An Observation about Variations of the Diffie-Hellman Assumption

We generalize the Strong Boneh-Boyen (SBB) signature scheme to sign vectors; we call this scheme GSBB. We show that if a particular (but most natural) average case reduction from SBB to GSBB exists, then the Strong Diffie-Hellman (SDH) and the Computational Diffie-Hellman (CDH) have the same worst-case complexity.

Implementação e análise de desempenho dos protocolos de criptografia neural e Diffie-Hellman em sistemas RFID utilizando uma plataforma embarcada

RFID (Radio Frequency Identification) identifies object by using the radio frequency which is a non-contact automatic identification technique. This technology has shown its powerful practical value and potential in the field of manufacturing, retailing, logistics and hospital automation. Unfortunately, the key problem that impacts the application of RFID system is the security of the information. Recently, researchers have demonstrated solutions to security threats in RFID technology. Among these solutions are several key management protocols. This master dissertations presents a performance evaluation of Neural Cryptography and Diffie-Hellman protocols in RFID systems. For this, we measure the processing time inherent in these protocols. The tests was developed on FPGA (Field-Programmable Gate Array) platform with Nios IIr embedded processor. The research methodology is based on the aggregation of knowledge to development of new RFID systems through a comparative analysis between these two protocols. The main contributions of this work are: performance evaluation of protocols (Diffie-Hellman encryption and Neural) on embedded platform and a survey on RFID security threats. According to the results the Diffie-Hellman key agreement protocol is more suitable for RFID systems

The Performance of Elliptic Curve Based Group Diffie-Hellman Protocols for Secure Group Communication over Ad Hoc Networks

The security of the two party Diffie-Hellman key exchange protocol is currently based on the discrete logarithm problem (DLP). However, it can also be built upon the elliptic curve discrete logarithm problem (ECDLP). Most proposed secure group communication schemes employ the DLP-based Diffie-Hellman protocol. This paper proposes the ECDLP-based Diffie-Hellman protocols for secure group communication and evaluates their performance on wireless ad hoc networks. The proposed schemes are compared at the same security level with DLP-based group protocols under different channel conditions. Our experiments and analysis show that the Tree-based Group Elliptic Curve Diffie-Hellman (TGECDH) protocol is the best in overall performance for secure group communication among the four schemes discussed in the paper. Low communication overhead, relatively low computation load and short packets are the main reasons for the good performance of the TGECDH protocol.

On the computational security of a distributed key distribution scheme

In a distributed key distribution scheme, a set of servers helps a set of users in a group to securely obtain a common key. Security means that an adversary who corrupts some servers and some users has no information about the key of a noncorrupted group. In this work, we formalize the security analysis of one such scheme which was not considered in the original proposal. We prove the scheme is secure in the random oracle model, assuming that the Decisional Diffie-Hellman (DDH) problem is hard to solve. We also detail a possible modification of that scheme and the one in which allows us to prove the security of the schemes without assuming that a specific hash function behaves as a random oracle. As usual, this improvement in the security of the schemes is at the cost of an efficiency loss.

A public-key cryptosystem based on second order linear sequences

Based on Lucas functions, an improved version of the Diffie-Hellman distribution key scheme and to the ElGamal public key cryptosystem scheme are proposed, together with an implementation and computational cost. The security relies on the difficulty of factoring an RSA integer and on the difficulty of computing the discrete logarithm.

A public key encryption based on third order linear sequences

Based on third order linear sequences, an improvement version of the Diffie-Hellman distribution key scheme and the ElGamal public key cryptosystem scheme are proposed, together with an implementation and computational cost. The security relies on the difficulty of factoring an RSA integer and on the difficulty of computing the discrete logarithm.

A New Cryptographic Scheme for Securing Dynamic Conferences in Data Networks

Dynamic conferencing refers to a scenario wherein any subset of users in a universe of users form a conference for sharing confidential information among themselves. The key distribution (KD) problem in dynamic conferencing is to compute a shared secret key for such a dynamically formed conference. In literature, the KD schemes for dynamic conferencing either are computationally unscalable or require communication among users, which is undesirable. The extended symmetric polynomial based dynamic conferencing scheme (ESPDCS) is one such KD scheme which has a high computational complexity that is universe size dependent. In this paper we present an enhancement to the ESPDCS scheme to develop a KD scheme called universe-independent SPDCS (UI-SPDCS) such that its complexity is independent of the universe size. However, the UI-SPDCS scheme does not scale with the conference size. We propose a relatively scalable KD scheme termed as DH-SPDCS that uses the UI-SPDCS scheme and the tree-based group Diffie- Hellman (TGDH) key exchange protocol. The proposed DH-SPDCS scheme provides a configurable trade-off between computation and communication complexity of the scheme.

