February  2013, 7(1): 1-38. doi: 10.3934/amc.2013.7.1

Another look at security definitions

1. 

Department of Mathematics, Box 354350, University of Washington, Seattle, WA 98195

2. 

Department of Combinatorics & Optimization, University of Waterloo, Waterloo, Ontario N2L 3G1

Received  August 2011 Revised  March 2012 Published  January 2013

We take a critical look at security models that are often used to give "provable security" guarantees. We pay particular attention to digital signatures, symmetric-key encryption, and leakage resilience. We find that there has been a surprising amount of uncertainty about what the "right" definitions might be. Even when definitions have an appealing logical elegance and nicely reflect certain notions of security, they fail to take into account many types of attacks and do not provide a comprehensive model of adversarial behavior.
Citation: Neal Koblitz, Alfred Menezes. Another look at security definitions. Advances in Mathematics of Communications, 2013, 7 (1) : 1-38. doi: 10.3934/amc.2013.7.1
References:
[1]

M. Albrecht, P. Farshim, K. Paterson and G. Watson, On cipher-dependent related-key attacks in the ideal-cipher model, in "Fast Software Encryption - FSE 2011,'' Springer-Verlag, (2011), 128-145.

[2]

M. Albrecht, K. Paterson and G. Watson, Plaintext recovery attacks against SSH, in "IEEE Symposium on Security and Privacy,'' IEEE Computer Society, (2009), 16-26.

[3]

J. Alwen, Y. Dodis, M. Naor, G. Segev, S. Walfish and D. Wichs, Public-key encryption in the bounded-retrieval model, in "Advances in Cryptology - Eurocrypt 2010,'' Springer-Verlag, (2010), 113-134. doi: 10.1007/978-3-642-13190-5_6.

[4]

J. Alwen, Y. Dodis and D. Wichs, Leakage-resilient public-key cryptography in the bounded-retrieval model, in "Advances in Cryptology - Crypto 2009,'' Springer-Verlag, (2009), 36-54. doi: 10.1007/978-3-642-03356-8_3.

[5]

R. Anderson, "Security Engineering,'' 2nd edition, Wiley, 2008.

[6]

M. Bellare and D. Cash, Pseudorandom functions and permutations provably secure against related-key attacks, in "Advances in Cryptology - Crypto 2010,'' Springer-Verlag, (2010), 666-684.

[7]

M. Bellare and S. Duan, Partial signatures and their applications, available online at http://eprint.iacr.org/2009/336.pdf

[8]

M. Bellare, O. Goldreich and A. Mityagin, The power of verification queries in message authentication and authenticated encryption, available online at http://eprint.iacr.org/2004/309.pdf

[9]

M. Bellare, D. Hofheinz and E. Kiltz, Subtleties in the definition of IND-CCA: When and how should challenge-decryption be disallowed?, available online at http://eprint.iacr.org/2009/418.pdf

[10]

M. Bellare and T. Kohno, A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PFRs, and applications, in "Advances in Cryptology - Eurocrypt 2003,'' Springer-Verlag, (2003), 491-506. doi: 10.1007/3-540-39200-9_31.

[11]

M. Bellare, T. Kohno and C. Namprempre, Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encrypt-and-MAC paradigm, in "ACM Transactions on Information and System Security,'' 1 (2004), 206-241. doi: 10.1145/996943.996945.

[12]

M. Bellare and P. Rogaway, Entity authentication and key distribution, in "Advances in Cryptology - Crypto '93,'' Springer-Verlag, (1994), 232-249; available online at http://cseweb.ucsd.edu/~mihir/papers/eakd.pdf

[13]

D. J. Bernstein, H.-C. Chen, C.-M. Cheng, T. Lange, R. Niederhagen, P. Schwabe and B.-Y. Yang, ECC2K-130 on NVIDIA GPUs, in "Progress in Cryptology - Indocrypt 2010,'' Springer-Verlag, (2010), 328-346. doi: 10.1007/978-3-642-17401-8_23.

[14]

I. Biehl, B. Meyer and V. Müller, Differential fault attacks on elliptic curve cryptosystems, in "Advances in Cryptology - Crypto 2000,'' Springer-Verlag, (2000), 131-146. doi: 10.1007/3-540-44598-6_8.

[15]

A. Biryukov, O. Dunkelman, N. Keller, D. Khovratovich and A. Shamir, Key recovery attacks of practical complexity on AES variants with up to 10 rounds, in "Advances in Cryptology - Eurocrypt 2010,'' Springer-Verlag, (2010), 299-319. doi: 10.1007/978-3-642-13190-5_15.

[16]

S. Blake-Wilson and A. Menezes, Unknown key-share attacks on the station-to-station (STS) protocol, in "Public Key Cryptography - PKC 1999,'' Springer-Verlag, (1999), 156-170.

[17]

J. Blömer, M. Otto and J.-P. Seifert, Sign change fault attacks on elliptic curve cryptosystems, in "Fault Diagnosis and Tolerance in Cryptography (FDTC),'' Springer-Verlag, (2006), 36-52. doi: 10.1007/11889700_4.

[18]

J.-M. Bohli, S. Röhrich and R. Steinwandt, Key substitution attacks revisited: Taking into account malicious signers, Intern. J. Information Security, 5 (2006), 30-36. doi: 10.1007/s10207-005-0071-2.

[19]

A. Boldyreva, M. Fischlin, A. Palacio and B. Warinschi, A closer look at PKI: Security and efficiency, in "Public Key Cryptography - PKC 2007,'' Springer-Verlag, (2007), 458-475. doi: 10.1007/978-3-540-71677-8_30.

[20]

R. Canetti, Universally composable signature, certification, and authentication, available online at http://eprint.iacr.org/2003/239; a shorter version appeared in "Computer Security Foundations Workshop (CSFW-17 2004),'' IEEE Computer Society, (2004), 219-235.

