Results 1  10
of
1,337
Reconstruction and Error Correction of RSA Secret Parameters from the MSB Side
, 2011
"... Abstract. This paper discusses the factorization of the RSA modulus when some ‘partial information ’ about the bits of the RSA secret parameters are known. Heninger and Shacham (Crypto 2009) considered the reconstruction of RSA secret parameters from a few randomly known bits, and Henecka, May and M ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. This paper discusses the factorization of the RSA modulus when some ‘partial information ’ about the bits of the RSA secret parameters are known. Heninger and Shacham (Crypto 2009) considered the reconstruction of RSA secret parameters from a few randomly known bits, and Henecka, May
The RC5 Encryption Algorithm
, 1995
"... Abstract. This document describes the RC5 encryption algorithm. RC5 is a fast symmetric block cipher suitable for hardware or software implementations. A novel feature of RC5 is the heavy use of datadependent rotations. RC5 has a variable word size, a variable number of rounds, and a variablelengt ..."
Abstract

Cited by 363 (7 self)
 Add to MetaCart
are each 2w bits long. r This is the number of rounds. Also, the expanded key table S contains t =2(r +1)words. Allowable values of r are 0, 1,..., 255. In addition to w and r, RC5 has a variablelength secret cryptographic key, speci ed parameters b and K: b The number of bytes in the secret key K
How to Choose Secret Parameters for RSA and its Extensions to Elliptic Curves
, 2001
"... Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA and its extensions to elliptic curves. Over elliptic curves, the analysis is more di#cult because ..."
Abstract
 Add to MetaCart
Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA and its extensions to elliptic curves. Over elliptic curves, the analysis is more di#cult because the underlying groups are not always cyclic.
How to Choose Secret Parameters for RSAtype Cryptosystems over Elliptic Curves
, 1997
"... . Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSAtype cryptosystems over elliptic curves. The analysis is more difficult because the underlying grou ..."
Abstract
 Add to MetaCart
. Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSAtype cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curvebased analogues, the length of the RSAmodulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSAtype cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSAtype systems over elliptic curves if a fixed point is found. Keywords: RSAtype cryptosystems, Cycling attacks, Elliptic curves, Strong primes. 1. Introd...
Truthful Mechanisms for OneParameter Agents
"... In this paper, we show how to design truthful (dominant strategy) mechanisms for several combinatorial problems where each agent’s secret data is naturally expressed by a single positive real number. The goal of the mechanisms we consider is to allocate loads placed on the agents, and an agent’s sec ..."
Abstract

Cited by 232 (3 self)
 Add to MetaCart
In this paper, we show how to design truthful (dominant strategy) mechanisms for several combinatorial problems where each agent’s secret data is naturally expressed by a single positive real number. The goal of the mechanisms we consider is to allocate loads placed on the agents, and an agent’s
Based on the work “Reconstruction from Random Bits and Error Correction of RSA Secret Parameters”, jointly done with
"... This extends and supplements the work of Heninger and Shacham [Crypto 2009] and that of Henecka, May and Meurer [Crypto 2010]. 2 of 30Contents of this talk ColdBoot attack a brief introduction ..."
Abstract
 Add to MetaCart
This extends and supplements the work of Heninger and Shacham [Crypto 2009] and that of Henecka, May and Meurer [Crypto 2010]. 2 of 30Contents of this talk ColdBoot attack a brief introduction
Efficient receiptfree voting based on homomorphic encryption
, 2000
"... Abstract. Voting schemes that provide receiptfreeness prevent voters from proving their cast vote, and hence thwart votebuying and coercion. We analyze the security of the multiauthority voting protocol of Benaloh and Tuinstra and demonstrate that this protocol is not receiptfree, opposed to what ..."
Abstract

Cited by 161 (0 self)
 Add to MetaCart
to what was claimed in the paper and was believed before. Furthermore, we propose the first practicable receiptfree voting scheme. Its only physical assumption is the existence of secret oneway communication channels from the authorities to the voters, and due to the public verifiability of the tally
Secret sharing made short
, 1988
"... Abstract. A wellknown fact in the theory of secret sharing schemes is that shares must be of length at least as the secret itself. However, the proof of this lower bound uses the notion of information theoretic secrecy. A natural (and very practical) question is whether one can do better for secret ..."
Abstract

Cited by 61 (0 self)
 Add to MetaCart
but m 1 shares give no (computational) information on the secret, in which shares corresponding to a secret S are of size $ plus a short piece of information whose length does not depend on the secret size but just in the security parameter. (The bound of 5 is clearly optimal if the secret
A simple publicly verifiable secret sharing scheme and its application to electronic voting
 In CRYPTO
, 1999
"... Abstract. A publicly verifiable secret sharing (PVSS) scheme is a verifiable secret sharing scheme with the property that the validity of the shares distributed by the dealer can be verified by any party; hence verification is not limited to the respective participants receiving the shares. We prese ..."
Abstract

Cited by 106 (1 self)
 Add to MetaCart
Abstract. A publicly verifiable secret sharing (PVSS) scheme is a verifiable secret sharing scheme with the property that the validity of the shares distributed by the dealer can be verified by any party; hence verification is not limited to the respective participants receiving the shares. We
Robust Threshold DSS Signatures
, 1996
"... . We present threshold DSS (Digital Signature Standard) signatures where the power to sign is shared by n players such that for a given parameter t ! n=2 any subset of 2t + 1 signers can collaborate to produce a valid DSS signature on any given message, but no subset of t corrupted players can forg ..."
Abstract

Cited by 146 (13 self)
 Add to MetaCart
. We present threshold DSS (Digital Signature Standard) signatures where the power to sign is shared by n players such that for a given parameter t ! n=2 any subset of 2t + 1 signers can collaborate to produce a valid DSS signature on any given message, but no subset of t corrupted players can
Results 1  10
of
1,337