Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20457220150701Computationally secure multiple secret sharing: models, schemes, and formal security analysis91993920810.22042/isecure.2016.7.2.2ENS.MashhadiDepartment of Mathematics, Iran University of Science & Technology, Tehran, Iran.Journal Article20150602A multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants. in such a way a multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants, such that any authorized subset of participants can reconstruct the secrets. Up to now, existing MSSs either require too long shares for participants to be perfect secure, or do not have a formal security analysis/proof. In 2013, Herranz <em>et al</em>. provided the first formal definition of computational security for multi-stage secret sharing scheme (MSSS) in the standard model and proposed a practical and secure scheme. As far as we know, their scheme is the only computationally secure MSS in the standard model, and there is no formal definition of the computational security for other categories of MSSs. Based on this motivation, in this paper, we define the first formal model of indistinguishability against the chosen secret attacks (CSA) for other types of MSSs in the standard model. Furthermore, we present two practical CSA-secure MSSs, belonging to different types of MSSs and enjoying the advantage of short shares. They are also provably secure in the standard model. Based on the semantic security of the underlying encryption schemes, we prove the security of our schemes.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20457220150902Efficient implementation of low time complexity and pipelined bit-parallel polynomial basis multiplier over binary finite fields1011143920910.22042/isecure.2016.7.2.3ENB.RashidiDepartment of Electrical and Computer Engineering, Isfahan University of Technology, Isfahan, IranR.Rezaeian FarashahiDepartment of Mathematical Sciences, Isfahan University of Technology, Isfahan, IranS. M.SayediSchool of Mathematics, Institute for Research in Fundamental Sciences (IPM), Tehran, IranJournal Article20150128This paper presents two efficient implementations of fast and pipelined bit-parallel polynomial basis multipliers over GF (2<sup>m</sup>) by irreducible pentanomials and trinomials. The architecture of the first multiplier is based on a parallel and independent computation of powers of the polynomial variable. In the second structure only even powers of the polynomial variable are used. The parallel computation provides regular and low-cost structure with low critical path delay. In addition, the pipelining technique is applied to the proposed structures to shorten the critical path and to perform the computation in two clock cycles. The implementations of the proposed methods over the binary extension fields GF (2<sup>163</sup>) and GF (2<sup>233</sup>) have been successfully verified and synthesized using Xilinx ISE 11 by Virtex-4, XC4VLX200 FPGA.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20457220151029EEH: AGGH-like public key cryptosystem over the eisenstein integers using polynomial representations1151263921010.22042/isecure.2016.7.2.4ENR.Ebrahimi AtaniDepartment of Computer Engineering, University of Guilan, Rasht, Iran.Sh.Ebrahimi AtaniDepartment of Mathematics, University of Guilan, Rasht, Iran.A.Hassani KarbasiSchool of Computer Science, Institute for Research in Fundamental Sciences (IPM), Tehran, Iran.Journal Article20140818GGH class of public-key cryptosystems relies on computational problems based on the closest vector problem (CVP) in lattices for their security. The subject of lattice based cryptography is very active and there have recently been new ideas that revolutionized the field. We present EEH, a GGH-Like public key cryptosystem based on the Eisenstein integers Z [ζ<sub>3</sub>] where ζ3 is a primitive cube root of unity. EEH applies representations of polynomials to the GGH encryption scheme and we discuss its key size and parameters selection. We also provide theoretical and experimental data to compare the security and efficiency of EEH to GGH with comparable parameter sets and show that EEH is an improvement over GGH in terms of security and efficiency.