Results 1 
9 of
9
Resource Fairness and Composability of Cryptographic Protocols
 In Cryptology ePrint Archive, http://eprint.iacr.org/2005/370
"... Abstract. We introduce the notion of resourcefair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to similar previously proposed definitions, our d ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce the notion of resourcefair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to similar previously proposed definitions, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort. In this model we specify the ideally fair functionality as allowing parties to “invest resources ” in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a “wrapper.”) Thus, by relaxing the notion of fairness, we avoid a wellknown impossibility result for fair multiparty computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed. Turning to constructions, we define a “commitprovefairopen ” functionality and design an efficient resourcefair protocol that securely realizes it, using a new variant of a cryptographic primitive known as “timelines.” With (the fairly wrapped version of) this functionality we show that some of the existing secure multiparty computation protocols can be easily transformed into resourcefair protocols while preserving their security. 1
MODULAR EXPONENTIATION VIA THE EXPLICIT CHINESE REMAINDER THEOREM
"... Abstract. Fix pairwise coprime positive integers p1, p2,..., ps. We propose representing integers u modulo m, where m is any positive integer up to roughly √ p1p2 · · · ps, as vectors (u mod p1, u mod p2,..., u mod ps). We use this representation to obtain a new result on the parallel complexity o ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Fix pairwise coprime positive integers p1, p2,..., ps. We propose representing integers u modulo m, where m is any positive integer up to roughly √ p1p2 · · · ps, as vectors (u mod p1, u mod p2,..., u mod ps). We use this representation to obtain a new result on the parallel complexity of modular exponentiation: there is an algorithm for the Common CRCW PRAM that, given positive integers x, e, and m in binary, of total bit length n, computes x e mod m in time O(n/lg lg n) using n O(1) processors. 1.
Timed commitments (Extended Abstract)
 IN ADVANCES IN CRYPTOLOGY— CRYPTO ’00
, 2000
"... We introduce and construct timed commitment schemes, an extension to the standard notion of commitments in which a potential forced opening phase permits the receiver to recover (with effort) the committed value without the help of the committer. An important application of our timedcommitment sche ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
(Show Context)
We introduce and construct timed commitment schemes, an extension to the standard notion of commitments in which a potential forced opening phase permits the receiver to recover (with effort) the committed value without the help of the committer. An important application of our timedcommitment scheme is contract signing: two mutually suspicious parties wish to exchange signatures on a contract. We show a twoparty protocol that allows them to exchange RSA or Rabin signatures. The protocol is strongly fair: if one party quits the protocol early, then the two parties must invest comparable amounts of time to retrieve the signatures. This statement holds even if one party has many more machines than the other. Other applications, including honesty preserving auctions and collective coinflipping, are discussed.
Efficient and Secure MultiParty Computation with Faulty Majority and Complete Fairness
 In Cryptology ePrint Archive, http://eprint.iacr.org/2004/019
, 2004
"... We study the problem of constructing secure multiparty computation (MPC) protocols that are completely fair  meaning that either all the parties learn the output of the function, or nobody does  even when a majority of the parties are corrupted. We first propose a framework for fair multi ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
We study the problem of constructing secure multiparty computation (MPC) protocols that are completely fair  meaning that either all the parties learn the output of the function, or nobody does  even when a majority of the parties are corrupted. We first propose a framework for fair multiparty computation, within which we formulate a definition of secure and fair protocols. The definition follows the standard simulation paradigm, but is modified to allow the protocol to depend on the runing time of the adversary. In this way, we avoid a wellknown impossibility result for fair MPC with corrupted majority; in particular, our definition admits constructions that tolerate up to (n \Gamma 1) corruptions, where n is the total number of parties. Next, we define a "commitprovefair open" functionality and construct an efficient protocol that realizes it, using a new variant of a cryptographic primitive known as "timelines." With this functionality, we show that some of the existing secure MPC protocols can be easily transformed into fair protocols while preserving their security. Putting these results together, we construct efficient, secure MPC protocols that are completely fair even in the presence of corrupted majorities. Furthermore, these protocols remain secure when arbitrarily composed with any protocols, which means, in particular, that they are concurrentlycomposable and nonmalleable. Finally, as an example of our results, we show a very efficient protocol that fairly and securely solves the socialist millionaires' problem.
Offline Submission with RSA TimeLock Puzzles,in: CIT 2010
 Proceedings of the 10th IEEE International Conference on Computer and Information Technology
"... ..."
