Boolean functions used in cryptographic applications have to satisfy various cryptographic criteria. Although the choice of the criteria depends on the cryptosys-tem in which they are used, there are some properties balancedness, nonlinearity, high algebraic degree, correlation immunity, propagation criteria which a cryptographically strong Boolean function… (More)
Batch verification of digital signatures is used to improve the computational complexity when large number of digital signatures must be verified. Lee at al.  proposed a new method to identify bad signatures in batches efficiently. We show that the method is flawed.
The security of iterated hash functions relies on the properties of underlying compression functions. We study highly efficient compression functions based on block ciphers. We propose a model for high-rate compression functions, and give an upper bound for the rate of any collision resistant compression function in our model. In addition, we show that… (More)
Simultaneous contract signing is a two-party cryptographic protocol: two mutually suspicious parties wish to exchange signatures on a contract. We propose novel and efficient protocol for contract signing based on a construction by Even, Goldreich, and Lempel. We focus on the reduction of on-line computational complexity of the protocol. A significant part… (More)
We show that the protocol recently proposed in  for securing multicast communication is completely insecure.
Cryptology is a mathematical hard core of information security, since many of the information security problems (e.g. confidentiality, integrity, authenticity of information) can be (and often are) solved by means of cryptographical tools/algorithms. We analyse 20 selected academic courses in cryptology with respect to their aims, scopes, contents,… (More)
We show that a recently proposed password authentication scheme based on geometric hashing has several security weaknesses, and that the use of this scheme should be avoided in practice.
Designated verifier signature schemes allow a signer to convince only the designated verifier that a signed message is authentic. We define attack models on the unforgeability property of such schemes and analyze relationships among the models. We show that the no-message model, where an adversary is given only public keys, is equivalent to the model, where… (More)