[21]

J. le Carré, "The Looking Glass War,'' Coward-McCann, New York, 1965.

[22]

D. Cash, Y. Z. Ding, Y. Dodis, W. Lee, R. J. Lipton and S. Walfish, Intrusion-resilient key exchange in the bounded retrieval model, in "Fourth Theory of Cryptography Conference - TCC 2007,'' Springer-Verlag, (2007), 479-498.

[23]

S. Chatterjee, A. Menezes and P. Sarkar, Another look at tightness, in "Selected Areas in Cryptography - SAC 2011,'' Springer-Verlag, (2012), 293-319.

[24]

J. Clayton, "Charles Dickens in Cyberspace: The Afterlife of the Nineteenth Century in Postmodern Culture,'' Oxford Univ. Press, 2003.

[25]

R. Cooke, "The Mathematics of Sonya Kovalevskaya,'' Springer-Verlag, 1984. doi: 10.1007/978-1-4612-5274-0.

[26]

J. Coron, Resistance against differential power analysis for elliptic curve cryptosystems, in "Cryptographic Hardware and Embedded Systems (CHES),'' Springer-Verlag, (1999), 292-302. doi: 10.1007/3-540-48059-5_25.

[27]

R. Cramer and V. Shoup, Signature schemes based on the strong RSA assumption, ACM Trans. Inform. Sys. Secur., 3 (2000), 161-185. doi: 10.1145/357830.357847.

[28]

G. Di Crescenzo, R. J. Lipton and S. Walfish, Perfectly secure password protocols in the bounded retrieval model, in "Third Theory of Cryptography Conference - TCC 2006,'' Springer-Verlag, (2006), 225-244.

[29]

J. P. Degabriele, K. G. Paterson and G. J. Watson, Provable security in the real world, IEEE Secur. Privacy, 9 (2011), 18-26.

[30]

R. L. Dennis, Security in the computer environment, SDC-SP 2440/00/01, AD 640648 (August 18, 1966).

[31]

W. Diffie, P. van Oorschot and M. Wiener, Authentication and authenticated key exchanges, Des. Codes Crypt., 2 (1992), 107-125. doi: 10.1007/BF00124891.

[32]

Y. Dodis, P. Lee and D. Yum, Optimistic fair exchange in a multi-user setting, J. Universal Comp. Sci., 14 (2008), 318-346.

[33]

A. Domínguez-Oviedo, "On Fault-Based Attacks and Countermeasures for Elliptic Curve Cryptosystems,'' Ph.D. thesis, University of Waterloo, 2008.

[34]

C. Donnelly and P. Embrechts, The devil is in the tails, ASTIN Bulletin, 40 (2010), 1-33. doi: 10.2143/AST.40.1.2049222.

[35]

O. Dunkelman, N. Keller and A. Shamir, A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony, in "Advances in Cryptology - Crypto 2010,'' Springer-Verlag, (2010), 393-410. doi: 10.1007/978-3-642-14623-7_21.

[36]

S. Dziembowski, Intrusion-resilience via the bounded-storage model, in "Third Theory of Cryptography Conference - TCC 2006,'' Springer-Verlag, (2006), 207-224.

[37]

S. Dziembowski and K. Pietrzak, Leakage-resilient cryptography, in "Proc. 49th Annual IEEE Symposium on the Foundations of Computer Science,'' (2008), 293-302.

[38]

W. van Eck, Electromagnetic radiation from video display units: An eavesdropping risk?, Comput. Soc., 4 (1985), 269-286.

[39]

J. Fan, X. Guo, E. De Mulder, P. Schaumont, B. Preneel and I. Verbauwhede, State-of-the-art of secure ECC implementations: A survey of known side-channel attacks and countermeasures, in "2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST),'' IEEE, (2010), 76-87. doi: 10.1109/HST.2010.5513110.

[40]

P. Fouque, R. Lercier, D. Réal and F. Valette, Fault attack on elliptic curve Montgomery ladder implementation, in "Fault Diagnosis and Tolerance in Cryptography (FDTC),'' IEEE, (2008), 92-98.

[41]

R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle, in "Advances in Cryptology - Eurocrypt '99,'' Springer-Verlag, (1999), 123-139.

[42]

C. Gentry, Practical identity-based encryption without random oracles, in "Advances in Cryptology - Eurocrypt 2006,'' Springer-Verlag, (2006), 445-464. doi: 10.1007/11761679_27.

[43]

S. Goldwasser, S. Micali and R. Rivest, A “paradoxical” solution to the signature problem, in "Proc. 25th Annual IEEE Symposium on the Foundations of Computer Science,'' (1984), 441-448.

[44]

S. Jones, The formula that felled Wall St., in "Financial Times,'' 24 April 2009, available online at http://www.ft.com/cms/s/2/912d85e8-2d75-11de-9eba-00144feabdc0.html

[45]

M. Joye, J. J. Quisquater, S. M. Yen and M. Yung, Observability analysis - Detecting when improved cryptosystems fail, in "Topics in Cryptology - CT-RSA 2002,'' Springer-Verlag, (2002), 17-29. doi: 10.1007/3-540-45760-7_2.

[46]

M. Joye and S. M. Yen, Checking before output may not be enough against fault-based cryptanalysis, IEEE Trans. Comp., 49 (2000), 967-970. doi: 10.1109/12.869328.

[47]

M. Joye and S. M. Yen, The Montgomery powering ladder, in "Cryptographic Hardware and Embedded Systems (CHES),'' Springer-Verlag, (2002), 291-302.

