Blinding Self-Certified Key Issuing Protocols Using Elliptic Curves

Size: px
Start display at page:

Download "Blinding Self-Certified Key Issuing Protocols Using Elliptic Curves"

Transcription

1 Blinding Self-Certified Key Issuing Protocols Using Elliptic Curves Billy Bob Brumley Helsinki University of Technology Laboratory for Theoretical Computer Science Abstract Self-Certified keys provide an attractive alternative to traditional certificate-based public key infrastructures. Many self-certified key issuing protocols strive to blind trusted third parties to users private keys. One such key issuing protocol is based on the Nyberg-Rueppel signature scheme, but requires a proof of knowledge to avoid impersonation attacks. This paper describes a version of this protocol that uses elliptic curves and eliminates the impersonation attacks and the proof of knowledge. KEYWORDS: elliptic curve cryptography, identity-based cryptography, self-certified keys, key issuing protocols 1 Introduction In traditional certificate-based public key infrastructures, a user s public key is authenticated by means of a trusted third party s (TTP 1 ) explicit signature on the public key. Self- Certified keys [6] are an efficient alternative in which the user s public key is extracted using the identity of the user and TTP s signature on this identity. addresses and IP addresses are two good examples of identities. Self-certified keys are related to identity-based cryptography [16]. Unfortunately, many self-certified schemes suffer from the key escrow problem, meaning that TTP gains access to the user s private key as well. Avoiding this problem is a desirable property of self-certified key issuing protocols [15]. Related Work. Ateniese et al. [1] presented a selfcertified, identity-based (SCID) scheme which uses multiplicative groups and is based on the Nyberg-Rueppel signature scheme [14]. While a solution was presented to the key escrow problem by blinding TTP to the user s private key, this solution is susceptible to impersonation attacks and requires a proof of knowledge to be used securely. Contributions. The blind key issuing protocol using elliptic curve groups is presented, which does not require a proof of knowledge and is not susceptible to impersonation This work was supported in part by the project Packet Level Authentication funded by TEKES. Thanks to Prof. Kaisa Nyberg for suggestions and comments. Additionally, the author gratefully acknowledges those involved in the PLA project. Additional thanks goes to Tuomas Kivinen for useful comments. 1 The trusted third party will henceforth be referred to as the entity TTP. attacks. Eliminating the proof of knowledge is shown to reduce the complexity of the key issuing protocol. Applications. Self-certified keys and identity-based schemes are well-suited for dynamic networks, where efficient and compact authentication is needed (for example, [4]). Elliptic curves also provide small key and signature sizes, which can be an advantageous feature in dynamic networks. 2 Background Authentication is an important facet of computer security. Digital signatures are a common way of providing such authentication on networks. This section contains a brief review of digital signatures, self-certified keys, and trust. These concepts are helpful in fully understanding the contributions of this paper. 2.1 The Nyberg-Rueppel Signature Scheme The Nyberg-Rueppel signature scheme is a variation of the ElGamal scheme [5] and similarly based on the Discrete Log Problem: given a generator g of large prime order and an element g k, finding k is infeasible. The Nyberg-Rueppel scheme is one of the few schemes present in many popular standards [9]. A version using multiplicative groups is outlined below; H is a collision-resistant hash function. Setup. Primes r, q such that r (q 1) are chosen, as well as a generator g of order r. Keygen. Alice generates a private key s and public key w by computing w = g s (mod q), where s Z r. (1) Sign. To generate a signature (c, d) on a message m, Alice calculates c = H(m)g k (mod q), where k R Z r d = k sc (mod r). (2) Verify. To verify the signature (c, d) on the message m, Bob checks that H(m) = cg d w c (mod q). (3)

