The 3-volume set LNCS 14583-14585 constitutes the proceedings of the 22nd International Conference on Applied Cryptography and Network Security, ACNS 2024, which took place in Abu Dhabi, UAE, in March 2024. The 54 full papers included in these proceedings were carefully reviewed and selected from 230 submissions. They have been organized in topical sections as follows: Part I: Cryptographic protocols; encrypted data; signatures; Part II: Post-quantum; lattices; wireless and networks; privacy and homomorphic encryption; symmetric crypto; Part III: Blockchain; smart infrastructures, systems and software; attacks; users and usability.
Author(s): Christina Pöpper; Lejla Batina
Publisher: Springer Cham
Year: 2024
Preface
Organization
Abstracts of Keynote Talks
Applying Machine Learning to Securing Cellular Networks
Real-World Cryptanalysis
CAPTCHAs: What Are They Good For?
Contents – Part II
Post-quantum
Automated Issuance of Post-Quantum Certificates: A New Challenge
1 Introduction
2 Background
2.1 TLS Version 1.3
2.2 ACMEv2 Characteristics
2.3 Post-Quantum Cryptography
3 Quantum Threat and PQC Adoption
3.1 Quantum Threats in ACME
3.2 Integrating PQC Algorithms
3.3 Impacts of PQC in ACME
4 Proposed ACME Challenge
4.1 Design Details
4.2 Issuance and Renewal Timings
4.3 Discussion
5 Final Remarks and Future Work
A ACME's HTTP-01 Challenge
B POST Request Example
References
Algorithmic Views of Vectorized Polynomial Multipliers – NTRU Prime
1 Introduction
1.1 Contributions
1.2 Code
1.3 Structure of This Paper
2 Preliminaries
2.1 Polynomials in NTRU Prime
2.2 Cortex-A72
2.3 Modular Arithmetic
3 Fast Fourier Transforms
3.1 The Chinese Remainder Theorem (CRT) for Polynomial Rings
3.2 Cooley–Tukey FFT
3.3 Bruun-Like FFTs
3.4 Good–Thomas FFTs
3.5 Rader's FFT for Odd Prime p
3.6 Schönhage's and Nussbaumer's FFTs
4 Implementations
4.1 The Needs of Vectorization
4.2 Good–Thomas FFT in ``BigSmall'' Polynomial Multiplications
4.3 Good–Thomas, Schönhage's, and Bruun's FFT
4.4 Good–Thomas, Rader's, and Bruun's FFT
5 Results
5.1 Benchmark Environment
5.2 Performance of Vectorized Polynomial Multiplications
5.3 Performance of Schemes
A Detailed Performance Numbers
References
Efficient Quantum-Safe Distributed PRF and Applications: Playing DiSE in a Quantum World
1 Introduction
1.1 Related Works and Our Contributions
2 Preliminaries and Background
2.1 Notation
2.2 Some Terminologies and Definitions
2.3 Distributed PRF (DPRF)
2.4 (t, T)-Threshold Secret Sharing
3 Our Contribution: Proposed Distributed PRF
3.1 Underlying Quantum-Safe PRF
3.2 Proposed (T, T)-Distributed PRF
3.3 Generalised (t, T)-Threshold PRF
3.4 Choice of Parameters
3.5 Proposed PQDPRF vs. the Lattice-Based DPRF in ch3libert2021adaptively
4 Application
4.1 An Overview of the DiSE Protocol
4.2 Our Improved PQ-DiSE Protocol
5 Experimental Result
6 Conclusion and Future Work
A Generalised (t, T)-Threshold PRF
A.1 Proof of Correctness and Consistency
A.2 Proof of Security
References
On the Untapped Potential of the Quantum FLT-Based Inversion
1 Introduction
1.1 Background
1.2 Our Contribution
2 Preliminaries
2.1 Binary Elliptic Curve Discrete Logarithm Problem
2.2 Quantum Computation in F2n
2.3 Shor's Algorithm for Solving the Binary ECDLP
3 Our Method
3.1 Register-Bounded Addition Chain
3.2 Modified Quantum Point Addition Algorithm
3.3 Depth Reduction of Quantum Multiple Squaring Circuits
3.4 Proposed Inversion Algorithm
4 Comparison
4.1 Our Choice of Register-Bounded Addition Chains