[48]

B. Kaliski, Contribution to ANSI X9F1 and IEEE P1363 working groups, 17 June 1998.

[49]

J. Katz, Signature schemes with bounded leakage resilience, available online at http://eprint.iacr.org/2009/220.pdf

[50]

J. Katz and Y. Lindell, "Introduction to Modern Cryptography,'' Chapman and Hall/CRC, 2008.

[51]

J. Katz and V. Vaikuntanathan, Signature schemes with bounded leakage resilience, in "Advances in Cryptology - Asiacrypt 2009,'' Springer-Verlag, (2009), 703-720. doi: 10.1007/978-3-642-10366-7_41.

[52]

T. Kleinjung, et al., Factorization of a 768-bit RSA modulus, in "Advances in Cryptology - Crypto 2010,'' Springer-Verlag, (2010), 333-350. doi: 10.1007/978-3-642-14623-7_18.

[53]

A. H. Koblitz, "A Convergence of Lives: Sofia Kovalevskaia - Scientist, Writer, Revolutionary,'' Birkhaüser, 1983. doi: 10.1007/978-1-4684-9438-9.

[54]

A. H. Koblitz, N. Koblitz and A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm shift, J. Number Theory, 131 (2011), 781-814. doi: 10.1016/j.jnt.2009.01.006.

[55]

N. Koblitz, The uneasy relationship between mathematics and cryptography, Notices Amer. Math. Soc., 54 (2007), 972-979.

[56]

N. Koblitz and A. Menezes, Another look at “provable security”, J. Cryptology, 20 (2007), 3-37. doi: 10.1007/s00145-005-0432-z.

[57]

N. Koblitz and A. Menezes, Another look at “provable security” II, in "Progress in Cryptology - Indocrypt 2006,'' Springer-Verlag, (2006), 148-175. doi: 10.1007/11941378_12.

[58]

P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, in "Advances in Cryptology - Crypto '96,'' Springer-Verlag, (1996), 104-113.

[59]

P. Kocher, Differential power analysis, in "Advances in Cryptology - Crypto '99,'' Springer-Verlag, (1999), 388-397; a brief version was presented at the Rump Session of Crypto '98.

[60]

H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol, in "Advances in Cryptology - Crypto 2005,'' Springer-Verlag, (2005), 546-566. doi: 10.1007/11535218_33.

[61]

M. G. Kuhn, Compromising emanations: Eavesdropping risks of computer displays, Technical Report 577, University of Cambridge Computer Laboratory, 2003, available online at http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdf

[62]

A. K. Lenstra, J. Hughes, M. Augier, J. Bos, T. Kleinjung and C. Wachter, Ron was wrong, Whit is right, available online at http://eprint.iacr.org/2012/064.pdf

[63]

M. Luby and C. Rackoff, How to construct pseudorandom permutations from pseudorandom functions, SIAM J. Comput., 17 (1988), 373-386. doi: 10.1137/0217022.

[64]

L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar and V. Makarov, Hacking commercial quantum cryptography systems by tailored bright illumination, Nature Photonics, 4 (2010), 686-689. doi: 10.1038/nphoton.2010.214.

[65]

J. Manger, A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1 v2.0, in "Advances in Cryptology - Crypto 2001,'' Springer-Verlag, (2001), 230-238. doi: 10.1007/3-540-44647-8_14.

[66]

J. Markoff, Researchers find a flaw in a widely used online encryption method, The New York Times, 15 February 2012, p. B4.

[67]

K. McCurley, Language modeling and encryption on packet switched networks, in "Advances in Cryptology - Eurocrypt 2006,'' Springer-Verlag, (2006), 359-372. doi: 10.1007/11761679_22.

[68]

A. Menezes, Another look at HMQV, J. Math. Crypt., 1 (2007), 47-64.

[69]

A. Menezes, P. van Oorschot and S. Vanstone, "Handbook of Applied Cryptography,'' CRC Press, 1996. doi: 10.1201/9781439821916.

[70]

A. Menezes and N. Smart, Security of signature schemes in a multi-user setting, Des. Codes Crypt., 33 (2004), 261-274. doi: 10.1023/B:DESI.0000036250.18062.3f.

[71]

Z. Merali, Hackers blind quantum cryptographers, Nature News, available online at http://www.nature.com/news/2010/100829/full/news.2010.436.html

[72]

S. Micali and L. Reyzin, Physically observable cryptography, in "First Theory of Cryptography Conference - TCC 2004,'' Springer-Verlag, (2004), 278-296.

[73]

P. Montgomery and R. Silverman, An FFT extension to the $P-1$ factoring algorithm, Math. Comput., 54 (1990), 839-854.

[74]

M. Myers, C. Adams, D. Solo and D. Kapa, Internet X.509 certificate request message format, IETF RFC 2511, 1999, available online at http://www.rfc-editor.org/rfc/rfc2511.txt

[75]

National Institute of Standards and Technology, Digital Signature Standard, FIPS Publication 186, 1994.

[76]

National Security Agency, Tempest: A signal problem, approved for release 27 September 2007, available online at http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf

[77]

P. Nguyen and I. Shparlinski, The insecurity of the digital signature algorithm with partially known nonces, Des. Codes Crypt., 30 (2003), 201-217. doi: 10.1023/A:1025436905711.

[78]

T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes, in "Advances in Cryptology - Crypto '92,'' Springer-Verlag, (1993), 31-53. doi: 10.1007/3-540-48071-4_3.

[79]

K. Paterson, T. Ristenpart and T. Shrimpton, Tag size does matter: Attacks and proofs for the TLS record protocol, in "Advances in Cryptology - Asiacrypt 2011,'' Springer-Verlag, (2011), 371-389. doi: 10.1007/978-3-642-25385-0_20.

[80]

K. Paterson and G. Watson, Plaintext-dependent decryption: A formal security treatment of SSH-CTR, in "Advances in Cryptology - Eurocrypt 2010,'' Springer-Verlag, (2010), 345-369. doi: 10.1007/978-3-642-13190-5_18.

