Cryptography and especially encryption and decryption algorithms are areas where active research keep happening and new ideas keep coming but a very few stand the test of time. We will be touching briefly on some of them and they have been chosen because huge interest has been shown by cryptographic community in them and some organizations have gone ahead in implementing, filed patents and a few enterprises have started using them as well. We will be talking about new modes of AES encryption called FPE, AEAD and then on Group Signature and a new way of security proof called Zero Signature.

**FPE(Format Preserving Encryption)**

FPE is an encryption method in which the cipher text is in the same format as the input (the plain text). The motivation comes from the problems associated with integration into existing application. If we need to encrypt a 16 digit credit card number, AES-CBC or AES-ECB will transform a card number into a large, fixed-length, binary value.

One simple way to create an FPE algorithm on {0,...,N-1} is to assign a pseudorandom weight to each integer, then sort by weight. The weights are defined by applying an existing block cipher to each integer. Black and Rogaway call this technique a "prefix cipher" and showed it was provably as good as the block cipher used.

Thus, to create a FPE on the domain {0,1,2,3}, given a key K apply AES(K) to each integer, giving, for example,

weight(0) = 0x56c644080098fc5570f2b329323dbf62

weight(1) = 0x08ee98c0d05e3dad3eb3d6236f23e7b7

weight(2) = 0x47d2e1bf72264fa01fb274465e56ba20

weight(3) = 0x077de40941c93774857961a8a772650d

Sorting [0,1,2,3] by weight gives [3,1,2,0], so your cipher is : F(0) = 3 F(1) = 1 F(2) = 2 F(3) = 0.

**AEAD( Authenticated Encryption with Associated Data)**

Till AEAD came, encryption and authentication were two separate cryptographic processes. In order to have both, a combination approach is generally used. One might, for example, encrypt a string M, prepend a header H, and then MAC the resulting string. The problem with this approach is that since it involves two fundamental crypto operations, the speed is slow and many situations demand lot of speed such as network encryptors, which have to process data at line speeds Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£├®Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö¼ÔòæÔö£├ÂÔö£├éÔö¼├║Ôö£├ÂÔö£├éÔö£ÔûÆtypically many gigabytes per second.

(AEAD) is special block cipher modes of operation which can handle encryption and authentication in one go, usually with a single key. The modes for AEAD include Galois Counter Mode (GCM), Offset Codebook Method (OCB) etc.

Java Cryptography Architecture now supports AEAD. AEAD is being used in some highly constrained networks.

**Group Signature**

A Group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group. The concept was first introduced by David Chaum and Eugene van Heyst in 1991. For example, a group signature scheme could be used by an employee of a large company where it is sufficient for a verifier to know a message was signed by an employee, but not which particular employee signed it. Another application is for key card access to restricted areas where it is inappropriate to track individual employee's movements, but necessary to secure areas to only employees in the group.

Many schemes have been proposed, however all should follow these basic requirements:

- Soundness and Completeness: Valid signatures by group members always verify correctly, and invalid signatures always fail verification
- Unforgeable: Only members of the group can create valid group signatures
- Anonymity: Given a message and its signature, the identity of the individual signer cannot be determined without the group manager's secret key
- Traceability: Given any valid signature, the group manager should be able to trace which user issued the signature. (This and the previous requirement imply that only the group manager can break users' anonymity.)
- Unlinkability: Given two messages and their signatures, we cannot tell if the signatures were from the same signer or not.
- No Framing: Even if all other group members (and the managers) collude, they cannot forge a signature for a non-participating group member
- Unforgeable tracing verification: The revocation manager cannot falsely accuse a signer of creating a signature he did not create

**Zero Knowledge Proof**

The purpose of a traditional proof is to convince somebody, but typically the details of a proof give the verifier more info about the assertion. A proof is a zero-knowledge if the verifier does not get from it anything that he cannot compute by himself. The idea of zero knowledge proof has been used in digital signatures. Protocols such as Fiat-Shamir Digital Signature Protocol, Guillou-Quisquater Digital Signature Protocol and Schnorr Digital Signature Protocol use this for signature. IntelÔö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£├®Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö¼ÔòæÔö£├ÂÔö£├éÔö¼├║├ö├Â┬ú├ö├▓├╣s IPT (Intel Protection Technology) implements this in its group signature.

## There are 3 Comments

### Do suggest what are good

<p>Do suggest what are good areas for the application of these trends. Group signatures would have been good for electronic voting if group manager's secret key was not used.</p>

- Log in to post comments

### For FPE, are the weights

For FPE, are the weights generated randomly or are they related to the input key or is the key used only to pick one weight from the sorted list?

- Log in to post comments

### Harjinder, The example I gave

<p>Harjinder, The example I gave, uses a AES key K and encrypts all the given input integers with K using AES algorithm and sorts the output and based on that sort, decides the permutation of the given input integers. Prefix cipher basically wants a pseudo random generator which would generate weights randomly and you would attach those weights to the given integers. Then, you sort those weights and you get another permutation of the given integers. And AES output of a set of integers, where key is secret, is considered a good pesudo random generator. This is a very simple example of a FPE but cannot be used for large inputs as this method is expensive. For further details, there is a good paper for your reference: <a href="http://www.cs.ucdavis.edu/~rogaway/papers/synopsis.pdf">http://www.cs.uc...

- Log in to post comments