Showing papers on "Financial cryptography published in 2003"
30 Nov 2003
TL;DR: In this article, the concept of certificateless public key cryptography (CL-PKC) was introduced and made concrete, which does not require certificates to guarantee the authenticity of public keys.
Abstract: This paper introduces and makes concrete the concept of certificateless public key cryptography (CL-PKC), a model for the use of public key cryptography which avoids the inherent escrow of identity-based cryptography and yet which does not require certificates to guarantee the authenticity of public keys The lack of certificates and the presence of an adversary who has access to a master key necessitates the careful development of a new security model We focus on certificateless public key encryption (CL-PKE), showing that a concrete pairing-based CL-PKE scheme is secure provided that an underlying problem closely related to the Bilinear Diffie-Hellman Problem is hard
1,671 citations
Journal Article•
TL;DR: In this article, the concept of certificateless public key cryptography (CL-PKC) was introduced and made concrete, which does not require certificates to guarantee the authenticity of public keys.
Abstract: This paper introduces and makes concrete the concept of certificateless public key cryptography (CL-PKC), a model for the use of public key cryptography which avoids the inherent escrow of identity-based cryptography and yet which does not require certificates to guarantee the authenticity of public keys. The lack of certificates and the presence of an adversary who has access to a master key necessitates the careful development of a new security model. We focus on certificateless public key encryption (CL-PKE), showing that a concrete pairing-based CL-PKE scheme is secure provided that an underlying problem closely related to the Bilinear Diffie-Hellman Problem is hard.
1,568 citations
Book•
25 Jul 2003
TL;DR: This book explains why "textbook crypto" is only good in an ideal world where data are random and bad guys behave nicely, and reveals the general unfitness of "textbooks crypto" for the real world by demonstrating numerous attacks on such schemes, protocols and systems under various real-world application scenarios.
Abstract: Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicelyIt reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal-world application scenarios This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (ie, fit-for-application) security properties, oftenwith security evidence formally established The book also includes self-containedtheoretical background material that is the foundation for modern cryptography
624 citations
TL;DR: Scott Vanstone, from Certicom, polemicizes for elliptic curve cryptography, advancing his company's view that ECC is the next generation of public-key cryptography for wireless.
89 citations
TL;DR: This work aims to identify the distinguishing features of each approach to identity-based public key cryptography and highlights the important questions to be asked when weighing up the benefits and drawbacks of the two technologies.
65 citations
TL;DR: An extensive treatment of secure cryptographic protocols both when executed in a stand-alone manner and when many sessions of various protocols are concurrently executed and controlled by an adversary.
Abstract: We survey the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. We start by presenting some of the central tools (e.g., computational difficulty, pseudorandomness, and zero-knowledge proofs), and next turn to the treatment of encryption and signature schemes. We conclude with an extensive treatment of secure cryptographic protocols both when executed in a stand-alone manner and when many sessions of various protocols are concurrently executed and controlled by an adversary.The survey is intended for researchers in distributed computing, and assumes no prior familiarity with cryptography.
61 citations
13 Oct 2003
TL;DR: A new, formal methods-based approach to the specification and implementation of cryptography is introduced, a number of scenarios of use, an overview of the language, and part of a specification of the advanced encryption standard are presented.
Abstract: As cryptography becomes more vital to the infrastructure of computing systems, it becomes increasingly vital to be able to rapidly and correctly produce new implementations of cryptographic algorithms. To address these challenges, we introduce a new, formal methods-based approach to the specification and implementation of cryptography, present a number of scenarios of use, an overview of the language, and present part of a specification of the advanced encryption standard.
51 citations
01 Jan 2003
TL;DR: It is proved that the CL-PKE scheme is secure in a fully adaptive adversarial model, provided that the underlying problem closely related to the Bilinear Di‐e-Hellman Problem is hard.
