The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
This paper considers the problem of efficiently generating a sequence of secrets with the special property that the knowledge of one or several secrets does not help an adversary to find the other ones. This is achieved through one-way cross-trees, which may be seen as a multidimensional extension of the so-called one-way chains. In a dual way, some applications require the release of one or several...
We consider the problem of proving that a user has selected and correctly employed a truly random seed in the generation of her RSA key pair. This task is related to the problem of key validation, the process whereby a user proves to another party that her key pair has been generated securely. The aim of key validation is to pursuade the verifying party that the user has not intentionally weakened...
This paper considers the problem of finding a minimumweighted representation of an integer under any modified radix-r number system. Contrary to existing methods, the proposed transformation is carried out from the left to the right (i.e., from the most significant position). This feature finds numerous applications and especially in fast arithmetic techniques because it reduces both time and space...
The security of several recent digital signature schemes is based on the difficulty of solving large systems of quadratic multivariate polynomial equations over a finite field F. This problem, sometimes called MQ, is known to be NP-hard. When the number m of equations is equal to the number n of variables, and if n < 15, Gröbner base algorithms have been applied to solve MQ. In the overdefined...
We present a practical selective forgery attack against RSA signatures with fixed-pattern padding shorter than two thirds of the modulus length. Our result extends the practical existential forgery of such RSA signatures that was presented at Crypto 2001. For an n-bit modulus the heuristic asymptotic runtime of our forgery is comparable to the time required to factor a modulus of only 9/64n bits....
McEliece PKC (Public-Key Cryptosystem), whose security is based on the decoding problem, is one of a few alternatives for the current PKCs that are mostly based on either IFP (Integer Factoring Problem) or DLP (Discrete Logarithm Problem), which would be solved in polynomial-time after the emergence of quantum computers. It is known that the McEliece PKC with an appropriate conversion satisfies (in...
The Frobenius endomorphism is known to be useful in efficient implementation of multiplication on certain elliptic curves. In this note a method to minimize the length of the Frobenius expansion of integer multiplier, ellipticc urves defined over small finite fields, is introduced. It is an optimization of previous works by Solinas and Müller. Finally, experimental results are presented and compared...
In this paper the Gallant-Lambert-Vanstone method is reexamined for speeding up scalar multiplication. Using the theory of μ- Euclidian algorithm, we provide a rigorous method to reduce the theoretical bound for the decomposition of an integer k in the endomorphism ring of an elliptic curve. We then compare the two different methods for decomposition through computational implementations.
Recent attacks show how an unskilled implementation of elliptic curve cryptosystems may reveal the involved secrets from a single execution of the algorithm. Most attacks exploit the property that addition and doubling on elliptic curves are different operations and so can be distinguished from side-channel analysis. Known countermeasures suggest to add dummy operations or to use specific parameterizations...
We analyze the security of the simplified Paillier (S-Paillier) cryptosystem, which was proposed by Catalano et al. We prove that the one-wayness of the S-Paillier scheme is as intractable as the standard RSA problem. We also prove that an adversary, which breaks the semantic security, can compute the least significant bits of the nonce. This observation is interesting, because the least significant...
This paper considers arbitrary-length chosen-ciphertext secure asymmetric encryption, thus addressing what is actually needed for a practical usage of strong public-key cryptography in the real world. We put forward two generic constructions, gem-1 and gem-2 which apply to explicit fixed-length weakly secure primitives and provide a strongly secure (IND-CCA2) public-key encryption scheme for messages...
In this paper, we consider what condition is sufficient for random inputs to secure probabilistic public-key encryption schemes. Although a framework given in [16] enables us to discuss uniformly and comprehensively security notions of public-key encryption schemes even for the case where cryptographically weak pseudorandom generator is used as random nonce generator to encrypt single plaintext messages,...
In the trivial n-recipient public-key encryption scheme, a ciphertext is a concatenation of independently encrypted messages for n recipients. In this paper, we say that an n-recipient scheme has a “shortened ciphertext” property if the length of the ciphertext is almost a half (or less) of the trivial scheme and the security is still almost the same as the underlying single-recipient scheme. We first...
In February 2000 the NESSIE project has launched an open call for the next generation of cryptographic algorithms. These algorithms should offer a higher security and/or confidence level than existing ones, and should be better suited for the constraints of future hardware and software environments. The NESSIE project has received 39 algorithms, many of these from major players. In October 2001, the...
This paper provides a M + 1-st price auction scheme using homomorphic encryption and the mix and match technique; it offers secrecy of bidding price and public verifiability. Our scheme has low round communication complexity: 1 round from each bidder to auctioneer in bidding and log p rounds from auctioneer to trusted authority in opening when prices are selected from p prefixed choices.
We present various trade offs for voting schemes which, compared to known solutions, allow voters to do less work at the expense of more work done by the tallying servers running the election. One such scheme produces ballots of essentially minimal size while keeping the work load on the tally servers on a practical level. Another type of trade off leads to a voting scheme that remains secure, even...
Strong voter privacy, although an important property of an election scheme, is usually compromised in election protocol design in favor of other (desirable) properties. In this work we introduce a new election paradigm with strong voter privacy as its primary objective. Our paradigm is built around three useful properties of voting schemes we define: (1) Perfect Ballot Secrecy, ensures that knowledge...
In this paper we propose an efficient (string) OTn1 scheme for any n ≥ 2. We build our OTn1 scheme from fundamental cryptographic techniques directly. It achieves optimal efficiency in terms of the number of rounds and the total number of exchanged messages for the case that the receiver’s choice is unconditionally...
In this paper, we first show that three public-key (k, n)- traceability schemes can be derived from an [n, u, d]-linear code C such that d ≥ 2k+1. The previous schemes are obtained as special cases. This observation gives a more freedom and a new insight to this field. For example, we show that Boneh-Franklin scheme is equivalent to a slight modification of the corrected Kurosawa-Desmedt scheme. This...
Two provably secure group identification schemes are presented in this report: 1) we extend De Santis, Crescenzo and Persiano’s (SCP) anonymous group identification scheme to the discrete logarithm based case; then we provide a 3-move anonymous group identification scheme, which is more efficient than that presented in [SCPM, CDS], with the help of this basic scheme; 2) we also extend the original...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.