A Novel Post-Quantum Blind Signature for Log System in Blockchain

In recent decades, log system management has been widely studied fordata security management. System abnormalities or illegal operations can befound in time by analyzing the log and provide evidence for intrusions. In orderto ensure the integrity of the log in the current system, many researchers havedesigned it based on blockchain. However, the emerging blockchain is facing significant security challenges with the increment of quantum computers. An attackerequipped with a quantum computer can extract the user's private key from thepublic key to generate a forged signature, destroy the structure of the blockchain,and threaten the security of the log system. Thus, blind signature on the lattice inpost-quantum blockchain brings new security features for log systems. In ourpaper, to address these, firstly, we propose a novel log system based on post-quantum blockchain that can resist quantum computing attacks. Secondly, we utilize apost-quantum blind signature on the lattice to ensure both security and blindnessof log system, which makes the privacy of log information to a large extent.Lastly, we enhance the security level of lattice-based blind signature under therandom oracle model, and the signature size grows slowly compared with others.We also implement our protocol and conduct an extensive analysis to prove theideas. The results show that our scheme signature size edges up subtly comparedwith others with the improvement of security level.

Towards Post-Quantum Cryptography Using Thermal Noise Theory and True Random Numbers Generation

The advent of quantum computers and algorithms challenges the semantic security of symmetric and asymmetric cryptosystems. Thus, the implementation of new cryptographic primitives is essential. They must follow the breakthroughs and properties of quantum calculators which make vulnerable existing cryptosystems. In this paper, we propose a random number generation model based on evaluation of the thermal noise power of the volume elements of an electronic system with a volume of 58.83 cm3. We prove through the sampling of the temperature of each volume element that it is difficult for an attacker to carry out an exploit. In 12 seconds, we generate for 7 volume elements, a stream of randomly generated keys of 187 digits that will be transmitted from source to destination through the properties of quantum cryptography.

Post-quantum blind signcryption scheme from lattice

Blind signcryption(BSC) can guarantee the blindness and untrackability of signcrypted messages, and moreover, it provides simultaneous unforgeability and confidentiality. Most traditional BSC schemes are based on the number theory. However, with the rapid development of quantum computing, traditional BSC systems are faced with severe security threats. As promising candidate cryptosystems with the ability to resist attacks from quantum computing, lattice-based cryptosystems have attracted increasing attention in academic fields. In this paper, a post-quantum blind signcryption scheme from lattice(PQ-LBSCS) is devised by applying BSC to lattice-based cryptosystems. PQ-LBSCS inherits the advantages of the lattice-based cryptosystem and blind signcryption technique. PQ-LBSCS is provably secure under the hard assumptions of the learning with error problem and small integer solution problem in the standard model. Simulations are carried out using the Matlab tool to analyze the computational efficiency, and the simulation results show that PQ-LBSCS is more efficient than previous schemes. PQ-LBSCS has extensive application prospects in e-commerce, mobile communication, and smart cards.

Implementation Scheme of Two-Photon Post-Quantum Correlations

The pre-and post-selection processes of the "two-state vector formalism" lead to a fair sampling loophole in Bell test, so it can be used to simulate post-quantum correlations. In this paper, we propose a physical implementation of such a correlation with the help of quantum non-demolition measurement, which is realized via the cross-Kerr nonlinear interaction between the signal photon and a probe coherent beam. The indirect measurement on the polarization state of photon is realized by the direct measurement on the phase shift of the probe coherent beam, which enhances the detection efficiency greatly and leaves the signal photon unabsorbed. The maximal violation of the CHSH inequality 4 can be achieved by pre-and post-selecting maximally entangled states. The reason why we can get the post-quantum correlation is that the selection of the results after measurement opens fair-sampling loophole. The fair-sampling loophole opened here is different from the one usually used in the currently existing simulation schemes for post-quantum correlations,which are simulated by selecting the states to be measured or enlarging the Hilbert space. So, our results present an alternative way to mimic post-quantum correlations.

