Results 1 
4 of
4
Highspeed highsecurity signatures
"... Abstract. This paper shows that a $390 massmarket quadcore 2.4GHz Intel Westmere (Xeon E5620) CPU can create 109000 signatures per second and verify 71000 signatures per second on an elliptic curve at a 2 128 security level. Public keys are 32 bytes, and signatures are 64 bytes. These performance ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This paper shows that a $390 massmarket quadcore 2.4GHz Intel Westmere (Xeon E5620) CPU can create 109000 signatures per second and verify 71000 signatures per second on an elliptic curve at a 2 128 security level. Public keys are 32 bytes, and signatures are 64 bytes. These performance figures include strong defenses against software sidechannel attacks: there is no data flow from secret keys to array indices, and there is no data flow from secret keys to branch conditions.
Advanced Course on Contemporary Cryptology, chapter Provable Security for PublicKey Schemes
 Advanced Courses CRM Barcelona. Birkhuser Publishers, Basel, juin 2005. ISBN: 376437294X (248
, 2005
"... Abstract. Since the appearance of publickey cryptography in the DiffieHellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for a long time, the simple fact that a cryptographic algorithm had withstood cryptanalytic attacks for several years was considered as a ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Since the appearance of publickey cryptography in the DiffieHellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for a long time, the simple fact that a cryptographic algorithm had withstood cryptanalytic attacks for several years was considered as a kind of validation. But some schemes took a long time before being widely studied, and maybe thereafter being broken. A much more convincing line of research has tried to provide “provable ” security for cryptographic protocols, in a complexity theory sense: if one can break the cryptographic protocol, one can efficiently solve the underlying problem. Unfortunately, this initially was a purely theoretical work: very few practical schemes could be proven in this socalled “standard model ” because such a security level rarely meets with efficiency. Ten years ago, Bellare and Rogaway proposed a tradeoff to achieve some kind of validation of efficient schemes, by identifying some concrete cryptographic objects with ideal random ones. The most famous identification appeared in the socalled “randomoracle model”. More recently, another direction has been taken to prove the security of efficient schemes in the standard model (without any ideal assumption) by using stronger computational assumptions. In these lectures, we focus on practical asymmetric protocols together with their “reductionist ” security proofs, mainly in the randomoracle model. We cover the two main goals that publickey cryptography is devoted to solve: authentication with digital signatures, and confidentiality with publickey encryption schemes. 1
Monotone Signatures
, 2002
"... In many reallife situations, massive quantities of signatures have to be issued on cheap passive supports (e.g. paperbased) such as banknotes, badges, ID cards, driving licenses or passports (hereafter IDs); while largescale ID replacements are costly and prohibitive, one may reasonably assu ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In many reallife situations, massive quantities of signatures have to be issued on cheap passive supports (e.g. paperbased) such as banknotes, badges, ID cards, driving licenses or passports (hereafter IDs); while largescale ID replacements are costly and prohibitive, one may reasonably assume that the updating of verification equipment (e.g.
Monotone Signatures
"... Abstract. In many reallife situations, massive quantities of signatures have to be issued on cheap passive supports (e.g. paperbased) such as banknotes, badges, ID cards, driving licenses or passports (hereafter IDs); while largescale ID replacements are costly and prohibitive, one may reasonabl ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In many reallife situations, massive quantities of signatures have to be issued on cheap passive supports (e.g. paperbased) such as banknotes, badges, ID cards, driving licenses or passports (hereafter IDs); while largescale ID replacements are costly and prohibitive, one may reasonably assume that the updating of verification equipment (e.g. offline border checkpoints or mobile patrol units) is exceptionally acceptable. In such a context, an attacker using coercive means (e.g. kidnapping) can force the system authorities to reveal the infrastructure’s secret signature keys and start issuing signatures that are indistinguishable from those issued by the authority. The solution presented in this paper withstands such attacks up to a certain point: after the theft, the authority restricts the verification criteria (by an exceptional verification equipment update) in such a way that the genuine signatures issued before the attack become easily distinguishable from the fresher signatures issued by the attacker. Needless to say, we assume that at any point in time the verification algorithm is entirely known to the attacker.