Showing papers in "Lecture Notes in Computer Science in 1997"

Efficient group signature schemes for large groups

Abstract: A group signature scheme allows members of a group to sign messages on the group's behalf such that the resulting signature does not reveal their identity. Only a designated group manager is able to identify the group member who issued a given signature. Previously proposed realizations of group signature schemes have the undesirable property that the length of the public key is linear in the size of the group. In this paper we propose the first group signature scheme whose public key and signatures have length independent of the number of group members and which can therefore also be used for large groups. Furthermore, the scheme allows the group manager to add new members to the group without modifying the public key. The realization is based on methods for proving the knowledge of signatures.

Key Agreement Protocols and Their Security Analysis

Abstract: This paper proposes new protocols for two goals: authenticated key agreement and authenticated key agreement with key confirmation in the asymmetric (public-key) setting. A formal model of distributed computing is provided, and a definition of the goals within this model supplied. The protocols proposed are then proven correct within this framework in the random oracle model. We emphasize the relevance of these theoretical results to the security of systems used in practice. Practical implementation of the protocols is discussed. Such implementations are currently under consideration for standardization [2, 3, 18].

A Review of Nonlinear Diffusion Filtering

Abstract: This paper gives an overview of scale-space and image enhancement techniques which are based on parabolic partial differential equations in divergence form. In the nonlinear setting this filter class allows to integrate a-priori knowledge into the evolution. We sketch basic ideas behind the different filter models, discuss their theoretical foundations and scale-space properties, discrete aspects, suitable algorithms, generalizations, and applications.

ECOOP'97 - Object-Oriented Programming

Abstract: This volume constitutes the proceedings of the eleventh European Conference on Object-Oriented Programming, ECOOP '97, held in Jyvaskyla, Finland, June 9-13, 1997. Since the first ECOOP conference in 1987, object-oriented technology has grown from a limited academic exercise to an industrial driving force. Currently, numerous commercial object-oriented software products are available for practical use.

Information Extraction: Techniques and Challenges

Abstract: This volume takes a broad view of information extraction as any method for ltering information from large volumes of text. This includes the retrieval of documents from collections and the tagging of particular terms in text. In this paper we shall use a narrower de nition: the identi cation of instances of a particular class of events or relationships in a natural language text, and the extraction of the relevant arguments of the event or relationship. Information extraction therefore involves the creation of a structured representation (such as a data base) of selected information drawn from the text. The idea of reducing the information in a document to a tabular structure is not new. Its feasibility for sublanguage texts was suggested by Zellig Harris in the 1950's, and an early implementation for medical texts was done at New York University by Naomi Sager[20]. However, the speci c notion of information extraction described here has received wide currency over the last decade through the series of Message Understanding Conferences [1, 2, 3, 4, 14]. We shall discuss these Conferences in more detail a bit later, and shall use simpli ed versions of extraction tasks from these Conferences as examples throughout this paper. Figure 1 shows a simpli ed example from one of the earlier MUC's, involving terrorist events (MUC-3) [1]. For each terrorist event, the system had to determine the type of attack (bombing, arson, etc.), the date, location, perpetrator (if stated), targets, and e ects on targets. Other examples of extraction tasks are international joint ventures (where the arguments included the partners, the new venture, its product or service, etc.) and executive succession (indicating who was hired or red by which company for which position). Information extraction is a more limited task than \\full text understanding\". In full text understanding, we aspire to represent in a explicit fashion all the information in a text. In contrast, in information extraction we delimit in advance, as part of the speci cation of the task, the semantic range of the output: the relations we will represent, and the allowable llers in each slot of a relation.

Feature-oriented programming : A fresh look at objects

Abstract: We propose a new model for flexible composition of objects from a set of features. Features are similar to (abstract) subclasses, but only provide the core functionality of a (sub)class. Overwriting other methods is viewed as resolving feature interactions and is specified separately for two features at a time. This programming model allows to compose features (almost) freely in a way which generalizes inheritance and aggregation. For a set of n features, an exponential number of different feature combinations is possible, assuming a quadratic number of interaction resolutions. We present the feature model as an extension of Java and give two translations to Java, one via inheritance and the other via aggregation. We further discuss parameterized features, which work nicely with our feature model and can be translated into Pizza, an extension of Java.

