Results 1  10
of
4,671
Algorithms for Quantum Computation: Discrete Logarithms and Factoring
, 1994
"... A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a increase in computation time of at most a polynomial factor. It is not clear whether this is still true when quantum mechanics is taken into consi ..."
Abstract

Cited by 1103 (7 self)
 Add to MetaCart
of steps which is polynomial in the input size, e.g., the number of digits of the integer to be factored. These two problems are generally considered hard on a classical computer and have been used as the basis of several proposed cryptosystems. (We thus give the first examples of quantum cryptanalysis.) 1
Good ErrorCorrecting Codes based on Very Sparse Matrices
, 1999
"... We study two families of errorcorrecting codes defined in terms of very sparse matrices. "MN" (MacKayNeal) codes are recently invented, and "Gallager codes" were first investigated in 1962, but appear to have been largely forgotten, in spite of their excellent properties. The ..."
Abstract

Cited by 741 (23 self)
 Add to MetaCart
We study two families of errorcorrecting codes defined in terms of very sparse matrices. "MN" (MacKayNeal) codes are recently invented, and "Gallager codes" were first investigated in 1962, but appear to have been largely forgotten, in spite of their excellent properties. The decoding of both codes can be tackled with a practical sumproduct algorithm. We prove that these codes are "very good," in that sequences of codes exist which, when optimally decoded, achieve information rates up to the Shannon limit. This result holds not only for the binarysymmetric channel but also for any channel with symmetric stationary ergodic noise. We give experimental results for binarysymmetric channels and Gaussian channels demonstrating that practical performance substantially better than that of standard convolutional and concatenated codes can be achieved; indeed, the performance of Gallager codes is almost as close to the Shannon limit as that of turbo codes.
Data Security
, 1979
"... The rising abuse of computers and increasing threat to personal privacy through data banks have stimulated much interest m the techmcal safeguards for data. There are four kinds of safeguards, each related to but distract from the others. Access controls regulate which users may enter the system and ..."
Abstract

Cited by 611 (3 self)
 Add to MetaCart
The rising abuse of computers and increasing threat to personal privacy through data banks have stimulated much interest m the techmcal safeguards for data. There are four kinds of safeguards, each related to but distract from the others. Access controls regulate which users may enter the system and subsequently whmh data sets an active user may read or wrote. Flow controls regulate the dissemination of values among the data sets accessible to a user. Inference controls protect statistical databases by preventing questioners from deducing confidential information by posing carefully designed sequences of statistical queries and correlating the responses. Statlstmal data banks are much less secure than most people beheve. Data encryption attempts to prevent unauthorized disclosure of confidential information in transit or m storage. This paper describes the general nature of controls of each type, the kinds of problems they can and cannot solve, and their inherent limitations and weaknesses. The paper is intended for a general audience with little background in the area.
NonMalleable Cryptography
 SIAM Journal on Computing
, 2000
"... The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. ..."
Abstract

Cited by 490 (21 self)
 Add to MetaCart
The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. The same concept makes sense in the contexts of string commitment and zeroknowledge proofs of possession of knowledge. Nonmalleable schemes for each of these three problems are presented. The schemes do not assume a trusted center; a user need not know anything about the number or identity of other system users. Our cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.
LEAP: Efficient Security Mechanisms for Largescale Distributed Sensor Networks
, 2003
"... Protocol), a key management protocol for sensor networks that is designed to support innetwork processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observ ..."
Abstract

