دانلود کتاب Information Security and Cryptology. 18th International Conference, Inscrypt 2022 Beijing, China, December 11–13, 2022 Revised Selected Papers

فهرست مطالب :

Preface
Organization
Contents
Block Ciphers
How Fast Can SM4 be in Software?
1 Introduction
1.1 Contributions
1.2 Related Works
1.3 Limitations
1.4 Organizations
2 Backgrounds
2.1 Notations
2.2 The SM4 Block Cipher
2.3 The Counter (CTR) Mode
2.4 The Galois/Counter Mode (GCM)
3 Bitslicing SM4
3.1 A New Bitliced Representation of SM4
3.2 The Applications to Multiple SM4 Blocks
4 The Implementation of S-Box
4.1 Decomposing the SM4 S-Box
4.2 Optimizing the Linear Components
5 Implementations of SM4-CTR, SM4-GCM, and More
5.1 Data Form Transformation Algorithms
5.2 Bitslicing-Friendly Variants of CTR Mode and GCM
6 Implementation Results and Comparisons
6.1 The Implementation of S-Box for SM4
6.2 The Comparison of SM4 Software Implementations
7 Conclusions and Future Works
A The Matrices U, C and B in S-Box Decomposition
B The AEAD Scheme GCM+ and Its Security Proof
B.1 Security Definitions
B.2 GCM+ and Its Security
References
LLLWBC: A New Low-Latency Light-Weight Block Cipher
1 Introduction
2 Specification of LLLWBC
2.1 Key Schedule
2.2 Encryption Algorithm
2.3 The Decryption Algorithm
3 Design Rationale
3.1 Cipher Structure
3.2 Round Function F
3.3 Key Schedule
4 Security Analysis
4.1 Differential Cryptanalysis
4.2 Linear Cryptanalysis
4.3 Impossible Differential Cryptanalysis
4.4 Integral Attack
4.5 Meet-in-the-Middle Attack
4.6 Other Attacks
5 Implementations
5.1 Hardware Implementation
5.2 Software Implementation
6 Conclusion
References
New Automatic Search Tool for Searching for Impossible Differentials Using Undisturbed Bits
1 Introduction
2 The New Tool to Search for Impossible Differentials
2.1 Modeling Undisturbed Differential Bits Propagation of Basic Operations
2.2 Framework for Impossible Differential Searches
3 Applying the Tool to Four Primitives
3.1 ASCON
3.2 SIMON
3.3 LBlock
3.4 LEA
4 Conclusion
References
Public Key Encryption & Signature
You Can Sign but Not Decrypt: Hierarchical Integrated Encryption and Signature
1 Introduction
1.1 Our Contributions
1.2 Related Works
2 Preliminaries
2.1 Public Key Encryption
2.2 Digital Signature
2.3 Constrained Identity-Based Encryption
3 Hierarchical Integrated Encryption and Signature
3.1 Definition of HIES
3.2 HIES from Constrained IBE
4 Further Discussion
5 Instantiation and Implementation
5.1 Instantiation of HIES
5.2 Implementation
6 Conclusion
A Hierarchical Identity-Based Encryption
A.1 Definition of HIBE
A.2 Boneh-Boyen HIBE Scheme
References
SR-MuSig2: A Scalable and Reconfigurable Multi-signature Scheme and Its Applications
1 Introduction
2 Related Work
2.1 Multi-signature Scheme Based on Schnorr
2.2 Multi-signature Scheme Based on Tree Structure
3 Preliminaries
3.1 Notation and Definitions
3.2 Multi-Signature Scheme MuSig2
3.3 Tree Structure
4 Trivial Tree-Based MuSig2 Scheme
5 SR-MuSig2 Scheme
5.1 Advanced MuSig2 Scheme
5.2 SR-MuSig2 in Case of Network Failure
5.3 SR-MuSig2 in Case of Signers\' Active Revocation
6 Evaluation
6.1 Experimental Setup
6.2 Performance of Different Stages
6.3 Performance of Aggregating Public Keys
6.4 Impact of Network Environments
6.5 Scalability
6.6 Reconfigurability
7 Applications
8 Conclusion
References
McEliece-Type Encryption Based on Gabidulin Codes with No Hidden Structure
1 Introduction
2 Preliminaries
2.1 Notations and Basic Concepts
2.2 Gabidulin Code
2.3 Partial Cyclic Code
3 RSD Problem and Generic Attacks
