Results 1  10
of
1,386
Quantum Cryptanalysis of NTRU
, 2015
"... This paper explores some attacks that someone with a Quantum Computer may be able to perform against NTRUEncrypt, and in particular NTRUEncrypt as implemented by the publicly available library from Security Innovation. We show four attacks that an attacker with a Quantum Computer might be able to pe ..."
Abstract
 Add to MetaCart
This paper explores some attacks that someone with a Quantum Computer may be able to perform against NTRUEncrypt, and in particular NTRUEncrypt as implemented by the publicly available library from Security Innovation. We show four attacks that an attacker with a Quantum Computer might be able
Quantum cryptanalysis of hidden linear functions
 in Proceedings of Crypto’95, Lecture Notes in Comput. Sci. 963
, 1995
"... Abstract. Recently there has been a great deal of interest in the power of \Quantum Computers " [4, 15, 18]. The driving force is the recent beautiful result of Shor that shows that discrete log and factoring are solvable in random quantum polynomial time [15]. We use a method similar to Shor&a ..."
Abstract

Cited by 75 (0 self)
 Add to MetaCart
Abstract. Recently there has been a great deal of interest in the power of \Quantum Computers " [4, 15, 18]. The driving force is the recent beautiful result of Shor that shows that discrete log and factoring are solvable in random quantum polynomial time [15]. We use a method similar to Shor
Quantum Cryptanalysis of Hash and ClawFree Functions
 ACM Sigact News
, 1997
"... . We give a quantum algorithm that finds collisions in arbitrary rtoone functions after only O( 3 p N=r ) expected evaluations of the function, where N is the cardinality of the domain. Assuming the function is given by a black box, this is more efficient than the best possible classical algori ..."
Abstract

Cited by 36 (0 self)
 Add to MetaCart
. We give a quantum algorithm that finds collisions in arbitrary rtoone functions after only O( 3 p N=r ) expected evaluations of the function, where N is the cardinality of the domain. Assuming the function is given by a black box, this is more efficient than the best possible classical
Algorithms for Quantum Computation: Discrete Logarithms and Factoring
, 1994
"... A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a increase in computation time of at most a polynomial factor. It is not clear whether this is still true when quantum mechanics is taken into consi ..."
Abstract

Cited by 1103 (7 self)
 Add to MetaCart
of steps which is polynomial in the input size, e.g., the number of digits of the integer to be factored. These two problems are generally considered hard on a classical computer and have been used as the basis of several proposed cryptosystems. (We thus give the first examples of quantum cryptanalysis.) 1
A New Kind of Science
, 2002
"... “Somebody says, ‘You know, you people always say that space is continuous. How do you know when you get to a small enough dimension that there really are enough points in between, that it isn’t just a lot of dots separated by little distances? ’ Or they say, ‘You know those quantum mechanical amplit ..."
Abstract

Cited by 850 (0 self)
 Add to MetaCart
“Somebody says, ‘You know, you people always say that space is continuous. How do you know when you get to a small enough dimension that there really are enough points in between, that it isn’t just a lot of dots separated by little distances? ’ Or they say, ‘You know those quantum mechanical
Experimental Quantum Cryptography
 Journal of Cryptology
, 1992
"... We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: 1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; 2) by subsequent public discussion of the ..."
Abstract

Cited by 268 (20 self)
 Add to MetaCart
We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: 1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; 2) by subsequent public discussion
A Fuzzy Commitment Scheme
 ACM CCS'99
, 1999
"... We combine wellknown techniques from the areas of errorcorrecting codes and cryptography to achieve a new type of cryptographic primitive that we refer to as a fuzzy commitment scheme. Like a conventional cryptographic commitment scheme, our fuzzy commitment scheme is both concealing and binding: i ..."
Abstract

Cited by 327 (1 self)
 Add to MetaCart
We combine wellknown techniques from the areas of errorcorrecting codes and cryptography to achieve a new type of cryptographic primitive that we refer to as a fuzzy commitment scheme. Like a conventional cryptographic commitment scheme, our fuzzy commitment scheme is both concealing and binding: it is infeasible for an attacker to learn the committed value, and also for the committer to decommit a value in more than one way. In a conventional scheme, a commitment must be opened using a unique witness, which acts, essentially, as a decryption key. By contrast, our scheme is fuzzy in the sense that it accepts a witness that is close to the original encrypting witness in a suitable metric, but not necessarily identical. This characteristic of our fuzzy commitment scheme makes it useful for applications such as biometric authentication systems, in which data is subject to random noise. Because the scheme is tolerant of error, it is capable of protecting biometric data just as conventional cryptographic techniques, like hash functions, are used to protect alphanumeric passwords. This addresses a major outstanding problem in the theory of biometric authentication. We prove the security characteristics of our fuzzy commitment scheme relative to the properties of an underlying cryptographic hash function.
CAPTCHA: Using Hard AI Problems for Security
 IN PROCEEDINGS OF EUROCRYPT
, 2003
"... We introduce captcha, an automated test that humans can pass, but current computer programs can't pass: any program that has high success over a captcha can be used to solve an unsolved Artificial Intelligence (AI) problem. We provide several novel constructions of captchas. Since captchas ..."
Abstract

Cited by 324 (3 self)
 Add to MetaCart
We introduce captcha, an automated test that humans can pass, but current computer programs can't pass: any program that has high success over a captcha can be used to solve an unsolved Artificial Intelligence (AI) problem. We provide several novel constructions of captchas. Since captchas have many applications in practical security, our approach introduces a new class of hard problems that can be exploited for security purposes. Much like research in cryptography has had a positive impact on algorithms for factoring and discrete log, we hope that the use of hard AI problems for security purposes allows us to advance the field of Artificial Intelligence. We introduce two families of AI problems that can be used to construct captchas and we show that solutions to such problems can be used for steganographic communication. captchas
Cryptanalysis of the Hidden . . .
"... In this paper, we present an efficient cryptanalysis of the socalled HM cryptosystem which was published at Asiacrypt’1999, and one perturbed version of HM. Until now, this scheme was exempt from cryptanalysis. We first present a distinguisher which uses a differential property of the public key. T ..."
Abstract
 Add to MetaCart
In this paper, we present an efficient cryptanalysis of the socalled HM cryptosystem which was published at Asiacrypt’1999, and one perturbed version of HM. Until now, this scheme was exempt from cryptanalysis. We first present a distinguisher which uses a differential property of the public key
Results 1  10
of
1,386