37 resultados para RSA reticoli Coppersmith
Resumo:
We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model. Our construction works in groups equipped with an efficient bilinear map, or, more generally, an algorithm for the Decision Diffie-Hellman problem. The security of our scheme depends on a new intractability assumption we call Strong Diffie-Hellman (SDH), by analogy to the Strong RSA assumption with which it shares many properties. Signature generation in our system is fast and the resulting signatures are as short as DSA signatures for comparable security. We give a tight reduction proving that our scheme is secure in any group in which the SDH assumption holds, without relying on the random oracle model.
Resumo:
Multiple-time signatures are digital signature schemes where the signer is able to sign a predetermined number of messages. They are interesting cryptographic primitives because they allow to solve many important cryptographic problems, and at the same time offer substantial efficiency advantage over ordinary digital signature schemes like RSA. Multiple-time signature schemes have found numerous applications, in ordinary, on-line/off-line, forward-secure signatures, and multicast/stream authentication. We propose a multiple-time signature scheme with very efficient signing and verifying. Our construction is based on a combination of one-way functions and cover-free families, and it is secure against the adaptive chosen-message attack.
Resumo:
An accumulator based on bilinear pairings was proposed at CT-RSA'05. Here, it is first demonstrated that the security model proposed by Lan Nguyen does lead to a cryptographic accumulator that is not collision resistant. Secondly, it is shown that collision-resistance can be provided by updating the adversary model appropriately. Finally, an improvement on Nguyen's identity escrow scheme, with membership revocation based on the accumulator, by removing the trusted third party is proposed.
Resumo:
We consider the following problem: members in a dynamic group retrieve their encrypted data from an untrusted server based on keywords and without any loss of data confidentiality and member’s privacy. In this paper, we investigate common secure indices for conjunctive keyword-based retrieval over encrypted data, and construct an efficient scheme from Wang et al. dynamic accumulator, Nyberg combinatorial accumulator and Kiayias et al. public-key encryption system. The proposed scheme is trapdoorless and keyword-field free. The security is proved under the random oracle, decisional composite residuosity and extended strong RSA assumptions.
Resumo:
A dynamic accumulator is an algorithm, which gathers together a large set of elements into a constant-size value such that for a given element accumulated, there is a witness confirming that the element was indeed included into the value, with a property that accumulated elements can be dynamically added and deleted into/from the original set such that the cost of an addition or deletion operation is independent of the number of accumulated elements. Although the first accumulator was presented ten years ago, there is still no standard formal definition of accumulators. In this paper, we generalize formal definitions for accumulators, formulate a security game for dynamic accumulators so-called Chosen Element Attack (CEA), and propose a new dynamic accumulator for batch updates based on the Paillier cryptosystem. Our construction makes a batch of update operations at unit cost. We prove its security under the extended strong RSA (es-RSA) assumption
Resumo:
In this paper we tackle the problem of finding an efficient signature verification scheme when the number of signatures is signi.- cantly large and the verifier is relatively weak. In particular, we tackle the problem of message authentication in many-to-one communication networks known as concast communication. The paper presents three signature screening algorithms for a variant of ElGamal-type digital signatures. The cost for these schemes is n applications of hash functions, 2n modular multiplications, and n modular additions plus the verification of one digital signature, where n is the number of signatures. The paper also presents a solution to the open problem of finding a fast screening signature for non-RSA digital signature schemes.
Resumo:
Number theory has in recent decades assumed a great practical importance, due primarily to its application to cryptography. This chapter discusses how elementary concepts of number theory may be illuminated and made accessible to upper secondary school students via appropriate spreadsheet models. In such environments, students can observe patterns, gain structural insight, form and test conjectures, and solve problems. The chapter begins by reviewing literature on the use of spreadsheets in general and the use of spreadsheets in number theory in particular. Two sample applications are then discussed. The first, factoring factorials, is presented and instructions are given to construct a model in Excel 2007. The second application, the RSA cryptosystem, is included because of its importance to Science, Technology, Engineering, and Mathematics (STEM) students. Number theoretic concepts relevant to RSA are discussed, and an outline of RSA. is given, with example. The chapter ends with instructions on how to construct a simple spreadsheet illustrating RSA.
