Results 1  10
of
45
Keying hash functions for message authentication
, 1996
"... The use of cryptographic hash functions like MD5 or SHA for message authentication has become a standard approach inmanyInternet applications and protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis. We present new cons ..."
Abstract

Cited by 476 (38 self)
 Add to MetaCart
The use of cryptographic hash functions like MD5 or SHA for message authentication has become a standard approach inmanyInternet applications and protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis. We present new constructions of message authentication schemes based on a cryptographic hash function. Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths. Moreover we show, in a quantitativeway, that the schemes retain almost all the security of the underlying hash function. In addition our schemes are e cient and practical. Their performance is essentially that of the underlying hash function. Moreover they use the hash function (or its compression function) as a black box, so that widely available library code or hardware can be used to implement them in a simple way, and replaceability of the underlying hash function is easily supported.
HMAC: KeyedHashing for Message Authentication
, 1997
"... This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative ..."
Abstract

Cited by 328 (3 self)
 Add to MetaCart
This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. 1.
RIPEMD160: A Strengthened Version of RIPEMD
, 1996
"... Abstract. Cryptographic hash functions are an important tool in cryptography for applications such as digital fingerprinting of messages, message authentication, and key derivation. During the last five years, several fast software hash functions have been proposed; most of them are based on the des ..."
Abstract

Cited by 103 (12 self)
 Add to MetaCart
Abstract. Cryptographic hash functions are an important tool in cryptography for applications such as digital fingerprinting of messages, message authentication, and key derivation. During the last five years, several fast software hash functions have been proposed; most of them are based on the design principles of Ron Rivest’s MD4. One such proposal was RIPEMD, which was developed in the framework of the EU project RIPE (Race Integrity Primitives Evaluation). Because of recent progress in the cryptanalysis of these hash functions, we propose a new version of RIPEMD with a 160bit result, as well as a plugin substitute for RIPEMD with a 128bit result. We also compare the software performance of several MD4based algorithms, which is of independent interest. 1
On DiffieHellman Key Agreement with Short Exponents
 Proc. Eurocrypt '96, LNCS 1070
, 1996
"... The difficulty of computing discrete logarithms known to be "short" is examined, motivated by recent practical interest in using DiftieHellman key agreement with short exponents (e.g. over Zp with 160bit exponents and 1024bit primes p). A new divideandconquer algorithm for discrete logarith ..."
Abstract

Cited by 59 (0 self)
 Add to MetaCart
The difficulty of computing discrete logarithms known to be "short" is examined, motivated by recent practical interest in using DiftieHellman key agreement with short exponents (e.g. over Zp with 160bit exponents and 1024bit primes p). A new divideandconquer algorithm for discrete logarithms is presented, combining Pollard's lambda method with a partial PohhgHellman decomposition. For random Diftie Hellman primes p, examination reveals this partial decomposition itself allows recovery of short exponents in many cases, while the new technique dramatically extends the range. Use of subgroups of large prime order precludes the attack at essentially no cost, and is the recommended solution.
Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses
, 2002
"... This paper addresses the identifier ownership problem. It does so by using characteristics of Statistic Uniqueness and Cryptographic Verifiability (SUCV) of certain entities which this document calls SUCV Identifiers and Addresses. Their characteristics allow them to severely limit certain classes o ..."
Abstract

Cited by 50 (1 self)
 Add to MetaCart
This paper addresses the identifier ownership problem. It does so by using characteristics of Statistic Uniqueness and Cryptographic Verifiability (SUCV) of certain entities which this document calls SUCV Identifiers and Addresses. Their characteristics allow them to severely limit certain classes of denial of service attacks and hijacking attacks. SUCV addresses are particularly applicable to solve the address ownership problem that hinders mechanisms like Binding Updates in Mobile IPv6.
Message Authentication using Hash Functions The HMAC Construction
 CryptoBytes
, 1996
"... Introduction Two parties communicating across an insecure channel need a method by which any attempt to modify the information sent by one to the other, or fake its origin, is detected. Most commonly such a mechanism is based on a shared key between the parties, and in this setting is usually calle ..."
Abstract

