Abstract. In recent years postal revenue collection underwent a major transformation due to widespread transition to digital methods of communication. This transition directly affected not only telecommunications which form an integral part of the postal revenue collection but also, and in a much more profound way, postage evidencing. Traditional postage evidencing remained unchanged for several dozens years until the introduction of digital printing which drastically changed all its security related aspects and considerations. This paper defines conceptual foundations of the postal revenue collection system (which is simultaneously a payment system for mailers), fundamental requirements imposed by the nature of hardcopy-based communication and suggests what the authors believe to be an optimal solution for public key-based postage evidencing founded on elliptic-curve cryptography.

Abstract. Digital signature schemes often use domain parameters such as prime numbers or elliptic curves. They can be subject to security threats when they are not treated like public keys. In this paper we formalize the notion of “signature scheme with domain parameter ” together with a new adversarial model: the “domain parameter shifting attack”. We take ECDSA as a case study. We make a domain parameter shifting attack against ECDSA: an attacker can impersonate a honest signer either by trying to modify the subgroup generator G or, when using point compression representation, by trying to modify the elliptic curve a and b domain parameters. We further propose to fix this ECDSA issue. 1

A mixed radix-4/2 algorithm for modular multiplication/division suitable for VLSI implementation is proposed. The algorithm is based on Montgomery method for modular multiplication and on the extended Binary GCD algorithm for modular division. Both algorithms are modified and combined into the proposed algorithm so that almost all the hardware components are shared. The new algorithm carries out both calculations using simple operations such as shifts, additions, and subtractions. The radix-2 signed-digit representation is used to avoid carry propagation in all additions and subtractions. A modular multiplier/divider based on the algorithm performs an n-bit modular multiplication/division in OðnÞ clock cycles where the length of the clock cycle is constant and independent of n. The modular multiplier/divider has a linear array structure with a bit-slice feature and can be implemented with much smaller hardware than that necessary to implement both multiplier and divider separately.

Abstract. DSA and ECDSA are well established standards for digital signature based on the discrete logarithmproblem. In this paper we survey known properties, certification issues regarding the public parameters, and security proofs. ECDSA also includes a standard certification scheme for elliptic curve which is assumed to guarantee that the elliptic curve was randomly selected, preventing fromany potential malicious choice. In this paper we show how to bypass this scheme and certify any elliptic curve in characteristic two. The prime field case is also studied. Although this does not lead to any attack at this time since all possible malicious choices which are known at this time are specifically checked, this demonstrates that some part of the standard is not well designed. We finally propose atweak. DSA was published in 1994 following a long dynasty of digital signature schemes based on the ElGamal scheme [10, 11, 12]. Since then an extensive literature addressed security analysis,performances,and variants. Among the famous variants ECDSA was proposed in 1998. In this paper we aim to survey dedicated attacks and provable security. We also address the parameter validation issue. In particular we show that we may be able to maliciously choose an elliptic curve for ECDSA despite the standard validation scheme. 1 DSA and ECDSA In order to define the notations,we first summarize the DSA as presented in ANSI X9.30 Part 1 [1] and FIPS 186 [5]. Public Parameters: integers p, q, g and a seed in order to validate q p is a prime of L bits (L is at least 512,at most 1024,and a multiple of 64) q is a prime of 160 bits and a factor of p − 1 g is in [1,p − 1] and of order q modulo p

We generalize the ElGamal signature scheme for cyclic groups to a signature scheme for n-dimensional vector spaces. The higher dimensional version is based on the untractability of the vector decomposition problem (VDP). Yoshida has shown that under certain conditions, the VDP on a two-dimensional vector space is at least as hard as the computational Di#e-Hellman problem (CDHP) on a one-dimensional subspace. 1

Abstract. This paper proposes a new fast method for calculating modular multiplication. The calculation is performed using a new representation of residue classes modulo M that enables the splitting of the multiplier into two parts. These two parts are then processed separately, in parallel, potentially doubling the calculation speed. The upper part and the lower part of the multiplier are processed using the interleaved modular multiplication algorithm and the Montgomery algorithm respectively. Conversions back and forth between the original integer set and the new residue system can be performed at speeds up to twice that of the Montgomery method without the need for precomputed constants. This new method is suitable for both hardware implementation; and software implementation in a multiprocessor environment. Although this paper is focusing on the application of the new method in the integer field, the technique used to speed up the calculation can also easily be adapted for operation in the binary extended field GF (2 m). 1

Cryptography is a vast subject, addressing problems as diverse as e-cash, remote authentication, fault-tolerant distributed computing, and more. We cannot hope to give a comprehensive account of the field here. Instead, we will narrow our focus to those aspects of cryptography most relevant to the problem of secure communication. Broadly speaking, secure communication encompasses