Results 1  10
of
26
Chinese Remaindering Based Cryptosystems in the Presence of Faults
 Journal of Cryptology
"... . We present some observations on publickey cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Publicke ..."
Abstract

Cited by 27 (3 self)
 Add to MetaCart
. We present some observations on publickey cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Publickey cryptosystems, Faulty computations, Chinese remaindering. 1 Introduction In publickey cryptosystems two distinct computations can be distinguished: the computation that makes use of the secret, public key pair, and the one that only makes use of the public key. The former usually corresponds to the secret decryption or to the signature generation operation, the latter to the public encryption or to the signature verification operation. In this paper we restrict our attention to public key cryptosystems in which the former computation can be sped up using the Chinese remaindering algorithm. Examples of such cryptosystems are: RSA [16], LUC [19], KMOV [11], and Demytko's cryptosystem [6]. ...
TorusBased Cryptography
 In Advances in Cryptology (CRYPTO 2003), Springer LNCS 2729
, 2003
"... We introduce cryptography based on algebraic tori, give a new public key system called CEILIDH, and compare it to other discrete log based systems including LUC and XTR. Like those systems, we obtain small key sizes. While LUC and XTR are essentially restricted to exponentiation, we are able to perf ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
We introduce cryptography based on algebraic tori, give a new public key system called CEILIDH, and compare it to other discrete log based systems including LUC and XTR. Like those systems, we obtain small key sizes. While LUC and XTR are essentially restricted to exponentiation, we are able to perform multiplication as well. We also disprove the open conjectures from [2], and give a new algebrogeometric interpretation of the approach in that paper and of LUC and XTR.
Trapdoor OneWay Permutations and Multivariate Polynomials
 Proc. of ICICS'97, LNCS 1334
, 1997
"... This article is divided into two parts. The rst part describes the known candidates of trapdoor oneway permutations. The second part presents a new candidate trapdoor oneway permutation. This candidate is based on properties of multivariate polynomials on nite elds, and has similar characteristics ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
This article is divided into two parts. The rst part describes the known candidates of trapdoor oneway permutations. The second part presents a new candidate trapdoor oneway permutation. This candidate is based on properties of multivariate polynomials on nite elds, and has similar characteristics to T. Matsumoto, H. Imai, and J. Patarin's schemes. What makes trapdoor oneway permutations particularly interesting is the fact that they immediately provide ciphering, signature, and authentication asymmetric schemes. Our candidate performs excellently in secret key, and secret key computations can be implemented in lowcost smartcards, i.e. without coprocessors. Key words : Trapdoor oneway permutations, multivariate polynomials, research of new asymmetric bijective schemes. Notes: This paper is the extended version of the paper with the same title published at ICICS'97. In this extended version, we have taken into account the recent results of [5]. Part I Known candidates ...
Using Primitive Subgroups to Do More with Fewer Bits
, 2004
"... This paper gives a survey of some ways to improve the ef ciency of discrete logbased cryptography by using the restriction of scalars and the geometry and arithmetic of algebraic tori and abelian varieties. ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
This paper gives a survey of some ways to improve the ef ciency of discrete logbased cryptography by using the restriction of scalars and the geometry and arithmetic of algebraic tori and abelian varieties.
RSAtype Signatures in the Presence of Transient Faults
, 1997
"... . In this paper, we show that the presence of transient faults can leak some secret information. We prove that only one faulty RSAsignature is needed to recover one bit of the secret key. Thereafter, we extend this result to Lucasbased and elliptic curve systems. Keywords. RSA, Lucas sequences, el ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
. In this paper, we show that the presence of transient faults can leak some secret information. We prove that only one faulty RSAsignature is needed to recover one bit of the secret key. Thereafter, we extend this result to Lucasbased and elliptic curve systems. Keywords. RSA, Lucas sequences, elliptic curves, transient faults. 1 Introduction At the last Workshop on Security Protocols, Bao, Deng, Han, Jeng, Narasimhalu and Ngair from the Institute of Systems Science (Singapore) exhibited new attacks against several cryptosystems [2]. These attacks exploit the presence of transient faults. By exposing a device to external constraints, one can induce some faults with a nonnegligible probability [1]. In this paper, we show that these attacks are of very general nature and remain valid for cryptosystems based on other algebraic structures. We will illustrate this topic on the Lucasbased and elliptic curve cryptosystems. Moreover, we will focus on the signatures generation, reducing t...