[81]

S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over $GF(p)$ and its cryptographic significance, IEEE Trans. Inform. Theory, 24 (1978), 106-110. doi: 10.1109/TIT.1978.1055817.

[82]

J. M. Pollard, Theorems on factorization and primality testing, Proc. Cambridge Philos. Soc., 76 (1974), 521-528.

[83]

M. O. Rabin, Digitalized signatures and public-key functions as intractable as factorization, MIT/LCS/TR-212, MIT Laboratory for Computer Science, 1979.

[84]

R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems, Commun. ACM, 21 (1978), 120-126. doi: 10.1145/359340.359342.

[85]

P. Rogaway, Practice-oriented provable security and the social construction of cryptography, Unpublished essay based on an invited talk at Eurocrypt 2009, May 6, 2009, available online at http://www.cs.ucdavis.edu/~rogaway/papers/cc.pdf

[86]

P. Rogaway, M. Bellare and J. Black, OCB: A block-cipher mode of operation for efficient authenticated encryption, ACM Trans. Inform. Sys. Secur., 6 (2003), 365-403. doi: 10.1145/937527.937529.

[87]

P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem, in "Advances in Cryptology - Eurocrypt 2006,'' Springer-Verlag, (2006), 373-390. doi: 10.1007/11761679_23.

[88]

RSA Laboratories, PKCS #1 v2.1: RSA Cryptography Standard, available online at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf

[89]

RSA Laboratories, PKCS #10 v1.7: Certification Request Syntax Standard, available online at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-10/pkcs-10v1_7.pdf

[90]

D. Russell and G. T. Gangemi Sr., Computer security basics, in "TEMPEST,'' O'Reilly & Associates, 1991.

[91]

F. Salmon, Recipe for disaster: the formula that killed Wall Street, Wired Magazine, 23 February 2009.

[92]

V. Shoup, Why chosen ciphertext security matters, IBM Research Report RZ 3076 (#93122), 23 November 1998.

[93]

F.-X. Standaert, How leaky is an extractor?, in "Progress in Cryptology - Latincrypt 2010,'' Springer-Verlag, (2010), 294-304. doi: 10.1007/978-3-642-14712-8_18.

[94]

F.-X. Standaert, T. Malkin and M. Yung, A unified framework for the analysis of side-channel key recovery attacks, in "Advances in Cryptology - Eurocrypt 2009,'' Springer-Verlag, (2009), 443-461. doi: 10.1007/978-3-642-01001-9_26.

[95]

N. Stephenson, "Cryptonomicon,'' Perennial, New York, 1999.

[96]

C.-H. Tan, Key substitution attacks on some provably secure signature schemes, IEICE Trans. Fundam., E87-A (2004), 226-227.

[97]

M. Turan, et al., Status report on the second round of the SHA-3 cryptographic hash algorithm competition, NIST Interagency Report 7764, 2011.

[98]

S. Vaudenay, Provable security in block ciphers by decorrelation, in "15th Annual Symposium on Theoretical Aspects of Computer Science - STACS '98,'' Springer-Verlag, (1998), 249-275.

[99]

D. Wagner, The boomerang attack, in "Fast Software Encryption - FSE '99,'' Springer-Verlag, (1999), 156-170. doi: 10.1007/3-540-48519-8_12.

[100]

M. Whitehouse, Slices of risk, The Wall Street Journal, 12 September 2005.

[101]

P. Wright, "Spycatcher - The Candid Autobiography of a Senior Intelligence Officer,'' William Heinemann, Australia, 1987.

[102]

G. Yang, D. S. Wong, X. Deng and H. Wang, Anonymous signature schemes, in "Public Key Cryptography - PKC 2006,'' Springer-Verlag, (2006), 347-363. doi: 10.1007/11745853_23.

[103]

T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, IETF RFC 4252, 2006, available online at http://www.rfc-editor.org/rfc/rfc4252.txt

show all references

References:
[1]

M. Albrecht, P. Farshim, K. Paterson and G. Watson, On cipher-dependent related-key attacks in the ideal-cipher model, in "Fast Software Encryption - FSE 2011,'' Springer-Verlag, (2011), 128-145.

[2]

M. Albrecht, K. Paterson and G. Watson, Plaintext recovery attacks against SSH, in "IEEE Symposium on Security and Privacy,'' IEEE Computer Society, (2009), 16-26.

[3]

J. Alwen, Y. Dodis, M. Naor, G. Segev, S. Walfish and D. Wichs, Public-key encryption in the bounded-retrieval model, in "Advances in Cryptology - Eurocrypt 2010,'' Springer-Verlag, (2010), 113-134. doi: 10.1007/978-3-642-13190-5_6.

[4]

J. Alwen, Y. Dodis and D. Wichs, Leakage-resilient public-key cryptography in the bounded-retrieval model, in "Advances in Cryptology - Crypto 2009,'' Springer-Verlag, (2009), 36-54. doi: 10.1007/978-3-642-03356-8_3.

[5]

R. Anderson, "Security Engineering,'' 2nd edition, Wiley, 2008.

[6]

M. Bellare and D. Cash, Pseudorandom functions and permutations provably secure against related-key attacks, in "Advances in Cryptology - Crypto 2010,'' Springer-Verlag, (2010), 666-684.

[7]

M. Bellare and S. Duan, Partial signatures and their applications, available online at http://eprint.iacr.org/2009/336.pdf

[8]

M. Bellare, O. Goldreich and A. Mityagin, The power of verification queries in message authentication and authenticated encryption, available online at http://eprint.iacr.org/2004/309.pdf

[9]

M. Bellare, D. Hofheinz and E. Kiltz, Subtleties in the definition of IND-CCA: When and how should challenge-decryption be disallowed?, available online at http://eprint.iacr.org/2009/418.pdf

[10]

M. Bellare and T. Kohno, A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PFRs, and applications, in "Advances in Cryptology - Eurocrypt 2003,'' Springer-Verlag, (2003), 491-506. doi: 10.1007/3-540-39200-9_31.

