Abstracts:This note is a corrigendum for the paper &#x2018;Public-key encryption indistinguishable under plaintext-checkable attacks&#x2019;, IET Information Security (2016), 10(6): 288, <uri xlink:href="http://dx.doi.org/10.1049/iet-ifs.2015.0500">http://dx.doi.org/10.1049/iet-ifs.2015.0500</uri>.

Abstracts:Logic vulnerabilities are largely dependent on the expected functions of web applications. Their appearance depends on both application logic and related security policy which may change based on modifications in business requirements. Accordingly, there are no specific and common patterns for logic vulnerabilities moreover, a security policy is required for their detection. In this study, a vulnerability detection method is proposed to detect logic vulnerabilities via analysing the program source code. Security checks enforce some constraints in the application so that the application behaves according to the logic intended by the programmer. The main goal is to find the vulnerabilities caused by bypassing some security checks. In this method, known as annotation-based vulnerability detection approach (ANOVUL), control and data flows are analysed to detect the application logic vulnerabilities. To analyse the flows of the program, access control and authenticity labelling are used. To evaluate ANOVUL, the authors have collected a data set. This comprises of PHP applications with reported logic vulnerabilities that have common vulnerabilities and exposures (CVE) identifiers. Based on the results, a 73% detection rate was achieved in the data set. The proposed method can detect logic vulnerabilities that are not detectable using conventional methods.

Abstracts:Proxy re-encryption (PRE) is a promising cryptographic structure for pervasive data sharing in cloud-based social networks, which enables a semi-trusted proxy to convert a ciphertext for Alice into a ciphertext for Bob without seeing the corresponding plaintext. Since the proxy is semi-trust, a PRE scheme which can resist the collusion attack will be of great practical value. Jiang <i>et al.</i> in 2015 and Kim and Jeong in 2016 have proposed collusion-resistant PRE (CR-PRE) schemes from the lattice by a similar technique, respectively. However, through the analysis of their schemes, the authors find that both of them have defects in the construction of the re-encryption key, which will lead to the re-encryption ciphertext cannot be decrypted or decrypted error with high probability. In this study, the authors first point out the defects in the work of Jiang <i>et al.</i>'s work and Kim and Jeong's work and propose an improved collusion-resistant unidirectional PRE scheme from lattice, based on learning with errors problems. In addition to solving the defects, CR-PRE still has many useful properties similar to the previous schemes, such as unidirectional, collusion resistant, chosen-plaintext attack secure and so on.

Abstracts:One of the main challenges of centralised social networks is having a central provider that stores the data which imposes some limitations to preserve the privacy of users' data. However, one of the decentralised architectures is peer-to-peer network that every user takes the responsibility of storing and managing his/her data. Although the privacy of data is increased in these networks, authorised friends must have access to the shared data when the user is not online in the network. For this purpose, the user selects some friends and copies his/her data in their space. On the other hand, the amount of used space and the total number of replicas must be reduced as much as possible. In this study, the authors provide some solutions to reduce the amount of used space and the total number of replicas to increase data availability. In this way, they segment the user's data and consider the stability of copy-location, i.e. the selected friends who have a copy of the user's data. The performance evaluation of the proposed methods shows that they considerably reduce the amount of used space as well as the total number of replicas in comparison to other approaches.

Abstracts:With the increasing concern on the preservation of personal privacy, privacy-preserving data mining has become a hot topic in recent years. Spectral clustering is one of the most widely used clustering algorithm for exploratory data analysis and usually has to deal with sensitive data sets. How to conduct privacy-preserving spectral clustering is an urgent problem to be solved. In this study, the authors focus on introducing the notion of differential privacy, which is considered as the de facto standard of privacy-preserving data analysis, into spectral clustering. Specifically, by combining the well-studied constrained spectral clustering with the Wishart mechanism in a novel way, the authors propose a differentially private constrained spectral clustering (DP-CSC) algorithm. The DP-CSC algorithm is proved to capture asymptotic property and achieves &#x03B5;-differential privacy. To illustrate the effectiveness and efficiency of DP-CSC, the authors conduct experiments on five real-word data sets. The results indicate that the DP-CSC algorithm can provide acceptable clustering accuracy with short running time while preserving individual privacy.

