perform one-way DB. Specifically, the latest QDB proposals improve initial ones by adding resistance to photon number splitting attacks, and improving round complexity by avoiding communication from the prover to verifier in the last authentication phase. This paper presents two new QDB protocols that differ from previously proposed protocols in several aspects: (1) to the best of our knowledge, our protocols are the first to utilize entangled qubits in the rapid-bit exchange phase, previous protocols relied on sending individual qubits, not those from a pair of entangled ones; (2) our second protocol can perform mutual QDB between two parties in one execution, previous QDB protocols had to be executed twice with the prover and verifier roles reversed in each execution; (3) the use of entangled qubits in our protocols thwarts attacks that previous QDB protocols were prone to; (4) and finally, our protocols also eliminate the need for communication from the prover to the verifier in the last authentication phase, which was necessary in some previous QDB protocols. Our work paves the way for several interesting research directions which we briefly discuss in detail in the appendix.

The Leftover Hash Lemma states that the output of a two-universal hash function applied to an input with sufficiently high entropy is almost uniformly random. In its standard formulation, the lemma refers to a notion of randomness that is (usually implicitly) defined with respect to classical side information. Here, we prove a (strictly) more general version of the Leftover Hash Lemma that is valid even if side information is represented by the state of a quantum system. Furthermore, our result applies to arbitrary δ-almost two-universal families of hash functions. The generalized Leftover Hash Lemma has applications in cryptography, e.g., for key agreement in the presence of an adversary who is not restricted to classical information processing.

We formalize aspects of the Kerberos 5 authentication protocol in the Multi-Set Rewriting formalism (MSR) on two levels of detail. The more detailed formalization reflects the intricate structure of the Kerberos 5 specification, taking into account several protocol features which have not been previously considered. In the abstract formalization, we prove an authentication property about Kerberos 5. We discovered three anomalies, one of which occurs on both levels of detail, while the other two rely on the richer structure of the detailed formalization. We also discuss how the addition of checksums (some of which are in the protocol specification and some of which are not) may eliminate the anomalies that we found.

Authentication mechanisms coupled with strong encryption techniques are used for network security purposes; however, given sufficient time, well-equipped intruders are successful for compromising system security. The authentication protocols often fail when they are analysed critically. Formal approaches have emerged to analyse protocol failures. In this study, Communicating Sequential Processes (CSP) which is an abstract language designed especially for the description of communication patterns is employed. Rank functions are also used for verification and analysis which are helpful to establish that some critical information is not available to the intruder. In order to establish this, by assigning a value or rank to each critical information, it is shown that all the critical information that can be generated within the network have a particular characterizing property. This paper presents an application of rank functions approach to an authentication protocol that combines delaying the decryption process with timed authentication while keys are dynamically renewed under pseudo-secure situations. The analysis and verification of authentication properties and results are presented and discussed.

At the moment, digital documents are just as important as paper documents. As a result, authenticity is essential, especially in legal situations and digital forensics. As technology advances, these digital signature algorithms become weaker, necessitating the development of digital authentication schemes capable of withstanding current security threats. This study proposed a scheme based on an asymmetric key cryptosystem and the user’s biometric credentials to generate keys for digital signatures. A single document can be signed by multiple signatories at the same time under this scheme. The primary goal of this article is to create a safe and cost-effective multiignature scheme. To create keys for document signing and verification, the Edwards-curve Digital Signature Algorithm (EdDSA), especially Ed25519, is employed. The Edwards-curve Digital Signature Algorithm is used with blockchain technology to sign crypto wallets. The Python implementation of a scheme that enables platform ...

... Another approach, still in the signalling plane, is MIKEY [5] which can be integrated into the VoIP SIP call establish-ment6 and supports three authentication modes: pre-shared key (PSK), public key (PKI) or Diffie-Hellman (DH) ex-change. ...

Let E be an elliptic curve defined over Q given by an affine Weierstrass equation of the form (1) E : y 2 = x 3 + ax + b (a, b ∈ Z, x, y ∈ Q). Reducing the elliptic curve (1) modulo a sufficiently large prime p, we obtain an elliptic curve E p over F p. Considering an infinite sequence of elliptic curves E p , we map the point (x, y) of them into the unit square [0, 1) 2 via the mapping (x, y) → x p , y p. We prove that the obtained cumulative point set contains a point sequence aligning a line when E/Q has an integral point, and point sequences aligning lines of well defined number when E/Q has a rational point. In both cases, these lines contain infinitely many points being strictly monotone increasing or decreasing according to the L ∞ norm, and these monotone point sequences converge to well defined points.

