February  2013, 7(1): 1-38. doi: 10.3934/amc.2013.7.1

Another look at security definitions

1. 

Department of Mathematics, Box 354350, University of Washington, Seattle, WA 98195

2. 

Department of Combinatorics & Optimization, University of Waterloo, Waterloo, Ontario N2L 3G1

Received  August 2011 Revised  March 2012 Published  January 2013

We take a critical look at security models that are often used to give "provable security" guarantees. We pay particular attention to digital signatures, symmetric-key encryption, and leakage resilience. We find that there has been a surprising amount of uncertainty about what the "right" definitions might be. Even when definitions have an appealing logical elegance and nicely reflect certain notions of security, they fail to take into account many types of attacks and do not provide a comprehensive model of adversarial behavior.
Citation: Neal Koblitz, Alfred Menezes. Another look at security definitions. Advances in Mathematics of Communications, 2013, 7 (1) : 1-38. doi: 10.3934/amc.2013.7.1
References:
[1]

M. Albrecht, P. Farshim, K. Paterson and G. Watson, On cipher-dependent related-key attacks in the ideal-cipher model,, in, (2011), 128. Google Scholar

[2]

M. Albrecht, K. Paterson and G. Watson, Plaintext recovery attacks against SSH,, in, (2009), 16. Google Scholar

[3]

J. Alwen, Y. Dodis, M. Naor, G. Segev, S. Walfish and D. Wichs, Public-key encryption in the bounded-retrieval model,, in, (2010), 113. doi: 10.1007/978-3-642-13190-5_6. Google Scholar

[4]

J. Alwen, Y. Dodis and D. Wichs, Leakage-resilient public-key cryptography in the bounded-retrieval model,, in, (2009), 36. doi: 10.1007/978-3-642-03356-8_3. Google Scholar

[5]

R. Anderson, "Security Engineering,'' 2nd edition,, Wiley, (2008). Google Scholar

[6]

M. Bellare and D. Cash, Pseudorandom functions and permutations provably secure against related-key attacks,, in, (2010), 666. Google Scholar

[7]

M. Bellare and S. Duan, Partial signatures and their applications,, available online at \url{http://eprint.iacr.org/2009/336.pdf}, (). Google Scholar

[8]

M. Bellare, O. Goldreich and A. Mityagin, The power of verification queries in message authentication and authenticated encryption,, available online at \url{http://eprint.iacr.org/2004/309.pdf}, (). Google Scholar

[9]

M. Bellare, D. Hofheinz and E. Kiltz, Subtleties in the definition of IND-CCA: When and how should challenge-decryption be disallowed?,, available online at \url{http://eprint.iacr.org/2009/418.pdf}, (). Google Scholar

[10]

M. Bellare and T. Kohno, A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PFRs, and applications,, in, (2003), 491. doi: 10.1007/3-540-39200-9_31. Google Scholar

[11]

M. Bellare, T. Kohno and C. Namprempre, Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encrypt-and-MAC paradigm,, in, 1 (2004), 206. doi: 10.1145/996943.996945. Google Scholar

[12]

M. Bellare and P. Rogaway, Entity authentication and key distribution,, in, (1994), 232. Google Scholar

[13]

D. J. Bernstein, H.-C. Chen, C.-M. Cheng, T. Lange, R. Niederhagen, P. Schwabe and B.-Y. Yang, ECC2K-130 on NVIDIA GPUs,, in, (2010), 328. doi: 10.1007/978-3-642-17401-8_23. Google Scholar

[14]

I. Biehl, B. Meyer and V. Müller, Differential fault attacks on elliptic curve cryptosystems,, in, (2000), 131. doi: 10.1007/3-540-44598-6_8. Google Scholar

[15]

A. Biryukov, O. Dunkelman, N. Keller, D. Khovratovich and A. Shamir, Key recovery attacks of practical complexity on AES variants with up to 10 rounds,, in, (2010), 299. doi: 10.1007/978-3-642-13190-5_15. Google Scholar

[16]

S. Blake-Wilson and A. Menezes, Unknown key-share attacks on the station-to-station (STS) protocol,, in, (1999), 156. Google Scholar

[17]

J. Blömer, M. Otto and J.-P. Seifert, Sign change fault attacks on elliptic curve cryptosystems,, in, (2006), 36. doi: 10.1007/11889700_4. Google Scholar

[18]

J.-M. Bohli, S. Röhrich and R. Steinwandt, Key substitution attacks revisited: Taking into account malicious signers,, Intern. J. Information Security, 5 (2006), 30. doi: 10.1007/s10207-005-0071-2. Google Scholar

[19]

A. Boldyreva, M. Fischlin, A. Palacio and B. Warinschi, A closer look at PKI: Security and efficiency,, in, (2007), 458. doi: 10.1007/978-3-540-71677-8_30. Google Scholar

[20]

R. Canetti, Universally composable signature, certification, and authentication,, available online at \url{http://eprint.iacr.org/2003/239}; a shorter version appeared in, (2004), 219. Google Scholar

[21]

