Results 1  10
of
51
Authenticating Pervasive Devices with Human Protocols
, 2005
"... Abstract. Forgery and counterfeiting are emerging as serious security risks in lowcost pervasive computing devices. These devices lack the computational, storage, power, and communication resources necessary for most cryptographic authentication schemes. Surprisingly, lowcost pervasive devices lik ..."
Abstract

Cited by 101 (4 self)
 Add to MetaCart
Abstract. Forgery and counterfeiting are emerging as serious security risks in lowcost pervasive computing devices. These devices lack the computational, storage, power, and communication resources necessary for most cryptographic authentication schemes. Surprisingly, lowcost pervasive devices like Radio Frequency Identification (RFID) tags share similar capabilities with another weak computing device: people. These similarities motivate the adoption of techniques from humancomputer security to the pervasive computing setting. This paper analyzes a particular humantocomputer authentication protocol designed by Hopper and Blum (HB), and shows it to be practical for lowcost pervasive devices. We offer an improved, concrete proof of security for the HB protocol against passive adversaries. This paper also offers a new, augmented version of the HB protocol, named HB +, that is secure against active adversaries. The HB + protocol is a novel, symmetric authentication protocol with a simple, lowcost implementation. We prove the security of the HB + protocol against active adversaries based on the hardness of the Learning Parity with Noise (LPN) problem.
Squealing Euros: Privacy Protection in RFIDEnabled Banknotes
 Financial Cryptography ’03
, 2002
"... Thanks to their broad international acceptance and availability in high denominations, there is widespread concern that Euro banknotes may provide an attractive new currency for criminal transactions. ..."
Abstract

Cited by 77 (12 self)
 Add to MetaCart
Thanks to their broad international acceptance and availability in high denominations, there is widespread concern that Euro banknotes may provide an attractive new currency for criminal transactions.
Security Bounds for the Design of CodeBased Cryptosystems
, 2009
"... Codebased cryptography is often viewed as an interesting “PostQuantum” alternative to the classical number theory cryptography. Unlike many other such alternatives, it has the convenient advantage of having only a few, well identified, attack algorithms. However, improvements to these algorithms h ..."
Abstract

