2 1 The innovative transport systems and the CityMobil project 10 1.1 The research questions 10 2 The state of art in the field of automatic transport systems 12 2.1 Case studies and demand studies for innovative transport systems 12 3 The design and implementation of surveys 14 3.1 Definition of experimental design 14 3.2 Questionnaire design and delivery 16 3.3 First analyses on the collected sample 18 4 Calibration of Logit Multionomial demand models 21 4.1 Methodology 21 4.2 Calibration of the “full” model. 22 4.3 Calibration of the “final” model 24 4.4 The demand analysis through the final Multinomial Logit model 25 5 The analysis of interaction between the demand and socioeconomic attributes 31 5.1 Methodology 31 5.2 Application of Mixed Logit models to the demand 31 5.3 Analysis of the interactions between demand and socioeconomic attributes through Mixed Logit models 32 5.4 Mixed Logit model and interaction between age and the demand for the CTS 38 5.5 Demand analysis with Mixed Logit model 39 6 Final analyses and conclusions 45 6.1 Comparison between the results of the analyses 45 6.2 Conclusions 48 6.3 Answers to the research questions and future developments 52

The European commission

In this paper we propose a new approach to investigate the security of the McEliece cryptosystem. We recall that this cryptosystem relies on the use of error-correcting codes. Since its invention thirty years ago, no efficient attack had been devised that managed to recover the private key. We prove that the private key of the cryptosystem satisfies a system of bi-homogeneous polynomial equations. This property is due to the particular class of codes considered which are alternant codes. We have used these highly structured algebraic equations to mount an efficient key-recovery attack against two recent variants of the McEliece cryptosystems that aim at reducing public key sizes. These two compact variants of McEliece managed to propose keys with less than 20,000 bits. To do so, they proposed to use quasi-cyclic or dyadic structures. An implementation of our algebraic attack in the computer algebra system Magma allows to find the secret-key in a negligible time (less than one second) for almost all the proposed challenges. For instance, a private key designed for a 256-bit security has been found in 0.06 seconds with about 217.8 operations.

/pdf/algebraic-cryptanalysis-of-mceliece-variants-with-compact-33u1nin0j3.pdf

Algebraic cryptanalysis of mceliece variants with compact keys

Code-based cryptography

We cryptanalyse here two variants of the McEliece cryptosystem based on quasi-cyclic codes. Both aim at reducing the key size by restricting the public and secret generator matrices to be in quasi-cyclic form. The first variant considers subcodes of a primitive BCH code. The aforementioned constraint on the public and secret keys implies to choose very structured permutations. We prove that this variant is not secure by producing many linear equations that the entries of the secret permutation matrix have to satisfy by using the fact that the secret code is a subcode of a known BCH code. This attack has been implemented and in all experiments we have performed the solution space of the linear system was of dimension one and revealed the permutation matrix. The other variant uses quasi-cyclic low density parity-check (LDPC) codes. This scheme was devised to be immune against general attacks working for McEliece type cryptosystems based on LDPC codes by choosing in the McEliece scheme more general one-to-one mappings than permutation matrices. We suggest here a structural attack exploiting the quasi-cyclic structure of the code and a certain weakness in the choice of the linear transformations that hide the generator matrix of the code. This cryptanalysis adopts a polynomial-oriented approach and basically consists in searching for two polynomials of low weight such that their product is a public polynomial. Our analysis shows that with high probability a parity-check matrix of a punctured version of the secret code can be recovered with time complexity O(n
 3) where n is the length of the considered code. The complete reconstruction of the secret parity-check matrix of the quasi-cyclic LDPC codes requires the search of codewords of low weight which can be done with about 237 operations for the specific parameters proposed.

Cryptanalysis of Two McEliece Cryptosystems Based on Quasi-Cyclic Codes

This paper studies a variant of the McEliece cryptosystem able to ensure that the code used as the public key is no longer permutation equivalent to the secret code. This increases the security level of the public key, thus opening the way for reconsidering the adoption of classical families of codes, like Reed---Solomon codes, that have been longly excluded from the McEliece cryptosystem for security reasons. It is well known that codes of these classes are able to yield a reduction in the key size or, equivalently, an increased level of security against information set decoding; so, these are the main advantages of the proposed solution. We also describe possible vulnerabilities and attacks related to the considered system and show what design choices are best suited to avoid them.

/pdf/enhanced-public-key-security-for-the-mceliece-cryptosystem-2obavfkmbw.pdf

Enhanced Public Key Security for the McEliece Cryptosystem

In this paper a new structural attack on the McEliece/Niederreiter public key cryptosystem based on subcodes of generalized Reed-Solomon codes proposed by Berger and Loidreau is described. It allows the reconstruction of the private key for almost all practical parameter choices in polynomial time with high probability.

Cryptanalysis of the niederreiter public key scheme based on GRS subcodes

In this paper a new structural attack on the McEliece/Niederreiter public key cryptosystem based on subcodes of generalized ReedSolomon codes proposed by Berger and Loidreau is described. It allows the reconstruction of the private key for almost all practical parameter choices in polynomial time with high probability.

/pdf/cryptanalysis-of-the-niederreiter-public-key-scheme-based-on-3in6erh41s.pdf

Cryptanalysis of the Niederreiter Public Key Scheme Based on GRS Subcodes.

In [1] a Niederreiter-type public-key cryptosystem based on subcodes of generalized Reed-Solomon codes is presented. In this paper an algorithm is proposed which is able to recover the private key of the aforementioned system from the public key and which is considerably faster than a brute force attack. It is shown that the example parameters proposed in [1] are insecure.

/pdf/an-attack-on-a-modified-niederreiter-encryption-scheme-2mou6ta4fc.pdf

An attack on a modified niederreiter encryption scheme

Secure vehicular communication has been discussed over a long period of time. Now,- this technology is implemented in different Intelligent Transportation System (ITS) projects in europe. In most of these projects a suitable Public Key Infrastructure (PKI) for a secure communication between involved entities in a Vehicular Ad hoc Network (VANET) is needed. A first proposal for a PKI architecture for Intelligent Vehicular Systems (IVS PKI) is given by the car2car communication consortium. This architecture however mainly deals with inter vehicular communication and is less focused on the needs of Road Side Units. Here, we propose a multi-domain PKI architecture for Intelligent Transportation Systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today. The PKI domains are cryptographically linked based on local trust lists. In addition, a crypto agility concept is suggested, which takes adaptation of key length and cryptographic algorithms during PKI operation into account.

Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems

Public key cryptography based on elliptic curves is a promising foundation for energy-scarving pairwise key establishment in wireless sensor networks. Focusing on the Diffie-Hellman key-agreement, identity-based schemes can be applied to provide mechanisms for authentication. The AQ-protocol presented by Arazi et al. introduces such a key establishment supporting fixed as well as ephemeral keys.In this paper we review two known attacks of the ephemeral key establishment of this protocol. We introduce a new ephemeral key establishment for the AQ-protocol to fix these problems and analyze the proposed approach from a security perspective. We illustrate its feasibility for wireless sensor networks by presenting implementation results for the MICAz platform using TinyOS 2.x.

Christian Wieschebrink

Papers

Cryptanalysis of the niederreiter public key scheme based on GRS subcodes

Cryptanalysis of the Niederreiter Public Key Scheme Based on GRS Subcodes.

An attack on a modified niederreiter encryption scheme

Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems

Short paper: a new identity-based DH key-agreement protocol for wireless sensor networks based on the Arazi-Qi scheme