On probability of success in linear and differential Cryptanalysis

Despite their widespread usage in block cipher security, linear and differential cryptanalysis still lack a robust treatment of their success probability, and the success chances of these attacks have commonly been estimated in a rather ad hoc fashion. In this paper, we present an analytical calculation of the success probability of linear and differential cryptanalytic attacks. The results apply to an extended sense of the term "success" where the correct key is found not necessarily as the highest-ranking candidate but within a set of high-ranking candidates. Experimental results show that the analysis provides accurate results in most cases, especially in linear cryptanalysis. In cases where the results are less accurate, as in certain cases of differential cryptanalysis, the results are useful to provide approximate estimates of the success probability and the necessary plaintext requirement. The analysis also reveals that the attacked key length in differential cryptanalysis is one of the factors that affect the success probability directly besides the signal-to-noise ratio and the available plaintext amount. © 2007 International Association for Cryptologic Research

Robust threshold schemes based on the Chinese remainder theorem

Recently, Chinese Remainder Theorem (CRT) based function sharing schemes are proposed in the literature. In this paper, we investigate how a CRT-based threshold scheme can be enhanced with the robustness property. To the best of our knowledge, these are the first robust threshold cryptosystems based on a CRT-based secret sharing. © 2008 Springer-Verlag Berlin Heidelberg

A strong user authentication protocol for GSM

Traditionally, the authentication protocols for cellular phone networks have been designed for device authentication rather than user authentication, which brings certain limitations and restrictions on the functionality of the system. In this paper we propose a user authentication protocol for the Global Standards for Mobile (GSM) which permits the use of weak secrets (e.g. passwords or PINs) for authentication, providing new flexibilities for the GSM users. © 2005 IEEE

Improved DST cryptanalysis of IDEA

In this paper, we show how the Demirci-Selcuk-Ture attack, which is currently the deepest penetrating attack on the IDEA block cipher, can be improved significantly in performance. The improvements presented reduce the attack's plaintext, memory, precomputation time, and key search time complexities. These improvements also make a practical implementation of the attack on reduced versions of IDEA possible, enabling the first experimental verifications of the DST attack. © Springer-Verlag Berlin Heidelberg 2007

A verifiable secret sharing scheme based on the chinese remainder theorem

In this paper, we investigate how to achieve verifiable secret sharing (VSS) schemes by using the Chinese Remainder Theorem (CRT). We first show that two schemes proposed earlier are not secure by an attack where the dealer is able to distribute inconsistent shares to the users. Then we propose a new VSS scheme based on the CRT and prove its security. Using the proposed VSS scheme, we develop a joint random secret sharing (JRSS) protocol, which, to the best of our knowledge, is the first JRSS protocol based on the CRT. © 2008 Springer Berlin Heidelberg

A new meet-in-the-middle attack on the IDEA block cipher

In this paper we introduce a novel meet-in-the-middle attack on the IDEA block cipher. The attack consists of a precomputation and an elimination phase. The attack reduces the number of required plaintexts significantly for 4 and 4.5 rounds, and, to the best of our knowledge, it is the first attack on the 5-round IDEA. © Springer-Verlag Berlin Heidelberg 2004

Threshold broadcast encryption with reduced complexity

Threshold Broadcast Encryption (TBE) is a promising extension of threshold cryptography with its advantages over traditional threshold cryptosystems, such as eliminating the need of a trusted party, the ability of setting up the system by individual users independently and the ability of choosing the threshold parameter and the group of privileged receivers at the time of encryption. An ElGamal-based solution for TBE was proposed by Ghodosi et al. In this paper, we propose an improved ElGamal-based TBE scheme with reduced transmission cost. ©2007 IEEE

Generalized ID-based blind signatures from bilinear pairings

Blind signature schemes provide the feature that a user is able to get a signature without giving the actual message to the signer. Recently a number of ID-based blind signatures have been proposed. In this paper, we introduce the concept of generalized ID-based blind signatures based on ElGamal signature variants. We obtain several new ID-based blind signatures from this generalized scheme which have not been explored before and some of them turn out to be more efficient than previously proposed schemes. © 2008 IEEE

Generalized ID-based ElGamal signatures

ID-based cryptography has been a very active area of research in cryptography since bilinear pairings were introduced as a cryptographic tool, and there have been many proposals for ID-based signatures recently. In this paper, we introduce the concept of generalized ID-based ElGamal signatures and show that most of the proposed ID-based signature schemes in the literature are special instances of this generalized scheme. We also obtain numerous new signatures from this generalized scheme which have not been proposed before. ©2007 IEEE

Cryptanalysis of the full MMB block cipher

The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in $Z_{2^{32} - 1}$, which lead to a differential attack on the full 6-round MMB cipher (both versions 1.0 and 2.0). Further contributions of this paper include detailed square and linear cryptanalysis of MMB. Concerning differential cryptanalysis (DC), we can break the full MMB with 2^118 chosen plaintexts, 2^95.91 6-round MMB encryptions and 2^64 counters, effectively bypassing the cipher's countermeasures against DC. For the square attack, we can recover the 128-bit user key for 4-round MMB with 2^34 chosen plaintexts, 2^126.32 4-round encryptions and 2^64 memory blocks. Concerning linear cryptanalysis, we present a key-recovery attack on 3-round MMB requiring 2^114.56 known-plaintexts and 2^126 encryptions. Moreover, we detail a ciphertext-only attack on 2-round MMB using 2^93.6 ciphertexts and 2^93.6 parity computations. These attacks do not depend on weak-key or weak-subkey assumptions, and are thus independent of the key schedule algorithm