J. le Carré, "The Looking Glass War,'', Coward-McCann, (1965). Google Scholar

[22]

D. Cash, Y. Z. Ding, Y. Dodis, W. Lee, R. J. Lipton and S. Walfish, Intrusion-resilient key exchange in the bounded retrieval model,, in, (2007), 479. Google Scholar

[23]

S. Chatterjee, A. Menezes and P. Sarkar, Another look at tightness,, in, (2012), 293. Google Scholar

[24]

J. Clayton, "Charles Dickens in Cyberspace: The Afterlife of the Nineteenth Century in Postmodern Culture,'', Oxford Univ. Press, (2003). Google Scholar

[25]

R. Cooke, "The Mathematics of Sonya Kovalevskaya,'', Springer-Verlag, (1984). doi: 10.1007/978-1-4612-5274-0. Google Scholar

[26]

J. Coron, Resistance against differential power analysis for elliptic curve cryptosystems,, in, (1999), 292. doi: 10.1007/3-540-48059-5_25. Google Scholar

[27]

R. Cramer and V. Shoup, Signature schemes based on the strong RSA assumption,, ACM Trans. Inform. Sys. Secur., 3 (2000), 161. doi: 10.1145/357830.357847. Google Scholar

[28]

G. Di Crescenzo, R. J. Lipton and S. Walfish, Perfectly secure password protocols in the bounded retrieval model,, in, (2006), 225. Google Scholar

[29]

J. P. Degabriele, K. G. Paterson and G. J. Watson, Provable security in the real world,, IEEE Secur. Privacy, 9 (2011), 18. Google Scholar

[30]

R. L. Dennis, Security in the computer environment,, SDC-SP 2440/00/01, (2440). Google Scholar

[31]

W. Diffie, P. van Oorschot and M. Wiener, Authentication and authenticated key exchanges,, Des. Codes Crypt., 2 (1992), 107. doi: 10.1007/BF00124891. Google Scholar

[32]

Y. Dodis, P. Lee and D. Yum, Optimistic fair exchange in a multi-user setting,, J. Universal Comp. Sci., 14 (2008), 318. Google Scholar

[33]

A. Domínguez-Oviedo, "On Fault-Based Attacks and Countermeasures for Elliptic Curve Cryptosystems,'', Ph.D. thesis, (2008). Google Scholar

[34]

C. Donnelly and P. Embrechts, The devil is in the tails,, ASTIN Bulletin, 40 (2010), 1. doi: 10.2143/AST.40.1.2049222. Google Scholar

[35]

O. Dunkelman, N. Keller and A. Shamir, A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony,, in, (2010), 393. doi: 10.1007/978-3-642-14623-7_21. Google Scholar

[36]

S. Dziembowski, Intrusion-resilience via the bounded-storage model,, in, (2006), 207. Google Scholar

[37]

S. Dziembowski and K. Pietrzak, Leakage-resilient cryptography,, in, (2008), 293. Google Scholar

[38]

W. van Eck, Electromagnetic radiation from video display units: An eavesdropping risk?,, Comput. Soc., 4 (1985), 269. Google Scholar

[39]

J. Fan, X. Guo, E. De Mulder, P. Schaumont, B. Preneel and I. Verbauwhede, State-of-the-art of secure ECC implementations: A survey of known side-channel attacks and countermeasures,, in, (2010), 76. doi: 10.1109/HST.2010.5513110. Google Scholar

[40]

P. Fouque, R. Lercier, D. Réal and F. Valette, Fault attack on elliptic curve Montgomery ladder implementation,, in, (2008), 92. Google Scholar

[41]

R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle,, in, (1999), 123. Google Scholar

[42]

C. Gentry, Practical identity-based encryption without random oracles,, in, (2006), 445. doi: 10.1007/11761679_27. Google Scholar

[43]

S. Goldwasser, S. Micali and R. Rivest, A “paradoxical” solution to the signature problem,, in, (1984), 441. Google Scholar

[44]

S. Jones, The formula that felled Wall St.,, in, (2009), 8. Google Scholar

[45]

M. Joye, J. J. Quisquater, S. M. Yen and M. Yung, Observability analysis - Detecting when improved cryptosystems fail,, in, (2002), 17. doi: 10.1007/3-540-45760-7_2. Google Scholar

[46]

M. Joye and S. M. Yen, Checking before output may not be enough against fault-based cryptanalysis,, IEEE Trans. Comp., 49 (2000), 967. doi: 10.1109/12.869328. Google Scholar

[47]

M. Joye and S. M. Yen, The Montgomery powering ladder,, in, (2002), 291. Google Scholar

[48]

B. Kaliski, Contribution to ANSI X9F1 and IEEE P1363 working groups,, 17 June 1998., (1998). Google Scholar

[49]

J. Katz, Signature schemes with bounded leakage resilience,, available online at \url{http://eprint.iacr.org/2009/220.pdf}, (). Google Scholar

[50]

J. Katz and Y. Lindell, "Introduction to Modern Cryptography,'', Chapman and Hall/CRC, (2008). Google Scholar

[51]

