Results 1  10
of
67
Encrypted Key Exchange: PasswordBased Protocols Secure Against Dictionary Attacks
 IEEE SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY
, 1992
"... Classical cryptographic protocols based on userchosen keys allow an attacker to mount passwordguessing attacks. We introduce a novel combination of asymmetric (publickey) and symmetric (secretkey) cryptography that allow two parties sharing a common password to exchange confidential and authenti ..."
Abstract

Cited by 346 (3 self)
 Add to MetaCart
Classical cryptographic protocols based on userchosen keys allow an attacker to mount passwordguessing attacks. We introduce a novel combination of asymmetric (publickey) and symmetric (secretkey) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network. These protocols are secure against active attacks, and have the property that the password is protected against offline "dictionary" attacks. There are a number of other useful applications as well, including secure public telephones.
The NPcompleteness column: an ongoing guide
 Journal of Algorithms
, 1985
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book ‘‘Computers and Intractability: A Guide to the Theory of NPCompleteness,’ ’ W. H. Freeman & Co ..."
Abstract

Cited by 188 (0 self)
 Add to MetaCart
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book ‘‘Computers and Intractability: A Guide to the Theory of NPCompleteness,’ ’ W. H. Freeman & Co., New York, 1979 (hereinafter referred to as ‘‘[G&J]’’; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity
, 1988
"... , Introduction and References only) Benny Chor Oded Goldreich MIT \Gamma Laboratory for Computer Science Cambridge, Massachusetts 02139 ABSTRACT \Gamma A new model for weak random physical sources is presented. The new model strictly generalizes previous models (e.g. the Santha and Vazirani model [2 ..."
Abstract

Cited by 182 (4 self)
 Add to MetaCart
, Introduction and References only) Benny Chor Oded Goldreich MIT \Gamma Laboratory for Computer Science Cambridge, Massachusetts 02139 ABSTRACT \Gamma A new model for weak random physical sources is presented. The new model strictly generalizes previous models (e.g. the Santha and Vazirani model [24]). The sources considered output strings according to probability distributions in which no single string is too probable. The new model provides a fruitful viewpoint on problems studied previously as: ffl Extracting almost perfect bits from sources of weak randomness: the question of possibility as well as the question of efficiency of such extraction schemes are addressed. ffl Probabilistic Communication Complexity: it is shown that most functions have linear communication complexity in a very strong probabilistic sense. ffl Robustness of BPP with respect to sources of weak randomness (generalizing a result of Vazirani and Vazirani [27]). The paper has appeared in SIAM Journal o...
Solving Large Sparse Linear Systems Over Finite Fields
, 1991
"... Many of the fast methods for factoring integers and computing discrete logarithms require the solution of large sparse linear systems of equations over finite fields. This paper presents the results of implementations of several linear algebra algorithms. It shows that very large sparse systems can ..."
Abstract

Cited by 72 (2 self)
 Add to MetaCart
Many of the fast methods for factoring integers and computing discrete logarithms require the solution of large sparse linear systems of equations over finite fields. This paper presents the results of implementations of several linear algebra algorithms. It shows that very large sparse systems can be solved efficiently by using combinations of structured Gaussian elimination and the conjugate gradient, Lanczos, and Wiedemann methods. 1. Introduction Factoring integers and computing discrete logarithms often requires solving large systems of linear equations over finite fields. General surveys of these areas are presented in [14, 17, 19]. So far there have been few implementations of discrete logarithm algorithms, but many of integer factoring methods. Some of the published results have involved solving systems of over 6 \Theta 10 4 equations in more than 6 \Theta 10 4 variables [12]. In factoring, equations have had to be solved over the field GF (2). In that situation, ordinary...
Discrete logarithms in gf(p) using the number field sieve
 SIAM J. Discrete Math
, 1993
"... Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time Ln[1/3; c], where Ln[v; c] = exp{(c + o(1))(log n) v (log log n) 1−v}, for n → ∞. In this paper we present an algorithm to solve the discrete logarithm problem for GF (p) with heur ..."
Abstract