Let E be an elliptic curve defined over Q given by an affine Weierstrass equation of the form (1) E : y 2 = x 3 + ax + b (a, b ∈ Z, x, y ∈ Q). Reducing the elliptic curve (1) modulo a sufficiently large prime p, we obtain an elliptic curve E p over F p. Considering an infinite sequence of elliptic curves E p , we map the point (x, y) of them into the unit square [0, 1) 2 via the mapping (x, y) → x p , y p. We prove that the obtained cumulative point set contains a point sequence aligning a line when E/Q has an integral point, and point sequences aligning lines of well defined number when E/Q has a rational point. In both cases, these lines contain infinitely many points being strictly monotone increasing or decreasing according to the L ∞ norm, and these monotone point sequences converge to well defined points.

As successful families in business grow in family size and number of shareholders, they commonly develop a particular kind of family organization, often referred to as the family council. This family organization usually becomes the family's central governing body. Although family councils are very common among highly complex multigenerational familyowned businesses, implementing them appears to be a challenging task, as each family has its own idea and this idea is likely to evolve over time. With the aim of helping families in business reflect upon or review their family governance system, the present study aims at learning from the experience of 16 Spanish family-owned businesses by analyzing different areas of interest such as the different types of family councils, their key features, the reasons for starting a family council, the objectives of creating a family council, the stages of a family council and the characteristics of other governance structures connected to the family council. Investigating these issues can help multigenerational family-owned businesses to succeed as well-structured organizations that keep the family connected and committed towards a common mission, vision and values. Limitations and future research are also discussed.

This paper introduces SPOT, a Secure and Privacy-preserving prOximity based protocol for e-healthcare systems. It relies on a distributed proxy-based approach to preserve users' privacy and a semi-trusted computing server to ensure data consistency and integrity. The proposed protocol ensures a balance between security, privacy and scalability. As far as we know, in terms of security, SPOT is the first one to prevent malicious users from colluding and generating false positives. In terms of privacy, SPOT supports both anonymity of users being in proximity of infected people and unlinkability of contact information issued by the same user. A concrete construction based on structure-preserving signatures and NIWI proofs is proposed and a detailed security and privacy analysis proves that SPOT is secure under standard assumptions. In terms of scalability, SPOT's procedures and algorithms are implemented to show its efficiency and practical usability with acceptable computation and communication overhead.

Internet of Things (IoT) offers new opportunities for business, technology and science but it also raises new challenges in terms of security and privacy, mainly because of the inherent characteristics of this environment: IoT devices come from a variety of manufacturers and operators and these devices suffer from constrained resources in terms of computation, communication and storage. In this paper, we address the problem of trust establishment for IoT and propose a security solution that consists of a secure bootstrap mechanism for device identification as well as a message attestation mechanism for aggregate response validation. To achieve both security requirements, we approach the problem in a confined environment, named SubNets of Things (SNoT), where various devices depend on it. In this context, devices are uniquely and securely identified thanks to their environment and their role within it. Additionally, the underlying message authentication technique features signature aggregation and hence, generates one compact response on behalf of all devices in the subnet.

In MANET environment, the nodes are mobile i.e., nodes move in and out dynamically. This causes difficulty in maintaining a central trusted authority say Certification Authority CA or Key Generation Centre KCG. In addition most of cryptographic techniques need a key to be shared between the two communicating entities. So to introduce security in MANET environment, there is a basic need of sharing a key between the two communicating entities without the use of central trusted authority. So we present a decentralized two-party key agreement protocol using pairings and threshold cryptography ideas. Our model is based on Joux's three-party key agreement protocol which does not authenticate the users and hence is vulnerable to man-in-the-middle attack. This model protects from man-in-the-middle attack using threshold cryptography.

In this paper we present a new privacy scheme against passive adversaries based on the message modulation instead of classical cryptographic models for low cost wireless devices, such as an RFID tag. The idea is to become the adversary in disadvantage related to the reader-tag communication channel, for example, by reducing her signal-to-noise ratio.

We present a cryptographically sound formal method for proving correctness of key exchange protocols. Our main tool is a fragment of a symbolic protocol logic. We demonstrate that proofs of key agreement and key secrecy in this logic imply simulatability in Shoup's secure multi-party framework for key exchange. As part of the logic, we present cryptographically sound abstractions of CMA-secure digital signatures and a restricted form of Diffie-Hellman exponentiation, which is a technical result of independent interest. We illustrate our method by constructing a proof of security for a simple authenticated Diffie-Hellman protocol.