Results 11  20
of
233
Constructing fair exchange protocols for ecommerce via distributed computation of RSA signatures
 in PODC 2003
, 2003
"... Applications such as ecommerce payment protocols, electronic contract signing, and certified email delivery require that fair exchange be assured. A fairexchange protocol allows two parties to exchange items in a fair way so that either each party gets the other's item, or neither party do ..."
Abstract

Cited by 29 (1 self)
 Add to MetaCart
Applications such as ecommerce payment protocols, electronic contract signing, and certified email delivery require that fair exchange be assured. A fairexchange protocol allows two parties to exchange items in a fair way so that either each party gets the other's item, or neither party does. We describe a novel method of constructing very efficient fairexchange protocols by distributing the computation of RSA signatures. Specifically, we employ multisignatures based on the RSAsignature scheme. To date, the vast majority of fairexchange protocols require the use of zeroknowledge proofs, which is the most computationally intensive part of the exchange protocol. Using the intrinsic features of our multisignature model, we construct protocols that require no zeroknowledge proofs in the exchange protocol. Use of zeroknowledge proofs is needed only in the protocol setup phasethis is a onetime cost. Furthermore, our scheme uses multisignatures that are compatible with the underlying standard (singlesigner) signature scheme, which makes it possible to readily integrate the fairexchange feature with existing ecommerce systems.
Securing wireless data: System architecture challenges
 in Proc. Intl. Symp. System Synthesis
, 2002
"... Security is critical to a wide range of current and future wireless data applications and services. This paper highlights the challenges posed by the need for security during system architecture design for wireless handsets, and provides an overview of emerging techniques to address them. We focus o ..."
Abstract

Cited by 27 (6 self)
 Add to MetaCart
(Show Context)
Security is critical to a wide range of current and future wireless data applications and services. This paper highlights the challenges posed by the need for security during system architecture design for wireless handsets, and provides an overview of emerging techniques to address them. We focus on the computational requirements for securing wireless data transactions, revealing a gap between these requirements and the trends in processing capabilities of embedded processors used in wireless handsets. We also demonstrate that the use of security protocols causes significant degradation in battery life, a problem that will worsen due to the slow growth in battery capacities. These trends point to a wireless security processing gap that, unless addressed, will impede the deployment of secure highspeed wireless data and multimedia applications. We discuss approaches that are currently being pursued to bridge this gap, including lowcomplexity cryptographic algorithms, security enhancements to embedded processors, and advanced system architectures for wireless handsets that are enabled by new systemlevel design methodologies. Categories and Subject Descriptors
Rounding in Lattices and Its Cryptographic Applications
 Proc. 8th Annual ACMSIAM Symp. on Discr. Algorithms, ACM
, 1997
"... We analyze a lattice rounding technique using a natural matrix norm. We present its application to proving in a nonuniform model the hardness of computing 2 log log p bits of the secret keys of DiffieHellman and related protocols from the public keys. Earlier in [2] it was shown that p log p bits ..."
Abstract

Cited by 25 (0 self)
 Add to MetaCart
We analyze a lattice rounding technique using a natural matrix norm. We present its application to proving in a nonuniform model the hardness of computing 2 log log p bits of the secret keys of DiffieHellman and related protocols from the public keys. Earlier in [2] it was shown that p log p bits are hard to compute. 1 Introduction Lattice basis reduction techniques have proven to be very useful in diverse areas. Examples include cryptography, settling number theoretic conjectures, and diophantine approximation. Rounding a given vector to an approximately closest vector in a given lattice was first studied in this context by Babai [1]. Recently in [2] rounding in lattices was used to study the hardness of computing the most significant bits of secret keys obtained using the DiffieHellman protocol and related schemes. Motivated by this, we study a new lattice rounding technique which is used to improve on the results of [2] in a nonuniform model. The DiffieHellman protocol [3] ena...
An elliptic curve cryptography based authentication and key agreement protocol for wireless communication
 In 2nd International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications Symposium on Information Theory
, 1998
"... We propose an authentication and key agreement protocol for wireless communication based on elliptic curve cryptographic techniques. The proposed protocol requires signi cantly less bandwidth than the AzizDi e and BellerChangYacobi protocols, and furthermore, it has lower computational burden and ..."
Abstract

