In this paper we present a method of attacking public-key cryptosystems (PKCs) on tamper resistant devices. The attack makes use of transient faults and seems applicable to many types of PKCs. In particular, we show how to attack the RSA, the ElGamal signature scheme, the Schnorr signature scheme, and the DSA. We also present some possible methods to counter the attack.

When we ask what makes a hash function `good', we usually get an answer which includes collision freedom as the main (if not sole) desideratum. However, we show here that given any collision-free function, we can derive others which are also collision-free, but cryptographically useless. This explains why researchers have not managed to find many interesting consequences of this property. We also prove Okamoto's conjecture that correlation freedom is strictly stronger than collision freedom. We go on to show that there are actually rather many properties which hash functions may need. Hash functions for use with RSA must be multiplication free, in the sense that one cannot find X , Y and Z such that h(X)h(Y ) = h(Z); and more complex requirements hold for other signature schemes. Universal principles can be proposed from which all the freedom properties follow, but like most theoretical principles, they do not seem to give much value to a designer; at the practical level, the main imp...

We present a new cryptosystem based on ideal arithmetic in quadratic orders. The method of our trapdoor is different from the Diffie-Hellman key distribution scheme or the RSA cryptosystem. The plaintext m is encrypted by mp r , where p is a fixed element and r is a random integer, so our proposed cryptosystem is a probabilistic encryption scheme and has the homomorphy property. The most prominent property of our cryptosystem is the cost of the decryption, which is of quadratic bit complexity in the length of the public key. Our implementation shows that it is comparably as fast as the encryption time of the RSA cryptosystem with e = 2 16 + 1. The security of our cryptosystem is closely related to factoring the discriminant of a quadratic order. When we choose appropriate sizes of the parameters, the currently known fast algorithms, for examples, the elliptic curve method, the number field sieve, the Hafner-McCurley algorithm, are not applicable. We also discuss that the chosen cip...

) William Aiello 1 Sachin Lodha 2 Rafail Ostrovsky 3 1 Bell Communications Research, email: aiello@bellcore.com 2 Rutgers University Computer Science Department, e-mail: lodha@paul.rutgers.edu. Part of this work was done while this author visited Bellcore, also partially supported by DIMACS. 3 Bell Communications Research, email: rafail@bellcore.com Abstract. The availability of fast and reliable Digital Identities is an essential ingredient for the successful implementation of the public-key infrastructure of the Internet. All digital identity schemes must include a method for revoking someone's digital identity in the case that this identity is stolen (or canceled) before its expiration date (similar to the cancelation of a credit-cards in the case that they are stolen). In 1995, S. Micali proposed an elegant method of identity revocation which requires very little communication between users and verifiers in the system. In this paper, we extend his scheme by reducing the ...

The notion of trust is fundamental in inter-domain authentication protocols. The goal of this paper is to develop an effective formalism for explicit expressions of trust relations between entities involved in authentication protocols. Different relevant types of trust are identified and classified. A formalism for expressing trust relations is presented along with an algorithm for deriving trust relations from recommendations. The advantages of that approach are demonstrated by analysing and comparing the trust relation requirements of a few known authentication protocols. Keywords: Distributed Systems, Security, Authentication, Protocols, Trusted Systems, Communications 1 Introduction The notion of trust is fundamental for understanding the interactions between such entities as human beings, machines, organizations, nations, and others. The fact that an entity A trusts an entity B in some respect informally means that A believes that B will behave in a certain way - perform (or no...