A Model for a List-oriented Extension of the Lambda Calculus

This work is intended to provide a semantics for a fragment of a programming language described by Gyorgy R'ev'esz in [R'ev88], for which no model was known. We begin with a brief presentation of the syntax of the lambda calculus and some relevant extensions. We then describe a class of complete lattices and use them as models for the lambda calculus. We then find specialized sublattices which we use as models for the extensions of the lambda calculus, thus achieving the original goal of finding a semantics for R'ev'esz's language

Exposing an RSA Private Key Given a Small Fraction of Its Bits

We show that for low public exponent rsa, given a quarter of the bits of the private key an adversary can recover the entire private key. Similar results (though not as strong) are obtained for larger values of e. For instance, when e is a prime in the range [N 1=4 ; N 1=2 ], half the bits of the private key suffice to reconstruct the entire private key. Our results point out the danger of partial key exposure in the rsa public key system. 1 Introduction Let N = pq be an rsa modulus and let e; d be encryption/decryption exponents, i.e. ed = 1 mod OE(N ). We study the following question: how many bits of d does an adversary require in order to reconstruct all of d? Surprisingly, we show that for low public exponent rsa, given only a quarter of the least significant bits of d, an adversary can efficiently recover all of d. We obtain similar results, summarized in the next subsection, for larger values of e as well. Our results show that rsa, and particularly low public exponent rsa,..

Cryptanalysis of RSA with Private Key d Less Than N^0.292 (Extended Abstract)

) Dan Boneh Glenn Durfee y [email protected] [email protected] Abstract We show that if the private exponent d used in the RSA public-key cryptosystem is less than N 0:292 then the system is insecure. This is the rst improvement over an old result of Wiener showing that when d < N 0:25 the RSA system is insecure. We hope our approach can be used to eventually improve the bound to d < N 0:5 . 1 Introduction To provide fast RSA signature generation one is tempted to use a small private exponent d. Unfortunately, Wiener [10] showed over ten years ago that if one uses d < N 0:25 then the RSA system can be broken. Since then there have been no improvements to this bound. Verheul and Tilborg [9] showed that as long as d < N 0:5 it is possible to expose d in less time than an exhaustive search; however, their algorithm requires exponential time as soon as d > N 0:25 . In this paper we give the rst substantial improvement to Wiener's result. We show that as long as..

General Terms

Ø��Ø ÓÙÖ ×ÓÐÙØ�ÓÒ � × ÔÖ � Ø � �Ð �Ò � �Æ ��ÒØ Categories and Subject Descriptors à � � ��ÓÑÔÙØ�Ö × �Ò � ËÓ ��ØÝ℄ � �Ð � ØÖÓÒ � �ÓÑÑ�Ö �� �ÒØ�ÐÐ � ØÙ�Ð ÔÖÓÔ�ÖØÝ Ô�ÝÑ�ÒØ × ��Ñ� × × � ÙÖ�ØÝ � à � �Ä���Ð �×Ô � Ø × Ó � �ÓÑÔÙØ�Ò�℄ � À�Ö�Û�Ö � ËÓ�ØÛ�Ö � ÈÖÓØ � Ø�ÓÒ� ÔÖÓÔÖ��Ø�ÖÝ Ö���Ø

Vault: Practical Uses of Virtual Machines for Protection of Sensitive User Data

Abstract. Systems running commodity software are easily compromised with malware, which may be used by attackers to extract personal information of the users of the systems. This paper presents Vault – a system that uses a trusted software component to prevent the exposure and abuse of sensitive user data in the presence of malware. Users input and store their sensitive data only in the trusted component, which is separated from the commodity system by a virtual machine monitor. We define a protocol framework for the interactions required between different system components in order to protect user secrets, even if the user is running a commodity operating system with arbitrary (and possibly malicious) software load, while introducing minimal changes to the user experience. Our design takes advantage of the isolation guarantees and safe I/O multiplexing of virtual machine technology to attain a high degree of security under a severe threat model. We demonstrate that our approach is practical by implementing prototypes for two applications: (1) submission of long-term secrets, such as password and credit card data, to a web server, and (2) SSH user authentication using ssh-agent. In both cases we made minimal changes to existing software components.