Alexandru Ioan Cuza University of Ia¸si,Rom^ania Department of Computer Science Quadratic Residues and Applications in Cryptography by Anca-Maria Nica supervisor Prof. Dr. C˘at˘alinDima 2020 . Doctoral committee: Conf.Dr. Adrian Iftene - committee chairman Alexandru Ioan Cuza University of Ia¸si Prof.Dr. C˘at˘alinDima - doctoral supervisor Alexandru Ioan Cuza University of Ia¸si/ \Paris Est Creteil - Val de Marne" Prof.Dr. Constantin Popescu - reviewer University of Oradea Prof.Dr. Ferucio Laurent¸iu T¸iplea - reviewer Alexandru Ioan Cuza University of Ia¸si Conf.Dr. Octavian Catrina - reviewer University Politehnica of Bucharest Conf.Dr. Mihai Dumitru Prunescu - reviewer University of Bucharest Acknowledgements I became more and more concerned about the meaning of life, whose essence can be summarized in one word: giving. But you cannot give what you do not have, so growing is another leading word in my life. I would like to have a positive impact on others' lives, and I am doing this profoundly inspired by the influence I got, in turn, from the most important people in my life. I'm looking around me and I can not feel anything else than gratefulness. I am grateful for the models I have, because life teaches me a lot by their examples. I am surrounded by special people, beginning with my mentor, Fr. Teodosie, who is a true father to me. He is sustaining me in all situations, he is a live model of being a Christian for me, an example of empathizing and communicating with people. I learned from him that you have to be very patient with people, as he is with me all the time. He taught me, by his life, that the strongest way of teaching others is by your own example. He taught me that before night you are the leader who establishes the timetable for the next day. Then, in the morning, you have to be a committed employee and not to negotiate the things you have already planned to do. He also showed me how one can make a masterpiece from each day and praise God for all. I would like to thank my supervisors Prof. Dr. Ferucio Laurent¸iu T¸iplea and Prof. Dr. C˘at˘alinDima for all their help and support. Professor T¸iplea taught me that you can always be kind with others, no matter how they act or speak to you. I realized through his example that you always have to see value in people, you have to focus on their strengths, you have to appreciate, respect, and believe in them and also that you have to add value to people all the time - as John Maxwell said - these are the seeds for success. He gently guided me all these six years, and still does in a very efficient and thoughtful way. From Lect. Dr. Sorin Iftene I have learned that whenever you have the opportunity to encourage people, it is a great idea to do so. He also taught me by his example how to always be thoughtful and attentive to others' needs. From FCS I have learned how to act with yourself and the fact that you can be as strict as you wish with yourself but very lenient with others. I am also grateful to FCS for its constant support and mentoring and for offering the perfect environment for writing this thesis. iii They are like a lighthouse showing the direction. I look forward to giveback, to reward the trust that they invested in me and without which I would not have gotten here. Even if words are too poor, I would like to thank them all, along with other great people that surrounded me throughout the process, for their contribution. I express here my profound gratitude to God, to the Holy Theotokos, to all Saints and to my guardian angel who took care of me all the time. This thesis does not represent the ending but rather the beginning of a new period of research in this area. In the last five years of study I had the chance to attend many (inter)national conferences and winter/summer schools on related topics that opened up new horizons in my research and also spurred me to improve my English enough to be able to teach in English. I am ever so grateful to our faculty and to all those who have facilitated such opportunities. One of them is Lect. Dr. Emanuel Onica who helped me to attend a lot of interesting and useful scientific events by his projects. Last but not least, I want to thank my parents and my friends who understood me patiently and sustained me along the way. Words are never enough to express my gratitude. Thank you! God bless you all! iv . To Fr. Teodosie, v vi Contents Preface 5 Thesis overview . .5 Thesis contributions . .8 List of publications 11 1 Introduction to cryptography and quadratic residues 13 1.1 Some history . 