XifraXat : Xat segur

XifraXat és un sistema que permet a dos usuaris gaudir d'una conversa del tot privada. Assegura la privacitat als usuaris ja que utilitza un sistema de xifra Diffie-Hellman, que com tots els sistemas de xifra pública, el xifratge el fa l'usuari a partir de les seves claus.

Timing attack di Paul C. Kocher: attacco al sistema di sicurezza RSA mediante strumenti di statistica

In questa tesi ho voluto descrivere il Timing Attack al sistema crittografico RSA, il suo funzionamento, la teoria su cui si basa, i suoi punti di forza e i punti deboli. Questo particolare tipo di attacco informatico fu presentato per la prima volta da Paul C. Kocher nel 1996 all’“RSA Data Security and CRYPTO conferences”. Nel suo articolo “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems” l’autore svela una nuova possibile falla nel sistema RSA, che non dipende da debolezze del crittosistema puramente matematiche, ma da un aspetto su cui nessuno prima di allora si era mai soffermato: il tempo di esecuzione delle operazioni crittografiche. Il concetto è tanto semplice quanto geniale: ogni operazione in un computer ha una certa durata. Le variazioni dei tempi impiegati per svolgere le operazioni dal computer infatti, necessariamente dipendono dal tipo di algoritmo e quindi dalle chiavi private e dal particolare input che si è fornito. In questo modo, misurando le variazioni di tempo e usando solamente strumenti statistici, Kocher mostra che è possibile ottenere informazioni sull’implementazione del crittosistema e quindi forzare RSA e altri sistemi di sicurezza, senza neppure andare a toccare l’aspetto matematico dell’algoritmo. Di centrale importanza per questa teoria diventa quindi la statistica. Questo perché entrano in gioco molte variabili che possono influire sul tempo di calcolo nella fase di decifrazione: - La progettazione del sistema crittografico - Quanto impiega la CPU ad eseguire il processo - L’algoritmo utilizzato e il tipo di implementazione - La precisione delle misurazioni - Ecc. Per avere più possibilità di successo nell’attaccare il sistema occorre quindi fare prove ripetute utilizzando la stessa chiave e input differenti per effettuare analisi di correlazione statistica delle informazioni di temporizzazione, fino al punto di recuperare completamente la chiave privata. Ecco cosa asserisce Kocher: “Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext.”, cioè, contro sistemi vulnerabili, l’attacco è computazionalmente poco costoso e spesso richiede solo di conoscere testi cifrati e di ottenere i tempi necessari per la loro decifrazione.

A public key cryptosystem based on block upper triangular matrices

We propose a public key cryptosystem based on block upper triangular matrices. This system is a variant of the Discrete Logarithm Problem with elements in a finite group, capable of increasing the difficulty of the problem while maintaining the key size. We also propose a key exchange protocol that guarantees that both parties share a secret element of this group and a digital signature scheme that provides data authenticity and integrity.

Il Sistema IBE di Boneh e Franklin

Un sistema di cifratura IBE (Identity-Based Encription Scheme) si basa su un sistema crittografico a chiave pubblica, costituita però in questo caso da una stringa arbitraria. Invece di generare una coppia casuale di chiavi pubbliche e private e pubblicare la prima, l'utente utilizza come chiave pubblica la sua "identità", ovvero una combinazione di informazioni opportune (nome, indirizzo...) che lo identifichino in maniera univoca. In questo modo ad ogni coppia di utenti risulta possibile comunicare in sicurezza e verificare le reciproche firme digitali senza lo scambio di chiavi private o pubbliche, senza la necessità di mantenere una key directory e senza dover ricorrere ogni volta ai servizi di un ente esterno. Nel 2001 Boneh e Franklin proposero uno schema completamente funzionante con sicurezza IND-ID-CCA, basato su un analogo del problema computazionale di Diffie-Hellman e che da un punto di vista tecnico-matematico utilizza la crittografia su curve ellittiche e la mappa bilineare Weil Pairing.

