86,093 research outputs found
Navigating in the Cayley graph of and applications to hashing
Cayley hash functions are based on a simple idea of using a pair of
(semi)group elements, and , to hash the 0 and 1 bit, respectively, and
then to hash an arbitrary bit string in the natural way, by using
multiplication of elements in the (semi)group. In this paper, we focus on
hashing with matrices over . Since there are many known pairs
of matrices over that generate a free monoid, this yields
numerous pairs of matrices over , for a sufficiently large prime , that
are candidates for collision-resistant hashing. However, this trick can
"backfire", and lifting matrix entries to may facilitate finding a
collision. This "lifting attack" was successfully used by Tillich and Z\'emor
in the special case where two matrices and generate (as a monoid) the
whole monoid . However, in this paper we show that the situation
with other, "similar", pairs of matrices from is different, and the
"lifting attack" can (in some cases) produce collisions in the group generated
by and , but not in the positive monoid. Therefore, we argue that for
these pairs of matrices, there are no known attacks at this time that would
affect security of the corresponding hash functions. We also give explicit
lower bounds on the length of collisions for hash functions corresponding to
some particular pairs of matrices from .Comment: 10 page
Security and defence of mobile systems under impact
The Group “Dynamics and Fracture of Structural Elements” offers its experience in Solid Mechanics analysis for the study of the impact protection of vehicles, aircrafts and persons. The Group activities have a strong research component, in which numerical simulation tools as well as sophisticated experimental techniques are employed. This technological offer could be of interest to automobile companies (impact and collision security), aeronautical companies (impact of external body on fuselage, attack, and fragments o ice) and defence companies (special armours for mobile systems and persons).Contrato Programa de Comercialización e Internacionalización. Sistema Regional de Investigación Científica e Innovación Tecnológica. (Comunidad de Madrid; Universidad Carlos III de Madrid
Security of signed ELGamal encryption
Assuming a cryptographically strong cyclic group G of prime order q and a random hash function H, we show that ElGamal encryption with an added Schnorr signature is secure against the adaptive chosen ciphertext attack, in which an attacker can freely use a decryption oracle except for the target ciphertext. We also prove security against the novel one-more-decyption attack. Our security proofs are in a new model, corresponding to a combination of two previously introduced models, the Random Oracle model and the Generic model. The security extends to the distributed threshold version of the scheme. Moreover, we propose a very practical scheme for private information retrieval that is based on blind decryption of ElGamal ciphertexts
Security of discrete log cryptosystems in the random oracle and the generic model
We introduce novel security proofs that use combinatorial counting arguments rather than reductions to the discrete logarithm or to the Diffie-Hellman problem. Our security results are sharp and clean with no polynomial reduction times involved. We consider a combination of the random oracle model and the generic model. This corresponds to assuming an ideal hash function H given by an oracle and an ideal group of prime order q, where the binary encoding of the group elements is useless for cryptographic attacks In this model, we first show that Schnorr signatures are secure against the one-more signature forgery : A generic adversary performing t generic steps including l sequential interactions with the signer cannot produce l+1 signatures with a better probability than (t 2)/q. We also characterize the different power of sequential and of parallel attacks. Secondly, we prove signed ElGamal encryption is secure against the adaptive chosen ciphertext attack, in which an attacker can arbitrarily use a decryption oracle except for the challenge ciphertext. Moreover, signed ElGamal encryption is secure against the one-more decryption attack: A generic adversary performing t generic steps including l interactions with the decryption oracle cannot distinguish the plaintexts of l + 1 ciphertexts from random strings with a probability exceeding (t 2)/q
On the optimality of individual entangling-probe attacks against BB84 quantum key distribution
It is shown that an existing method to study ideal individual attacks on the
BB84 QKD protocol using error discard can be adapted to reconciliation with
error correction, and that an optimal attack can be explicitly found. Moreover,
this attack fills Luetkenhaus bound, independently of whether error positions
are leaked to Eve, proving that it is tight. In addition, we clarify why the
existence of such optimal attacks is not in contradiction with the established
``old-style'' theory of BB84 individual attacks, as incorrectly suggested
recently in a news feature.Comment: 12 pages, 3 figure
- …