4.2 Quantum Resources Trade-Off in Our Proposed Inversion Algorithm
4.3 Comparison with Previous Methods in Shor's Algorithm
References
Breaking DPA-Protected Kyber via the Pair-Pointwise Multiplication
1 Introduction
1.1 Our Contribution
1.2 State of the Art
2 Notation and Preliminaries
2.1 Kyber
2.2 Number Theoretic Transform (NTT)
2.3 Online Template Attacks
3 Our Attack
3.1 Attack Steps—Extracting the Key via q+q Templates
3.2 Attack on DPA-Protected Kyber
4 Simulations
4.1 Implementation of Pair-Point Multiplication
4.2 Hamming Weight Model
4.3 Simulations of Gaussian Noise
5 Experimental Evidence
5.1 Attack Analysis
6 Possible Countermeasures
A Kyber Algorithms
B Montgomery Reduction
C Details on Noiseless and Noisy Simulations
D Comparison
References
Cryptographic Protocols II
The Key Lattice Framework for Concurrent Group Messaging
1 Introduction
1.1 Related Work
1.2 Technical Overview
2 General Definitions and Notation
3 Key Lattice
3.1 Key Evolution
3.2 The Key Graph
3.3 Instantiation
3.4 Key Lattice as a Key Management Technique
4 Group Key Agreement
5 Group Randomness Messaging
5.1 Instantiation
6 Group Messaging
6.1 Security Definition
6.2 GM from GRM and GKA
6.3 Concrete Costs
6.4 Main Theorem
References
Identity-Based Matchmaking Encryption from Standard Lattice Assumptions
1 Introduction
2 Preliminaries
2.1 Identity-Based Matchmaking Encryption
2.2 Homomorphic Signatures
3 IB-ME: Generic Construction
3.1 IB-ME Achieving Enhanced Privacy
3.2 Achieving Authenticity
3.3 Security Analysis
4 Instantiations from Lattice Assumptions
5 Conclusions
A Reusable Computational Extractors
B Identity-Based Encryption
C Indistinguishable from Random Privacy vs Enhanced Privacy
References
Decentralized Private Stream Aggregation from Lattices
1 Introduction
1.1 Our Contributions
1.2 Related Work
1.3 Organization
2 Preliminaries
2.1 Lattices
2.2 Learning with Errors
2.3 Pseudorandom Functions
3 Decentralized Private Stream Aggregation
3.1 Our Construction
3.2 Aggregator Obliviousness
3.3 Parameters
3.4 Decentralized Setup
3.5 Client Failures
3.6 Optimizing Peer-to-Peer Communication
3.7 Dynamic Join and Leave
4 DPSA in the Standard Model
5 Conclusion
A Private Stream Aggregation
B Games for the Proof of Theorem 1
References
Wireless and Networks
A Security Analysis of WPA3-PK: Implementation and Precomputation Attacks
1 Introduction
2 Background
2.1 Simultaneous Authentication of Equals (SAE)
2.2 WPA3 Public Key (WPA3-PK)
2.3 Generation of the WPA3-PK Password
2.4 Security Guarantees Provided by WPA3-PK
3 Implementation and Network-Based Attacks
3.1 Bad Randomness Leaks the Password
3.2 Network-Based Attacks
4 Precomputation Attacks and Rainbow Tables
4.1 Background on Time-Memory Trade-Off Attacks
4.2 Motivation: SSID Reuse
4.3 Baseline Precomputation Attack Against WPA3-PK
4.4 Improved Analysis of the Baseline Precomputation Attack
4.5 Rainbow Tables for WPA3-PK
4.6 Rainbow Table: Performance Experiments
5 Multi-network Password Collisions
5.1 Constructing Password Collisions
5.2 Public Key Embedding and Trailing Data
5.3 Accepting Trailing Data Inside the Public Key
5.4 Multi-network Password Collisions
6 Defenses and Discussion
6.1 Handling Bad Randomness: Encrypting the Public Key
6.2 Preventing Network-Layer Attacks
6.3 Mitigating Time-Memory Trade-Off Attacks
6.4 Preventing Password Collisions: Committing to an SSID Length
7 Related Work
8 Conclusion
References
When and How to Aggregate Message Authentication Codes on Lossy Channels?
