Data encryption (Computer science)

In our society, large volumes of documents are exchanged on a daily basis. Since documents can easily be scanned, modified and reproduced without any loss in quality, unauthorized use and modification of documents is of major concern. An authentication watermark embedded into a document as an invisible, fragile mark can be used to detect illegal document modification. However, the authentication watermark can only be used to determine whether documents have been tampered with, and additional protection may be needed to prevent unauthorized use and distribution of those documents. A solution to this problem is a two-level, multipurpose watermark. The first level watermark is an authentication mark used to detect document tampering, while the second level watermark is a robust mark, which identifies the legitimate owner and/or user of specific document. This dissertation introduces a new adaptive two-level multipurpose watermarking scheme suitable for binary document images, such as scanned text, figures, engineering and road maps, architectural drawings, music scores, and handwritten text and sketches. This watermarking scheme uses uniform quantization and overlapped embedding to add two watermarks, one robust and the other fragile, into a binary document image. The two embedded watermarks serve different purposes. The robust watermark carries document owner or document user identification, and the fragile watermark confirms document authenticity and helps detect document tampering. Both watermarks can be extracted without accessing the original document image. The proposed watermarking scheme adaptively selects an image partitioning block size to optimize the embedding capacity, the image permutation key to minimize watermark detection error, and the size of local neighborhood in which modification candidate pixels are scored to minimize visible distortion of watermarked documents. Modification candidate pixels are scored using a novel, objective metric called the Structural Neighborhood Distortion Measure (SNDM). Experimental results confirm that this watermarking scheme, which embeds watermarks by modifying image pixels based on their SNDM scores, creates smaller visible document distortion than watermarking schemes which base watermark embedding on any other published pixel scoring method. Document tampering is detected successfully and the robust watermark can be detected even after document tampering renders the fragile watermark undetectable.

This dissertation contains results of the candidate's research on the generalized discrete logarithm problem (GDLP) and its applications to cryptology, in non-abelian groups. The projective special linear groups PSL(2; p), where p is a prime, represented by matrices over the eld of order p, are investigated as potential candidates for implementation of the GDLP. Our results show that the GDLP with respect to specic pairs of PSL(2; p) generators is weak. In such cases the groups PSL(2; p) are not good candidates for cryptographic applications which rely on the hardness of the GDLP. Results are presented on generalizing existing cryptographic primitives and protocols based on the hardness of the GDLP in non-abelian groups. A special instance of a cryptographic primitive dened over the groups SL(2; 2n), the Tillich-Zemor hash function, has been cryptanalyzed. In particular, an algorithm for constructing collisions of short length for any input parameter is presented. A series of mathematical results are developed to support the algorithm and to prove existence of short collisions.

Consider a scenario where a server S shares a symmetric key kU with each user U. Building on a 2-party solution of Bohli et al., we describe an authenticated 3-party key establishment which remains secure if a computational Bilinear Diffie Hellman problem is hard or the server is uncorrupted. If the BDH assumption holds during a protocol execution, but is invalidated later, entity authentication and integrity of the protocol are still guaranteed. Key establishment protocols based on hardness assumptions, such as discrete logarithm problem (DLP) and integer factorization problem (IFP) are vulnerable to quantum computer attacks, whereas the protocols based on other hardness assumptions, such as conjugacy search problem and decomposition search problem can resist such attacks. The existing protocols based on the hardness assumptions which can resist quantum computer attacks are only passively secure. Compilers are used to convert a passively secure protocol to an actively secure protoc ol. Compilers involve some tools such as, signature scheme and a collision-resistant hash function. If there are only passively secure protocols but not a signature scheme based on same assumption then the application of existing compilers requires the use of such tools based on different assumptions. But the introduction of new tools, based on different assumptions, makes the new actively secure protocol rely on more than one hardness assumptions. We offer an approach to derive an actively secure two-party protocol from a passively secure two-party protocol without introducing further hardness assumptions. This serves as a useful formal tool to transform any basic algebric method of public key cryptography to the real world applicaticable cryptographic scheme. In a recent preprint, Vivek et al. propose a compiler to transform a passively secure 3-party key establishment to a passively secure group key establishment. To achieve active security, they apply this compiler to Joux's

In the design of two-party key exchange it is common to rely on a Die-Hellman type hardness assumption in connection with elliptic curves. Unlike the case of nite elds, breaking multiple instances of the underlying hardness assumption is here considered substantially more expensive than breaking a single instance. Prominent protocols such as SPEKE [12] or J-PAKE [8, 9, 10] do not exploit this, and here we propose a password-authenticated key establishment where the security builds on the intractability of solving a specied number of instances v of the underlying computational problem. Such a design strategy seems particularly interesting when aiming at long-term security guarantees for a protocol, where expensive special purpose equipment might become available to an adversary. In this thesis, we give one protocol for the special case when v = 1 in the random oracle model, then we provide the generalized protocol in the random oracle model and a variant of the generalized protocol in the standard model for v being a polynomial of the security parameter `.

