Showing papers on "Key size published in 1998"

A Simplified Approach to Threshold and Proactive RSA

Abstract: We present a solution to both the robust threshold RSA and proactive RSA problems. Our solutions are conceptually simple, and allow for an easy design of the system. The signing key, in our solution, is shared at all times in additive form, which allows for simple signing and for a particularly efficient and straightforward refreshing process for proactivization. The key size is (up to a very small constant) the size of the RSA modulus, and the protocol runs in constant time, even when faults occur, unlike previous protocols where either the size of the key has a linear blow-up (at best) in the number of players or the run time of the protocol is linear in the number of faults. The protocol is optimal in its resilience as it can tolerate a minority of faulty players. Furthermore, unlike previous solutions, the existence and availability of the key throughout the lifetime of the system, is guaranteed without probability of error.

A simplified approach to threshold and proactive RSA

Abstract: We present a solution to both the robust threshold RSA and proactive RSA problems. Our solutions are conceptually simple, and allow for an easy design of the system. The signing key, in our solution, is shared at all times in additive form, which allows for simple signing and for a particularly efficient and straightforward refreshing process for proactivization. The key size is (up to a very small constant) the size of the RSA modulus, and the protocol runs in constant time, even when faults occur, unlike previous protocols where either the size of the key has a linear blow-up (at best) in the number of players or the run time of the protocol is linear in the number of faults. The protocol is optimal in its resilience as it can tolerate a minority of faulty players. Furthermore, unlike previous solutions, the existence and availability of the key throughout the lifetime of the system, is guaranteed without probability of error. These results are derived from a new general technique for transforming distributed computations for which there is a known n-out-n solution into threshold and robust computations.

Cryptographic method and apparatus for data communication and storage

Abstract: The disclosed invention is a new cryptographic method which is fast and ideally suited for secure, high volume data communication and storage. The data is encrypted at the source using a private key and then transmitted to a destination over a secure or insecure channel. The destination can either be a local storage device or a non-local station. At the destination the data is decrypted using the same private key. The disclosed invention is a new method and apparatus for data encryption. The mathematical robustness and simplicity of this method brings a great improvement in security and speed as compared to previous block ciphers. The data block length or the key length can also be changed very easily and such changes do not require any significant redesigns in the components of the cipher. This is a significant advantage over previous block ciphers, where extensive modifications are needed if the key or the data block length is to be altered, if this is even feasible.

The security of individual RSA bits

Abstract: We study the security of individual bits in an RSA encrypted message E/sub N/(X). We show that given E/sub N/(X), predicting any single bit in x with only a non-negligible advantage over the trivial guessing strategy is (through a polynomial time reduction) as hard as breaking RSA. We briefly discuss a related result for bit security of the discrete logarithm.

Systems, methods and computer program products for reducing effective key length of ciphers using one-way cryptographic functions and an initial key

Abstract: Systems, methods and computer program products reduce effective key length of a symmetric key cipher by deriving an intermediate value from an initial key, using a one-way cryptographic function. Predetermined bit locations of the intermediate value are selected to obtain an intermediate key. An intermediate shortened key is derived from the intermediate key by setting predetermined bit locations of the intermediate key to predetermined values. A diffused intermediate shortened key is derived from the intermediate shortened key using the one-way cryptographic function. Predetermined bit locations of the diffused intermediate shortened key are then selected to obtain a shortened key. In first embodiments, the one-way cryptographic function is a one-way hash function. Second embodiments use the symmetric key cipher itself to perform the one-way cryptographic function.

An Attack on RSA Given a Small Fraction of the Private Key Bits

Abstract: We show that for low public exponent rsa, given a quarter of the bits of the private key an adversary can recover the entire private key. Similar results (though not as strong) are obtained for larger values of e. For instance, when e is a prime in the range [N1/4, N1/2], half the bits of the private key suffice to reconstruct the entire private key. Our results point out the danger of partial key exposure in the rsa public key system.

Generalised inverses in public key cryptosystem design

Abstract: The theory of generalised inverses of matrices over finite fields is highlighted as a potential tool in cryptographic research, by proposing a public key cryptosystem. Properties of the public key cryptosystem are analysed and compared with those of a previous public key cryptosystem. The idea is similar to the previous cryptosystem in terms of the usage of an error correction process. However, by using the techniques of generalised matrices, the Hamming weight of the error pattern in the cryptosystem is far larger than the error correction capability of the employed error-correcting code. This is the main reason that the key size is smaller than that of the previous public key cryptosystem with the same level of security. It is also anticipated that the theory of generalised inverses can be used for a wide variety of cryptographic applications.

Reusable cryptographic VLSI core based on the SAFER K-128 algorithm with 251.8 Mbit/s throughput

Abstract: A VLSI implementation of the symmetric block cipher SAFER K-128 (Secure And Fast Encryption Routine with a Key length of 128 bits) is presented. Possibilities for optimization of the VLSI architecture are explained. The optimizations are based on algorithm-specific properties and lead to considerable hardware reduction. The result is a reusable cryptographic VLSI core that allows a data throughput of 251.8 Mbit/s at a clock frequency of 40 MHz in a 0.7 /spl mu/m CMOS process. Therefore, the circuit is usable in integrated systems for high-speed data encryption.