1 Introduction
2 MAC Aggregation on Lossy Channels
2.1 Message Authentication Codes
2.2 MAC Aggregation to Combat Bandwidth Scarcity
2.3 Introducing Existing MAC Aggregation Schemes
2.4 Interplay of Lossy Channels and MAC Aggregation
3 Synthetic Measurements
3.1 Simulation Setup
3.2 Influence of Channel Quality on Goodput
3.3 Influence of Payload Length on Goodput
3.4 Optimal Packet Lengths for Authenticated Data
4 MAC Aggregation in Real-World Scenarios
4.1 Description of the Scenarios
4.2 Evaluating MAC Aggregation in Realistic Scenarios
5 Beyond Goodput as Evaluation Metric
5.1 Average Delay Until Authentication
5.2 Performance and Memory Overhead
5.3 Resilience to Adversarial Interference
6 Guidelines on Employing MAC Aggregation
6.1 When to Use MAC Aggregation on Lossy Channels?
6.2 How to Employ MAC Aggregation on Lossy Channels?
6.3 Selecting an MAC Aggregation Scheme
7 Conclusion
References
DoSat: A DDoS Attack on the Vulnerable Time-Varying Topology of LEO Satellite Networks
1 Introduction
2 Background and Related Work
2.1 LEO Satellite Network
2.2 Denial-of-Service Attack
2.3 LSN Simulation
3 DoSat Attack
3.1 Threat Model
3.2 Feasibility Analysis
3.3 DoSat Overview
3.4 Attack Mechanism
4 Simulation and Evaluation
4.1 Simulation Setup
4.2 Network Setup
4.3 Evaluation Metrics
4.4 Results
5 Mitigations
6 Conclusion
References
DDoSMiner: An Automated Framework for DDoS Attack Characterization and Vulnerability Mining
1 Introduction
2 Background and Related Work
2.1 TCP-Based DDoS Attacks
2.2 DDoS Mining/Exploit Schemes
2.3 Exploration TCP Stack with Symbolic Execution
3 Threat Model and Problem Definition
3.1 Threat Model
3.2 Problem Definition
4 Workflow of DDoSMiner
4.1 Generation of Attack Call Flow Graph
4.2 Selective Symbolic Execution
5 Evaluation
5.1 Experiment Configuration
5.2 Attack Call Flow Graph Analysis
5.3 Symbol Execution Experiment Setup
5.4 Symbolic Execution Results
5.5 Evasion Evaluation Against IDS
6 Conclusion
7 Limitations and Future Work
A Visualization and Analysis of System Calls
B The Kernel Address Corresponding to the Full Drop Nodes for Six Categories of Attacks
References
Privacy and Homomorphic Encryption
Memory Efficient Privacy-Preserving Machine Learning Based on Homomorphic Encryption
1 Introduction
2 Background
2.1 Fully Homomorphic Encryption
2.2 Batch Packing
2.3 Convolutional Layers
2.4 Lock-Free Multi-threaded Convolution
3 Related Work
4 Our Proposed Approach
4.1 Modeling the Problem as a Schedule
4.2 Executing a Schedule
4.3 Cost of a Schedule
4.4 Threat Model
5 Reduced Memory Schedules
5.1 Caching by Object Type
5.2 Full Window Caching
5.3 Partial Window Caching
5.4 Column-Wise Caching
6 Experimental Evaluation
6.1 Memory Estimate
6.2 Measurements
7 Conclusion
References
SNARKProbe: An Automated Security Analysis Framework for zkSNARK Implementations
1 Introduction
2 Background and Related Work
2.1 Prior Work
3 Overview
3.1 Users and Use Cases
3.2 Workflow
4 Design and Implementation
4.1 Constraint Checker
4.2 SnarkFuzzer
5 Performance Evaluation
5.1 Performance of the Constraint Checker
5.2 Performance of SnarkFuzzer
6 Error Catching Evaluation
6.1 Potentially Locatable in Current Libraries
6.2 Found in Current Libraries
6.3 Found in Previous Versions of Libraries
7 Conclusion
A Additional Information for Constraint Checker
A.1 An optimization for the SMT solver
A.2 Protocol of the Constraint Checker by the SMT Solver
A.3 Example Constraint Checker
A.4 Domain Gap Issues
