The isomorphism of polynomials with two secret (IP2S) problem is one candidate of computational assumptions for post-quantum cryptography. The idea of identification scheme based on IP2S is firstly ...introduced in 1996 by Patarin. However, the scheme was not described concretely enough and no more details are provided on how to transcribe the idea into a real-world implementation. Moreover, the security of the scheme has not been formally proven and the originally proposed security parameters are no longer secure based on the most recent research. In this paper, we propose a concrete identification scheme based on IP2S with the idea of Patarin as the starting point. We provide formal security proof of the proposed scheme against impersonation under passive attack, sequential active attack, and concurrent active attack. We also propose techniques to reduce the implementation cost such that we are able to cut the storage cost and average communication cost to an extent that under parameters for the standard 80-bit security, the scheme is implementable even on the lightweight devices in the current market.
In this paper, we propose a new theoretical security model for Shannon cipher systems under side-channel attacks, where the adversary is not only allowed to collect ciphertexts by eavesdropping the ...public communication channel but is also allowed to collect the physical information leaked by the devices where the cipher system is implemented on, such as running time, power consumption, electromagnetic radiation, etc. Our model is very robust as it does not depend on the kind of physical information leaked by the devices. We also prove that in the case of one-time pad encryption, we can strengthen the secrecy/security of the cipher system by using an appropriate affine encoder. More precisely, we prove that for any distribution of the secret keys and any measurement device used for collecting the physical information, we can derive an achievable rate region for reliability and security such that if we compress the ciphertext using an affine encoder with a rate within the achievable rate region, then: (1) anyone with a secret key will be able to decrypt and decode the ciphertext correctly, but (2) any adversary who obtains the ciphertext and also the side physical information will not be able to obtain any information about the hidden source as long as the leaked physical information is encoded with a rate within the rate region. We derive our result by adapting the framework of the one helper source coding problem posed and investigated by Ahlswede and Körner (1975) and Wyner (1975). For reliability and security, we obtain our result by combining the result of Csizár (1982) on universal coding for a single source using linear codes and the exponential strong converse theorem of Oohama (2015) for the one helper source coding problem.
The existing discrete-logarithm-based two-round multi-signature schemes without using the idealized model, i.e., the Algebraic Group Model (AGM), have quite large reduction loss. This means that an ...implementation of these schemes requires an elliptic curve (EC) with a very large order for the standard 128-bit security when we consider concrete security. Indeed, the existing standardized ECs have orders too small to ensure 128-bit security of such schemes. Recently, Pan and Wagner proposed two two-round schemes based on the Decisional Diffie-Hellman (DDH) assumption (EUROCRYPT 2023). For 128-bit security in concrete security, the first scheme can use the NIST-standardized EC P-256 and the second can use P-384. However, with these parameter choices, they do not improve the signature size and the communication complexity over the existing non-tight schemes. Therefore, there is no two-round scheme that (i) can use a standardized EC for 128-bit security and (ii) has high efficiency. In this paper, we construct a two-round multi-signature scheme achieving both of them from the DDH assumption. We prove that an EC with at least a 321-bit order is sufficient for our scheme to ensure 128-bit security. Thus, we can use the NIST-standardized EC P-384 for 128-bit security. Moreover, the signature size and the communication complexity per one signer of our proposed scheme under P-384 are 1152 bits and 1535 bits, respectively. These are most efficient among the existing two-round schemes without using the AGM including Pan-Wagner's schemes and non-tight schemes which do not use the AGM. Our experiment on an ordinary machine shows that for signing and verification, each can be completed in about 65 ms under 100 signers. This shows that our scheme has sufficiently reasonable running time in practice.
In this paper, we propose a theoretical framework to analyze the secure communication problem for broadcasting two encrypted sources in the presence of an adversary which launches side-channel ...attacks. The adversary is not only allowed to eavesdrop the ciphertexts in the public communication channel, but is also allowed to gather additional information on the secret keys via the side-channels, physical phenomenon leaked by the encryption devices during the encryption process, such as the fluctuations of power consumption, heat, or electromagnetic radiation generated by the encryption devices. Based on our framework, we propose a countermeasure against such adversary by using the post-encryption-compression (PEC) paradigm, in the case of one-time-pad encryption. We implement the PEC paradigm using affine encoders constructed from linear encoders and derive the explicit the sufficient conditions to attain the exponential decay of the information leakage as the block lengths of encrypted sources become large. One interesting feature of the proposed countermeasure is that its performance is independent from the type of side information leaked by the encryption devices.
Recently, in order to guarantee security against quantum adversaries, several identification (ID) schemes based on computational problems which are supposed to be hard even for quantum computers have ...been proposed. However, their security are only proven against non-quantum adversaries. In this paper, we proposed a novel four-pass code-based identification scheme. By using quantum random oracle model, we provide a security proof for our scheme against quantum adversaries which aim to impersonate the prover under concurrent active attacks, based on the hardness assumption of syndrome decoding (SD) problem. Our security proof is interesting in its own right, since it only requires a non-programmable quantum random oracle, in contrast to existing security proofs of digital signatures generated from ID scheme via Fiat-Shamir transform which require programmable quantum random oracles.
