Results 1  10
of
12
RSAtype Signatures in the Presence of Transient Faults
, 1997
"... . In this paper, we show that the presence of transient faults can leak some secret information. We prove that only one faulty RSAsignature is needed to recover one bit of the secret key. Thereafter, we extend this result to Lucasbased and elliptic curve systems. Keywords. RSA, Lucas sequences, el ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
. In this paper, we show that the presence of transient faults can leak some secret information. We prove that only one faulty RSAsignature is needed to recover one bit of the secret key. Thereafter, we extend this result to Lucasbased and elliptic curve systems. Keywords. RSA, Lucas sequences, elliptic curves, transient faults. 1 Introduction At the last Workshop on Security Protocols, Bao, Deng, Han, Jeng, Narasimhalu and Ngair from the Institute of Systems Science (Singapore) exhibited new attacks against several cryptosystems [2]. These attacks exploit the presence of transient faults. By exposing a device to external constraints, one can induce some faults with a nonnegligible probability [1]. In this paper, we show that these attacks are of very general nature and remain valid for cryptosystems based on other algebraic structures. We will illustrate this topic on the Lucasbased and elliptic curve cryptosystems. Moreover, we will focus on the signatures generation, reducing t...
On the importance of securing your bins: The garbagemaninthemiddle attack
, 1997
"... In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak errorhandling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak errorhandling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access to the decryption of this modified ciphertext. Moreover, it applies on many cryptosystems, including RSA, Rabin, LUC, KMOV, Demytko, ElGamal and its analogues, 3pass system, knapsack scheme, etc. . .
Answers To Frequently Asked Questions About Today's Cryptography
, 1993
"... this document, authentication will generally refer to the use of digital signatures, which play a function for digital documents similar to that played by handwritten signatures for printed documents: the signature is an unforgeable piece of data asserting that a named person wrote or otherwise agre ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
this document, authentication will generally refer to the use of digital signatures, which play a function for digital documents similar to that played by handwritten signatures for printed documents: the signature is an unforgeable piece of data asserting that a named person wrote or otherwise agreed to the document to which the signature is attached. The recipient, as well as a third party, can verify both that the document did indeed originate from the person whose signature is attached and that the document has not been altered since it was signed. A secure digital signature system thus consists of two parts: a method of signing a document such that forgery is infeasible, and a method of verifying that a signature was actually generated by whomever it represents. Furthermore, secure digital signatures cannot be repudiated; i.e., the signer of a document cannot later disown it by claiming it was forged.
A New and Optimal ChosenMessage Attack on RSAType Cryptosystems
 Signatures in the Presence of Transient Faults 7 in the proceedings of the International Conference on Information and Communications Security
, 1997
"... Chosenmessage attack on RSA is usually considered as an inherent property of its homomorphic structure. In this paper, we show that nonhomomorphic RSAtype cryptosystems are also susceptible to a chosenmessage attack. In particular, we prove that only one message is needed to mount a successful c ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Chosenmessage attack on RSA is usually considered as an inherent property of its homomorphic structure. In this paper, we show that nonhomomorphic RSAtype cryptosystems are also susceptible to a chosenmessage attack. In particular, we prove that only one message is needed to mount a successful chosenmessage attack against the Lucasbased systems and Demytko's elliptic curve system.
Protocol Failures for RSAlike Functions using Lucas Sequences and Elliptic Curves
, 1997
"... . We show that the cryptosystems based on Lucas sequences and on elliptic curves over a ring are insecure when a linear relation is known between two plaintexts that are encrypted with a "small" public exponent. This attack is already known for the classical RSA system, but the proofs and the result ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
. We show that the cryptosystems based on Lucas sequences and on elliptic curves over a ring are insecure when a linear relation is known between two plaintexts that are encrypted with a "small" public exponent. This attack is already known for the classical RSA system, but the proofs and the results here are different. 1 Introduction In numerous situations, the difference between two plaintexts is known, as for example,  texts differing only from their date of compilation;  letters sent to different destinators;  retransmission of a message with a new ID number due to an error;  : : : On the other hand, the security of publickey cryptosystems relies on trapdoor oneway functions. A trapdoor oneway function is a function easy to compute but infeasible to invert unless the trapdoor is known. Many trapdoor oneway functions are using a polynomial in a given algebraic structure (think about RSA). Recently, some researchers [9, 25, 5, 6] were able to exploit such a structur...