[11]

M. Bellare, T. Kohno and C. Namprempre, Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encrypt-and-MAC paradigm, in "ACM Transactions on Information and System Security,'' 1 (2004), 206-241. doi: 10.1145/996943.996945.

[12]

M. Bellare and P. Rogaway, Entity authentication and key distribution, in "Advances in Cryptology - Crypto '93,'' Springer-Verlag, (1994), 232-249; available online at http://cseweb.ucsd.edu/~mihir/papers/eakd.pdf

[13]

D. J. Bernstein, H.-C. Chen, C.-M. Cheng, T. Lange, R. Niederhagen, P. Schwabe and B.-Y. Yang, ECC2K-130 on NVIDIA GPUs, in "Progress in Cryptology - Indocrypt 2010,'' Springer-Verlag, (2010), 328-346. doi: 10.1007/978-3-642-17401-8_23.

[14]

I. Biehl, B. Meyer and V. Müller, Differential fault attacks on elliptic curve cryptosystems, in "Advances in Cryptology - Crypto 2000,'' Springer-Verlag, (2000), 131-146. doi: 10.1007/3-540-44598-6_8.

[15]

A. Biryukov, O. Dunkelman, N. Keller, D. Khovratovich and A. Shamir, Key recovery attacks of practical complexity on AES variants with up to 10 rounds, in "Advances in Cryptology - Eurocrypt 2010,'' Springer-Verlag, (2010), 299-319. doi: 10.1007/978-3-642-13190-5_15.

[16]

S. Blake-Wilson and A. Menezes, Unknown key-share attacks on the station-to-station (STS) protocol, in "Public Key Cryptography - PKC 1999,'' Springer-Verlag, (1999), 156-170.

[17]

J. Blömer, M. Otto and J.-P. Seifert, Sign change fault attacks on elliptic curve cryptosystems, in "Fault Diagnosis and Tolerance in Cryptography (FDTC),'' Springer-Verlag, (2006), 36-52. doi: 10.1007/11889700_4.

[18]

J.-M. Bohli, S. Röhrich and R. Steinwandt, Key substitution attacks revisited: Taking into account malicious signers, Intern. J. Information Security, 5 (2006), 30-36. doi: 10.1007/s10207-005-0071-2.

[19]

A. Boldyreva, M. Fischlin, A. Palacio and B. Warinschi, A closer look at PKI: Security and efficiency, in "Public Key Cryptography - PKC 2007,'' Springer-Verlag, (2007), 458-475. doi: 10.1007/978-3-540-71677-8_30.

[20]

R. Canetti, Universally composable signature, certification, and authentication, available online at http://eprint.iacr.org/2003/239; a shorter version appeared in "Computer Security Foundations Workshop (CSFW-17 2004),'' IEEE Computer Society, (2004), 219-235.

[21]

J. le Carré, "The Looking Glass War,'' Coward-McCann, New York, 1965.

[22]

D. Cash, Y. Z. Ding, Y. Dodis, W. Lee, R. J. Lipton and S. Walfish, Intrusion-resilient key exchange in the bounded retrieval model, in "Fourth Theory of Cryptography Conference - TCC 2007,'' Springer-Verlag, (2007), 479-498.

[23]

S. Chatterjee, A. Menezes and P. Sarkar, Another look at tightness, in "Selected Areas in Cryptography - SAC 2011,'' Springer-Verlag, (2012), 293-319.

[24]

J. Clayton, "Charles Dickens in Cyberspace: The Afterlife of the Nineteenth Century in Postmodern Culture,'' Oxford Univ. Press, 2003.

[25]

R. Cooke, "The Mathematics of Sonya Kovalevskaya,'' Springer-Verlag, 1984. doi: 10.1007/978-1-4612-5274-0.

[26]

J. Coron, Resistance against differential power analysis for elliptic curve cryptosystems, in "Cryptographic Hardware and Embedded Systems (CHES),'' Springer-Verlag, (1999), 292-302. doi: 10.1007/3-540-48059-5_25.

[27]

R. Cramer and V. Shoup, Signature schemes based on the strong RSA assumption, ACM Trans. Inform. Sys. Secur., 3 (2000), 161-185. doi: 10.1145/357830.357847.

[28]

G. Di Crescenzo, R. J. Lipton and S. Walfish, Perfectly secure password protocols in the bounded retrieval model, in "Third Theory of Cryptography Conference - TCC 2006,'' Springer-Verlag, (2006), 225-244.

[29]

J. P. Degabriele, K. G. Paterson and G. J. Watson, Provable security in the real world, IEEE Secur. Privacy, 9 (2011), 18-26.

[30]

R. L. Dennis, Security in the computer environment, SDC-SP 2440/00/01, AD 640648 (August 18, 1966).

[31]

W. Diffie, P. van Oorschot and M. Wiener, Authentication and authenticated key exchanges, Des. Codes Crypt., 2 (1992), 107-125. doi: 10.1007/BF00124891.

[32]

Y. Dodis, P. Lee and D. Yum, Optimistic fair exchange in a multi-user setting, J. Universal Comp. Sci., 14 (2008), 318-346.

[33]

A. Domínguez-Oviedo, "On Fault-Based Attacks and Countermeasures for Elliptic Curve Cryptosystems,'' Ph.D. thesis, University of Waterloo, 2008.

[34]

C. Donnelly and P. Embrechts, The devil is in the tails, ASTIN Bulletin, 40 (2010), 1-33. doi: 10.2143/AST.40.1.2049222.

[35]

O. Dunkelman, N. Keller and A. Shamir, A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony, in "Advances in Cryptology - Crypto 2010,'' Springer-Verlag, (2010), 393-410. doi: 10.1007/978-3-642-14623-7_21.