2 This computation is consistent: cg d w c = H(m)g k g k sc g sc = H(m)g k k sc+sc = H(m) The main operation for signing and verifying is modular exponentiation, which can be computed very efficiently using the Square-and-Multiply Method [11]. If two messages have the same hash value, existential forgery is possible. The signature of the former message can be attached to latter message, which the user may not have signed. But since the hash values are the same, the signature will still verify. This is the reason H must be collisionresistant. Certificates provide a method for verifying public keys. Certificates are generated by TTP by signing the user s public key. This is a common type of Public Key Infrastructure (PKI). While this does provide a method for verifying the included public key, it requires the certificate to be transmitted with signed messages, causing excess storage and computation requirements. 2.2 Self-Certified Keys Self-certified keys are an efficient alternative to certificatebased PKI. Instead of verifying public keys using an explicit signature on a user s public key, the public key is extracted directly from TTP s signature on the user s identity. This reduces the storage and computational requirements. While the extracted public key cannot be explicitly verified, resulting signatures will not verify unless the extracted key is authentic. If the message signature fails to verify, it is unknown whether the user s signature on the message is invalid or the extracted public key is invalid (or both). 2.3 Trust The concept of a trusted third party can be fairly vague when discussing self-certified keys. To better define the notion of trust, Girault [6] introduced three distinct trust levels. Trust Level 1. TTP knows the user s private key and can therefore impersonate the user without being detected. Trust Level 2. TTP does not know the user s private key, but can still impersonate the user without being detected. Trust Level 3. TTP does not know the user s private key, but can impersonate the user. However, such impersonation can be detected. Detected means that if TTP tries to impersonate a user, the user can prove it; for example, providing two different signatures from TTP on the same identity. Trust Level 1 is inadequate for many reasons, one being that it usually requires a secure key escrow. Reaching Trust Level 3 is generally the goal; consider the following scenario. An Internet Service Provider (ISP, the user s TTP) charges based on bandwidth usage. Each packet is digitally signed by the user, providing assurance that the ISP is billing in an honest manner. If the ISP can impersonate the user in an undetectable manner, the ISP can generate false traffic from the user to increase the charges. Trust Levels 1 and 2 are therefore inadequate. This is just one example of why Trust Level 3 is desirable. 3 A Nyberg-Rueppel SCID Scheme A SCID scheme based on the Nyberg-Rueppel signature scheme was presented in [1] where the focus is on provable security. As such, exponentiation of separate generators to the power of the hash values from H takes place. No such exponentiation is present here, as the focus is on efficiency and practicality. While it was noted that elliptic curve groups provide an efficient setting, all of the notation therein is for multiplicative groups. The scheme is presented below. Let k (i) be random integers in Z r. Setup. Primes r, q such that r (q 1) are chosen, as well as a generator g of order r. TTP generates a private key s T and public key w T using (1). Keygen. To generate a key pair on user Alice s identity ID A, TTP calculates r A = g k (mod q) s A = k s T r A (mod r) (4) and escrows (r A, s A ) to Alice. Extract. To extract Alice s public key w A = g sa on identity ID A given public value r A, Bob calculates w A = H(ID A) w ra D r A (mod q) (5) The key issuing protocol Keygen only reaches Trust Level 1. Note that (r A, s A ) is simply a Nyberg-Rueppel signature by TTP on the message ID A. Alice s private key is s A while r A is used by other users to reconstruct Alice s public key as shown in Extract. The public key is correct: w ra D r A = g st ra g k = 1 g k sa+k = gsa As with Nyberg-Rueppel signatures, existential forgery is still possible. In this case, if two users have identities that hash to the same value, they can impersonate the other user. 3.1 A More Secure Key Issuing Protocol A key issuing protocol that reaches Trust Level 3 was also presented in [1] and appears below. Keygen. The following protocol is used to generate a key pair on user Alice s identity ID A. TTP Alice: g ka (mod q) Alice TTP: CHAL TTP Alice: SIG ka (CHAL) TTP: V ER g k A (SIG ka (CHAL)) { r A = g ka g kt (mod q) Alice TTP: s A = k T x T r A (mod r) (6)

