All papers in 2002 (Page 2 of 195 results)
Security proofs of cryptographic protocols
In time of internet attacks is important to use cryptographic protcols and algorithms to secure private data that are sent via Internet. But using of such protocol is not enough. To really secure our data we must know that used protocol is secure. For this purpose where a lot of methods design such as well-known BAN logic. In this articel we want to present DLA (Database and Logic Abduction)- method that is used to prove that a security or cryptographic protocol is secure or it is possible perform an attack.
Better than BiBa: Short One-time Signatures with Fast Signing and Verifying
One-time signature schemes have found numerous applications: in ordinary, on-line/off-line, and forward-secure signatures. More recently, they have been used in multicast and broadcast authentication. We propose a one-time signature scheme with very efficient signing and verifying, and short signatures. Our scheme is well-suited for broadcast authentication, and, in fact, can be viewed as an improvement of the BiBa one-time signature (proposed by Perrig in CCS 2001 for broadcast authentication).
Generic Lower Bounds for Root Extraction and Signature Schemes in General Groups
We study the problem of root extraction in finite Abelian groups, where the
group order is unknown. This is a
natural generalization of the problem of decrypting RSA ciphertexts.
We study the complexity of this problem for generic algorithms, that is,
algorithms that work for any group and do not use any special properties
of the group at hand.
We prove an exponential lower bound on the generic
complexity of root extraction, even if the algorithm can choose the
"public exponent"
itself. In other words, both the standard and the strong RSA assumption
are provably true w.r.t. generic algorithms.
The results hold for arbitrary groups, so security w.r.t. generic attacks
follows for any cryptographic construction based on root extracting.
As an example of this, we revisit Cramer-Shoup signature scheme.
We modify the scheme such that it becomes a generic
algorithm. This allows us to
implement it in RSA groups without the original restriction that the
modulus must be a product
of safe primes. It can also be implemented in class groups.
In all cases, security follows from a
well defined complexity assumption (the strong root assumption),
without relying on random
oracles, and the assumption is shown to be true w.r.t. generic attacks.
Exponent Group Signature Schemes and Efficient Identity Based Signature Schemes Based on Pairings
We describe general exponent group signature schemes and show how
these naturally give rise to identity based signature schemes if
pairings are used. We prove these schemes to be secure in the random
oracle model. Furthermore we describe a particular identity based
signature scheme which is quite efficient in terms of bandwidth and
computing time, and we develop a further scheme which is not derived
from a general exponent group signature scheme. The realization of
these schemes uses supersingular elliptic curves and the Tate pairing,
which is more efficient than the Weil pairing. Finally we show that
these schemes have a more natural solution, than Shamir's original
scheme, to the ``escrow'' property that all identity based signature
schemes suffer from.
Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages
This paper considers arbitrary-length chosen-ciphertext secure asymmetric encryption, thus addressing what is actually needed for a practical usage of strong public-key cryptography in the real world. We put forward two generic constructions, gem-1 and gem-2, which apply to explicit fixed-length weakly secure primitives and provide a strongly secure (IND-CCA2) public-key encryption scheme for messages of unfixed length (typically computer files). Our techniques optimally combine a single call to any one-way trapdoor function with repeated encryptions through some weak block-cipher (a simple xor is fine) and hash functions of fixed-length input so that a minimal number of calls to these functions is needed. Our encryption/decryption throughputs are comparable to the ones of standard methods (asymmetric encryption of a session key + symmetric encryption with multiple modes). In our case, however, we formally prove that our designs are secure in the strongest sense and provide complete security reductions holding in the random oracle model.
Cut and Paste Attacks with Java
This paper describes malicious applets that use Java's sophisticated graphic features to rectify the browser's padlock area and cover the address bar with a false https domain name.
The attack was successfully tested on Netscape's Navigator and Microsoft's Internet Explorer; we consequently recommend to neutralize Java whenever funds or private data transit via these browsers and patch the flaw in the coming releases.
The degree of novelty of our attack is unclear since similar (yet non-identical) results can be achieved by spoofing as described by Felten; however our scenario is much simpler to mount as it only demands the inclusion of an applet in the attacker's web page. In any case, we believe that the technical dissection of our malicious Java code has an illustrative value in itself.
Tree-based Group Key Agreement
Secure and reliable group communication is an active area of
research. Its popularity is caused by the growing importance of
group-oriented and collaborative applications. The central research
challenge is secure and efficient group key management. While
centralized methods are often appropriate for key distribution in
large multicast-style groups, many collaborative group settings
require distributed key agreement techniques. This work
investigates a novel group key agreement approach which blends
so-called key trees with Diffie-Hellman key exchange. It yields a
secure protocol suite (TGDH) that is both simple and fault-tolerant.
Moreover, the efficiency of TGDH appreciably surpasses that of
prior art.