Implementing Shamir's secret sharing scheme using floating point arithmetic would provide a faster and more efficient secret sharing scheme due to the speed in which GPUs perform floating point arithmetic. However, with the loss of a finite field, properties of a perfect secret sharing scheme are not immediately attainable. The goal is to analyze the plausibility of Shamir's secret sharing scheme using floating point arithmetic achieving the properties of a perfect secret sharing scheme and propose improvements to attain these properties. Experiments indicate that property 2 of a perfect secret sharing scheme, "Any k-1 or fewer participants obtain no information regarding the shared secret", is compromised when Shamir's secret sharing scheme is implemented with floating point arithmetic. These experimental results also provide information regarding possible solutions and adjustments. One of which being, selecting randomly generated points from a smaller interval in one of the proposed schemes of this thesis. Further experimental results indicate improvement using the scheme outlined. Possible attacks are run to test the desirable properties of the different schemes and reinforce the improvements observed in prior experiments.

The aim of this work is to investigate an algebraic attack on block ciphers called Multiple Right Hand Sides (MRHS). MRHS models a block cipher as a system of n matrix equations Si := Aix = [Li], where each Li can be expressed as a set of its columns bi1, . . . , bisi . The set of solutions Ti of Si is dened as the union of the solutions of Aix = bij , and the set of solutions of the system S1, . . . , Sn is dened as the intersection of T1, . . . , Tn. Our main contribution is a hardware platform which implements a particular algorithm that solves MRHS systems (and hence block ciphers). The case is made that the platform performs several thousand orders of magnitude faster than software, it costs less than US$1,000,000, and that actual times of block cipher breakage can be calculated once it is known how the corresponding software behaves. Options in MRHS are also explored with a view to increase its efficiency.

We present an Identity-Based Encryption scheme, 1-Key-Encrypt-Then-MAC, in which we are able to verify the authenticity of messages using a MAC. We accomplish this authentication by combining an Identity-Based Encryption scheme given by Boneh and Franklin, with an Identity-Based Non-Interactive Key Distribution given by Paterson and Srinivasan, and attaching a MAC. We prove the scheme is chosen plaintext secure and chosen ciphertext secure, and the MAC is existentially unforgeable.

Video signature techniques based on tomography images address the problem of video identification. This method relies on temporal segmentation and sampling strategies to build and determine the unique elements that will form the signature. In this thesis an extension for these methods is presented; first a new feature extraction method, derived from the previously proposed sampling pattern, is implemented and tested, resulting in a highly distinctive set of signature elements, second a robust temporal video segmentation system is used to replace the original method applied to determine shot changes more accurately. Under a very exhaustive set of tests the system was able to achieve 99.58% of recall, 100% of precision and 99.35% of prediction precision.

The aim of this work is to investigate a security model in which we allow an adversary to have access to functions of the secret key. In recent years, significant progress has been made in understanding the security of encryption schemes in the presence of key-dependent plaintexts or messages (known as KDM). Here, we motivate and explore the security of a setting, where an adversary against a message authentication code (MAC) or signature scheme can access signatures on key-dependent messages. We propose a way to formalize the security of message authentication schemes in the presence of key-dependent MACs (KD-EUF) and of signature schemes in the presence of key-dependent signatures (KDS). An attack on a message recognition protocol involving a MAC is presented. It turns out that the situation is quite different from key-dependent encryption: To achieve KD-EUF-security or KDS-security under non-adaptive chosen message attacks, the use of a stateful signing algorithm is inevitable even in the random oracle model. After discussing the connection between key-dependent signing and forward security, we describe a compiler which lifts any EUF-CMA secure one-time signature scheme to a forward secure signature scheme offering KDS-CMA security. Then, we discuss how aggregate signatures can be used to combine the signatures in the certificate chain used in the compiler. A natural question arises about how to combine the security definitions of KDM and KDS to come up with a signcryption scheme that is secure. We also offer a connection with Leakage-Resilient Signatures, which take into account side-channel attacks. Lastly, we present some open problems for future research.

Data security has been identified as one of the most important concerns where sensitive messages are exchanged over the network. In web service architecture, multiple distributed applications communicate with each other over the network by sending XML messages. How can we protect these sensitive messages? Some web services standards have emerged to tackle this problem. The XML Encryption standard defines the process of encrypting and decrypting all of an XML message, part of an XML message, or even an external resource. Like XML Encryption, the XML Signature standard specifies how to digitally sign an entire XML message, part of an XML message, or an external object. WS-Security defines how to embed security tokens, XML encryption, and XML signature into XML documents. It does not define new security mechanisms, but leverages existing security technologies such as encryption and digital signature.