Catálogo de publicaciones - libros

RFID systems makes it possible for a server to identify known tags in wireless settings. As they become more and more pervasive, people privacy is more and more threatened. In this talk, we list a few models for privacy in RFID and compare them. We review a few protocols. We further show that strong privacy mandates the use of public-key cryptography. Finally, we present a new cryptosystem which is dedicated to tiny hardware and which can be used to design secure RFID systems achieving strong privacy.

In this talk, we consider the important problem of generic attacks on symmetric cipher algorithms. We review the work on exhaustive search attacks, especially with respect to DES. An interesting variant of exhaustive search is to use a so-called time-memory trade-off (TMTO) attack. This attack and its many variants will be described and recent research on TMTO attacks will be surveyed. The effectiveness of generic attacks is determined by improvements in computer technology and the related costs. We will attempt to derive suitable relationships between these parameters. Such relationships will be used to address questions about how secure are 80-bit and 128-bit ciphers. The talk will also cover research on generic attacks using non-conventional technology. Finally, we will relate some modern ideas to earlier ideas used in the cryptanalysis of Enigma.

In this article, we present an improved collision attack on the hash function proposed by Shin at PKC’98. The attack has a complexity of about 2 hash computations, while the previous attack of Chang presented at SAC 2002 has a complexity of about 2 hash computations. In the analysis of the hash function we combined existing approaches with recent results in cryptanalysis of hash functions. We show that message-dependent rotations can be exploited to construct collisions. The weak design of the step function facilitates high-probability multi-block collisions.

In this paper, we explore potential mathematical principles and structures that can provide the foundation for cryptographic hash functions, and also present a simple and efficiently computable hash function based on a non-associative operation with polynomials over a finite field of characteristic 2.

In this paper, we study multi-collision probability. For a hash function : → with ||=, it has been believed that we can find an -collision by hashing = times. We first show that this probability is at most 1/! which is very small for large . We next show that by hashing (!) × times, an -collision is found with probability approximately 0.5 for sufficiently large . Note that if =2, it coincides with the usual birthday paradox. Hence it is a generalization of the birthday paradox to multi-collisions.

We propose a variant of the self-shrinking generator, which is constructed using an extended selection rule. This new generator is called SSG-XOR since the selection rule is determined by the XORed value of a couple of bits. It is shown that the period and the linear complexity of an output sequence of SSG-XOR are better than those of the self-shrinking generator. It is also shown that the SSG-XOR generator has meaningful advantages from the viewpoint of practical cryptanalysis.

In this paper, we describe how to construct a 32 ×32 binary matrix of branch number 10, and use some mathematical techniques to find a form in product of matrices for increasing efficiency in software implementations of the binary matrix. We estimate a security against cryptanlysis when the binary matrix is used as a diffusion layer of a 256-bit SPN block cipher with an 8-bit s-box as a substitution layer in a round function. Also we describe the cryptanalytic properties such as the resistances to differential, linear, impossible differential, and truncated differential cryptanalysis. The number of operations to be required for implementing the binary matrix as a diffusion layer of a 256-bit SPN block cipher are given in this paper. We have a result that the binary matrix is more efficient than the diffusion layer used Rijndael-256 on low bit platforms, such as 8-bit processors.

Algebraic immunity () defined for a boolean function measures the resistance of the function against algebraic attacks. Currently known algorithms for computing the optimal annihilator of and () are inefficient. This work consists of two parts. In the first part, we extend the concept of algebraic immunity. In particular, we argue that a function may be replaced by another boolean function called the algebraic complement of . This motivates us to examine (). We define the extended algebraic immunity of as ()= min {(), ()}. We prove that 0≤()–()≤1. Since ()–()= 1 holds for a large number of cases, the difference between () and () cannot be ignored in algebraic attacks. In the second part, we link boolean functions to hypergraphs so that we can apply known results in hypergraph theory to boolean functions. This not only allows us to find annihilators in a fast and simple way but also provides a good estimation of the upper bound on ().

Today, RSA is one of the most popular public-key crypto-system in various applications. In this paper, we present a high-speed RSA crypto-processor with modified radix-4 Montgomery multiplication algorithm and Chinese Remainder Theorem (CRT). Our design takes 0.84M clock cycles for a 1024-bit modular exponentiation and 0.25M clock cycles for two 512-bit exponentiations. Using 0.18 um standard cell library, the processor achieves 365Kbps for a 1024-bit exponentiation and 1,233Kbps for two 512-bit exponentiations at a 300MHz clock rate. For the high performance RSA crypto-system, the processor can also execute modular reduction, which is essential for calculating the Montgomery mapping constant and the modularly reduced ciphertext in CRT technique.

A square root (SQRT) algorithm in () ( = ⋯ 2, : odd prime, > 0: integer) is proposed in this paper. First, the Tonelli-Shanks algorithm is modified to compute the inverse SQRT in , where most of the computations are performed in the corresponding subfields for 0 ≤ ≤–1. Then the Frobenius mappings with an addition chain are adopted for the proposed SQRT algorithm, in which a lot of computations in a given extension field () are also reduce to those in a proper subfield by the norm computations. Those reductions of the field degree increase efficiency in the SQRT implementation. More specifically the Tonelli-Shanks algorithm and the proposed algorithm in (), () and () were implemented on a Pentium4 (2.6 GHz) computer using the C++ programming language. The computer simulations showed that, on average, the proposed algorithm accelerates the SQRT computation by 25 times in (), by 45 times in (), and by 70 times in (), compared to the Tonelli-Shanks algorithm, which is supported by the evaluation of the number of computations.