3 Alice s private key is s A = s A k A (mod r). The public key g sa extracts correctly: g xt ra g ka g kt = 1 g kt sa+sa sa+kt = gsa The first few steps of the protocol involves a proof of knowledge by Alice. This is done to prevent impersonation attacks as described below. TTP issues a challenge message CHAL. Alice then signs this message using key k A and TTP verifies this signature using key g ka P Q -R R 3.2 Impersonation Attacks The threat of an impersonation attack was noted in [1]. However, it is not immediately clear how the attack is carried out, as different generators are used in exponentiation to the power of the hashes. As mentioned, no such exponentiation takes place here; for this case, the attack it is outlined below. Consider a malicious user Malice attempting to obtain a valid signature from TTP on Alice s identity using (6) where no proof of knowledge is performed. Malice (identity ID M ) needs to choose some difference d such that dg ka g kt H(ID M ) = g ka g kt d = H(ID A) H(ID M ). (7) That is, Malice can choose parameters in the following manner. TTP Malice: gka (mod q) H(ID M ) r A = gk A H(ID A)g k T H(ID M) Scalar multiplication, H(ID M) (mod q) Malice TTP: = g ka g kt s A = k T x T r A (mod r) (8) kp = Malice now has a valid signature from TTP on Alice s identity and can freely impersonate Alice. To use this protocol securely, the user must prove knowledge of the discrete log of g ka to the base g (given g ka, the user proves that k A is known) as shown in (6). 4 Using Elliptic Curves Elliptic curves are defined by their Weierstrass equation: y 2 = x 3 + ax + b. (9) Taken over R, these curves have the interesting property that given two points P, Q such that P Q, the line between them intersects the curve at exactly one other point. The reflection of this point on the x-axis is also on the curve, R. This operation is called point addition, denoted P + Q = R. If P = Q, the line tangent to the curve at P is used. In this case, the operation is called point doubling, denoted 2P = R. Algebraically, these points form an abelian group. In cryptography [13, 12], these curves are defined over a finite field F q, where q = p (a prime finite field) or q = 2 m (a binary finite field 2 ) [9]. That is, all x, y F q. 2 The elliptic curve and point addition equations are slightly different when using binary fields Figure 1: Elliptic curve y 2 = x 3 x over R. Point addition and doubling. The sum of two points P = (x 1, y 1 ) and Q = (x 2, y 2 ) is calculated as follows. x 3 = λ 2 x 1 x 2 y 3 = λ(x 1 x 3 ) y 1, where (10) y 2 y 1 if P Q x λ = 2 x 1 3x a if P = Q 2y 1 Note that λ is the slope. This calculation is largely dominated by the cost of the single field inversion present. denoted kp, is the elliptic curve analogue of exponentiation. It is used to compute k multiples of a point. k times { }} { P + P P This can be carried out efficiently by combining point additions and doublings using the Double-and-Add Method (Alg. 1), which is analogous to the square-and-multiply method for exponentiation. As with exponentiation, There are much more efficient methods [7]. Algorithm 1: Scalar multiplication, Double-and-Add. Input: integer k, point P E(F q ) Output: kp Q /* identity element */ while k > 0 do if k is odd then Q Q + P /* k & 1 */ k k/2 /* right shift by one */ P 2P /* point doubling */ end return Q Digital signatures using elliptic curves. Most digital signature schemes that use multiplicative groups (including El- Gamal variations) can also use elliptic curve groups. Table 1 from [9] outlines the analogous operations and settings. In

4 practice, an elliptic curve E is used with a base point generator G of prime order r. It is very difficult to solve the Elliptic Curve Discrete Log Problem: given the generator G of large prime order and some other point kg, finding k is infeasible. Multiplicative Groups Elliptic Curve Groups Setting F q curve E over F q Basic operation multiplication in F q addition of points Main operation exponentiation scalar multiplication Base element generator g base point G Base element order prime r prime r Private key s (integer mod r) s (integer mod r) Public key w (element of F q) W (point on E) Table 1: Elliptic curve and multiplicative group analogues. Elliptic curves are often used when small public keys and signatures are needed. Table 2 from [10] shows an equivalent level of security; using elliptic curve cryptography (ECC) requires much fewer bits. Symmetric ECC DSA/RSA Table 2: Comparable key sizes (in bits). Point compression. Public keys (or any point on E, a group element) are made up of (x, y) coordinates, but the y- coordinate can be compressed; given an x-coordinate, there are either two or zero solutions to (9). Therefore, it suffices to store x and a compression bit b (determines which solution to take). This point compression is accomplished using the function COMPRESS. Point decompression. DECOMPRESS yields a point P given x and compression bit b. The complexity depends on the underlying field. In the prime case, this involves computing a square root in a prime field, not a trivial operation. In the binary case, a quadratic equation is solved. This depends on the representation of the binary field elements. When using a normal basis representation, this is accomplished very quickly and involves only a few field multiplications and some bit rotations. For more on the basics of ECC, see [8]. 4.1 An Elliptic Curve SCID Scheme The SCID scheme (Sec. 3) as well as the blind key issuing protocol (6) can be modified to use elliptic curve groups. The analogous steps are presented below, with minor modifications 3. The proof of knowledge is not performed. Setup. Elliptic curve E is chosen with base point generator G of prime order r where r #E. TTP generates a domain private key s T R Z r and domain public key W T = s T G. 3 Some signs have been changed. This does not affect the principles. Also, the point k A G can be compressed if needed. TTP then publishes W T. Keygen. The following protocol (elliptic curve analogue of (6)) is used to generate a key pair on user Alice s identity ID A. It reaches Trust Level 3. TTP Alice: k A G TTP: (r A, b A ) = COMPRESS(k A G + k T G) r A = r A + s A = k T r A s T (mod r) Alice TTP: (r A, b A, s A ) (11) Alice s private key is s A = k A + s A (mod r). Extract. To extract Alice s public key W A = s A G on identity ID A given public values (r A, b A ), Bob calculates W A = DECOMPRESS(r A, b A ) r A W T (12) The extracted public key is correct (W A = s A G): W A = DECOMPRESS(r A, b A ) r A W T = DECOMPRESS(r A +, b A ) r A W T = k A G + k T G r A s T G = (k A + k T r A s T )G = (k A + s A )G = s A G 4.2 Attempting Impersonation Attacks Consider Malice attempting to obtain a valid signature from TTP on Alice s identity using (11). Malice must send an element of the group; more specifically, a point in the main subgroup (a multiple of the point G). TTP can and should verify this. As in (7), Malice needs to choose some difference d such that [(k A + d)g + k T G] x + H(ID M ) = [k A G + k T G] x +. (13) This seems to be very unlikely, as Malice does not know TTP s random value k T. 5 Results & Conclusions In an attempt to quantify the likelihood of impersonation success, an experiment was run using an implementation in Java. As such an experiment requires every point on the curve to be computed, only small, toy curves can be examined, as standard curves for cryptographic use have too many points. A few different curves over prime fields were examined. The results suggest the probability of impersonation success is extremely low, only slightly higher than guessing a private key on the curve. This suggests that as the size of the curve increases, the probability of success of such an impersonation attack shrinks to an insignificant amount. Table 3 compares the storage and computation requirements when verifying message signatures using traditional certificate-based PKI and when using self-certified keys. Not only is there one less elliptic scalar multiplication (ESM) present, but the three can be done simultaneously [3] very efficiently. In conclusion, a modification to an existing blind selfcertified key issuing protocol has been presented for use with

