Results 11  20
of
46
Low exponent attack against elliptic curve RSA
, 1995
"... Hastad showed that low exponent RSA is not secure if the same message is encrypted to several receivers. This is true even if timestamp is used for each receiver. For example, let e = 3. Then if the number of receivers = 7, the eavesdropper can find the plaintext from the seven ciphertexts of each ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Hastad showed that low exponent RSA is not secure if the same message is encrypted to several receivers. This is true even if timestamp is used for each receiver. For example, let e = 3. Then if the number of receivers = 7, the eavesdropper can find the plaintext from the seven ciphertexts of each receiver. This paper shows that elliptic curve RSA is not secure in the same scinario. It is shown that the KMOV scheme and Demytko's scheme are not secure if e = 5; n 2 1024 and the number of receivers = 428. In Demytko's scheme, e can take the value of 2. In this case, this system is not secure if the number of receiver = 11 for n 2 175 . 1 Introduction Hastad showed that low exponent RSA is not secure if the same message is encrypted to several receivers [1]. This is true even if timestamp is used for each receiver. For example, let e = 3. Then if the number of receivers = 7, the eavesdropper can find the plaintext from the seven ciphertexts of each receiver. On the other hand, el...
A New and Optimal ChosenMessage Attack on RSAType Cryptosystems
 Signatures in the Presence of Transient Faults 7 in the proceedings of the International Conference on Information and Communications Security
, 1997
"... Chosenmessage attack on RSA is usually considered as an inherent property of its homomorphic structure. In this paper, we show that nonhomomorphic RSAtype cryptosystems are also susceptible to a chosenmessage attack. In particular, we prove that only one message is needed to mount a successful c ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Chosenmessage attack on RSA is usually considered as an inherent property of its homomorphic structure. In this paper, we show that nonhomomorphic RSAtype cryptosystems are also susceptible to a chosenmessage attack. In particular, we prove that only one message is needed to mount a successful chosenmessage attack against the Lucasbased systems and Demytko's elliptic curve system.
Cryptanalysis of RSAtype cryptosystem: A visit
 Theoretical Computer Science
, 1998
"... ABSTRACT. This paper surveys RSAtype implementations based on Lucas sequences and on elliptic curves. The main focus is the way how some known attacks on RSA were extended to LUC, KMOV and Demytko’s system. It also gives some directions for the choice of the most appropriate RSAtype system for a g ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
ABSTRACT. This paper surveys RSAtype implementations based on Lucas sequences and on elliptic curves. The main focus is the way how some known attacks on RSA were extended to LUC, KMOV and Demytko’s system. It also gives some directions for the choice of the most appropriate RSAtype system for a given application. 1.
On nonabelian homomorphic publickey cryptosystems
, 2002
"... An important problem of modern cryptography concerns secret publickey computations in algebraic structures. We construct homomorphic cryptosystems being (secret) epimorphisms f: G → H, where G,H are (publically known) groups and H is finite. A letter of a message to be encrypted is an element h ∈ H ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
An important problem of modern cryptography concerns secret publickey computations in algebraic structures. We construct homomorphic cryptosystems being (secret) epimorphisms f: G → H, where G,H are (publically known) groups and H is finite. A letter of a message to be encrypted is an element h ∈ H, while its encryption g ∈ G is such that f(g) = h. A homomorphic cryptosystem allows one to perform computations (operating in a group G) with encrypted information (without knowing the original message over H). In this paper certain homomorphic cryptosystems are constructed for the first time for nonabelian groups H (earlier, homomorphic cryptosystems were known only in the Abelian case). In fact, we present such a system for any solvable (fixed) group H. 1
Reducing the Elliptic Curve Cryptosystem of MeyerMüller to the Cryptosystem of RabinWilliams
, 1996
"... . At Eurocrypt'96, Meyer and Muller presented a new Rabintype cryptosystem based on elliptic curves. In this paper, we will show that this cryptosystem may be reduced to the cryptosystem of WilliamsRabin. 1 Introduction In 1991, Koyama, Maurer, Okamoto and Vanstone [15] pointed out the existe ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
. At Eurocrypt'96, Meyer and Muller presented a new Rabintype cryptosystem based on elliptic curves. In this paper, we will show that this cryptosystem may be reduced to the cryptosystem of WilliamsRabin. 1 Introduction In 1991, Koyama, Maurer, Okamoto and Vanstone [15] pointed out the existence of new oneway trapdoor functions similar to the RSA on elliptic curves over a ring. At Eurocrypt'96, Meyer and Muller presented an other elliptic RSAtype cryptosystem with a public encryption exponent equal to 2. We will show that this cryptosystem may be reduced to the cryptosystem of RabinWilliams [20, 22]. The remainder of the paper is organized as follows. Section 2 describes the cryptosystem of Meyer and Muller. In Section 3, we show how it may be reduced to the cryptosystem of RabinWilliams. Finally, we conclude in Section 4. CG1996/4 c fl1996 by UCL Crypto Group For more informations, see http://www.dice.ucl.ac.be/crypto/techreports.html Presented at the rump session of Eurocr...
Public Key Cryptosystems using Elliptic Curves
, 1997
"... This report is a survey on public key cryptosystems that use the theory of elliptic curves. A considerable part will be about the theory of elliptic curves. Encryption systems, digital signature schemes and key agreement schemes using elliptic curves will be described. Their workload and bandwidth w ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
This report is a survey on public key cryptosystems that use the theory of elliptic curves. A considerable part will be about the theory of elliptic curves. Encryption systems, digital signature schemes and key agreement schemes using elliptic curves will be described. Their workload and bandwidth will be addressed and some attacks will be described. For all systems the security is based either on the elliptic curve discrete logarithm problem or on the difficulty of factorization. The differences between conventional and elliptic curve systems shall be addressed. Systems based on the elliptic curve discrete logarithm problem can be used with shorter keys to provide the same security, compared to similar conventional systems. Elliptic curve systems based on factoring are slightly more resistant as conventional systems against some attacks.
Spreading alerts quietly and the subgroup escape problem
 In Advances in Cryptology  Proceedings of ASIACRYPT 2005, volume 3788 of Lecture Notes in Computer Science
, 2005
"... We introduce a new cryptographic primitive called the blind coupon mechanism (BCM). In effect, the BCM is an authenticated bit commitment scheme, which is ANDhomomorphic. It has not been known how to construct such commitments before. We show that the BCM has natural and important applications. In ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We introduce a new cryptographic primitive called the blind coupon mechanism (BCM). In effect, the BCM is an authenticated bit commitment scheme, which is ANDhomomorphic. It has not been known how to construct such commitments before. We show that the BCM has natural and important applications. In particular, we use it to construct a mechanism for transmitting alerts undetectably in a messagepassing system of n nodes. Our algorithms allow an alert to quickly propagate to all nodes without its source or existence being detected by an adversary, who controls all message traffic. Our proofs of security are based on a new subgroup escape problem, which seems hard on certain groups with bilinear pairings and on elliptic curves over the ring Zn.