Results 1  10
of
36
Publickey cryptosystems based on composite degree residuosity classes
 IN ADVANCES IN CRYPTOLOGY — EUROCRYPT 1999
, 1999
"... Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to publickey cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic pr ..."
Abstract

Cited by 614 (6 self)
 Add to MetaCart
Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to publickey cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model. 1
Proving in ZeroKnowledge that a Number is the Product of Two Safe Primes
, 1998
"... This paper presents the first efficient statistical zeroknowledge protocols to prove statements such as: A committed number is a pseudoprime. ..."
Abstract

Cited by 121 (13 self)
 Add to MetaCart
This paper presents the first efficient statistical zeroknowledge protocols to prove statements such as: A committed number is a pseudoprime.
Chinese Remaindering Based Cryptosystems in the Presence of Faults
 Journal of Cryptology
"... . We present some observations on publickey cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Publicke ..."
Abstract

Cited by 27 (3 self)
 Add to MetaCart
. We present some observations on publickey cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Publickey cryptosystems, Faulty computations, Chinese remaindering. 1 Introduction In publickey cryptosystems two distinct computations can be distinguished: the computation that makes use of the secret, public key pair, and the one that only makes use of the public key. The former usually corresponds to the secret decryption or to the signature generation operation, the latter to the public encryption or to the signature verification operation. In this paper we restrict our attention to public key cryptosystems in which the former computation can be sped up using the Chinese remaindering algorithm. Examples of such cryptosystems are: RSA [16], LUC [19], KMOV [11], and Demytko's cryptosystem [6]. ...
Trapdooring Discrete Logarithms on Elliptic Curves over Rings
, 2000
"... This paper introduces three new probabilistic encryption schemes using elliptic curves over rings. The cryptosystems are based on three specific trapdoor mechanisms allowing the recipient to recover discrete logarithms on di#erent types of curves. The first scheme is an embodiment of Naccache an ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
This paper introduces three new probabilistic encryption schemes using elliptic curves over rings. The cryptosystems are based on three specific trapdoor mechanisms allowing the recipient to recover discrete logarithms on di#erent types of curves. The first scheme is an embodiment of Naccache and Stern's cryptosystem and realizes a discrete log encryption as originally wanted in [23] by Vanstone and Zuccherato.
Homomorphic PublicKey Cryptosystems and Encrypting Boolean Circuits
, 2003
"... In this paper homomorphic cryptosystems are designed for the first time over any finite group. Applying Barrington's construction we produce for any boolean circuit of the logarithmic depth its encrypted simulation of a polynomial size over an appropriate finitely generated group. ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
In this paper homomorphic cryptosystems are designed for the first time over any finite group. Applying Barrington's construction we produce for any boolean circuit of the logarithmic depth its encrypted simulation of a polynomial size over an appropriate finitely generated group.
RSAtype Signatures in the Presence of Transient Faults
, 1997
"... . In this paper, we show that the presence of transient faults can leak some secret information. We prove that only one faulty RSAsignature is needed to recover one bit of the secret key. Thereafter, we extend this result to Lucasbased and elliptic curve systems. Keywords. RSA, Lucas sequences, el ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
. In this paper, we show that the presence of transient faults can leak some secret information. We prove that only one faulty RSAsignature is needed to recover one bit of the secret key. Thereafter, we extend this result to Lucasbased and elliptic curve systems. Keywords. RSA, Lucas sequences, elliptic curves, transient faults. 1 Introduction At the last Workshop on Security Protocols, Bao, Deng, Han, Jeng, Narasimhalu and Ngair from the Institute of Systems Science (Singapore) exhibited new attacks against several cryptosystems [2]. These attacks exploit the presence of transient faults. By exposing a device to external constraints, one can induce some faults with a nonnegligible probability [1]. In this paper, we show that these attacks are of very general nature and remain valid for cryptosystems based on other algebraic structures. We will illustrate this topic on the Lucasbased and elliptic curve cryptosystems. Moreover, we will focus on the signatures generation, reducing t...
