Yongge Wang
This paper describe the implementation details of constant ellipse based automated market makers (CoinSwap). A CoinSwap prototype has been implemented at http://coinswapapp.io/ and the source codes are available at https://github.com/coinswapapp/
Yongge Wang
Ethereum Research team has proposed a family of Casper blockchain consensus protocols for Ethereum 2.0. It has been shown in the literature that Casper Friendly Finality Gadget (Casper FFG) for Ethereum 2.0's beacon network cannot achieve liveness property in partially synchronous networks such as the Internet environment. The "Correct-by-Construction" family of Casper blockchain consensus protocols (CBC Casper) has been proposed as a finality gadget for the future release of Ethereum 2.0 blockchain. Unfortunately, neither constructive finality rule nor satisfactory liveness property has been obtained for CBC Casper, and it is commonly believed that CBC Casper could not achieve liveness property in asynchronous networks. This paper provides the first probabilistic CBC Casper protocol that achieves liveness property against (n-1)/3 Byzantine participants in complete asynchronous networks.
Yongge Wang
ALGORAND is a celebrated public ledger technology. In this paper, we identify several design flaws of the ALGORAND protocol. In particular, we show that the claimed (proved) fork-free property is not true and several assumptions in ALGORAND are not realistic in practice. The ALGORAND wiki page https://golden.com/wiki/Algorand claims that "the probability of a fork in the protocol is estimated at 1/1,000,000,000 and therefore blocks can be considered final upon validation". However, our first attack in this paper shows that a malicious adversary who controls less than 1/3 of the users (or money units) could fork the ALGORAND chain very easily. Our second attack shows that a malicious adversary could use a bribery attack to fork the ALGORAND chain very easily also. Furthermore, we show that the celebrated Byzantine Agreement component in ALGORAND is not necessary. The Byzantine Agreement is the most expensive part and one of the most innovative parts in the ALGORAND protocol. It is used to avoid forks in ALGORAND. We show that a simple majority vote could be used to achieve the same property that Byzantine Agreement achieves in ALGORAND under the same network assumption.
Yongge Wang
Brakerski showed that linearly decryptable fully homomorphic encryption (FHE) schemes cannot be secure in the chosen plaintext attack (CPA) model. In this paper, we show that linearly decryptable FHE schemes cannot be secure even in the ciphertext only security model. Then we consider the maximum security that a linearly decryptable FHE scheme could achieve. This paper designs fully homomorphic symmetric key encryption (FHE) schemes without bootstrapping (that is, noise-free FHE schemes). The proposed FHE schemes are based on quaternion/octonion algebra and Jordan algebra over finite rings Z_n and are secure in the weak ciphertext-only security model assuming the hardness of solving multivariate quadratic equation systems and solving univariate high degree polynomial equation systems in Z_n. It is up to our knowledge that this is the first noise-free FHE scheme that has ever been designed with a security proof (even in the weak ciphertext-only security model). It is argued that the weak ciphertext-only security model is sufficient for various applications such as privacy preserving computation in cloud. As an example, the proposed FHE schemes are used to construct obfuscated programs. This example could be further used to show that the scheme presented in this paper could be combined with existing FHE schemes with bootstrapping to obtain more efficient FHE schemes with bootstrapping in the fully CPA model. At the end of the paper, we point out the insecurity of several recently proposed noise-free FHE schemes.
Yongge Wang
Lattice based encryption schemes and linear code based encryption schemes have received extensive attention in recent years since they have been considered as post-quantum candidate encryption schemes. Though LLL reduction algorithm has been one of the major cryptanalysis techniques for lattice based cryptographic systems, key recovery cryptanalysis techniques for linear code based cryptographic systems are generally scheme specific. In recent years, several important techniques such as Sidelnikov-Shestakov attack, filtration attacks, and algebraic attacks have been developed to crypt-analyze linear code based encryption schemes. Though most of these cryptanalysis techniques are relatively new, they prove to be very powerful and many systems have been broken using them. Thus it is important to design linear code based cryptographic systems that are immune against these attacks. This paper proposes linear code based encryption scheme RLCE which shares many characteristics with random linear codes. Our analysis shows that the scheme RLCE is secure against existing attacks and we hope that the security of the RLCE scheme is equivalent to the hardness of decoding random linear codes. Example parameters for different security levels are recommended for the scheme RLCE.
