Showing papers on "Cryptography published in 1990"

Public-Key Cryptography

Abstract: Cryptography, secret writing, is enjoying a scientific renaissance following the seminal discovery in 1977 of public-key cryptography and applications in computers and communications. This book gives a broad overview of public-key cryptography - its essence and advantages, various public-key cryptosystems, and protocols - as well as a comprehensive introduction to classical cryptography and cryptoanalysis. The second edition has been revised and enlarged especially in its treatment of cryptographic protocols. From a review of the first edition: "This is a comprehensive review ... there can be no doubt that this will be accepted as a standard text. At the same time, it is clearly and entertainingly written ... and can certainly stand alone." Alex M. Andrew, Kybernetes, March 1992

One-way functions are necessary and sufficient for secure signatures

Abstract: Much research in theoretical cryptography has been centered around finding the weakest possible cryptographic assumptions required to implement major primitives. Ever since Diffie and Hellman first suggested that modern cryptography be based on one-way functions (which are easy to compute, but hard to invert) and trapdoor functions (one-way functions which are, however, easy to invert given an associated secret), researchers have been busy trying to construct schemes that only require one of these general assumptions. For example, pseudorandom generators at first could only be constructed from a specific hard problem, such as discrete log IBM2]. Later it was shown how to construct pseudo-random generators given any one-way permutation [Y], and from other weak forms of one-way functions [Le, GKL]. Finally JILL] proved that the existence of any one-way function was a necessary and sufficient condition for the existence of pseudo-random generators. Similarly, the existence of trapdoor permutations can be shown to be necessary and sufficient for secure encryption schemes. However, progress on characterizing the requirements for secure digital signatures has been slower in coming. We will be interested in signature schemes which are secure agMnst existential forgery under adaptive chosen message attacks. This notion of security, as well as the first construction of digital signatures secure in this sense was provided by [GMR]. Their scheme was based on factoring, or more generally, the existence of clawfree pairs. More recently, signatures based on any trap*supported in p a r t b y a N a t i o n a l Science F o u n d a t i o n G r a d u a t e Fellowship, D A R P A c o n t r a c t N00014-80-C-0622, a n d Air Force G r a n t A F S O R - 8 6 - 0 0 7 8

The round complexity of secure protocols

Abstract: Assume we have a network of three or more players, each player in possession of some private input The players want to compute some function of these private inputs, but in a way which protects the privacy of each participant's contribution Not all of the players can be trusted to do as they are instructed The resources the players are given to accomplish their goal are communication--the ability to privately send messages to one another, or to broadcast messages to the community as a whole--and local computation Many insightful protocols have been proposed for solving this problem of multiparty secure function evaluation Building on Yao's protocol for the case of two players (Ya86), Goldreich, Micali and Wigderson (GMW87) offered the first general protocol for this problem, and they provided the paradigm on which a large body of successive work was based Despite enormous progress, research on secure function evaluation has suffered from some serious shortcomings First, though many protocols have been devised for solving the problem, what, exactly, these protocols accomplish has not been fully understood In fact, no rigorously specified and generally accepted definitions have been proposed in this field Second, protocols for multiparty secure function evaluation could be extremely inefficient, the main cause being that they required an unbounded (and usually large) number of communication rounds We address both of these points, carefully crafting definitions which satisfactorily deal with the myriad of issues lurking here, and offering a new protocol for multiparty secure function evaluation--one which categorically improves the complexity requirements for this task The new protocol completely divorces the computational complexity of the function being collaboratively computed from the round complexity of the protocol that evaluates it Using this approach, we show that a rigorously-specified and extremely strong notion of secure function evaluation can be achieved by a protocol which requires only a fixed constant number of rounds of interaction This result assumes only the existence of a one-way function and that the majority of the participants to the protocol behave correctly (Copies available exclusively from MIT Libraries, Rm 14-0551, Cambridge, MA 02139-4307 Ph 617-253-5668; Fax 617-253-1690)

Public/key date-time notary facility

Abstract: A time notarization apparatus and method is disclosed which uses a secure, microprocessor based hardware platform which performs public kay cryptographic operations to obtain trusted time stamping with a minimum of intervention by third parties. The hardware platform is encapsulated in a secure fashion so that the device's timestamping mechanism may not be readily tampered with or altered. The hardware platform includes at least one digital clock (4) and a stable, secure storage device (8) to record the private half of a public/private key pair. Coupled to both the digital clock (4) and the storage device (8) is a data processing device (6) which performs public key signature operations in a secure and tamper-proof manner. Only the processing device (6) has access to the secure storage device (8) and its associated private key. The hardware platform also includes input/output means which receives a digital message which is to be digitally signed and timestamped and which outputs the resulting timestamped signature generated by the device. The hadware platform also includes a power source (12), (e.g., an on-board battery) to ensure the accuracy of the device's digital clock (4) and the security of storage data prior to installation or in case of a power failure.