A novel polar-based human face recognition computational model

Motivated by a recently proposed biologically inspired face recognition approach, we investigated the relation between human behavior and a computational model based on Fourier-Bessel (FB) spatial patterns. We measured human recognition performance of FB filtered face images using an 8-alternative forced-choice method. Test stimuli were generated by converting the images from the spatial to the FB domain, filtering the resulting coefficients with a band-pass filter, and finally taking the inverse FB transformation of the filtered coefficients. The performance of the computational models was tested using a simulation of the psychophysical experiment. In the FB model, face images were first filtered by simulated V1- type neurons and later analyzed globally for their content of FB components. In general, there was a higher human contrast sensitivity to radially than to angularly filtered images, but both functions peaked at the 11.3-16 frequency interval. The FB-based model presented similar behavior with regard to peak position and relative sensitivity, but had a wider frequency band width and a narrower response range. The response pattern of two alternative models, based on local FB analysis and on raw luminance, strongly diverged from the human behavior patterns. These results suggest that human performance can be constrained by the type of information conveyed by polar patterns, and consequently that humans might use FB-like spatial patterns in face processing.

Computational adjustment technique for digital mammographic images based on the digitizer characteristic curve

We evaluated the performance of a novel procedure for segmenting mammograms and detecting clustered microcalcifications in two types of image sets obtained from digitization of mammograms using either a laser scanner, or a conventional ""optical"" scanner. Specific regions forming the digital mammograms were identified and selected, in which clustered microcalcifications appeared or not. A remarkable increase in image intensity was noticed in the images from the optical scanner compared with the original mammograms. A procedure based on a polynomial correction was developed to compensate the changes in the characteristic curves from the scanners, relative to the curves from the films. The processing scheme was applied to both sets, before and after the polynomial correction. The results indicated clearly the influence of the mammogram digitization on the performance of processing schemes intended to detect microcalcifications. The image processing techniques applied to mammograms digitized by both scanners, without the polynomial intensity correction, resulted in a better sensibility in detecting microcalcifications in the images from the laser scanner. However, when the polynomial correction was applied to the images from the optical scanner, no differences in performance were observed for both types of images. (C) 2008 SPIE and IS&T [DOI: 10.1117/1.3013544]

Reactivity, photolability, and computational studies of the ruthenium nitrosyl complex with a substituted cyclam fac-[Ru(NO)Cl(2)(kappa(3)N(4),N(8),N(11)(1-carboxypropyl)cyclam)]Cl center dot H(2)O

Chemical reactivity, photolability, and computational studies of the ruthenium nitrosyl complex with a substituted cyclam, fac-[Ru(NO)Cl(2)(kappa(3)N(4),N(8),N(11)(1-carboxypropyl)cyclam)]Cl center dot H(2)O ((1-carboxypropyl) cyclam = 3-(1,4,8,11-tetraazacyclotetradecan-1-yl) propionic acid)), (I) are described. Chloride ligands do not undergo aquation reactions (at 25 degrees C, pH 3). The rate of nitric oxide (NO) dissociation (k(obs-NO)) upon reduction of I is 2.8 s(-1) at 25 +/- 1 degrees C (in 0.5 mol L(-1) HCl), which is close to the highest value found for related complexes. The uncoordinated carboxyl of I has a pK(a) of similar to 3.3, which is close to that of the carboxyl of the non coordinated (1-carboxypropyl) cyclam (pK(a) = 3.4). Two additional pK(a) values were found for I at similar to 8.0 and similar to 11.5. Upon electrochemical reduction or under irradiation with light (lambda(irr) = 350 or 520 nm; pH 7.4), I releases NO in aqueous solution. The cyclam ring N bound to the carboxypropyl group is not coordinated, resulting in a fac configuration that affects the properties and chemical reactivities of I, especially as NO donor, compared with analogous trans complexes. Among the computational models tested, the B3LYP/ECP28MDF, cc-pVDZ resulted in smaller errors for the geometry of I. The computational data helped clarify the experimental acid-base equilibria and indicated the most favourable site for the second deprotonation, which follows that of the carboxyl group. Furthermore, it showed that by changing the pH it is possible to modulate the electron density of I with deprotonation. The calculated NO bond length and the Ru/NO charge ratio indicated that the predominant canonical structure is [Ru(III)NO], but the Ru-NO bond angles and bond index (b.i.) values were less clear; the angles suggested that [Ru(II)NO(+)] could contribute to the electronic structure of I and b.i. values indicated a contribution from [Ru(IV)NO(-)]. Considering that some experimental data are consistent with a [Ru(II)NO(+)] description, while others are in agreement with [Ru(III)NO], the best description for I would be a linear combination of the three canonical forms, with a higher weight for [Ru(II)NO(+)] and [Ru(III)NO].