[36]

S. Dziembowski, Intrusion-resilience via the bounded-storage model, in "Third Theory of Cryptography Conference - TCC 2006,'' Springer-Verlag, (2006), 207-224.

[37]

S. Dziembowski and K. Pietrzak, Leakage-resilient cryptography, in "Proc. 49th Annual IEEE Symposium on the Foundations of Computer Science,'' (2008), 293-302.

[38]

W. van Eck, Electromagnetic radiation from video display units: An eavesdropping risk?, Comput. Soc., 4 (1985), 269-286.

[39]

J. Fan, X. Guo, E. De Mulder, P. Schaumont, B. Preneel and I. Verbauwhede, State-of-the-art of secure ECC implementations: A survey of known side-channel attacks and countermeasures, in "2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST),'' IEEE, (2010), 76-87. doi: 10.1109/HST.2010.5513110.

[40]

P. Fouque, R. Lercier, D. Réal and F. Valette, Fault attack on elliptic curve Montgomery ladder implementation, in "Fault Diagnosis and Tolerance in Cryptography (FDTC),'' IEEE, (2008), 92-98.

[41]

R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle, in "Advances in Cryptology - Eurocrypt '99,'' Springer-Verlag, (1999), 123-139.

[42]

C. Gentry, Practical identity-based encryption without random oracles, in "Advances in Cryptology - Eurocrypt 2006,'' Springer-Verlag, (2006), 445-464. doi: 10.1007/11761679_27.

[43]

S. Goldwasser, S. Micali and R. Rivest, A “paradoxical” solution to the signature problem, in "Proc. 25th Annual IEEE Symposium on the Foundations of Computer Science,'' (1984), 441-448.

[44]

S. Jones, The formula that felled Wall St., in "Financial Times,'' 24 April 2009, available online at http://www.ft.com/cms/s/2/912d85e8-2d75-11de-9eba-00144feabdc0.html

[45]

M. Joye, J. J. Quisquater, S. M. Yen and M. Yung, Observability analysis - Detecting when improved cryptosystems fail, in "Topics in Cryptology - CT-RSA 2002,'' Springer-Verlag, (2002), 17-29. doi: 10.1007/3-540-45760-7_2.

[46]

M. Joye and S. M. Yen, Checking before output may not be enough against fault-based cryptanalysis, IEEE Trans. Comp., 49 (2000), 967-970. doi: 10.1109/12.869328.

[47]

M. Joye and S. M. Yen, The Montgomery powering ladder, in "Cryptographic Hardware and Embedded Systems (CHES),'' Springer-Verlag, (2002), 291-302.

[48]

B. Kaliski, Contribution to ANSI X9F1 and IEEE P1363 working groups, 17 June 1998.

[49]

J. Katz, Signature schemes with bounded leakage resilience, available online at http://eprint.iacr.org/2009/220.pdf

[50]

J. Katz and Y. Lindell, "Introduction to Modern Cryptography,'' Chapman and Hall/CRC, 2008.

[51]

J. Katz and V. Vaikuntanathan, Signature schemes with bounded leakage resilience, in "Advances in Cryptology - Asiacrypt 2009,'' Springer-Verlag, (2009), 703-720. doi: 10.1007/978-3-642-10366-7_41.

[52]

T. Kleinjung, et al., Factorization of a 768-bit RSA modulus, in "Advances in Cryptology - Crypto 2010,'' Springer-Verlag, (2010), 333-350. doi: 10.1007/978-3-642-14623-7_18.

[53]

A. H. Koblitz, "A Convergence of Lives: Sofia Kovalevskaia - Scientist, Writer, Revolutionary,'' Birkhaüser, 1983. doi: 10.1007/978-1-4684-9438-9.

[54]

A. H. Koblitz, N. Koblitz and A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm shift, J. Number Theory, 131 (2011), 781-814. doi: 10.1016/j.jnt.2009.01.006.

[55]

N. Koblitz, The uneasy relationship between mathematics and cryptography, Notices Amer. Math. Soc., 54 (2007), 972-979.

[56]

N. Koblitz and A. Menezes, Another look at “provable security”, J. Cryptology, 20 (2007), 3-37. doi: 10.1007/s00145-005-0432-z.

[57]

N. Koblitz and A. Menezes, Another look at “provable security” II, in "Progress in Cryptology - Indocrypt 2006,'' Springer-Verlag, (2006), 148-175. doi: 10.1007/11941378_12.

[58]

P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, in "Advances in Cryptology - Crypto '96,'' Springer-Verlag, (1996), 104-113.

[59]

P. Kocher, Differential power analysis, in "Advances in Cryptology - Crypto '99,'' Springer-Verlag, (1999), 388-397; a brief version was presented at the Rump Session of Crypto '98.

[60]

H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol, in "Advances in Cryptology - Crypto 2005,'' Springer-Verlag, (2005), 546-566. doi: 10.1007/11535218_33.

[61]

M. G. Kuhn, Compromising emanations: Eavesdropping risks of computer displays, Technical Report 577, University of Cambridge Computer Laboratory, 2003, available online at http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdf

[62]

A. K. Lenstra, J. Hughes, M. Augier, J. Bos, T. Kleinjung and C. Wachter, Ron was wrong, Whit is right, available online at http://eprint.iacr.org/2012/064.pdf

[63]

M. Luby and C. Rackoff, How to construct pseudorandom permutations from pseudorandom functions, SIAM J. Comput., 17 (1988), 373-386. doi: 10.1137/0217022.

[64]

L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar and V. Makarov, Hacking commercial quantum cryptography systems by tailored bright illumination, Nature Photonics, 4 (2010), 686-689. doi: 10.1038/nphoton.2010.214.

