Results 1  10
of
1,195
Timing Attacks on Implementations of DiffieHellman, RSA, DSS, and Other Systems
, 1996
"... By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known cip ..."
Abstract

Cited by 651 (3 self)
 Add to MetaCart
By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known
The Decision DiffieHellman Problem
, 1998
"... The Decision DiffieHellman assumption (ddh) is a gold mine. It enables one to construct efficient cryptographic systems with strong security properties. In this paper we survey the recent applications of DDH as well as known results regarding its security. We describe some open problems in this are ..."
Abstract

Cited by 237 (7 self)
 Add to MetaCart
in this area. 1 Introduction An important goal of cryptography is to pin down the exact complexity assumptions used by cryptographic protocols. Consider the DiffieHellman key exchange protocol [12]: Alice and Bob fix a finite cyclic group G and a generator g. They respectively pick random a; b 2 [1; j
On DiffieHellman Key Agreement with Short Exponents
 Proc. Eurocrypt '96, LNCS 1070
, 1996
"... The difficulty of computing discrete logarithms known to be "short" is examined, motivated by recent practical interest in using DiftieHellman key agreement with short exponents (e.g. over Zp with 160bit exponents and 1024bit primes p). A new divideandconquer algorithm for discret ..."
Abstract

Cited by 69 (0 self)
 Add to MetaCart
The difficulty of computing discrete logarithms known to be "short" is examined, motivated by recent practical interest in using DiftieHellman key agreement with short exponents (e.g. over Zp with 160bit exponents and 1024bit primes p). A new divideandconquer algorithm
On the Security of Diffie–Hellman Bits
"... Abstract. Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a “hidden ” element α of a finite field IFp of p elements from rather short strings of the most significant bits of the remainder modulo p of αt for several values of t selected uniformly at random from ..."
Abstract
 Add to MetaCart
fixed ε> 0. We also use this generalization to improve (and correct) one of the statements of the aforementioned work about the computational security of the most significant bits of the Diffie–Hellman key. 1.
Symbolic Protocol Analysis for DiffieHellman
"... Abstract. We extend symbolic protocol analysis to apply to protocols using DiffieHellman operations. DiffieHellman operations act on a cyclic group of prime order, together with an exponentiation operator. The exponents form a finite field. This rich algebraic structure has resisting previous symb ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract. We extend symbolic protocol analysis to apply to protocols using DiffieHellman operations. DiffieHellman operations act on a cyclic group of prime order, together with an exponentiation operator. The exponents form a finite field. This rich algebraic structure has resisting previous
Symbolic Protocol Analysis for DiffieHellman
"... Abstract. We extend symbolic protocol analysis to apply to protocols using DiffieHellman operations. DiffieHellman operations act on a cyclic group of prime order, together with an exponentiation operator. The exponents form a finite field. This rich algebraic structure has resisting previous symb ..."
Abstract
 Add to MetaCart
Abstract. We extend symbolic protocol analysis to apply to protocols using DiffieHellman operations. DiffieHellman operations act on a cyclic group of prime order, together with an exponentiation operator. The exponents form a finite field. This rich algebraic structure has resisting previous
Deciding the security of protocols with DiffieHellman exponentiation and products in exponents
, 2003
"... ..."
On certain exponential sums and the distribution of DiffieHellman triples
 J. London Math. Soc
, 1999
"... Let g be a primitive root modulo a prime p. It is proved that the triples (gx,gy,gxy), x,y�1,…,p�1, are uniformly distributed modulo p in the sense of H. Weyl. This result is based on the following upper bound for double exponential sums. Let ε�0 be fixed. Then p−� x,y=� exp0 2πiagx�bgy�cgxy ..."
Abstract

Cited by 28 (13 self)
 Add to MetaCart
Let g be a primitive root modulo a prime p. It is proved that the triples (gx,gy,gxy), x,y�1,…,p�1, are uniformly distributed modulo p in the sense of H. Weyl. This result is based on the following upper bound for double exponential sums. Let ε�0 be fixed. Then p−� x,y=� exp0 2πiagx�bgy�cgxy
An Algebra for Symbolic DiffieHellman Protocol Analysis
"... Abstract. We study the algebra underlying symbolic protocol analysis for protocols using DiffieHellman operations. DiffieHellman operations act on a cyclic group of prime order, together with an exponentiation operator. The exponents form a finite field: this rich algebraic structure has resisted ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. We study the algebra underlying symbolic protocol analysis for protocols using DiffieHellman operations. DiffieHellman operations act on a cyclic group of prime order, together with an exponentiation operator. The exponents form a finite field: this rich algebraic structure has resisted
The computational and decisional DiffieHellman assumptions in CryptoVerif
"... We present an extension of CryptoVerif to DiffieHellman key agreements. CryptoVerif [1] is a security protocol verifier sound in the computational model, which produces proofs by sequences of games. CryptoVerif provides a generic method for specifying security assumptions on primitives. However, th ..."
Abstract
 Add to MetaCart
, this method did not support the computational and decisional DiffieHellman assumptions. We have extended it to support these assumptions, which required the following additions: – DiffieHellman key agreements consider a cyclic group G with generator g. One protocol participant A chooses a random exponent a
Results 1  10
of
1,195