Abstracts:Hamming quasi-cyclic (HQC) cryptosystem, proposed by Aguilar Melchor <i>et al.</i>, is a code-based key encapsulation mechanism (KEM) submitted for the NIST standardisation process of post-quantum cryptography (PQC). Under the assumption that the <i>s</i>-decision quasi-cyclic syndrome decoding (<i>s</i>-DQCSD) problem is hard for <i>s</i> = 2 and 3, HQC, viewed as a public-key encryption scheme, is proven to be indistinguishability under chosen plaintext attack (IND-CPA) secure, and can be transformed into an IND-Adaptive chosen ciphertext attack secure KEM. However, the authors will show that the <i>s</i>-DQCSD problem is actually not intractable and HQC cannot attain IND-CPA security with all the proposed parameter sets. As HQC was selected as one of the second-round candidates by NIST, it was also updated to resist attack. The underlying <i>s</i>-DQCSD problem was replaced by the <i>s</i>-DQCSD with a parity problem and they claimed that the updated HQC could attain IND-CPA security under the hardness of the new problem. However, they find that there is some flaw in their security proof and the updated HQC is still vulnerable to attack. To fix it, they define a new problem called <i>s</i>-DQCSD with variable weight and present revised scheme HQC-<i>&#x03B2;</i>, which finally attains the IND-CPA security under the hardness assumption of the new problem.

Abstracts:Public-key cryptosystems built on quasi-cyclic (QC) low-density parity-check and moderate-density parity-check codes are promising candidates for post-quantum cryptography, since they are characterised by compact keys and high algorithmic efficiency. The main issue with this kind of system is represented by the fact that, since the decoding procedure is probabilistic, it may leak information about the secret key. In this work, the authors study cryptanalysis procedures that aim at recovering the secret key by exploiting this fact. They identify the phenomenon that is at the basis of these procedures and show that the QC structure plays an important role in the success of these attacks. They use a graph analogy to study the complexity of these attacks, and show that their feasibility strongly depends on the QC structure. They also devise an approach to perform full cryptanalysis by combining an information set decoding algorithm with some partial knowledge about the structure of the secret key.

Abstracts:The modulus switching technique has been used in some cryptographic applications as well as in cryptanalysis. For cryptanalysis against the learning with errors (LWE) problem and the learning with rounding (LWR) problem, it seems that one does not know whether the technique is really useful or not. This work supplies a complete view of the impact of this technique on the decoding attack, the dual attack and the primal attack against both LWE and LWR. For each attack, the authors give the optimal formula for the switching modulus. The formulas get involved the number of LWE/LWR samples, which differs from the known formula in the literature. They also attain the corresponding sufficient conditions saying when one should utilise the technique. Surprisingly, restricted to the LWE/LWR problem that the secret vector is much shorter than the error vector, they also show that performing the modulus switching before using the so-called rescaling technique in the dual attack and the primal attack make these attacks worse than only exploiting the rescaling technique as reported by Bai and Galbraith at the Australasian conference on information security and privacy (ACISP) 2014 conference. As an application, they theoretically assess the influence of the modulus switching on the LWE/LWR-based second round NIST PQC submissions.

Abstracts:Protean signatures (PSs), recently introduced by Krenn et al. (CANS `18), allow a semi-trusted third party (the sanitiser), to modify a signed message in a controlled way: the signer can define the message parts to be arbitrarily editable by the sanitiser, as well as message parts which can be redacted (but not altered otherwise) by the sanitiser. Thus, PSs generalise both redactable signatures (RSs) and sanitisable signatures (SSs) into a single notion. Invisibility for PSs guarantees that no outsider (i.e. any party not being signer or sanitiser) can decide which message parts can be edited. However, the current definition of invisibility does not prohibit that an outsider can decide which parts are redactable - only which parts can be edited are hidden. This negatively impacts the privacy guarantees provided by this definition. The authors extend PSs to be fully invisible. Their notion guarantees that an outsider can identify neither editable nor redactable parts. They, therefore, introduce the new notions of invisible RSs and invisible non-accountable SSs (SS'), along with a consolidated framework for aggregate signatures. Using those building blocks, their resulting construction is significantly more efficient than the original scheme by Krenn et al., which they demonstrate in a prototypical implementation.

Abstracts:In the last decade, location information became easily obtainable using off-the-shelf mobile devices. This gave momentum to developing location-based services (LBSs) such as location proximity detection, which can be used to find friends or taxis nearby. LBSs can, however, be easily misused to track users, which draws attention to the need for protecting the privacy of these users. In this work, the authors address this issue by designing, implementing, and evaluating multiple algorithms for privacy-preserving location proximity (PPLP) that are based on different secure computation protocols. Their PPLP protocols support both circle and polygon range queries and have runtimes from a few to some hundreds of milliseconds and bandwidth requirements from a few hundreds of bytes to one megabyte. Consequently, they are well suited for different scenarios and offer faster runtimes and savings in bandwidth and computational power as well as security improvements compared to previous PPLP schemes. In addition, the computationally most expensive parts of the PPLP computation can be precomputed in their protocols, such that the input-dependent online phase runs in just a few milliseconds.