5 Certificate-Based PKI Self-Certified signature (2r) signature (2r) public key (q + 1) self-certified public key (q + 1) TTP signature on public key (2r) - verify public key (2 ESM s) extract public key (1 ESM) verify signature (2 ESM s) verify signature (2 ESM s) Table 3: Storage and computation requirements. elliptic curves (11). This is much less complex than its multiplicative group analogue (6), as no proof of knowledge is needed. 5.1 Future Work Although experimental results suggest impersonation is not a serious threat in (11), the true upper-bound on the probability of impersonation success is an open question. Future work is planned. In the area of small and short signatures, probably the most active area of research is pairing-based cryptography [2], which also uses elliptic curves. However, pairings are generally considered much more expensive to compute than scalar multiplications. Efficient settings and methods for calculating pairings could be a topic of research. References [1] G. Ateniese and B. de Medeiros. A provably secure Nyberg-Rueppel signature variant with applications. Cryptology eprint Archive, Report 2004/093, [2] D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. In ASIACRYPT 01: Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security, pages , London, UK, Springer- Verlag. [8] D. Hankerson, A. Menezes, and S. Vanstone. Guide to elliptic curve cryptography. Springer, New York, [9] IEEE. Standard specifications for public-key cryptography. Technical Report P1363 / D13, Institute of Electrical and Electronics Engineers (IEEE), November [10] IETF. ECC cipher suites for TLS. Technical report, TLS Working Group, Internet Engineering Task Force (IETF), October [11] D. E. Knuth. The Art of Computer Programming: Seminumerical Algorithms, volume 2. Addison- Wesley, Reading, MA, 3rd edition, [12] N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48: , [13] V. S. Miller. Use of elliptic curves in cryptography. In CRYPTO 85: Advances in Cryptology, pages , London, UK, Springer-Verlag. [14] K. Nyberg and R. A. Rueppel. A new signature scheme based on the DSA giving message recovery. In CCS 93: Proceedings of the 1st ACM conference on Computer and communications security, pages 58 61, New York, NY, USA, ACM Press. [15] H. Petersen and P. Horster. Self-Certified Keys: Concepts and Applications. In Proceedings of the Third International Conference on Communications and Multimedia Security, pages , London, Chapman & Hall. [16] A. Shamir. Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO 84 on Advances in cryptology, pages 47 53, New York, NY, USA, Springer-Verlag New York, Inc. [3] B. B. Brumley. Efficient three-term simultaneous elliptic scalar multiplication with applications. In V. Fåk, editor, Proceedings of the 11th Nordic Workshop on Secure IT Systems (NordSec 2006), pages , Linköping, Sweden, [4] C. Candolin, J. Lundberg, and H. Kari. Packet level authentication in military networks. In Proceedings of the 6th Australian Information Warfare & IT Security Conference, Geelong, Australia, November [5] T. ElGamal. A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory, IT-31(4): , [6] M. Girault. Self-certified public keys. In D. W. Davies, editor, Advances in Cryptology - EuroCrypt 91, pages , Berlin, Springer-Verlag. Lecture Notes in Computer Science Volume 547. [7] D. M. Gordon. A survey of fast exponentiation methods. J. Algorithms, 27(1): , 1998.

