Results 1  10
of
36
Selecting Cryptographic Key Sizes
 TO APPEAR IN THE JOURNAL OF CRYPTOLOGY, SPRINGERVERLAG
, 2001
"... In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter ..."
Abstract

Cited by 277 (6 self)
 Add to MetaCart
(Show Context)
In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter settings, combined with existing data points about the cryptosystems.
Replication Is Not Needed: Single Database, ComputationallyPrivate Information Retrieval (Extended Abstract)
 IN PROC. OF THE 38TH ANNU. IEEE SYMP. ON FOUNDATIONS OF COMPUTER SCIENCE
, 1997
"... We establish the following, quite unexpected, result: replication of data for the computational Private Information Retrieval problem is not necessary. More specifically, based on the quadratic residuosity assumption, we present a single database, computationallyprivate informationretrieval scheme ..."
Abstract

Cited by 235 (18 self)
 Add to MetaCart
We establish the following, quite unexpected, result: replication of data for the computational Private Information Retrieval problem is not necessary. More specifically, based on the quadratic residuosity assumption, we present a single database, computationallyprivate informationretrieval scheme with O(n ffl ) communication complexity for any ffl ? 0.
Digital Signcryption or How to Achieve Cost(Signature
, 1997
"... Abstract. Secure and authenticated message delivery/storage is one of the major aims of computer and communication security research. The current standard method to achieve this aim is “(digital) signature followed by encryption”. In this paper, we address a question on the cost of secure and authen ..."
Abstract

Cited by 149 (19 self)
 Add to MetaCart
Abstract. Secure and authenticated message delivery/storage is one of the major aims of computer and communication security research. The current standard method to achieve this aim is “(digital) signature followed by encryption”. In this paper, we address a question on the cost of secure and authenticated message delivery/storage, namely, whether it is possible to transport/store messages of varying length in a secure and authenticated way with an expense less than that required by “signature followed by encryption”. This question seems to have never been addressed in the literature since the invention of public key cryptography. We then present a positive answer to the question. In particular, we discover a new cryptographic primitive termed as “signcryption ” which simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly lower than that required by “signature followed by encryption”. For typical security parameters for high level security applications (size of public moduli = 1536 bits), signcryption costs 50 % (31%, respectively) less in computation time and 85 % (91%, respectively) less in message expansion than does “signature followed by encryption ” based on the discrete logarithm problem (factorization problem, respectively).
Parallel Algorithms for Integer Factorisation
"... The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends o ..."
Abstract