Resumo:
Modular arithmetic has often been regarded as something of a mathematical curiosity, at least by those unfamiliar with its importance to both abstract algebra and number theory, and with its numerous applications. However, with the ubiquity of fast digital computers, and the need for reliable digital security systems such as RSA, this important branch of mathematics is now considered essential knowledge for many professionals. Indeed, computer arithmetic itself is, ipso facto, modular. This chapter describes how the modern graphical spreadsheet may be used to clearly illustrate the basics of modular arithmetic, and to solve certain classes of problems. Students may then gain structural insight and the foundations laid for applications to such areas as hashing, random number generation, and public-key cryptography.
Resumo:
We consider the following problem: users in a dynamic group store their encrypted documents on an untrusted server, and wish to retrieve documents containing some keywords without any loss of data confidentiality. In this paper, we investigate common secure indices which can make multi-users in a dynamic group to obtain securely the encrypted documents shared among the group members without re-encrypting them. We give a formal definition of common secure index for conjunctive keyword-based retrieval over encrypted data (CSI-CKR), define the security requirement for CSI-CKR, and construct a CSI-CKR based on dynamic accumulators, Paillier’s cryptosystem and blind signatures. The security of proposed scheme is proved under strong RSA and co-DDH assumptions.
Resumo:
A parallel authentication and public-key encryption is introduced and exemplified on joint encryption and signing which compares favorably with sequential Encrypt-then-Sign (ɛtS) or Sign-then-Encrypt (Stɛ) schemes as far as both efficiency and security are concerned. A security model for signcryption, and thus joint encryption and signing, has been recently defined which considers possible attacks and security goals. Such a scheme is considered secure if the encryption part guarantees indistinguishability and the signature part prevents existential forgeries, for outsider but also insider adversaries. We propose two schemes of parallel signcryption, which are efficient alternative to Commit-then-Sign-and- Encrypt (Ct&G3&S). They are both provably secure in the random oracle model. The first one, called generic parallel encrypt and sign, is secure if the encryption scheme is semantically secure against chosen-ciphertext attacks and the signature scheme prevents existential forgeries against random-message attacks. The second scheme, called optimal parallel encrypt. and sign, applies random oracles similar to the OAEP technique in order to achieve security using encryption and signature components with very weak security requirements — encryption is expected to be one-way under chosen-plaintext attacks while signature needs to be secure against universal forgeries under random-plaintext attack, that is actually the case for both the plain-RSA encryption and signature under the usual RSA assumption. Both proposals are generic in the sense that any suitable encryption and signature schemes (i.e. which simply achieve required security) can be used. Furthermore they allow both parallel encryption and signing, as well as parallel decryption and verification. Properties of parallel encrypt and sign schemes are considered and a new security standard for parallel signcryption is proposed.
Resumo:
Standard signature schemes are usually designed only to achieve weak unforgeability – i.e. preventing forgery of signatures on new messages not previously signed. However, most signature schemes are randomised and allow many possible signatures for a single message. In this case, it may be possible to produce a new signature on a previously signed message. Some applications require that this type of forgery also be prevented – this requirement is called strong unforgeability. At PKC2006, Boneh Shen and Waters presented an efficient transform based on any randomised trapdoor hash function which converts a weakly unforgeable signature into a strongly unforgeable signature and applied it to construct a strongly unforgeable signature based on the CDH problem. However, the transform of Boneh et al only applies to a class of so-called partitioned signatures. Although many schemes fall in this class, some do not, for example the DSA signature. Hence it is natural to ask whether one can obtain a truly generic efficient transform based on any randomised trapdoor hash function which converts any weakly unforgeable signature into a strongly unforgeable one. We answer this question in the positive by presenting a simple modification of the Boneh-Shen-Waters transform. Our modified transform uses two randomised trapdoor hash functions.
