Results 1  10
of
12
Simultaneous hardcore bits and cryptography against memory attacks
 In TCC
, 2009
"... Abstract. This paper considers two questions in cryptography. Cryptography Secure Against Memory Attacks. A particularly devastating sidechannel attack against cryptosystems, termed the “memory attack”, was proposed recently. In this attack, a significant fraction of the bits of a secret key of a c ..."
Abstract

Cited by 74 (8 self)
 Add to MetaCart
Abstract. This paper considers two questions in cryptography. Cryptography Secure Against Memory Attacks. A particularly devastating sidechannel attack against cryptosystems, termed the “memory attack”, was proposed recently. In this attack, a significant fraction of the bits of a secret key of a cryptographic algorithm can be measured by an adversary if the secret key is ever stored in a part of memory which can be accessed even after power has been turned off for a short amount of time. Such an attack has been shown to completely compromise the security of various cryptosystems in use, including the RSA cryptosystem and AES. We show that the publickey encryption scheme of Regev (STOC 2005), and the identitybased encryption scheme of Gentry, Peikert and Vaikuntanathan (STOC 2008) are remarkably robust against memory attacks where the adversary can measure a large fraction of the bits of the secretkey, or more generally, can compute an arbitrary function of the secretkey of bounded output length. This is done without increasing the size of the secretkey, and without introducing any
Unconditional Sender and Recipient Untraceability in spite of Active Attacks
, 1989
"... . A protocol is described which allows to send and receive messages anonymously using an arbitrary communication network, and it is proved to be unconditionally secure. This improves a result by DAVID CHAUM: The DCnet guarantees the same, but on the assumption of a reliable broadcast network. Since ..."
Abstract

Cited by 37 (1 self)
 Add to MetaCart
. A protocol is described which allows to send and receive messages anonymously using an arbitrary communication network, and it is proved to be unconditionally secure. This improves a result by DAVID CHAUM: The DCnet guarantees the same, but on the assumption of a reliable broadcast network. Since unconditionally secure Byzantine Agreement cannot be achieved, such a reliable broadcast network cannot be realized by algorithmic means. The solution proposed here, the DC + net, uses the DCnet, but replaces the reliable broadcast network by a failstop one. By choosing the keys necessary for the DCnet dependently on the previously broadcast messages, the failstop broadcast can be achieved unconditionally secure and without increasing the complexity of the DCnet significantly, using an arbitrary communication network. Categories and Subject Descriptors: C.2.0 [ComputerCommunication Networks]: General  Security and protection, E.3 [Data Encryption], F.2.1 [Analysis of Algorithms...
Secure and Efficient OffLine Digital Money
 In Proceedings of ICALP'93, (LNCS 700
, 1993
"... An electronic (or "digital") coin scheme is a set of cryptographic protocols for withdrawal (by a customer from the bank), purchase (by a customer to a vendor), and deposit (by a vendor to the bank), such that the security needs of all participants are satisfied  money is unforgeable, unreusable, ..."
Abstract