Public-key cryptosystems from lattice reduction problems

Abstract: We present a new proposal for a trapdoor one-way function, from which we derive public-key encryption and digital signatures. The security of the new construction is based on the conjectured computational difficulty of lattice-reduction problems, providing a possible alternative to existing public-key encryption algorithms and digital signatures such as RSA and DSS.

Semantic Matching: Formal Ontological Distinctions for Information Organization, Extraction, and Integration

Abstract: The task of information extraction can be seen as a problem of semantic matching between a user-defined template and a piece of information written in natural language. To this purpose, the ontological assumptions of the template need to be suitably specified, and compared with the ontological implications of the text. So-called “ontologies”, consisting of theories of various kinds expressing the meaning of shared vocabularies, begin to be used for this task. This paper addresses the theoretical issues related to the design and use of such ontologies for purposes of information retrieval and extraction. After a discussion on the nature of semantic matching within a model-theoretical framework, we introduce the subject of Formal Ontology, showing how the notions of parthood, integrity, identity, and dependence can be of help in understanding, organizing and formalizing fundamental ontological distinctions. We present then some basic principles for ontology design, and we illustrate a preliminary proposal for a top-level ontology developed according to such principles. As a concrete example of ontology-based information retrieval, we finally report an ongoing experience of use of a large linguistic ontology for the retrieval of object-oriented software components.

Finding Small Roots of Univariate Modular Equations Revisited

Abstract: An alternative technique for finding small roots of univariate modular equations is described. This approach is then compared with that taken in (Coppersmith, 1996), which links the concept of the dual lattice (see (Cassels, 1971)) to the LLL algorithm (see (Lenstra et al., 1982)). Timing results comparing both algorithms are given, and practical considerations are discussed. This work has direct applications to several low exponent attacks on the RSA cryptographic scheme (see (Coppersmith, 1996)).

Extending Planning Graphs to an ADL Subset

Abstract: We describe an extension of Graphplan to a subset of ADL that allows conditional and universally quantified effects in operators. The data structure of planning graphs is extended to cope with the more expressive operators in such a way that most of the interesting properties of the original Graphplan formalism are preserved. A sound and complete planning algorithm extracts plans from planning graphs and terminates on unsolvable problems. A new efficient technique for subset memoization is presented to speed up the planner and we prove that Graphplan''s termination test remains complete under subset memoization.

Spatial Data Mining: A Database Approach

Abstract: Knowledge discovery in databases (KDD) is an important task in spatial databases since both, the number and the size of such databases are rapidly growing This paper introduces a set of basic operations which should be supported by a spatial database system (SDBS) to express algorithms for KDD in SDBS For this purpose, we introduce the concepts of neighborhood graphs and paths and a small set of operations for their manipulation We argue that these operations are sufficient for KDD algorithms considering spatial neighborhood relations by presenting the implementation of four typical spatial KDD algorithms based on the proposed operations Furthermore, the efficient support of operations on large neighborhood graphs and on large sets of neighborhood paths by the SDBS is discussed Neighborhood indices are introduced to materialize selected neighborhood graphs in order to speed up the processing of the proposed operations

Visual authentication and identification

Abstract: The problems of authentication and identification have received wide interest in cryptographic research. However, there has been no satisfactory solution for the problem of authentication by a human recipient who does not use any trusted computational device, which arises for example in the context of smartcard-human interaction, in particular in the context of electronic wallets. The problem of identification is ubiquitous in communication over insecure networks. This paper introduces visual authentication and visual identification methods, which are authentication and identification methods for human users based on visual cryptography. These methods are very natural and easy to use, and can be implemented using very common low tech technology. The methods we suggest are efficient in the sense that a single transparency can be used for several authentications or for several identifications. The security of these methods is rigorously analyzed.

