Yiqun Lisa Yin

Bio: Yiqun Lisa Yin is an academic researcher from Princeton University. The author has contributed to research in topics: Hash function & Cryptography. The author has an hindex of 20, co-authored 28 publications receiving 3125 citations. Previous affiliations of Yiqun Lisa Yin include EMC Corporation & RSA.

Finding collisions in the full SHA-1

Abstract: In this paper, we present new collision search attacks on the hash function SHA-1. We show that collisions of SHA-1 can be found with complexity less than 269 hash operations. This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound.

Efficient collision search attacks on SHA-0

Abstract: In this paper, we present new techniques for collision search in the hash function SHA-0. Using the new techniques, we can find collisions of the full 80-step SHA-0 with complexity less than 239 hash operations.

Efficient Methods for Integrating Traceability and Broadcast Encryption

Abstract: In many applications for content distribution, broadcast channels are used to transmit information from a distribution center to a large set of users. Broadcast encryption schemes enable the center to prevent certain users from recovering the information that is broadcast in encrypted form, while traceability schemes enable the center to trace users who collude to produce pirate decoders. In this paper, we study general methods for integrating traceability and broadcasting capability. In particular, we present a method for adding any desired level of broadcasting capability to any traceability scheme and a method for adding any desired level of traceability to any broadcast encryption scheme. To support our general methods, we also present new constructions of broadcast encryption schemes which are close to optimal in terms of the total number keys required. Our new schemes are the first to be both maximally resilient and fully scalable.

Enhanced block ciphers with data-dependent rotations

Abstract: A plaintext message to be encrypted is segmented into a number of words, e.g., four words stored in registers A, B, C and D, and an integer multiplication function is applied to a subset of the words, e.g., to the two words in registers B and D. The integer multiplication function may be a quadratic function of the form ƒ(x)=x(ax+b) or other suitable function such as a higher-order polynomial. The results of the integer multiplication function are rotated by lg w bits, where lg denotes log base 2 and w is the number of bits in a given word, to generate a pair of intermediate results t and u. An exclusive-or of another word, e.g., the word in register A, and one of the intermediate results, e.g., t, is rotated by an amount determined by the other intermediate result u. Similarly, an exclusive-or of the remaining word in register D and the intermediate result u is rotated by an amount determined by the other intermediate result t. An element of a secret key array is applied to each of these rotation results, and the register contents are then transposed. This process is repeated for a designated number of rounds to generate a ciphertext message. Pre-whitening and post-whitening operations may be included to ensure that the input or output does not reveal any internal information about any encryption round. Corresponding decryption operations may be used to decrypt the ciphertext message.

Secure user identification based on constrained polynomials

Abstract: Methods and apparatus for providing secure user identification or digital signatures based on evaluation of constrained polynomials. In an exemplary user identification technique, a prover sends a verifier a commitment signal representative of a first polynomial satisfying a first set of constraints. The verifier sends the prover a challenge signal representative of a second polynomial satisfying a second set of constraints. The prover generates a response signal as a function of (i) information used to generate the commitment signal, (ii) a challenge signal, and (iii) a private key polynomial of the prover, such that the response signal is representative of a third polynomial satisfying a third set of constraints. The verifier receives the response signal from the prover, and authenticates the identity of the prover by evaluating a function of information contained in at least a subset of (i) the commitment signal, (ii) the challenge signal, (iii) the response signal and (iv) a public key of the prover. In a digital signature technique, the challenge signal may be generated by the prover applying a hash function to (i) a message and (ii) information used to generate the commitment signal, and the prover sends the message to the verifier. The verifier uses a result of applying the hash function to the message and the commitment signal to authenticate a digital signature of the prover. The constraints on the polynomials are selected such that an attacker will find it very difficult to recover the private key polynomial from the partial information sent between the prover and verifier.

Handbook of Applied Cryptography

Abstract: From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

Guide to Elliptic Curve Cryptography

Abstract: After two decades of research and development, elliptic curve cryptography now has widespread exposure and acceptance. Industry, banking, and government standards are in place to facilitate extensive deployment of this efficient public-key mechanism. Anchored by a comprehensive treatment of the practical aspects of elliptic curve cryptography (ECC), this guide explains the basic mathematics, describes state-of-the-art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment. In addition, the book addresses some issues that arise in software and hardware implementation, as well as side-channel attacks and countermeasures. Readers receive the theoretical fundamentals as an underpinning for a wealth of practical and accessible knowledge about efficient application. Features & Benefits: * Breadth of coverage and unified, integrated approach to elliptic curve cryptosystems * Describes important industry and government protocols, such as the FIPS 186-2 standard from the U.S. National Institute for Standards and Technology * Provides full exposition on techniques for efficiently implementing finite-field and elliptic curve arithmetic* Distills complex mathematics and algorithms for easy understanding* Includes useful literature references, a list of algorithms, and appendices on sample parameters, ECC standards, and software toolsThis comprehensive, highly focused reference is a useful and indispensable resource for practitioners, professionals, or researchers in computer science, computer engineering, network design, and network data security.

The Elliptic Curve Digital Signature Algorithm (ECDSA)

Abstract: The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard and in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard and is under consideration for inclusion in some other ISO standards. Unlike the ordinary discrete logarithm problem and the integer factorization problem, no subexponential-time algorithm is known for the elliptic curve discrete logarithm problem. For this reason, the strength-per-key-bit is substantially greater in an algorithm that uses elliptic curves. This paper describes the ANSI X9.62 ECDSA, and discusses related security, implementation, and interoperability issues.

Finding collisions in the full SHA-1

Abstract: In this paper, we present new collision search attacks on the hash function SHA-1. We show that collisions of SHA-1 can be found with complexity less than 269 hash operations. This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound.

Information record infrastructure, system and method

Abstract: A method of maintaining digital medical records, comprising a step of receiving a medical transaction record (102), encrypted with a key in accordance with a patient-file association. Also comprising a step of accessing the encrypted medical transaction record according to a patient association with the record (111). And further comprising a step of re-encryption of the encrypted accessed medical transaction record with a key associated with an intended recipient of the medical record. The system and method according to the present invention presents a new business model for creation, maintenance, transmission, and use of medical records. The invention also allows financial burdens to be reallocated optimally and equitably, resulting in decreased overall societal cost and providing a successful business model for a database proprietor. Secure entrusted medical records are held in trust by an independent third party on behalf of the patient (113), and serve the medical community at large. Separately encrypted record elements may be aggregated as an information polymer.