Cited by 24 (4 self)
 Add to MetaCart
(Show Context)
We propose an authentication and key agreement protocol for wireless communication based on elliptic curve cryptographic techniques. The proposed protocol requires signi cantly less bandwidth than the AzizDi e and BellerChangYacobi protocols, and furthermore, it has lower computational burden and storage requirements on the user side. The use of elliptic curve cryptographic techniques provide greater security using fewer bits, resulting in a protocol which requires low computational overhead, and thus, making it suitable for wireless and mobile communication systems, including smartcards and handheld devices. 1
Fast Generation of Prime Numbers and Secure PublicKey Cryptographic Parameters
, 1995
"... A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. The ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
(Show Context)
A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. Therefore our algorithm is even faster than presentlyused algorithms for generating only pseudoprimes because several MillerRabin tests with independent bases must be applied for achieving a sufficient confidence level. Heuristic arguments suggest that the generated primes are close to uniformly distributed over the set of primes in the specified interval. Security constraints on the prime parameters of certain cryptographic systems are discussed, and in particular a detailed analysis of the iterated encryption attack on the RSA publickey cryptosystem is presented. The prime generation algorithm can easily be modified to generate nearly random primes or RSAmoduli that satisfy t...
Cryptanalysis of the ChorRivest Cryptosystem
 CRYPTO '98
, 1998
"... Knapsackbased cryptosystems used to be popular in the beginning of public key cryptography before being all broken, all but the ChorRivest cryptosystem. In this paper, we show how to break this one with its suggested parameters: GF(p^24) and GF(256^25). ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
Knapsackbased cryptosystems used to be popular in the beginning of public key cryptography before being all broken, all but the ChorRivest cryptosystem. In this paper, we show how to break this one with its suggested parameters: GF(p^24) and GF(256^25).
A.: A generalized Wiener attack on RSA
 In Public Key Cryptography  PKC 2004
, 2004
"... Abstract. We present an extension of Wiener’s attack on small RSA secret decryption exponents [10]. Wiener showed that every RSA public key tuple (N, e) with e ∈ φ(N) that satisfies ed − 1 = 0 mod φ(N) for some d < 1 3 N 1 4 yields the factorization of N = pq. Our new method finds p and q in poly ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We present an extension of Wiener’s attack on small RSA secret decryption exponents [10]. Wiener showed that every RSA public key tuple (N, e) with e ∈ φ(N) that satisfies ed − 1 = 0 mod φ(N) for some d < 1 3 N 1 4 yields the factorization of N = pq. Our new method finds p and q in polynomial time for every (N, e) satisfying ex + y = 0 mod φ(N) with x < 1 3 N 1 4 and y  = O(N − 3 4 ex). In other words, the generalization works for all secret keys d = −xy −1, where x, y are suitably small. We show that the number of these weak keys is at least N 3 4 −ɛ and that the number increases with decreasing prime difference p − q. As an application of our new attack, we present the cryptanalysis of an RSAtype scheme presented by Yen, Kim, Lim and Moon [11, 12]. Our results point out again the warning for cryptodesigners to be careful when using the RSA key generation process with special parameters.
Constructing Elliptic Curve Cryptosystems in Characteristic 2
, 1998
"... Since the group of an elliptic curve defined over a finite field F_q... The purpose of this paper is to describe how one can search for suitable elliptic curves with random coefficients using Schoof's algorithm. We treat the important special case of characteristic 2, where one has certain simp ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
(Show Context)
Since the group of an elliptic curve defined over a finite field F_q... The purpose of this paper is to describe how one can search for suitable elliptic curves with random coefficients using Schoof's algorithm. We treat the important special case of characteristic 2, where one has certain simplifications in some of the algorithms.
HighSpeed Implementation of an ECCbased Wireless Authentication Protocol on an
 ARM Microprocessor”, IEE Pro.: Comms, Oct
, 2001
"... In this paper, we present the results of our implementation of elliptic curve cryptography (ECC) over the field GF(p) onan80MHz, 32bit ARM microprocessor. We have produced a practical software library which supports variable length implementation of the elliptic curve digital signature algorithm ( ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
(Show Context)
In this paper, we present the results of our implementation of elliptic curve cryptography (ECC) over the field GF(p) onan80MHz, 32bit ARM microprocessor. We have produced a practical software library which supports variable length implementation of the elliptic curve digital signature algorithm (ECDSA). We implemented the ECDSA and a recently proposed ECCbased wireless authentication protocol using the library. Our timing results show that the 160bit ECDSA signature generation and verification operations take around 46 ms and 94 ms, respectively. With these timings, the execution of the ECCbased wireless authentication protocol takes around 140 ms on the ARM7TDMI processor, which is a widely used, lowpower core processor for wireless applications. 1
Optimizing PublicKey Encryption for Wireless Clients
, 2002
"... Providing acceptable levels of security imposes significant computational requirements on wireless clients, servers, and network elements. These requirements are often beyond the modest processing capabilities and energy (battery) resources available on wireless clients. The relatively small sizes o ..."
Abstract

Cited by 15 (7 self)
 Add to MetaCart
Providing acceptable levels of security imposes significant computational requirements on wireless clients, servers, and network elements. These requirements are often beyond the modest processing capabilities and energy (battery) resources available on wireless clients. The relatively small sizes of wireless data transactions imply that publickey encryption algorithms dominate the security processing requirements. In this work,