On the importance of securing your bins: The garbagemaninthemiddle attack
, 1997
"... In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak errorhandling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak errorhandling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access to the decryption of this modified ciphertext. Moreover, it applies on many cryptosystems, including RSA, Rabin, LUC, KMOV, Demytko, ElGamal and its analogues, 3pass system, knapsack scheme, etc. . .
ECC Based Threshold Cryptography for Secure Data Forwarding and Secure Key Exchange
 University of Waterloo
, 2005
"... Abstract. This paper proposes a new approach to provide reliable data transmission in MANET with strong adversaries. We combine Elliptic Curve Cryptography and Threshold Cryptosystem to securely deliver messages in n shares. As long as the destination receives at least k shares, it can recover the o ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
Abstract. This paper proposes a new approach to provide reliable data transmission in MANET with strong adversaries. We combine Elliptic Curve Cryptography and Threshold Cryptosystem to securely deliver messages in n shares. As long as the destination receives at least k shares, it can recover the original message. We explore seven ECC mechanisms, ElGamal, MasseyOmura, DiffieHellman, MenezesVanstone, KoyamaMaurerOkamotoVanstone, Ertaul, and Demytko. For secure data forwarding, we consider both splitting plaintext before encryption, and splitting ciphertext after encryption. Also we suggest to exchange keys between a pair of mobile nodes using Elliptic Curve Cryptography DiffieHellman. We did performance comparison of ECC and RSA to show ECC is more efficient than RSA. 1
A Public Key Cryptosystem Based on Elliptic Curves over Z/nZ Equivalent to Factoring
"... . Elliptic curves over the ring ZZ=nZZ where n is the product of two large primes have first been proposed for public key cryptosystems in [4]. The security of this system is based on the integer factorization problem, but it is unknown whether breaking the system is equivalent to factoring. In this ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
. Elliptic curves over the ring ZZ=nZZ where n is the product of two large primes have first been proposed for public key cryptosystems in [4]. The security of this system is based on the integer factorization problem, but it is unknown whether breaking the system is equivalent to factoring. In this paper, we present a variant of this cryptosystem for which breaking the system is equivalent to factoring the modulus n. Moreover, we extend the ideas to get a signature scheme based on elliptic curves over ZZ=nZZ. 1 Introduction In recent years, elliptic curves over finite fields have gained a lot of attention. The use of elliptic curves over finite fields in public key cryptography was suggested by Koblitz [3] and Miller [7]. The security of these cryptosystems is based on the difficulty of the discrete logarithm problem in the group of points on an elliptic curve. Later Vanstone et. al. proposed to use elliptic curves over the ring ZZ=nZZ, where n is the product of two large prime num...
A Survey on the Encryption of Convergecast Traffic with InNetwork Processing
"... Abstract—We present an overview of endtoend encryption solutions for convergecast traffic in wireless sensor networks that support innetwork processing at forwarding intermediate nodes. Other than hopbyhop based encryption approaches, aggregator nodes can perform innetwork processing on encryp ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Abstract—We present an overview of endtoend encryption solutions for convergecast traffic in wireless sensor networks that support innetwork processing at forwarding intermediate nodes. Other than hopbyhop based encryption approaches, aggregator nodes can perform innetwork processing on encrypted data. Since it is not required to decrypt the incoming ciphers before aggregating, substantial advantages are 1) neither keys nor plaintext is available at aggregating nodes, 2) the overall energy consumption of the backbone can be reduced, 3) the system is more flexible with respect to changing routes, and finally 4) the overall system security increases. We provide a qualitative comparison of available approaches, point out their strengths, respectively weaknesses, and investigate opportunities for further research. Index Terms—Cryptography, wireless sensor networks, convergecast, concealed data aggregation. Ç 1