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,

More information

Generalized ID-Based ElGamal Signatures with Message Recovery

Generalized ID-Based ElGamal Signatures with Message Recovery Generalized ID-Based ElGamal Signatures with Message Recovery Said Kalkan Email: skalkan@cs.bilkent.edu.tr Kamer Kaya Email: kamer@cs.bilkent.edu.tr Ali Aydın Selçuk Email: selcuk@cs.bilkent.edu.tr Abstract

More information

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

More information

Implementation of Elliptic Curve Digital Signature Algorithm

Implementation of Elliptic Curve Digital Signature Algorithm Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India

More information

A New Secure and Efficient Elliptic. Curve Cryptosystem

A New Secure and Efficient Elliptic. Curve Cryptosystem Applied Mathematical Sciences, Vol. 6, 2012, no. 112, 5573-5579 A New Secure and Efficient Elliptic Curve Cryptosystem E. S. Ismail School of Mathematical Sciences, Faculty of Science and Technology Universiti

More information

Generalized ID-Based Blind Signatures From Bilinear Pairings

Generalized ID-Based Blind Signatures From Bilinear Pairings Generalized ID-Based Blind Signatures From Bilinear Pairings Said Kalkan Department of Computer Engineering Bilkent University Ankara, 06800, Turkey Email: skalkan@cs.bilkent.edu.tr Kamer Kaya Department

More information

A New Generic Digital Signature Algorithm

A New Generic Digital Signature Algorithm Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

More information

Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10

Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10 with Embedding Degree 10 University of California, Berkeley, USA ANTS-VII, 2006 Outline 1 Introduction 2 The CM Method: The Basic Construction The CM Method: Generating Families of Curves 3 Outline 1 Introduction

More information

Secure Key Issuing in ID-based Cryptography

Secure Key Issuing in ID-based Cryptography Secure Key Issuing in ID-based Cryptography Byoungcheon Lee 1,2 Colin Boyd 1 Ed Dawson 1 Kwangjo Kim 3 Jeongmo Yang 2 Seungjae Yoo 2 1 Information Security Research Centre, Queensland University of Technology,

More information

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013 FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Generalized ID-Based ElGamal Signatures

Generalized ID-Based ElGamal Signatures Generalized ID-Based ElGamal Signatures Said Kalkan Department of Computer Engineering Bilkent University Ankara, 06800, Turkey Email: skalkan@cs.bilkent.edu.tr Kamer Kaya Department of Computer Engineering

More information

A new attack on the KMOV cryptosystem

A new attack on the KMOV cryptosystem A new attack on the KMOV cryptosystem Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France abderrahmane.nitaj@unicaen.fr Abstract In this paper, we analyze the security

More information

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

More information

An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood

An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of public-key cryptography is its dependence on a public-key infrastructure

More information

A Factoring and Discrete Logarithm based Cryptosystem

A Factoring and Discrete Logarithm based Cryptosystem Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

More information

Elliptic Curve Cryptography

Elliptic Curve Cryptography Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first

More information

Elliptic Curve Cryptography

Elliptic Curve Cryptography Elliptic Curve Cryptography Introduction Computations on Elliptic Curves The Elliptic Curve Diffie-Hellman Protocol Security Aspects Implementation in Software and Hardware Motivation Problem: Asymmetric

More information

Public Key Cryptography Alternative Models

Public Key Cryptography Alternative Models Public Key Cryptography Alternative Models Denise H. Goya, Vilc Q. Rufino 1 Departamento de Ciência da Computação Instituto de Matemática e Estatística Universidade de São Paulo (USP), SP - Brasil {dhgoya,vilc}@ime.usp.br

More information

Digital Signature. Raj Jain. Washington University in St. Louis

Digital Signature. Raj Jain. Washington University in St. Louis Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

More information

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

More information

An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method

An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method E.Sathiyamoorthy 1, S.S.Manivannan 2 1&2 School of Information Technology and Engineering

More information

Cryptography. Discrete-log and elliptic-curve cryptography. Jean-Sébastien Coron. May 15, Université du Luxembourg

Cryptography. Discrete-log and elliptic-curve cryptography. Jean-Sébastien Coron. May 15, Université du Luxembourg Discrete-log and elliptic-curve cryptography Université du Luxembourg May 15, 2014 Discrete-log based cryptography Discrete-log based group The multiplicative group Z p Discrete-log based cryptosystems

More information

Improvement of digital signature with message recovery using self-certified public keys and its variants

Improvement of digital signature with message recovery using self-certified public keys and its variants Applied Mathematics and Computation 159 (2004) 391 399 www.elsevier.com/locate/amc Improvement of digital signature with message recovery using self-certified public keys and its variants Zuhua Shao Department

More information

The ECDSA and ECQV Certificates. Scott A. Vanstone Professor of Mathematics, University of Waterloo