4 Linearized Transformations
5 Our Proposal
5.1 Description of Our Proposal
5.2 Why Not Hide Gabidulin Code
5.3 On the Choice of
5.4 On the Choice of (m1,m2)
6 Security Analysis
6.1 Structural Attacks
6.2 Generic Attacks
7 Parameters and Public Key Size
8 Conclusion
A Proof of Proposition 6
References
Quantum
Optimizing the Depth of Quantum Implementations of Linear Layers
1 Introduction
2 Preliminaries
2.1 Quantum Circuit
2.2 Depth of the Quantum Circuits
3 Linear Depth Optimization
3.1 Depth Optimization for Decomposition Sequences
3.2 Finding Better Gate Sequences
4 Applications
5 Conclusion
References
IND-CCA Security of Kyber in the Quantum Random Oracle Model, Revisited
1 Introduction
1.1 Technical Overview
1.2 Paper Organization
2 Preliminaries
2.1 Public-Key Encryption
2.2 Key Encapsulation Mechanism
2.3 Quantum Random Oracle Model
3 IND-CCA Proof for Kyber
4 Conclusions
References
MPC
Practical Multi-party Private Set Intersection Cardinality and Intersection-Sum Under Arbitrary Collusion
1 Introduction
1.1 State of the Art of MPSI-CA
1.2 State of the Art of Two-Party PSI-CA-Sum
1.3 Our Contributions
1.4 High-Level Description
1.5 Organizations
2 Preliminaries
3 Two New Primitives and Constructions
3.1 Multi-party Secret-Shared Shuffle
3.2 Oblivious Zero-Sum Check
4 MPSI-CA Protocol Under Arbitrary Collusion
4.1 Element Sharing
4.2 Detailed Description
5 MPSI-CA-Sum Protocol Under Arbitrary Collusion
5.1 Payload Sharing
5.2 Detailed Description
6 Experimental Evaluation
References
Amortizing Division and Exponentiation
1 Introduction
2 Preliminaries
2.1 Notation
2.2 Security Model
2.3 Vector Oblivious Linear-Function Evaluation
2.4 Generating Random Shares and Coins
2.5 Secure Multiplication
2.6 Secure Inversion
2.7 Unbounded Fan-In Multiplication
2.8 Public Base Exponentiation
3 Correlated Multiplication
3.1 Correlated Multiplication Triple Generation
4 Amortizing Division
4.1 Single Division Case
4.2 Batch Division Case
5 Amortizing Exponentition
6 Conclusions
References
Cryptanalysis
Generalized Boomerang Connectivity Table and Improved Cryptanalysis of GIFT
1 Introduction
2 Background and Previous Work
2.1 BCT, BDT, EBCT
2.2 Automatic Tools Modeling BCT
2.3 Clustering Effect in Boomerang Distinguishers
2.4 Key-Recovery Algorithms for Rectangle Attacks
3 Generalized Boomerang Connectivity Table
3.1 Introduction to GBCT
3.2 Properties of GBCT
3.3 Variants of GBCT
3.4 The Advantages of GBCT
4 New Search Algorithm for a Boomerang Distinguisher
4.1 Strategies in the Search Algorithm
4.2 The Improved Distinguisher with GBCT for GIFT
5 Rectangle Attacks on GIFT-64 and GIFT-128 with Reduced Complexities
6 Conclusion and Future Discussion
A 10-Round Optimal (Related-Key) Differentials for GIFT-64
References
Cryptanalysis of Ciminion
1 Introduction
2 Preliminaries
2.1 Description of Ciminion
2.2 Polynomial Representations over Binary Extension Fields
3 Algebraic Distinguishers of Reduced-Round Ciminion
3.1 Higher Order Differential Distinguisher over Binary Extension Fields
3.2 Integral Property over Prime Fields with Odd Characteristic
3.3 General Cases
4 Subkey Recovery Under Weak Random Numbers
4.1 Observations on the Round Function
4.2 Subkey Recovery of Aiminion Under Weak Random Numbers
5 Conclusion
References
Clustering Effect of Iterative Differential and Linear Trails
1 Introduction
2 Preliminaries
2.1 Differential Cryptanalysis
2.2 Linear Cryptanalysis
2.3 Iterative Trails
2.4 Concepts in Graph Theory
3 Method of Finding and Exploiting Iterative Trails
3.1 Extending the Definition of Iterative Trails