Exponentiation cryptosystems on the IBM PC

Abstract: Several cryptosystems based on exponentiation have been proposed in recent years. Some of these are of the public key variety and offer notable advantages in cryptographic key management, both for secret communication and for message authentication. The need for extensive arithmetic calculations with very large integers (hundreds of digits long) is a drawback of these systems. This paper describes a set of experimental programs that were developed to demonstrate that exponentiation cryptosystems can be efficiently implemented on the IBM Personal Computer (PC). The programs are organized into four layers, comprising procedures for: multiple precision integer arithmetic, modular exponentiation, prime number generation and testing, and cryptographic key generation. The major emphasis of the paper is on methods and techniques for improving execution speed. The items discussed include: the use of a specialized squaring procedure; a recursive splitting method to speed up squaring and multiplication; the computation of residues by using multiplication instead of division; the efficient encoding of residue information; and the use of thresholds to select the most effective primality testing algorithm for a given size number. Timing results are presented and discussed. Finally, the paper discusses the advantages of a mixed system that combines the superior key management capabilities inherent in public key cryptosystems with the much higher bulk-encryption speed obtainable with the Data Encryption Algorithm.

Secure circuit evaluation

Abstract: We present a simple protocol for two-playersecure circuit evaluation. The protocol enables players C and D to cooperate in the computation off(x) while D conceals her datax from C and C conceals his circuit forf from D. The protocol is based on the technique ofhiding information from an oracle [AFK].

The combinatorics of authentication and secrecy codes

Abstract: This paper is a study of the combinatorics of unconditionally secure secrecy and authentication codes, under the assumption that each encoding rule is to be used for the transmission of some numberL of successive messages. We obtain bounds on the number of encoding rules required in order to obtain maximum levels of security. Some constructions are also given for codes which have the minimum number of encoding rules. These constructions use various types of combinatorial designs.

Pipelined cryptography processor and method for its use in communication networks

Abstract: Cryptographic apparatus, and a related method for its operation, for in-line encryption and decryption of data packets transmitted in a communication network. A full-duplex cryptographic processor is positioned between two in-line processing entities of a network architecture. For example, in a fiber distributed data interface (FDDI) network, the processor is positioned between a media access control (MAC) sublayer and a ring memory controller (RMC). Incoming information packets are analyzed to decide whether or not they contain encrypted data and, if they do, are subject to decryption before forwarding. Outbound information packets have their data portions encrypted if called for, and are usually forwarded toward the network communication medium. Cryptographic processing in both directions is performed in real time as each packet is streamed through the processor. The processing of outbound information packets includes using optional data paths for looping of the processed information back in a reverse direction, to permit the host system to perform local encryption or decryption for various purposes.

A logic of communication in hostile environment

Abstract: The author adapts a knowledge-oriented model of distributed systems in order to analyze cryptographic protocols. This new model provides semantics for a logic of knowledge, time and communication. He expresses and proves with this logic security properties as secrecy and authentication. >

A Cartesian product construction for unconditionally secure authentication codes that permit arbitration

Abstract: An authentication code consists of a collection of encoding rules associating states of an information source with messages that are to be used to communicate the state to a designated receiver. In order for a collection of encoding rules to be useful as an authentication code there must also exist one or more probability distributions on the rules which, if used by the receiver and transmitter (the insiders) to choose secretly the encoding rule they use, will result in the receiver being able to (probably) detect fraudulent messages sent by an outsider or modifications by him of legitimate messages.

A new multiple key cipher and an improved voting scheme

Abstract: At Eurocrypt 88 [1] we introduced the notion of a multiple key cipher and illustrated it with an example based on RSA which we called “multiple key RSA”. In this paper we consider another multiple key cipher also based on a well known cryptographic function, exponentiation in a prime field. The important difference from multiple key RSA is that this function does not possess the trapdoor property. At the end of [1] we speculated that such functions may have useful applications and here we give as one illustration a new voting scheme.

Uniform interface for cryptographic services

Abstract: A security kernel of a secure processing system for providing security management, key management and kernel security functions. The secure processing system includes two parallel subsystems, a red subsystem and a black subsystem. The red subsystem may communicate only with the kernel since this system transfers plain text data. The black subsystem may communicate with the red subsystem and also other processing systems for the transmission of cypher text data. The security kernel is a single standard interface for tasks associated with the red and black subsystems for communicating in a secure manner with one another and with other processing systems. Various security services are provided to red and black subsystem applications by a single security kernel.