The ECDSA and ECQV Certificates. Scott A. Vanstone Professor of Mathematics, University of Waterloo The ECDSA and ECQV Certificates Scott A. Vanstone Professor of Mathematics, University of Waterloo 1 Agenda Introduction Digital Signatures Types of Signature Schemes ECDSA ECQV Composition of ECDSA and

More information

An Approach to Shorten Digital Signature Length

An Approach to Shorten Digital Signature Length Computer Science Journal of Moldova, vol.14, no.342, 2006 An Approach to Shorten Digital Signature Length Nikolay A. Moldovyan Abstract A new method is proposed to design short signature schemes based

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Hash functions. hash function. hash. function

Hash functions. hash function. hash. function Hash functions - definition and properties - birthday paradox - a provably secure construction - iterative hash functions - hash functions based on block ciphers - customized hash functions (SHA-1) Definition

More information

Computer Science 308-547A Cryptography and Data Security. Claude Crépeau

Computer Science 308-547A Cryptography and Data Security. Claude Crépeau Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)

More information

Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

More information

UNIT IV PUBLIC KEY CRYPTOGRAPHY

UNIT IV PUBLIC KEY CRYPTOGRAPHY UNIT IV PUBLIC KEY CRYPTOGRAPHY Private Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications are compromised

More information

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

A New Efficient Digital Signature Scheme Algorithm based on Block cipher IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727Volume 7, Issue 1 (Nov. - Dec. 2012), PP 47-52 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1

More information

Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella

Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by

More information

Cryptanalysis of a Verifiably Committed Signature Scheme based on GPS and RSA

Cryptanalysis of a Verifiably Committed Signature Scheme based on GPS and RSA Cryptanalysis of a Verifiably Committed Signature Scheme based on GPS and RSA Julien Cathalo, Benoît Libert and Jean-Jacques Quisquater Université catholique de Louvain Place du Levant 3 1348 Louvain-la-Neuve,

More information

Notes on Network Security Prof. Hemant K. Soni

Notes on Network Security Prof. Hemant K. Soni Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

More information

IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE

IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE Mrs. Megha Kolhekar Assistant Professor, Department of Electronics and Telecommunication Engineering Fr. C. Rodrigues Institute of Technology,

More information

Elements of Applied Cryptography Public key encryption

Elements of Applied Cryptography Public key encryption Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

More information

On the Disadvantages of Pairing-based Cryptography

On the Disadvantages of Pairing-based Cryptography On the Disadvantages of Pairing-based Cryptography Zhengjun Cao 1, Lihua Liu 2, Abstract. Pairing-based cryptography (PBC) has many elegant properties. It is claimed that PBC can offer a desired security

More information

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master

More information

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks J. M. BAHI, C. GUYEUX, and A. MAKHOUL Computer Science Laboratory LIFC University of Franche-Comté Journée thématique

More information

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631 Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.

More information

Some Identity Based Strong Bi-Designated Verifier Signature Schemes

Some Identity Based Strong Bi-Designated Verifier Signature Schemes Some Identity Based Strong Bi-Designated Verifier Signature Schemes Sunder Lal and Vandani Verma Department of Mathematics, Dr. B.R.A. (Agra), University, Agra-282002 (UP), India. E-mail- sunder_lal2@rediffmail.com,

More information

Public Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography

Public Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt

More information

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document? Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)

More information

Secure and Efficient Threshold Key Issuing Protocol for ID-based Cryptosystems

Secure and Efficient Threshold Key Issuing Protocol for ID-based Cryptosystems Secure and Efficient Threshold Key Issuing Protocol for ID-based Cryptosystems K. Phani Kumar, G. Shailaja, Ashutosh Saxena Secure Technology Lab., Institute for Development and Research in Banking Technology

More information

Introduction. Digital Signature

Introduction. Digital Signature Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

More information

Introduction to Cryptography CS 355

Introduction to Cryptography CS 355 Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru

More information

In this paper a new signature scheme and a public key cryptotsystem are proposed. They can be seen as a compromise between the RSA and ElGamal-type sc

In this paper a new signature scheme and a public key cryptotsystem are proposed. They can be seen as a compromise between the RSA and ElGamal-type sc Digital Signature and Public Key Cryptosystem in a Prime Order Subgroup of Z n Colin Boyd Information Security Research Centre, School of Data Communications Queensland University of Technology, Brisbane

More information

Elliptic Curve Public Key Cryptography

Elliptic Curve Public Key Cryptography Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. The smaller key

More information

A NEW ATTACK ON THE KMOV CRYPTOSYSTEM

A NEW ATTACK ON THE KMOV CRYPTOSYSTEM A NEW ATTACK ON THE KMOV CRYPTOSYSTEM Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France abderrahmane.nitaj@unicaen.fr http://www.math.unicaen.fr/~nitaj Abstract.

