Results 1  10
of
56
The Elliptic Curve Digital Signature Algorithm (ECDSA)
, 1999
"... The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideratio ..."
Abstract

Cited by 146 (5 self)
 Add to MetaCart
(Show Context)
The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideration for inclusion in some other ISO standards. Unlike the ordinary discrete logarithm problem and the integer factorization problem, no subexponentialtime algorithm is known for the elliptic curve discrete logarithm problem. For this reason, the strengthperkeybit is substantially greater in an algorithm that uses elliptic curves. This paper describes the ANSI X9.62 ECDSA, and discusses related security, implementation, and interoperability issues. Keywords: Signature schemes, elliptic curve cryptography, DSA, ECDSA.
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 58 (8 self)
 Add to MetaCart
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
The Whirlpool Hashing Function
 First open NESSIE Workshop
, 2000
"... Abstract. We present Whirlpool, a 512bit hash function operating on messages less than 2256 bits in length. The function structure is designed according to the Wide Trail strategy and permits a wide variety of implementation tradeoffs. (Revised on May 24, 2003) 1 ..."
Abstract

Cited by 48 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present Whirlpool, a 512bit hash function operating on messages less than 2256 bits in length. The function structure is designed according to the Wide Trail strategy and permits a wide variety of implementation tradeoffs. (Revised on May 24, 2003) 1
Security for a High Performance Commodity Storage Subsystem
, 1999
"... and the United States Postal Service. The views and conclusions in this document are my own and should not be interpreted as representing the official policies, either expressed or implied, of any supporting organization or the U.S. Government. ..."
Abstract

Cited by 42 (1 self)
 Add to MetaCart
and the United States Postal Service. The views and conclusions in this document are my own and should not be interpreted as representing the official policies, either expressed or implied, of any supporting organization or the U.S. Government.
A model and architecture for pseudorandom generation with applications to /dev/random
 In ACM Conference on Computer and Communications Security
, 2005
"... We present a formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge/control of the generator’s entropy source. Our model and architecture have the following properties: • Resilience. The generator’s output l ..."
Abstract

Cited by 32 (1 self)
 Add to MetaCart
We present a formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge/control of the generator’s entropy source. Our model and architecture have the following properties: • Resilience. The generator’s output looks random to an observer with no knowledge of the internal state. This holds even if that observer has complete control over data that is used to refresh the internal state. • Forward security. Past output of the generator looks random to an observer, even if the observer learns the internal state at a later time. • Backward security/Breakin recovery. Future output of the generator looks random, even to an observer with knowledge of the current state, provided that the generator is refreshed with data of sufficient entropy. Architectures such as above were suggested before. This work differs from previous attempts in that we present a formal model for robust pseudorandom generation, and provide a formal proof within this model for the security of our architecture. To our knowledge, this is the first attempt at a rigorous model for this problem. Our formal modeling advocates the separation of the entropy extraction phase from the output generation phase. We argue that the former is informationtheoretic in nature, and could therefore rely on combinatorial and statistical tools rather than on cryptography. On the other hand, we show that the latter can be implemented using any standard (nonrobust) cryptographic PRG. We also discuss the applicability of our architecture for applications such as /dev/(u)random in Linux and pseudorandom generation on smartcards.
Software smart cards via cryptographic camouflage
 In Proceedings of the IEEE Symposium on Security and Privacy, 1999, http://www.arcot.com
"... ..."
(Show Context)
Cryptanalysis of the windows random number generator
 in ACM Conference on Computer and Communications Security
, 2007
"... The pseudorandom number generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudorandomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. We exa ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
The pseudorandom number generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudorandomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. We examined the binary code of a distribution of Windows 2000, which is still the second most popular operating system after Windows XP. (This investigation was done without any help from Microsoft.) We reconstructed, for the first time, the algorithm used by the pseudorandom number generator (namely, the function CryptGenRandom). We analyzed the security of the algorithm and found a nontrivial attack: given the internal state of the generator, the previous
PrivacyPreserving Reconstruction of Multidimensional Data Maps in Vehicular Participatory Sensing
"... Abstract. The proliferation of sensors in devices of frequent use, such as mobile phones, offers unprecedented opportunities for forming selfselected communities around shared sensory data pools that enable community specific applications of mutual interest. Such applications have recently been term ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
(Show Context)
Abstract. The proliferation of sensors in devices of frequent use, such as mobile phones, offers unprecedented opportunities for forming selfselected communities around shared sensory data pools that enable community specific applications of mutual interest. Such applications have recently been termed participatory sensing. An important category of participatory sensing applications is one that construct maps of different phenomena (e.g., traffic speed, pollution) using vehicular participatory sensing. An example is sharing data from GPSenabled cellphones to map traffic or noise patterns. Concerns with data privacy are a key impediment to the proliferation of such applications. This paper presents theoretical foundations, a system implementation, and an experimental evaluation of a perturbationbased mechanism for ensuring privacy of locationtagged participatory sensing data while allowing correct reconstruction of community statistics of interest (computed from shared perturbed data). The system is applied to construct accurate traffic speed maps in a small campus town from shared GPS data of participating vehicles, where the individual vehicles are allowed to “lie ” about their actual location and speed at all times. An extensive evaluation demonstrates the efficacy of the approach in concealing multidimensional, correlated, timeseries data while allowing for accurate reconstruction of spatial statistics. 1
Security Issues in the DiffieHellman Key Agreement Protocol
 IEEE Trans. on Information Theory
, 2000
"... DiffieHellman key agreement protocol [27] implementations have been plagued by serious security flaws. The attacks can be very subtle and, more often than not, haven't been taken into account by protocol designers. In this paper we attempt to provide a link between theoretical research and r ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
DiffieHellman key agreement protocol [27] implementations have been plagued by serious security flaws. The attacks can be very subtle and, more often than not, haven't been taken into account by protocol designers. In this paper we attempt to provide a link between theoretical research and realworld implementations. In addition to exposing the most important attacks and issues we present fairly detailed pseudocode for the authenticated DiffieHellman protocol and for the halfcertified DiffieHellman (a.k.a. Elgamal key agreement). It is hoped that computer security practitioners will obtain enough information to build and design secure and efficient versions of this classic key agreement protocol. Contents 1