Practical authentication for distributed computing

Abstract: Issues related to authentication in a distributed computing environment are discussed. Authentication approaches used in Digital Equipment Corporation's Distributed System Security Architecture (DSSA) are described. Node, user, and process granularity authentication concerns are considered. Authentication is based on a global hierarchic naming structure and public-key cryptography. Directory-resident certificates associating entities with long-term keys are used in conjunction with dynamically signed certificates which represent transient bindings between entities. Distributed system elements can be mutually suspicious. At the node level, special topics considered include the relationship between authentication and secure loading and the relationship between authentication and rule-based policy support. At the user level, architecture requirements are identified and authentication protocol options based on smart cards and on user-entered passwords are described. >

An Application of Game-Theoretic Techniques to Cryptography.

Abstract: This paper provides an application of game theoretic techniques to the analysis of a class of multiparty cryptographic protocols for secret bit exchange.

A fast signature scheme based on congruential polynomial operations

Abstract: A novel digital signature scheme is proposed in which the computation time is much shorter than that of the Rivest-Shamir-Adelman (RSA) scheme, while the key length and signature length are comparable to those for the RSA scheme. Moreover, the proposed scheme can be implemented easily and is, therefore, more practical for many digital signature applications. The scheme is based on congruential polynomial operations whose degrees are more than three. The secret key consists of two large prime numbers, p and q, and the public key is their product, n=p/sup 2/q. The security of this scheme depends on the difficulty of factorizing the number n. Variations using the number of zeros succeeding the significant bit are also proposed. >

Number Theory and Cryptography

Abstract: List of contributors Introduction Part I. Number Theoretic Aspects of Cryptology: 1. Some mathematical aspects of recent advances in cryptology R. Lidl 2. Quadratic fields and cryptography J. Buchmann and H. C. Williams 3. Parallel algorithms for integer factorisation R. P. Brent 4. An open architecture number sieve A. J. Stephens and H. C. Williams 5. Algorithms for finite fields H. W. Lenstra, Jr. 6. Notes on continued fractions and recurrence sequences A. J. Van der Poorten Part II. Cryptographic Devices and Applications: 7. Security in telecommunication services over the next decade J. Snare 8. Linear feedback shift registers and stream ciphers E. Dawson 9. Applying randomness tests to commercial level block ciphers H. Gustaphson, E. Dawson and W. Caelli 10. Pseudo-random sequence generators using structures noise R. S. Safavi-Naini and J. R. Seberry 11. Privacy for MANCET M. Warner 12. Authentication B. Newman 13. Insecurity of the knapsack one-time pad R. T. Worley 14. The tactical frequency management problem: heuristic search and simulated annealing L. Peters 15. Reed-Solomon coding in the complex field M. Rudolph Part III. Diophantine Analysis: 16. Class number problems for real quadratic fields R. A. Mollin and H. C. Williams 17. Number theoretic problems involving two independent bases T. Kamae 18. A class of normal numbers II. Y. -N. Nakai and I. Shiokawa 19. Notes on uniform distribution G. Myerson and A. Pollington 20. Thue equations and multiplicative independence B. Brizinda 21. A number theoretic crank associated with open bosonic strings F. G. Garvan 22. Universal families of abelian varieties A. Silverberg.

CHAPTER 13 – Cryptography

Abstract: Publisher Summary This chapter discusses the theory of cryptography. Cryptography is about communication in the presence of adversaries. Cryptology provides methods that enable a communicating party to develop trust that his communications have the desired properties, despite of the best efforts of an untrusted party. The desired properties might include: (1) privacy: an adversary learns nothing useful about the message sent; (2) authentication: the recipient of a message can convince himself that the message as received originated with the alleged sender; (3) signatures: the recipient of a message can convince a third party that the message as received originated with the alleged signer; (4) minimality: nothing is communicated to other parties except that which is specifically desired to be communicated; (5) simultaneous exchange: something of value is not released until something else of value is received; and (6) coordination: in a multi-party communication, the parties are able to coordinate their activities toward a common goal even in the presence of adversaries.

Hardware speedups in long integer multiplication

Abstract: We present various experiments in Hardware/Software design tradeoffs met in speeding up long integer multiplications. This work spans over a year, with more than 12 different hardware designs tested and measured.To implement these designs, we rely on our PAM (for Programmable Active Memory, see [BRV]) technology which provides us with a 50 millisecond turn-around time silicon foundry for implementing up to 50K gate logic designs fully equipped with fast local RAM and host bus interface.First, we demonstrate how a simple hardware 512 bits integer multiplier coupled with a low end workstation host yields performance on long arithmetic superior to that of the fastest computers for which we could obtain actual benchmark figures.Second, we specialize this hardware in order to speed-up one specific application of long integer arithmetic, namely Rivest-Shamir-Adleman public-key cryptography [RSA]. We demonstrate how a single host driving 3 differently configured PAM boards delivers RSA encryption and decryption faster than 200Kbits/sec for 512 bits keys. This beats the best currently working VLSI specially built for RSA by one order of magnitude.

