In this paper, we will study some possible generalizations of the famous Diffie-Hellman algorithm. As we will see, at the end, most of these generalizations will not be secure or will be equivalent to some classical schemes. However, these results are not always obvious and moreover our analysis will present some interesting connections between the concepts of commutativity, associativity, and ...

In this paper, a new signature scheme is proposed, by which any signer can sign a message to a group of n verifiers with her/his own secret key and the public key of the group. Once the group receives the signed ciphertext generated by the signer, any t verifiers in the group can cooperate to verify and recover the message with their secret keys and the public key of the signer. The proposed sc...

• An integer n with c ≤ n ≤ b. Secret EdDSA scalars have exactly n+ 1 bits, with the top bit (the 2 position) always set and the bottom c bits always cleared. The original specification of EdDSA did not include this parameter: it implicitly took n = b−2. Choosing n sufficiently large is important for security: standard “kangaroo” attacks use approximately 1.36 √ 2n−c additions on average to det...

Security is constantly been infringed by inadvertent loss of secret keys, and as a solution, Dodis, Katz, Xu, and Yung [11], in Eurocrypt 2002, proposed a new paradigm called key-insulated security which provides tolerance against key exposures. Their scheme introduces a “helper key” which is used to periodically update the decryption key. The most attractive part of this scheme is that even if...

Both systems are public key systems, meaning that there is a secret key used for decryption and a publicly available key used for encrypting. In theory everyone can send you an encrypted message by using the public key (if they know where to obtain it), but you’re the only one who can decrypt the message. Of course these systems rely on the difficulties in obtaining the private key, when knowin...

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

We define the notion of adative chosen stegotext security. We then construct efficient public key steganographic schemes secure against adaptively chosen stegotext attacks, without resort to any special existence assumption such as unbiased functions. This is the first time such a construction is obtained. Not only our constructions are secure, but also are essentially optimal and have no error...

For many years cryptographers have used large abelian finite groups but some are now turning their attention to non-abelian ones. They feel that these could be a good source of “trap doors” that can be used in public key encryption [Magliveras 02]. One proposed system is MST1 [Magliveras 02]. This uses a certain type of group factorisation to encode messages which can only be decoded by the rec...

At CT-RSA 2006, Wang et al. [WYHL06] introduced the MFE cryptosystem, which was subsequently broken by Ding et al. [DHNW07]. Inspired by their work, we present a more general framework for multivariate public key cryptosystems, which combines ideas from both triangular and oil-vinegar schemes. We also propose a new public key cryptosystem, based on Diophantine equations, which implements the fr...

In this paper we present a comment on some previous works about the Public Key Substitution Attacks (PKSA in brief). Though there exist some security flaws for the schemes being attacked, we point out that these attacks on them are either trivial or avoidable after a little modification.