Advances in Cryptology — EUROCRYPT ’99

  title={Advances in Cryptology — EUROCRYPT ’99},
  author={Jacques Stern},
  booktitle={Lecture Notes in Computer Science},
  • J. Stern
  • Published in
    Lecture Notes in Computer…
  • Computer Science, Mathematics
We show that if the private exponent d used in the RSA public-key cryptosystem is less than N then the system is insecure. This is the first improvement over an old result of Wiener showing that when d < N the RSA system is insecure. We hope our approach can be used to eventually improve the bound to d < N. 

Provable Security against Impossible Differential Cryptanalysis Application to CS-Cipher

A new way to bound the probability of occurrence of an n-round differential in the context of differential cryptanalysis is presented, to which, assuming some non-trivial hypothesis, provable security against impossible differential crypt analysis is obtained.

Improved Cryptanalysis of the Multi-Prime φ - Hiding Assumption

This paper investigates the Multi-Prime φ-Hiding Problem as introduced in a recent construction by Kiltz et al. from Crypto 2010 and makes use of a recent result from Herrmann and May to solve linear equations modulo divisors.

RSA Vulnerabilities with Small Prime Difference

It is shown that the bound on small private key with respect to small prime difference can be further improved and the technique of unravelled linearization for constructing lattices is adapted and yield a benefit compared to known bounds.

Algebraic Attack on the MQQ Public Key Cryptosystem

This cryptanalysis breaks the MQQ cryptosystem by solving a system of multivariate quadratic polynomial equations using both the MutantXL algorithm and the F4 algorithm.

Impossible Differential Cryptanalysis of ARIA Reduced to 7 Rounds

This paper finds a new impossible differential property of ARIA, and proposes an attack against ARIA-256 reduced to 7 rounds based on this property, while previous attacks can only attack ARIA up to 6 rounds.

Trapdoor Permutation Polynomials of Z/ n Z and Public Key Cryptosystems

It is shown that the ideas developed in this extended abstract can be used to design the most efficient known cryptosystem with semantic security under non-adaptive chosen ciphertext attacks in the standard security model.

Digital Signatures from Strong RSA without Prime Generation

A signature scheme that is proved secure, without random oracles, under the strong RSA assumption, and adapts the prefix signing technique of Hohenberger and Waters (CRYPTO 2009) to work without generating primes.

On the Differential Security of Multivariate Public Key Cryptosystems

This work presents a reasonable measure for security against the common differential attacks and derives this measurement for several modern multivariate public key cryptosystems.

Partial Key Exposure Attacks on Takagi's Variant of RSA

Three cases when the exposed bits are the most significant bits, the least significant bits and the middle bits of the private exponent respectively are considered, based on Coppersmith's method for finding small roots of modular polynomial equations.

Practical-Sized Instances of Multivariate PKCs: Rainbow, TTS, and lIC-Derivatives

We present instances of MPKCs (multivariate public key cryptosystems) with design, given the best attacks we know, and implement them on commodity PC hardware. We also show that they can hold their



Design of Hyperelliptic Cryptosystems in Small Characteristic and a Software Implementation over F2n

This work investigates the discrete logarithm problem over jacobians of hyperelliptic curves suitable for public-key cryptosystems, and presents hypelliptic cryptosSystems that resist against all known attacks.

Secure Hyperelliptic Cryptosystems and Their Performances

The discrete logarithm problem over jacobian varieties of hyperelliptic curves suitable for public-key cryptosystems are investigated, and practical advantages of hypelliptic cryptOSystems compared to the elliptic cryptosSystems and to RSA are clarified.

Provable Security for Block Ciphers by Decorrelation

A new way of protecting block ciphers against classes of attacks (including differential and linear crypt-analysis) which is based on the notion of decorrelation which is fairly connected to Carter-Wegman's notion of universal functions is investigated.

Fast Multiplication on Elliptic Curves over Small Fields of Characteristic Two

A table of elliptic curves, which are well suited for elliptic curve public key cryptosystems, and for which the new algorithm for multiplication can be used, is presented.

Efficient construction of secure hyperelliptic discrete logarithm problems

Efficient algorithms are presented to construct secure discrete logarithm problems on hyperelliptic curves whose Jacobian varieties are either simple or isogenous to a product of simple abelian varieties.

An experiment on DES statistical cryptanalysis

A new heuristic method has found an attack against DES absolutely equivalent to M. Matsui's (1994) one by following a distinct path and appears to be roughly as efficient as both differential and linear cryptanalysis.

An Improved Algorithm for Arithmetic on a Family of Elliptic Curves

It has become increasingly common to implement discrete-logarithm based public-key protocols on elliptic curves over finite fields by taking a given integer multiple of a given point on the curve.

The Extended Euclidian Algorithm on Polynomials, and the Computational Efficiency of Hyperelliptic Cryptosystems

  • A. Enge
  • Computer Science, Mathematics
    Des. Codes Cryptogr.
  • 2001
The exact average number offield operations for computing the greatest common divisor of polynomials over a finite field by the extended Euclidianalgorithm is determined.

Efficient Identification and Signatures for Smart Cards

We present an efficient interactive identification scheme and a related signature scheme that are based on discrete logarithms and which are particularly suited for smart cards. Previous

A method for obtaining digital signatures and public-key cryptosystems

An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important