Movement Phase in Signs and Co-Speech Gestures, and Their Transcriptions by Human Coders

Abstract: The previous literature has suggested that the hand movement in co-speech gestures and signs consists of a series of phases with qualitatively different dynamic characteristics. In this paper, we propose a syntagmatic rule system for movement phases that applies to both co-speech gestures and signs. Descriptive criteria for the rule system were developed for the analysis video-recorded continuous production of signs and gesture. It involves segmenting a stream of body movement into phases and identifying different phase types. Two human coders used the criteria to analyze signs and cospeech gestures that are produced in natural discourse. It was found that the criteria yielded good inter-coder reliability. These criteria can be used for the technology of automatic recognition of signs and co-speech gestures in order to segment continuous production and identify the potentially meaningbearing phase.

An improved algorithm for arithmetic on a family of elliptic curves

Abstract: It has become increasingly common to implement discrete-logarithm based public-key protocols on elliptic curves over finite fields. The basic operation is scalar multiplication: taking a given integer multiple of a given point on the curve. The cost of the protocols depends on that of the elliptic scalar multiplication operation. Koblitz introduced a family of curves which admit especially fast elliptic scalar multiplication. His algorithm was later modified by Meier and Staffelbach. We give an improved version of the algorithm which runs 50% faster than any previous version. It is based on a new kind of representation of an integer, analogous to certain kinds of binary expansions. We also outline further speedups using precomputation and storage.

Efficient generation of shared RSA keys

Abstract: We describe efficient techniques for three (or more) parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is publicly known and each party holds a share of the private exponent that enables threshold decryption. Our protocols are efficient in computation and communication.

Differential fault analysis of secret key cryptosystems

Abstract: In September 1996 Boneh, Demillo, and Lipton from Bellcore announced a new type of cryptanalytic attack which exploits computational errors to find cryptographic keys. Their attack is based on algebraic properties of modular arithmetic, and thus it is applicable only to public key cryptosystems such as RSA, and not to secret key algorithms such as the Data Encryption Standard (DES). In this paper, we describe a related attack, which we call Differential Fault Analysis, or DFA, and show that it is applicable to almost any secret key cryptosystem proposed so far in the open literature. Our DFA attack can use various fault models and various cryptanalytic techniques to recover the cryptographic secrets hidden in the tamper-resistant device. In particular, we have demonstrated that under the same hardware fault model used by the Bellcore researchers, we can extract the full DES key from a sealed tamper-resistant DES encryptor by analyzing between 50 and 200 ciphertexts generated from unknown but related plaintexts. In the second part of the paper we develop techniques to identify the keys of completely unknown ciphers (such as SkipJack) sealed in tamper-resistant devices, and to reconstruct the complete specification of DES-like unknown ciphers. In the last part of the paper, we consider a different fault model, based on permanent hardware faults, and show that it can be used to break DES by analyzing a small number of ciphertexts generated from completely unknown and unrelated plaintexts.

Qualitative Spatial Representation and Reasoning Techniques

Abstract: The field of Qualitative Spatial Reasoning is now an active research area in its own right within AI (and also in Geographical Information Systems) having grown out of earlier work in philosophical logic and more general Qualitative Reasoning in AI. In this paper (which is an updated version of [25]) I will survey the state of the art in Qualitative Spatial Reasoning, covering representation and reasoning issues as well as pointing to some application areas.

Security of blind digital signatures

Abstract: Blind digital signatures were introduced by Chaum. In this paper, we show how security and blindness properties for blind digital signatures, can be simultaneously defined and satisfied, assuming an arbitrary one-way trapdoor permutation family. Thus, this paper presents the first complexity-based proof of security for blind signatures.

How to sign digital streams

Abstract: We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the entire message before being able to authenticate its signature. However, a stream is a potentially very long ( or infinite) sequence of bits that the sender sends to the receiver and the receiver is required to consumes the received bits at more or less the input rate and without excessive delay. Therefore it is infeasible for the receiver to obtain the entire stream before authenticating and consuming it. Examples of streams include digitized video and audio files, data feeds and applets. We present two solutions to the problem of authenticating digital streams. The first one is for the case of a finite stream which is entirely known to the sender (say a movie). We use this constraint to devise an extremely efficient solution. The second case is for a (potentially infinite) stream which is not known in advance to the sender (for example a live broadcast). We present proofs of security of our constructions. Our techniques also have applications in other areas, for example, efficient authentication of long files when communication is at a cost and signature based filtering at a proxy server.

