A new concept in group oriented cryptography { the dynamic threshold cryp-tosystem { is presented in the paper. The dynamic system has many advantages over the existing threshold cryptosystems. It is set up by the sender who can not only compose the group of recipients but select the threshold as well. Implementations of the dynamic system based on the ElGamal and the RSA public key cryptosyste...

In smartcard encryption and signature applications, randomized algorithms can be used to increase tamper resistance against attacks based on averaging data-dependent power or EMR variations. Oswald and Aigner describe such an algorithm for point multiplication in elliptic curve cryptography (ECC). Assuming an attacker can identify and distinguish additions and doublings during a single point mu...

Wireless sensor networks are commonly used for critical security tasks such as intrusion or tamper detection, and therefore must be protected. To date, security of these networks relies mostly on key establishment and routing protocols. We present a new approach to key establishment, which combines a group-based distribution model and identity-based cryptography. Using this solution enables sen...

We consider a public and keyless code (Enc,Dec) which is used to encode a message m and derive a codeword c = Enc(m). The codeword can be adversarially tampered via a function f ∈ F from some “tampering function family” F , resulting in a tampered value c′ = f(c). We study the different types of security guarantees that can be achieved in this scenario for different families F of tampering atta...

One of the main challenges in leakage-resilient cryptography is to obtain proofs of security against side-channel attacks, under realistic assumptions and for efficient constructions. In a recent work from CHES 2012, Faust et al. proposed new designs of stream ciphers and pseudorandom functions for this purpose. Yet, a remaining limitation of these constructions is that they require large amoun...

This paper describes a new type of attack on tamper-resistant cryptographic hardware. We show that by locally observing the value of a few RAM or adress bus bits (possibly a single one) during the execution of a cryptographic algorithm, typically by the mean of a probe (needle), an attacker could easily recover information on the secret key being used; our attacks apply to public-key cryptosyst...

A Boolean function on n variables is q-resilient if for any subset of at most q variables, the function is very likely to be determined by a uniformly random assignment to the remaining n − q variables; in other words, no coalition of at most q variables has significant influence on the function. Resilient functions have been extensively studied with a variety of applications in cryptography, d...

In typical sensor network applications, the sensors are left unattended for a long period of time. In addition, due to cost reasons, sensor nodes are usually not tamper resistant. Consequently, sensors can be easily captured and compromised by an adversary. Once compromised, a sensor can send authentique messages to other nodes and to the base station, but those messages may contain arbitrary d...

Non-malleable codes are randomized codes that protect coded messages against modification by functions in a tampering function class. These codes are motivated by providing tamper resilience in applications where a cryptographic secret is stored in a tamperable storage device and the protection goal is to ensure that the adversary cannot benefit from their tamperings with the device. In this pa...