B Additional Information for SnarkFuzzer
B.1 Example Ideal Model Files
B.2 PrettyPrint Example
C Equations comparison_gadget Represents
References
Privacy-Preserving Verifiable CNNs
1 Introduction
1.1 Related Works
2 Preliminaries
3 Collaborative Bulletproofs
3.1 Extended Arithmetic Black-Box
3.2 Our Construction
3.3 Secure Realization
4 Privacy-Preserving Verifiable CNNs
4.1 Formal Definition
4.2 Construction
4.3 Security
5 Implementation and Comparison
5.1 Implementation of Collaborative Zk-SNARK
5.2 Performance Estimate for Proof System for CNN
5.3 Comparison
References
A General Framework of Homomorphic Encryption for Multiple Parties with Non-interactive Key-Aggregation
1 Introduction
1.1 Our Contributions
1.2 Technical Overview
1.3 Related Work
2 Background
2.1 Notation
2.2 Ring Learning with Errors
2.3 Gadget Decomposition and External Product
3 Formalizing Multi-group Homomorphic Encryption
3.1 Definition
3.2 Relations with MPHE and MKHE
4 MGHE Construction
4.1 Key Generation
4.2 Encryption and Decryption
4.3 Arithmetic Operations
4.4 Automorphism
4.5 Security
5 Constructing MPC from MGHE
5.1 Overview
5.2 MPC Protocol Secure Against Semi-malicious Corruptions
6 Experimental Results
A Construction of MGHE with CKKS
A.1 MGHE with CKKS
B Noise Analysis
B.1 Encryption
B.2 Relinearization
B.3 Multiplication
References
Symmetric Crypto
Masked Iterate-Fork-Iterate: A New Design Paradigm for Tweakable Expanding Pseudorandom Function
1 Introduction
1.1 Contributions
2 Preliminaries
2.1 General Notation
2.2 The H Coefficients and 2 Proof Techniques
2.3 Security Notions
3 Masked Iterate-Fork-Iterate and ButterKnife
3.1 Masked Iterate-Fork-Iterate
3.2 Specification of ButterKnife
4 Security Analysis of ButterKnife
4.1 Differential Distinguishers
4.2 Linear Trails
4.3 Meet-in-the-Middle Attacks
4.4 Impossible Differentials and Zero-Correlation
4.5 Amplified Boomerang Distinguishers
5 DAE for TPRFs: Security and Performance
5.1 The SAFE Mode of Operation
5.2 The ZAFE Mode of Operation
5.3 Implementation Aspects
6 Conclusion
A Details on ButterKnife
A.1 Additional Aspects
B Graphical Representation of SAFE
C ZMAC Pseudocode
References
Generalized Initialization of the Duplex Construction
1 Introduction
2 Preliminaries
2.1 Distinguisher
2.2 Multicollision Limit Function
3 Duplex Construction and Security
3.1 Construction
3.2 Security Model
3.3 Parameterization of Distinguishers
3.4 Security of Baseline Case
3.5 Role of Initialization Vector
4 Improvements Under Specific IV Generation
4.1 Globally Unique IV
4.2 Random IV
4.3 Quasi-Random IV
4.4 IV on Key
4.5 Globally Unique IV on Key
5 Stream Encryption
5.1 Construction and Security Model
5.2 Security Under Different Initializations
6 Authenticated Encryption
6.1 Construction and Security Model
6.2 Security Under Different Initializations
7 Practical Implications
7.1 Baseline
7.2 Globally Unique IV
7.3 Random IV
7.4 Quasi-Random IV
7.5 IV on Key
7.6 Globally Unique IV on Key
8 Conclusion
References
Alternative Key Schedules for the AES
1 Introduction
2 Background
2.1 Description of the AES
2.2 AES Differential Characteristics
2.3 Mixed Integer Linear Programming
3 Permutation-Based Key Schedules for the AES
3.1 Analyzing the Results of ch19wrongpaper
4 A Cycle-Decomposition Approach to Search for Good Key Schedules
4.1 Description of the Method
5 Double-MILP Model for Permutations
6 Results
6.1 Results for AES-128
6.2 Results for AES-192 and AES-256
7 Conclusion and Open Problems
References
Author Index