Multiround Unconditionally Secure Authentication

Abstract: Authentication codes are used to protect communication against a malicious adversary In this paper we investigate unconditionally secure multiround authentication schemes In a multiround scheme a message is authenticated by passing back and forth several codewords between the sender and receiver We define a multiround authentication model and show how to calculate the probability of a successful attack for this model We prove the security for a 3-round scheme and give a construction for the 3-round scheme based on Reed-Solomom codes This construction has a very small key size for even extremely large messages Furthermore, a secure scheme for an arbitrary number of rounds is given We give a new upper bound for the keys size of an n-round scheme

Free key layout setting device

Abstract: PROBLEM TO BE SOLVED: To easily change the number of keys, a key size and a key shape, etc., in the setting of a free key layout and to perform coping according to circumstances. SOLUTION: In this free key layout setting device of a data input equipment for registering an item corresponding to the key by displaying the plural keys on a display screen 6 for which a touch panel 4 is provided on a front surface and operating an optional key, at the time of a setting mode for setting the key at an optional position, a CPU 1 reads the key size selected by a key size selection means displayed on the display screen of a display part 6 from a key size table for registering the key size stored in a ROM 2 and displays the key on the display screen by the read key size.

Investigation of the efficiency of the elliptic curve cryptosystem for multi-applications smart card

Abstract: For the development of the multi-application smart card, the memory capacity of the chip is not big enough to store the larger and complex programs needed for the multi-applications operating system and the protocol codes of the cryptography algorithm of large integers. The elliptic curve cryptosystem (ECC) potentially provides equivalent security to existing public key schemes but with much shorter key lengths. This paper considers the efficiency of the ECC in the design of multi-application smart cards and describes the problems of the smaller memory met in public key cryptosystems for multi-application smart card. The ElGamal and ECC algorithms are compared, where the modeling of the cryptosystem clearly shows the source of the efficiency of the ECC algorithm as a basis for achieving the required processing efficiency for future applications.

Feature: The elliptic curve cryptosystem: A synopsis

Abstract: There are three types of public key cryptographic systems that are currently considered both secure and efficient. These cryptographic systems, classified according to the mathematical problems upon which they are based, are: the Integer Factorization Systems (of which the RSA algorithm is the most well known example), the Discrete Logarithm Systems (such as the US Government's Digital Signature Algorithm), and the Elliptic Curve Cryptosystem (ECC). Although much has been written about the RSA algorithm and the Digital Signature Algorithm (DSA), little about the ECC appears in the literature written for information systems security practitioners. This is perhaps because the ECC, since its introduction in 1985, has been a subject of interest to more mathematicians than security professionals.

Modified finite Automata Public Key Cryptosystem

Abstract: Finite Automata Public Key Cryptosystem (FAPKC) appeared about 10 years ago in Chinese literature. FAPKC possesses many advantageous features: it is a stream-cipher capable of high-speed operation and it has a relatively small key size. Recently, FAPKC was broken in a way that the decryption automata can be derived directly from the encryption automaton [2]. However, the break is due to an oversight of the FAPKC designers. It does not reveal any weakness in its fundamental design principle. In this paper, we describe a modified FAPKC which retains all the desirable features of the original version. However, in order to resist a similar attack as that of [2], we require that the underlying automata used in the modified FAPKC satisfy certain conditions. We describe the attack and show how the automata satisfying these conditions can be constructed easily. We also show that the modified FAPKC is secure against several other known attacks.

Public key cryptography : First International Workshop on Practice and Theory in Public Key Cryptography, PKC '98, Pacifico Yokohama, Japan, February 5-6, 1998 : proceedings

Abstract: Distributed public key cryptosystems.- How (not) to design RSA signature schemes.- Overview of elliptic curve cryptography.- Lattices and cryptography: An overview.- A signcryption scheme with signature directly verifiable by public key.- Guaranteed correct sharing of integer factorization with off-line shareholders.- Lower bounds on term-based divisible cash systems.- Certifying trust.- On the security of server-aided RSA protocols.- On the security of ElGamal based encryption.- An authenticated Diffie-Hellman key agreement protocol secure against active attacks.- On the security of Girault's identification scheme.- A scheme for obtaining a message from the digital multisignature.- Secure hyperelliptic cryptosystems and their performance.- A practical implementation of elliptic curve cryptosystems over GF(p) on a 16-bit microcomputer.- Two efficient algorithms for arithmetic of elliptic curves using Frobenius map.- Public-key cryptosystems using the modular group.- A cellular automaton based fast one-way hash function suitable for hardware implementation.- A new hash function based on MDx-family and its application to MAC.- Security issues for contactless smart cards.- Parameters for secure elliptic curve cryptosystem -improvements on Schoof s algorithm.- A note on the complexity of breaking Okamoto-Tanaka ID-based key exchange scheme.

The application of ID-based key distribution systems to an elliptic curve

Abstract: A key distribution system is a system in which users securely generate a common key. One kind of identity-based key distribution system was proposed by E. Okamoto[1]. Its security depends on the difficulty of factoring a composite number of two large primes like RSA public-key cryptosystem. Another kind of identity-based key distribution system was proposed by K. Nyberg, R.A. Rueppel[7]. Its security depends on the difficulty of the discrete logarithm problem. On the other hand, Koblitz and Miller described how a group of points on an elliptic curve over a finite field can be used to construct a public key cryptosystem. In 1997, we proposed an ID-based key distribution system over an elliptic curve[14], as well as over a ring Z/nZ. Its security depends on the difficulty of factoring a composite number of two large primes. We showed that the system is more suitable for the implementation on an elliptic curve than on a ring Z/nZ[14]. In this paper, we apply the Nyberg-Rueppel ID-based key distribution system[7] to an elliptic curve. It provides relatively small block size and high security. This public key scheme can be efficiently implemented. However the scheme[7] requires relatively large data transmission. As a solution to this problem, we improve the scheme. The improved scheme is very efficient since the data transferred for generation of a common key is reduced to half of the previous one.