An Observation about Variations of the Diffie-Hellman Assumption

We generalize the Strong Boneh-Boyen (SBB) signature scheme to sign vectors; we call this scheme GSBB. We show that if a particular (but most natural) average case reduction from SBB to GSBB exists, then the Strong Diffie-Hellman (SDH) and the Computational Diffie-Hellman (CDH) have the same worst-case complexity.

Implementação e análise de desempenho dos protocolos de criptografia neural e Diffie-Hellman em sistemas RFID utilizando uma plataforma embarcada

RFID (Radio Frequency Identification) identifies object by using the radio frequency which is a non-contact automatic identification technique. This technology has shown its powerful practical value and potential in the field of manufacturing, retailing, logistics and hospital automation. Unfortunately, the key problem that impacts the application of RFID system is the security of the information. Recently, researchers have demonstrated solutions to security threats in RFID technology. Among these solutions are several key management protocols. This master dissertations presents a performance evaluation of Neural Cryptography and Diffie-Hellman protocols in RFID systems. For this, we measure the processing time inherent in these protocols. The tests was developed on FPGA (Field-Programmable Gate Array) platform with Nios IIr embedded processor. The research methodology is based on the aggregation of knowledge to development of new RFID systems through a comparative analysis between these two protocols. The main contributions of this work are: performance evaluation of protocols (Diffie-Hellman encryption and Neural) on embedded platform and a survey on RFID security threats. According to the results the Diffie-Hellman key agreement protocol is more suitable for RFID systems

The Performance of Elliptic Curve Based Group Diffie-Hellman Protocols for Secure Group Communication over Ad Hoc Networks

The security of the two party Diffie-Hellman key exchange protocol is currently based on the discrete logarithm problem (DLP). However, it can also be built upon the elliptic curve discrete logarithm problem (ECDLP). Most proposed secure group communication schemes employ the DLP-based Diffie-Hellman protocol. This paper proposes the ECDLP-based Diffie-Hellman protocols for secure group communication and evaluates their performance on wireless ad hoc networks. The proposed schemes are compared at the same security level with DLP-based group protocols under different channel conditions. Our experiments and analysis show that the Tree-based Group Elliptic Curve Diffie-Hellman (TGECDH) protocol is the best in overall performance for secure group communication among the four schemes discussed in the paper. Low communication overhead, relatively low computation load and short packets are the main reasons for the good performance of the TGECDH protocol.

A public-key cryptosystem based on second order linear sequences

Based on Lucas functions, an improved version of the Diffie-Hellman distribution key scheme and to the ElGamal public key cryptosystem scheme are proposed, together with an implementation and computational cost. The security relies on the difficulty of factoring an RSA integer and on the difficulty of computing the discrete logarithm.

A public key encryption based on third order linear sequences

Based on third order linear sequences, an improvement version of the Diffie-Hellman distribution key scheme and the ElGamal public key cryptosystem scheme are proposed, together with an implementation and computational cost. The security relies on the difficulty of factoring an RSA integer and on the difficulty of computing the discrete logarithm.

XifraXat : Xat segur

XifraXat és un sistema que permet a dos usuaris gaudir d'una conversa del tot privada. Assegura la privacitat als usuaris ja que utilitza un sistema de xifra Diffie-Hellman, que com tots els sistemas de xifra pública, el xifratge el fa l'usuari a partir de les seves claus.

On the computational security of a distributed key distribution scheme

In a distributed key distribution scheme, a set of servers helps a set of users in a group to securely obtain a common key. Security means that an adversary who corrupts some servers and some users has no information about the key of a noncorrupted group. In this work, we formalize the security analysis of one such scheme which was not considered in the original proposal. We prove the scheme is secure in the random oracle model, assuming that the Decisional Diffie-Hellman (DDH) problem is hard to solve. We also detail a possible modification of that scheme and the one in which allows us to prove the security of the schemes without assuming that a specific hash function behaves as a random oracle. As usual, this improvement in the security of the schemes is at the cost of an efficiency loss.

