Results 1  10
of
32
TorusBased Cryptography
 In Advances in Cryptology (CRYPTO 2003), Springer LNCS 2729
, 2003
"... We introduce cryptography based on algebraic tori, give a new public key system called CEILIDH, and compare it to other discrete log based systems including LUC and XTR. Like those systems, we obtain small key sizes. While LUC and XTR are essentially restricted to exponentiation, we are able to perf ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
We introduce cryptography based on algebraic tori, give a new public key system called CEILIDH, and compare it to other discrete log based systems including LUC and XTR. Like those systems, we obtain small key sizes. While LUC and XTR are essentially restricted to exponentiation, we are able to perform multiplication as well. We also disprove the open conjectures from [2], and give a new algebrogeometric interpretation of the approach in that paper and of LUC and XTR.
Chinese Remaindering Based Cryptosystems in the Presence of Faults
 Journal of Cryptology
"... . We present some observations on publickey cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Publicke ..."
Abstract

Cited by 27 (3 self)
 Add to MetaCart
. We present some observations on publickey cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Publickey cryptosystems, Faulty computations, Chinese remaindering. 1 Introduction In publickey cryptosystems two distinct computations can be distinguished: the computation that makes use of the secret, public key pair, and the one that only makes use of the public key. The former usually corresponds to the secret decryption or to the signature generation operation, the latter to the public encryption or to the signature verification operation. In this paper we restrict our attention to public key cryptosystems in which the former computation can be sped up using the Chinese remaindering algorithm. Examples of such cryptosystems are: RSA [16], LUC [19], KMOV [11], and Demytko's cryptosystem [6]. ...
Trapdoor OneWay Permutations and Multivariate Polynomials
 Proc. of ICICS'97, LNCS 1334
, 1997
"... This article is divided into two parts. The rst part describes the known candidates of trapdoor oneway permutations. The second part presents a new candidate trapdoor oneway permutation. This candidate is based on properties of multivariate polynomials on nite elds, and has similar characteristics ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
This article is divided into two parts. The rst part describes the known candidates of trapdoor oneway permutations. The second part presents a new candidate trapdoor oneway permutation. This candidate is based on properties of multivariate polynomials on nite elds, and has similar characteristics to T. Matsumoto, H. Imai, and J. Patarin's schemes. What makes trapdoor oneway permutations particularly interesting is the fact that they immediately provide ciphering, signature, and authentication asymmetric schemes. Our candidate performs excellently in secret key, and secret key computations can be implemented in lowcost smartcards, i.e. without coprocessors. Key words : Trapdoor oneway permutations, multivariate polynomials, research of new asymmetric bijective schemes. Notes: This paper is the extended version of the paper with the same title published at ICICS'97. In this extended version, we have taken into account the recent results of [5]. Part I Known candidates ...
Using Primitive Subgroups to Do More with Fewer Bits
, 2004
"... This paper gives a survey of some ways to improve the ef ciency of discrete logbased cryptography by using the restriction of scalars and the geometry and arithmetic of algebraic tori and abelian varieties. ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
This paper gives a survey of some ways to improve the ef ciency of discrete logbased cryptography by using the restriction of scalars and the geometry and arithmetic of algebraic tori and abelian varieties.
RSAtype Signatures in the Presence of Transient Faults
, 1997
"... . In this paper, we show that the presence of transient faults can leak some secret information. We prove that only one faulty RSAsignature is needed to recover one bit of the secret key. Thereafter, we extend this result to Lucasbased and elliptic curve systems. Keywords. RSA, Lucas sequences, el ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
. In this paper, we show that the presence of transient faults can leak some secret information. We prove that only one faulty RSAsignature is needed to recover one bit of the secret key. Thereafter, we extend this result to Lucasbased and elliptic curve systems. Keywords. RSA, Lucas sequences, elliptic curves, transient faults. 1 Introduction At the last Workshop on Security Protocols, Bao, Deng, Han, Jeng, Narasimhalu and Ngair from the Institute of Systems Science (Singapore) exhibited new attacks against several cryptosystems [2]. These attacks exploit the presence of transient faults. By exposing a device to external constraints, one can induce some faults with a nonnegligible probability [1]. In this paper, we show that these attacks are of very general nature and remain valid for cryptosystems based on other algebraic structures. We will illustrate this topic on the Lucasbased and elliptic curve cryptosystems. Moreover, we will focus on the signatures generation, reducing t...
On the importance of securing your bins: The garbagemaninthemiddle attack
, 1997
"... In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak errorhandling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getti ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak errorhandling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access to the decryption of this modified ciphertext. Moreover, it applies on many cryptosystems, including RSA, Rabin, LUC, KMOV, Demytko, ElGamal and its analogues, 3pass system, knapsack scheme, etc. . .
OnLine Multiple Secret Sharing
, 1996
"... . A protocol for computationally secure "online" secretsharing is presented, based on the intractability of the DiffieHellman problem, in which the participants ' shares can be reused. Introduction. Cachin [1] presents a protocol for "online" secret sharing with gen ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
. A protocol for computationally secure "online" secretsharing is presented, based on the intractability of the DiffieHellman problem, in which the participants ' shares can be reused. Introduction. Cachin [1] presents a protocol for "online" secret sharing with general access structures, with shares as short as the secret and in which participants may be dynamically added or deleted without having to redistribute new shares secretly to the existing participants. These capabilities are gained by storing additional authentic, but not secret, information in a publicly accessible central location. This proposal does not allow the shares to be reused after the secret has been reconstructed without a further distributed computation subprotocol, although there is a modification allowing a predetermined number of multiple secrets to be reconstructed in a specified order. In this letter we present a modification of the protocol which allows for an arbitrary number of secrets to be ...
Algebraic Tori in Cryptography
 In High Primes and Misdemeanours: Lectures in Honour of the 60th birthday of Hugh Cowie Williams, Fields Institute Communications Series 41, American Mathematical Society
, 2004
"... Abstract. We give a mathematical interpretation in terms of algebraic tori of Lucasbased cryptosystems, XTR, and the conjectural generalizations in [2]. We show that the varieties underlying these systems are quotients of algebraic tori by actions of products of symmetric groups. Further, we use th ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Abstract. We give a mathematical interpretation in terms of algebraic tori of Lucasbased cryptosystems, XTR, and the conjectural generalizations in [2]. We show that the varieties underlying these systems are quotients of algebraic tori by actions of products of symmetric groups. Further, we use these varieties to disprove conjectures from [2]. 1