适用于智能家居的格上基于身份多方认证密钥协商协议

随着物联网应用的日益普及,物联网设备终端数量激增、种类多样、层次复杂,常处于不可控的环境之中,因此,确保数据传输过程的安全性和隐私性至关重要。对基于物联网架构的智能家居服务进行探讨得出,启用智能家居应用需涉及多个方面,如用户、云、物联网智能集线器(the IoT smart hub,ISH)和智能设备,它们需要多方验证以进行安全通信。由此提出了一种针对智能家居应用的格上基于身份多方认证密钥协商协议,并证明在eCK模型下是安全的。其安全性可以归约到环上带误差学习(ring learning with errors,RLWE)问题的困难性,能够抗量子计算攻击。所提协议由一个格上基于身份的加密方案转换而成,无须公钥证书,避免了部署一个庞大的公钥基础设施(public key infrastructure,PKI)。通过信息交互实现显式认证,且可具有一定的匿名性质,与其他相关的后量子格上多方认证密钥协商协议方案相比,该协议在安全性和执行效率方面更具优势。

TLERAD: Transfer Learning for Enhanced Ransomware Attack Detection

Ransomware has emerged as a critical cybersecurity threat,characterized by its ability to encrypt user data or lock devices,demanding ransom for their release.Traditional ransomware detection methods face limitations due to their assumption of similar data distributions between training and testing phases,rendering them less effective against evolving ransomware families.This paper introduces TLERAD(Transfer Learning for Enhanced Ransomware Attack Detection),a novel approach that leverages unsupervised transfer learning and co-clustering techniques to bridge the gap between source and target domains,enabling robust detection of both known and unknown ransomware variants.The proposed method achieves high detection accuracy,with an AUC of 0.98 for known ransomware and 0.93 for unknown ransomware,significantly outperforming baseline methods.Comprehensive experiments demonstrate TLERAD’s effectiveness in real-world scenarios,highlighting its adapt-ability to the rapidly evolving ransomware landscape.The paper also discusses future directions for enhancing TLERAD,including real-time adaptation,integration with lightweight and post-quantum cryptography,and the incorporation of explainable AI techniques.

A novel hybrid authentication protocol utilizing lattice-based cryptography for IoT devices in fog networks

The Internet of Things(IoT)has taken the interconnected world by storm.Due to their immense applicability,IoT devices are being scaled at exponential proportions worldwide.But,very little focus has been given to securing such devices.As these devices are constrained in numerous aspects,it leaves network designers and administrators with no choice but to deploy them with minimal or no security at all.We have seen distributed denial-ofservice attacks being raised using such devices during the infamous Mirai botnet attack in 2016.Therefore we propose a lightweight authentication protocol to provide proper access to such devices.We have considered several aspects while designing our authentication protocol,such as scalability,movement,user registration,device registration,etc.To define the architecture we used a three-layered model consisting of cloud,fog,and edge devices.We have also proposed several pre-existing cipher suites based on post-quantum cryptography for evaluation and usage.We also provide a fail-safe mechanism for a situation where an authenticating server might fail,and the deployed IoT devices can self-organize to keep providing services with no human intervention.We find that our protocol works the fastest when using ring learning with errors.We prove the safety of our authentication protocol using the automated validation of Internet security protocols and applications tool.In conclusion,we propose a safe,hybrid,and fast authentication protocol for authenticating IoT devices in a fog computing environment.

General Method of Combining Grover and Simon for Attacking Block Ciphers

The compatibility of different quantum algorithms should be considered when these algorithms are combined.In this paper,the method of combining Grover and Simon is studied for the first time,under some preconditions or assumptions.First,we give two preconditions of applying Grover’s algorithm,which ensure that the success probability of finding the marked element is close to 1.Then,based on these two preconditions,it is found out that the success probability of the quantum algorithm for FXconstruction is far less than 1.Furthermore,we give the design method of the Oracle function,and then present the general method of combining Grover and Simon algorithm for attacking block ciphers,with success probability close to 1.

