International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Qiang Tang

Affiliation: New Jersey Institute of Technology, USA

Publications

Year
Venue
Title
2019
PKC
Let a Non-barking Watchdog Bite: Cliptographic Signatures with an Offline Watchdog
We study how to construct secure digital signature schemes in the presence of kleptographic attacks. Our work utilizes an offline watchdog to clip the power of subversions via only one-time black-box testing of the implementation. Previous results essentially rely on an online watchdog which requires the collection of all communicating transcripts (or active re-randomization of messages).We first give a simple but generic construction, without random oracles, in the partial-subversion model in which key generation and signing algorithms can be subverted. Then, we give the first digital signature scheme in the complete-subversion model in which all cryptographic algorithms can be subverted. This construction is based on the full-domain hash. Along the way, we enhance the recent result of Russell et al.  (CRYPTO 2018) about correcting a subverted random oracle.
2018
CRYPTO
Correcting Subverted Random Oracles 📺
The random oracle methodology has proven to be a powerful tool for designing and reasoning about cryptographic schemes, and can often act as an effective bridge between theory and practice. In this paper, we focus on the basic problem of correcting faulty—or adversarially corrupted—random oracles, so that they can be confidently applied for such cryptographic purposes.We prove that a simple construction can transform a “subverted” random oracle—which disagrees with the original one at a negligible fraction of inputs—into a construction that is indifferentiable from a random function. Our results permit future designers of cryptographic primitives in typical kleptographic settings (i.e., with adversaries who may subvert the implementation of cryptographic algorithms but undetectable via blackbox testing) to use random oracles as a trusted black box, in spite of not trusting the implementation. Our analysis relies on a general rejection re-sampling lemma which is a tool of possible independent interest.
2018
PKC
Making Public Key Functional Encryption Function Private, Distributively
Xiong Fan Qiang Tang
We put forth a new notion of distributed public key functional encryption. In such a functional encryption scheme, the secret key for a function f will be split into shares $$\mathsf {sk}_i^f$$ skif. Given a ciphertext $$\mathsf {ct} $$ ct that encrypts a message x, a secret key share $$\mathsf {sk}_i^f$$ skif, one can evaluate and obtain a shared value $$y_i$$ yi. Adding all the shares up can recover the actual value of f(x), while partial shares reveal nothing about the plaintext. More importantly, this new model allows us to establish function privacy which was not possible in the setting of regular public key functional encryption. We formalize such notion and construct such a scheme from any public key functional encryption scheme together with learning with error assumption.We then consider the problem of hosting services in the untrusted cloud. Boneh, Gupta, Mironov, and Sahai (Eurocrypt 2014) first studied such application and gave a construction based on indistinguishability obfuscation. Their construction had the restriction that the number of corrupted clients has to be bounded and known. They left an open problem how to remove such restriction. We resolve this problem by applying our function private (distributed) public key functional encryption to the setting of hosting service in multiple clouds. Furthermore, our construction provides a much simpler and more flexible paradigm which is of both conceptual and practical interests.Along the way, we strengthen and simplify the security notions of the underlying primitives, including function secret sharing.
2016
EUROCRYPT
2016
ASIACRYPT
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
EPRINT
2014
EPRINT
2014
EPRINT
2014
EPRINT
2010
EPRINT
A Reflection on the Security of Two-Party Key Establishment Protocols
Qiang Tang
Two-party key establishment has been a very fruitful research area in cryptography, with many security models and numerous protocols proposed. In this paper, we take another look at the YAK protocol and the HMQV protocols and present some extended analysis. Motivated by our analysis, we reflect on the security properties that are desired by two-party key establishment protocols, and their formalizations. In particular, we take into account the interface between a key establishment protocol and the applications which may invoke it, and emphasize the concept of session and the usage of session identifier. Moreover, we show how to design a two-party key establishment protocol to achieve both key authentication and entity authentication properties in our security model.