How to keep authenticity alive in a computer network

Abstract: In this paper we present a cryptographic scheme that allows to ensure the ongoing authenticity and security of connections in a computer network. This is achieved by combining a zero-knowledge authentication and a public key exchange protocol. It is noteworthy that due to the combination both protocols gain additional security against attacks that would otherwise be successful. The scheme is applicable to both local area networks and internetworks.

Correction to Secure communication in INTERNET environments : a hierarchical key management scheme for end-to-end encryption

Abstract: A hierarchical approach for key management is presented which utilizes the existing network specific protocols at the lower levels and protocols between authentication servers and/or control centers of different networks at the higher levels. Details of this approach are discussed for specific illustrative scenarios to demonstrate the implementation simplicity. A formal verification of the security of the resulting system in the sense of protecting the privacy of privileged information is also conducted by an axiomatic procedure utilizing certain combinatory logic principles. This approach is general and can be used for verifying the security of other existing key management schemes. >

Novel applications of cryptography in digital communications

Abstract: A tutorial on digital signatures is presented, covering the basic concepts of public-key cryptography and digital signatures based on public-key techniques. Applications are discussed, including key management for conventional encryption equipment, electronic mail and data interchange, access control and audit trails, software verification and virus detection, counterfeit-proof currency, nuclear test ban treaty detectors, and challenge response systems such as in aircraft identification of friend or foe. >

Design and implementation of an authentication system in WIDE Internet environment

Abstract: The authors discuss the design and implementation of the authentication system called SPLICE/AS in the WIDE (widely integrated distributed environment) Internet environment. SPLICE/AS is designed based on the public-key encryption, and the authentication scheme originally proposed by R.M. Needham and M.O. Schroeder (1978). In order to manage a large-scale network like WIDE Internet, the hierarchical domain-based management scheme is introduced. Currently, the prototype of SPLICE/AS is working on the 4.3 Berkeley UNIX system. To improve the reliability and robustness of SPLICE/AS, the authors are modifying SPLICE/AS and developing a new protocol for database propagation which is discussed. >

How to Utilize the Randomness of Zero-Knowledge Proofs

Abstract: In zero-knowledge interactive proofs, a lot of randomized information is exchanged between the prover and the verifier, and the randomness of the prover is used in satisfying the zero-knowledge condition. In this paper, we show a new methodology that utilizes the randomness of the prover in a zero-knowledge proof for some positive objectives as well as for zero-knowledge condition. Based on this idea, we propose two types of applications; key distribution, and digital signature. We propose identity-based key distribution schemes that are provably secure against strong active attacks (chosen-message-known-key active attacks) assuming the difficulty of factoring a composite number. In addition, we show that nontransitive digital signature schemes can be constructed if and only if a one-way function exists. We also show some practical non-transitive digital signature schemes. A new general method of constructing identity-based cryptographic schemes is presented as an application of the identity-based non-transitive digital signature schemes. We also propose a new digital signature scheme based on the (extended) Fiat-Shamir identification scheme.

Verifiable-text attacks in cryptographic protocols

Abstract: The author introduces a form of attack, a verifiable-test attack, in which an attacker obtains secret information, such as a password used in a protocol, without breaking the underlying cryptosystem. An investigation is made of the essence of a verifiable-text attack, and an algorithm for examining protocols and searching for vulnerabilities to such an attack is developed. Caution has to be exercised in certifying that a protocol is not vulnerable because a healthy protocol may become vulnerable when it interacts with another vulnerable or even healthy protocol. >

Information rate of McEliece's public-key cryptosystem

Abstract: We encode messages into the error vectors in McElieces's public-key cryptosystem so that its information rate can be significantly increased, and yet do not reduce its security.

Factorisation attack on certain server-aided computation protocols for the RSA secret transformation

Abstract: A factorisation attack on a server-aided secret computation protocol for the RSA secret transformation named RSA-S2 is presented. Countermeasures are also proposed. As a result, it is shown that checking the computational result is essential to counteract such active attacks.

Topics in Algebraic Coding Theory

Abstract: This article surveys some selected topics in algebraic coding theory and their links to geometry and cryptography.

A Comparison of Practical Public Key Cryptosystems Based on Integer Factorization and Discrete Logarithms

Abstract: Since its inception in the mid 1970’s, public-key cryptography has flourished as a research activity, and significant theoretical advances have been made. In more recent years, many public-key concepts have gained acceptance in the commercial world. Without question, the best-known public-key cryptosystem is the RSA system of Rivest, Shamir and Adleman [28]. Although not as well-known, another public-key cryptosystem of practical interest is that due to ElGamal [11]. The latter system and its variations use a basic extension of Diffie-Hellman key exchange [9] for encryption, together with an accompanying signature scheme. Elliptic curve cryptosystems, introduced by Miller [24] and Koblitz [12], have also recently received much attention as cryptographic alternatives.