A New Cryptographic Scheme for Securing Dynamic Conferences in Data Networks

Dynamic conferencing refers to a scenario wherein any subset of users in a universe of users form a conference for sharing confidential information among themselves. The key distribution (KD) problem in dynamic conferencing is to compute a shared secret key for such a dynamically formed conference. In literature, the KD schemes for dynamic conferencing either are computationally unscalable or require communication among users, which is undesirable. The extended symmetric polynomial based dynamic conferencing scheme (ESPDCS) is one such KD scheme which has a high computational complexity that is universe size dependent. In this paper we present an enhancement to the ESPDCS scheme to develop a KD scheme called universe-independent SPDCS (UI-SPDCS) such that its complexity is independent of the universe size. However, the UI-SPDCS scheme does not scale with the conference size. We propose a relatively scalable KD scheme termed as DH-SPDCS that uses the UI-SPDCS scheme and the tree-based group Diffie- Hellman (TGDH) key exchange protocol. The proposed DH-SPDCS scheme provides a configurable trade-off between computation and communication complexity of the scheme.

Timing attack di Paul C. Kocher: attacco al sistema di sicurezza RSA mediante strumenti di statistica

In questa tesi ho voluto descrivere il Timing Attack al sistema crittografico RSA, il suo funzionamento, la teoria su cui si basa, i suoi punti di forza e i punti deboli. Questo particolare tipo di attacco informatico fu presentato per la prima volta da Paul C. Kocher nel 1996 all’“RSA Data Security and CRYPTO conferences”. Nel suo articolo “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems” l’autore svela una nuova possibile falla nel sistema RSA, che non dipende da debolezze del crittosistema puramente matematiche, ma da un aspetto su cui nessuno prima di allora si era mai soffermato: il tempo di esecuzione delle operazioni crittografiche. Il concetto è tanto semplice quanto geniale: ogni operazione in un computer ha una certa durata. Le variazioni dei tempi impiegati per svolgere le operazioni dal computer infatti, necessariamente dipendono dal tipo di algoritmo e quindi dalle chiavi private e dal particolare input che si è fornito. In questo modo, misurando le variazioni di tempo e usando solamente strumenti statistici, Kocher mostra che è possibile ottenere informazioni sull’implementazione del crittosistema e quindi forzare RSA e altri sistemi di sicurezza, senza neppure andare a toccare l’aspetto matematico dell’algoritmo. Di centrale importanza per questa teoria diventa quindi la statistica. Questo perché entrano in gioco molte variabili che possono influire sul tempo di calcolo nella fase di decifrazione: - La progettazione del sistema crittografico - Quanto impiega la CPU ad eseguire il processo - L’algoritmo utilizzato e il tipo di implementazione - La precisione delle misurazioni - Ecc. Per avere più possibilità di successo nell’attaccare il sistema occorre quindi fare prove ripetute utilizzando la stessa chiave e input differenti per effettuare analisi di correlazione statistica delle informazioni di temporizzazione, fino al punto di recuperare completamente la chiave privata. Ecco cosa asserisce Kocher: “Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext.”, cioè, contro sistemi vulnerabili, l’attacco è computazionalmente poco costoso e spesso richiede solo di conoscere testi cifrati e di ottenere i tempi necessari per la loro decifrazione.

A public key cryptosystem based on block upper triangular matrices

We propose a public key cryptosystem based on block upper triangular matrices. This system is a variant of the Discrete Logarithm Problem with elements in a finite group, capable of increasing the difficulty of the problem while maintaining the key size. We also propose a key exchange protocol that guarantees that both parties share a secret element of this group and a digital signature scheme that provides data authenticity and integrity.

Il Sistema IBE di Boneh e Franklin

Un sistema di cifratura IBE (Identity-Based Encription Scheme) si basa su un sistema crittografico a chiave pubblica, costituita però in questo caso da una stringa arbitraria. Invece di generare una coppia casuale di chiavi pubbliche e private e pubblicare la prima, l'utente utilizza come chiave pubblica la sua "identità", ovvero una combinazione di informazioni opportune (nome, indirizzo...) che lo identifichino in maniera univoca. In questo modo ad ogni coppia di utenti risulta possibile comunicare in sicurezza e verificare le reciproche firme digitali senza lo scambio di chiavi private o pubbliche, senza la necessità di mantenere una key directory e senza dover ricorrere ogni volta ai servizi di un ente esterno. Nel 2001 Boneh e Franklin proposero uno schema completamente funzionante con sicurezza IND-ID-CCA, basato su un analogo del problema computazionale di Diffie-Hellman e che da un punto di vista tecnico-matematico utilizza la crittografia su curve ellittiche e la mappa bilineare Weil Pairing.