13 1.2 Principles, goals and security in modern cryptography . 16 1.3 Quadratic residues in mathematics . 22 1.4 Quadratic residues in cryptology . 25 1.5 Literature review . 26 2 Prerequisites 31 2.1 Congruence . 31 2.2 Probabilities . 32 2.3 Complexity . 35 2.4 Quadratic residues . 35 2.4.1 Legendre and Jacobi symbols . 37 2.4.2 Computing square roots . 40 3 On the distribution of quadratic residues 45 3.1 Counting quadratic residues and non-residues in the set a + X .... 49 3.1.1 The case of prime moduli . 50 3.1.2 The case of RSA moduli . 56 3.2 Computing probabilities on sets Y(a + X)............... 68 vii 3.3 Concluding remarks . 70 4 Applications of QR to IBE 71 4.1 Cocks' IBE scheme . 72 4.1.1 Cocks' IBE ciphertexts . 73 4.1.2 Galbraith's test . 78 4.1.3 Anonymous Cocks' schemes . 81 4.1.4 Concluding remarks . 87 4.2 Boneh-Gentry-Hamburg's IBE scheme . 87 4.2.1 Associated polynomials . 89 4.2.2 The BGH scheme and its security . 89 4.2.3 A new security analysis for BasicIBE scheme . 95 4.2.4 Concluding remarks . 97 4.3 QR-based IBE schemes that fail security . 98 4.3.1 Jhanwar-Barua scheme . 98 4.3.2 Other insecure IBE schemes based on QR . 103 4.3.3 Concluding remarks . 104 4.4 Continuous mutual authentication . 105 4.4.1 Real privacy management . 106 4.4.2 RPM description . 111 4.4.3 Continuous mutual authentication and data security . 116 4.4.4 Concluding remarks . 118 4.5 Pseudo-random generators . 119 4.5.1 Pseudo-randomness from QR . 120 4.5.2 Concluding remarks . 122 5 From identity-based to attribute-based encryption 123 5.1 Introduction . 123 5.2 ABE and the backtracking attack . 126 5.3 KP-ABE for Boolean circuits using secret sharing and bilinear maps . 131 5.3.1 The secure KP-ABE Scheme 1.................. 131 5.3.2 Concluding remarks . 142 5.4 KP-ABE for Boolean circuits using secret sharing and multilinear maps 143 viii 5.4.1 The secure KP-ABE Scheme 2.................. 144 5.4.2 Concluding remarks . 155 6 Conclusion and open problems 157 Bibliography 163 ix x Preface About this thesis The most inspiring aspect in doing this thesis was \the improvement", not only re- garding some schemes and boundaries in security proofs, but reaching the next level in the research process, growth and comprehending. This is what guarantees the future results and gives beauty to the process. We started five years ago from some problems which are of great interest in cryp- tography. Searching an efficient variant of Cocks' IBE scheme was one of them. Then, starting from it, we investigated the set of integers which are obtained by adding a ∗ quadratic residue to an integer in Zn, i.e. the set a + QRn, as we will deeply discuss in Chapter 3 of this thesis. Another starting point in this research was the proof of Galbraith's test, addressed in detail in Section 4.1.2, the anonymization and the se- curity of Cocks' IBE scheme, together with applications of this scheme and attribute based encryption, which is considerable useful in cloud computing, access control in cloud and other fields. These are the main subjects which we describe in this thesis. Thesis overview Chapter 1: Introduction to cryptography and quadratic residues In the first chapter, after a short review of the thesis, we present some phases in the history of cryptology - one of the areas regarding information hiding (see Figure 1.1 on page 16). We emphasize the niche of Public Key Cryptography (PKE) and specially Identity-based Encryption (IBE), until we get to IBE based on quadratic residues (QR). This is one of the areas where we applied some of our mathematical results in 5 6 Preface Chapter 3. In Section 1.2 we state two main principles of cryptology followed immediately by the objectives of cryptography together with the security goals that have to be satisfied according to the security model which a cryptosystem reaches. In Figure 1.2 on page 21 we can see the relation between these security models. The security level of a cryptographic scheme is usually proved using security games, as the one presented in the end of Section 1.2. In the following two sections we point out some of the areas where quadratic residues are of great interest, focusing mainly on mathematical aspects, Section 1.3, and cryptographic aspects, Section 1.4. In the last section of Chapter 1 we shortly present the literature review regarding mainly four key aspects around which our study shall be structured.