Cryptanalysis of RSAType Cryptosystems: A Visit
 DIMACS Series in Discr. Math. ant Th. Comp. Sci., AMS
, 1998
"... . This paper surveys RSAtype implementations based on Lucas sequences and on elliptic curves. The main focus is the way how some known attacks on RSA were extended to LUC, KMOV and Demytko's system. It also gives some directions for the choice of the most appropriate RSAtype system for a given app ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
. This paper surveys RSAtype implementations based on Lucas sequences and on elliptic curves. The main focus is the way how some known attacks on RSA were extended to LUC, KMOV and Demytko's system. It also gives some directions for the choice of the most appropriate RSAtype system for a given application. 1. INTRODUCTION In 1978, Rivest, Shamir and Adleman [63] introduced the socalled RSA cryptosystem. Its security mainly relies on the difficulty of factoring carefully chosen large integers. After this breakthrough, other structures were proposed to produce analogues to RSA. So, Muller and Nobauer [54, 55] presented a cryptosystem using Dickson polynomials. This system was afterwards slightly modified and rephrased in terms of Lucas sequences by Smith and Lennon [70, 72]. More recently, Koyama, Maurer, Okamoto and Vanstone [41] exhibited new oneway trapdoor functions similar to RSA on elliptic curves, the socalled KMOV cryptosystem. Later, Demytko [20] also pointed out a new one...
Factoring Integers with LargePrime Variations of the Quadratic Sieve
, 1995
"... This article is concerned with the largeprime variations of the multipolynomial quadratic sieve factorization method: the PMPQS (one large prime) and the PPMPQS (two). We present the results of many factorization runs with the PMPQS and PPMPQS on SGI workstations and on a Cray C90 vector computer. ..."
Abstract
 Add to MetaCart
This article is concerned with the largeprime variations of the multipolynomial quadratic sieve factorization method: the PMPQS (one large prime) and the PPMPQS (two). We present the results of many factorization runs with the PMPQS and PPMPQS on SGI workstations and on a Cray C90 vector computer. Experiments show that for our Cray C90 implementations PPMPQS beats PMPQS for numbers of more than 80 digits, and that this crossover point goes down with the amount of available central memory. For PMPQS we give a formula to predict the total running time based on a short test run. The accuracy of the prediction is within 10% of the actual running time. For PPMPQS we do not have such a formula. Yet in order to provide measurements to help determining a good choice of the parameters in PPMPQS, we factored many numbers. In addition we give an experimental prediction formula for PPMPQS suitable if one wishes to factor many large numbers of about the same size. 1. INTRODUCTION
Data Security  CM 0321
, 2001
"... etwork security. Mandatory reading for aspiring system managers. Antonia J. Jones:18 December 2001 2 W. Stallings. Cryptography and Network Security: Principles and Practice. Prentice Hall. 1998. ISBN 0138690170. Fills in many aspects of the present course and goes on to discuss mail and intern ..."
Abstract
 Add to MetaCart
etwork security. Mandatory reading for aspiring system managers. Antonia J. Jones:18 December 2001 2 W. Stallings. Cryptography and Network Security: Principles and Practice. Prentice Hall. 1998. ISBN 0138690170. Fills in many aspects of the present course and goes on to discuss mail and internet security. C. P. Pfleeger. Security in Computing. Prentice Hall. 1997. ISBN 0131857940. Good general introduction. The classic 1,200 page definitive story of cryptography up to the late 1950's is: D. Kahn. The Codebreakers. Scribner, New York. 1996. A recent very interesting account including the history of RSA and PGP and a nontechnical discussion of quantum cryptography is: S. Singh. The Code Book. Fourth Estate, London. 1999. Fiction: Neal Stephenson. Cryptonomicon. William Heinemann, London. 1999. Antonia J. Jones:18 December 2001 3 CONTENTS I G
A Survey of Elliptic Curve Cryptosystems, Part I: Introductory
, 2003
"... The theory of elliptic curves is a classical topic in many branches of algebra and number theory, but recently it is receiving more attention in cryptography. An elliptic curve is a twodimensional (planar) curve defined by an equation involving a cubic power of coordinate x and a square power of co ..."
Abstract
 Add to MetaCart
The theory of elliptic curves is a classical topic in many branches of algebra and number theory, but recently it is receiving more attention in cryptography. An elliptic curve is a twodimensional (planar) curve defined by an equation involving a cubic power of coordinate x and a square power of coordinate y. One class of these curves is