J. Katz and V. Vaikuntanathan, Signature schemes with bounded leakage resilience,, in, (2009), 703. doi: 10.1007/978-3-642-10366-7_41. Google Scholar

[52]

T. Kleinjung, et al., Factorization of a 768-bit RSA modulus,, in, (2010), 333. doi: 10.1007/978-3-642-14623-7_18. Google Scholar

[53]

A. H. Koblitz, "A Convergence of Lives: Sofia Kovalevskaia - Scientist, Writer, Revolutionary,'', Birkhaüser, (1983). doi: 10.1007/978-1-4684-9438-9. Google Scholar

[54]

A. H. Koblitz, N. Koblitz and A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm shift,, J. Number Theory, 131 (2011), 781. doi: 10.1016/j.jnt.2009.01.006. Google Scholar

[55]

N. Koblitz, The uneasy relationship between mathematics and cryptography,, Notices Amer. Math. Soc., 54 (2007), 972. Google Scholar

[56]

N. Koblitz and A. Menezes, Another look at “provable security”,, J. Cryptology, 20 (2007), 3. doi: 10.1007/s00145-005-0432-z. Google Scholar

[57]

N. Koblitz and A. Menezes, Another look at “provable security” II,, in, (2006), 148. doi: 10.1007/11941378_12. Google Scholar

[58]

P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,, in, (1996), 104. Google Scholar

[59]

P. Kocher, Differential power analysis,, in, (1999), 388. Google Scholar

[60]

H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol,, in, (2005), 546. doi: 10.1007/11535218_33. Google Scholar

[61]

M. G. Kuhn, Compromising emanations: Eavesdropping risks of computer displays,, Technical Report 577, (2003). Google Scholar

[62]

A. K. Lenstra, J. Hughes, M. Augier, J. Bos, T. Kleinjung and C. Wachter, Ron was wrong, Whit is right,, available online at \url{http://eprint.iacr.org/2012/064.pdf}, (). Google Scholar

[63]

M. Luby and C. Rackoff, How to construct pseudorandom permutations from pseudorandom functions,, SIAM J. Comput., 17 (1988), 373. doi: 10.1137/0217022. Google Scholar

[64]

L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar and V. Makarov, Hacking commercial quantum cryptography systems by tailored bright illumination,, Nature Photonics, 4 (2010), 686. doi: 10.1038/nphoton.2010.214. Google Scholar

[65]

J. Manger, A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1 v2.0,, in, (2001), 230. doi: 10.1007/3-540-44647-8_14. Google Scholar

[66]

J. Markoff, Researchers find a flaw in a widely used online encryption method,, The New York Times, (2012). Google Scholar

[67]

K. McCurley, Language modeling and encryption on packet switched networks,, in, (2006), 359. doi: 10.1007/11761679_22. Google Scholar

[68]

A. Menezes, Another look at HMQV,, J. Math. Crypt., 1 (2007), 47. Google Scholar

[69]

A. Menezes, P. van Oorschot and S. Vanstone, "Handbook of Applied Cryptography,'', CRC Press, (1996). doi: 10.1201/9781439821916. Google Scholar

[70]

A. Menezes and N. Smart, Security of signature schemes in a multi-user setting,, Des. Codes Crypt., 33 (2004), 261. doi: 10.1023/B:DESI.0000036250.18062.3f. Google Scholar

[71]

Z. Merali, Hackers blind quantum cryptographers,, Nature News, (). Google Scholar

[72]

S. Micali and L. Reyzin, Physically observable cryptography,, in, (2004), 278. Google Scholar

[73]

P. Montgomery and R. Silverman, An FFT extension to the $P-1$ factoring algorithm,, Math. Comput., 54 (1990), 839. Google Scholar

[74]

M. Myers, C. Adams, D. Solo and D. Kapa, Internet X.509 certificate request message format,, IETF RFC 2511, (2511). Google Scholar

[75]

National Institute of Standards and Technology, Digital Signature Standard,, FIPS Publication 186, (1994). Google Scholar

[76]

National Security Agency, Tempest: A signal problem,, approved for release 27 September 2007, (2007). Google Scholar

[77]

P. Nguyen and I. Shparlinski, The insecurity of the digital signature algorithm with partially known nonces,, Des. Codes Crypt., 30 (2003), 201. doi: 10.1023/A:1025436905711. Google Scholar

[78]

T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes,, in, (1993), 31. doi: 10.1007/3-540-48071-4_3. Google Scholar

[79]

K. Paterson, T. Ristenpart and T. Shrimpton, Tag size does matter: Attacks and proofs for the TLS record protocol,, in, (2011), 371. doi: 10.1007/978-3-642-25385-0_20. Google Scholar

[80]

K. Paterson and G. Watson, Plaintext-dependent decryption: A formal security treatment of SSH-CTR,, in, (2010), 345. doi: 10.1007/978-3-642-13190-5_18. Google Scholar

[81]

S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over $GF(p)$ and its cryptographic significance,, IEEE Trans. Inform. Theory, 24 (1978), 106. doi: 10.1109/TIT.1978.1055817. Google Scholar

