Results 11  20
of
40
On robust combiners for oblivious transfer and other primitives
 In Proc. Eurocrypt ’05
, 2005
"... At the mouth of two witnesses... shall the matter be establishedDeuteronomy Chapter 19. ..."
Abstract

Cited by 30 (1 self)
 Add to MetaCart
At the mouth of two witnesses... shall the matter be establishedDeuteronomy Chapter 19.
An algorithm for modular exponentiation
 Information Processing Letters
, 1998
"... A practical technique for improving the performance of modular exponentiations (ME) is described. The complexity of the ME algorithm is O modular multiplications (MMs), where n is the length of the exponent, requiring an O ( n 2) precomputed lookup table size with very small constant of proportiona ..."
Abstract

Cited by 27 (8 self)
 Add to MetaCart
A practical technique for improving the performance of modular exponentiations (ME) is described. The complexity of the ME algorithm is O modular multiplications (MMs), where n is the length of the exponent, requiring an O ( n 2) precomputed lookup table size with very small constant of proportionality. The algorithm uses a doublebased number system which we introduce in this paper. n ⎛ ⎞
Open Problems in Number Theoretic Complexity, II
"... this paper contains a list of 36 open problems in numbertheoretic complexity. We expect that none of these problems are easy; we are sure that many of them are hard. This list of problems reflects our own interests and should not be viewed as definitive. As the field changes and becomes deeper, new ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
this paper contains a list of 36 open problems in numbertheoretic complexity. We expect that none of these problems are easy; we are sure that many of them are hard. This list of problems reflects our own interests and should not be viewed as definitive. As the field changes and becomes deeper, new problems will emerge and old problems will lose favor. Ideally there will be other `open problems' papers in future ANTS proceedings to help guide the field. It is likely that some of the problems presented here will remain open for the forseeable future. However, it is possible in some cases to make progress by solving subproblems, or by establishing reductions between problems, or by settling problems under the assumption of one or more well known hypotheses (e.g. the various extended Riemann hypotheses, NP 6= P; NP 6= coNP). For the sake of clarity we have often chosen to state a specific version of a problem rather than a general one. For example, questions about the integers modulo a prime often have natural generalizations to arbitrary finite fields, to arbitrary cyclic groups, or to problems with a composite modulus. Questions about the integers often have natural generalizations to the ring of integers in an algebraic number field, and questions about elliptic curves often generalize to arbitrary curves or abelian varieties. The problems presented here arose from many different places and times. To those whose research has generated these problems or has contributed to our present understanding of them but to whom inadequate acknowledgement is given here, we apologize. Our list of open problems is derived from an earlier `open problems' paper we wrote in 1986 [AM86]. When we wrote the first version of this paper, we feared that the problems presented were so difficult...
Secure Signature Schemes Based on Interactive Protocols
 IN ADVANCES IN CRYPTOLOGY: CRYPTO ’95
, 1994
"... A method is proposed for constructing from interactive protocols digital signature schemes secure against adaptively chosen message attacks. Our main result is that practical secure signature schemes can now also be based on computationally difficult problems other than factoring (see [9]), such ..."
Abstract

Cited by 25 (3 self)
 Add to MetaCart
A method is proposed for constructing from interactive protocols digital signature schemes secure against adaptively chosen message attacks. Our main result is that practical secure signature schemes can now also be based on computationally difficult problems other than factoring (see [9]), such as the discrete logarithm problem. More precisely,
Cascade Ciphers: The Importance of Being First
, 1993
"... The security of cascade ciphers, in which by definition the keys of the component ciphers are independent, is considered. It is shown by a counterexample that the intuitive result, formally stated and proved in the literature, that a cascade is at least as strong as the strongest component cipher, ..."
Abstract

