Results 1 
9 of
9
Chosenciphertext secure keyencapsulation based on Gap Hashed DiffieHellman
, 2007
"... We propose a practical key encapsulation mechanism with a simple and intuitive design concept. Security against chosenciphertext attacks can be proved in the standard model under a new assumption, the Gap Hashed DiffieHellman (GHDH) assumption. The security reduction is tight and simple. Secure k ..."
Abstract

Cited by 20 (4 self)
 Add to MetaCart
(Show Context)
We propose a practical key encapsulation mechanism with a simple and intuitive design concept. Security against chosenciphertext attacks can be proved in the standard model under a new assumption, the Gap Hashed DiffieHellman (GHDH) assumption. The security reduction is tight and simple. Secure key encapsulation, combined with an appropriately secure symmetric encryption scheme, yields a hybrid publickey encryption scheme which is secure against chosenciphertext attacks. The implied encryption scheme is very efficient: compared to the previously most efficient scheme by Kurosawa and Desmedt [Crypto 2004] it has 128 bits shorter ciphertexts, between 2550 % shorter public/secret keys, and it is slightly more efficient in terms of encryption/decryption speed. Furthermore, our scheme enjoys (the option of) public verifiability of the ciphertexts and it inherits all practical advantages of secure hybrid encryption.
A Security Analysis of the NIST SP 80090 Elliptic Curve Random Number Generator. Cryptology ePrint Archive, Report 2007/048
, 2007
"... An elliptic curve random number generator (ECRNG) has been approved in a NIST standards and proposed for ANSI and SECG draft standards. This paper proves that, if three conjectures are true, then the ECRNG is secure. The three conjectures are hardness of the elliptic curve decisional DiffieHellman ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
An elliptic curve random number generator (ECRNG) has been approved in a NIST standards and proposed for ANSI and SECG draft standards. This paper proves that, if three conjectures are true, then the ECRNG is secure. The three conjectures are hardness of the elliptic curve decisional DiffieHellman problem and the hardness of two newer problems, the xlogarithm problem and the truncated point problem. The xlogarithm problem is shown to be hard if the decisional DiffieHellman problem is hard, although the reduction is not tight. The truncated point problem is shown to be solvable when the minimum amount of bits allowed in NIST standards are truncated, thereby making it insecure for applications such as stream ciphers. Nevertheless, it is argued that for nonce and key generation this distinguishability is harmless.
PublicKey Cryptography from New Multivariate Quadratic Assumptions
, 2012
"... In this work, we study a new multivariate quadratic (MQ) assumption that can be used to construct publickey encryptions. In particular, we research in the following two directions: • We establish a precise asymptotic formulation of a family of hard MQ problems, and provide empirical evidence to con ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
In this work, we study a new multivariate quadratic (MQ) assumption that can be used to construct publickey encryptions. In particular, we research in the following two directions: • We establish a precise asymptotic formulation of a family of hard MQ problems, and provide empirical evidence to confirm the hardness. • We construct publickey encryption schemes, and prove their security under the hardness assumption of this family. Also, we provide a new perspective to look at MQ systems that plays a key role to our design and proof of security. As a consequence, we construct the first publickey encryption scheme that is provably secure under the MQ assumption. Moreover, our publickey encryption scheme is efficient in the sense that it only needs a ciphertext length L + poly(k) to encrypt a message M ∈ {0, 1} L for any unprespecified polynomial L, where k is the security parameter. This is essentially optimal since an additive overhead is the best we can hope for. 1
On pseudorandomization of informationtheoretically secure schemes without hardness assumptions
, 2012
"... A recent work by Nuida and Hanaoka (in ICITS 2009) provided a proof technique for security of informationtheoretically secure cryptographic schemes in which the random input tape is implemented by a pseudorandom generator (PRG). In this paper, we revisit their proof technique and generalize it by i ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
A recent work by Nuida and Hanaoka (in ICITS 2009) provided a proof technique for security of informationtheoretically secure cryptographic schemes in which the random input tape is implemented by a pseudorandom generator (PRG). In this paper, we revisit their proof technique and generalize it by introducing some tradeoff factor, which involves the original proof technique as a special case and provides a room of improvement of the preceding result. Secondly, we consider two issues of the preceding result; one is the requirement of some hardness assumption in their proof; another is the gap between nonuniform and uniform computational models appearing when transferring from the exact security formulation adopted in the preceding result to the usual asymptotic security. We point out that these two issues can be resolved by using a PRG proposed by Impagliazzo, Nisan and Wigderson (in STOC 1994) against memorybounded distinguishers, instead of usual PRGs against timebounded distinguishers. We also give a precise formulation of a computational model explained by Impagliazzo et al., and by using this, perform a numerical comparison showing that, despite the significant advantage of removing hardness assumptions, our result is still better than, or at least competitive to, the preceding result from quantitative viewpoints. The results of this paper would suggest a new motivation to use PRGs against distinguishers with computational constraints other than time complexity in practical situations rather than just theoretical works. Keywords: Informationtheoretic security, pseudorandomization, unconditional security, Impagliazzo– Nisan–Wigderson pseudorandom generator
