Auflistung nach Autor:in "Lucks, Stefan"
1 - 10 von 14
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragAlgebraic attacks and and annihilators(WEWoRC 2005 – Western European Workshop on Research in Cryptology, 2005) Armknecht, FrederikAlgebraic attacks on block ciphers and stream ciphers have gained more and more attention in cryptography. Their idea is to express a cipher by a system of equations whose solution reveals the secret key. The complexity of an algebraic attack generally increases with the degree of the equations. Hence, low-degree equations are crucial for the efficiency of algebraic attacks. In the case of simple combiners over GF(2), it was proved in [9] that the existence of low-degree equations is equivalent to the existence of low-degree annihilators, and the term "algebraic immunity" was introduced. This result was extended to general finite fields GF (q) in [4]. In this paper, which improves parts of the unpublished eprint paper [2], we present a generalized framework which additionally covers combiners with memory and S- Boxes over GF (q). In all three cases, the existence of low-degree equations can be reduced to the existence of certain annihilators. This might serve as a starting point for further research.
- KonferenzbeitragAnalysis of simplified variants of SHA-256*(WEWoRC 2005 – Western European Workshop on Research in Cryptology, 2005) Matusiewicz, Krystian; Pieprzyk, Josef; Pramstaller, Norbert; Rechberger, Christian; Rijmen, VincentIn this paper we analyse the role of some of the building blocks of SHA-256. We show that the disturbance-correction strategy is applicable to the SHA-256 architecture and we prove that functions Σ, σ are vital for the security of SHA-256 by showing that for a variant without them it is possible to find collisions with complexity 264 hash operations. As a step towards an analysis of the full function, we present the results of our experiments on Hamming weights of expanded messages for different variants of the message expansion and show that there exist low-weight expanded messages for XOR-linearised variants.
- KonferenzbeitragApplications of partial hiding in RSA(WEWoRC 2005 – Western European Workshop on Research in Cryptology, 2005) Fhloinn, Eabhnat Ní; Purser, MichaelWe explore the possibility of exposing sections of the private key in RSA without jeopardising the security of the overall system. Making significant segments of the key publicly available greatly reduces the amount of data which must be securely hidden, allowing us to use biometric readings to protect the key. We suggest the use of iris recognition for this purpose and propose possible implementations of this scheme.
- KonferenzbeitragCollision attacks on processors with cache and countermeasures(WEWoRC 2005 – Western European Workshop on Research in Cryptology, 2005) Lauradoux, CédricImplementing cryptographic algorithms is a difficult problem since additional secret information can be recovered from some physical characteristics of a cryptographic device. Among all side-channel attacks, collision attacks and cache attacks are the most recent ones. The first technique uses side-channel information to detect internal collisions related to the algorithm. The second one exploits timing or power consumptions related to the memory accesses. This paper presents a new attack on the first round of AES based on power analysis, which combines both collision attacks and cache attacks. It provides many linear relations between the secret key bits from the encryption of a few chosen plaintexts. For instance, for a classical implementation using 4 lookup tables on a processor with 64-byte cache blocks, 48 linear relations involving half of the key bits are derived. Some countermeasures which defeat such attacks are also presented.
- KonferenzbeitragA cryptosystem "à la" ElGamal on an elliptic curve over Fp[ϵ](WEWoRC 2005 – Western European Workshop on Research in Cryptology, 2005) Virat, MarieThis paper introduces a new public key cryptosystem which is a variant of the ElGamal cryptosystem on an elliptic curve. To this end, we study the equations of type y2 = x3 + ax + b with a and b in Fq[ϵ] where ϵ2 = 0. When 4a3 + 27b2 is invertible in Fq[ϵ], they allow us to define new groups which seem to be good candidates for the ElGamal public key cryptosystem. The variant we introduce has the advantage to present no plaintext encoding problem. Moreover, it reaches security levels which are similar to the ElGamal cryptosystem on an elliptic curve.
- KonferenzbeitragEfficient electronic gambling: an extended implementation of the toolbox for mental card games(WEWoRC 2005 – Western European Workshop on Research in Cryptology, 2005) Stamer, HeikoThere are many wonderful protocols in cryptography which are still waiting for their realization. Here we consider efficient solutions for secure electronic card games. Our contribution seems to be the first known practical implementation that requires no trusted third-party and simultaneously keeps the players' strategies confidential. The provided open source library LibTMCG can be used for creating secure peer-to-peer games and furthermore for some unusual applications, e.g., secure multiparty computation or simple electronic voting schemes.
- KonferenzbeitragEntity recognition for sensor network motes (Extend abstracts)(Informatik 2005 – Informatik Live! Band 2, 2005) Lucks, Stefan; Zenner, Erik; Weimerskirch, André; Westhoff, DirkMessage authenticity (knowing "who sent this message") is an important security issue for sensor networks, and often difficult to solve. Sometimes, it may be sufficient and more efficient to solve the simpler entitiy recognition problem, instead: "is the message from the same entity that sent the previous messages?". This paper describes entity recognition for sensor network motes. A protocol presented at SAC 2003 [5] is shown to be insecure, and a new and provably secure protocol is proposed.
- KonferenzbeitragIssues on designing a cryptographic compiler(WEWoRC 2005 – Western European Workshop on Research in Cryptology, 2005) Lucks, Stefan; Schmoigl, Nico; Tatlı, Emin İslamFlawed implementations of security protocols is a major source of real world security problems. Typically, security protocols are specified in some "highlevel" way and may even be formally proven secure. Implementing them in practical (and comparatively low-level) source code has turned out to be error-prone. This paper introduces an experimental language for high-level protocol specifications and describes a tool to automatically compile source code from these specifications.
- KonferenzbeitragPublicly verifiable secret sharing from paillier's cryptosystem(WEWoRC 2005 – Western European Workshop on Research in Cryptology, 2005) Ruiz, Alexandre; Villar, Jorge L.In this paper we propose a simple PVSS scheme based on the homomorphic properties of Paillier's encryption scheme. This new scheme is the first known PVSS scheme based on the decisional composite residuosity assumption. The verification process in this scheme is much simpler than in the other known schemes. Furthermore, in our proposal, verification is made non-interactive without using the Fiat-Shamir technique or any additional Zero Knowledge proof.
- KonferenzbeitragRelated-cipher attacks on block ciphers with flexible number of rounds(WEWoRC 2005 – Western European Workshop on Research in Cryptology, 2005) Sung, Jaechul; Kim, Jongsung; Lee, Changhoon; Hong, SeokhieRelated-cipher attack was introduced by Hongjun Wu in 2002 [25]. We can consider related ciphers as block ciphers with the same round function but different number of rounds. This attack can be applied to related ciphers by using the fact that their key schedules do not depend on the total number of rounds. In this paper we introduce differential related-cipher attack on block ciphers, which combine related- cipher attack with differential cryptanalysis. We apply this attack to the block ciphers ARIA [15] and SC2000 [24]. Furthermore, related-cipher attack can be combined with other block cipher attacks such as linear cryptanalysis, higher-order differential crypt- analysis, and so on. With these combined attacks we also analyze some other block ciphers which use flexible number of rounds, SAFER++, CAST-128 and DEAL.