Cited by 458 (22 self)
 Add to MetaCart
Protocol), a key management protocol for sensor networks that is designed to support innetwork processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observation that different types of messages exchanged between sensor nodes have different security requirements, and that a single keying mechanism is not suitable for meeting these different security requirements. LEAP supports the establishment of four types of keys for each sensor node – an individual key shared with the base station, a pairwise key shared with another sensor node, a cluster key shared with multiple neighboring nodes, and a group key that is shared by all the nodes in the network. The protocol used for establishing and updating these keys
PseudoCryptanalysis of Luffa
"... Abstract. In this paper, we present the pseudocollision, pseudosecondpreimage and pseudopreimage attacks on the SHA3 candidate algorithm Luffa. The pseudocollisions and pseudosecondpreimages can be found easily by computing the inverse of the message injection function at the beginning of Luf ..."
Abstract
 Add to MetaCart
of Luffa. We explain in details the pseudopreimage attacks. For Luffa224/256, given the hash value, only 2 iteration computations are needed to get a pseudopreimage. For Luffa384, finding a pseudopreimage needs about 2 64 iteration computations with 2 67 bytes memory by the extended generalized
Tamper Resistance  a Cautionary Note
 IN PROCEEDINGS OF THE SECOND USENIX WORKSHOP ON ELECTRONIC COMMERCE
, 1996
"... An increasing number of systems, from payTV to electronic purses, rely on the tamper resistance of smartcards and other security processors. We describe a number of attacks on such systems  some old, some new and some that are simply little known outside the chip testing community. We conclude th ..."
Abstract

Cited by 428 (15 self)
 Add to MetaCart
An increasing number of systems, from payTV to electronic purses, rely on the tamper resistance of smartcards and other security processors. We describe a number of attacks on such systems  some old, some new and some that are simply little known outside the chip testing community. We conclude that trusting tamper resistance is problematic; smartcards are broken routinely, and even a device that was described by a government signals agency as `the most secure processor generally available' turns out to be vulnerable. Designers of secure systems should consider the consequences with care.
Extending and Implementing the Stable Model Semantics
, 2002
"... A novel logic program like language, weight constraint rules, is developed for answer set programming purposes. It generalizes normal logic programs by allowing weight constraints in place of literals to represent, e.g., cardinality and resource constraints and by providing optimization capabilities ..."
Abstract

Cited by 395 (8 self)
 Add to MetaCart
A novel logic program like language, weight constraint rules, is developed for answer set programming purposes. It generalizes normal logic programs by allowing weight constraints in place of literals to represent, e.g., cardinality and resource constraints and by providing optimization capabilities. A declarative semantics is developed which extends the stable model semantics of normal programs. The computational complexity of the language is shown to be similar to that of normal programs under the stable model semantics. A simple embedding of general weight constraint rules to a small subclass of the language called basic constraint rules is devised. An implementation of the language, the smodels system, is developed based on this embedding. It uses a two level architecture consisting of a frontend and a kernel language implementation. The frontend allows restricted use of variables and functions and compiles general weight constraint rules to basic constraint rules. A major part of the work is the development of an ecient search procedure for computing stable models for this kernel language. The procedure is compared with and empirically tested against satis ability checkers and an implementation of the stable model semantics. It offers a competitive implementation of the stable model semantics for normal programs and attractive performance for problems where the new types of rules provide a compact representation.
The RC5 Encryption Algorithm
, 1995
"... Abstract. This document describes the RC5 encryption algorithm. RC5 is a fast symmetric block cipher suitable for hardware or software implementations. A novel feature of RC5 is the heavy use of datadependent rotations. RC5 has a variable word size, a variable number of rounds, and a variablelengt ..."
Abstract

Cited by 350 (7 self)
 Add to MetaCart
word (64bit) input (plaintext) and output (ciphertext) block sizes. RC5 uses an \expanded key table, " S, derived from the user's supplied secret key. The size t of table S depends on the number r of rounds: S has t =2(r +1) words. There are thus several distinct \RC5 " algorithms
Analysis of keyexchange protocols and their use for building secure channels
, 2001
"... Abstract. We present a formalism for the analysis of keyexchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any keyexchange protocol that satisfies the security definition can be composed with ..."
Abstract

Cited by 328 (21 self)
 Add to MetaCart
Abstract. We present a formalism for the analysis of keyexchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any keyexchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels (as defined here); and (ii) the definition allows for simple modular proofs of security: one can design and prove security of keyexchange protocols in an idealized model where the communication links are perfectly authenticated, and then translate them using general tools to obtain security in the realistic setting of adversarycontrolled links. We exemplify the usability of our results by applying them to obtain the proof of two classes of keyexchange protocols, DiffieHellman and keytransport, authenticated via symmetric or asymmetric techniques. 1
Results 1  10
of
4,671