Results 1  10
of
12
Algorithms for Multiexponentiation
 In Selected Areas in Cryptography – SAC 2001 (2001
, 2001
"... Abstract. This paper compares different approaches for computing power products � 1≤i≤k ge i i in commutative groups. We look at the conventional simultaneous exponentiation approach and present an alternative strategy, interleaving exponentiation. Our comparison shows that in general groups, someti ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
(Show Context)
Abstract. This paper compares different approaches for computing power products � 1≤i≤k ge i i in commutative groups. We look at the conventional simultaneous exponentiation approach and present an alternative strategy, interleaving exponentiation. Our comparison shows that in general groups, sometimes the conventional method and sometimes interleaving exponentiation is more efficient. In groups where inverting elements is easy (e.g. elliptic curves), interleaving exponentiation with signed exponent recoding usually wins over the conventional method. 1
PrETP: PrivacyPreserving Electronic Toll Pricing
 19TH USENIX SECURITY SYMPOSIUM
, 2010
"... Current Electronic Toll Pricing (ETP) implementations rely on onboard units sending finegrained location data to the service provider. We present PrETP, a privacypreserving ETP system in which onboard units can prove that they use genuine data and perform correct operations while disclosing the ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
Current Electronic Toll Pricing (ETP) implementations rely on onboard units sending finegrained location data to the service provider. We present PrETP, a privacypreserving ETP system in which onboard units can prove that they use genuine data and perform correct operations while disclosing the minimum amount of location data. PrETP employs a cryptographic protocol, Optimistic Payment, which we define in the idealworld/realworld paradigm, construct, and prove secure under standard assumptions. We provide an efficient implementation of this construction and build an onboard unit on an embedded microcontroller which is, to the best of our knowledge, the first selfcontained prototype that supports remote auditing. We thoroughly analyze our system from a security, legal and performance perspective and demonstrate that PrETP is suitable for lowcost commercial applications. 1
Complexity Analysis of a Fast Modular Multiexponentiation Algorithm
"... Abstract. Recently, a fast modular multiexponentiation algorithm for computing A X B Y (mod N) was proposed [15]. The authors claimed that on average their algorithm only requires to perform 1.306k modular multiplications (MMs), where k is the bit length of the exponents. This claimed performance is ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Recently, a fast modular multiexponentiation algorithm for computing A X B Y (mod N) was proposed [15]. The authors claimed that on average their algorithm only requires to perform 1.306k modular multiplications (MMs), where k is the bit length of the exponents. This claimed performance is significantly better than all other comparable algorithms, where the best known result by other algorithms achieves 1.503k MMs only. In this paper, we give a formal complexity analysis and show the claimed performance is not true. The actual computational complexity of the algorithm should be 1.556k. This means that the best known modular multiexponentiation algorithm based on canonicalsigheddigit technique is still not able to overcome the 1.5k barrier.
F.: Fortifying password authentication in integrated healthcare delivery systems
 In: ASIACCS 2006: Proceedings of the 2006 ACM Symposium on Information, computer and communications security
, 2006
"... star.edu.sg Integrated Delivery Systems (IDSs) now become a primary means of care provision in healthcare domain. However, existing password systems (under either the singleserver model or the multiserver model) do not provide adequate security when applied to IDSs. We are thus motivated to presen ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
star.edu.sg Integrated Delivery Systems (IDSs) now become a primary means of care provision in healthcare domain. However, existing password systems (under either the singleserver model or the multiserver model) do not provide adequate security when applied to IDSs. We are thus motivated to present a practical password authentication system built upon a novel twoserver model. We generalize the twoserver model to an architecture of a single control server supporting multiple service servers, tailored to the organizational structure of IDSs. The underlying user authentication and key exchange protocols we propose are passwordonly, neat, efficient, and robust against offline dictionary attacks mounted by both servers.
A New Family of Practical NonMalleable Protocols
, 2011
"... Nowadays, achieving cryptosystems secure in an asynchronous network like the Internet is demanded to be necessary, where concurrent nonmalleable proofofknowledge and universal composability are among the most powerful and fundamental security properties. But, when achieving more and more complex ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Nowadays, achieving cryptosystems secure in an asynchronous network like the Internet is demanded to be necessary, where concurrent nonmalleable proofofknowledge and universal composability are among the most powerful and fundamental security properties. But, when achieving more and more complex cryptosystems secure in an open network like the Internet, it is often the case that generic solutions are either impossible or infeasible. In this work, we investigate highly practical approaches for achieving nonmalleable cryptosystems secure against concurrent maninthemiddles. We start our study with the DiffieHellman keyexchange (DHKE) protocol, which is at the root of publickey cryptography and is one of the main pillars of both theory and practice of cryptography. We develop the mechanisms of nonmalleable joint proofofknowledge (NMJPOK) and selfsealed joint proofofknowledge (SSJPOK), which are of independent values. In particular, using NMJPOK and SSJPOK as the key building tools, we present a new family of DHKE protocols, with remarkable performance among security, privacy, efficiency and easy deployment. Particularly important to applied crypto engineering, the newly developed DHKE protocols add novelties and values to a range
Fast multicomputations with integer similarity strategy
 In International Workshop on Practice and Theory in Public key CryptographyPKC 2005, LNCS 3386
, 2005
"... Abstract. Multicomputations in finite groups, such as multiexponentiations and multiscalar multiplications, are very important in ElGamallike public key cryptosystems. Algorithms to improve multicomputations can be classified into two main categories: precomputing methods and recoding methods. Th ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Multicomputations in finite groups, such as multiexponentiations and multiscalar multiplications, are very important in ElGamallike public key cryptosystems. Algorithms to improve multicomputations can be classified into two main categories: precomputing methods and recoding methods. The first one uses a table to store the precomputed values, and the second one finds a better binary signeddigit (BSD) representation. In this article, we propose a new integer similarity strategy for multicomputations. The proposed strategy can aid with precomputing methods or recoding methods to further improve the performance of multicomputations. Based on the integer similarity strategy, we propose two efficient algorithms to improve the performance for BSD sparse forms. The performance factor can be improved from 1.556 to 1.444 and to 1.407, respectively.
