8 Hits in 2.8 sec

Cryptanalysis of the Co-ACD Assumption [chapter]

Pierre-Alain Fouque, Moon Sung Lee, Tancrède Lepoint, Mehdi Tibouchi
2015 Lecture Notes in Computer Science  
This breaks the one-wayness of both the symmetric-key and the public-key variants of CLS encryption as well as the underlying decisional Co-ACD assumption for a very wide range of parameters.  ...  At ACM-CCS 2014, Cheon, Lee and Seo introduced a new number-theoretic assumption, the Co-Approximate Common Divisor (Co-ACD) assumption, based on which they constructed several cryptographic primitives  ...  Acknowledgments The authors thank Jung Hee Cheon, Changmin Lee, Jae Hong Seo, and Yong Soo Song for helpful discussions.  ... 
doi:10.1007/978-3-662-47989-6_27 fatcat:s3uruwzmsfdlthkd3mveszs6ny

Cryptanalysis of the CLT13 Multilinear Map

Jung Hee Cheon, Kyoohyung Han, Changmin Lee, Hansol Ryu, Damien Stehlé
2018 Journal of Cryptology  
In addition, we provide polynomial time algorithms to directly break the security assumptions of many applications based on the CLT13 scheme.  ...  In this paper, we describe a polynomial time cryptanalysis of the (approximate) multilinear map proposed by Coron, Lepoint, and Tibouchi in Crypto13 (CLT13).  ...  Acknowledgements The authors would like to extend their gratitude to Michel  ... 
doi:10.1007/s00145-018-9307-y fatcat:hzg2mrgdf5bg7nx3yb32qirnam

Constructive Non-Linear Polynomial Cryptanalysis of a Historical Block Cipher [article]

Nicolas T. Courtois, Marios Georgiou
2019 arXiv   pre-print
One of the major open problems in symmetric cryptanalysis is to discover new specif i c types of invariant properties which can hold for a larger number of rounds of a block cipher.  ...  We have Generalised Linear Cryptanalysis (GLC) and Partitioning Cryptanalysis (PC).  ...  We get a series of obvious transitions such as ce becomes df which we would get in traditional Bi-Linear Cryptanalysis (BLC) [7] , plus a series of less obvious transitions due to the 2 assumptions D(  ... 
arXiv:1902.02748v1 fatcat:b7wrqo2lubaqxk7bgxq4f4e6fi

Extension of simultaneous Diophantine approximation algorithm for partial approximate common divisor variants

Wonhee Cho, Jiseung Kim, Changmin Lee
2021 IET Information Security  
While several encryption schemes have been published the security of which depend on the presumed hardness of variants of the PACD problem, fewer studies have attempted to extend the SDA algorithm to be  ...  Then, all the secret parameters can be recovered by finding this short vector. It is also confirmed experimentally that this algorithm works well. Wonhee Cho and Jiseung Kim are co-first authors.  ...  | Cryptanalysis of the CRT-ACD with auxiliary input The PACD, introduced by Howgrave-Graham [27] , is a problem of finding a secret prime p for a given many instances which are nearly multiples of  ... 
doi:10.1049/ise2.12032 fatcat:43cg3kol7bd7dhg4qhjm2g7bzu

Critical perspectives on provable security: Fifteen years of "another look" papers

Neal Koblitz, Alfred Menezes
2019 Advances in Mathematics of Communications  
We give an overview of our critiques of "proofs" of security and a guide to our papers on the subject that have appeared over the past decade and a half.  ...  In [111] the authors introduced the co-approximate common divisor problem (co-ACD) in connection with their proposal for an efficient additive homomorphic public-key encryption scheme.  ...  In [142] Fouque et al. described lattice attacks on co-ACD that resulted in key recovery in a few seconds for parameters that were intended to provide 128 bits of security. 4.  ... 
doi:10.3934/amc.2019034 fatcat:gpftyd4hxjebfpzdqwdes345na

Cryptanalysis of ISO/IEC 9796-1

D. Coppersmith, J. S. Coron, F. Grieu, S. Halevi, C. Jutla, D. Naccache, J. P. Stern
2007 Journal of Cryptology  
Both attacks consist in an existential forgery under a chosen-message attack: the attacker asks for the signature of some messages of his choice, and is then able to produce the signature of a message  ...  The first attack is a variant of Desmedt and Odlyzko's attack and requires a few hundreds of signatures. The second attack is more powerful and requires only three signatures.  ...  Acknowledgments: the improved attack of section 3.5 was suggested by one of the referees. References  ... 
doi:10.1007/s00145-007-9007-5 fatcat:7srft33245gfxdlrsbhhq2lkaa

On Fitting Finite Dirichlet Mixture Using ECM and MML [chapter]

Nizar Bouguila, Djemel Ziou
2005 Lecture Notes in Computer Science  
The system is analysed for different active periods corresponding to the service time of an M/G/1 queue and the busy period of an M/G/1 queue.  ...  Some of the known results are deduced from the results obtained. Numerical results are illustrated for the models under consideration. 2 Pair-copula constructions of multiple dependence.  ...  Some work in progress along the same line on interacting systems of Fleming-Viot processes is also sketched. Van Nostrand Co., 1960) .  ... 
doi:10.1007/11551188_19 fatcat:gtzi5u6emvfyxea3zbklobnvom

Lattice-based direct anonymous attestation

Nada El Kassem
To do this, the TPM chip creates attestations about the state of the host system.  ...  , into the world of lattice-based cryptographic schemes.  ...  Liqun Chen (my principal supervisor) for her motivation, guidance, patience and kindness over the past three years. I am also grateful to my co-supervisor Prof. Steve Schneider  ... 
doi:10.15126/thesis.00855402 fatcat:6jk6dggcbva2liz4v4mmsshfam