[82]

J. M. Pollard, Theorems on factorization and primality testing,, Proc. Cambridge Philos. Soc., 76 (1974), 521. Google Scholar

[83]

M. O. Rabin, Digitalized signatures and public-key functions as intractable as factorization,, MIT/LCS/TR-212, (1979). Google Scholar

[84]

R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems,, Commun. ACM, 21 (1978), 120. doi: 10.1145/359340.359342. Google Scholar

[85]

P. Rogaway, Practice-oriented provable security and the social construction of cryptography,, Unpublished essay based on an invited talk at Eurocrypt 2009, (2009). Google Scholar

[86]

P. Rogaway, M. Bellare and J. Black, OCB: A block-cipher mode of operation for efficient authenticated encryption,, ACM Trans. Inform. Sys. Secur., 6 (2003), 365. doi: 10.1145/937527.937529. Google Scholar

[87]

P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem,, in, (2006), 373. doi: 10.1007/11761679_23. Google Scholar

[88]

RSA Laboratories, PKCS #1 v2.1: RSA Cryptography Standard,, available online at \url{ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf}, (): 2. Google Scholar

[89]

RSA Laboratories, PKCS #10 v1.7: Certification Request Syntax Standard,, available online at \url{ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-10/pkcs-10v1_7.pdf}, (). Google Scholar

[90]

D. Russell and G. T. Gangemi Sr., Computer security basics,, in, (1991). Google Scholar

[91]

F. Salmon, Recipe for disaster: the formula that killed Wall Street,, Wired Magazine, (2009). Google Scholar

[92]

V. Shoup, Why chosen ciphertext security matters,, IBM Research Report RZ 3076 (#93122), (3076). Google Scholar

[93]

F.-X. Standaert, How leaky is an extractor?,, in, (2010), 294. doi: 10.1007/978-3-642-14712-8_18. Google Scholar

[94]

F.-X. Standaert, T. Malkin and M. Yung, A unified framework for the analysis of side-channel key recovery attacks,, in, (2009), 443. doi: 10.1007/978-3-642-01001-9_26. Google Scholar

[95]

N. Stephenson, "Cryptonomicon,'', Perennial, (1999). Google Scholar

[96]

C.-H. Tan, Key substitution attacks on some provably secure signature schemes,, IEICE Trans. Fundam., E87-A (2004), 226. Google Scholar

[97]

M. Turan, et al., Status report on the second round of the SHA-3 cryptographic hash algorithm competition,, NIST Interagency Report 7764, (7764). Google Scholar

[98]

S. Vaudenay, Provable security in block ciphers by decorrelation,, in, (1998), 249. Google Scholar

[99]

D. Wagner, The boomerang attack,, in, (1999), 156. doi: 10.1007/3-540-48519-8_12. Google Scholar

[100]

M. Whitehouse, Slices of risk,, The Wall Street Journal, (2005). Google Scholar

[101]

P. Wright, "Spycatcher - The Candid Autobiography of a Senior Intelligence Officer,'', William Heinemann, (1987). Google Scholar

[102]

G. Yang, D. S. Wong, X. Deng and H. Wang, Anonymous signature schemes,, in, (2006), 347. doi: 10.1007/11745853_23. Google Scholar

[103]

T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol,, IETF RFC 4252, (4252). Google Scholar

show all references

References:
[1]

M. Albrecht, P. Farshim, K. Paterson and G. Watson, On cipher-dependent related-key attacks in the ideal-cipher model,, in, (2011), 128. Google Scholar

[2]

M. Albrecht, K. Paterson and G. Watson, Plaintext recovery attacks against SSH,, in, (2009), 16. Google Scholar

[3]

J. Alwen, Y. Dodis, M. Naor, G. Segev, S. Walfish and D. Wichs, Public-key encryption in the bounded-retrieval model,, in, (2010), 113. doi: 10.1007/978-3-642-13190-5_6. Google Scholar

[4]

J. Alwen, Y. Dodis and D. Wichs, Leakage-resilient public-key cryptography in the bounded-retrieval model,, in, (2009), 36. doi: 10.1007/978-3-642-03356-8_3. Google Scholar

[5]

R. Anderson, "Security Engineering,'' 2nd edition,, Wiley, (2008). Google Scholar

[6]

M. Bellare and D. Cash, Pseudorandom functions and permutations provably secure against related-key attacks,, in, (2010), 666. Google Scholar

[7]

M. Bellare and S. Duan, Partial signatures and their applications,, available online at \url{http://eprint.iacr.org/2009/336.pdf}, (). Google Scholar

[8]

M. Bellare, O. Goldreich and A. Mityagin, The power of verification queries in message authentication and authenticated encryption,, available online at \url{http://eprint.iacr.org/2004/309.pdf}, (). Google Scholar

[9]

M. Bellare, D. Hofheinz and E. Kiltz, Subtleties in the definition of IND-CCA: When and how should challenge-decryption be disallowed?,, available online at \url{http://eprint.iacr.org/2009/418.pdf}, (). Google Scholar

