2,946 research outputs found
Cryptanalysis of a One-Time Code-Based Digital Signature Scheme
We consider a one-time digital signature scheme recently proposed by
Persichetti and show that a successful key recovery attack can be mounted with
limited complexity. The attack we propose exploits a single signature
intercepted by the attacker, and relies on a statistical analysis performed
over such a signature, followed by information set decoding. We assess the
attack complexity and show that a full recovery of the secret key can be
performed with a work factor that is far below the claimed security level. The
efficiency of the attack is motivated by the sparsity of the signature, which
leads to a significant information leakage about the secret key.Comment: 5 pages, 1 figur
On the security of digital signature schemes based on error-correcting codes
We discuss the security of digital signature schemes based on error-correcting codes. Several attacks to the Xinmei scheme are surveyed, and some reasons given to explain why the Xinmei scheme failed, such as the linearity of the signature and the redundancy of public keys. Another weakness is found in the Alabbadi-Wicker scheme, which results in a universal forgery attack against it. This attack shows that the Alabbadi-Wicker scheme fails to implement the necessary property of a digital signature scheme: it is infeasible to find a false signature algorithm D from the public verification algorithm E such that E(D*(m)) = m for all messages m. Further analysis shows that this new weakness also applies to the Xinmei scheme
Cryptography from tensor problems
We describe a new proposal for a trap-door one-way function. The new proposal belongs to the "multivariate quadratic" family but the trap-door is different from existing methods, and is simpler
Malicious cryptography techniques for unreversable (malicious or not) binaries
Fighting against computer malware require a mandatory step of reverse
engineering. As soon as the code has been disassemblied/decompiled (including a
dynamic analysis step), there is a hope to understand what the malware actually
does and to implement a detection mean. This also applies to protection of
software whenever one wishes to analyze them. In this paper, we show how to
amour code in such a way that reserse engineering techniques (static and
dymanic) are absolutely impossible by combining malicious cryptography
techniques developped in our laboratory and new types of programming (k-ary
codes). Suitable encryption algorithms combined with new cryptanalytic
approaches to ease the protection of (malicious or not) binaries, enable to
provide both total code armouring and large scale polymorphic features at the
same time. A simple 400 Kb of executable code enables to produce a binary code
and around mutated forms natively while going far beyond the old
concept of decryptor.Comment: 17 pages, 2 figures, accepted for presentation at H2HC'1
- …