Yongge Wang
NIST SP800-22 (2010) proposes the state of art testing suite for (pseudo) random generators to detect deviations of a binary sequence from randomness. On the one hand, as a counter example to NIST SP800-22 test suite, it is easy to construct functions that are considered as GOOD pseudorandom generators by NIST SP800-22 test suite though the output of these functions are easily distinguishable from the uniform distribution. Thus these functions are not pseudorandom generators by definition. On the other hand, NIST SP800-22 does not cover some of the important laws for randomness. Two fundamental limit theorems about random binary strings are the central limit theorem and the law of the iterated logarithm (LIL). Several frequency related tests in NIST SP800-22 cover the central limit theorem while no NIST SP800-22 test covers LIL. This paper proposes techniques to address the above challenges that NIST SP800-22 testing suite faces. Firstly, we propose statistical distance based testing techniques for (pseudo) random generators to reduce the above mentioned Type II errors in NIST SP800-22 test suite. Secondly, we propose LIL based statistical testing techniques, calculate the probabilities, and carry out experimental tests on widely used pseudorandom generators by generating around 30TB of pseudorandom sequences. The experimental results show that for a sample size of 1000 sequences (2TB), the statistical distance between the generated sequences and the uniform distribution is around 0.07 (with $0$ for statistically indistinguishable and $1$ for completely distinguishable) and the root-mean-square deviation is around 0.005.
Yongge Wang
In this paper, we study the security requirements for remote authentication with password protected smart card. In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols are used for the protection of password based authentication between a client and a remote server. In this paper, we will focus on the password based authentication between a smart card owner and smart card via an untrusted card reader. In a typical scenario, a smart card owner inserts the smart card into an untrusted card reader and input the password via the card reader in order for the smart card to carry out the process of authentication with a remote server. In this case, we want to guarantee that the card reader will not be able to impersonate the card owner in future without the smart card itself. Furthermore, the smart card could be stolen. If this happens, we want the assurance that an adversary could not use the smart card to impersonate the card owner even though the sample space of passwords may be small enough to be enumerated by an off-line adversary. At the end of this paper, we further extend our results to credential storage on portable non-tamper resistant storage devices such as USB memory sticks.
Yongge Wang
Cryptographic standards serve two important goals: making different implementations interoperable and avoiding various known pitfalls in commonly used schemes. This chapter discusses Public-Key Cryptography Standards (PKCS) which have significant impact on the use of public key cryptography in practice. PKCS standards are a set of standards, called PKCS #1 through #15. These standards cover RSA encryption, RSA signature, password-based encryption, cryptographic message syntax, private-key information syntax, selected object classes and attribute types, certification request syntax, cryptographic token interface, personal information exchange syntax, and cryptographic token information syntax. The PKCS standards are published by RSA Laboratories. Though RSA Laboratories solicits public opinions and advice for PKCS standards, RSA Laboratories retain sole decision-making authority on all aspects of PKCS standards. PKCS has been the basis for many other standards such as S/MIME.
Yongge Wang
The theory of computer viruses has been studied by several authors, though there is no systematic theoretical study up to now. The long time open question in this area is as follows: Is it possible to design a signature-free (including dynamic signatures which we will define late) virus? In this paper, we give an affirmative answer to this question from a theoretical viewpoint. We will introduce a new stronger concept: dynamic signatures of viruses, and present a method to design viruses which are static signature-free and whose dynamic signatures are hard to determine unless some cryptographic assumption fails. We should remark that our results are only for theoretical interest and may be resource intensive in practice.
Yongge Wang
Several identity based and implicitly authenticated key agreement protocols have been proposed in recent years and none of them has achieved all required security properties. In this paper, we propose an efficient identity-based and authenticated key agreement protocol IDAK using Weil/Tate pairing. The security of IDAK is proved in Bellare-Rogaway model. Several required properties for key agreement protocols are not implied by the Bellare-Rogaway model. We proved these properties for IDAK separately.