We provide the first construction of a hash function into ordinary elliptic curves that is indifferentiable from a random oracle, based on Icart's deterministic encoding from Crypto 2009. While almost as efficient as Icart's encoding, this hash function can be plugged into any cryptosystem that requires hashing into elliptic curves, while not compromising… (More)
We describe a new explicit function that given an elliptic curve E defined over Fpn , maps elements of Fpn into E in deterministic polynomial time and in a constant number of operations over Fpn. The function requires to compute a cube root. As an application we show how to hash deterministically into an elliptic curve.
On an elliptic curve, the degree of an isogeny corresponds essentially to the degrees of the polynomial expressions involved in its application. The multiplication–by– map  has degree 2 , therefore the complexity to directly evaluate (P) is O(2). For a small prime (= 2, 3) such that the additive binary representation provides no better performance, this… (More)
Shabal is based on a new provably secure mode of operation. Some related-key distin-guishers for the underlying keyed permutation have been exhibited recently by Aumasson et al. and Knudsen et al., but with no visible impact on the security of Shabal. This paper then aims at extensively studying such distinguishers for the keyed permutation used in Shabal,… (More)
At first glance, privacy and zero-knowledgeness seem to be similar properties. A scheme is private when no information is revealed on the prover and in a zero-knowledge scheme, communications should not leak provers' secrets. Until recently, privacy threats were only partially formalized and some zero-knowledge (ZK) schemes have been proposed so far to… (More)
In 2004, Molnar and Wagner introduced a very appealing scheme dedicated to the identification of RFID tags. Their protocol relies on a binary tree of secrets which are shared – for all nodes except the leaves – amongst the tags. Hence the compromise of one tag also has implications on the other tags with whom it shares keys. We describe a new… (More)
This paper describes an innovative and highly secure networking architecture, dedicated to the Internet of things (IoT). We propose an infrastructure that works with a new type of tags, supporting the recently standardized host identity protocol (HIP). Our main concern is to ensure RFID tags privacy, while enabling things to things communications.