Balloon types : Controlling sharing of state in data types

Abstract: Current data abstraction mechanisms are not adequate to control sharing of state in the general case involving objects in linked structures. The pervading possibility of sharing is a source of errors and an obstacle to language implementation techniques. We present a general extension to programming languages which makes the ability to share state a first class property of a data type, resolving a long-standing flaw in existing data abstraction mechanisms. Balloon types enforce a strong form of encapsulation: no state reachable (directly or transitively) by a balloon object is referenced by any external object. Syntactic simplicity is achieved by relying on a non-trivial static analysis as the checking mechanism. Balloon types are applicable in a wide range of areas such as program transformation, memory management and distributed systems. They are the key to obtaining self-contained composite objects, truly opaque data ions and value types-important concepts for the development of large scale, provably correct programs.

The Universal B-Tree for Multidimensional Indexing: general Concepts

Abstract: Today almost all database systems use B-trees as their main access method. One of the main drawbacks of the classical B-tree is, however, that it works well only for one-dimensional data In this paper we present a new access structure, called UB-tree (for universal B-tree) for multidimensional data. The UB-tree is balanced and has all the guaranteed performance characteristics of B-trees, i.e. it requires linear space for storage and logarithmic time for the basic operations of INSERT FIND DELETE. In addition the UB-tree has the fundamental property, that it preserves clustering of objects w.r. to Cartesian distance. Therefore, the UB-tree shows its main strengths for multidimensional data. It has very high potential for parallel processing. With the new method, a single UB-tree can replace an arbitrary number of secondary indexes. For updates this means that only one UB-tree must be managed instead of several secondary indexes. This reduces runtime and storage requirements substantially. For queries and in particular range queries the UB-tree has multiplicative complexity instead of the additive complexity of multiple secondary indexes. This results in dramatic performance improvements over secondary indexes.

Encoding Planning Problems in Nonmonotonic Logic Programs

Abstract: We present a framework for encoding planning problems in logic programs with negation as failure, having computational efficiency as our major consideration. In order to accomplish our goal, we bring together ideas from logic programming and the planning systems GRAPHPLAN and SATPLAN. We discuss different representations of planning problems in logic programs, point out issues related to their performance, and show ways to exploit the structure of the domains in these representations. For our experimentation we use an existing implementation of the stable models semantics called SMODELS. It turns out that for careful and compact encodings, the performance of the method across a number of different domains, is comparable to that of planners like GRAPHPLAN and SATPLAN.

Heavy-tailed distributions in combinatorial search

Abstract: Combinatorial search methods often exhibit a large variability in performance. We study the cost profiles of combinatorial search procedures. Our study reveals some intriguing properties of such cost profiles. The distributions are often characterized by very long tails or heavy tails. We will show that these distributions are best characterized by a general class of distributions that have no moments (i.e., an infinite mean, variance, etc.). Such non-standard distributions have recently been observed in areas as diverse as economics, statistical physics, and geophysics. They are closely related to fractal phenomena, whose study was introduced by Mandelbrot. We believe this is the first finding of these distributions in a purely computational setting. We also show how random restarts can effectively eliminate heavy-tailed behavior, thereby dramatically improving the overall performance of a search procedure.

Privacy amplification secure against active adversaries

Abstract: Privacy amplification allows two parties Alice and Bob knowing a partially secret string S to extract, by communication over a public channel, a shorter, highly secret string S'. Bennett, Brassard, Crepeau, and Maurer showed that the length of S' can be almost equal to the conditional Renyi entropy of S given an opponent Eve's knowledge. All previous results on privacy amplification assumed that Eve has access to the public channel but is passive or, equivalently, that messages inserted by Eve can be detected by Alice and Bob. In this paper we consider privacy amplification secure even against active opponents. First it is analyzed under what conditions information-theoretically secure authentication is possible even though the common key is only partially secret. This result is used to prove that privacy amplification can be secure against an active opponent and that the size of S' can be almost equal to Eve's min-entropy about S minus 2n/3 if S is an n-bit string. Moreover, it is shown that for sufficiently large n privacy amplification is possible when Eve's min-entropy about S exceeds only n/2 rather than 2n/3.