[65]

J. Manger, A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1 v2.0, in "Advances in Cryptology - Crypto 2001,'' Springer-Verlag, (2001), 230-238. doi: 10.1007/3-540-44647-8_14.

[66]

J. Markoff, Researchers find a flaw in a widely used online encryption method, The New York Times, 15 February 2012, p. B4.

[67]

K. McCurley, Language modeling and encryption on packet switched networks, in "Advances in Cryptology - Eurocrypt 2006,'' Springer-Verlag, (2006), 359-372. doi: 10.1007/11761679_22.

[68]

A. Menezes, Another look at HMQV, J. Math. Crypt., 1 (2007), 47-64.

[69]

A. Menezes, P. van Oorschot and S. Vanstone, "Handbook of Applied Cryptography,'' CRC Press, 1996. doi: 10.1201/9781439821916.

[70]

A. Menezes and N. Smart, Security of signature schemes in a multi-user setting, Des. Codes Crypt., 33 (2004), 261-274. doi: 10.1023/B:DESI.0000036250.18062.3f.

[71]

Z. Merali, Hackers blind quantum cryptographers, Nature News, available online at http://www.nature.com/news/2010/100829/full/news.2010.436.html

[72]

S. Micali and L. Reyzin, Physically observable cryptography, in "First Theory of Cryptography Conference - TCC 2004,'' Springer-Verlag, (2004), 278-296.

[73]

P. Montgomery and R. Silverman, An FFT extension to the $P-1$ factoring algorithm, Math. Comput., 54 (1990), 839-854.

[74]

M. Myers, C. Adams, D. Solo and D. Kapa, Internet X.509 certificate request message format, IETF RFC 2511, 1999, available online at http://www.rfc-editor.org/rfc/rfc2511.txt

[75]

National Institute of Standards and Technology, Digital Signature Standard, FIPS Publication 186, 1994.

[76]

National Security Agency, Tempest: A signal problem, approved for release 27 September 2007, available online at http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf

[77]

P. Nguyen and I. Shparlinski, The insecurity of the digital signature algorithm with partially known nonces, Des. Codes Crypt., 30 (2003), 201-217. doi: 10.1023/A:1025436905711.

[78]

T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes, in "Advances in Cryptology - Crypto '92,'' Springer-Verlag, (1993), 31-53. doi: 10.1007/3-540-48071-4_3.

[79]

K. Paterson, T. Ristenpart and T. Shrimpton, Tag size does matter: Attacks and proofs for the TLS record protocol, in "Advances in Cryptology - Asiacrypt 2011,'' Springer-Verlag, (2011), 371-389. doi: 10.1007/978-3-642-25385-0_20.

[80]

K. Paterson and G. Watson, Plaintext-dependent decryption: A formal security treatment of SSH-CTR, in "Advances in Cryptology - Eurocrypt 2010,'' Springer-Verlag, (2010), 345-369. doi: 10.1007/978-3-642-13190-5_18.

[81]

S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over $GF(p)$ and its cryptographic significance, IEEE Trans. Inform. Theory, 24 (1978), 106-110. doi: 10.1109/TIT.1978.1055817.

[82]

J. M. Pollard, Theorems on factorization and primality testing, Proc. Cambridge Philos. Soc., 76 (1974), 521-528.

[83]

M. O. Rabin, Digitalized signatures and public-key functions as intractable as factorization, MIT/LCS/TR-212, MIT Laboratory for Computer Science, 1979.

[84]

R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems, Commun. ACM, 21 (1978), 120-126. doi: 10.1145/359340.359342.

[85]

P. Rogaway, Practice-oriented provable security and the social construction of cryptography, Unpublished essay based on an invited talk at Eurocrypt 2009, May 6, 2009, available online at http://www.cs.ucdavis.edu/~rogaway/papers/cc.pdf

[86]

P. Rogaway, M. Bellare and J. Black, OCB: A block-cipher mode of operation for efficient authenticated encryption, ACM Trans. Inform. Sys. Secur., 6 (2003), 365-403. doi: 10.1145/937527.937529.

[87]

P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem, in "Advances in Cryptology - Eurocrypt 2006,'' Springer-Verlag, (2006), 373-390. doi: 10.1007/11761679_23.

[88]

RSA Laboratories, PKCS #1 v2.1: RSA Cryptography Standard, available online at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf

[89]

RSA Laboratories, PKCS #10 v1.7: Certification Request Syntax Standard, available online at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-10/pkcs-10v1_7.pdf

[90]

D. Russell and G. T. Gangemi Sr., Computer security basics, in "TEMPEST,'' O'Reilly & Associates, 1991.

[91]

F. Salmon, Recipe for disaster: the formula that killed Wall Street, Wired Magazine, 23 February 2009.

[92]

V. Shoup, Why chosen ciphertext security matters, IBM Research Report RZ 3076 (#93122), 23 November 1998.

[93]

F.-X. Standaert, How leaky is an extractor?, in "Progress in Cryptology - Latincrypt 2010,'' Springer-Verlag, (2010), 294-304. doi: 10.1007/978-3-642-14712-8_18.

[94]

F.-X. Standaert, T. Malkin and M. Yung, A unified framework for the analysis of side-channel key recovery attacks, in "Advances in Cryptology - Eurocrypt 2009,'' Springer-Verlag, (2009), 443-461. doi: 10.1007/978-3-642-01001-9_26.

[95]

N. Stephenson, "Cryptonomicon,'' Perennial, New York, 1999.

[96]

C.-H. Tan, Key substitution attacks on some provably secure signature schemes, IEICE Trans. Fundam., E87-A (2004), 226-227.

[97]

M. Turan, et al., Status report on the second round of the SHA-3 cryptographic hash algorithm competition, NIST Interagency Report 7764, 2011.

