Results 1  10
of
171
Software Implementation of Elliptic Curve Cryptography Over Binary Fields
, 2000
"... This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation. ..."
Abstract

Cited by 184 (10 self)
 Add to MetaCart
This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation.
Efficient arithmetic on Koblitz curves
 Designs, Codes, and Cryptography
, 2000
"... Abstract. It has become increasingly common to implement discretelogarithm based publickey protocols on elliptic curves over finite fields. The basic operation is scalar multiplication: taking a given integer multiple of a given point on the curve. The cost of the protocols depends on that of the ..."
Abstract

Cited by 91 (0 self)
 Add to MetaCart
(Show Context)
Abstract. It has become increasingly common to implement discretelogarithm based publickey protocols on elliptic curves over finite fields. The basic operation is scalar multiplication: taking a given integer multiple of a given point on the curve. The cost of the protocols depends on that of the elliptic scalar multiplication operation. Koblitz introduced a family of curves which admit especially fast elliptic scalar multiplication. His algorithm was later modified by Meier and Staffelbach. We give an improved version of the algorithm which runs 50 % faster than any previous version. It is based on a new kind of representation of an integer, analogous to certain kinds of binary expansions. We also outline further speedups using precomputation and storage.
A survey of algebraic properties used in cryptographic protocols
 JOURNAL OF COMPUTER SECURITY
"... Cryptographic protocols are successfully analyzed using formal methods. However, formal approaches usually consider the encryption schemes as black boxes and assume that an adversary cannot learn anything from an encrypted message except if he has the key. Such an assumption is too strong in general ..."
Abstract

Cited by 69 (20 self)
 Add to MetaCart
(Show Context)
Cryptographic protocols are successfully analyzed using formal methods. However, formal approaches usually consider the encryption schemes as black boxes and assume that an adversary cannot learn anything from an encrypted message except if he has the key. Such an assumption is too strong in general since some attacks exploit in a clever way the interaction between protocol rules and properties of cryptographic operators. Moreover, the executability of some protocols relies explicitly on some algebraic properties of cryptographic primitives such as commutative encryption. We give a list of some relevant algebraic properties of cryptographic operators, and for each of them, we provide examples of protocols or attacks using these properties. We also give an overview of the existing methods in formal approaches for analyzing cryptographic proto
RFIDtags for AntiCounterfeiting
 Topics in Cryptology  CTRSA 2006, volume 3860 of LNCS
, 2006
"... Abstract. RFIDtags are becoming very popular tools for identification of products. As they have a small microchip on board, they offer functionality that can be used for security purposes. This chip functionality makes it possible to verify the authenticity of a product and hence to detect and prev ..."
Abstract

Cited by 50 (5 self)
 Add to MetaCart
Abstract. RFIDtags are becoming very popular tools for identification of products. As they have a small microchip on board, they offer functionality that can be used for security purposes. This chip functionality makes it possible to verify the authenticity of a product and hence to detect and prevent counterfeiting. In order to be successful for these security purposes too, RFIDtags have to be resistant against many attacks, in particular against cloning of the tag. In this paper, we investigate how an RFIDtag can be made unclonable by linking it inseparably to a Physical Unclonable Function (PUF). We present the security protocols that are needed for the detection of the authenticity of a product when it is equipped with such a system. We focus on offline authentication because it is very attractive from a practical point of view. We show that a PUF based solution for RFIDtags is feasible in the offline case.
The Optimized Link State Routing Protocol version 2", draftietfmanetolsrv219
, 2013
"... draftdearlovemanetnhdpolsrv2tlvextension02 This specification describes extensions to definitions of TLVs used by the Optimized Link State Routing Protocol version 2 (OLSRv2) and the MANET Neighborhood Discovery Protocol (NHDP), to increase their abilities to accommodate protocol extensions. ..."
Abstract