Abstract: Thispaperintroducestheconceptof certiflcateless public key cryptography(CL-PKC). Incontrasttotraditionalpublickeycryptographicsystems,CL-PKCdoesnotrequirethe use of certiflcates to guarantee the authenticity of public keys. It does rely on the use of a trusted third party (TTP) who is in possession of a master key. In these respects, CL-PKC is similar to identity-based public key cryptography (ID-PKC). On the other hand,CL-PKCdoesnotsufierfromthekeyescrowpropertythatseemstobeinherentin ID-PKC. Thus CL-PKC can be seen as a model for the use of public key cryptography that is intermediate between traditional certiflcated PKC and ID-PKC. We make concrete the concept of CL-PKC by introducing certiflcateless public key encryption (CL-PKE), signature and key exchange schemes. We also demonstrate how hierarchical CL-PKC can be supported. The schemes are all derived from pairings on elliptic curves. The lack of certiflcates and the desire to prove the schemes secure in the presenceofanadversarywhohasaccesstothemasterkeyrequiresthecarefuldevelopment of new security models. For reasons of brevity, the focus in this paper is on the security of CL-PKE. We prove that our CL-PKE scheme is secure in a fully adaptive adversarial model,providedthatanunderlyingproblemcloselyrelatedtotheBilinearDi‐e-Hellman Problem is hard.
35 citations
27 Jan 2003
TL;DR: It is argued that this operation can be performed in such an efficient way that it could allow for signing with a memory card, rather than a smart card, and is suggested to replace modular reduction by another novel operation, which is called dovetailing.
Abstract: At Financial Cryptography 02, Okamoto, Tada, and Miyagi [8] proposed a new fast signature scheme of the Schorr/DSS family, without on line multiplication. Following earlier proposals [5, 10, 11], a part of the data, independent of the message to sign, is generated at a preprocessing stage, while the computing effort needed to complete the signature “on the fly”, is dramatically reduced. Whereas the so-called GPS scheme from [5, 10] and its variant from [11] avoid modular operations by computing over the integers, thus reducing the workload to one (regular) multiplication, the new scheme simply gives up multiplication at the cost of bringing back a single modular reduction with respect to a 160 bit integer. Thus, the scheme could appear as achieving better performances. Unfortunately, due to a concealed design weakness, the scheme in [8] is insecure with the proposed parameters. The present paper shows a devastating attack against the scheme, forging a signature in ≃ 225 operations. The scheme can be rescued in a rather straightforward way by significantly raising the parameters, but this degrades its performances which do not compare anymore favorably to [10]. In place, we suggest to replace modular reduction by another novel operation, which we call dovetailing. We argue that this operation can be performed in such an efficient way that it could allow for signing with a memory card, rather than a smart card. This equally applies to GPS but the new scheme is better than GPS in terms of signature size.
14 citations
08 Dec 2003
TL;DR: The author identifies what the author believes to be important themes and pieces of work and explain why they matter and the principal aim is to interest the us in the subject.
Abstract: Cryptography is an indispensable component of much modern-day system security. It has also been an attractive application domain for researchers in non-standard computation. In this paper, the author identifies what the author believes to be important themes and pieces of work and explain why they matter. The author does not provide a full survey, the principal aim is to interest the us in the subject.
Book•
02 Jun 2003
TL;DR: A practical guide to Cryptography and its use in the Internet and other communication networks that takes the reader through basic issues and on to more advanced concepts, to cover all levels of interest.
Abstract: From the Publisher:
A practical guide to Cryptography and its use in the Internet and other communication networks.
This overview takes the reader through basic issues and on to more advanced concepts, to cover all levels of interest. Coverage includes all key mathematical concepts, standardisation, authentication, elliptic curve cryptography, and algorithm modes and protocols (including SSL, TLS, IPSec, SMIME, & PGP protocols).
