Message Authentication Code construction Alred and its AES-based instance Alpha-MAC were introduced by Daemen and Rijmen in 2005. We show that under certain assumptions about its implementation (namely that keyed parts are perfectly protected against side-channel attacks but bulk hashing rounds are not) one can efficiently attack this function. We propose a side-channel collision attack on this...

Signcryption is a cryptographic primitive that provides authentication and confidentiality simultaneously in a single logical step. It is often required that multiple senders have to signcrypt a single message to a certain receiver. Obviously, it is inefficient to signcrypt the messages separately. An efficient alternative is to go for multi-signcryption. The concept of multi-signcryption is si...

The E-Commerce and Social Media has become the new identity for millions of users across the globe. Ease of services for Shopping, Travel, Internet Banking, Social Media, chat and collaboration Apps etc. have become part of one’s life where these identities have name, media content, confidential notes, business projects and credit cards. Convenience and connections brings the ease of connectivi...

This paper shows some insecurities in Xu’s forward secure multi-proxy signature scheme. There are two kinds of attacks on this scheme: (1) anyone can forge some certain messages which to be sign and cannot detect by the signature verifier. (2) This scheme can’t resist the dishonest signer forgery attack by forging its own public key. After that, the paper proposed two new forward-secure multi-p...

Certificateless public key cryptography (CL-PKC) is a new benchmark in modern cryptography. It not only simplifies the certificate management problem of PKC, but also avoids the key escrow problem of the identity based cryptosystem (ID-PKC). In this article, we propose a certificateless blind signature protocol which is based on elliptic curve cryptography (CLB-ECC). The scheme is suitable for ...

A deniable authentication protocol enables a receiver to identify the true source of a given message but not to prove the identity of the sender to the third party. Non-interactive protocol is more efficient than interactive protocol in terms of communication overhead, and thus several non-interactive deniable authentication protocols have been proposed. So, it is very necessary to design a den...

In a clickjacking attack, a lot of effort has been put into researching client-side attacks, including such as cross-site scripting and request forgery, and more recently, clickjacking. Similar to other client-side attacks, clickjacking attacks can use the internet browser to utilize weaknesses in cross domain isolation and the single origin policy. It tricking the clients to click on something...

At Crypto ’06, Bellare presented new security proofs for HMAC and NMAC, under the assumption that the underlying compression function is a pseudo-random function family. Conversely, at Asiacrypt ’06, Contini and Yin used collision techniques to obtain forgery and partial key-recovery attacks on HMAC and NMAC instantiated with MD4, MD5, SHA-0 and reduced SHA-1. In this paper, we present the firs...

Android has always been about connectivity and providing great browsing experience. Web-based content can be embedded into the Android application using WebView. It is a User Interface component that displays webpages. It can either display a remote webpage or can also load static HTML data. This encompasses the functionality of a browser that can be integrated to application. WebView provides ...

In this paper, we present the first third-party cryptanalysis against the authenticated encryption scheme Silver. In high-level, Silver builds a tweakable block cipher by tweaking AES-128 with a dedicated method and performs a similar computation as OCB3 to achieve 128bit security for both of integrity and confidentiality in nonce-respecting model. Besides, by modifying the tag generation of OC...