Results 11  20
of
22
The DiffieHellman problem and generalization of Verheul’s theorem
, 2009
"... Bilinear pairings on elliptic curves have been of much interest in cryptography recently. Most of the protocols involving pairings rely on the hardness of the bilinear DiffieHellman problem. In contrast to the discrete log (or DiffieHellman) problem in a finite field, the difficulty of this proble ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Bilinear pairings on elliptic curves have been of much interest in cryptography recently. Most of the protocols involving pairings rely on the hardness of the bilinear DiffieHellman problem. In contrast to the discrete log (or DiffieHellman) problem in a finite field, the difficulty of this problem has not yet been much studied. In 2001, Verheul [66] proved that on a certain class of curves, the discrete log and DiffieHellman problems are unlikely to be provably equivalent to the same problems in a corresponding finite field unless both DiffieHellman problems are easy. In this paper we generalize Verheul’s theorem and discuss the implications on the security of pairing based systems. We also include a large table of distortion maps. 1
Key Agreement for Heterogeneous Mobile AdHoc Groups
 In Proceedings of 11th International Conference on Parallel and Distributed Systems Volume 2 International Workshop on Security in Networks and Distributed Systems
, 2005
"... In this paper we propose an efficient key agreement protocol suite for heterogeneous mobile adhoc groups, whose members use mobile devices with different performance limitations, e.g., laptops, PDAs, and mobile phones. Absence of a trusted central authority in adhoc groups requires contributory co ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
In this paper we propose an efficient key agreement protocol suite for heterogeneous mobile adhoc groups, whose members use mobile devices with different performance limitations, e.g., laptops, PDAs, and mobile phones. Absence of a trusted central authority in adhoc groups requires contributory computation of the group key by interacting members. We introduce a performance ratio parameter to quantify the performance of a mobile device. Our protocols are based on elliptic curve cryptography (ECC) to achieve better computation efficiency and are proven secure. 1.
The Brave New World of Bodacious Assumptions in Cryptography
"... There is a lot at stake in publickey cryptography. It is, after all, a crucial component in efforts to reduce identity theft, online fraud, and other forms of cybercrime. Traditionally, the security of a publickey system rests upon the assumed difficulty of a certain mathematical problem. Hence, n ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
There is a lot at stake in publickey cryptography. It is, after all, a crucial component in efforts to reduce identity theft, online fraud, and other forms of cybercrime. Traditionally, the security of a publickey system rests upon the assumed difficulty of a certain mathematical problem. Hence, newcomers to the field would logically expect that the problems that are used in security proofs come from a small set of extensively studied, natural problems. But they are in for an unpleasant surprise. What they encounter instead is a menagerie of ornate and bizarre mathematical problems whose presumed intractability is a basic assumption in the theorems about the security of many of the cryptographic protocols that have been proposed in the literature. What Does Security Mean? Suppose that someone is using publickey cryptography to encrypt credit card numbers during online purchases, sign a message digitally, or verify the route that a set of data followed in going from the source to her computer. How can she be sure that the system is secure? What type of evidence would convince her that a malicious adversary could not somehow compromise the security of the system? At first glance it seems that this question has a straightforward answer. At the heart of any publickey cryptosystem is a oneway function—a function y = f (x) that is easy to evaluate but Neal Koblitz is professor of mathematics at the University of Washington, Seattle. His email address is koblitz@ math.washington.edu. Alfred Menezes is professor of combinatorics and optimization at the University of Waterloo. His email address
Grammar Based Off line Generation of Disposable Credit Card Numbers
, 2002
"... Context free grammars present the desirable cryptographic property that it is easy to generate and validate strings from a given grammar, however it is hard to identify a grammar given only the strings generated by it. The algorithm used in the authentication protocol proposed in this paper makes us ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Context free grammars present the desirable cryptographic property that it is easy to generate and validate strings from a given grammar, however it is hard to identify a grammar given only the strings generated by it. The algorithm used in the authentication protocol proposed in this paper makes use of context free grammars. This authentication protocol is a perfect candidate for the offline generation and validation of a disposable credit card number. The proposed protocol can be used alone and it does not rely on any other cryptographic protocols like SSL for its security. This paper presents and analyses the protocol with respect to its robustness against malicious attacks.