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20457220151116Cryptanalysis of some first round CAESAR candidates1271343921110.22042/isecure.2016.7.2.5ENJ.AlizadehFaculty and Research Center of Communication and Information Technology, Imam Hossein University, Tehran, Iran.M. R.ArefInformation Systems and Security Lab (ISSL), Sharif University of Technology, Tehran, Iran.N.BagheriThe Electrical Engineering Department of Shahid Rajaee Teachers Training University, Tehran, Iran.H.SadeghiDepartment of Mathematics, Faculty of Science, University of Qom, Qom, Iran.Journal Article20150411ΑΕS _ CMCCv₁, ΑVΑLΑNCHEv₁, CLΟCv₁, and SILCv₁ are four candidates of the first round of CAESAR. CLΟCv₁ is presented in FSE 2014 and SILCv₁ is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against ΑES _ CMCCv₁ with the complexity of two queries and the success probability of almost 1, and distinguishing attacks on CLΟCv₁ and SILCv₁ with the complexity of <em>Ο </em>(<em>2<sup>n/2</sup></em>) queries and the success probability of 0.63, in which <em>n</em> is bit length of message blocks. In addition, a forgery attack is presented against ΑVΑLΑNCHEv₁ which requires only one query and has the success probability of 1. The attacks reveal weaknesses in the structure of these first round candidates and inaccuracy of their security claims.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20457220151016Enhancing privacy of recent authentication schemes for low-cost RFID systems1351493921210.22042/isecure.2016.7.2.6ENK.BagheryInformation Systems and Security Lab (ISSL), Sharif University of Technology, Tehran, Iran.B.AbdolmalekiInformation Systems and Security Lab (ISSL), Sharif University of Technology, Tehran, Iran.B.AkhbariFaculty of Electrical Engineering, K. N. Toosi University of Technology, Tehran, IranM. R.ArefISSL Lab, Department of Electrical Engineering, Sharif University of Technology, Tehran, IranJournal Article20150114Nowadays Radio Frequency Identification (RFID) systems have appeared in lots of identification and authentication applications. In some sensitive applications, providing secure and confidential communication is very important for end-users. To this aim, different RFID authentication protocols have been proposed, which have tried to provide security and privacy of RFID users. In this paper, we analyze the privacy of two recently proposed RFID authentication protocols in 2012 and 2013. We present several traceability attacks including traceability, backward traceability and forward traceability against the first protocol. We also show that, the second protocol not only suffers from Denial-of-Service (DoS) attack, but also it is vulnerable to traceability and backward traceability attacks. We present our privacy analysis based on a well-known formal RFID privacy model which has been proposed by <em>Ouafi</em> and <em>Phan</em> in 2008. Then, in order to overcome the weaknesses, we apply some modifications on these protocols and propose two modified versions.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20457220151207A collusion mitigation scheme for reputation systems1511663921310.22042/isecure.2016.7.2.7ENM.NiknafsData and Network Security Lab. (DNSL), Department of Computer Engineering, Sharif University of Technology, Azadi Ave.,
Tehran, I.R. IranS.Dorri NogooraniData and Network Security Lab. (DNSL), Department of Computer Engineering, Sharif University of Technology, Azadi Ave.,
Tehran, I.R. IranR.JaliliData and Network Security Lab. (DNSL), Department of Computer Engineering, Sharif University of Technology, Azadi Ave.,
Tehran, I.R. IranJournal Article20140905Reputation management systems are in wide-spread use to regulate collaborations in cooperative systems. Collusion is one of the most destructive malicious behaviors in which colluders seek to affect a reputation management system in an unfair manner. Many reputation systems are vulnerable to collusion, and some model-specific mitigation methods are proposed to combat collusion. Detection of colluders is shown to be an NP-complete problem. In this paper, we propose the <em>Colluders Similarity Measure</em> (CSM) which is used by a heuristic clustering algorithm (the <em>Colluders Detection Algorithm</em> (CDA)) to detect colluders in <em>O</em> (<em>n<sup>2</sup>m + n<sup>4</sup></em>) in which <em>m</em> and <em>n</em> are the total number of nodes and colluders, respectively. Furthermore, we propose an architecture to implement the algorithm in a distributed manner which can be used together with compatible reputation management systems. Implementation results and comparison with other mitigation methods show that our scheme prevents colluders from unfairly increasing their reputation and decreasing the reputation of the other nodes.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20457220150729Persian Abstract1671724522810.22042/isecure.2015.7.2.8ENJournal Article20150727