ABSTRACT. Most security flaws are flaws in software, and most of these flaws come down to insecure input handling. This talk discusses the root causes of input handling vulnerabilities and structural ways to avoid them. We argue that most bugs come down to either buggy parsing or unintended parsing. We then go on to summarise approaches to address this that come into vogue in the past decade: the LangSec approach to prevent the former, and type-based approaches to prevent the latter.

ABSTRACT. In this work, we show the results of the NIST statistical tests performed on different datasets generated from the output of all possible reduced-round versions of the finalists of the NIST Lightweight standardization process and some of the most popular symmetric ciphers. The objective of the experiment is to provide a metric that compares how conservative or aggressive the choice of the number of rounds is for each candidate. This comparison can add up to the other comparison studies being carried out before the closing of the last round of the NIST Lightweight standardization process, which is supposed to end in late 2022. Note that a similar analysis was also performed during the Advanced Encryption Standard selection in 1999 and 2000 and later in 2011 for the SHA-3 candidates.

ABSTRACT. FUTURE is a recently proposed, lightweight block cipher. It has an AES-like, SP-based, 10-round encryption function, where, unlike most other lightweight constructions, the diffusion layer is based on an MDS matrix. Despite its relative complexity, it has a remarkable hardware performance due to careful design decisions.

In this paper, we conducted a MILP-based analysis of the cipher, where we incorporated exact probabilities rather than just the number of active S-boxes into the model. Through the MILP analysis, we were able to find differential and linear distinguishers for up to 5 rounds of FUTURE, extending the known distinguishers of the cipher by one round.

ABSTRACT. Assume that, given a sequence of $n$ integers from $1$ to $n$ arranged in random order, we want to sort them, provided that the only acceptable operation is to take any number of integers (sub-sequence) from the left of the sequence, reverse the order of the sub-sequence, and return them to the original sequence. This problem is called ``pancake sorting,'' and sorting an arbitrary sequence with the minimum number of operations restricted in this way is known to be NP-hard. In this paper, we consider applying the concept of zero-knowledge proofs to the pancake sorting problem. That is, we design a physical zero-knowledge proof protocol in which a user (the prover) who knows how to sort a given sequence with $\ell$ operations can convince another user (the verifier) that the prover knows this information without divulging it.

ABSTRACT. Ciphertext-policy attribute-based encryption (CP-ABE) is a cryptographic technology that enforces an access control mechanism over encrypted data by specifying an access policy with encrypted data and introducing an attribute authority (AA) that manages associated attributes and issues private keys embedded with the user's attributes. In particular, a CP-ABE with multiple attribute authorities and no central authority, decentralized multi-authority CP-ABE (DMA-CP-ABE), can achieve more realistic attribute management than CP-ABE with a single authority.

However, DMA-CP-ABE has an attribute revocation problem. As a different problem, in most existing DMA-CP-ABE, the size of the public parameters of each AA is proportional to the size of the attribute universe managed by each AA. Moreover, since most existing DMA-CP-ABE schemes support only monotonic access structures, the size of the access policy specified in the ciphertext, i.e., the size of the ciphertext becomes large when an encryptor specifies a non-monotonic access policy in the ciphertext. Therefore, the DMA-CP-ABE that supports the attribute revocation, constant-size public and secret parameters (a.k.a unboundedness), and non-monotonic access structure is required, but to the best of our knowledge, no one has proposed it yet.

In this paper, we propose a new unbounded revocable DMA-CP-ABE that supports a non-monotone access structure. We prove that our scheme achieves adaptively payload-hiding against chosen-plaintext attacks under the decisional linear (DLIN) assumption.

ABSTRACT. The rise of the Industrial Internet has accelerated the integration of industrial enterprise networks and introduced the problem of cybersecurity while improving productivity. The traditional Purdue Enterprise Reference Architecture (PERA) has found it difficult to meet the cybersecurity requirements of industrial enterprises in the new situation. This paper investigates the history of PERA proposal and development, analyzes its cybersecurity problems, proposes an improved PERA to improve cybersecurity, realizes enterprise cybersecurity monitoring through the method of mirroring network traffic, constructs an independent cybersecurity monitoring zone to centralize the deployment of cybersecurity solutions, and constructs an enterprise security operation center, all of which can effectively improve the cybersecurity of enterprises.

ABSTRACT. Inner product functional encryption (IPFE) is a promising advanced cryptographic primitive for the inner product function class that facilitates fine-grained access control of sensitive data in an untrusted cloud environment and has an expanding range of applications in the context of cloud security, health-record access control, network privacy, data security on mobile devices, Internet of Things (IoT) and many more. However, most IPFE systems compute inner products for restricted length vectors in the sense that a pre-specified bound on the length of message/key vectors must be fixed while generating the system parameters. Concurrently, Tomida et al. (ASIACRYPT 2018) and Dufour-Sans et al. (ACNS 2019) initiated a notion, namely unbounded IPFE (UIPFE), which offers flexibility in choosing the length of vectors for generating secret keys or ciphertexts. The unboundedness property of IPFE broadens its application in situations where vector lengths vary or are not known in advance. Inspired by this work, we address the open problem of constructing public UIPFE schemes that do not use bilinear pairings. Our main results are as follows:

– We design the first post-quantum secure public key UIPFE scheme in the random oracle model with adaptive security based on the Learning With Errors (LWE) assumption with leads to low computation cost.

– Furthermore, we develop a public key unbounded zero inner product predicate IPFE (UZP-IPFE) scheme that allows a successful decryption if an inner product policy is satisfied. We support the conjectured security of our candidate by analysis and prove that the scheme achieves security in the selective weak attribute-hiding model under the LWE assumption. The scheme offers linear-size ciphertext and constant-size secret keys. We emphasize that our construction presents the first post-quantum secure UZP-IPFE scheme in an unbounded scenario preserving attribute-hiding property.

More interestingly, when contrasted with the existing similar schemes, all our schemes exhibit favourable results in terms of communication overhead and secret key size.

ABSTRACT. Protecting a machine learning model and its inference inputs with secure computation is important for providing services with a valuable model. In this paper, we discuss how a model's parameter quantization works to protect the model and its inference inputs. To this end, we present an investigational protocol, \textit{MOTUS}, based on ternary neural networks whose parameters are ternarized. Through extensive experiments with MOTUS, we found three key insights. First, ternary neural networks can avoid accuracy deterioration due to modulo operations of secure computation. Second, the increment of model parameter candidates significantly improves accuracy more than an existing technique for accuracy improvement, i.e., batch normalization. Third, protecting both a model and inference inputs reduces inference throughput four to seven times to provide the same level of accuracy compared with existing protocols protecting only inference inputs. We plan to release our source code via GitHub.