Secure PRNGs from Specialized Polynomial Maps over Any Fq
"... Abstract. Berbain, Gilbert, and Patarin presented QUAD, a pseudo random number generator (PRNG) at Eurocrypt 2006. QUAD (as PRNG and stream cipher) may be proved secure based on an interesting hardness assumption about the onewayness of multivariate quadratic polynomial systems over F2. The origina ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Berbain, Gilbert, and Patarin presented QUAD, a pseudo random number generator (PRNG) at Eurocrypt 2006. QUAD (as PRNG and stream cipher) may be proved secure based on an interesting hardness assumption about the onewayness of multivariate quadratic polynomial systems over F2. The original BGP proof only worked for F2 and left a gap to general Fq. We show that the result can be generalized to any arbitrary finite field Fq, and thus produces a stream cipher with alphabets in Fq. Further, we generalize the underlying hardness assumption to specialized systems in Fq (including F2) that can be evaluated more efficiently. Barring breakthroughs in the current stateoftheart for systemsolving, a rough implementation of a provably secure instance of our new PRNG is twice as fast and takes 1/10 the storage of an instance of QUAD with the same level of provable security. Recent results on specialization on security are also examined. And we conclude that our ideas are consistent with these new developments and complement them. This gives a clue that we may build secure primitives based on specialized polynomial maps which are more efficient.
Elliptic Curve based Authenticated Session Key Establishment Protocol for High Security Applications in Constrained Network Environment
"... The existing authenticated session key establishment protocols are either vulnerable to dictionary attack on identity privacy of a client or the methods adopted to resist this attack are found to be computationally inefficient. This paper proposes a new authenticated key establishment protocol which ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
The existing authenticated session key establishment protocols are either vulnerable to dictionary attack on identity privacy of a client or the methods adopted to resist this attack are found to be computationally inefficient. This paper proposes a new authenticated key establishment protocol which uses elliptic curve based DDH problem. The protocol provides identity privacy of the client in addition to the other security properties needed for a session key establishment protocol. In comparison with the existing protocols, the proposed protocol offers equivalent security with less parameters resulting in lower computational load, communication bandwidth cost, power consumption and memory requirement.
pseudorandom
"... mathematical problem for security analysis of hash functions and ..."
(Show Context)
Modification Attack Effects on PRNGs: Empirical Studies and Theoretical Proofs
, 2014
"... Abstract: Random sequence as a critical part in a security system should be garranted as random that should be secure from any attacks. Modification attack is one of possible attacks on random generator in order to make the generator function mislead or the output random sequences bias. From previou ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract: Random sequence as a critical part in a security system should be garranted as random that should be secure from any attacks. Modification attack is one of possible attacks on random generator in order to make the generator function mislead or the output random sequences bias. From previous research, it was shown that 1bit modification attack has effects on the randomness property of AESbased PRNG outputs under advantage ε = 0.00001 based on statistical distance test and entropy difference test. In this paper, we propose the extended research on some other PRNGs i.e. Rabbit, Dragon, ANSI X9.17 and ANSI X9.31 under the same scenario with intensity of modification (1bit to 3bits) per block. From the experiment results we found that the modification attack already has effects on the four algorithms under advantage ε = 0.001 with intensity 3bits per block. Even on PRNG X9.17, the attack effect is already significant for all intensity. The effect is getting more significant for all four algorithms under advantage ε = 0.0001 for all intensity. It is showed that PRNG ANSI X9.17 is weaker against the modification attack than the other three algorithms. From theoretical approach based on occurrance probability of an mbit pattern in the sequence after the attack, we got two results. First, the modification attack will have no effect on the probability distribution of each mbit pattern as long as the modified bits are balance. So it is possible that the randomness property of the target sequence still hold after the attack. Second, if the bits modified are not balanced then it caused the unbalanced of the probability distribution of the mbit patterns after attack that could make the randomness of the target sequence bias. Based on the two results, we concluded that the modification attack is potential to reduce the randomness property of the output sequences of a random