Iranian Society of CryptologyThe ISC International Journal of Information Security2008-204511120190130A Trust Based Probabilistic Method for Efficient Correctness Verification in Database Outsourcing3148060110.22042/isecure.2018.141655.426ENSimin GhasemiDepartment of Computer Engineering, Payame Noor University (PNU), IranMohammad Ali HadaviMalek Ashtar University of Technology, Tehran, IranMina NiknafsDepartment of Computer Engineering, Vali-e-Asr University of Rafsanjan, Rafsanjan, IranJournal Article20180726Correctness verification of query results is a significant challenge in database outsourcing. Most of the proposed approaches impose high overhead, which makes them impractical in real scenarios. Probabilistic approaches are proposed in order to reduce the computation overhead pertaining to the verification process. In this paper, we use the notion of trust as the basis of our probabilistic approach to efficiently verify the correctness of query results. The trust is computed based on observing the history of interactions between clients and the service provider. Our approach exploits Merkle Hash Tree as an authentication data structure. The amount of trust value towards the service provider leads to investigating just an appropriate portion of the tree. Implementation results of our approach show that considering the trust, derived from the history of interactions, provides a trade-off between performance and security, and reduces the imposed overhead for both clients and the service provider in database outsourcing scenario.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-204511120190130SESOS: A Verifiable Searchable Outsourcing Scheme for Ordered Structured Data in Cloud Computing15348269210.22042/isecure.2019.148637.430ENJavad Ghareh ChamaniSharif University of Technology, Tehran, Iran & Hong Kong University of Science and Technology, Hong KongMohammad Sadeq DoustiSharif University of Technology, Tehran, IranRasool JaliliAssociate Professor,
Department of Computer Engineering,
Sharif University of Technology, Tehran, IRAN.Dimitrios PapadopoulosHong Kong University of Science and Technology, Hong KongJournal Article20180913While cloud computing is growing at a remarkable speed, privacy issues are far from being solved. One way to diminish privacy concerns is to store data on the cloud in encrypted form. However, encryption often hinders useful computation cloud services. A theoretical approach is to employ the so-called fully homomorphic encryption, yet the overhead is so high that it is not considered a viable solution for practical purposes. The next best thing is to craft special-purpose cryptosystems which support the set of operations required to be addressed by cloud services. In this paper, we put forward one such cryptosystem, which supports efficient search over structured data types, such as timestamps or network addresses, which are comprised of several segments with well-known values. The new cryptosystem, called SESOS, provides the ability to execute LIKE queries, along with the search for exact matches, as well as comparison.<br /> In addition, the extended version, called XSESOS, allows for verifying the integrity of ciphertexts.<br /> At its heart, SESOS combines any order-preserving encryption (OPE) scheme with a novel encryption scheme called Multi-map Perfectly Secure Cryptosystem(MuPS). We prove that MuPS is perfectly secure, and hence SESOS enjoys the same security properties of the underlying OPE scheme.<br /> The overhead of executing equality and comparison operations is negligible. The performance of LIKE queries is significantly improved by up to 1370X and the performance of result decryption improved by 520X compared to existing solutions on a database with merely 100K records (the improvement is even more significant in larger databases).Iranian Society of CryptologyThe ISC International Journal of Information Security2008-204511120190130Lightweight 4x4 MDS Matrices for Hardware-Oriented Cryptographic Primitives35467944710.22042/isecure.2018.138301.421ENAkbar Mahmoodi RishakaniShahid Rajaee Teacher Training UniversityMohammad Reza Mirzaee ShamsabadShahid Beheshti UniversityS. M. DehnaviDepartment of Mathematical and Computer Sciences, Kharazmi UniversityMohammad Amin AmiriMalek Ashtar University of TechnologyHamidreza MaimaniShahid Beheshti UniversityNasour BagheriSRTTU0000-0002-6818-5342Journal Article20180702Linear diffusion layer is an important part of lightweight block ciphers and hash functions. This paper presents an efficient class of lightweight 4x4 MDS matrices such that the implementation cost of them and their corresponding inverses are equal. The main target of the paper is hardware oriented cryptographic primitives and the implementation cost is measured in terms of the required number of XORs. Firstly, we mathematically characterize the MDS property of a class of matrices (derived from the product of binary matrices and companion matrices of $\sigma$-LFSRs aka recursive diffusion layers) whose implementation cost is $10m+4$ XORs for 4 <= m <= 8, where $m$ is the bit length of inputs. Then, based on the mathematical investigation, we further extend the search space and propose new families of 4x 4 MDS matrices with 8m+4 and 8m+3 XOR implementation cost. The lightest MDS matrices by our new approach have the same implementation cost as the lightest existent matrix.