Browse Proceedings

We show that the decisional version of the Ko-Lee assumption for braid groups put forward by Lee, Lee and Hahn at Crypto 2001 is false, by giving an efficient algorithm that solves (with high probability) the corresponding decisional problem. Our attack ...

The braid group with its conjugacy problem is one of the recent hot issues in cryptography. At CT-RSA 2001, Anshel, Anshel, Fisher, and Goldfeld proposed a commutator key agreement protocol (KAP) based on the braid groups and their colored Burau ...

In this paper we extend the Weil descent attack due to Gaudry, Hess and Smart (GHS) to a much larger class of elliptic curves. This extended attack applies to fields of composite degree over F2. The principle behind the extended attack is to use ...

We present several new and fairly practical public-key encryption schemes and prove them secure against adaptive chosen ciphertext attack. One scheme is based on Paillier's Decision Composite Residuosity assumption, while another is based in the ...

Cryptographic computations (decryption, signature generation, etc.) are often performed on a relatively insecure device (e.g., a mobile device or an Internet-connected host) which cannot be trusted to maintain secrecy of the private key. We propose and ...

We formally study the notion of a joint signature and encryption in the public-key setting. We refer to this primitive as signcryption, adapting the terminology of [35]. We present two definitions for the security of signcryption depending on whether ...

An ( X, Y )-random system takes inputs X ₁ , X ₂ , . . . and generates, for each new input X _i , an output Y _i Y , depending probabilistically on X ₁ , . . . , X _i and Y ₁ , . . . , Y _{i -1} . Many cryptographic systems ...

We consider the symmetric encryption problem which manifests when two parties must securely transmit a message m with a short shared secret key. As we permit arbitrarily powerful adversaries, any encryption scheme must leak information about m|the ...

We investigate the possibility of cryptographic primitives over nonclassical computational models. We replace the traditional finite field F _n ^* with the infinite field Q of rational numbers, and we give all parties unbounded computational power. ...

This paper shows an extensive software performance analysis of dedicated hash functions, particularly concentrating on Pentium III, which is a current dominant processor. The targeted hash functions are MD5, RIPEMD-128-160, SHA-1 -256 -512 and Whirlpool,...

Attacks on cryptosystem implementations (e.g. security fault injection, timing analysis and differential power analysis) are amongst the most exciting developments in cryptanalysis of the past decade. Altering the internal state of a cryptosystem or ...

As Koblitz curves were generalized to hyperelliptic Koblitz curves for faster point multiplication by G nter, et al. [10] we extend the recent work of Gallant, et al. [8] to hyperelliptic curves. So the extended method for speeding point multiplication ...

In this paper, we present some major algorithmic improvements to fast correlation attacks. In previous articles about fast correlations, algorithmics never was the main topic. Instead, the authors of these articles were usually addressing theoretical ...

Many of the keystream generators which are used in practice are LFSR-based in the sense that they produce the keystream according to a rule y = C ( L ( x )), where L ( x ) denotes an internal linear bitstream, produced by a small number of ...

A general linear iterative cryptanalysis methodfor solving binary systems of approximate linear equations which is also applicable to keystream generators producing short keystream sequences is proposed. A linear cryptanalysis method for reconstructing ...

We study the problem of root extraction in finite Abelian groups, where the group order is unknown. This is a natural generalization of the problem of decrypting RSA ciphertexts. We study the complexity of this problem for generic algorithms, that is, ...

The Probabilistic Signature Scheme (PSS) designed by Bellare and Rogaway is a signature scheme provably secure against chosen message attacks in the random oracle model, whose security can be tightly related to the security of RSA. We derive a new ...

SFLASH [Spec] is a fast asymmetric signature scheme intended for low cost smart cards without cryptoprocessor. It belongs to the family of multivariate asymmetric schemes. It was submitted to the call for cryptographic primitives organised by the ...

In this paper, we describe a three-stage attack against Revised NSS, an NTRU-based signature scheme proposed at the Eurocrypt 2001 conference as an enhancement of the (broken) proceedings version of the scheme. The first stage, which typically uses a ...

Authenticated Diffie-Hellman key exchange allows two principals communicating over a public network, and each holding public/ private keys, to agree on a shared secret value. In this paper we study the natural extension of this cryptographic problem to ...

Recently, Canetti and Krawczyk (Eurocrypt'2001) formulated a notion of security for key-exchange (ke) protocols, called SK-security, and showed that this notion suffices for constructing secure channels. However, their model and proofs do not suffice ...

We show that claims of "perfect security" for keys produced by quantum key exchange (QKE) are limited to "privacy" and "integrity." Unlike a one-time pad, QKE does not necessarily enable Sender and Receiver to pretend later to have established a ...

We study Pseudorandom Number Generators (PRNGs) as used in practice. We first give a general security frame work for PRNGs, incorporating the attacks that users are typically concerned about. We then analyze the most popular ones, including the ANSI ...

We define and analyze a simple and fully parallelizable blockcipher mode of operation for message authentication. Parallelizability does not come at the expense of serial efficiency: in a conventional, serial environment, the algorithm's speed is within ...

We construct the first efficient forward-secure digital signature scheme where the total number of time periods for which the public key is used does not have to be fixed in advance. The number of time periods for which our scheme can be used is bounded ...

The Fiat-Shamir paradigm for transforming identification schemes into signature schemes has been popular since its introduction because it yields efficient signature schemes, and has been receiving renewed interest of late as the main tool in deriving ...

This paper focuses on notions for the security of digital signature schemes whose resistance against forgery is not dependent on unproven computational assumptions. We establish successfully a sound and strong notion for such signature schemes. We ...

An important open problem in the area of Traitor Tracing is designing a scheme with constant expansion of the size of keys (users' keys and the encryption key) and of the size of ciphertexts with respect to the size of the plaintext. This problem is ...