Details what the risks on the internet are and how cryptography can helpIncludes a chapter on interception which is unique amongst competing books in this fieldExplains Public Key Infrastructures (PKIs) - currently the most important issue when using cryptography in a large organisationIncludes up-to-date referencing of people, organisations, books and Web sites and the latest information about recent acts and standards affecting encryption practiceTackles the practical issues such as the difference between SSL and IPSec, which companies are active on the market and where to get further information
27 Jan 2003
TL;DR: This is a summary of a panel on Trusted Computing Platform Architectures that was held in Financial Cryptography 2003.
Abstract: This is a summary of a panel on Trusted Computing Platform Architectures that was held in Financial Cryptography 2003.
01 Jan 2003
TL;DR: A survey of the main methods used in attacks against the RSA cryptosystem, which describes the main factoring methods, attacks on the underlying mathematical function, as well as attacks that exploit details in implementations of th e algori thm.
Abstract: 1 Abstract The RSA is the most widely deployed public-key cryptosystem and is used for both encryption and digital signature. It is commonly used in securing ecommerce and e-mail, implementing virtual private networks and providing authenticity of electronic documents. It is implemented in most Web servers and browsers, and present in most commercially available security products. In fact, the ubiquity of RSA has placed it at the heart of modern information security. It would not be an overstatement to say that Internet security relies heavily on the security properties of the RSA cryptosystem. Since its invention in 1977, the RSA cryptosystem has been extensively analyzed for vulnerabilities. While no devastating attack has ever been found, years of cryptanalysis of RSA have given us a broad insight into its properties and provided us with valuable guidelines for proper use and implementation. In this paper we give a survey of the main methods used in attacks against the RSA cryptosystem. We describe the main factoring methods, attacks on the underlying mathematical function, as well as attacks that exploit details in implementations of th e algori thm. While many attacks exist, the system has proven to be very secure, and most problems arise as a result of misuse of the system, bad choice of parameters or flaws in implementations. To conclude, we list a couple of countermeasures that can be used to prevent many of the attacks described. 2 Overview of Public-Key Cryptography Cryptography can be defined as the study of mathematical techniques related to the security of transmission and storage of information. Cryptography is an important tool in today's information security, and although it has been historically linked to confidentiality, modern cryptography addresses also the issues of integrity, authentication and non-repudiation. Basically, there are two types of cryptography: symmetric-key cryptography and public-key cryptography. Symm etric-key (or secret-key) cryptography can be seen as an outgrowth of classical cryptography. If users want to s ecurely communicate with each other, they must share a key, which is used to both encrypt and decrypt messages 1 . The security of a symmetric-key scheme should rely on the secrecy of the key, as well as in the “infeasibility” of decryption without knowledge of the same. Examples of symm etric-key encryption algorithms are DES, RC4, Blowfish and AES.
01 Sep 2003
TL;DR: This paper proposes methods to construct metering schemes from threshold non-interactive signature schemes and shows that threshold deterministic signature schemes can be used to design distributed key distribution schemes.
Abstract: In a threshold signature scheme, a group of players shares some secret information in such a way that only those subsets with a minimum number of players can compute a valid signature. In this paper we propose methods to construct some computationally secure distributed protocols from threshold signature schemes. Namely, we construct metering schemes from threshold non-interactive signature schemes. We also show that threshold deterministic signature schemes can be used to design distributed key distribution schemes. Furthermore, the constructed protocols attain some desirable properties and have useful applications on the Internet.
01 Jan 2003
TL;DR: In the modern distributed communications environments exemplified by the Internet, public-key-based protocols have become far more important than protocols based on symmetric cryptography.
Abstract: It is generally regarded that there are two main potential advantages of public key techniques over symmetric cryptography. The first is that public key systems allow the straightforward definition of digital signatures, thereby enabling the service of non-repudiation which is so useful in commercial applications. The second is the simplification of key management, because there is no requirement for the on-line third party that is part of typical protocols based on symmetric cryptography. The first of these advantages is not really our concern in this book since non-repudiation is of limited value in authentication and key establishment. However, the second advantage has led to a great variety of new key establishment protocols since the invention of public key cryptography. In the modern distributed communications environments exemplified by the Internet, public-key-based protocols have become far more important than protocols based on symmetric cryptography.