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-204511120190130Secure FPGA Design by Filling Unused Spaces47568251010.22042/isecure.2019.143657.427ENMansoureh Labbafniyacomputer department of Isfahan universityRoghaye SaeidiIran- TehranJournal Article20180808Nowadays there are different kinds of attacks on Field Programmable Gate Array (FPGA). As FPGAs are used in many different applications, its security becomes an important concern, especially in Internet of Things (IoT) applications. Hardware Trojan Horse (HTH) insertion is one of the major security threats that can be implemented in unused space of the FPGA. This unused space is unavoidable to meet the place and route requirements. In this paper, we introduce an efficient method to fill this space and thus to leave no free space for inserting HTHs. Using a shift register in combination with gate-chain is the best way of filling unused space, which incurs a no increase in power consumption of the main design. Experimental results of implementing a set of IWLS benchmarks on Xilinx Virtex devices show that the proposed prevention and detection scheme imposes a no power overhead with no degradation to performance and critical path delay of the main designIranian Society of CryptologyThe ISC International Journal of Information Security2008-204511120190130Biclique Cryptanalysis of Block Ciphers LBlock and TWINE-80 with Practical Data Complexity57747998910.22042/isecure.2018.138036.420ENSiavash AhmadiDepartment of Electrical Engineering
Sharif University of Technology0000-0002-8801-337XZahra AhmadianShahid Beheshti UniversityJavad MohajeriSharif University of Technology,Mohammad Reza ArefDepartment of Electrical Engineering
Sharif University of TechnologyJournal Article20180630In the biclique attack, a shorter biclique usually results in less data complexity, but at the expense of more computational complexity. The early abort technique can be used in partial matching part of the biclique attack in order to slightly reduce the computations. In this paper, we make use of this technique, but instead of slight improvement in the computational complexity, we keep the amount of this complexity the same and reduce the data complexity enormously by a shorter biclique.<br /> With this approach, we analysed full-round of LBlock, and also LBlock with modified key schedule (which was designed to resist biclique attack) both with data complexity 2^12, while the data complexity of the best biclique attack on the former was 2^52 and for the latter there is no attack on the full-round cipher, so far. Then we proposed a new key schedule that is more resistant against biclique cryptanalysis, though the low diffusion of the cipher makes it vulnerable to this attack regardless of the strength of the key schedule. Also using this method, we analyzed TWINE-80 with 2^12 data complexity. The lowest data complexity for the prior attack on the TWINE-80 was 2^60. In all the attacks presented in this paper, the computational complexities are slightly improved in comparison to the existing attacks.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-204511120190130A New Ring-Based SPHF and PAKE Protocol On Ideal Lattices75868050810.22042/isecure.2018.109810.398ENReza Ebrahimi AtaniUniversity of Guilan, Rasht, Iran0000-0001-9180-8707Shahabaddin Ebrahimi AtaniDepartment of Mathematics, University of Guilan, Rasht, IranAmir Hassani KarbasiDep. Math. University Campus 2, University of GuilanJournal Article20171209\emph{ Smooth Projective Hash Functions } ( SPHFs ) as a specific pattern of zero knowledge proof system are fundamental tools to build many efficient cryptographic schemes and protocols. As an application of SPHFs, \emph { Password - Based Authenticated Key Exchange } ( PAKE ) protocol is well-studied area in the last few years. In 2009, Katz and Vaikuntanathan described the first lattice-based PAKE using the Learning With Errors ( LWE ) problem. In this work, we present a new efficient \emph { ring-based } smooth projectice hash function `` ( Ring - SPHF ) " using Lyubashevsky, Peikert, and Regev's dual-style cryptosystem based on the Learning With Errors over Rings ( Ring - LWE ) problem. Then, using our ring-SPHF, we propose the first efficient password-based authenticated key exchange ` ` ( Ring - PAKE ) " protocol over \emph{ rings } whose security relies on ideal lattice assumptions.