Results 1 
6 of
6
On Fast and Provably Secure Message Authentication Based on Universal Hashing
 In Advances in Cryptology – CRYPTO ’96
, 1996
"... There are wellknown techniques for message authentication using universal hash functions. This approach seems very promising, as it provides schemes that are both efficient and provably secure under reasonable assumptions. This paper contributes to this line of research in two ways. First, it analy ..."
Abstract

Cited by 67 (0 self)
 Add to MetaCart
There are wellknown techniques for message authentication using universal hash functions. This approach seems very promising, as it provides schemes that are both efficient and provably secure under reasonable assumptions. This paper contributes to this line of research in two ways. First, it analyzes the basic construction and some variants under more realistic and practical assumptions. Second, it shows how these schemes can be efficiently implemented, and it reports on the results of empirical performance tests that demonstrate that these schemes are competitive with other commonly employed schemes whose security is less wellestablished. 1 Introduction Message Authentication. Message authentication schemes are an important security tool. As more and more data is being transmitted over networks, the need for secure, highspeed, softwarebased message authentication is becoming more acute. The setting for message authentication is the following. Two parties A and B agree on a secre...
A Parallel Hardware Architecture for fast Gaussian Elimination over GF(2
 In International Workshop on SpecialPurpose Hardware for Attacking Cryptographic Systems — SHARCS’06
, 2006
"... This paper presents a hardwareoptimized variant of the wellknown Gaussian elimination over GF(2) and its highly efficient implementation. The proposed hardware architecture, we call SMITH 1, can solve any regular and (uniquely solvable) overdetermined linear system of equations (LSE) and is not li ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
This paper presents a hardwareoptimized variant of the wellknown Gaussian elimination over GF(2) and its highly efficient implementation. The proposed hardware architecture, we call SMITH 1, can solve any regular and (uniquely solvable) overdetermined linear system of equations (LSE) and is not limited to matrices of a certain structure. Besides solving LSEs, the architecture at hand can also accomplish the related problem of matrix inversion extremely fast. Its average running time for n×n binary matrices with uniformly distributed entries equals 2n (clock cycles) as opposed to about 1 4 n3 in software. The average running time remains very close to 2n for random matrices with densities much greater or lower than 0.5. The architecture has a worstcase time complexity of O(n 2) and also a space complexity of O(n 2). With these characteristics the architecture is particularly suited to efficiently solve mediumsized LSEs as they for example appear in the cryptanalysis of certain stream cipher classes. Moreover, we propose a hardwareoptimized algorithm for matrixbymatrix multiplication over GF(2) which runs in linear time and quadratic space on a similar architecture. This opens up the possibility of building a more complex architecture for efficiently solving larger LSEs by means of Strassen’s algorithm. This architecture could significantly improve the time complexity of algebraic attacks on various ciphers. As proofofconcept we realized SMITH on a contemporary lowcost FPGA. The implementation for a 50 × 50 LSE can be clocked with a frequency of up to 300 MHz and computes the solution in 0.33µs on average. 1
Factoring Integers with LargePrime Variations of the Quadratic Sieve
, 1995
"... This article is concerned with the largeprime variations of the multipolynomial quadratic sieve factorization method: the PMPQS (one large prime) and the PPMPQS (two). We present the results of many factorization runs with the PMPQS and PPMPQS on SGI workstations and on a Cray C90 vector computer. ..."
Abstract
 Add to MetaCart
This article is concerned with the largeprime variations of the multipolynomial quadratic sieve factorization method: the PMPQS (one large prime) and the PPMPQS (two). We present the results of many factorization runs with the PMPQS and PPMPQS on SGI workstations and on a Cray C90 vector computer. Experiments show that for our Cray C90 implementations PPMPQS beats PMPQS for numbers of more than 80 digits, and that this crossover point goes down with the amount of available central memory. For PMPQS we give a formula to predict the total running time based on a short test run. The accuracy of the prediction is within 10% of the actual running time. For PPMPQS we do not have such a formula. Yet in order to provide measurements to help determining a good choice of the parameters in PPMPQS, we factored many numbers. In addition we give an experimental prediction formula for PPMPQS suitable if one wishes to factor many large numbers of about the same size. 1. INTRODUCTION
Factoring Integers With Large Prime Variations of the Quadratic Sieve
, 1995
"... We present the results of many factorization runs with the single and double large prime variations (PMPQS, and PPMPQS, respectively) of the quadratic sieve factorization method on SGI workstations, and on a Cray C90 vectorcomputer. Experiments with 71, 87, and 99digit numbers show that for ..."
Abstract
 Add to MetaCart
We present the results of many factorization runs with the single and double large prime variations (PMPQS, and PPMPQS, respectively) of the quadratic sieve factorization method on SGI workstations, and on a Cray C90 vectorcomputer. Experiments with 71, 87, and 99digit numbers show that for our Cray C90 implementations PPMPQS beats PMPQS for numbers of more than 80 digits, and this crossover point goes down with the amount of available central memory. For PMPQS a known theoretical formula is worked out and tested that helps to predict the total running time on the basis of a short test run. The accuracy of the prediction is within 10% of the actual running time. For PPMPQS such a prediction formula is not known and the determination of an optimal choice of the parameters for a given number would require many full runs with that given number, and the use of an inadmissible amount of CPUtime. In order yet to provide measurements that can help to determine a good choic...
DIPLOMARBEIT *MARIUS C. MERTENS PHYSICAL COMPUTATION DEVICES FOR CRYPTANALYTIC APPLICATIONS* Physical Computation Devices for Cryptanalytic Applications *MARIUS C. MERTENS PHYSICAL COMPUTATION DEVICES FOR CRYPTANALYTIC APPLICATIONS*
"... An dieser Stelle danke ich allen, die durch ihre fachliche und persönliche Unterstützung ..."
Abstract
 Add to MetaCart
An dieser Stelle danke ich allen, die durch ihre fachliche und persönliche Unterstützung
Factoring Small to Medium Size Integers: An Experimental Comparison
, 2010
"... Abstract. We report on our experiments in factoring integers from 50 to 200 bit with the NFS postsieving stage or class group structure computations as potential applications. We implemented, with careful parameter selections, several generalpurpose factoring algorithms suited for these smaller num ..."
Abstract
 Add to MetaCart
Abstract. We report on our experiments in factoring integers from 50 to 200 bit with the NFS postsieving stage or class group structure computations as potential applications. We implemented, with careful parameter selections, several generalpurpose factoring algorithms suited for these smaller numbers, from Shanks’s square form factorization method to the selfinitializing quadratic sieve, and revisited the continued fraction algorithm in light of recent advances in smoothness detection batch methods. We provide detailed timings for our implementations to better assess their relative range of practical use on current commodity hardware. 1