J. Bos and M. Coster, Addition chain heuristics, Advances in Cryptology; Proceedings of Crypto '89, G. Brassard, ed., Lecture Notes in Computer Science 435, Springer-Verlag, NY (1990), 400-407.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....as that of P. Montgomery [32] or methods using precomputed tables [2] that offer substantial speedups in modular multiplication over standard algorithms. One can also use addition chain methods [21] to carry out modular exponentiation with fewer modular multiplications than the usual method. See [6] for some recent work on this. The survey paper [8] discusses these and related methods. Another approach is to use variants of the system that require fewer modular multiplications. One way to do this is to use secret keys m that are relatively short (say m of 150 bits) Another, somewhat ....

J. Bos and M. Coster, Addition chain heuristics, Advances in Cryptology; Proceedings of Crypto '89, G. Brassard, ed., Lecture Notes in Computer Science 435, Springer-Verlag, NY (1990), 400-407.

....and S obtains the global sum S 2h 1 . 2] S uses the first n global sums, S 1 , S 3 , S 2n 1 , to compute a set Y = y 1 , y l F with l n such that S 2h 1 = y 1 2h 1 . y l 2h 1 for h = 1, n. Any such set is called a solution. The algorithm is described in [BB90, B71, R80]; it has a security parameter g and an error probability of at most 2 g . If this worked and if S 2h 1 = y 1 2h 1 . y l 2h 1 also holds for h = n 1, 2n, S locally outputs Y as the set of received messages. Otherwise it broadcasts a complaint message. 3] If S has broadcast ....

....of P i , it locally outputs i faulty . If two processors P i , P i do not agree on their common DC key K i,i , then P j outputs (i, i ) faulty . If P j finds neither a faulty processor nor a faulty key, it outputs S faulty . Power sums were first used to reconstruct individual messages in [BB90], but only the first n of them were used and thus faults could not be detected. A different mechanism to detect faults is used in [CR91] but its security is not proven and it is not more efficient than ours in the given application. Once a fault has been detected, the localization of a faulty ....

[Article contains additional citation context not shown here]

Jurjen Bos, Bert den Boer: Detection of Disrupters in the DC Protocol; Proc. Eurocrypt '89, Lecture Notes in Computer Science 434, Springer-Verlag, Berlin, 1990, pp. 320-327.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC