Results 1 
6 of
6
Elliptic curve cryptography: The serpentine course of a paradigm shift
 J. NUMBER THEORY
, 2008
"... Over a period of sixteen years elliptic curve cryptography went from being an approach that many people mistrusted or misunderstood to being a public key technology that enjoys almost unquestioned acceptance. We describe the sometimes surprising twists and turns in this paradigm shift, and compare ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
Over a period of sixteen years elliptic curve cryptography went from being an approach that many people mistrusted or misunderstood to being a public key technology that enjoys almost unquestioned acceptance. We describe the sometimes surprising twists and turns in this paradigm shift, and compare this story with the commonly accepted Ideal Model of how research and development function in cryptography. We also discuss to what extent the ideas in the literature on “social construction of technology” can contribute to a better understanding of this history.
BonehBoyen signatures and the Strong DiffieHellman problem
 PairingBased Cryptography — Pairing 2009, Lecture Notes in Computer Science
"... Abstract. The BonehBoyen signature scheme is a pairing based short signature scheme which is provably secure in the standard model under the qStrong DiffieHellman assumption. In this paper, we prove the converse of this statement, and show that forging BonehBoyen signatures is actually equivalen ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Abstract. The BonehBoyen signature scheme is a pairing based short signature scheme which is provably secure in the standard model under the qStrong DiffieHellman assumption. In this paper, we prove the converse of this statement, and show that forging BonehBoyen signatures is actually equivalent to solving the qStrong DiffieHellman problem. Using this equivalence, we exhibit an algorithm which, on the vast majority of pairingfriendly curves, recovers BonehBoyen private keys in O(p 2 5 +ε) time, using O(p 1 5 +ε) signature queries. We present implementation results comparing the performance of our algorithm and traditional discrete logarithm algorithms such as Pollard’s lambda algorithm and Pollard’s rho algorithm. We also discuss some possible countermeasures and strategies for mitigating the impact of these findings. 1
The Brave New World of Bodacious Assumptions in Cryptography
"... There is a lot at stake in publickey cryptography. It is, after all, a crucial component in efforts to reduce identity theft, online fraud, and other forms of cybercrime. Traditionally, the security of a publickey system rests upon the assumed difficulty of a certain mathematical problem. Hence, n ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
There is a lot at stake in publickey cryptography. It is, after all, a crucial component in efforts to reduce identity theft, online fraud, and other forms of cybercrime. Traditionally, the security of a publickey system rests upon the assumed difficulty of a certain mathematical problem. Hence, newcomers to the field would logically expect that the problems that are used in security proofs come from a small set of extensively studied, natural problems. But they are in for an unpleasant surprise. What they encounter instead is a menagerie of ornate and bizarre mathematical problems whose presumed intractability is a basic assumption in the theorems about the security of many of the cryptographic protocols that have been proposed in the literature. What Does Security Mean? Suppose that someone is using publickey cryptography to encrypt credit card numbers during online purchases, sign a message digitally, or verify the route that a set of data followed in going from the source to her computer. How can she be sure that the system is secure? What type of evidence would convince her that a malicious adversary could not somehow compromise the security of the system? At first glance it seems that this question has a straightforward answer. At the heart of any publickey cryptosystem is a oneway function—a function y = f (x) that is easy to evaluate but Neal Koblitz is professor of mathematics at the University of Washington, Seattle. His email address is koblitz@ math.washington.edu. Alfred Menezes is professor of combinatorics and optimization at the University of Waterloo. His email address
On The Security of The ElGamal Encryption Scheme and Damg˚ard’s Variant
"... Abstract. In this paper, we give security proofs for ElGamal encryption scheme and its variant by Damg˚ard (DEG). For the ElGamal encryption, we show that (1) under the delayedtarget discrete log assumption and a variant of the generalized knowledgeofexponent assumption, ElGamal encryption is one ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. In this paper, we give security proofs for ElGamal encryption scheme and its variant by Damg˚ard (DEG). For the ElGamal encryption, we show that (1) under the delayedtarget discrete log assumption and a variant of the generalized knowledgeofexponent assumption, ElGamal encryption is oneway under nonadaptive chosen cipher attacks; (2) onewayness of ElGamal encryption under nonadaptive chosen cipher attacks is equivalent to the hardness of the delayedtarget computational DiffieHellman problem. For DEG, (1) we give a new proof that DEG is semantically secure against nonadaptive chosen ciphertext attacks under the delayedtarget decisional DiffieHellman assumption (although the same result has been presented in the literature before, our proof seems simpler); (2) we show that the DHK1 assumption, which was first proposed for DEG security proof, is stronger than necessary. A decisional (thus weaker) version of DHK1 assumption is sufficient for DEG security proof. Keywords: ElGamal encryption, Damg˚ard’s ElGamal, security proof. 1
INTRACTABLE PROBLEMS IN CRYPTOGRAPHY
"... Abstract. We examine several variants of the DiffieHellman and Discrete Log problems that are connected to the security of cryptographic protocols. We discuss the reductions that are known between them and the challenges in trying to assess the true level of difficulty of these problems, particular ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. We examine several variants of the DiffieHellman and Discrete Log problems that are connected to the security of cryptographic protocols. We discuss the reductions that are known between them and the challenges in trying to assess the true level of difficulty of these problems, particularly if they are interactive or have complicated input. 1.
Various lectures notes I have taken
, 2009
"... 1.1 Sparse LU Factorization using FPGAs — Jeremy Johnson (Drexel) 4 ..."