Cited by 25 (3 self)
 Add to MetaCart
An electronic (or "digital") coin scheme is a set of cryptographic protocols for withdrawal (by a customer from the bank), purchase (by a customer to a vendor), and deposit (by a vendor to the bank), such that the security needs of all participants are satisfied  money is unforgeable, unreusable, and untraceable. A coin scheme is "offline" if the purchase protocol does not involve the bank. In this work, we present new techniques for offline coin schemes which are secure and efficient. (An earlier version of this work appeared in [16].)
Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks
 In Advances in Cryptology–Crypto ’92
, 1992
"... Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the e ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the exact object ciphertext to be cryptanalyzed. The rst strengthening method is based on the use of oneway hash functions, the second on the use of universal hash functions and the third on the use of digital signature schemes. Each method is illustrated by an example ofapublickey cryptosystem based on the intractability ofcomputing discrete logarithms in nite elds. Two other issues, namely applications of the methods to public key cryptosystems based on other intractable problems and enhancement of information authentication capability to the cryptosystems, are also discussed. 1
Complexity and Security of Distributed Protocols
, 1993
"... This thesis addresses the topic of secure distributed computation, a general and powerful tool for balancing cooperation and mistrust among independent agents. We study many related models, which differ as to the allowable communication among agents, the ways in which agents may misbehave, and the c ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
This thesis addresses the topic of secure distributed computation, a general and powerful tool for balancing cooperation and mistrust among independent agents. We study many related models, which differ as to the allowable communication among agents, the ways in which agents may misbehave, and the complexity (cryptographic) assumptions that are made. We present new protocols, both for general secure computation (i.e., of any function over a finite domain) and for specific tasks (e.g., electronic money). We investigate fundamental relationships among security needs and various resource requirements, with an emphasis on communication complexity. A number of mathematical methods are employed for our investigations, including algebraic, graphtheoretic, and cryptographic techniques.
On the Security of Modular Exponentiation with Application to the Construction of Pseudorandom Generators
 Journal of Cryptology
, 2000
"... Assuming the inractability of factoring, we show that the output of the exponentiation modulo a composite function fN;g (x) = g x mod N (where N = P \Delta Q) is pseudorandom, even when its input is restricted to be half the size. This result is equivalent to the simultaneous hardness of the upper ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
Assuming the inractability of factoring, we show that the output of the exponentiation modulo a composite function fN;g (x) = g x mod N (where N = P \Delta Q) is pseudorandom, even when its input is restricted to be half the size. This result is equivalent to the simultaneous hardness of the upper half of the bits of fN;g , proven by Hastad, Schrift and Shamir. Yet, we supply a different proof that is significantly simpler than the original one. In addition, we suggest a pseudorandom generator which is more efficient than all previously known factoring based pseudorandom generators. Keywords: Modular exponentiation, discrete logarithm, hard core predicates, simultaneous security, pseudorandom generator, factoring assumption. This writeup is based on the Master Thesis of the second author (supervised by the first author). 0 1 Introduction Oneway functions play an extremely important role in modern cryptography. Loosely speaking, these are functions which are easy to evaluate bu...
A Practical Digital Multisignature Scheme Based on Discrete Logarithms (Extended Abstract)
 in AUSCRYPT’92
, 1993
"... ) Thomas Hardjono 1 ? and Yuliang Zheng 2 ?? 1 ATR Communications Research Laboratories 22 Hikaridai, SeikaCho, Sorakugun, Kyoto 61902, Japan 2 Department of Computer Science, University of Wollongong, Australia Abstract. This paper proposes a practical digital multisignature scheme based ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
) Thomas Hardjono 1 ? and Yuliang Zheng 2 ?? 1 ATR Communications Research Laboratories 22 Hikaridai, SeikaCho, Sorakugun, Kyoto 61902, Japan 2 Department of Computer Science, University of Wollongong, Australia Abstract. This paper proposes a practical digital multisignature scheme based on the C ? sig cryptosystem derived from the Csig cryptosystem of Zheng and Seberry (1993). The simple scheme consists of three phases. In the first phase the issuer of the document prepares the document, the list of prospective signatories and a pad on which signatories are to write their signatures. In the second phase each signatory verifies the document, signs it and forwards it to the next signatory. In the third phase a trusted verifier or notary decides on the validity of the signatures. The scheme prevents cheating by dishonest signatories from going undetected. The scheme is practical and offers at least the same security level afforded by its underlying cryptosystem against extern...
Security of almost all discrete log bits
 Electronic Colloq. on Comp. Compl., Univ. of Trier
, 1998
"... Let G be a finite cyclic group with generator α and with an encoding so that multiplication is computable in polynomial time. We study the security of bits of the discrete log x when given exp α(x), assuming that the exponentiation function exp α(x) = α x is oneway. We reduce he general problem to ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Let G be a finite cyclic group with generator α and with an encoding so that multiplication is computable in polynomial time. We study the security of bits of the discrete log x when given exp α(x), assuming that the exponentiation function exp α(x) = α x is oneway. We reduce he general problem to the case that G has odd order q. If G has odd order q the security of the leastsignificant bits of x and of the most significant bits of ∈ [0, 1) follows from the work of Peralta [P85] and Long and the rational number x q Wigderson [LW88]. We generalize these bits and study the security of consecutive shift bits lsb(2−ix mod q) for i = k + 1,..., k + j. When we restrict expα to arguments x such that some sequence of j consecutive shift bits of x is constant (i.e., not depending on x) we call it a 2−jfraction of expα. For groups of odd group order q we show that every two 2−jfractions of expα are equally oneway by a polynomial time transformation: Either they are all oneway or none of them. Our key theorem shows that arbitrary j consecutive shift bits of x are
Improved public key cryptosystems secure against chosen ciphertext attacks
, 1994
"... This short note describes an improvement to the rst two of the three public key cryptosystems proposed by Zheng and Seberry, which are provably secure against chosen ciphertext attacks. The improvement removes a shortcoming with the original cryptosystems, which occurs when they are used for both co ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
This short note describes an improvement to the rst two of the three public key cryptosystems proposed by Zheng and Seberry, which are provably secure against chosen ciphertext attacks. The improvement removes a shortcoming with the original cryptosystems, which occurs when they are used for both con dentiality and sender authentication purposes. 1
Discrete Logarithms in Finite Fields
, 1996
"... Given a finite field F q of order q, and g a primitive element of F q , the discrete logarithm base g of an arbitrary, nonzero y 2 F q is that integer x, 0 x q \Gamma 2, such that g x = y in F q . The security of many realworld cryptographic schemes depends on the difficulty of computing discr ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Given a finite field F q of order q, and g a primitive element of F q , the discrete logarithm base g of an arbitrary, nonzero y 2 F q is that integer x, 0 x q \Gamma 2, such that g x = y in F q . The security of many realworld cryptographic schemes depends on the difficulty of computing discrete logarithms in large finite fields. This thesis is a survey of the discrete logarithm problem in finite fields, including: some cryptographic applications (password authentication, the DiffieHellman key exchange, and the ElGamal publickey cryptosystem and digital signature scheme); Niederreiter's proof of explicit formulas for the discrete logarithm; and algorithms for computing discrete logarithms (especially Shank's algorithm, Pollard's aemethod, the PohligHellman algorithm, Coppersmith's algorithm in fields of order 2 n , and the Gaussian integers method for fields of prime order). This abstract accurately represents the content of the candidate's thesis. I recommend its publicat...