(Show Context)
NonParallelizable and NonInteractive Client Puzzles from Modular Square Roots
"... Abstract—Denial of Service (DoS) attacks aiming to exhaust the resources of a server by overwhelming it with bogus requests have become a serious threat. Especially protocols that rely on public key cryptography and perform expensive authentication handshakes may be an easy target. A wellknown coun ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract—Denial of Service (DoS) attacks aiming to exhaust the resources of a server by overwhelming it with bogus requests have become a serious threat. Especially protocols that rely on public key cryptography and perform expensive authentication handshakes may be an easy target. A wellknown countermeasure against DoS attacks are client puzzles. The victimized server demands from the clients to commit computing resources before it processes their requests. To get service, a client must solve a cryptographic puzzle and submit the right solution. Existing client puzzle schemes have some drawbacks. They are either parallelizable, coarsegrained or can be used only interactively. In case of interactive client puzzles where the server poses the challenge an attacker might mount a counterattack on the clients by injecting fake packets containing bogus puzzle parameters. In this paper we introduce a novel scheme for client puzzles which relies on the computation of square roots modulo a prime. Modular square root puzzles are nonparallelizable, i. e., the solution cannot be obtained faster than scheduled by distributing the puzzle to multiple machines or CPU cores, and they can be employed both interactively and noninteractively. Our puzzles provide polynomial granularity and compact solution and verification functions. Benchmark results demonstrate the feasibility of our approach to mitigate DoS attacks on hosts in 1 or even 10 GBit networks. In addition, we show how to raise the efficiency of our puzzle scheme by introducing a bandwidthbased cost factor for the client. Keywords—client puzzles, Denial of Service (DoS), network protocols, authentication, computational puzzles
Modular Square Root Puzzles: Design of NonParallelizable and NonInteractive Client Puzzles
, 2012
"... Denial of Service (DoS) attacks aiming to exhaust the resources of a server by overwhelming it with bogus requests have become a serious threat. Especially protocols that rely on public key cryptography and perform expensive authentication handshakes may be an easy target. A wellknown countermeasur ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Denial of Service (DoS) attacks aiming to exhaust the resources of a server by overwhelming it with bogus requests have become a serious threat. Especially protocols that rely on public key cryptography and perform expensive authentication handshakes may be an easy target. A wellknown countermeasure against resource depletion attacks are client puzzles. The victimized server demands from the clients to commit computing resources before it processes their requests. To get service, a client must solve a cryptographic puzzle and submit the right solution. Existing client puzzle schemes have some drawbacks. They are either parallelizable, coarsegrained or can be used only interactively. In case of interactive client puzzles where the server poses the challenge an attacker might mount a counterattack on the clients by injecting faked packets with bogus puzzle parameters bearing the server’s sender address. In this paper we introduce a novel scheme for client puzzles which relies on the computation of square roots modulo a prime. Modular square root puzzles are nonparallelizable, i. e., the solution cannot be obtained faster than scheduled by distributing the puzzle to multiple machines or CPU cores, and they can be employed both interactively and noninteractively. Our puzzles provide polynomial granularity and compact solution and verification functions. Benchmark results demonstrate the feasibility of our approach to mitigate DoS attacks on hosts in 1 or even 10 Gbit networks. In addition, we show how to raise the efficiency of our puzzle scheme by introducing a bandwidthbased cost factor for the client. Furthermore, we also investigate the construction of client puzzles from modular cube roots.
Parallel Algebraic Algorithms
, 2004
"... In algebra, and particularly in the study of the algebraic structures known as fields, there are a number of problems that enjoy efficient sequential algorithms. Many of these sequential algorithms do not present immediately obvious parallel algorithms, but from a theoretical perspective, it is stil ..."
Abstract
 Add to MetaCart
(Show Context)
In algebra, and particularly in the study of the algebraic structures known as fields, there are a number of problems that enjoy efficient sequential algorithms. Many of these sequential algorithms do not present immediately obvious parallel algorithms, but from a theoretical perspective, it is still interesting to study the parallel complexity of these problems. We investigate three specific algebraic topics, namely the greatest common divisor problem, the modular polynomial exponentiation problem, and the polynomial factorization problem. The currently best known parallel algorithms are presented and their complexities analyzed. While these algorithms do not lend themselves well to implementation due to the fact that they rely on a number of processors polynomial in the size of the input, they do give us an upper bound on the parallel complexity of these problems. While polynomial GCD has been shown to be in N C, it is not currently known if the other two problems are in this parallel class. 1
Mestrado em Engenharia Informática Dissertação/Estágio Relatório Final Cryptography in GPUs
, 2009
"... Cryptography, the science of writing secrets, has been used for centuries to conceal information from eavesdroppers and spies. Today, in the information age, data security and authenticity are paramount, as more services and applications start to rely on the Internet, an unsecured channel. Despite t ..."
Abstract
 Add to MetaCart
(Show Context)
Cryptography, the science of writing secrets, has been used for centuries to conceal information from eavesdroppers and spies. Today, in the information age, data security and authenticity are paramount, as more services and applications start to rely on the Internet, an unsecured channel. Despite the existence of security protocols and implementations, many online services refrain to use cryptographic algorithms due to their poor performance, even when using cryptography would be a clear advantage. Graphics processing units (GPU) have been increasingly used in the last few years for general purpose computing. We present and describe serial and parallel efficient algorithms for modular arithmetic in the GPU. Based on these, we developed GPU implementations of symmetrickey ciphers, namely AES and Salsa20, and publickey algorithms, such as RSA, DiffieHellman and DSA. We bundled this software into a library that contains the main achievements of this thesis.