Results 1  10
of
5,179
Timing Attacks on Implementations of DiffieHellman, RSA, DSS, and Other Systems
, 1996
"... By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known cip ..."
Abstract

Cited by 644 (3 self)
 Add to MetaCart
By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, networkbased cryptosystems, and other applications where attackers can make reasonably accurate timing measurements. Techniques for preventing the attack for RSA and DiffieHellman are presented. Some cryptosystems will need to be revised to protect against the attack, and new protocols and algorithms may need to incorporate measures to prevent timing attacks.
NonMalleable Cryptography
 SIAM Journal on Computing
, 2000
"... The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. ..."
Abstract

Cited by 490 (21 self)
 Add to MetaCart
The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. The same concept makes sense in the contexts of string commitment and zeroknowledge proofs of possession of knowledge. Nonmalleable schemes for each of these three problems are presented. The schemes do not assume a trusted center; a user need not know anything about the number or identity of other system users. Our cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.
LEAP: Efficient Security Mechanisms for Largescale Distributed Sensor Networks
, 2003
"... Protocol), a key management protocol for sensor networks that is designed to support innetwork processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observ ..."
Abstract

Cited by 458 (22 self)
 Add to MetaCart
Protocol), a key management protocol for sensor networks that is designed to support innetwork processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observation that different types of messages exchanged between sensor nodes have different security requirements, and that a single keying mechanism is not suitable for meeting these different security requirements. LEAP supports the establishment of four types of keys for each sensor node – an individual key shared with the base station, a pairwise key shared with another sensor node, a cluster key shared with multiple neighboring nodes, and a group key that is shared by all the nodes in the network. The protocol used for establishing and updating these keys
How to break MD5 and other hash functions
 In EUROCRYPT
, 2005
"... Abstract. MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi freestart collision, in which the initial value of the has ..."
Abstract

Cited by 315 (7 self)
 Add to MetaCart
Abstract. MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi freestart collision, in which the initial value
Encrypted Key Exchange: PasswordBased Protocols Secure Against Dictionary Attacks
 IEEE SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY
, 1992
"... Classical cryptographic protocols based on userchosen keys allow an attacker to mount passwordguessing attacks. We introduce a novel combination of asymmetric (publickey) and symmetric (secretkey) cryptography that allow two parties sharing a common password to exchange confidential and authenti ..."
Abstract

Cited by 431 (5 self)
 Add to MetaCart
Classical cryptographic protocols based on userchosen keys allow an attacker to mount passwordguessing attacks. We introduce a novel combination of asymmetric (publickey) and symmetric (secretkey) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network. These protocols are secure against active attacks, and have the property that the password is protected against offline "dictionary" attacks. There are a number of other useful applications as well, including secure public telephones.
On the Importance of Checking Cryptographic Protocols for Faults
, 1997
"... We present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults. We show how to attack certain implementations of RSA and Rabin signatures. An implementation of RSA based on the Chinese Remainder Theorem can be broken using a single erroneous s ..."
Abstract

Cited by 396 (8 self)
 Add to MetaCart
. Schnorr's protocol can also be broken, but a larger number of erroneous executions is needed. Keywords: Hardware faults, Cryptanalysis, RSA, FiatShamir, Schnorr, Public key systems, Identification protocols. 1 Introduction Direct attacks on the famous RSA cryptosystem seem to require that one factor
Cryptanalysis
, 2006
"... Tseng et al. have introduced in 2003 an authenticated encryption scheme by using selfcertified public keys. Based on this scheme several authors have proposed new signature schemes avoiding some attacks against the original proposal. In this paper we show that there is a weakness on all these schem ..."
Abstract
 Add to MetaCart
Tseng et al. have introduced in 2003 an authenticated encryption scheme by using selfcertified public keys. Based on this scheme several authors have proposed new signature schemes avoiding some attacks against the original proposal. In this paper we show that there is a weakness on all these schemes affecting both the authentication of the signer’s public key and the own security of the system. We propose a slight but necessary modification to these schemes in order to avoid that weakness.
The RC5 Encryption Algorithm
, 1995
"... Abstract. This document describes the RC5 encryption algorithm. RC5 is a fast symmetric block cipher suitable for hardware or software implementations. A novel feature of RC5 is the heavy use of datadependent rotations. RC5 has a variable word size, a variable number of rounds, and a variablelengt ..."
Abstract

Cited by 350 (7 self)
 Add to MetaCart
Abstract. This document describes the RC5 encryption algorithm. RC5 is a fast symmetric block cipher suitable for hardware or software implementations. A novel feature of RC5 is the heavy use of datadependent rotations. RC5 has a variable word size, a variable number of rounds, and a variablelength secret key. 1 AParameterized Family of Encryption Algorithms RC5 is wordoriented: all of the primitive operations work on wbit words as their basic unit of information. Here we assume w = 32, although the formal speci cation of RC5 admits variants for other word lengths, such asw = 64 bits. RC5 has twoword (64bit) input (plaintext) and output (ciphertext) block sizes. RC5 uses an \expanded key table, " S, derived from the user's supplied secret key. The size t of table S depends on the number r of rounds: S has t =2(r +1) words. There are thus several distinct \RC5 " algorithms, depending on the choice of parameters w and r. We summarize these parameters below: w This is the word size, in bits � each word contains u =(w=8) 8bit bytes. The standard value of w is 32 bits � allowable values of w are 16, 32, and 64. RC5 encrypts twoword blocks: plaintext and ciphertext blocks are each 2w bits long. r This is the number of rounds. Also, the expanded key table S contains t =2(r +1)words. Allowable values of r are 0, 1,..., 255. In addition to w and r, RC5 has a variablelength secret cryptographic key, speci ed parameters b and K: b The number of bytes in the secret key K. Allowable values of b are 0, 1,
A Fuzzy Commitment Scheme
 ACM CCS'99
, 1999
"... We combine wellknown techniques from the areas of errorcorrecting codes and cryptography to achieve a new type of cryptographic primitive that we refer to as a fuzzy commitment scheme. Like a conventional cryptographic commitment scheme, our fuzzy commitment scheme is both concealing and binding: i ..."
Abstract

Cited by 327 (1 self)
 Add to MetaCart
is tolerant of error, it is capable of protecting biometric data just as conventional cryptographic techniques, like hash functions, are used to protect alphanumeric passwords. This addresses a major outstanding problem in the theory of biometric authentication. We prove the security characteristics of our
Results 1  10
of
5,179