Secure SSL/TLS Communication System Based on Quantum Keys

Secure Sockets Layer(SSL)and Transport Layer Security(TLS)protocols facilitates a secure framework for identity authentication,data encryption,and message integrity verification.However,with the recent development in quantum computing technology,the security of conventional key-based SSL/TLS protocols faces vulnerabilities.In this paper,we propose a scheme by integrating the quantum key into the SSL/TLS framework.Furthermore,the application of post-quantum algorithms is used to enhance and complement the existing encryption suites.Experimental results show that the proposed SSL/TLS communication system based on quantum keys exhibits high performance in latency and throughput.Moreover,the proposed system showcases good resilience against quantum attacks.

天地一体化网络安全挑战及创新方案

主要探讨了天地一体化网络在6G时代面临的安全挑战,提出了一种基于量子安全的创新方案。首先,介绍了天地一体化网络的发展背景和组网架构演进趋势,包括透明转发架构和星上再生架构的特点和应用场景。接着,分析了天地一体化网络面临的安全挑战,特别是数据传输安全风险和接入认证风险。针对这些挑战,提出了一种基于量子技术保障天地一体化网络安全的创新方案,利用量子通信的无条件安全性和后量子密码算法的优势,为天地一体化网络提供端到端的安全通信保障。最后,验证了采用量子技术保障天地一体化网络安全创新方案的可行性。

CDBS:基于CRYSTALS-Dilithium算法的盲签名方案

为了应对传统盲签名方案在用户端、签名方和验证者交互过程中无法抵御量子计算攻击的这一难题,以NIST选定的后量子数字签名算法CRYSTALS-Dilithium为基础框架,设计了一种新型抗量子计算攻击的盲签名方案CDBS。整体方案采用Fiat-Shamir签名结构,包括密钥生成、盲化、签名、去盲和验证5个阶段,方案内部结合拒绝采样技术防止密钥泄露,使用NTT算法优化多项式计算以提高签名和验证效率。分析表明,所提方案安全性依赖于模误差学习(MLWE)问题和小整数解(SIS)问题,同时满足正确性、盲性和不可伪造性。与其他基于格的盲签名方案相比,所提方案具有较高的安全性,且签名生成过程更高效,占用开销更小。在相同样本参数设置下,所提方案整体开销仅为MBS方案的67.1%。经软件测试验证,实现一次完整的盲签名和验证过程平均仅需657.65μs。所提方案为CRYSTALS-Dilithium数字签名算法的拓展应用提供了参考。

Crystal-Kyber算法的FPGA高效并行优化

多项式乘法运算制约着基于格的后量子密码在现实中的应用.为提高后量子密码Crystal_Kyber算法的性能效率,减少运行时间,降低多项式乘法的影响,本文设计了一种新的蝶形运算单元对素模q=3329的Kyber方案进行优化.首先,采用16路并行调度新型蝶形运算单元的方式执行算法,缩短了计算周期;其次,使用流水线技术以及改进的K2RED算法,设计实现新型蝶形运算单元,用于降低资源消耗;最后,利用多RAM的方式存储数据,并且多通道优化RAM,允许数据交替存储在RAM中,提高资源复用率.实验结果表明,本文优化后的数论变换(Number Theoretic Transform,NTT)、逆数论变换(Inverse NTT,INTT)、点对位相乘(Point-Wise Multiplication,PWM)的效率达到200 MHz,合并执行Kyber效率达到175 MHz,优于其他方案,具有良好的性能.

FX密钥长度扩展构造量子Q1安全性证明

FX构造FX_(k,k′)[E]=E_(k)(x⊕vk′)⊕k′将密钥长度为κ比特的分组密码E:{0,1}^(κ)×{0,1}^(n)→{0,1}^(n)转化为密钥长度为κ+n比特的分组密码,是最高效的密钥长度扩展方法.基于对所谓Even-Mansour构造的前期研究(EUROCRYPT 2022),Alagic等(Eprint 2022)为FX构造的可调变体提供了一个量子Q1模型中的安全性证明.然而,如Alagic等所承认,针对(原始版)FX构造,他们的证明方法未能导出令人满意的安全界.本文提出了对Alagic等证明的修补措施,从而得以证明所期望的(κ+n)/3比特紧致量子Q1安全界.本文的修补主要是改动了Alagic等证明中的一处中间值的分布,从而避免了导致更差安全界的某些不良事件.这个改动要求对Alagic等的“再采样”引理进行“依赖上下文的”扩展,这在概念上可能有一定创新.

