Roohallah Rastaghi

Roohallah Rastaghi

Design efficient lattice-based cryptosystem secure against adaptive chosen ciphertext attack (IND-CCA2) is a challenge problem. To the date, full CCA2-security of all proposed lattice-based PKE schemes achieved by using a generic transformations such as either strongly unforgeable one-time signature schemes (SU-OT-SS), or a message authentication code (MAC) and weak form of commitment. The drawback of these schemes is that encryption requires "separate encryption". Therefore, the resulting encryption scheme is not sufficiently efficient to be used in practice and it is inappropriate for many applications such as small ubiquitous computing devices with limited resources such as smart cards, active RFID tags, wireless sensor networks and other embedded devices. In this work, for the first time, we introduce an efficient universal random data padding (URDP) scheme, and show how it can be used to construct a "direct" CCA2-secure encryption scheme from "any" worst-case hardness problems in (ideal) lattice in the standard model, resolving a problem that has remained open till date. This novel approach is a "black-box" construction and leads to the elimination of separate encryption, as it avoids using general transformation from CPA-secure scheme to a CCA2-secure one. IND-CCA2 security of this scheme can be tightly reduced in the standard model to the assumption that the underlying primitive is an one-way trapdoor function.

Roohallah Rastaghi

Akleylek et al. [S. Akleylek, L. Emmungil and U. Nuriyev, A mod ified algorithm for peer-to-peer security, journal of Appl. Comput. Math., vol. 6(2), pp.258-264, 2007.], introduced a modified public-key encryption scheme with steganographic approach for security in peer-to-peer (P2P) networks. In this cryptosystem, Akleylek et al. attempt to increase security of the P2P networks by mixing ElGamal cryptosystem with knapsack problem. In this paper, we present a ciphertext-only attack against their system to recover message. In addition, we show that for their scheme completeness property is not holds, and therefore, the receiver cannot uniquely decrypts messages. Furthermore, we also show that this system is not chosen-ciphertext secure, thus the proposed scheme is vulnerable to man-in-the-middle-attack, one of the most pernicious attacks against P2P networks. Therefore, this scheme is not suitable to implement in the P2P networks. We modify this cryptosystem in order to increase its security and efficiency. Our construction is the efficient CCA2-secure variant of the Akleylek et al.'s encryption scheme in the standard model, the de facto security notion for public-key encryption schemes.

Roohallah Rastaghi

Recently, a few chosen-ciphertext secure (CCA2-secure) variants of the McEliece public-key encryption (PKE) scheme in the standard model were introduced. All the proposed schemes are based on encryption repetition paradigm and use general transformation from CPA-secure scheme to a CCA2-secure one. Therefore, the resulting encryption scheme needs \textit{separate} encryption and has \textit{large} key size compared to the original scheme, which complex public key size problem in the code-based PKE schemes. Thus, the proposed schemes are not sufficiently efficient to be used in practice. In this work, we propose an efficient CCA2-secure variant of the McEliece PKE scheme in the standard model. The main novelty is that, unlike previous approaches, our approach is a generic conversion and can be applied to \textit{any} one-way trapdoor function (OW-TDF), the lowest-level security notion in the context of public-key cryptography, resolving a big fundamental and central problem that has remained unsolved in the past two decades.

Roohallah Rastaghi

Recently, Hwang et al. introduced a knapsack type public-key cryptosystem. They proposed a new algorithm called permutation combination algorithm. By exploiting this algorithm, they attempt to increase the density of knapsack to avoid the low-density attack. We show that this cryptosystem is not secure, as it based on basic Merkel-Hellman knapsack cryptosystem and because of the superincreasing structure, we can use shamir's attack on the basic Merkel-Hellman knapsack to break this cryptosystem.

Roohallah Rastaghi, Hamid R. Dalili Oskouei

We proposed a new attack against Hwang et al.'s cryptosystem. This cryptosystem uses a super-increasing sequence as private key and the authors investigate a new algorithm called permutation combination algorithm to enhance density of knapsack to avoid the low-density attack. Sattar J. Aboud [Aboud j. Sattar, "An improved knapsack public key cryptography system", International Journal of Internet Technology and Secured Transactions, Vol.3 (3), pp.310-319, 2011] used Shamir's attack on the basic Merkle-Hellman cryptosystem to break this cryptosystem. In this paper, we introduce a direct attack against Hwang et al.'s cryptosystem based on Lattice basis reduction algorithms. By computing complexity of propose attack, we show that unlike Aboud's cryptanalysis, our cryptanalysis is more efficient and practicable.