[10]

M. Bellare and T. Kohno, A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PFRs, and applications,, in, (2003), 491. doi: 10.1007/3-540-39200-9_31. Google Scholar

[11]

M. Bellare, T. Kohno and C. Namprempre, Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encrypt-and-MAC paradigm,, in, 1 (2004), 206. doi: 10.1145/996943.996945. Google Scholar

[12]

M. Bellare and P. Rogaway, Entity authentication and key distribution,, in, (1994), 232. Google Scholar

[13]

D. J. Bernstein, H.-C. Chen, C.-M. Cheng, T. Lange, R. Niederhagen, P. Schwabe and B.-Y. Yang, ECC2K-130 on NVIDIA GPUs,, in, (2010), 328. doi: 10.1007/978-3-642-17401-8_23. Google Scholar

[14]

I. Biehl, B. Meyer and V. Müller, Differential fault attacks on elliptic curve cryptosystems,, in, (2000), 131. doi: 10.1007/3-540-44598-6_8. Google Scholar

[15]

A. Biryukov, O. Dunkelman, N. Keller, D. Khovratovich and A. Shamir, Key recovery attacks of practical complexity on AES variants with up to 10 rounds,, in, (2010), 299. doi: 10.1007/978-3-642-13190-5_15. Google Scholar

[16]

S. Blake-Wilson and A. Menezes, Unknown key-share attacks on the station-to-station (STS) protocol,, in, (1999), 156. Google Scholar

[17]

J. Blömer, M. Otto and J.-P. Seifert, Sign change fault attacks on elliptic curve cryptosystems,, in, (2006), 36. doi: 10.1007/11889700_4. Google Scholar

[18]

J.-M. Bohli, S. Röhrich and R. Steinwandt, Key substitution attacks revisited: Taking into account malicious signers,, Intern. J. Information Security, 5 (2006), 30. doi: 10.1007/s10207-005-0071-2. Google Scholar

[19]

A. Boldyreva, M. Fischlin, A. Palacio and B. Warinschi, A closer look at PKI: Security and efficiency,, in, (2007), 458. doi: 10.1007/978-3-540-71677-8_30. Google Scholar

[20]

R. Canetti, Universally composable signature, certification, and authentication,, available online at \url{http://eprint.iacr.org/2003/239}; a shorter version appeared in, (2004), 219. Google Scholar

[21]

J. le Carré, "The Looking Glass War,'', Coward-McCann, (1965). Google Scholar

[22]

D. Cash, Y. Z. Ding, Y. Dodis, W. Lee, R. J. Lipton and S. Walfish, Intrusion-resilient key exchange in the bounded retrieval model,, in, (2007), 479. Google Scholar

[23]

S. Chatterjee, A. Menezes and P. Sarkar, Another look at tightness,, in, (2012), 293. Google Scholar

[24]

J. Clayton, "Charles Dickens in Cyberspace: The Afterlife of the Nineteenth Century in Postmodern Culture,'', Oxford Univ. Press, (2003). Google Scholar

[25]

R. Cooke, "The Mathematics of Sonya Kovalevskaya,'', Springer-Verlag, (1984). doi: 10.1007/978-1-4612-5274-0. Google Scholar

[26]

J. Coron, Resistance against differential power analysis for elliptic curve cryptosystems,, in, (1999), 292. doi: 10.1007/3-540-48059-5_25. Google Scholar

[27]

R. Cramer and V. Shoup, Signature schemes based on the strong RSA assumption,, ACM Trans. Inform. Sys. Secur., 3 (2000), 161. doi: 10.1145/357830.357847. Google Scholar

[28]

G. Di Crescenzo, R. J. Lipton and S. Walfish, Perfectly secure password protocols in the bounded retrieval model,, in, (2006), 225. Google Scholar

[29]

J. P. Degabriele, K. G. Paterson and G. J. Watson, Provable security in the real world,, IEEE Secur. Privacy, 9 (2011), 18. Google Scholar

[30]

R. L. Dennis, Security in the computer environment,, SDC-SP 2440/00/01, (2440). Google Scholar

[31]

W. Diffie, P. van Oorschot and M. Wiener, Authentication and authenticated key exchanges,, Des. Codes Crypt., 2 (1992), 107. doi: 10.1007/BF00124891. Google Scholar

[32]

Y. Dodis, P. Lee and D. Yum, Optimistic fair exchange in a multi-user setting,, J. Universal Comp. Sci., 14 (2008), 318. Google Scholar

[33]

A. Domínguez-Oviedo, "On Fault-Based Attacks and Countermeasures for Elliptic Curve Cryptosystems,'', Ph.D. thesis, (2008). Google Scholar

[34]

C. Donnelly and P. Embrechts, The devil is in the tails,, ASTIN Bulletin, 40 (2010), 1. doi: 10.2143/AST.40.1.2049222. Google Scholar

[35]

O. Dunkelman, N. Keller and A. Shamir, A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony,, in, (2010), 393. doi: 10.1007/978-3-642-14623-7_21. Google Scholar

[36]

