Results 1  10
of
24
Robustness Principles for Public Key Protocols
, 1995
"... : We present a number of attacks, some new, on public key protocols. We also advance a number of principles which may help designers avoid many of the pitfalls, and help attackers spot errors which can be exploited. 1 Introduction Cryptographic protocols are typically used to identify a user to a co ..."
Abstract

Cited by 121 (9 self)
 Add to MetaCart
(Show Context)
: We present a number of attacks, some new, on public key protocols. We also advance a number of principles which may help designers avoid many of the pitfalls, and help attackers spot errors which can be exploited. 1 Introduction Cryptographic protocols are typically used to identify a user to a computer system, to authenticate a transaction, or to set up a key. They typically involve the exchange of about 25 messages, and they are very easy to get wrong: bugs have been found in well known protocols years after they were first published. This is quite remarkable; after all, a protocol is a kind of program, and one would expect to get any other program of this size right by staring at it for a while. A number of remedies have been proposed. One approach is formal mathematical proof, and can range from systematic protocol verification techniques such as the BAN logic [BAN89] to the casebycase reduction of security claims to the intractability of some problem such as factoring. Anot...
RIPEMD160: A Strengthened Version of RIPEMD
, 1996
"... Abstract. Cryptographic hash functions are an important tool in cryptography for applications such as digital fingerprinting of messages, message authentication, and key derivation. During the last five years, several fast software hash functions have been proposed; most of them are based on the des ..."
Abstract

Cited by 121 (17 self)
 Add to MetaCart
Abstract. Cryptographic hash functions are an important tool in cryptography for applications such as digital fingerprinting of messages, message authentication, and key derivation. During the last five years, several fast software hash functions have been proposed; most of them are based on the design principles of Ron Rivest’s MD4. One such proposal was RIPEMD, which was developed in the framework of the EU project RIPE (Race Integrity Primitives Evaluation). Because of recent progress in the cryptanalysis of these hash functions, we propose a new version of RIPEMD with a 160bit result, as well as a plugin substitute for RIPEMD with a 128bit result. We also compare the software performance of several MD4based algorithms, which is of independent interest. 1
Cryptographic HashFunction Basics: Definitions, Implications, and Separations for Preimage Resistance, SecondPreimage Resistance, and Collision Resistance
, 2004
"... We consider basic notions of security for cryptographic hash functions: collision resistance, preimage resistance, and secondpreimage resistance. We give seven di#erent definitions that correspond to these three underlying ideas, and then we work out all of the implications and separations among ..."
Abstract

Cited by 83 (3 self)
 Add to MetaCart
We consider basic notions of security for cryptographic hash functions: collision resistance, preimage resistance, and secondpreimage resistance. We give seven di#erent definitions that correspond to these three underlying ideas, and then we work out all of the implications and separations among these seven definitions within the concretesecurity, provablesecurity framework.
Cryptographic Hash Functions: A Survey
, 1995
"... This paper gives a survey on cryptographic hash functions. It gives an overview of all types of hash functions and reviews design principals and possible methods of attacks. It also focuses on keyed hash functions and provides the applications, requirements, and constructions of keyed hash functions ..."
Abstract

Cited by 39 (7 self)
 Add to MetaCart
(Show Context)
This paper gives a survey on cryptographic hash functions. It gives an overview of all types of hash functions and reviews design principals and possible methods of attacks. It also focuses on keyed hash functions and provides the applications, requirements, and constructions of keyed hash functions.
Tiger: A Fast New Hash Function
 Fast Software Encryption, Third International Workshop Proceedings
, 1996
"... Among those cryptographic hash function which are not based on block ciphers, MD4 and Snefru seemed initially quite attractive for applications requiring fast software hashing. However collisions for Snefru were found in 1990, and recently a collision of MD4 was also found. This casts doubt on how l ..."
Abstract

Cited by 38 (1 self)
 Add to MetaCart
(Show Context)
Among those cryptographic hash function which are not based on block ciphers, MD4 and Snefru seemed initially quite attractive for applications requiring fast software hashing. However collisions for Snefru were found in 1990, and recently a collision of MD4 was also found. This casts doubt on how long these functions' variants, such as RIPEMD, MD5, SHA, SHA1 and Snefru8, will remain unbroken. Furthermore, all these functions were designed for 32bit processors, and cannot be implemented efficiently on the new generation of 64bit processors such as the DEC Alpha. We therefore present a new hash function which we believe to be secure; it is designed to run quickly on 64bit processors, without being too slow on existing machines.
A Cryptographic Evaluation of IPsec
 Counterpane Internet Security, Inc
, 2000
"... Introduction In February 1999, we performed an evaluation of IPsec based on the November 1998 RFCs for IPsec [KA98c, KA98a, MG98a, MG98b, MD98, KA98b, Pip98, MSST98, HC98, GK98, TDG98, PA98]. Our evaluation focused primarily on the cryptographic properties of IPsec. We concentrated less on the inte ..."
Abstract

