In this invited talk, a brief survey on the developments of countermeasures against differential and linear cryptanalysis methods is presented. 1 Nonlinearity of S-boxes Throughout the eighties the unpublished design criteria of the DES had inspired various authors to invent formal nonlinearity criteria for S-boxes such as the strict avalanche criterion [30] and the propagation criterion [27]. ...

Standard form of authenticated encryption (AE) requires the ciphertext to be expanded by the nonce and the authentication tag. These expansions can be problematic when messages are relatively short and communication cost is high. To overcome the problem we propose a new form of AE scheme, MiniAE, which expands the ciphertext only by the single variable integrating nonce and tag. An important fe...

A directed signature scheme allows a designated verifier to directly verify a signature issued to him, and a third party to check the signature validity with the help of the signer or the designated verifier as well. Due to its merits, the directed signature scheme can be applied on some personally or commercially sensitive occasions. Up to now, there are several directed signature schemes havi...

We promote an engineering approach to design of provably secure key exchange protocols. Using the model of Canetti and Krawczyk we present a systematic method to arrive at efficient and practical protocols with proven security and illustrate its use with existing building blocks. We further show a dual approach which allows protocols with known features to be ‘reverse engineered’, thereby allow...

This paper presents a framework to analyze the security of data transmission protocols in wireless sensor network. This framework defines three attack models in terms of the adversary’s attacking ability, and provides an ideal model to verify whether a given protocol is secure or not under these three different attack models. Furthermore, we give a formal security definition under different att...

Onion routing is a scheme for anonymous communication that is designed for practical use. It has not been modeled formally, however, and therefore its anonymity guarantees have not been rigorously analyzed. We give an IO-automata model of an onion-routing protocol and, under possibilistic definitions, characterize the situations in which anonymity and unlinkability are guaranteed.

A Secret Handshake is a protocol that allows two users to mutually verify one another’s properties, and in case of simultaneous matching, to share a key used to secure subsequent communications. In this paper, we present the first Secret Handshake scheme that allows dynamic matching of properties under stringent security requirements: in particular, the right to prove and to verify is strictly ...