Cheon’s algorithm, pairing inversion and the discrete logarithm problem
"... Abstract. We relate the fixed argument pairing inversion problems (FAPI) and the discrete logarithm problem on an elliptic curve. This is done using the reduction from the DLP to the DiffieHellman problem developed by Boneh, Lipton, Maurer and Wolf. This approach fails when only one of the FAPI pro ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. We relate the fixed argument pairing inversion problems (FAPI) and the discrete logarithm problem on an elliptic curve. This is done using the reduction from the DLP to the DiffieHellman problem developed by Boneh, Lipton, Maurer and Wolf. This approach fails when only one of the FAPI problems can be solved. In this case we use Cheon’s algorithm to get a reduction. 1
On sufficient randomness for secure publickey cryptosystems
 In Proc. 5th PKC
, 2002
"... Abstract. In this paper, we consider what condition is sufficient for random inputs to secure probabilistic publickey encryption schemes. Although a framework given in [16] enables us to discuss uniformly and comprehensively security notions of publickey encryption schemes even for the case where ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. In this paper, we consider what condition is sufficient for random inputs to secure probabilistic publickey encryption schemes. Although a framework given in [16] enables us to discuss uniformly and comprehensively security notions of publickey encryption schemes even for the case where cryptographically weak pseudorandom generator is used as random nonce generator to encrypt single plaintext messages, the results are rather theoretical. Here we naturally generalize the framework in order to handle security for the situation where we want to encrypt many messages with the same key. We extend some results w.r.t. single message security in [16] – separation results between security notions and a nontrivial sufficient condition for the equivalence between security notions – to multiple messages security. Besides the generalization, we show another separation between security notions for ktuple messages and for (k + 1)tuple messages. The natural generalization, obtained here, rather improves to understand the security of publickey encryption schemes and eases the discussion of the security of practical publickey encryption schemes. In other words, the framework contributes to elucidating the role of randomness in publickey encryption scheme. As application of results in the generalized framework, we consider compatibility between the ElGamal encryption scheme and some sequence generators. Especially, we consider the applicability of the linear congruential generator (LCG) to the ElGamal encryption scheme. 1
The equivalence between the DHP and DLP for elliptic curves used in practical applications, revisited
, 2005
"... The theoretical equivalence between the DLP and DHP problems was shown by Maurer in 1994. His work was then reexamined by Muzereau et al. [11] for the special case of elliptic curves used in practical cryptographic applications. This paper improves on the latter and tries to get the tightest possib ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
The theoretical equivalence between the DLP and DHP problems was shown by Maurer in 1994. His work was then reexamined by Muzereau et al. [11] for the special case of elliptic curves used in practical cryptographic applications. This paper improves on the latter and tries to get the tightest possible reduction in terms of computational equivalence, using Maurer’s method.
Evaluating elliptic curve based KEMs in the light of pairings
, 2004
"... Several e#orts have been made recently to put forward a set of cryptographic primitives for public key encryption, suitable to be standardized. In two of them (in the first place the NESSIE european evaluation project, already finished, and in the second place the standardisation bodies ISO/IEC), ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Several e#orts have been made recently to put forward a set of cryptographic primitives for public key encryption, suitable to be standardized. In two of them (in the first place the NESSIE european evaluation project, already finished, and in the second place the standardisation bodies ISO/IEC), the methodology by Victor Shoup for hybrid encryption, known as Key Encapsulation MethodData Encapsulation Mechanism (KEMDEM), has been accepted. In this work we reevaluate the elliptic curve based KEMs studied to become standards, which are called ACEKEM, ECIESKEM and PSECKEM. Their security is based on di#erent assumptions related to the elliptic curve discrete logarithm (ECDL) problem on a random elliptic curve. First of all, we fix some inexact results claimed in the previous literature. As a consequence, the performance features of PSECKEM are dramatically a#ected. In second place, we analyse both their security properties and performance when elliptic curves with computable bilinear maps (pairing curves for short) are used. It turns out that these KEMs present a very tight security reduction to the same problem, namely the ECDH problem on such curves; moreover, one can even relate their security to the ECDL problem in certain curves with a small security loss. It is also argued that ECIESKEM arises as the best option among these KEMs when pairing curves are used. This is remarkable, since NESSIE did not include ECIESKEM over a random curve in its portfolio of recommended cryptographic primitives.
Password Authenticated Key Exchange for Resourceconstrained Wireless Communications ⋆
, 2005
"... Abstract. With the advancement of wireless technology and the increasing demand for resourceconstrained mobile devices, secure and efficient password authenticated key exchange (PAKE) protocols are needed for various kinds of secure communications among lowpower wireless devices. In this paper, we ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. With the advancement of wireless technology and the increasing demand for resourceconstrained mobile devices, secure and efficient password authenticated key exchange (PAKE) protocols are needed for various kinds of secure communications among lowpower wireless devices. In this paper, we introduce an elliptic curve based passwordkeyed permutation family and use it to construct a PAKE in such a way that it is suitable for efficient implementation on lowpower devices. The computation time on each side of our PAKE is estimated to be about 3.4 seconds and can be reduced to 1.5 seconds with precomputation on an embedded device with a lowend 16MHz DragonBallEZ microprocessor. The protocol can also be extended to an augmented version. On its security, we show that the passwordkeyed permutation family is secure against offline dictionary attack under the assumption that the elliptic curve computational DiffieHellman problem is intractable.
INTRACTABLE PROBLEMS IN CRYPTOGRAPHY
"... Abstract. We examine several variants of the DiffieHellman and Discrete Log problems that are connected to the security of cryptographic protocols. We discuss the reductions that are known between them and the challenges in trying to assess the true level of difficulty of these problems, particular ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. We examine several variants of the DiffieHellman and Discrete Log problems that are connected to the security of cryptographic protocols. We discuss the reductions that are known between them and the challenges in trying to assess the true level of difficulty of these problems, particularly if they are interactive or have complicated input. 1.