S. Dziembowski, Intrusion-resilience via the bounded-storage model,, in, (2006), 207. Google Scholar

[37]

S. Dziembowski and K. Pietrzak, Leakage-resilient cryptography,, in, (2008), 293. Google Scholar

[38]

W. van Eck, Electromagnetic radiation from video display units: An eavesdropping risk?,, Comput. Soc., 4 (1985), 269. Google Scholar

[39]

J. Fan, X. Guo, E. De Mulder, P. Schaumont, B. Preneel and I. Verbauwhede, State-of-the-art of secure ECC implementations: A survey of known side-channel attacks and countermeasures,, in, (2010), 76. doi: 10.1109/HST.2010.5513110. Google Scholar

[40]

P. Fouque, R. Lercier, D. Réal and F. Valette, Fault attack on elliptic curve Montgomery ladder implementation,, in, (2008), 92. Google Scholar

[41]

R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle,, in, (1999), 123. Google Scholar

[42]

C. Gentry, Practical identity-based encryption without random oracles,, in, (2006), 445. doi: 10.1007/11761679_27. Google Scholar

[43]

S. Goldwasser, S. Micali and R. Rivest, A “paradoxical” solution to the signature problem,, in, (1984), 441. Google Scholar

[44]

S. Jones, The formula that felled Wall St.,, in, (2009), 8. Google Scholar

[45]

M. Joye, J. J. Quisquater, S. M. Yen and M. Yung, Observability analysis - Detecting when improved cryptosystems fail,, in, (2002), 17. doi: 10.1007/3-540-45760-7_2. Google Scholar

[46]

M. Joye and S. M. Yen, Checking before output may not be enough against fault-based cryptanalysis,, IEEE Trans. Comp., 49 (2000), 967. doi: 10.1109/12.869328. Google Scholar

[47]

M. Joye and S. M. Yen, The Montgomery powering ladder,, in, (2002), 291. Google Scholar

[48]

B. Kaliski, Contribution to ANSI X9F1 and IEEE P1363 working groups,, 17 June 1998., (1998). Google Scholar

[49]

J. Katz, Signature schemes with bounded leakage resilience,, available online at \url{http://eprint.iacr.org/2009/220.pdf}, (). Google Scholar

[50]

J. Katz and Y. Lindell, "Introduction to Modern Cryptography,'', Chapman and Hall/CRC, (2008). Google Scholar

[51]

J. Katz and V. Vaikuntanathan, Signature schemes with bounded leakage resilience,, in, (2009), 703. doi: 10.1007/978-3-642-10366-7_41. Google Scholar

[52]

T. Kleinjung, et al., Factorization of a 768-bit RSA modulus,, in, (2010), 333. doi: 10.1007/978-3-642-14623-7_18. Google Scholar

[53]

A. H. Koblitz, "A Convergence of Lives: Sofia Kovalevskaia - Scientist, Writer, Revolutionary,'', Birkhaüser, (1983). doi: 10.1007/978-1-4684-9438-9. Google Scholar

[54]

A. H. Koblitz, N. Koblitz and A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm shift,, J. Number Theory, 131 (2011), 781. doi: 10.1016/j.jnt.2009.01.006. Google Scholar

[55]

N. Koblitz, The uneasy relationship between mathematics and cryptography,, Notices Amer. Math. Soc., 54 (2007), 972. Google Scholar

[56]

N. Koblitz and A. Menezes, Another look at “provable security”,, J. Cryptology, 20 (2007), 3. doi: 10.1007/s00145-005-0432-z. Google Scholar

[57]

N. Koblitz and A. Menezes, Another look at “provable security” II,, in, (2006), 148. doi: 10.1007/11941378_12. Google Scholar

[58]

P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,, in, (1996), 104. Google Scholar

[59]

P. Kocher, Differential power analysis,, in, (1999), 388. Google Scholar

[60]

H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol,, in, (2005), 546. doi: 10.1007/11535218_33. Google Scholar

[61]

M. G. Kuhn, Compromising emanations: Eavesdropping risks of computer displays,, Technical Report 577, (2003). Google Scholar

[62]

A. K. Lenstra, J. Hughes, M. Augier, J. Bos, T. Kleinjung and C. Wachter, Ron was wrong, Whit is right,, available online at \url{http://eprint.iacr.org/2012/064.pdf}, (). Google Scholar

[63]

M. Luby and C. Rackoff, How to construct pseudorandom permutations from pseudorandom functions,, SIAM J. Comput., 17 (1988), 373. doi: 10.1137/0217022. Google Scholar

[64]

L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar and V. Makarov, Hacking commercial quantum cryptography systems by tailored bright illumination,, Nature Photonics, 4 (2010), 686. doi: 10.1038/nphoton.2010.214. Google Scholar

[65]

J. Manger, A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1 v2.0,, in, (2001), 230. doi: 10.1007/3-540-44647-8_14. Google Scholar

[66]

J. Markoff, Researchers find a flaw in a widely used online encryption method,, The New York Times, (2012). Google Scholar

[67]

