Results 1  10
of
134
HMAC: KeyedHashing for Message Authentication
, 1997
"... This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative ..."
Abstract

Cited by 442 (3 self)
 Add to MetaCart
This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. 1.
Security Arguments for Digital Signatures and Blind Signatures
 JOURNAL OF CRYPTOLOGY
, 2000
"... Since the appearance of publickey cryptography in the seminal DiffieHellman paper, many new schemes have been proposed and many have been broken. Thus, the ..."
Abstract

Cited by 374 (41 self)
 Add to MetaCart
Since the appearance of publickey cryptography in the seminal DiffieHellman paper, many new schemes have been proposed and many have been broken. Thus, the
How to break MD5 and other hash functions
 In EUROCRYPT
, 2005
"... Abstract. MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi freestart collision, in which the initial value of the has ..."
Abstract

Cited by 316 (7 self)
 Add to MetaCart
Abstract. MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi freestart collision, in which the initial value of the hash function is replaced by a nonstandard value, which is the result of the attack. In this paper we present a new powerful attack on MD5 which allows us to find collisions efficiently. We used this attack to find collisions of MD5 in about 15 minutes up to an hour computation time. The attack is a differential attack, which unlike most differential attacks, does not use the exclusiveor as a measure of difference, but instead uses modular integer subtraction as the measure. We call this kind of differential a modular differential. An application of this attack to MD4 can find a collision in less than a fraction of a second. This attack is also applicable to other hash functions, such as RIPEMD and HAVAL. 1
The Elliptic Curve Digital Signature Algorithm (ECDSA)
, 1999
"... The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideratio ..."
Abstract

Cited by 173 (5 self)
 Add to MetaCart
(Show Context)
The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideration for inclusion in some other ISO standards. Unlike the ordinary discrete logarithm problem and the integer factorization problem, no subexponentialtime algorithm is known for the elliptic curve discrete logarithm problem. For this reason, the strengthperkeybit is substantially greater in an algorithm that uses elliptic curves. This paper describes the ANSI X9.62 ECDSA, and discusses related security, implementation, and interoperability issues. Keywords: Signature schemes, elliptic curve cryptography, DSA, ECDSA.
Key Agreement Protocols and their Security Analysis
, 1997
"... This paper proposes new protocols for two goals: authenticated key agreement and authenticated key agreement with key confirmation in the asymmetric (publickey) setting. A formal ..."
Abstract

Cited by 164 (6 self)
 Add to MetaCart
This paper proposes new protocols for two goals: authenticated key agreement and authenticated key agreement with key confirmation in the asymmetric (publickey) setting. A formal
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 66 (8 self)
 Add to MetaCart
(Show Context)
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
Better than BiBa: Short Onetime Signatures with Fast Signing and Verifying
 In Seventh Australasian Conference on Information Security and Privacy (ACISP 2002
, 2002
"... Onetime signature schemes have found numerous applications: in ordinary, online/offline, and forwardsecure signatures. More recently, they have been used in multicast and broadcast authentication. We propose a onetime signature scheme with very efficient signing and verifying, and short signatu ..."
Abstract

Cited by 65 (0 self)
 Add to MetaCart
(Show Context)
Onetime signature schemes have found numerous applications: in ordinary, online/offline, and forwardsecure signatures. More recently, they have been used in multicast and broadcast authentication. We propose a onetime signature scheme with very efficient signing and verifying, and short signatures. Our scheme is wellsuited for broadcast authentication, and, in fact, can be viewed as an improvement of the BiBa onetime signature (proposed by Perrig in CCS 2001 for broadcast authentication).
Fast Hashing on the Pentium
 Advances in Cryptology, Proceedings Crypto'96, LNCS 1109
, 1996
"... With the advent of the Pentium processor parallelization finally became available to Intel based computer systems. One of the design principles of the MD4family of hash functions (MD4, MD5, SHA1, RIPEMD160) is to be fast on the 32bit Intel processors. This paper shows that carefully coded im ..."
Abstract

Cited by 46 (6 self)
 Add to MetaCart
With the advent of the Pentium processor parallelization finally became available to Intel based computer systems. One of the design principles of the MD4family of hash functions (MD4, MD5, SHA1, RIPEMD160) is to be fast on the 32bit Intel processors. This paper shows that carefully coded implementations of these hash functions are able to exploit the Pentium's superscalar architecture to its maximum e#ect: the performance with respect to execution on a nonparallel architecture increases by about 60%. This is an important result in view of the recent claims on the limited data bandwidth of these hash functions.
PracticeOriented ProvableSecurity
 in First International Workshop on Information Security(ISW97
, 1997
"... This article is intended to provide some background and tell you about the bigger picture. the plaintext M to create a ciphertext C, which is transmitted to the receiver. The latter applies ..."
Abstract

Cited by 45 (0 self)
 Add to MetaCart
(Show Context)
This article is intended to provide some background and tell you about the bigger picture. the plaintext M to create a ciphertext C, which is transmitted to the receiver. The latter applies
Authentication and Payment in Future Mobile Systems
"... This article presents an efficient publickey protocol for mutual authentication and key exchange designed for third generation mobile communications systems. The paper also demonstrates how a micropayment scheme can be integrated into the authentication protocol; this payment protocol allows for th ..."
Abstract

Cited by 40 (2 self)
 Add to MetaCart
This article presents an efficient publickey protocol for mutual authentication and key exchange designed for third generation mobile communications systems. The paper also demonstrates how a micropayment scheme can be integrated into the authentication protocol; this payment protocol allows for the provision of incontestable charging. The problem of establishing authenticated public keys through crosscertification is addressed.