More information

A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION

A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION Prof. Dr. Alaa Hussain Al- Hamami, Amman Arab University for Graduate Studies Alaa_hamami@yahoo.com Dr. Mohammad Alaa Al-

More information

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

More information

The Quantum Apocalypse

The Quantum Apocalypse SIGS Special Event in Bern About and Beyond PKI 9.02.2017 The Quantum Apocalypse How quantum computers can really influence the cryptographic world Dr. François Weissbaum VBS, FUB Kryptologie Content 1.

More information

New Lattice Attacks on DSA Schemes

New Lattice Attacks on DSA Schemes New Lattice Attacks on DSA Schemes Dimitrios Poulakis Department of Mathematics, Aristotle University of Thessaloniki, Thessaloniki 54124, Greece, email:poulakis@mathauthgr January 23, 20 Abstract We prove

More information

A SOFTWARE COMPARISON OF RSA AND ECC

A SOFTWARE COMPARISON OF RSA AND ECC International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

More information

Digital signatures. Informal properties

Digital signatures. Informal properties Digital signatures Informal properties Definition. A digital signature is a number dependent on some secret known only to the signer and, additionally, on the content of the message being signed Property.

More information

A Remote User Authentication Scheme using Bilinear Pairings

A Remote User Authentication Scheme using Bilinear Pairings A Remote User Authentication Scheme using Bilinear Pairings Sanjeev Kumar Department of Mathematics, Institute of Basic Science, Dr.B.R.Ambedkar University, Khandari, Agra-282002 (U.P.), India. K K Goyal

More information

Asymmetric Cryptography. Mahalingam Ramkumar Department of CSE Mississippi State University

Asymmetric Cryptography. Mahalingam Ramkumar Department of CSE Mississippi State University Asymmetric Cryptography Mahalingam Ramkumar Department of CSE Mississippi State University Mathematical Preliminaries CRT Chinese Remainder Theorem Euler Phi Function Fermat's Theorem Euler Fermat's Theorem

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 4 Public Key Cryptography

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 4 Public Key Cryptography Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 4 Public Key Cryptography However, prior exposure to discrete mathematics will help

More information

Digital Signature Schemes

Digital Signature Schemes Digital Signature Schemes Introduction The conventional handwritten signature on a document is used to certify that the signer is responsible for the content of the document. The signature is physically

More information

PUBLIC KEY ENCRYPTION

PUBLIC KEY ENCRYPTION PUBLIC KEY ENCRYPTION http://www.tutorialspoint.com/cryptography/public_key_encryption.htm Copyright tutorialspoint.com Public Key Cryptography Unlike symmetric key cryptography, we do not find historical

More information

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies

More information

ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS

ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS D. Sravana Kumar 1 CH. Suneetha 2 A. ChandrasekhAR 3 1 Reader in Physics, SVLNS Government College, Bheemunipatnam, Visakhapatnam Dt., India skdharanikota@gmail.com

More information

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Elliptic Curve Cryptography Support in Entrust Author: Robert Zuccherato Date: May 9, 2000 Version: 1.0

Elliptic Curve Cryptography Support in Entrust Author: Robert Zuccherato Date: May 9, 2000 Version: 1.0 Elliptic Curve Cryptography Support in Entrust Author: Robert Zuccherato Date: May 9, 2000 Version: 1.0 Copyright 2000-2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc.

More information

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University Implementation and Comparison of Various Digital Signature Algorithms -Nazia Sarang Boise State University What is a Digital Signature? A digital signature is used as a tool to authenticate the information

More information

Masao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC.

Masao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC. A New Class of Public Key Cryptosystems Constructed Based on Reed-Solomon Codes, K(XII)SEPKC. Along with a presentation of K(XII)SEPKC over the extension field F 2 8 extensively used for present day various

More information

C - Cryptography

C - Cryptography Coordinating unit: 270 - FIB - Barcelona School of Informatics Teaching unit: 749 - MAT - Department of Mathematics Academic year: Degree: 2016 BACHELOR'S DEGREE IN INFORMATICS ENGINEERING (Syllabus 2010).