2007
EPRINT
On the Security of three Versions of the WAI Protocol in Chinese WLAN Implementation Plan
Qiang Tang
In this paper we investigate the security properties of three versions of the WAI protocol in Chinese WLAN implementation plan. We first revisit the security analysis that has been done to the version 1 and 2. we show that the security proof given by Li, Moon, and Ma is incorrect and the alternative protocol EWAP of Zhang and Ma is insecure. We further analyse the third version of the WAI protocol and prove its security in the Canetti-Krawczyk model. In addition, we also provide some practical security analysis of this version.
2007
EPRINT
Bilateral Unknown Key-Share Attacks in Key Agreement Protocols
Liqun Chen Qiang Tang
Unknown Key-Share (UKS) resilience is a basic security attribute in authenticated key agreement protocols, whereby two entities A and B should not be able to be coerced into sharing a key between them when in fact either A or B thinks that s/he is sharing the key with another entity C. In this paper we revisit some definitions of this attribute, the existing UKS attacks and the method of proving this attribute in the Bellare-Rogaway (BR) model in the literature. We propose a new UKS attack, which coerces two entities A and B into sharing a key with each other but in fact A thinks that she is sharing the key with another entity C and B thinks that he is sharing the key with another entity D, where C and D might or might not be the same entity. We call this attack a Bilateral Unknown Key-Share(BUKS) attack and refer to the existing UKS attacks, which are against one entity only, as a Unilateral UKS (UUKS) attack. We demonstrate that a few well-known authenticated key agreement protocols, some of which have been proved holding the UUKS resilience property, are vulnerable to the BUKS attack. We then explore a gap between the traditional BR-type proof of UUKS resilience and a BUKS adversary's behaviour, and extend the BR model to cover the BUKS resilience attribute. Finally we provide a simple countermeasure to prevent a key agreement protocol from BUKS attacks.
2006
EPRINT
On the security of a group key agreement protocol
Qiang Tang
In this paper we show that the group key agreement protocol proposed by Tseng suffers from a number of serious security vulnerabilities.
2006
EPRINT
Revisiting the Security Model for Timed-Release Public-Key Encryption with Pre-Open Capability
Alexander W. Dent Qiang Tang
In this paper we investigate a security model for Timed-Release Encryption schemes with Pre-Open Capability (TRE-PC schemes) proposed by Hwang, Yum, and Lee. Firstly, we show that the HYL model possesses a number of defects and fails to model some potentially practical security vulnerabilities faced by TRE-PC schemes. Secondly, we propose a new security model for TRE-PC schemes which models the securities against four kinds of attacker and avoids the defects of the HYL model. We also work out the complete relations among the security notions defined in the new model. Thirdly, we introduce the notion of TRE-PC-KEM, which is a special type of KEM, and show a way to construct a TRE-PC scheme using a TRE-PC-KEM and a DEM. Finally, we propose an instantiation of a TRE-PC-KEM and prove its security.
2005
EPRINT
Cryptanalysis of an anonymous wireless authentication and conference key distribution scheme
Qiang Tang Chris J. Mitchell
In this paper we analyse an anonymous wireless authentication and conference key distribution scheme which is also designed to provide mobile participants with user identification privacy during the conference call. The proposed scheme consists of three sub-protocols: the Call Set-Up Authentication Protocol, the Hand-Off Authentication Protocol, and the Anonymous Conference Call Protocol. We show that the proposed scheme suffers from a number of security vulnerabilities.
2005
EPRINT
Cryptanalysis of two identification schemes based on an ID-based cryptosystem
Qiang Tang Chris J. Mitchell
Two identification schemes based on the Maurer-Yacobi ID-based cryptosystem are analysed and shown to suffer from serious security problems.
2005
EPRINT
Enhanced password-based key establishment protocol
Qiang Tang Chris J. Mitchell