A key recovery attack on discrete log-based schemes using a prime order subgroup

Abstract: Consider the well-known oracle attack: somehow one gets a certain computation result as a function of a secret key from the secret key owner and tries to extract some information on the secret key. This attacking scenario is well understood in the cryptographic community. However, there are many protocols based on the discrete logarithm problem that turn out to leak many of the secret key bits from this oracle attack, unless suitable checkings are carried out. In this paper we present a key recovery attack on various discrete log-based schemes working in a prime order subgroup. Our attack may reveal part of, or the whole secret key in most Diffie-Hellman-type key exchange protocols and some applications of ElGamal encryption and signature schemes.

Some Recent Research Aspects of Threshold Cryptography

Abstract: In the traditional scenario in cryptography there is one sender, one receiver and an active or passive eavesdropper who is an opponent. Depending from the application the sender or the receiver (or both) need to use a secret key. Often we are not dealing with an individual sender/receiver, but the sender/receiver is an organization. The goal of threshold cryptography is to present practical schemes to solve such problems without the need to use the more general methods of mental games.

The M2VTS Multimodal Face Database (Release 1.00)

Abstract: The primary goal of the M2VTS project is to address the issue of secured access to buildings or multi-media services by the use of automatic person verification based on multimodal strategies (secured access based on speech, face images and other information) This paper presents an overview of the multimodal face database recorded at UCL premises for the purpose of research applications inside the M2VTS project This database offers synchronized video and speech data as well as image sequences allowing to access multiple views of a face This material should permit the design and the testing of identification strategies based on speech andro labial analysis, frontal and/or profile face analysis as well as 3-D analysis thanks to the multiple views The M2VTS Database is available to any non-commercial user on request to the European Language Resource Agency

Combining the Expressivity of UCPOP with the Efficiency of Graphplan

Abstract: There has been a great deal of recent work on new approaches to efficiently generating plans in systems such as Graphplan and SATplan However, these systems only provide an impoverished representation language compared to other planners, such as UCPOP, ADL, or Prodigy This makes it difficult to represent planning problems using these new planners This paper addresses this problem by providing a completely automated set of transformations for converting a UCPOP domain representation into a Graphplan representation The set of transformations extends the Graphplan representation language to include disjunctions, negations, universal quantification, conditional effects, and axioms We tested the resulting planner on the 18 test domains and 41 problems that come with the UCPOP 40 distribution Graphplan with the new preprocessor is able to solve every problem in the test set and on the hard problems (ie, those that require more than one second of CPU time) it can solve them significantly faster than UCPOP While UCPOP was unable to solve 7 of the test problems within a search limit of 100,000 nodes (which requires 414 to 980 CPU seconds), Graphplan with the preprocessor solved them all in under 15 CPU seconds (including the preprocessing time)

Look-ahead versus look-back for satisfiability problems

Abstract: CNF propositional satisfiability (SAT) is a special kind of the more general Constraint Satisfaction Problem (CSP). While look-back techniques appear to be of little use to solve hard random SAT problems, it is supposed that they are necessary to solve hard structured SAT problems. In this paper, we propose a very simple DPL procedure called Satz which only employs some look-ahead techniques: a variable ordering heuristic, a forward consistency checking (Unit Propagation) and a limited resolution before the search, where the heuristic is itself based on unit propagation. Satz is favorably compared on random 3-SAT problems with three DPL procedures among the best in the literature for these problems. Furthermore on a great number of problems in 4 well-known SAT benchmarks Satz reaches or outspeeds the performance of three other DPL procedures among the best in the literature for structured SAT problems. The comparative results suggest that a suitable exploitation of look-ahead techniques, while very simple and efficient for random SAT problems, may allow to do without sophisticated look-back techniques in a DPL procedure.