K. McCurley, Language modeling and encryption on packet switched networks,, in, (2006), 359. doi: 10.1007/11761679_22. Google Scholar

[68]

A. Menezes, Another look at HMQV,, J. Math. Crypt., 1 (2007), 47. Google Scholar

[69]

A. Menezes, P. van Oorschot and S. Vanstone, "Handbook of Applied Cryptography,'', CRC Press, (1996). doi: 10.1201/9781439821916. Google Scholar

[70]

A. Menezes and N. Smart, Security of signature schemes in a multi-user setting,, Des. Codes Crypt., 33 (2004), 261. doi: 10.1023/B:DESI.0000036250.18062.3f. Google Scholar

[71]

Z. Merali, Hackers blind quantum cryptographers,, Nature News, (). Google Scholar

[72]

S. Micali and L. Reyzin, Physically observable cryptography,, in, (2004), 278. Google Scholar

[73]

P. Montgomery and R. Silverman, An FFT extension to the $P-1$ factoring algorithm,, Math. Comput., 54 (1990), 839. Google Scholar

[74]

M. Myers, C. Adams, D. Solo and D. Kapa, Internet X.509 certificate request message format,, IETF RFC 2511, (2511). Google Scholar

[75]

National Institute of Standards and Technology, Digital Signature Standard,, FIPS Publication 186, (1994). Google Scholar

[76]

National Security Agency, Tempest: A signal problem,, approved for release 27 September 2007, (2007). Google Scholar

[77]

P. Nguyen and I. Shparlinski, The insecurity of the digital signature algorithm with partially known nonces,, Des. Codes Crypt., 30 (2003), 201. doi: 10.1023/A:1025436905711. Google Scholar

[78]

T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes,, in, (1993), 31. doi: 10.1007/3-540-48071-4_3. Google Scholar

[79]

K. Paterson, T. Ristenpart and T. Shrimpton, Tag size does matter: Attacks and proofs for the TLS record protocol,, in, (2011), 371. doi: 10.1007/978-3-642-25385-0_20. Google Scholar

[80]

K. Paterson and G. Watson, Plaintext-dependent decryption: A formal security treatment of SSH-CTR,, in, (2010), 345. doi: 10.1007/978-3-642-13190-5_18. Google Scholar

[81]

S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over $GF(p)$ and its cryptographic significance,, IEEE Trans. Inform. Theory, 24 (1978), 106. doi: 10.1109/TIT.1978.1055817. Google Scholar

[82]

J. M. Pollard, Theorems on factorization and primality testing,, Proc. Cambridge Philos. Soc., 76 (1974), 521. Google Scholar

[83]

M. O. Rabin, Digitalized signatures and public-key functions as intractable as factorization,, MIT/LCS/TR-212, (1979). Google Scholar

[84]

R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems,, Commun. ACM, 21 (1978), 120. doi: 10.1145/359340.359342. Google Scholar

[85]

P. Rogaway, Practice-oriented provable security and the social construction of cryptography,, Unpublished essay based on an invited talk at Eurocrypt 2009, (2009). Google Scholar

[86]

P. Rogaway, M. Bellare and J. Black, OCB: A block-cipher mode of operation for efficient authenticated encryption,, ACM Trans. Inform. Sys. Secur., 6 (2003), 365. doi: 10.1145/937527.937529. Google Scholar

[87]

P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem,, in, (2006), 373. doi: 10.1007/11761679_23. Google Scholar

[88]

RSA Laboratories, PKCS #1 v2.1: RSA Cryptography Standard,, available online at \url{ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf}, (): 2. Google Scholar

[89]

RSA Laboratories, PKCS #10 v1.7: Certification Request Syntax Standard,, available online at \url{ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-10/pkcs-10v1_7.pdf}, (). Google Scholar

[90]

D. Russell and G. T. Gangemi Sr., Computer security basics,, in, (1991). Google Scholar

[91]

F. Salmon, Recipe for disaster: the formula that killed Wall Street,, Wired Magazine, (2009). Google Scholar

[92]

V. Shoup, Why chosen ciphertext security matters,, IBM Research Report RZ 3076 (#93122), (3076). Google Scholar

[93]

F.-X. Standaert, How leaky is an extractor?,, in, (2010), 294. doi: 10.1007/978-3-642-14712-8_18. Google Scholar

[94]

F.-X. Standaert, T. Malkin and M. Yung, A unified framework for the analysis of side-channel key recovery attacks,, in, (2009), 443. doi: 10.1007/978-3-642-01001-9_26. Google Scholar

[95]

N. Stephenson, "Cryptonomicon,'', Perennial, (1999). Google Scholar

[96]

C.-H. Tan, Key substitution attacks on some provably secure signature schemes,, IEICE Trans. Fundam., E87-A (2004), 226. Google Scholar

[97]

M. Turan, et al., Status report on the second round of the SHA-3 cryptographic hash algorithm competition,, NIST Interagency Report 7764, (7764). Google Scholar

[98]

S. Vaudenay, Provable security in block ciphers by decorrelation,, in, (1998), 249. Google Scholar

[99]