Resumo:
Introduction Intense exercise induced acidosis occurs from the accumulation of hydrogen ions as by-products of anaerobic metabolism. Oral ingestion of ß-alanine, a limiting precursor of the intracellular physiochemical buffer carnosine in skeletal muscle, may counteract any detrimental effect of acidosis and benefit performance. The aim of this study was to investigate the effect of ß-alanine as an ergogenic aid during high intensity exercise performance in healthy males. Methods Five males ingested either ß-alanine (BAl) (4.8 g.d-1 for 4wk, then 6.4 g.d-1 for 2wk) or placebo (Pl) (CaCO3) in a crossover design with 6 wk washout between. Following supplementation, participants performed two different intense exercise protocols over consecutive days. On the first day a repeated sprint ability (RSA) test of 5 x 6s, with 24s rest periods, was performed. On the second day a cycling capacity test measuring the time to exhaustion (TTE) was performed at 110% of their max workload achieved in a pre supplementation max test (CCT110%). Non-invasive quantification of carnosine, prior to, and following each supplementation, with magnetic resonance spectrometry was performed in the soleus and gastrocnemius. Time to fatigue (CCT110%), peak and mean power (RSA), blood pH, and plasma lactate were measured. Results Muscle carnosine concentration was not different prior to ß-alanine supplementation and increased 18% in the soleus and 26% in the gastrocnemius, respectively with 6 wk supplementation. There was no difference in the measured performance variables during the RSA test (peak and average power output). TTE during the CCT110% was significantly enhanced following the ingestion of BAl (155s ± 19.03) compared to Pl (134s ± 26.16). No changes were observed in blood pH during either exercise protocol and during the recovery from exercise. Plasma lactate in the BAl condition was significantly higher than Pl only from the 15th minute following exercise during the CCT110%. FIG. 1: Changes in carnosine concentration in the gastrocnemius prior and post 6 week chronic supplementation of placebo and β-alanine. Values expressed as mean.* p<0.05 from Pl at 6 weeks, # p<0.05 from pre supplementation. Conclusion/Discussion Greater muscle carnosine content following 6wk supplementation of ß-alanine enhanced the potential for intracellular buffering capacity. However, this only translated into enhanced performance during the CCT110% high intensity cycling exercise protocol, with no change observed during the RSA test. No differences in post exercise and recovery plasma lactates and blood pH, indicates that 6wks ß-alanine supplementation has no effect on anaerobic metabolism during multiple bout high intensity exercise. Changes in plasma lactate during recovery supports that ß-alanine supplementation may affect anaerobic metabolism however during single bout high intensity.
Resumo:
Intense exercise induced acidosis occurs after accumulation of hydrogen ions as by-products of anaerobic metabolism. Oral ingestion of ß-alanine, a limiting precursor of the intracellular physiochemical buffer carnosine in skeletal muscle, may counteract detrimental effects of acidosis and benefit performance. This study aimed to investigate the effect of ß-alanine as an ergogenic aid during high intensity exercise performance. Five healthy males ingested either ß-alanine or placebo (Pl) (CaCO3) in a crossover design with 6 wk washout between. Participants performed two different intense exercise protocols over consecutive days. On the first day a repeated sprint ability (RSA) test was performed. On the second day a cycling capacity test measuring the time to exhaustion (TTE) was performed at 110% of maximum workload achieved in a pre supplementation max test (CCT110%). Non-invasive quantification of carnosine, prior to, and following each supplementation, with in vivo magnetic resonance spectrometry was performed in the soleus and gastrocnemius muscle. Time to fatigue (CCT110%), peak and mean power (RSA), blood pH, and plasma lactate were measured. Muscle carnosine concentration was not different prior to ß-alanine supplementation and increased 18% in the soleus and 26% in the gastrocnemius, respectively after supplementation. There was no difference in the measured performance variables during the RSA test (peak and average power output). TTE during the CCT110% was significantly enhanced following the ingestion of BAl (155s ± 19.03) compared to Pl (134s ± 26.16). No changes were observed in blood pH during either exercise protocol and during the recovery from exercise. Plasma lactate after BAI was significantly higher than Pl only from the 15th minute following exercise during the CCT110%. Greater muscle carnosine content following 6wk supplementation of ß-alanine enhanced the potential for intracellular buffering capacity. This translated into enhanced performance during the CCT110% high intensity cycling exercise protocol but not during the RSA test. The lack of change in plasma lactate or blood pH indicates that 6wks ß-alanine supplementation has no effect on anaerobic metabolism during multiple-bout high-intensity exercise. Changes measured in plasma lactate during recovery support the hypothesis that ß-alanine supplementation may affect anaerobic metabolism particularly during single bout high intensity.