基于格的最优轮数口令认证秘密共享协议

口令认证秘密共享将口令认证和秘密共享相结合,是一个贴合实际用户需求的分布式方案。该协议允许一个用户在多个服务器间共享秘密,并且只需要记忆一个简短口令即可在后续同时完成身份验证以及秘密恢复。协议安全性保证只要敌手控制的服务器不超过阈值,敌手就不能从协议中窃取任何有关口令和秘密的信息。口令认证秘密共享方案最初基于离散对数及其变体的假设,不能抵抗量子攻击,因此找到量子安全的构造成为亟需解决的问题。ROY等人提出一种恶意安全且量子安全的构造,但其通信轮数并非最优,在有恶意敌手干扰的情况下,轮数甚至不再是常数。针对轮数优化问题,文章利用可验证不经意伪随机函数原语,给出了基于格的最优轮数的量子安全构造并严格证明了其安全性。此外,协议保证多数诚实服务器场景时,诚实用户一定能在最优轮数内成功恢复正确的秘密,具有很强的鲁棒性。

基于Cortex-M4的CNTR/CTRU密钥封装高效实现

量子计算技术的迅猛发展对现有的公钥密码体制造成了极大的威胁,为了抵抗量子计算的攻击,后量子密码成为当前密码学界的研究热点.目前,物联网的安全问题备受关注,ARM Cortex-M4作为低功耗嵌入式处理器,被广泛应用于物联网设备中,在其上部署后量子密码算法将为物联网设备的安全提供更加可靠的保障.CNTR和CTRU是我国学者提出的NTRU格基密钥封装方案,相比于基于LWE技术路线的格基密钥封装方案在安全性和其他性能上具有综合优势,并在我国密标委得到立项.本文工作首次在ARM Cortex-M4平台上高效紧凑地实现了CNTR和CTRU方案,充分利用单指令多数据(Single Instruction Multiple Data,SIMD)指令,调整运算结构和指令安排,优化核心的多项式运算,从而在算法实现速度和堆栈空间上进行全面优化升级.本文主要工作如下:本文首次在ARM Cortex-M4上实现耗时模块多项式中心二项分布采样,采样速度提升32.49%;使用混合基数论变换(Number Theoretic Transform,NTT)加速非NTT友好多项式乘法运算,充分利用浮点单元(Floating-Point Unit,FPU)寄存器,在NTT实现中采用层融合技术,最大化减少加载和存储等耗时指令使用,使得正向NTT和逆向NTT的速度分别提升84.24%、81.15%;通过NTT过程系数范围分析进行延迟约减,进而减少约减次数,并使用改进的Barrett约减和Montgomery约减技术实现降低约减汇编指令条数;使用循环展开技术实现多项式求逆,优化多项式求逆这一耗时过程,速度优化率为68.85%;针对解密过程中的非NTT友好素数模数多项式环乘法,采用多模数NTT和中国剩余定理(Chinese Remainder Theorem,CRT)结合的方法进行加速,完成解密过程96.26%的速度提升;使用空间复用的方法优化堆栈空间,CNTR和CTRU的堆栈空间分别减少了29.86%、28.17%.实验结果表明:提出的优化技术大幅提升了算法实现效率,与C参考实现相比,CNTR和CTRU的整体速度优化率分别为85.54%、85.56%.与其他格基密钥封装方案最新ARM Cortex-M4实现相比,本文的优化实现在速度、空间和安全性上具有综合性的优势.