D. Wagner, The boomerang attack,, in, (1999), 156. doi: 10.1007/3-540-48519-8_12. Google Scholar

[100]

M. Whitehouse, Slices of risk,, The Wall Street Journal, (2005). Google Scholar

[101]

P. Wright, "Spycatcher - The Candid Autobiography of a Senior Intelligence Officer,'', William Heinemann, (1987). Google Scholar

[102]

G. Yang, D. S. Wong, X. Deng and H. Wang, Anonymous signature schemes,, in, (2006), 347. doi: 10.1007/11745853_23. Google Scholar

[103]

T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol,, IETF RFC 4252, (4252). Google Scholar

[1]

Neal Koblitz, Alfred Menezes. Critical perspectives on provable security: Fifteen years of "another look" papers. Advances in Mathematics of Communications, 2019, 13 (4) : 517-558. doi: 10.3934/amc.2019034

[2]

John Banks, Brett Stanley. A note on equivalent definitions of topological transitivity. Discrete & Continuous Dynamical Systems - A, 2013, 33 (4) : 1293-1296. doi: 10.3934/dcds.2013.33.1293

[3]

Florian Luca, Igor E. Shparlinski. On finite fields for pairing based cryptography. Advances in Mathematics of Communications, 2007, 1 (3) : 281-286. doi: 10.3934/amc.2007.1.281

[4]

Isabelle Déchène. On the security of generalized Jacobian cryptosystems. Advances in Mathematics of Communications, 2007, 1 (4) : 413-426. doi: 10.3934/amc.2007.1.413

[5]

Diego F. Aranha, Ricardo Dahab, Julio López, Leonardo B. Oliveira. Efficient implementation of elliptic curve cryptography in wireless sensors. Advances in Mathematics of Communications, 2010, 4 (2) : 169-187. doi: 10.3934/amc.2010.4.169

[6]

Andreas Klein. How to say yes, no and maybe with visual cryptography. Advances in Mathematics of Communications, 2008, 2 (3) : 249-259. doi: 10.3934/amc.2008.2.249

[7]

Gerhard Frey. Relations between arithmetic geometry and public key cryptography. Advances in Mathematics of Communications, 2010, 4 (2) : 281-305. doi: 10.3934/amc.2010.4.281

[8]

Gérard Maze, Chris Monico, Joachim Rosenthal. Public key cryptography based on semigroup actions. Advances in Mathematics of Communications, 2007, 1 (4) : 489-507. doi: 10.3934/amc.2007.1.489

[9]

Archana Prashanth Joshi, Meng Han, Yan Wang. A survey on security and privacy issues of blockchain technology. Mathematical Foundations of Computing, 2018, 1 (2) : 121-147. doi: 10.3934/mfc.2018007

[10]

Philip Lafrance, Alfred Menezes. On the security of the WOTS-PRF signature scheme. Advances in Mathematics of Communications, 2019, 13 (1) : 185-193. doi: 10.3934/amc.2019012

[11]

Riccardo Aragona, Alessio Meneghetti. Type-preserving matrices and security of block ciphers. Advances in Mathematics of Communications, 2019, 13 (2) : 235-251. doi: 10.3934/amc.2019016

[12]

Jian Mao, Qixiao Lin, Jingdong Bian. Application of learning algorithms in smart home IoT system security. Mathematical Foundations of Computing, 2018, 1 (1) : 63-76. doi: 10.3934/mfc.2018004

[13]

Liqun Qi, Zheng yan, Hongxia Yin. Semismooth reformulation and Newton's method for the security region problem of power systems. Journal of Industrial & Management Optimization, 2008, 4 (1) : 143-153. doi: 10.3934/jimo.2008.4.143

[14]

Zongmin Li, Jiuping Xu, Wenjing Shen, Benjamin Lev, Xiao Lei. Bilevel multi-objective construction site security planning with twofold random phenomenon. Journal of Industrial & Management Optimization, 2015, 11 (2) : 595-617. doi: 10.3934/jimo.2015.11.595

[15]

Jose-Luis Roca-Gonzalez. Designing dynamical systems for security and defence network knowledge management. A case of study: Airport bird control falconers organizations. Discrete & Continuous Dynamical Systems - S, 2015, 8 (6) : 1311-1329. doi: 10.3934/dcdss.2015.8.1311

[16]

Shuai Ren, Tao Zhang, Fangxia Shi, Zongzong Lou. The application of improved-DAA for the vehicle network node security in single- and multi-trusted domain. Discrete & Continuous Dynamical Systems - S, 2015, 8 (6) : 1301-1309. doi: 10.3934/dcdss.2015.8.1301

[17]

Yang Lu, Jiguo Li. Forward-secure identity-based encryption with direct chosen-ciphertext security in the standard model. Advances in Mathematics of Communications, 2017, 11 (1) : 161-177. doi: 10.3934/amc.2017010

2018 Impact Factor: 0.879

Metrics

  • PDF downloads (11)
  • HTML views (0)
  • Cited by (5)

Other articles
by authors

[Back to Top]