Resumo:
A series of Pt(II) diimine complexes bearing benzothiazolylfluorenyl (BTZ-F8), diphenylaminofluorenyl (NPh2- F8), or naphthalimidylfluorenyl (NI-F8) motifs on the bipyridyl or acetylide ligands (Pt-4−Pt-8), (i.e., {4,4′-bis[7-R1-F8-(≡)n-]bpy}Pt(7- R2-F8- ≡ -)2, where F8 = 9,9′-di(2-ethylhexyl)fluorene, bpy = 2,2′- bipyridine, Pt-4: R1 = R2 = BTZ, n = 0; Pt-5: R1 = BTZ, R2 = NI, n = 0; Pt-6: R1 = R2 = BTZ, n = 1; Pt-7: R1 = BTZ, R2 = NPh2, n = 1; Pt- 8: R1 = NPh2, R2 = BTZ, n = 1) were synthesized. Their ground-state and excited-state properties and reverse saturable absorption performances were systematically investigated. The influence of these motifs on the photophysics of the complexes was investigated by spectroscopic methods and simulated by time-dependent density functional theory (TDDFT). The intense absorption bands below 410 nm for these complexes is assigned to predominantly 1π,π* transitions localized on either the bipyridine or the acetylide ligands; while the broad low-energy absorption bands between 420 and 575 nm are attributed to essentially 1MLCT (metal-to-ligand charge transfer)/ 1LLCT (ligand-to-ligand charge transfer) transitions, likely mixed with some 1ILCT (intraligand charge transfer) transition for Pt-4−Pt-7, and predominantly 1ILCT transition admixing with minor 1MLCT/1LLCT characters for Pt-8. The different substituents on the acetylide and bipyridyl ligands, and the degrees of π-conjugation in the bipyridyl ligand influence both the 1π,π* and charge transfer transitions pronouncedly. All complexes are emissive at room temperature. Upon excitation at their respective absorption band maxima, Pt-4, Pt-6, and Pt-8 exhibit acetylide ligand localized 1π,π* fluorescence and 3MLCT/3LLCT phosphorescence in CH2Cl2, while Pt-5 manifests 1ILCT fluorescence and 3ILCT phosphorescence. However, only 1LLCT fluorescence was observed for Pt-7 at room temperature. The nanosecond transient absorption study was carried out for Pt-4−Pt-8 in CH3CN. Except for Pt-7 that contains NPh2 at the acetylide ligands, Pt-4−Pt-6 and Pt-8 all exhibit weak to moderate excited-state absorption in the visible spectral region. Reverse saturable absorption (RSA) of these complexes was demonstrated at 532 nm using 4.1 ns laser pulses in a 2 mm cuvette. The strength of RSA follows this trend: Pt-4 > Pt-5 > Pt-7 > Pt-6 > Pt-8. Incorporation of electron-donating substituent NPh2 on the bipyridyl ligand significantly decreases the RSA, while shorter π-conjugation in the bipyridyl ligand increases the RSA. Therefore, the substituent at either the acetylide ligands or the bipyridyl ligand could affect the singlet and triplet excited-state characteristics significantly, which strongly influences the RSA efficiency.
Resumo:
Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.