Efficient Algorithms for Pairing-Based Cryptosystems
We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics. We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over $\GF{p^m}$, the latter technique being also useful in contexts other than that of pairing-based cryptography.
Parallel scalar multiplication on general elliptic curves over $\mathbb{F}_p$ hedged against Non-Differential Side-Channel Attacks
For speeding up elliptic curve scalar multiplication and making it secure against side-channel attacks such as timing or power analysis, various
methods have been proposed using specifically chosen elliptic curves. We show that both goals can be achieved simultaneously even for conventional
elliptic curves over $\mathbb{F}_p$. This result is shown via two facts.
First, we recall the known fact that every elliptic curve over $\mathbb{F}_p$ admits a scalar
multiplication via a (Montgomery ladder) Lucas chain.
As such chains are known to be resistant against timing- and simple power/electromagnetic
radiation analysis attacks, the security of our scalar multiplication against timing and
simple power/electromagnetic radiation analysis follows.
Second, we show how to parallelize the 19 multiplications within the resulting
\lq\lq double" and \lq\lq add" formulas of the Lucas chain for the
scalar multiplication.
This parallelism together with the Lucas chain results in 10 parallel field multiplications per bit of the scalar.
Finally, we also report on a concrete successful implementation of the above mentioned scalar multiplication algorithm
on a very recently developed and commercially available coprocessor for smart cards.
The best and worst of supersingular abelian varieties in cryptology
For certain security applications, including identity based encryption and short signature schemes, it is useful to have abelian varieties with security parameters that are neither too small nor too large. Supersingular abelian varieties are natural candidates for these applications. This paper determines exactly which values can occur as the security parameters of supersingular abelian varieties (in terms of the dimension of the abelian variety and the size of the finite field), and gives constructions of supersingular abelian varieties which are optimal for use in cryptography.
Cryptanalysis of Stream Cipher COS (2,128) Mode I
Filiol and Fontaine recently proposed a family of stream ciphers named COS. COS is based on nonlinear feedback shift registers and was claimed to be with high cryptographic strength. Babbage showed that COS $(2,128)$ Mode II is extremely weak. But Babbage's attack is too expensive to break the COS $(2,128)$ Mode I (the complexity is around $2^{52}$). In this paper, we show that the COS $(2,128)$ Mode I is too weak. With about $2^{16}$-bit known plaintext, the secret information could be recovered with small amount of memory and computation time (less than one second on a Pentium IV Processor).
ID-based Signatures from Pairings on Elliptic Curves
We present an efficient identity-based signature scheme which makes
use of bilinear pairings on elliptic curves. Our scheme is similar to
the generalized ElGamal signature scheme. We consider the security of
our scheme.
Square Attacks on Reduced-Round Variants of the Skipjack Block Cipher
This report surveys on a series of Square attacks on reduced-round
versions of the Skipjack block cipher.
{\bf Skipjack} is an iterated block cipher encrypting 64-bit plaintext
blocks into 64-bit ciphertext blocks, using an 80-bit key. Its
design is based on a generalized Feistel Network making up 32 rounds
of two different types. This cipher was developed by the National Security
Agency for the Clipper chip and Fortezza PC card.
Evaluating Security of Voting Schemes in the Universal Composability Framework
Uncategorized
Uncategorized
In the literature, voting protocols are considered secure if they satisfy requirements such as privacy, accuracy, robustness, etc. It can be time consuming to evaluate a voting protocol with respect to all these requirements and it is not clear that the list of known requirements is complete. Perhaps because of this many papers on electronic voting do not offer any security proof at all.
As a solution to this, we suggest evaluating voting schemes in the universal composability framework. We investigate the popular class of voting schemes based on homomorphic threshold encryption. It turns out that schemes in this class realize an ideal voting functionality that takes the votes as input and outputs the result. This ideal functionality corresponds closely to the well-known ballot box model used today in manual voting. Security properties such as privacy, accuracy and robustness now follow as easy corollaries. We note that some security requirements, for instance incoercibility, are not addressed by our solution.
Security holds in the random oracle model against a non-adaptive adversary. We show with a concrete example that the schemes are not secure against adaptive adversaries. We proceed to sketch how to make them secure against adaptive adversaries in the erasure model with virtually no loss of efficiency. We also sketch how to achieve security against adaptive adversaries in the erasure-free model.
Fractal Hash Sequence Representation and Traversal
We introduce a novel amortization technique for computation of consecutive preimages of hash chains, given knowledge of the seed.
While all previously known techniques have a memory-times-computational complexity of $O(n)$ per chain element, the complexity of our technique can be upper bounded at $O(log^2 n)$, making it a useful primitive for low-cost applications such as authentication, signatures and micro-payments. Our technique uses a logarithmic number
of {\em pebbles} associated with points on the hash chain. The locations of these pebbles are modified over time. Like fractals, where images can be found within images, the pebbles move within intervals and sub-intervals according to a highly symmetric pattern.
- « Previous
- 1
- 2