In this paper, we study the new class step-wise Triangular Schemes (STS) of public key cryptosystems (PKC) based on multivariate quadratic polynomials. In these schemes, we have m the number of equations, n the number of variables, L the number of steps/layers, r the number of equations/variables per step, and q the size of the underlying field. We present two attacks on the STS class by exploi...

The security of RSA depends critically on the inability of an adversary to compute private key from the public key. The problem of computing private key from public key is equivalent to the problem of factoring n into its prime factors. Therefore it is important for the RSA user to select prime numbers in such a way that the problem of factoring n is computationally infeasible for an adversary....

Adaptively-secure encryption schemes ensure secrecy even in the presence of an adversary who can corrupt parties in an adaptive manner based on public keys, ciphertexts, and secret data of alreadycorrupted parties. Ideally, an adaptively-secure encryption scheme should, like standard public-key encryption, allow arbitrarily-many parties to use a single encryption key to securely encrypt arbitra...

In this work, we study (the direct constructions of) bidirectional proxy re-encryption (PRE) with alleviated trust in the proxy, specifically the master secret security (MSS) and the nontransitivity (NT) security, in the standard model, and achieve the following: • A multi-hop MSS-secure bidirectional PRE scheme with security against chosen plaintext attacks (CPA) in the standard model, where t...

We consider the problem of constructing public-key encryption (PKE) schemes that are resilient to a-posteriori chosen-ciphertext and key-leakage attacks (LR-CCA2). In CTYPTO’09, Naor and Segev proved that the Naor-Yung generic construction of PKE which is secure against chosen-ciphertext attack (CCA2) is also secure against key-leakage attacks. They also presented a variant of the Cramer-Shoup ...

Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at lower computational costs and communication overhead than signing and encrypting separately. Recently, Chung et al. proposed an anonymous ECC-based signcryption scheme. We show that their scheme is not secure even against a chosen-plaintext attack.

We describe a distributed computing platform to carry out large scale dictionary attacks against cryptosystems compliant to the OpenPGP standard. Moreover, we describe a simplified mechanism to quickly test passphrases that might protect a specified private key ring. Only passphrases that pass this test complete the (much more time consuming) full validation procedure. This approach greatly red...

Indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) is the strongest notion for security of public key schemes. In this paper, we present the rst IND-CCA2 schemes whose securities are equivalent to factoring n = pq under the random oracle model, where p and q are prime numbers. Our rst scheme works for long messages and our second scheme is more e cient for short messages.

Berson pointed out that the McEliece public-key cryptosystem suffers from two weaknesses: (1) failure to protect any message which is encrypted more than once; and (2) failure to protect any messages which have a known linear relationship with one another. In this paper, we propose some variants of the McEliece scheme to prevent Berson’s attacks. In addition, we also propose some secure and eff...

By a generic transformation by Canetti, Halevi, and Katz (CHK) every Identity-based encryption (IBE) scheme implies a chosen-ciphertext secure public-key encryption (PKE) scheme. In the same work it is claimed that this transformation maps the two existing IBE schemes to two new and different chosenciphertext secure encryption schemes, each with individual advantages over the other. In this wor...