Cited by 25 (3 self)
 Add to MetaCart
The security of cascade ciphers, in which by definition the keys of the component ciphers are independent, is considered. It is shown by a counterexample that the intuitive result, formally stated and proved in the literature, that a cascade is at least as strong as the strongest component cipher, requires the uninterestingly restrictive assumption that the enemy cannot exploit information about the plaintext statistics. It is proved, for very general notions of breaking a cipher and of problem difficulty, that a cascade is at least as difficult to break as the first component cipher. A consequence of this result is that, if the ciphers commute, then a cascade is at least as difficult to break as the mostdifficulttobreak component cipher, i.e., the intuition that a cryptographic chain is at least as strong as its strongest link is then provably correct. It is noted that additive stream ciphers do commute, and this fact is used to suggest a strategy for designing secure practical ci...
On the Security of a Practical Identification Scheme
 J. Cryptology
, 1996
"... We analyze the security of an interactive identification scheme. The scheme is the obvious extension of the original square root scheme of Goldwasser, Micali and Rackoff to 2 m th roots. This scheme is quite practical, especially in terms of storage and communication complexity. Although this scheme ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
We analyze the security of an interactive identification scheme. The scheme is the obvious extension of the original square root scheme of Goldwasser, Micali and Rackoff to 2 m th roots. This scheme is quite practical, especially in terms of storage and communication complexity. Although this scheme is certainly not new, its security was apparently not fully understood. We prove that this scheme is secure if factoring integers is hard, even against active attacks where the adversary is first allowed to pose as a verifier before attempting impersonation.
On the fly authentication and signature schemes based on groups of unknown order
 Journal of Cryptology
"... Abstract. In response to the current need for fast, secure and cheap publickey cryptography, we propose an interactive zeroknowledge identification scheme and a derived signature scheme that combine provable security based on the problem of computing discrete logarithms in any group, short keys, ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
Abstract. In response to the current need for fast, secure and cheap publickey cryptography, we propose an interactive zeroknowledge identification scheme and a derived signature scheme that combine provable security based on the problem of computing discrete logarithms in any group, short keys, very short transmission and minimal online computation. This leads to both efficient and secure applications well suited to implementation on low cost smart cards. We introduce GPS, a Schnorrlike scheme that does not require knowledge of the order of the group nor of the group element. As a consequence, it can be used with most cryptographic group structures, including those of unknown order. Furthermore, the computation of the prover’s response is done over the integers, hence can be done with very limited computational capabilities. This paper provides complete security proofs of the identification scheme. From a practical point of view, the possible range of parameters is discussed and a report on the performances of an actual implementation on a cheap smart card is included: a complete and secure authentication can be performed in less than 20 milliseconds with low cost equipment. Key words. Identification scheme, Digital signature, Discrete logarithm problem, Minimal online computation, Low cost smart cards.
The composite discrete logarithm and secure authentication
 In Public Key Cryptography
, 2000
"... Abstract. For the two last decades, electronic authentication has been an important topic. The first applications were digital signatures to mimic handwritten signatures for digital documents. Then, Chaum wanted to create an electronic version of money, with similar properties, namely bank certifica ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
Abstract. For the two last decades, electronic authentication has been an important topic. The first applications were digital signatures to mimic handwritten signatures for digital documents. Then, Chaum wanted to create an electronic version of money, with similar properties, namely bank certification and users ’ anonymity. Therefore, he proposed the concept of blind signatures. For all those problems, and furthermore for online authentication, zeroknowledge proofs of knowledge became a very powerful tool. Nevertheless, high computational load is often the drawback of a high security level. More recently, witnessindistinguishability has been found to be a better property that can conjugate security together with efficiency. This paper studies the discrete logarithm problem with a composite modulus and namely its witnessindistinguishability. Then we offer new authentications more secure than factorization and furthermore very efficient from the prover point of view. Moreover, we significantly improve the reduction cost in the security proofs of Girault’s variants of the Schnorr schemes which validates practical sizes for security parameters. Finally, thanks to the witnessindistinguishability of the basic protocol, we can derive a blind signature scheme with security related to factorization.
On The Fly Signatures based on Factoring
 IN PROCEEDINGS OF THE 6TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY
, 1999
"... In response to the current need for fast, secure and cheap publickey cryptography largely induced by the fast development of electronic commerce, we propose a new on the fly signature scheme, i.e. a scheme that requires very small online work for the signer. It combines provable security based on ..."
Abstract

Cited by 18 (4 self)
 Add to MetaCart
In response to the current need for fast, secure and cheap publickey cryptography largely induced by the fast development of electronic commerce, we propose a new on the fly signature scheme, i.e. a scheme that requires very small online work for the signer. It combines provable security based on the factorization problem, short public and secret keys, short transmission and minimal online computation. It is the first RSAlike signature scheme that can be used for both efficient and secure applications based on low cost or contactless smart cards.
Designing and detecting trapdoors for discrete log cryptosystems
 ADVANCES IN CRYPTOLOGY CRYPTO '92
, 1993
"... Using a number field sieve, discrete logarithms modulo primes of special forms can be found faster than standard primes. This has raised concerns about trapdoors in discrete log cryptosystems, such as the Digital Signature Standard. This paper discusses the practical impact of these trapdoors, and ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
Using a number field sieve, discrete logarithms modulo primes of special forms can be found faster than standard primes. This has raised concerns about trapdoors in discrete log cryptosystems, such as the Digital Signature Standard. This paper discusses the practical impact of these trapdoors, and how to avoid them.