Cited by 63 (1 self)
 Add to MetaCart
Recently, several algorithms using number field sieves have been given to factor a number n in heuristic expected time Ln[1/3; c], where Ln[v; c] = exp{(c + o(1))(log n) v (log log n) 1−v}, for n → ∞. In this paper we present an algorithm to solve the discrete logarithm problem for GF (p) with heuristic expected running time Lp[1/3; 3 2/3]. For numbers of a special form, there is an asymptotically slower but more practical version of the algorithm.
Parallel Algorithms for Integer Factorisation
"... The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends o ..."
Abstract

Cited by 41 (17 self)
 Add to MetaCart
The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends on the difficulty of factoring the public keys. In recent years the best known integer factorisation algorithms have improved greatly, to the point where it is now easy to factor a 60decimal digit number, and possible to factor numbers larger than 120 decimal digits, given the availability of enough computing power. We describe several algorithms, including the elliptic curve method (ECM), and the multiplepolynomial quadratic sieve (MPQS) algorithm, and discuss their parallel implementation. It turns out that some of the algorithms are very well suited to parallel implementation. Doubling the degree of parallelism (i.e. the amount of hardware devoted to the problem) roughly increases the size of a number which can be factored in a fixed time by 3 decimal digits. Some recent computational results are mentioned – for example, the complete factorisation of the 617decimal digit Fermat number F11 = 2211 + 1 which was accomplished using ECM.
Algorithms in algebraic number theory
 Bull. Amer. Math. Soc
, 1992
"... Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to ..."
Abstract

Cited by 40 (3 self)
 Add to MetaCart
Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the area. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them. The discussion is concentrated of three topics: the determination of Galois groups, the determination of the ring of integers of an algebraic number field, and the computation of the group of units and the class group of that ring of integers. 1.
A Chosen Text Attack on the RSA Cryptosystem and Some Discrete Logarithm Schemes
, 1986
"... some discrete logarithm schemes ..."
A New Architecture for a Parallel Finite Field Multiplier with Low Complexity Based on Composite Fields
 IEEE Transactions on Computers
, 1996
"... In this paper a new bitparallel structure for a multiplier with low complexity in Galois fields is introduced. The multiplier operates over composite fields GF ((2 n ) m ), with k = nm. The KaratsubaOfman algorithm is investigated and applied to the multiplication of polynomials over GF (2 n ..."
Abstract

Cited by 27 (1 self)
 Add to MetaCart
In this paper a new bitparallel structure for a multiplier with low complexity in Galois fields is introduced. The multiplier operates over composite fields GF ((2 n ) m ), with k = nm. The KaratsubaOfman algorithm is investigated and applied to the multiplication of polynomials over GF (2 n ). It is shown that this operation has a complexity of order O(k log 2 3 ) under certain constraints regarding k. A complete set of primitive field polynomials for composite fields is provided which perform modulo reduction with low complexity. As a result, multipliers for fields GF (2 k ) up to k = 32 with low gate counts and low delays are listed. The architectures are highly modular and thus well suited for VLSI implementation. This paper was presented in part at the SwedishRussian Workshop on Information Theory, August 2227, 1993, Molle, Sweden y The author is with the Electrical and Computer Engineering Department, Worcester Polytechnic Institute, Worcester, MA 01609. Email: ...
Massively parallel computation of discrete logarithms
, 1993
"... Numerous cryptosystems have been designed to be secure under the assumption that the computation of discrete logarithms is infeasible. This paper reports on an aggressive attempt to discover the size of fields of characteristic two for which the computation of discrete logarithms is feasible. We dis ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
Numerous cryptosystems have been designed to be secure under the assumption that the computation of discrete logarithms is infeasible. This paper reports on an aggressive attempt to discover the size of fields of characteristic two for which the computation of discrete logarithms is feasible. We discover several things that were previously overlooked in the implementation of Coppersmith’s algorithm, some positive, and some negative. As a result of this work we have shown that fields as large as GF(2 503) can definitely be attacked. Keywords: Discrete Logarithms, Cryptography. 1