On the importance of securing your bins: The garbagemaninthemiddle attack
, 1997
"... In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak errorhandling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak errorhandling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access to the decryption of this modified ciphertext. Moreover, it applies on many cryptosystems, including RSA, Rabin, LUC, KMOV, Demytko, ElGamal and its analogues, 3pass system, knapsack scheme, etc. . .
Speeding up Subgroup Cryptosystems
, 2003
"... proefschrift ter verkrijging van de graad van doctor aan de Technische Universiteit Eindhoven, op gezag van de Rector Magnificus, prof.dr. R.A. van Santen, voor een commissie aangewezen door het College voor Promoties in het openbaar te verdedigen op woensdag 4 juni 2003 om 16.00 uur door ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
proefschrift ter verkrijging van de graad van doctor aan de Technische Universiteit Eindhoven, op gezag van de Rector Magnificus, prof.dr. R.A. van Santen, voor een commissie aangewezen door het College voor Promoties in het openbaar te verdedigen op woensdag 4 juni 2003 om 16.00 uur door
OnLine Multiple Secret Sharing
, 1996
"... . A protocol for computationally secure "online" secretsharing is presented, based on the intractability of the DiffieHellman problem, in which the participants ' shares can be reused. Introduction. Cachin [1] presents a protocol for "online" secret sharing with general access structures, w ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
. A protocol for computationally secure "online" secretsharing is presented, based on the intractability of the DiffieHellman problem, in which the participants ' shares can be reused. Introduction. Cachin [1] presents a protocol for "online" secret sharing with general access structures, with shares as short as the secret and in which participants may be dynamically added or deleted without having to redistribute new shares secretly to the existing participants. These capabilities are gained by storing additional authentic, but not secret, information in a publicly accessible central location. This proposal does not allow the shares to be reused after the secret has been reconstructed without a further distributed computation subprotocol, although there is a modification allowing a predetermined number of multiple secrets to be reconstructed in a specified order. In this letter we present a modification of the protocol which allows for an arbitrary number of secrets to be ...
Extending The Wiener Attack To RSAType Cryptosystems
, 1995
"... . We show that the attack of Wiener on RSA cryptosystems with a short deciphering exponent extends to systems using other groups such as elliptic curves, and Luc. Introduction. Wiener [1] showed that the RSA cryptosystem has a weakness if the private deciphering exponent is chosen too small rela ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
. We show that the attack of Wiener on RSA cryptosystems with a short deciphering exponent extends to systems using other groups such as elliptic curves, and Luc. Introduction. Wiener [1] showed that the RSA cryptosystem has a weakness if the private deciphering exponent is chosen too small relative to the modulus. In this note we observe that the attack extends to other systems based on groups whose order modulo p is close to p: for example, systems based on elliptic curves and the Luc system. Wiener's attack on RSA. Suppose that N = pq is the modulus for an RSA cryptosystem where p and q are primes of the same order of magnitude. The enciphering exponent, or public key, e and deciphering exponent, or secret key, d are related by de j 1 mod lcmfp \Gamma 1; q \Gamma 1g. In applications we may assume that the highest common factor h of p \Gamma 1 and q \Gamma 1 is small, so that de = 1+k(p \Gamma 1)(q \Gamma 1)=h for some integer k. Wiener [1] observed that we have e N = k h...
Algebraic Tori in Cryptography
 In High Primes and Misdemeanours: Lectures in Honour of the 60th birthday of Hugh Cowie Williams, Fields Institute Communications Series 41, American Mathematical Society
, 2004
"... Abstract. We give a mathematical interpretation in terms of algebraic tori of Lucasbased cryptosystems, XTR, and the conjectural generalizations in [2]. We show that the varieties underlying these systems are quotients of algebraic tori by actions of products of symmetric groups. Further, we use th ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Abstract. We give a mathematical interpretation in terms of algebraic tori of Lucasbased cryptosystems, XTR, and the conjectural generalizations in [2]. We show that the varieties underlying these systems are quotients of algebraic tori by actions of products of symmetric groups. Further, we use these varieties to disprove conjectures from [2]. 1