The paper describes two important design flaws in Online Certificate Status Protocol (OCSP), a protocol widely used in PKI environments for managing digital certificates’ credibility in real time. The flaws significantly reduce the security capabilities of the protocol, and can be exploited by a malicious third party to generate forged signed certificate statuses and, in the worst scenario, for...

In this paper we present adaptive key recovery attacks on NTRU-based somewhat homomorphic encryption schemes. Among such schemes, we study the proposal by Bos et al [BLLN13] in 2013. Given access to a decryption oracle, the attack allows us to compute the private key for all parameter choices. Such attacks show that one must be very careful about the use of homomorphic encryption in practice. T...

A practical key substitution attack on SFLASH is described: Given a valid (message, signature) pair (m,σ) for some public key v0, one can derive another public key v1 (along with matching secret data) such that (m,σ) is also valid for v1. The computational effort needed for finding such a ‘duplicate’ key is comparable to the effort needed for ordinary key generation.

In this paper we propose a framework for constructing public key encryption against related key attacks from hash proof systems in the standard model. Compared with the construction of Wee (PKC2012), our framework avoids the use of one-time signatures. We show that the schemes presented by Jia et al. (ProvSec2013) could fit into our framework. And we give more instantiations of the proposed fra...

• An integer n with c ≤ n ≤ b. Secret EdDSA scalars have exactly n+ 1 bits, with the top bit (the 2 position) always set and the bottom c bits always cleared. The original specification of EdDSA did not include this parameter: it implicitly took n = b−2. Choosing n sufficiently large is important for security: standard “kangaroo” attacks use approximately 1.36 √ 2n−c additions on average to det...

Key agreement protocols are a fundamental building block for ensuring authenticated and private communications between two parties over an insecure network. This paper focuses on key agreement protocols in the asymmetric authentication model, wherein parties hold a public/private key pair. In particular, we consider a type of known key attack called key compromise impersonation that may occur o...

Non-transferability of digital signatures is an important security concern, traditionally achieved via interactive verification protocols. Such protocols, however, are vulnerable to “online transfer attacks” —i.e., attacks mounted during the protocols’ executions. In this paper, we show how to guarantee online untransferability of signatures, via a reasonable public-key infrastructure and gener...

A secure and efficient mobile IP (MIP) registration protocol using certificateless signature scheme is proposed. The protocol minimises the registration time through minimal usage of an efficient certificateless signature scheme between a foreign agent (FA) and a home agent (HA). Protocol parameters can be kept resynchronised by reusing the initial values in the MIP registration in case the syn...

Long before the advent of electronic systems, different methods of information scrambling were used. Early attempts at data security in electronic computers employed some of the same transformations. Modern secret key cryptography brought much greater security, but eventually proved vulnerable to brute-force attacks. Public key cryptography has now emerged as the core technology for modern comp...

A digital certificate under Public Key Infrastructure has a defect of Man-in-the-Middle Attack that performs hash collision attacks. In this paper, we propose a robust biometric-PKI authentication system against Man-in-the-Middle Attack. The biometric-PKI authentication system consists of current PKI authentication and biometric authentication, which employs biometric data and a public key from...