Results 1  10
of
17
A randomized protocol for signing contracts
, 1990
"... Two parties, A and B, want to sign a contract C over a communication network. To do so, they must “simultaneously” exchange their commitments to C. Since simultaneous exchange is usually impossible in practice, protocols are needed to approximate simultaneity by exchanging partial commitments in pie ..."
Abstract

Cited by 599 (11 self)
 Add to MetaCart
Two parties, A and B, want to sign a contract C over a communication network. To do so, they must “simultaneously” exchange their commitments to C. Since simultaneous exchange is usually impossible in practice, protocols are needed to approximate simultaneity by exchanging partial commitments in piece by piece manner. During such a protocol, one party or another may have a slight advantage; a “fair” protocol keeps this advantage within acceptable limits. We present a new protocol that is fair in the sense that, at any stage in its execution, the conditional probability that one party cannot commit both parties to the contract given that the other party can, is close to zero. This is true even if A and B have vastly different computing powers, and is proved under very weak cryptographic assumptions. Our protocol has the following additional properties: 4 during the procedure the parties exchange probadilistic options for committing both parties to the contract; the protocol never terminates in an asymmetric situation where party A knows that party B is committed to the contract while he is not; the protocol makes use of a weak form of a third party (judge). If both A and B are honest, the judge will never be called upon. Otherwise, the judge rules by performing a simple computation. No bookkeeping is required of the judge.
Pseudorandom number generation within cryptographic algorithms: the dss case
 in Proceedings of advances in cryptology’97, Lecture Notes in Computer Science
, 1997
"... The DSS signature algorithm requires the signer to generate a new random number with every signature. We show that if random numbers for DSS are generated using a linear congruential pseudorandom number generator (LCG) then the secret key can be quickly recovered after seeing a few signatures. This ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
The DSS signature algorithm requires the signer to generate a new random number with every signature. We show that if random numbers for DSS are generated using a linear congruential pseudorandom number generator (LCG) then the secret key can be quickly recovered after seeing a few signatures. This illustrates the high vulnerability of the DSS to weaknesses in the underlying random number generation process. It also con rms, that a sequence produced by LCG is not only predictable as has been known before, but should be used with extreme caution even within cryptographic applications that would appear to protect this sequence. The attack we present applies to truncated linear congruential generators as well, and can be extended to any pseudo random generator that can be described via modular linear equations.
Complexity and Security of Distributed Protocols
, 1993
"... This thesis addresses the topic of secure distributed computation, a general and powerful tool for balancing cooperation and mistrust among independent agents. We study many related models, which differ as to the allowable communication among agents, the ways in which agents may misbehave, and the c ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
This thesis addresses the topic of secure distributed computation, a general and powerful tool for balancing cooperation and mistrust among independent agents. We study many related models, which differ as to the allowable communication among agents, the ways in which agents may misbehave, and the complexity (cryptographic) assumptions that are made. We present new protocols, both for general secure computation (i.e., of any function over a finite domain) and for specific tasks (e.g., electronic money). We investigate fundamental relationships among security needs and various resource requirements, with an emphasis on communication complexity. A number of mathematical methods are employed for our investigations, including algebraic, graphtheoretic, and cryptographic techniques.
Varieties of Secure Distributed Computing
 In Proceedings of Sequences II, Methods in Communications, Security and Computer Science
, 1996
"... this paper, we will see solutions to the Fortune 500 problem (or any other computational problem) that assume nothing more than that each company trusts that there are at least 333 other companies that will not betray it (plus secure phone lines). Other solutions show that if conferencecalling is a ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
this paper, we will see solutions to the Fortune 500 problem (or any other computational problem) that assume nothing more than that each company trusts that there are at least 333 other companies that will not betray it (plus secure phone lines). Other solutions show that if conferencecalling is also allowed, then each company need only assume that 250 other companies are honest. Still other solutions need only assume that the Chief Number Theorist of each company certifies that certain problems (such as quadratic residuosity) will remain intractable for as long as its financial information remains sensitive. Results in the field can be divided into two main categories: protocols and complexity results. Protocols can be divided into two main categories: cryptographic and noncryptographic. Cryptographic protocols can be divided into two main categories: twoparty protocols and multiparty protocols. These are the lines along which the bulk of this paper is organized.
I forgot your password: randomness attacks against php applications
 In USENIX, Security’12, page 6. USENIX Association
, 2012
"... We provide a number of practical techniques and algorithms for exploiting randomness vulnerabilities in PHP applications.We focus on the predictability of password reset tokens and demonstrate how an attacker can take over user accounts in a web application via predicting or algorithmically derandom ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
We provide a number of practical techniques and algorithms for exploiting randomness vulnerabilities in PHP applications.We focus on the predictability of password reset tokens and demonstrate how an attacker can take over user accounts in a web application via predicting or algorithmically derandomizing the PHP core randomness generators. While our techniques are designed for the PHP language, the principles behind our techniques and our algorithms are independent of PHP and can readily apply to any system that utilizes weak randomness generators or low entropy sources. Our results include: algorithms that reduce the entropy of time variables, identifying and exploiting vulnerabilities of the PHP system that enable the recovery or reconstruction of PRNG seeds, an experimental analysis of the H˚astadShamir framework for breaking truncated linear variables, an optimized online Gaussian solver for large sparse linear systems, and an algorithm for recovering the state of the Mersenne twister generator from any level of truncation. We demonstrate the gravity of our attacks via a number of case studies. Specifically, we show that a number of current widely used web applications can be broken using our techniques including Mediawiki, Joomla, Gallery, osCommerce and others.
Secure verifiable noninteractive oblivious transfer protocol using RSA and Bit commitment on distributed environment
 FUTURE GENERATION COMPUTER SYSTEMS
, 2006
"... ..."
Nonce Generation For The Digital Signature Standard
 International Journal of Network Security
, 2010
"... Digital Signature Algorithm (DSA) is an underlying algorithm to form a signature in the Digital Signature Standard (DSS). DSA uses a new random number (or nonce) each time a signature is generated for a message. In this paper, we present a Linear Congruential Generator (LCG) based approach to gene ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Digital Signature Algorithm (DSA) is an underlying algorithm to form a signature in the Digital Signature Standard (DSS). DSA uses a new random number (or nonce) each time a signature is generated for a message. In this paper, we present a Linear Congruential Generator (LCG) based approach to generate nonce for DSS. LCG has been shown to be insecure for nonce generation. If two messagesignature pairs are known along with the parameters of the LCG used to generate the nonce then the private key in the signature scheme can be found, with high probability, by solving three congruences over different moduli. We use a comparison of the output of two LCGs to generate the nonces and show that our approach is secure. We also show that coupled multiple recursive generators which are similar to LCGs are also safe for nonce generation. Congruences can no longer be set up to solve for the private key. The advantage of LCG based schemes for pseudorandom number generation is their efficiency.