Complements and Signed . . . a MultiExponentiationAlgorithm of Wu, Lou, Lai and Chang
, 2008
"... Wu, Lou, Lai and Chang proposed a multiexponentiation algorithm using binary complements and the nonadjacent form. The purpose of this paper is to show that neither the analysis of the algorithm given by its original proposers nor that by other authors are correct. In fact it turns out that the co ..."
Abstract
 Add to MetaCart
Wu, Lou, Lai and Chang proposed a multiexponentiation algorithm using binary complements and the nonadjacent form. The purpose of this paper is to show that neither the analysis of the algorithm given by its original proposers nor that by other authors are correct. In fact it turns out that the complement operation does not have significant influence on the performance of the algorithm and can therefore be omitted.
Digital Arithmetic Using Analog Cellular Neural Networks
"... We discuss the realization of digital arithmetic using analog arrays in the form of Cellular Neural Networks (CNNs). These networks replace the fast switching nodes of logic gates with slewing nodes using current sources driving into capacitors; this provides both low current spikes and low voltage ..."
Abstract
 Add to MetaCart
(Show Context)
We discuss the realization of digital arithmetic using analog arrays in the form of Cellular Neural Networks (CNNs). These networks replace the fast switching nodes of logic gates with slewing nodes using current sources driving into capacitors; this provides both low current spikes and low voltage slewing rates, reducing system noise and crosstalk in lowvoltage mixedsignal applications. In this paper we generalize the design methodology using a Symbolic Substitution (SS) technique, and we use a recently developed DoubleBase Number System (DBNS) to illustrate our design technique. This choice is predicated on the fact that the DBNS representation is naturally 2dimensional and excites more degrees of freedom in the design space. Spatial configurations of the recognition/replacement patterns used in SS are defined based on the properties of the DBNS arithmetic operation. The SS recognition phases are implemented by dynamic evaluation of simple conditions defined based on an analysis of the cell dynamic routes. The replacement phases are automatically executed through switching current sources which force the transition of cell state voltages between logic levels. In effect, we build selftimed logic arrays with all nodes in the system under controlled slew. Simulation results from schematic level designs are provided to demonstrate the effectiveness of the technique. Keywords:
COMPLEMENTS AND SIGNED DIGIT REPRESENTATIONS: ANALYSIS OF A MULTIEXPONENTIATIONALGORITHM OF Wu, Lou, Lai and Chang
, 2008
"... Wu, Lou, Lai and Chang proposed a multiexponentiation algorithm using binary complements and the nonadjacent form. The purpose of this paper is to show that neither the analysis of the algorithm given by its original proposers nor that by other authors are correct. In fact it turns out that the co ..."
Abstract
 Add to MetaCart
(Show Context)
Wu, Lou, Lai and Chang proposed a multiexponentiation algorithm using binary complements and the nonadjacent form. The purpose of this paper is to show that neither the analysis of the algorithm given by its original proposers nor that by other authors are correct. In fact it turns out that the complement operation does not have significant influence on the performance of the algorithm and can therefore be omitted.
Selfblindable Credential: Towards LightWeight Anonymous Entity Authentication
"... Abstract. We are witnessing the rapid expansion of smart devices in our daily life. The need for individual privacy protection calls for anonymous entity authentication techniques with affordable efficiency upon the resourceconstrained smart devices. Towards this objective, in this paper we propose ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We are witnessing the rapid expansion of smart devices in our daily life. The need for individual privacy protection calls for anonymous entity authentication techniques with affordable efficiency upon the resourceconstrained smart devices. Towards this objective, in this paper we propose selfblindable credential, a lightweight anonymous entity authentication primitive. We provide a formulation of the primitive and present two concrete instantiations. The first scheme implements verifierlocal revocation and the second scheme enhances the former with forward security. Our analytical performance results show that our schemes outperform relevant existing schemes. 1