In this paper we analyse a password-based authenticated key establishment protocol due to Laih, Ding and Huang, which enables a user to authenticate himself to a server and negotiate a shared session key. This protocol is also designed to guarantee that a human being is actually involved in an ongoing protocol execution. However we show that the protocol suffers from offline dictionary attacks. We propose an enhanced password-based authenticated key establishment protocol which is secure against offline dictionary attacks, and that possesses an additional feature guaranteeing that a user is involved in each protocol execution.
2005
EPRINT
On the security of some password-based key agreement schemes
Qiang Tang Chris J. Mitchell
In this paper we show that two potential security vulnerabilities exist in the strong password-only authenticated key exchange scheme due to Jablon. Two standardised schemes based on Jablon's scheme, namely the first password-based key agreement mechanism in ISO/IEC FCD 11770-4 and the scheme BPKAS-SPEKE in IEEE P1363.2 also suffer from one or both of these security vulnerabilities. We further show that other password-based key agreement mechanisms, including those in ISO/IEC FCD 11770-4 and IEEE P1363.2, also suffer from these two security vulnerabilities. Finally, we propose means to remove these security vulnerabilities.
2005
EPRINT
Weaknesses in a leakage-resilient authenticated key transport protocol
Qiang Tang Chris J. Mitchell
In this paper we demonstrate the existence of a number of weaknesses in a leakage-resilient authenticated key transport (RSA-AKE) protocol due to Shin, Kobara and Imai.
2005
EPRINT
Security properties of two provably secure conference key agreement protocols
Qiang Tang Chris J. Mitchell
In this paper we analyse the security of two authenticated group key agreement schemes based on the group key agreement protocol of Burmester and Desmedt. One scheme was proposed by Burmester and Desmedt, and uses a separate authentication scheme to achieve authentication among the participants. We show that this scheme suffers from a number of security vulnerabilities. The other scheme was generated using the general protocol compiler of Katz and Yung. We show that in some circumstances, even if key confirmation is implemented, this scheme still suffers from insider attacks (which are not covered by the security model used by Katz and Yung).
2005
EPRINT
Weaknesses in two group Diffie-Hellman key exchange protocols
Qiang Tang Liqun Chen
In this paper we show that the password-based Diffie-Hellman key exchange protocols due to Byun and Lee suffer from dictionary attacks.
2005
EPRINT
Identity-Based Key Agreement with Unilateral Identity Privacy Using Pairings
In most of the existing identity-based key agreement schemes, it is usually assumed that either the communicated parties know each other's identifier before the protocol starts or their identifiers are transferred along with the protocol messages. However, these schemes are not suitable for use in many real-world applications aimed to achieve unilateral identity privacy, which means that one communicating party does not want to expose his identifier to an outsider while his partner cannot know his identifier in advance. In this paper, we propose an efficient identity-based two-party key agreement scheme with unilateral identity privacy using pairing, and formally analyze its security in a modified Bellare-Rogaway key agreement security model.
2005
EPRINT
Efficient Compilers for Authenticated Group Key Exchange
Qiang Tang Chris J. Mitchell
In this paper we propose two compilers which are designed to transform a group key exchange protocol secure against any passive adversary into an authenticated group key exchange protocol with key confirmation which is secure against any passive adversary, active adversary, or malicious insider. We show that the first proposed compiler gives protocols that are more efficient than those produced by the compiler of Katz and Yung. The second proposed compiler further reduces the computational complexity of the output protocols by using a Trusted Third Party (TTP). We moreover show that, although the protocols produced by the novel compilers have lower computational complexity than the protocols produced by the Katz-Yung compiler, the protocols nevertheless achieve key confirmation, unlike the protocols output by the Katz-Yung compiler.
2004
EPRINT
Rethinking the security of some authenticated group key agreement schemes
Qiang Tang Chris J. Mitchell
In this paper we analyse three improved authenticated group key agreement schemes, all of which are based on the conference key distribution systems proposed by Burmester and Desmedt. We show that all the schemes suffer from a type of impersonation attack, although these schemes are claimed to be secure.

Program Committees

PKC 2019
Asiacrypt 2019
PKC 2018
Asiacrypt 2018