Cited by 33 (5 self)
 Add to MetaCart
Codebased cryptography is often viewed as an interesting “PostQuantum” alternative to the classical number theory cryptography. Unlike many other such alternatives, it has the convenient advantage of having only a few, well identified, attack algorithms. However, improvements to these algorithms have made their effective complexity quite complex to compute. We give here some lower bounds on the work factor of idealized versions of these algorithms, taking into account all possible tweaks which could improve their practical complexity. The aim of this article is to help designers select durably secure parameters.
A Distinguisher for High Rate McEliece Cryptosystems
"... Abstract. The purpose of this paper is to study the difficulty of the socalled Goppa Code Distinguishing (GD) problem introduced by Courtois, Finiasz and Sendrier in Asiacrypt 2001. GD is the problem of distinguishing the public matrix in the McEliece cryptosystem from a random matrix. It is widely ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
Abstract. The purpose of this paper is to study the difficulty of the socalled Goppa Code Distinguishing (GD) problem introduced by Courtois, Finiasz and Sendrier in Asiacrypt 2001. GD is the problem of distinguishing the public matrix in the McEliece cryptosystem from a random matrix. It is widely believed that this problem is computationally hard as proved by the increasing number of papers using this hardness assumption. To our point of view, disproving/mitigating this hardness assumption is a breakthrough in codebased cryptography and may open a new direction to attack McEliece cryptosystems. In this paper, we present an efficient distinguisher for alternant and Goppa codes of high rate over binary/non binary fields. Our distinguisher is based on a recent algebraic attack against compact variants of McEliece which reduces the keyrecovery to the problem of solving an algebraic system of equations. We exploit a defect of rank in the (linear) system obtained by linearizing this algebraic system. It turns out that our distinguisher is highly discriminant. Indeed, we are able to precisely quantify the defect of rank for “generic ” binary and nonbinary random, alternant and Goppa codes. We have verified these formulas with practical experiments, and a theoretical explanation for such defect of rank is also provided. We believe that this work permits to shed some light on the choice of secure parameters
Security Parallels between People and Pervasive Devices
 In: Proc. of PERSEC’05
, 2005
"... Unique and challenging security problems arise due to the scarcity of computational, storage, and power resources in the lowcost pervasive computing environment. Particularly relevant examples of resourceconstrained systems are lowcost Radio Frequency Identification (RFID) systems. Surprisingly, ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
Unique and challenging security problems arise due to the scarcity of computational, storage, and power resources in the lowcost pervasive computing environment. Particularly relevant examples of resourceconstrained systems are lowcost Radio Frequency Identification (RFID) systems. Surprisingly, the computational abilities of lowcost pervasive devices like RFID tags are similar to another pervasive, weak computing "device": people.
Fast Hashing Onto Elliptic Curves Over Fields of Characteristic 3
, 2001
"... We describe a fast hash algorithm that maps arbitrary messages onto points of an elliptic curve de ned over a nite eld of characteristic 3. Our new scheme runs in time O(m 2 ) for curves over F3 m . The best previous algorithm for this task runs in time O(m 3 ). Experimental data con rms the speedup ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
We describe a fast hash algorithm that maps arbitrary messages onto points of an elliptic curve de ned over a nite eld of characteristic 3. Our new scheme runs in time O(m 2 ) for curves over F3 m . The best previous algorithm for this task runs in time O(m 3 ). Experimental data con rms the speedup by a factor O(m), or approximately a hundred times for practical m values. Our results apply for both standard and normal basis representations of F3 m . 1
Public Key Cryptography from Different Assumptions
, 2008
"... We construct a new public key encryption based on two assumptions: 1. One can obtain a pseudorandom generator with small locality by connecting the outputs to the inputs using any sufficiently good unbalanced expander. 2. It is hard to distinguish between a random graph that is such an expander and ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
We construct a new public key encryption based on two assumptions: 1. One can obtain a pseudorandom generator with small locality by connecting the outputs to the inputs using any sufficiently good unbalanced expander. 2. It is hard to distinguish between a random graph that is such an expander and a random graph where a (planted) random logarithmicsized subset S of the outputs is connected to fewer than S  inputs. The validity and strength of the assumptions raise interesting new algorithmic and pseudorandomness questions, and we explore their relation to the current stateofart. 1
On KabatianskiiKroukSmeets Signatures
 In Proceedings of the first International Workshop on the Arithmetic of Finite Fields (WAIFI 2007), Springer Verlag Lecture Notes
, 2007
"... ing any of these documents will adhere to the terms and constraints invoked by each copyright holder, and in particular use them only for noncommercial purposes. These works may not be posted elsewhere without the explicit written permission of the copyright holder. (Last update 2013/02/2512:11.) a ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
ing any of these documents will adhere to the terms and constraints invoked by each copyright holder, and in particular use them only for noncommercial purposes. These works may not be posted elsewhere without the explicit written permission of the copyright holder. (Last update 2013/02/2512:11.) are maintained by the authors or by other copyright holders, notwithstanding that these works are posted here electronically. It is understood that all persons copyThis document is provided as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein
Learning Noisy Characters, Multiplication Codes, and Cryptographic Hardcore Predicates
, 2008
"... We present results in cryptography, coding theory and sublinear algorithms. In cryptography, we introduce a unifying framework for proving that a Boolean predicate is hardcore for a oneway function and apply it to a broad family of functions and predicates, showing new hardcore predicates for well ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
We present results in cryptography, coding theory and sublinear algorithms. In cryptography, we introduce a unifying framework for proving that a Boolean predicate is hardcore for a oneway function and apply it to a broad family of functions and predicates, showing new hardcore predicates for well known oneway function candidates such as RSA and discretelog as well as reproving old results in an entirely different way. Our proof framework extends the listdecoding method of Goldreich and Levin [38] for showing hardcore predicates, by introducing a new class of error correcting codes and new listdecoding algorithm we develop for these codes. In coding theory, we introduce a novel class of error correcting codes that we name: Multiplication codes (MPC). We develop decoding algorithms for MPC codes, showing they achieve desirable combinatorial and algorithmic properties, including: (1) binary MPC of constant distance and exponential encoding length for which we provide efficient local list decoding and local self correcting algorithms; (2) binary MPC of constant distance and polynomial encoding length for which we provide efficient
MDPCMcEliece: New McEliece Variants from Moderate Density ParityCheck Codes
"... Abstract. Cryptography based on coding theory is believed to resist to quantum attacks (all cryptosystems based on factoring/discrete logarithm can be quantum attacked in polynomial time). The McEliece cryptosystem is the oldest codebased cryptosystem and its security relies on two problems: the in ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Abstract. Cryptography based on coding theory is believed to resist to quantum attacks (all cryptosystems based on factoring/discrete logarithm can be quantum attacked in polynomial time). The McEliece cryptosystem is the oldest codebased cryptosystem and its security relies on two problems: the indistinguishability of the code family and the hardness of decoding random linear codes. The former is usually the weakest one. The main drawback of this cryptosystem regards its huge publickeys. Recently, several attempts to reduce its keysize have been proposed. Almost all of them were successfully broken due to the additional algebraic structure used to reduce the keys. In this work, we propose McEliece variants from Moderate Density ParityCheck codes. These codes are LDPC codes of higher density than what is usually adopted for telecommunication solutions. We show that our proposal strongly strengthens the security against distinguishing attacks and also provides extremely compactkeys. Under a reasonable assumption, MDPC codes reduce the distinguishing problem to decoding a linear code and thus the security of our proposal relies only on a well studied codingtheory problem. Furthermore, using a quasicyclic structure, we provide the smallest publickeys for codebased cryptosystem. For 80bits of security, the publickey has only 4800 bits. In summary, this represents the most competitive codebased cryptosystem ever proposed and is a strong alternative for traditional cryptography.