Most aggregate signature schemes are relying on pairings, but high computational and storage costs of pairings limit the feasibility of those schemes in practice. Zhao proposed the first pairing-free ...aggregate signature scheme (AsiaCCS 2019). However, the security of Zhao's scheme is based on the hardness of a newly introduced non-standard computational problem. The recent impossibility results of Drijvers et al. (IEEE S&P 2019) on two-round pairing-free multi-signature schemes whose security based on the standard discrete logarithm (DL) problem have strengthened the view that constructing a pairing-free aggregate signature scheme which is proven secure based on standard problems such as DL problem is indeed a challenging open problem. In this paper, we offer a novel solution to this open problem. We introduce a new paradigm of aggregate signatures, i.e., aggregate signatures with an additional pre-communication stage. In the pre-communication stage, each signer interacts with the aggregator to agree on a specific random value before deciding messages to be signed. We also discover that the impossibility results of Drijvers et al. take effect if the adversary can decide the whole randomness part of any individual signature. Based on the new paradigm and our discovery of the applicability of the impossibility result, we propose a pairing-free aggregate signature scheme such that any individual signature includes a random nonce which can be freely generated by the signer. We prove the security of our scheme based on the hardness of the standard DL problem. As a trade-off, in contrast to the plain public-key model, which Zhao's scheme uses, we employ a more restricted key setup model, i.e., the knowledge of secret-key model.
Financial inclusion has emerged as a policy concern in many countries, leading to various initiatives to promote financial inclusion for marginalised populations, including persons with disabilities ...(PwD). This research examines the usage of financial services by PwD in developed and developing countries through a systematic literature review (SLR) and relevant descriptive statistics. The findings shed light on significant barriers hindering PwD to financial services, such as information asymmetry, complex banking procedures, insufficient sensitivity towards disabilities that result in less accommodating financial services, and limited innovation in banking services. The findings suggest that improving financial literacy and adopting inclusive digital financial services are keys to improving financial inclusion for PwD.
Financial inclusion has emerged as a policy concern in many countries, leading to various initiatives to promote financial inclusion for marginalised populations, including persons with disabilities ...(PwD). This research examines the usage of financial services by PwD in developed and developing countries through a systematic literature review (SLR) and relevant descriptive statistics. The findings shed light on significant barriers hindering PwD to financial services, such as information asymmetry, complex banking procedures, insufficient sensitivity towards disabilities that result in less accommodating financial services, and limited innovation in banking services. The findings suggest that improving financial literacy and adopting inclusive digital financial services are keys to improving financial inclusion for PwD.
Universally Composable (UC) framework provides the strongest security notion for designing fully trusted cryptographic protocols, and it is very challenging on applying UC security in the design of ...RFID mutual authentication protocols. In this paper, we formulate the necessary conditions for achieving UC secure RFID mutual authentication protocols which can be fully trusted in arbitrary environment, and indicate the inadequacy of some existing schemes under the UC framework. We define the ideal functionality for RFID mutual authentication and propose the first UC secure RFID mutual authentication protocol based on public key encryption and certain trusted third parties which can be modeled as functionalities. We prove the security of our protocol under the strongest adversary model assuming both the tags' and readers' corruptions. We also present two (public) key update protocols for the cases of multiple readers: one uses Message Authentication Code (MAC) and the other uses trusted certificates in Public Key Infrastructure (PKI). Furthermore, we address the relations between our UC framework and the zero-knowledge privacy model proposed by Deng et al. 1.
Stroke is the leading cause of morbidity and mortality worldwide, who rank in 3rd after heart disease and cancer. Data based on the results of Riskesdas 2018 the prevalence of stroke is 10.9% and ...15.4% of stroke case caused Indonesia. The province with the 3rd highest incidence is South Kalimantan at 12.7% per mil. Hypertriglyceridemia and hypercholesterolemia are risk factors for ischemic stroke. Low triglyceride and total cholesterol levels contribute to intracerebral haemorrhage. This study to analyse the relationship of laboratory results triglycerides and total cholesterol to mortality in stroke patients. Method: Study are used literature review, searching online journals and sources from databases. Using keywords, namely stroke mortality, total cholesterol, and triglycerides. Results of the literature review, it was found that there were 18 journals were analysed that triglycerides and total cholesterol predictors of prognosis and mortality in stroke patients. Range of values affect is high triglyceride levels > 200 mg/dL and high total cholesterol levels >160-240 mg/dL affect the formation of atherosclerosis effect on blood vessel blockage occurs in ischemic stroke patients. Low triglyceride levels <150 mg/dL and low cholesterol <120-180 mg/dL causes malnutrition which can worse in stroke patients. Low levels of triglycerides and cholesterol effect on the integrity of cell membranes and resistance to rupture, resulting in prolonged bleeding. From this analysis it can be concluded that high or low levels of triglycerides and total cholesterol had effect on prognosis and mortality in stroke patients based on the pathophysiology that occurs.