More information

Fast Signature Generation with a Fiat Shamir Like Scheme

Fast Signature Generation with a Fiat Shamir Like Scheme Fast Signature Generation with a Fiat Shamir Like Scheme H. Ong Deutsche Bank AG Stuttgarter Str. 16 24 D 6236 Eschborn C.P. Schnorr Fachbereich Mathematik / Informatik Universität Frankfurt Postfach 111932

More information

IMPLEMENTATION AND PERFORMANCE ANALYSIS OF ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM

IMPLEMENTATION AND PERFORMANCE ANALYSIS OF ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM NABI ET AL: IMPLEMENTATION AND PERFORMANCE ANALYSIS OF ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM 28 IMPLEMENTATION AND PERFORMANCE ANALYSIS OF ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM Mohammad Noor

More information

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch 1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

More information

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher

More information

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Public-Key Cryptography. The new era (1976-present)

Public-Key Cryptography. The new era (1976-present) Public-Key Cryptography The new era (1976-present) Classical, Symmetric Ciphers Alice and Bob share the same secret key K A,B. K A,B must be secretly generated and exchanged prior to using the unsecure

More information

THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION

THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION T OPICS IN WIRELESS SECURITY THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION Q 2 = R 1 Q 2 R 1 R 1 As the wireless industry explodes, it faces

More information

Advanced Maths Lecture 3

Advanced Maths Lecture 3 Advanced Maths Lecture 3 Next generation cryptography and the discrete logarithm problem for elliptic curves Richard A. Hayden rh@doc.ic.ac.uk EC crypto p. 1 Public key cryptography Asymmetric cryptography

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

More information

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

More information

Security in Electronic Payment Systems

Security in Electronic Payment Systems Security in Electronic Payment Systems Jan L. Camenisch, Jean-Marc Piveteau, Markus A. Stadler Institute for Theoretical Computer Science, ETH Zurich, CH-8092 Zurich e-mail: {camenisch, stadler}@inf.ethz.ch

More information

AN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM

AN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE AN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM Bairu Ravi 1, B.Ramya 2 1 M.Tech Student, Dept of CSE, Arjun College

More information

Implementing Network Security Protocols

Implementing Network Security Protocols Implementing Network Security Protocols based on Elliptic Curve Cryptography M. Aydos, E. Savaş, and Ç. K. Koç Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331, USA {aydos,savas,koc}@ece.orst.edu

More information

The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

More information

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

More information

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

More information

White Paper. Enhancing Website Security with Algorithm Agility

White Paper. Enhancing Website Security with Algorithm Agility ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today

More information

Public Key Cryptography

Public Key Cryptography Public Key Cryptography Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys one a public key and one a private key. It is also known

More information

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography

More information

Table of Contents. List of Tables List of Figures Foreword by R.L. Rivest. 1 Overview of Cryptography 1

Table of Contents. List of Tables List of Figures Foreword by R.L. Rivest. 1 Overview of Cryptography 1 List of Tables List of Figures Foreword by R.L. Rivest Preface xv xix xxi xxiii 1 Overview of Cryptography 1 1.1 Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1 1.2 Information

More information

Attacks On the RSA Cryptosystem

Attacks On the RSA Cryptosystem Attacks On the RSA Cryptosystem Prepared for SE 4C03 Class Project, Winter 2005 Instructor: Dr. Kartik Krishnan Prepared by: Xiao-lei Cui, 0140976 Report Due Date: April 5 th 2005 Last Revision Date: April

More information

Bi-Deniable Public-Key Encryption Protocol which is Secure against Active Coercive Adversary

Bi-Deniable Public-Key Encryption Protocol which is Secure against Active Coercive Adversary BULETINUL ACADEMIEI DE ŞTIINŢE A REPUBLICII MOLDOVA. MATEMATICA Number 3(76), 2014, Pages 23 29 ISSN 1024 7696 Bi-Deniable Public-Key Encryption Protocol which is Secure against Active Coercive Adversary

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 32 Discrete Logarithm Problem

More information

3-6 Toward Realizing Privacy-Preserving IP-Traceback

3-6 Toward Realizing Privacy-Preserving IP-Traceback 3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems

More information

Public Key Cryptography (II)

Public Key Cryptography (II) Public Key Cryptography (II) The era of electronic mail [Potter1977] may soon be upon us; we must ensure that two important properties of the current paper mail system are preserved: (a) messages are private,

More information

Introduction to Cryptography. Lecture 8

Introduction to Cryptography. Lecture 8 Introduction to Cryptography Lecture 8 Benny Pinkas page 1 Public Key-Exchange Goal: Two parties who do not share any secret information, perform a protocol and derive the same shared key. No eavesdropper

More information

IEE Proceedings: Computers and Digital Techniques, 141(5) , September 1994.

IEE Proceedings: Computers and Digital Techniques, 141(5) , September 1994. Montgomery Reduction with Even Modulus C. K. Koc Department of Electrical and Computer Engineering Oregon State University Corvallis, Oregon 97331 Abstract The modular multiplication and exponentiation

More information