基于格的伪随机函数研究综述

伪随机函数是密码学领域最基本的原语之一,其自提出以来便备受关注.近几十年间发展起来的格理论在密码领域取得了很多重要的应用成果,特别是格上很多困难问题被普遍认为具备抵抗量子攻击的特性,在后量子密码方案设计中处于核心地位.对于格上伪随机函数的研究正式起始于Banerjee、Peikert和Rosen在2012年欧密会上发表的工作.此后,密码学家们围绕如何基于格困难问题设计伪随机函数方案开展了大量研究,特别是在提升伪随机函数方案的安全性、效率和并行性,以及扩展伪随机函数的功能方面取得了诸多成果.本文对格上伪随机函数的研究现状进行综述:总结了伪随机函数的通用构造方法以及格上伪随机函数依赖的底层困难问题;整理了现有基于格困难问题设计的伪随机函数方案,重点关注这些方案在提升安全性、效率或并行性方面采用的技术以及取得的成果;整理了格上具备扩展功能的伪随机函数的研究进展,包括具有密钥同态性质的伪随机函数、约束伪随机函数、水印伪随机函数以及可验证伪随机函数.

基于AVX512的格密码高速并行实现

量子计算的迅速发展可能对当前广泛使用的公钥密码算法造成严重威胁。格密码因优秀的抗量子安全性和高效的计算效率在后量子密码中占据重要地位。美国国家标准技术研究院于2022年5月公布4个后量子密码标准,其中3个是格密码算法,Kyber算法便是其中之一。随着后量子密码标准的确定,Kyber算法高效实现的需求日益增加。基于512位高级向量扩展(AVX512),对Kyber算法进行优化与高速并行实现。使用惰性模约减、优化的蒙哥马利模约减及优化的快速数论变化等技术,充分利用计算机的存储空间,减少大量不必要的模约减操作,提高多项式计算的效率与并行性。采用冗余比特技术,增强多项式抽样过程中比特的并行处理能力。通过AVX512的512 bit位宽和8路并行实现哈希运算,并对其产生的伪随机比特串进行合理调度,充分发挥并行性能。基于AVX512指令集高速并行实现Kyber上的多项式计算和抽样,并进一步实现整个Kyber公钥加密方案。性能测试结果表明,与C语言实现相比,基于AVX512实现的密钥生成和加密算法获得了10~16倍的加速,解密算法获得了约56倍的加速。

CRYSTALS-Kyber算法的IP核设计与验证方案研究

随着量子计算机的不断发展,现有的公钥密码算法随时面临着失效的危机。而抗量子密码(PQC)算法的出现,使得这一危机得到化解。与此同时,CRYSTALS-Kyber算法由于其安全性高、速度快等优点在美国国家标准与技术研究院(NIST)标准化算法中脱颖而出。为提高硬件实现的效率及安全性,提出了一种基于CRYSTALS-Kyber算法的知识产权(IP)核设计与验证的方案。介绍了该系统的硬件实现方法及其中包含的3个模块,密钥生成模块、加密模块和解密模块,研究了实现IP核的关键单元数论变换(NTT)、高级可扩展接口(AXI)以及仿真验证的具体方案,并对总体方案进行了可行性分析。

面向后量子密码算法的哈希签名方案

基于哈希的签名方案是后量子密码标准化程度最高的算法,但由于该类方案的一些技术特点和限制,在实际中的应用还处于探索实践阶段。因此,发现并解决应用基于哈希的签名方案的限制和困难对于其广泛应用是非常有必要的。首先概述了基于哈希的签名方案的产生及演变,对目前已标准化的方案进行了横纵对比分析;其次使用国产SM3算法实例化FIPS205中底层的哈希算法,给出了初步的实验结果和对比分析,进一步表明SM3实例化SPHINCS+方案的可行性,推进我国无状态的基于哈希的签名方案的标准化进程;最后对基于哈希签名方案的应用进行了总结和建议,为其广泛应用和后量子密码迁移提供参考。

Polar-BBCRSsig:一个基于极化码的数字签名算法

传统公钥密码体制受到量子计算的严重威胁,基于编码的密码体制是抗量子攻击的重要技术之一,然而大多数基于编码的密码方案都存在公钥尺寸过大的问题,严重影响其效率。为此,在基于校验子译码的数字签名算法框架下,采用极化码(Polar码)作为私钥编码,结合非置换等价的陷门设计方法,提出了一个新的基于编码的数字签名算法。这个数字签名算法对自适应选择消息攻击是存在不可伪造的,且在同等安全级别下对比同类方案具有更小的公钥尺寸。