We point out several security flaws in the cryptosystem based on tree replacement systems proposed by Samuel, Thomas, Abisha and Subramanian at INDOCRYPT 2002. Due to the success of (among others) very simple ciphertext-only attacks, we evidence that this system does not, in its present form, offer acceptable security guarantees for cryptographic applications. © 2006 Elsevier B.V. All rights re...

In recent years, different instruction set extensions for cryptography have been proposed for integration into general-purpose RISC processors. Both public-key and secret-key algorithms can profit tremendously from a small set of custom instructions specifically designed to accelerate performance-critical code sections. While the impact of instruction set extensions on performance and silicon a...

In this paper we consider chosen-ciphertext attacks against noncommutative Polly Cracker-type cryptosystems. We present several versions of these attacks, as well as techniques to counter them. First we introduce a chosen-ciphertext attack, which assumes a very simple private key. We then present generalizations of this attack which are valid in more general situations, and propose a simple but...

In this paper we highlight the benefits of using genus-2 curves in public-key cryptography. Compared to the standardized genus-1 curves, or elliptic curves, arithmetic on genus-2 curves is typically more involved but allows us to work with moduli of half the size. We give a taxonomy of the best known techniques to realize genus-2 based cryptography, which includes fast formulas on the Kummer su...

We show that an RSA private key with small public exponent can be efficiently recovered given a 0.27 fraction of its bits at random. An important application of this work is to the “cold boot” attacks of Halderman et al. We make new observations about the structure of RSA keys that allow our algorithm to make use of the redundant information in the typical storage format of an RSA private key. ...

The fingerprint-copy attack aims to confuse camera identification based on sensor pattern noise. However, the triangle test shows that the forged images undergone fingerprint-copy attack would share a non-PRNU (Photo-response nonuniformity) component with every stolen image, and thus can detect fingerprint-copy attack. In this paper, we propose an improved fingerprint-copy attack scheme. Our ma...

Most SSL/TLS-based e-commerce applications employ conventional mechanisms for user authentication. These mechanisms—if decoupled from SSL/TLS session establishment—are vulnerable to manin-the-middle (MITM) attacks. In this paper, we elaborate on the feasibility of MITM attacks, survey countermeasures, introduce the notion of SSL/TLS session-aware user authentication (TLS-SA), and present a proo...

In ATC 2007, an identity based signcryption scheme for multiple receivers was proposed by Yu et al. In this paper, we first show that Yu et al.’s signcryption scheme is insecure by demonstrating an universal forgeability attack anyone can generate a valid signcryption on any message on behalf of any legal user for any set of legal receivers without knowing the secret keys of the legal users. Al...

We consider the situation for public-key encryption that the adversary knows the randomness which was used to compute the ciphertext. In some practical scenarios, there is a possibility that the randomness is revealed. For example, the randomness used to make a ciphertext may be stored in insecure memory, or the pseudorandom generator may be corrupted. We first formalize the security notion on ...

sybil attacks pose a serious threat for wireless sensor networks (wsn) security. they can create problems in routing, voting schemes, decision making, distributed storage and sensor re-programming. in a sybil attack,the attacker masquerades as multiple sensor identities, that are actually controlled by one or a few existing attacker nodes. sybil identities are fabricated out of stolen keys, obt...