Results 1  10
of
88,680
How to Choose Secret Parameters for RSAtype Cryptosystems over Elliptic Curves
, 1997
"... . Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSAtype cryptosystems over elliptic curves. The analysis is more difficult because the underlying grou ..."
Abstract
 Add to MetaCart
. Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSAtype cryptosystems over elliptic curves. The analysis is more difficult because the underlying
Cryptanalysis of RSAtype cryptosystem: A visit
 Theoretical Computer Science
, 1998
"... ABSTRACT. This paper surveys RSAtype implementations based on Lucas sequences and on elliptic curves. The main focus is the way how some known attacks on RSA were extended to LUC, KMOV and Demytko’s system. It also gives some directions for the choice of the most appropriate RSAtype system for a g ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
ABSTRACT. This paper surveys RSAtype implementations based on Lucas sequences and on elliptic curves. The main focus is the way how some known attacks on RSA were extended to LUC, KMOV and Demytko’s system. It also gives some directions for the choice of the most appropriate RSAtype system for a
A New and Optimal ChosenMessage Attack on RSAType Cryptosystems
 Signatures in the Presence of Transient Faults 7 in the proceedings of the International Conference on Information and Communications Security
, 1997
"... Chosenmessage attack on RSA is usually considered as an inherent property of its homomorphic structure. In this paper, we show that nonhomomorphic RSAtype cryptosystems are also susceptible to a chosenmessage attack. In particular, we prove that only one message is needed to mount a successful c ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Chosenmessage attack on RSA is usually considered as an inherent property of its homomorphic structure. In this paper, we show that nonhomomorphic RSAtype cryptosystems are also susceptible to a chosenmessage attack. In particular, we prove that only one message is needed to mount a successful
The irreducibility of the space of curves of given genus
 Publ. Math. IHES
, 1969
"... Fix an algebraically closed field k. Let Mg be the moduli space of curves of genus g over k. The main result of this note is that Mg is irreducible for every k. Of course, whether or not M s is irreducible depends only on the characteristic of k. When the characteristic s o, we can assume that k ~ ..."
Abstract

Cited by 512 (2 self)
 Add to MetaCart
is to construct families of curves X, some singular, with pa(X)=g, over nonsingular parameter spaces, which in some sense contain enough singular curves to link together any two components that Mg might have. The essential thing that makes this method work now is a recent " stable reduction theorem "
ChosenCiphertext Secure RSAtype
"... Abstract. This paper explains how to design fully secure RSAtype cryptosystems from schemes only secure against passive attacks, in the standard model. We rely on instanceindependence assumptions, which, roughly speaking, conjecture that for certain problems, an interactive access to a solver for ..."
Abstract
 Add to MetaCart
Abstract. This paper explains how to design fully secure RSAtype cryptosystems from schemes only secure against passive attacks, in the standard model. We rely on instanceindependence assumptions, which, roughly speaking, conjecture that for certain problems, an interactive access to a solver
Short signatures from the Weil pairing
, 2001
"... Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signa ..."
Abstract

Cited by 743 (28 self)
 Add to MetaCart
Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1699 (29 self)
 Add to MetaCart
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
, 1999
"... Differential Power Analysis, first introduced by Kocher et al. in [14], is a powerful technique allowing to recover secret smart card information by monitoring power signals. In [14] a specific DPA attack against smartcards running the DES algorithm was described. As few as 1000 encryptions were su ..."
Abstract

Cited by 242 (2 self)
 Add to MetaCart
sufficient to recover the secret key. In this paper we generalize DPA attack to elliptic curve (EC) cryptosystems and describe a DPA on EC DiffieHellman key exchange and EC ElGamal type encryption. Those attacks enable to recover the private key stored inside the smartcard. Moreover, we suggest
Random key predistribution schemes for sensor networks
 IN PROCEEDINGS OF THE 2003 IEEE SYMPOSIUM ON SECURITY AND PRIVACY
, 2003
"... Key establishment in sensor networks is a challenging problem because asymmetric key cryptosystems are unsuitable for use in resource constrained sensor nodes, and also because the nodes could be physically compromised by an adversary. We present three new mechanisms for key establishment using the ..."
Abstract

Cited by 813 (14 self)
 Add to MetaCart
Key establishment in sensor networks is a challenging problem because asymmetric key cryptosystems are unsuitable for use in resource constrained sensor nodes, and also because the nodes could be physically compromised by an adversary. We present three new mechanisms for key establishment using
Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Technical Report 2003/235, Cryptology ePrint archive, http://eprint.iacr.org, 2006. Previous version appeared at EUROCRYPT 2004
 34 [DRS07] [DS05] [EHMS00] [FJ01] Yevgeniy Dodis, Leonid Reyzin, and Adam
, 2004
"... We provide formal definitions and efficient secure techniques for • turning noisy information into keys usable for any cryptographic application, and, in particular, • reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying mater ..."
Abstract

Cited by 532 (38 self)
 Add to MetaCart
We provide formal definitions and efficient secure techniques for • turning noisy information into keys usable for any cryptographic application, and, in particular, • reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible precisely and (2) not distributed uniformly. We propose two primitives: a fuzzy extractor reliably extracts nearly uniform randomness R from its input; the extraction is errortolerant in the sense that R will be the same even if the input changes, as long as it remains reasonably close to the original. Thus, R can be used as a key in a cryptographic application. A secure sketch produces public information about its input w that does not reveal w, and yet allows exact recovery of w given another value that is close to w. Thus, it can be used to reliably reproduce errorprone biometric inputs without incurring the security risk inherent in storing them. We define the primitives to be both formally secure and versatile, generalizing much prior work. In addition, we provide nearly optimal constructions of both primitives for various measures of “closeness” of input data, such as Hamming distance, edit distance, and set difference.
Results 1  10
of
88,680