[98]

S. Vaudenay, Provable security in block ciphers by decorrelation, in "15th Annual Symposium on Theoretical Aspects of Computer Science - STACS '98,'' Springer-Verlag, (1998), 249-275.

[99]

D. Wagner, The boomerang attack, in "Fast Software Encryption - FSE '99,'' Springer-Verlag, (1999), 156-170. doi: 10.1007/3-540-48519-8_12.

[100]

M. Whitehouse, Slices of risk, The Wall Street Journal, 12 September 2005.

[101]

P. Wright, "Spycatcher - The Candid Autobiography of a Senior Intelligence Officer,'' William Heinemann, Australia, 1987.

[102]

G. Yang, D. S. Wong, X. Deng and H. Wang, Anonymous signature schemes, in "Public Key Cryptography - PKC 2006,'' Springer-Verlag, (2006), 347-363. doi: 10.1007/11745853_23.

[103]

T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, IETF RFC 4252, 2006, available online at http://www.rfc-editor.org/rfc/rfc4252.txt

[1]

Ramprasad Sarkar, Mriganka Mandal, Sourav Mukhopadhyay. Quantum-safe identity-based broadcast encryption with provable security from multivariate cryptography. Advances in Mathematics of Communications, 2022  doi: 10.3934/amc.2022026

[2]

Neal Koblitz, Alfred Menezes. Critical perspectives on provable security: Fifteen years of "another look" papers. Advances in Mathematics of Communications, 2019, 13 (4) : 517-558. doi: 10.3934/amc.2019034

[3]

John Banks, Brett Stanley. A note on equivalent definitions of topological transitivity. Discrete and Continuous Dynamical Systems, 2013, 33 (4) : 1293-1296. doi: 10.3934/dcds.2013.33.1293

[4]

Qiushuang Wang, Run Xu. A review of definitions of fractional differences and sums. Mathematical Foundations of Computing, 2022  doi: 10.3934/mfc.2022013

[5]

Isabelle Déchène. On the security of generalized Jacobian cryptosystems. Advances in Mathematics of Communications, 2007, 1 (4) : 413-426. doi: 10.3934/amc.2007.1.413

[6]

Florian Luca, Igor E. Shparlinski. On finite fields for pairing based cryptography. Advances in Mathematics of Communications, 2007, 1 (3) : 281-286. doi: 10.3934/amc.2007.1.281

[7]

Diego F. Aranha, Ricardo Dahab, Julio López, Leonardo B. Oliveira. Efficient implementation of elliptic curve cryptography in wireless sensors. Advances in Mathematics of Communications, 2010, 4 (2) : 169-187. doi: 10.3934/amc.2010.4.169

[8]

Andreas Klein. How to say yes, no and maybe with visual cryptography. Advances in Mathematics of Communications, 2008, 2 (3) : 249-259. doi: 10.3934/amc.2008.2.249

[9]

Gerhard Frey. Relations between arithmetic geometry and public key cryptography. Advances in Mathematics of Communications, 2010, 4 (2) : 281-305. doi: 10.3934/amc.2010.4.281

[10]

Jintai Ding, Sihem Mesnager, Lih-Chung Wang. Letters for post-quantum cryptography standard evaluation. Advances in Mathematics of Communications, 2020, 14 (1) : i-i. doi: 10.3934/amc.2020012

[11]

Gérard Maze, Chris Monico, Joachim Rosenthal. Public key cryptography based on semigroup actions. Advances in Mathematics of Communications, 2007, 1 (4) : 489-507. doi: 10.3934/amc.2007.1.489

[12]

Anna-Lena Horlemann-Trautmann, Violetta Weger. Information set decoding in the Lee metric with applications to cryptography. Advances in Mathematics of Communications, 2021, 15 (4) : 677-699. doi: 10.3934/amc.2020089

[13]

Alessandro Barenghi, Jean-François Biasse, Edoardo Persichetti, Paolo Santini. On the computational hardness of the code equivalence problem in cryptography. Advances in Mathematics of Communications, 2022  doi: 10.3934/amc.2022064

[14]

Palash Sarkar, Subhadip Singha. Verifying solutions to LWE with implications for concrete security. Advances in Mathematics of Communications, 2021, 15 (2) : 257-266. doi: 10.3934/amc.2020057

[15]

Roberto Civino, Riccardo Longo. Formal security proof for a scheme on a topological network. Advances in Mathematics of Communications, 2021  doi: 10.3934/amc.2021009

[16]

Riccardo Aragona, Alessio Meneghetti. Type-preserving matrices and security of block ciphers. Advances in Mathematics of Communications, 2019, 13 (2) : 235-251. doi: 10.3934/amc.2019016

[17]

Archana Prashanth Joshi, Meng Han, Yan Wang. A survey on security and privacy issues of blockchain technology. Mathematical Foundations of Computing, 2018, 1 (2) : 121-147. doi: 10.3934/mfc.2018007

[18]

Philip Lafrance, Alfred Menezes. On the security of the WOTS-PRF signature scheme. Advances in Mathematics of Communications, 2019, 13 (1) : 185-193. doi: 10.3934/amc.2019012

[19]

Lidong Chen, Dustin Moody. New mission and opportunity for mathematics researchers: Cryptography in the quantum era. Advances in Mathematics of Communications, 2020, 14 (1) : 161-169. doi: 10.3934/amc.2020013

[20]

Javier de la Cruz, Ricardo Villanueva-Polanco. Public key cryptography based on twisted dihedral group algebras. Advances in Mathematics of Communications, 2022  doi: 10.3934/amc.2022031

2021 Impact Factor: 1.015

Metrics

  • PDF downloads (377)
  • HTML views (0)
  • Cited by (9)

Other articles
by authors

[Back to Top]