Cited by 42 (17 self)
 Add to MetaCart
The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends on the difficulty of factoring the public keys. In recent years the best known integer factorisation algorithms have improved greatly, to the point where it is now easy to factor a 60decimal digit number, and possible to factor numbers larger than 120 decimal digits, given the availability of enough computing power. We describe several algorithms, including the elliptic curve method (ECM), and the multiplepolynomial quadratic sieve (MPQS) algorithm, and discuss their parallel implementation. It turns out that some of the algorithms are very well suited to parallel implementation. Doubling the degree of parallelism (i.e. the amount of hardware devoted to the problem) roughly increases the size of a number which can be factored in a fixed time by 3 decimal digits. Some recent computational results are mentioned – for example, the complete factorisation of the 617decimal digit Fermat number F11 = 2211 + 1 which was accomplished using ECM.
Recent progress and prospects for integer factorisation algorithms
 In Proc. of COCOON 2000
, 2000
"... Abstract. The integer factorisation and discrete logarithm problems are of practical importance because of the widespread use of public key cryptosystems whose security depends on the presumed difficulty of solving these problems. This paper considers primarily the integer factorisation problem. In ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The integer factorisation and discrete logarithm problems are of practical importance because of the widespread use of public key cryptosystems whose security depends on the presumed difficulty of solving these problems. This paper considers primarily the integer factorisation problem. In recent years the limits of the best integer factorisation algorithms have been extended greatly, due in part to Moore’s law and in part to algorithmic improvements. It is now routine to factor 100decimal digit numbers, and feasible to factor numbers of 155 decimal digits (512 bits). We outline several integer factorisation algorithms, consider their suitability for implementation on parallel machines, and give examples of their current capabilities. In particular, we consider the problem of parallel solution of the large, sparse linear systems which arise with the MPQS and NFS methods. 1
An Energy/Security Scalable Encryption Processor Using an Embedded Variable Voltage DC/DC Converter
 IEEE J. SolidState Circuits
, 1998
"... Security concerns for batteryoperated wireless systems require the development of energyefficient dataencryption techniques that can adapt to the timevarying data rates and qualityofservice requirements inherent in a wireless application. This work describes the design and implementation of a ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
(Show Context)
Security concerns for batteryoperated wireless systems require the development of energyefficient dataencryption techniques that can adapt to the timevarying data rates and qualityofservice requirements inherent in a wireless application. This work describes the design and implementation of a configurable encryption processor that allows the security provided to be traded off with respect to the energy that is dissipated to encrypt a bit. The processor features an embedded highefficiency variableoutput DC/DC converter that allows the supply voltage to be dynamically varied to match the timevarying throughput and quality requirements of the data stream being encrypted. The resulting processor consumes 134 mW at 2.5 V when encrypting data at a rate of 1 Mb/s using a maximum bit width of 512 bits. The converter efficiency is 96% at the peak load of 134 mW. A comparison of our processor to a software implementation running on a lowpower programmable processor shows that our implementation is two to three orders of magnitude more energy efficient.
PseudoRandom Functions and Factoring
 Proc. 32nd ACM Symp. on Theory of Computing
, 2000
"... The computational hardness of factoring integers is the most established assumption on which cryptographic primitives are based. This work presents an efficient construction of pseudorandom functions whose security is based on the intractability of factoring. In particular, we are able to constru ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
The computational hardness of factoring integers is the most established assumption on which cryptographic primitives are based. This work presents an efficient construction of pseudorandom functions whose security is based on the intractability of factoring. In particular, we are able to construct efficient lengthpreserving pseudorandom functions where each evaluation requires only a (small) constant number of modular multiplications per output bit. This is substantially more efficient than any previous construction of pseudorandom functions based on factoring, and matches (up to a constant factor) the efficiency of the best known factoringbased pseudorandom bit generators.
Security of cryptosystems based on class groups of imaginary quadratic orders
, 2000
"... In this work we investigate the difficulty of the discrete logarithm problem in class groups of imaginary quadratic orders. In particular, we discuss several strategies to compute discrete logarithms in those class groups. Based on heuristic reasoning, we give advice for selecting the cryptographic ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
In this work we investigate the difficulty of the discrete logarithm problem in class groups of imaginary quadratic orders. In particular, we discuss several strategies to compute discrete logarithms in those class groups. Based on heuristic reasoning, we give advice for selecting the cryptographic parameter, i.e. the discriminant, such that cryptosystems based on class groups of imaginary quadratic orders would offer a similar security as commonly used cryptosystems.
Stream ciphers. RSA Laboratories
 Lecture Notes in Computer Science
, 1995
"... In this note we address the shortterm security o ered by the use of a 512bit RSA modulus. Following recent tremendous improvements to the practicality of the generalized number eld sieve, it must be expected that by the end of next year, a 512bit RSA number will have been factored. However, for t ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
In this note we address the shortterm security o ered by the use of a 512bit RSA modulus. Following recent tremendous improvements to the practicality of the generalized number eld sieve, it must be expected that by the end of next year, a 512bit RSA number will have been factored. However, for those elded systems which use 512bit RSA, what are the implications? Some systems may well continue using 512bit RSA long after one particular 512bit RSA number has been factored. In this note, we present data which might provide answers to questions about the continuing use of a 512bit RSA modulus.
A Study on the Proposed Korean Digital Signature Algorithm
 Advances in CryptologyASIACRYPT'98, LNCS 1514, SpingerVerlag
, 1998
"... . A digital signature scheme is one of essential cryptographic primitives for secure transactions over open networks. Korean cryptographic community, in association with governmentsupported agencies, has made a continuous effort over past three years to develop our own signature standard. The outco ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
. A digital signature scheme is one of essential cryptographic primitives for secure transactions over open networks. Korean cryptographic community, in association with governmentsupported agencies, has made a continuous effort over past three years to develop our own signature standard. The outcome of this long effort is the signature algorithm called KCDSA, which is now at the final stage of standardization process and will be published as one of KICS (Korean Information and Communication Standards). This paper describes the proposed signature algorithm and discusses its security and efficiency aspects. 1 Introduction The digital signature technique, a technique for signing and verifying digital documents in an unforgeable way, is essential for secure transactions over open networks. Digital signatures can be used in a variety of applications to ensure the integrity of data exchanged or stored and to prove to the recipient the originator's identity. A group of Korean cryptographer...