3.2 Graph Generating
3.3 Finding the Best Iterative Differential Trail
3.4 Finding the Best Iterative Difference Propagation
3.5 Finding the Best Difference Propagation Contributed by Trails Containing Iterative Ones
4 Experimental Results
4.1 Evaluation of the Clustering Effect of Iterative Differential and Linear Trails
4.2 Results on Finding the Best Difference and Linear Propagations Contributed by Trails Containing Iterative Ones
4.3 Results on the Security of KNOT-AEAD and KNOT-Hash Against Differential and Linear Attacks
4.4 Verification of the Dominance of Trails Containing Iterative Ones in a Difference or Linear Propagation
5 Conclusion
References
Differential Cryptanalysis of Round-Reduced SPEEDY Family
1 Introduction
2 Preliminary
2.1 Description of SPEEDY
2.2 Observations on Differential Properties of SPEEDY
2.3 Complexity Analysis of the Differential Attack
2.4 Automatic Searching Model Based on SAT Problem
3 Searching for Good Differential Trails for SPEEDY
3.1 Improved Automatic Searching Model for SPEEDY
3.2 Process of Solving the Model
4 Differential Cryptanalysis on 6-Round SPEEDY
4.1 The 4.5-Round Differential Distinguisher
4.2 Speed Up Filtering Wrong Pairs by Optimizing the Distinguisher
4.3 Key Recovery of 6-Round SPEEDY-192
5 Differential Cryptanalysis of 5-Round SPEEDY
5.1 Speed up Filtering Wrong Pairs with a 3.5-Round Differential Distinguisher
5.2 Key Recovery of 5-Round SPEEDY-r-192
6 Conclusion
References
Mathematical Aspects of Crypto
A Note on Inverted Twisted Edwards Curve
1 Introduction
2 Background
3 Arithmetic on Inverted Twisted Edwards Curves
4 Points Operations in Projective Coordinates
4.1 Readdition Formula
4.2 Tripling in Projective Coordinates
5 Points Operations in Extended Projective Coordinates
5.1 Addition in Extended Projective Coordinates
5.2 Doubling in Extended Projective Coordinates
5.3 Tripling in Extended Projective Coordinates
6 Comparison
7 Fast Scalar Multiplication
8 Conclusion
References
Efficiently Computable Complex Multiplication of Elliptic Curves
1 Introduction
2 Preliminary
3 Explicit Expression of Complex Multiplication over Fp
3.1 Complex Multiplication Restricted to a Finite Field
3.2 Computing the Rational Expression of CM over Fp
4 Q-Elliptic Curves and Their Complex Multiplications
5 Conclusions
References
Several Classes of Niho Type Boolean Functions with Few Walsh Transform Values
1 Introduction
2 Preliminaries
2.1 The Walsh Transform
2.2 The Roots of Low-Degree Equations
3 The Value Distributions of Niho-type Functions
3.1 Niho-type Function with si=2i
3.2 Niho-type Function with si=6-4i
3.3 Niho-type Function with si=4i-2
4 Conclusions
References
Stream Ciphers
Higher-Order Masking Scheme for Trivium Hardware Implementation
1 Introduction
2 Background
2.1 Trivium
2.2 Glitch-Extended Probing Model
2.3 Higher-Order Masking Scheme
3 Security Analysis of Trivium Implementation
3.1 Type 1 Attack
3.2 Type 2 Attack
3.3 Type 3 Attack
4 Glitch-Resistant Higher-Order Masking Schemes for Trivium
4.1 Version-1 Masking Scheme
4.2 Version-2 Masking Scheme
4.3 Hardware Cost
5 Performance Evaluation
6 Side-Channel Evaluation
7 Conclusion
References
An Experimentally Verified Attack on 820-Round Trivium
1 Introduction
2 Preliminaries
2.1 Boolean Functions and Algebraic Degree
2.2 Trivium
2.3 Cube Attacks
2.4 A Heuristic Algorithm of Constructing Cubes Targeting Linear Superpolies
3 A Search Algorithm for Valuable Cubes
3.1 A Modified Algorithm of Constructing Mother Cubes
3.2 A Method for Searching Low-Degree Subcubes
