Results 1 
7 of
7
Designing Identification Schemes with Keys of Short Size
 Advances in Cryptology  proceedings of CRYPTO '94
, 1994
"... In the last few years, there have been several attempts to build identification protocols that do not rely on arithmetical operations with large numbers but only use simple operations (see [10, 8]). One was presented at the CRYPTO 89 rump session ([8]) and depends on the socalled Permuted Kerne ..."
Abstract

Cited by 25 (4 self)
 Add to MetaCart
In the last few years, there have been several attempts to build identification protocols that do not rely on arithmetical operations with large numbers but only use simple operations (see [10, 8]). One was presented at the CRYPTO 89 rump session ([8]) and depends on the socalled Permuted Kernel problem (PKP). Another appeared in the CRYPTO 93 proceedings and is based on the syndrome decoding problem (SD) form the theory of error correcting codes ([11]). In this paper, we introduce a new scheme of the same family with the distinctive character that both the secret key and the public identification key can be taken to be of short length. By short, we basically mean the usual size of conventional symmetric cryptosystems. As is known, the possibility of using short keys has been a challenge in public key cryptography and has practical applications. Our scheme relies on a combinatorial problem which we call Constrained Linear Equations (CLE in short) and which consists of solving a set of linear equations modulo some small prime q, the unknowns being subject to belong to a specific subset of the integers mod q. Thus, we enlarge the set of tools that can be used in cryptography.
Practical HumanMachine Identification over Insecure Channels
"... . Humanmachine identification is an important problem in cryptography that has applications in network access, electronic commerce, and smartcard design. It is a hard problem largely because human users have a very limited capacity in memorizing secrets and in performing protocols. Therefore, in a ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
. Humanmachine identification is an important problem in cryptography that has applications in network access, electronic commerce, and smartcard design. It is a hard problem largely because human users have a very limited capacity in memorizing secrets and in performing protocols. Therefore, in addition to the requirement that a humanmachine identification scheme must be provably secure, the scheme has to be practical in the sense that it must be feasible for a human user to participate. In this paper, we develop a new scheme for this problem. Our scheme improves upon some of the previously proposed humanmachine identification schemes. We present a vigorous security analysis of our scheme. We also present some attacks to show previously proposed schemes could be vulnerable. Keywords: cryptography, humanmachine identification, network security. 1. Introduction In several practical applications, it is necessary to "prove" one's identity. There are two interesting cases. (1) a comp...
A Realistic Security Analysis of Identification Schemes Based on Combinatorial Problems
 European Transactions on Telecommuncations
, 1997
"... . In this paper, we analyze the security of two zeroknowledge identification schemes based on combinatorial NPcomplete problems, PKP (Shamir [8]) and CLE (Stern [10]). We use two different approaches in order to determine, on one hand, the theoretical limit to the efficiency of the known attacks ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
. In this paper, we analyze the security of two zeroknowledge identification schemes based on combinatorial NPcomplete problems, PKP (Shamir [8]) and CLE (Stern [10]). We use two different approaches in order to determine, on one hand, the theoretical limit to the efficiency of the known attacks and, on the other hand, the practical results they permit. Accordingly, we obtain a precise evaluation of which parameters should be chosen today for a secure use of these protocols. 1 Introduction With the advent of zeroknowledge proofs in 1985 (see [5]), several interactive identification schemes have been proposed. The first ones, like the FiatShamir scheme [3], were based on number theoretical problems and used arithmetical operations with large numbers. In 1989, Shamir proposed a protocol of a new nature, PKP (Permuted Kernels Problem [8]), based on an NPcomplete problem. The distinctive character of this scheme is its use of small integers and its low requirement in memory and proc...
How to Exploit the Intractability of Exact TSP for Cryptography
, 1994
"... We outline constructions for both pseudorandom generators and oneway hash functions. These constructions are based on the exact TSP (XTSP), a special variant of the well known traveling salesperson problem. We prove that these constructions are secure if the XTSP is infeasible. Our constructions a ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We outline constructions for both pseudorandom generators and oneway hash functions. These constructions are based on the exact TSP (XTSP), a special variant of the well known traveling salesperson problem. We prove that these constructions are secure if the XTSP is infeasible. Our constructions are easy to implement, appear to be fast, but require a large amount of memory.