Cited by 46 (13 self)
 Add to MetaCart
(Show Context)
draftdearlovemanetnhdpolsrv2tlvextension02 This specification describes extensions to definitions of TLVs used by the Optimized Link State Routing Protocol version 2 (OLSRv2) and the MANET Neighborhood Discovery Protocol (NHDP), to increase their abilities to accommodate protocol extensions. This document updates OLSRv2 and RFC6130. Status of this Memo This InternetDraft is submitted in full conformance with the provisions of BCP 78 and BCP 79. InternetDrafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as InternetDrafts. The list of current InternetDrafts is at
The insecurity of the elliptic curve digital signature algorithm with partially known nonces
 Design Codes Cryptography
, 2003
"... ..."
(Show Context)
SecureDAV: A secure data aggregation and verification protocol for sensor networks
 In Proceedings of the IEEE Global Telecommunications Conference
, 2004
"... Abstract — Sensor networks include nodes with limited computation and communication capabilities. One of the basic functions of sensor networks is to sense and transmit data to the end users. The resource constraints and security issues pose a challenge to information aggregation in large sensor net ..."
Abstract

Cited by 39 (0 self)
 Add to MetaCart
(Show Context)
Abstract — Sensor networks include nodes with limited computation and communication capabilities. One of the basic functions of sensor networks is to sense and transmit data to the end users. The resource constraints and security issues pose a challenge to information aggregation in large sensor networks. Bootstrapping keys is another challenge because public key cryptosystems are unsuitable for use in resourceconstrained sensor networks. In this paper, we propose a solution by dividing the problem in two domains. First, we present a protocol for establishing cluster keys in sensor networks using verifiable secret sharing. We chose elliptic curve cryptosystems for security because of their smaller key size, faster computations and reductions in processing power. Second, we develop a Secure Data Aggregation and Verification (SecureDAV) protocol that ensures that the base station never accepts faulty aggregate readings. Integrity check of the readings is done using Merkle Hash Trees avoiding overreliance on the clusterheads. I.
An Overview of Elliptic Curve Cryptography
, 2000
"... Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established publickey systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact t ..."
Abstract

Cited by 36 (3 self)
 Add to MetaCart
Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established publickey systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact that there is no subexponential algorithm known to solve the discrete logarithm problem on a properly chosen elliptic curve. This means that significantly smaller parameters can be used in ECC than in other competitive systems such RSA and DSA, but with equivalent levels of security. Some benefits of having smaller key sizes include faster computations, and reductions in processing power, storage space and bandwidth. This makes ECC ideal for constrained environments such as pagers, PDAs, cellular phones and smart cards. The implementation of ECC, on the other hand, requires several choices such as the type of the underlying finite field, algorithms for implementing the finite field arithmetic and so on. In this paper we give we presen an selective overview of the main methods.
Pgp in constrained wireless devices
 in Proceedings of the 9th USENIX Security Symposium
, 2000
"... Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. ..."
Abstract

Cited by 35 (2 self)
 Add to MetaCart
(Show Context)
Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein.
On the Security of TLSDHE in the Standard Model
, 2013
"... TLS is the most important cryptographic protocol in use today. However, up to now there is no complete cryptographic security proof in the standard model, nor in any other model. We give the first such proof for the core cryptographic protocol of TLS ciphersuites based on ephemeral DiffieHellman ke ..."
Abstract

Cited by 32 (6 self)
 Add to MetaCart
TLS is the most important cryptographic protocol in use today. However, up to now there is no complete cryptographic security proof in the standard model, nor in any other model. We give the first such proof for the core cryptographic protocol of TLS ciphersuites based on ephemeral DiffieHellman key exchange (TLSDHE), which include the cipher suite TLS DHE DSS WITH 3DES EDE CBC SHA mandatory in TLS 1.0 and TLS 1.1. It is impossible to prove security of the TLS Handshake in any classical keyindistinguishabilitybased security model (like e.g. the BellareRogaway or the CanettiKrawczyk model), due to subtle issues with the encryption of the final Finished messages of the TLS Handshake. Therefore we start with proving the security of a truncated version of the TLS Handshake protocol, which has also been considered in previous work on TLS. Then we define the notion of authenticated and confidential channel establishment (ACCE) as a new security model which captures precisely the security properties expected from TLS in practice, and show that the combination of the TLS Handshake protocol with the TLS Record Layer can be proven secure