Electrochemical Evidence of Strong Electronic Interaction of PtRu on Carbon Nanotubes with High Density of Defects

We show that carbon nanotubes (CNTs) with high density of defects can present a strong electronic interaction with nanoparticles of Pt-Ru with average particle size of 3.5 +/- 0.8 nm. Depending on the Pt-Ru loading on the CNTs, CO and methanol oxidation reactions suggest there is a charge transfer between Pt-Ru that in turn provokes a decrease in the electronic interaction taking place between Ru and Pt in the PtRu alloy. The CO stripping potentials were observed at about 0.65 and 0.5 V for Pt-Ru/CNT electrodes with Pt-Ru loadings of 10 and 20, and 30 wt %, respectively. (C) 2008 The Electrochemical Society. [DOI: 10.1149/1.2990222] All rights reserved.

BONA FIDE, STRONG-VARIABLE GALACTIC LUMINOUS BLUE VARIABLE STARS ARE FAST ROTATORS: DETECTION OF A HIGH ROTATIONAL VELOCITY IN HR CARINAE

We report optical observations of the luminous blue variable (LBV) HR Carinae which show that the star has reached a visual minimum phase in 2009. More importantly, we detected absorptions due to Si lambda lambda 4088-4116. To match their observed line profiles from 2009 May, a high rotational velocity of nu(rot) similar or equal to 150 +/- 20 km s(-1) is needed (assuming an inclination angle of 30 degrees), implying that HR Car rotates at similar or equal to 0.88 +/- 0.2 of its critical velocity for breakup (nu(crit)). Our results suggest that fast rotation is typical in all strong-variable, bona fide galactic LBVs, which present S-Dor-type variability. Strong-variable LBVs are located in a well-defined region of the HR diagram during visual minimum (the ""LBV minimum instability strip""). We suggest this region corresponds to where nu(crit) is reached. To the left of this strip, a forbidden zone with nu(rot)/nu(crit) > 1 is present, explaining why no LBVs are detected in this zone. Since dormant/ex LBVs like P Cygni and HD 168625 have low nu(rot), we propose that LBVs can be separated into two groups: fast-rotating, strong-variable stars showing S-Dor cycles (such as AG Car and HR Car) and slow-rotating stars with much less variability (such as P Cygni and HD 168625). We speculate that supernova (SN) progenitors which had S-Dor cycles before exploding (such as in SN 2001ig, SN 2003bg, and SN 2005gj) could have been fast rotators. We suggest that the potential difficulty of fast-rotating Galactic LBVs to lose angular momentum is additional evidence that such stars could explode during the LBV phase.

Thermal Transport and Strong Mass Renormalization in NiCl(2)-4SC(NH(2))(2)

Several quantum paramagnets exhibit magnetic-field-induced quantum phase transitions to an anti-ferromagnetic state that exists for H(c1) <= H <= H(c2). For some of these compounds, there is a significant asymmetry between the low-and high-field transitions. We present specific heat and thermal conductivity measurements in NiCl(2)-4SC(NH(2))(2), together with calculations which show that the asymmetry is caused by a strong mass renormalization due to quantum fluctuations for H <= H(c1) that are absent for H >= H(c2). We argue that the enigmatic lack of asymmetry in thermal conductivity is due to a concomitant renormalization of the impurity scattering.

Observation of charge-dependent azimuthal correlations and possible local strong parity violation in heavy-ion collisions

Parity (P)-odd domains, corresponding to nontrivial topological solutions of the QCD vacuum, might be created during relativistic heavy-ion collisions. These domains are predicted to lead to charge separation of quarks along the orbital momentum of the system created in noncentral collisions. To study this effect, we investigate a three-particle mixed-harmonics azimuthal correlator which is a P-even observable, but directly sensitive to the charge-separation effect. We report measurements of this observable using the STAR detector in Au + Au and Cu + Cu collisions at root s(NN) = 200 and 62 GeV. The results are presented as a function of collision centrality, particle separation in rapidity, and particle transverse momentum. A signal consistent with several of the theoretical expectations is detected in all four data sets. We compare our results to the predictions of existing event generators and discuss in detail possible contributions from other effects that are not related to P violation.