Cited by 37 (0 self)
 Add to MetaCart
(Show Context)
Introduction In February 1999, we performed an evaluation of IPsec based on the November 1998 RFCs for IPsec [KA98c, KA98a, MG98a, MG98b, MD98, KA98b, Pip98, MSST98, HC98, GK98, TDG98, PA98]. Our evaluation focused primarily on the cryptographic properties of IPsec. We concentrated less on the integration aspects of IPsec, as neither of us is intimately familiar with typical IP implementations, IPsec was a great disappointment to us. Given the quality of the people that worked on it and the time that was spent on it, we expected a much better result. We are not alone in this opinion; from various discussions with the people involved, we learned that virtually nobody is satisfied with the process or the result. The development of IPsec seems to have been burdened by the committee process that it was forced to use, and it shows in the results. Even with all the serious critisisms that we have on IPsec, it is probably the best IP security protocol available at the moment. We hav
Faster LubyRackoff Ciphers
, 1996
"... . This paper deals with a generalization of Luby's and Rackoff 's results [9] on the construction of block ciphers and their consequences for block cipher implementations. Based on dedicated hash functions, block ciphers are proposed which are more efficient and operate on larger blocks th ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
. This paper deals with a generalization of Luby's and Rackoff 's results [9] on the construction of block ciphers and their consequences for block cipher implementations. Based on dedicated hash functions, block ciphers are proposed which are more efficient and operate on larger blocks than their original LubyRackoff counterparts. 1 Introduction One usually demands a block cipher to be secure and efficient. Other notsocommon demands are to be simple and to cope with large blocks. Consider a cipher being provably secure if another cryptographic primitive is secure. This reduces the number of security assumptions a cryptographic application has to depend onand thus the application's chance to be broken. Based on pseudorandom functions, Luby and Rackoff [9] described provably secure block ciphers. This theoretical breakthrough is also of practical interest pseudorandomness is a design goal for today's dedicated hash functions. E.g. the authors of RIPEMD write [14]: "It is the...
Assche. Sponge functions
, 2007
"... XProofpointVirusVersion: vendor=fsecure engine=4.65.5502:2.3.11,1.2.37,4.0.164 definitions=20070427_05:20070427,20070427,20070427 signatures=0 XPPSpamDetails: rule=spampolicy2_notspam policy=spampolicy2 score=0 spamscore=0 ipscore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 rea ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
(Show Context)
XProofpointVirusVersion: vendor=fsecure engine=4.65.5502:2.3.11,1.2.37,4.0.164 definitions=20070427_05:20070427,20070427,20070427 signatures=0 XPPSpamDetails: rule=spampolicy2_notspam policy=spampolicy2 score=0 spamscore=0 ipscore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=3.1.00703060001 definitions=main0704270063 XPPSpamScore: 0 XNISTMailScanner: Found to be clean
BEAST: A fast block cipher for arbitrary blocksizes
, 1996
"... This paper describes BEAST, a new blockcipher for arbitrary size blocks. It is a LubyRackoff cipher and fast when the blocks are large. BEAST is assembled from cryptographic hash functions and stream ciphers. It is provably secure if these building blocks are secure. For smartcard applications, a v ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
This paper describes BEAST, a new blockcipher for arbitrary size blocks. It is a LubyRackoff cipher and fast when the blocks are large. BEAST is assembled from cryptographic hash functions and stream ciphers. It is provably secure if these building blocks are secure. For smartcard applications, a variant BEASTRK is proposed, where the bulk operations can be done by the smartcard's host without knowing the key. Only fast keydependent operations remain to be done by the smartcard. 1 INTRODUCTION Based on random functions, Luby and Rackoff (1988) described provably secure block ciphers. This theoretical breakthrough is of practical interest, since it enables us to assemble a secure cipher from secure components. Components are known, which we can reasonably expect to be secure. In this paper, the hash function SHA1 (see Schneier, 1995) and the stream cipher SEAL (Rogaway and Coppersmith, 1993) are considered as components, though other choices would do, as well (Lucks, 1996). SHA1 ...
On Secure and Pseudonymous ClientRelationships with Multiple Servers
 ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY
, 1999
"... This paper introduces a cryptographic engine, Janus, that assists clients in establishing and maintaining secure and pseudonymous relationships with multiple servers. The setting is such that clients reside on a particular subnet (e.g., corporate intranet, ISP) and the servers reside anywhere on the ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
This paper introduces a cryptographic engine, Janus, that assists clients in establishing and maintaining secure and pseudonymous relationships with multiple servers. The setting is such that clients reside on a particular subnet (e.g., corporate intranet, ISP) and the servers reside anywhere on the Internet. The Janus engine allows for each clientserver relationship to use either weak or strong authentication on each interaction. At the same time, each interaction preserves privacy by neither revealing a client's true identity (\modulo &quot; the subnet) nor the set of servers with which a particular client interacts. Furthermore, clients do not need any secure longterm memory, enabling scalability and mobility. The interaction model extends to allow servers to send data back to clients via email at a later date. Hence, our results complement the functionality of current network anonymity tools and remailers. The paper also describes the design and implementation of the Lucent Personalized Web Assistant (LPWA), which is a practical system that provides secure and pseudonymous relations with multiple servers on the Internet. LPWA employs the Janus function to generate sitespeci c person, which consist of alias usernames, passwords and email addresses.