3.3 A Method for Searching Valuable Subcubes
4 Applications
4.1 A Practical Key-Recovery Attack on 815-Round Trivium
4.2 A Practical Key-Recovery Attack on 820-Round Trivium
5 Conclusion
References
Malware
HinPage: Illegal and Harmful Webpage Identification Using Transductive Classification
1 Introduction
2 Related Work
3 Theoretical Foundation for HinPage
3.1 Heterogeneous Information Network
3.2 Transductive Classification on HIN
4 The Implementation of the HinPage Approach
4.1 Overview of HinPage
4.2 Data Collection
4.3 Construction of Heterogeneous Information Network (HIN)
4.4 Classification
5 Experiments
5.1 Dataset
5.2 Performance Evaluation
6 Conclusion and Future Works
References
Detecting API Missing-Check Bugs Through Complete Cross Checking of Erroneous Returns
1 Introduction
2 Background and Related Work
2.1 Security Check
2.2 Related Work
2.3 Analysis of Error Returns in Linux Kernel
3 Method
3.1 Overview
3.2 Design
4 Implementation
5 Evaluation
5.1 Overall Analysis of Bug Detection
5.2 Analysis of Critical Variables and Missing-Checks
5.3 False Positives and False Negatives
5.4 Bug Confirmation
6 Conclusion
References
Efficient DNN Backdoor Detection Guided by Static Weight Analysis
1 Introduction
2 Background and Motivation
2.1 Threat Model
2.2 Limitations of Existing Techniques
2.3 Key Intuition and Observation
3 Design
3.1 Overview
3.2 Static Weight Analysis to Identify Suspicious Target and Victim Labels
3.3 Reverse Engineering of Backdoor Triggers
3.4 Trigger Analysis to Suppress False Positives
4 Experiments
4.1 Experimental Setup
4.2 Detection Performance on Local Patch Attacks
4.3 Detection Performance on Global Transformation Attacks
4.4 Advanced Attack Detection
4.5 Hyper-parameter Sensitivity Analysis
5 Discussion
6 Related Work
7 Conclusion
References
Mimic Octopus Attack: Dynamic Camouflage Adversarial Examples Using Mimetic Feature for 3D Humans
1 Introduction
2 Related Work
2.1 DNN for Human Detection
2.2 Physical Adversarial Attack
2.3 3D Rendering for AE
2.4 Camouflage-Based AE
3 Method
3.1 Threat Model
3.2 Problem Definition
3.3 MOA Architecture
3.4 Loss Function
3.5 Special Optimization for Human
4 Evaluation
4.1 Experimental Setup
4.2 Experiments
5 Conclusion
References
Lattices
Subfield Attacks on HSVP in Ideal Lattices
1 Introduction
1.1 Previous Works
1.2 Our Results
1.3 Paper Organization
2 Preliminaries
2.1 Lattice
2.2 Algebraic Number Theory
2.3 Ideal Lattice
3 Attacks on HSVP of Ideal Lattices
3.1 Under the Canonical Embedding
3.2 Under the Coefficient Embedding
4 Analysis
4.1 Complexity
4.2 Comparison
4.3 Applications
5 Conclusions and Open Problems
References
On the Measurement and Simulation of the BKZ Behavior for q-ary Lattices
1 Introduction
1.1 Contributions
2 Preliminaries
2.1 Lattices
2.2 NTRU Lattice
2.3 The BKZ Algorithm
2.4 The BKZ Simulator
3 Second Order Statistical Behavior for q-ary Lattice
3.1 The Mean and Variance of ri
3.2 Local Correlations and Global Variance
4 A Simulator Tailored for q-ary Lattice
4.1 The Albrecht-Li BKZ Simulator Tailored for Random q-ary Lattices
4.2 A New Simulator for Random q-ary Lattices
4.3 Impact of New Simulator Tailored for Random q-ary Lattices
5 Conclusion
References
Inferring Sequences Produced by the Quadratic Generator
1 Introduction
2 Preliminaries
2.1 Lattice
2.2 Coppersmith\'s Method
2.3 The Quadratic Generator
3 Solving f(x1,x2,y)=x1x2+ax1+bx2+cy+d mod p
3.1 Solution for t = 2
3.2 Solution for t
4 Application: Attacking the Quadratic Generator
5 Experimental Results
6 Conclusion
References
Author Index