Cited by 46 (1 self)
 Add to MetaCart
Introduction Two parties communicating across an insecure channel need a method by which any attempt to modify the information sent by one to the other, or fake its origin, is detected. Most commonly such a mechanism is based on a shared key between the parties, and in this setting is usually called a MAC, or Message Authentication Code. (Other terms include Integrity Check Value or Cryptographic Checksum). The sender appends to the data D an authentication tag computed as a function of the data and the shared key. At reception, the receiver recomputes the authentication tag on the received message using the shared key, and accepts the data as valid only if this value matches the tag attached to the received message. The most common approach is to construct MACs from block ciphers like DES. Of such constructions Department of Computer Science & Engineering, Mail Code 0114, University of California at San Diego, 9500 Gilman Driv
Cryptanalytic Attacks on Pseudorandom Number Generators
 FAST SOFTWARE ENCRYPTION, FIFTH INTERNATIONAL PROCEEDINGS
, 1998
"... In this paper we discuss PRNGs: the mechanisms used by realworld secure systems to generate cryptographic keys, initialization vectors, "random" nonces, and other values assumed to be random. We argue that PRNGs are their own unique type of cryptographic primitive, and should be analyzed as suc ..."
Abstract

Cited by 43 (2 self)
 Add to MetaCart
In this paper we discuss PRNGs: the mechanisms used by realworld secure systems to generate cryptographic keys, initialization vectors, "random" nonces, and other values assumed to be random. We argue that PRNGs are their own unique type of cryptographic primitive, and should be analyzed as such. We propose a model for PRNGs, discuss possible attacks against this model, and demonstrate the applicability of the model (and our attacks) to four realworld PRNGs. We close with a discussion of lessons learned about PRNG design and use, and a few open questions.
Parallel Algorithms for Integer Factorisation
"... The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends o ..."
Abstract

Cited by 41 (17 self)
 Add to MetaCart
The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends on the difficulty of factoring the public keys. In recent years the best known integer factorisation algorithms have improved greatly, to the point where it is now easy to factor a 60decimal digit number, and possible to factor numbers larger than 120 decimal digits, given the availability of enough computing power. We describe several algorithms, including the elliptic curve method (ECM), and the multiplepolynomial quadratic sieve (MPQS) algorithm, and discuss their parallel implementation. It turns out that some of the algorithms are very well suited to parallel implementation. Doubling the degree of parallelism (i.e. the amount of hardware devoted to the problem) roughly increases the size of a number which can be factored in a fixed time by 3 decimal digits. Some recent computational results are mentioned – for example, the complete factorisation of the 617decimal digit Fermat number F11 = 2211 + 1 which was accomplished using ECM.
Searching for the Optimum Correlation Attack
 FSE’94, LNCS 1008
, 1995
"... We present some new ideas on attacking stream ciphers based on regularly clocked shift registers. The nonlinear lter functions used in such systems may leak information if they interact with shifted copies of themselves, and this gives us a systematic way to search for correlations between a keystr ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
We present some new ideas on attacking stream ciphers based on regularly clocked shift registers. The nonlinear lter functions used in such systems may leak information if they interact with shifted copies of themselves, and this gives us a systematic way to search for correlations between a keystream and the underlying shift register sequence.
I.: Making a Nymbler Nymble using VERBS
, 2010
"... Abstract. We propose a new system modeled after Nymble. Like Nymble, our scheme provides a privacypreserving analog of IP address blocking for anonymizing networks. However, unlike Nymble, the user in our scheme need not trust third parties to maintain their anonymity. We achieve this while avoidin ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
Abstract. We propose a new system modeled after Nymble. Like Nymble, our scheme provides a privacypreserving analog of IP address blocking for anonymizing networks. However, unlike Nymble, the user in our scheme need not trust third parties to maintain their anonymity. We achieve this while avoiding the use of trusted hardware and without requiring an offline credential issuing authority to guarantee that users do not obtain multiple credentials. We use zeroknowledge proofs to reduce the capabilities of colluding third parties, and introduce a new cryptographic technique that we call verifierefficient restricted blind signatures, or VERBS, to maintain efficiency. Signature verification with our VERBS are 1–2 orders of magnitude faster than existing restricted blind signatures.