01 Jan 2003
TL;DR: A watermarking scheme using symmetric and asymmetric cryptography, which provides four essential features, confidentiality, authentication, integrity, and nonrepudiation, which are necessary for secure electronic commerce.
Abstract: We present a watermarking scheme using symmetric and asymmetric cryptography. The scheme provides four essential features, confidentiality, authentication, integrity, and nonrepudiation, which are necessary for secure electronic commerce. To achieve this, the proposed idea consists two fold: one using traditional cryptography and the other using digital watermark that inserts the digital signature into the multimedia data. The advantage of this scheme is that the transmitted data including the encrypted digital data and the digital signature are contained in the same file. Simulation results show that if even a single bit has been changed, or wrong key is used, the received data are regarded as violation of four essential features.
01 Jan 2003
TL;DR: A reduction-based security proof shows that DHAES achieves security against (adaptive) chosen-ciphertext attacks if these underlying primitives are secure; it is shown that the mix construction achieves provable security.
Abstract: Part I: Theory Provable security is an important goal in the design of public-key cryptosystems. For most security properties, it is computational security that has to be considered: an attack scenario describes how adversaries interact with the cryptosystem, trying to attack it; the system can be called secure if adversaries with reasonably bounded computational means have negligible prospects of success. The lack of computational problems that are guaranteed to be hard in an appropriate sense means that there is little hope for absolute proofs of computational security. Instead, reduction-based security proofs have to be used: the computational security of a complex cryptographic scheme is related to the security of simpler underlying cryptographic primitives (under appropriate notions of security). The idea is to show that if the complex scheme is not secure, then this is because one of the primitives is not secure. Security can be described quantitatively as " concrete security " , measured depending on the power given to adversaries. The DHAES construction (due to Abdalla, Bellare, and Rogaway) allows building a public-key encryption scheme from a key encapsulation mechanism (KEM), a one-time message authentication code (one-time MAC), and a pseudo-random bit string generator. A reduction-based security proof shows that DHAES achieves security against (adaptive) chosen-ciphertext attacks if these underlying primitives are secure. (Such chosen-ciphertext attacks are the most general attack scenario for public-key encryption.) A specific application for public-key cryptography is considered, namely Chaum's mix chain concept for untraceable electronic mail via cryptographic remailers: to obtain anonymity without requiring trust in a single authority, messages are recursively public-key encrypted to multiple intermediates (mixes), each of which forwards the message after removing one layer of encryption. To conceal as much information as possible when using variable (source routed) chains, all messages passed to mixes should be of the same length; thus, message length should not decrease when a mix transforms an input message into the corresponding output message directed at the next mix in the chain. Chaum described an implementation for such length-preserving mixes, but it is not secure against active attacks. This thesis presents a new construction for practical length-preserving mixes, which uses the cryptographic prim-itives described for DHAES. The conventional definition of security against chosen ciphertext attacks for public-key encryption schemes is not applicable to length-preserving mixes, so appropriate security definitions are introduced; it is shown that the mix construction achieves provable security. Most instantiations of public-key …
Journal Article•
TL;DR: I started as a mathematician working on the design and assessment of cryptographic algorithms for the UK Government at a time when cryptography was a Government monopoly, culminating as Director of CESG from 1999 to 2002.
01 Jan 2003
TL;DR: The problem of key distribution has been mentioned many times in this book and has since become the foundation upon which much of modern cryptography is based.
Abstract: The problem of key distribution has been mentioned many times in this book For many years it was strongly believed that this problem has no satisfactory solution, but in the 1970s, an ideal, simple solution was found and has since become the foundation upon which much of modern cryptography is based