The authors analyze the security of Hierocrypt-3(128-bit) and Hierocrypt-L1(64-bit) designed on the nested SPN(NSPN) structure against the differential and linear cryptanalysis, and found that they are sufficiently secure, e.g., the maximum average differential and linear hull probabilities (MACP and MALHP) are bounded by 2−96 for 4-round of Hierocrypt-3; those probabilities are bounded by 2−48...

Recently, Shao et al. proposed two bidirectional proxy re-signature schemes Smb and Sid−mb [3]. In their paper, the authors gave security proofs to say that both of them are secure in their security model without random oracles. But, we found that the scheme Smb is miss leaded and its security proof is false. In this paper, we present an attack on Smb and improve it to be secure in their securi...

We define security goals and attack models for disk encryption, and prove several relationships between the resulting security notions, and some general results about disk encryption. We give concrete constructions for every security notion along with security proofs. Finally, we briefly discuss the security of some implementations and standards for disk encryption.

Multi-proxy signature allows an original signer authorizing a proxy group as his proxy agent and only the cooperation of all proxy signers in the group can create a proxy signature on behalf of the original signer. Recently, Jin and Wen defined a formal model of certificateless multi-proxy signature and proposed a concrete scheme. They claimed that their scheme is provably secure in their secur...

In this paper, we propose a new Identity-based signcryption (IBSC) scheme in the standard model. Our scheme shows an improvement of approximately 40% reduction in the ciphertext size when compared to the previously proposed IBSC schemes in the standard model. Further, we argue that the previous IBSC schemes do not provide su cient simulation ability in the security game. We show that with some ...

We initiate the study of provably secure remote memory attestation. We present two protocols offering various efficiency and security trade-offs that detect the presence of injected malicious code in remotelystored heap memory. While our solutions offer protection only against a specific class of attacks, our novel formal security definitions are general enough to cover a wide range of attacks ...

Multiparty signature protocols need protection against rogue-key attacks, made possible whenever an adversary can choose its public key(s) arbitrarily. For many schemes, provable security has only been established under the knowledge of secret key (KOSK) assumption where the adversary is required to reveal the secret keys it utilizes. In practice, certifying authorities rarely require the stron...

Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party passwordbased authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof ...

Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party passwordbased authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof ...

With today’s dissemination of embedded systems manipulating sensitive data, it has become important to equip low-level programs with strong security guarantees. Unfortunately, security proofs as done by cryptographers are about algorithms, not about concrete implementations running on hardware. In this paper, we show how to perform security proofs to guarantee the security of assembly language ...