Unable to retrieve citations for this document
Retrieving citations for document...
Open Access
March 29, 2007
Abstract
We estimate character sums over points on elliptic curves over a finite field of q elements. Pseudorandom sequences can be constructed by taking linear combinations with small coefficients (for example, from the set {−1, 0, 1}) of a fixed vector of points, which forms the seed of the generator. We consider several particular cases of this general approach which are of special practical interest and have occurred in the literature. For each of them we show that the resulting sequence has good uniformity of distribution properties.
Unable to retrieve citations for this document
Retrieving citations for document...
Abstract
In this paper we present a combinatorial analysis of generalised cumulative arrays. These are structures that are associated with a monotone collections of subsets of a base set and have properties that find application in areas of information security. We propose a number of basic measures of efficiency of a generalised cumulative array and then study fundamental bounds on their parameters. We then look at a number of construction techniques and show that the problem of finding good generalised cumulative arrays is closely related to the problem of finding boolean expressions with special properties.
Unable to retrieve citations for this document
Retrieving citations for document...
Abstract
In this paper, we investigate query processes and reconstruction functions for unconditionally secure 2-server 1-round binary private information retrieval (PIR) schemes. We begin by formulating a simplified model for PIR schemes which is equivalent to the usual model. We show that a query is equivalent to a boolean function of two variables, and we give a precise characterization of the boolean functions that can be used as "query pairs" to the two servers. We also consider several notions of "privacy" and we make a few remarks about the communication complexity of PIR schemes.
Unable to retrieve citations for this document
Retrieving citations for document...
Abstract
The HMQV protocols are 'hashed variants' of the MQV key agreement protocols. They were introduced at CRYPTO 2005 by Krawczyk, who claimed that the HMQV protocols have very significant advantages over their MQV counterparts: (i) security proofs under reasonable assumptions in the (extended) Canetti-Krawczyk model for key exchange; and (ii) superior performance in some situations. In this paper we demonstrate that the HMQV protocols are insecure by presenting realistic attacks in the Canetti-Krawczyk model that recover a victim's static private key. We propose HMQV-1, patched versions of the HMQV protocols that resists our attacks (but do not have any performance advantages over MQV). We also identify some fallacies in the security proofs for HMQV, critique the security model, and raise some questions about the assurances that proofs in this model can provide.
Unable to retrieve citations for this document
Retrieving citations for document...
Abstract
Boolean functions which satisfy the Strict Avalanche Criterion ( SAC ) play an important role in the art of information security. In this paper, we extend the concept of SAC to finite fields GF(p) . A necessary and sufficient condition is given by using spectral analysis. Also, based on an interesting permutation polynomial theorem, we prove various facts about ( n – 1)-th order SAC functions on GF(p) . We also construct many such functions.
Unable to retrieve citations for this document
Retrieving citations for document...
Abstract
We propose a new cryptanalytic application of a number theoretic tool Weil sum to birthday attack against multivariate quadratic trapdoor function. This new customization of birthday attack is developed by evaluating the explicit Weil sum of the underlying univariate polynomial and the exact number of solutions of the associated bivariate equation. We designed and implemented a new algorithm for computing Weil sum values so that we could explicitly identify some class of weak Dembowski-Ostrom polynomials and their equivalent forms in multivariate quadratic trapdoor function. Our customized attack can be also regarded as an equation solving algorithm for the system of some special quadratic equations over finite fields, and it is fundamentally different from the Gröbner basis methods. Both theoretical observation and experiment show that the required computational complexity of the attack on these weak polynomial instances can be asymptotically less than the square root complexity of the common birthday attack by factor of as large as 2 n /8 in terms of the extension degree n of . We also suggest a few open problems that any MQ-based short signature scheme must explicitly take into account for the basic design principles.