Cryptanalysis of pkp: a new approach
 In Public Key Cryptography 2001
, 1992
"... Abstract. Quite recently, in [4], a new timememory tradeoff algorithm was presented. The original goal of this algorithm was to count the number of points on an elliptic curve, however, the authors claimed that their approach could be applied to other problems. In this paper, we describe such an ap ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Quite recently, in [4], a new timememory tradeoff algorithm was presented. The original goal of this algorithm was to count the number of points on an elliptic curve, however, the authors claimed that their approach could be applied to other problems. In this paper, we describe such an application and show a new way to attack the Permuted Kernel Problem. This new method is faster than any previously known technique but still requires exponential time. In practice, we find that attacking PKP for the original size proposed by Shamir in [6] could be done on a single PC in 125 years. 1
Metaheuristic Search as a Cryptological Tool
, 2002
"... Cryptology is a thriving research area of great practical importance. It is a fundamental building block of communications security. Metaheuristic optimisation techniques such as simulated annealing and genetic algorithms have found successful application in a huge number of fields. However, their a ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Cryptology is a thriving research area of great practical importance. It is a fundamental building block of communications security. Metaheuristic optimisation techniques such as simulated annealing and genetic algorithms have found successful application in a huge number of fields. However, their application to leading edge industrialstrength cryptology has been slight. The power of metaheuristic search is, however, greatly underestimated. The research reported here shows how a range of modernday cryptological problems can be attacked successfully using metaheuristic search. Along the way, the work provides the cryptological researcher with many new approaches to applying metaheuristic search techniques. i Acknowledgements The author would like to thank Dr Jeremy Jacob for his support and encouragement to complete this thesis and to the Department of Computer Science for the sabbatical during which much of the groundwork was laid. I should like to thank Professor Colin Runciman for advice given in his role as assessor; this had a significant impact on my actually completing a thesis. I should like to thank: Dr Subhamoy Maitra for providing advice on correlation immune functions (and change of basis in particular); Dr William Millan for information on best achieved correlation immunity results to date, for providing fast ANF code and for alerting me to leadingedge literature on Boolean functions (and indeed for carrying out much of the work that interested me in this field in the first place); and DERA for sponsoring work that led to the heuristic evolution of security protocols. Thanks must also go to IBM Hursley, DERA, the UK Civil Service, the EPSRC's SEMINAL network and the Security Research Centre in Brisbane for invitations to speak on cryptology and metaheu...
A New N PComplete Problem and PublicKey Identification
"... Abstract. The appearance of the theory of zeroknowledge, presented by Goldwasser, Micali and Rackoff in 1985, opened a way to secure identification schemes. The first application was the famous FiatShamir scheme based on the problem of modular square roots extraction. In the following years, many ..."
Abstract
 Add to MetaCart
Abstract. The appearance of the theory of zeroknowledge, presented by Goldwasser, Micali and Rackoff in 1985, opened a way to secure identification schemes. The first application was the famous FiatShamir scheme based on the problem of modular square roots extraction. In the following years, many other schemes have been proposed, some FiatShamir extensions but also new discrete logarithm based schemes. Therefore, all of them were based on problems from number theory. Their main common drawback is high computational load because of arithmetical operations modulo large integers. Implementation on lowcost smart cards was made difficult and inefficient. With the Permuted Kernels Problem (PKP), Shamir proposed the first efficient scheme allowing for an implementation on such lowcost smart cards, but very few others have afterwards been suggested. In this paper, we present an efficient identification scheme based on a combinatorial N Pcomplete problem: the Permuted Perceptrons Problem (PPP). This problem seems hard enough to be unsolvable even with very small parameters, and some recent cryptanalysis studies confirm that position. Furthermore, it admits efficient zeroknowledge proofs of knowledge and so it is wellsuited for cryptographic purposes. An actual implementation completes the optimistic opinion about efficiency and practicability on lowcost smart cards, and namely with less than 2KB of EEPROM and just 100 Bytes of RAM and 6.4 KB of communication.