2013, 7(1): 1-38. doi: 10.3934/amc.2013.7.1

Another look at security definitions

1. 

Department of Mathematics, Box 354350, University of Washington, Seattle, WA 98195

2. 

Department of Combinatorics & Optimization, University of Waterloo, Waterloo, Ontario N2L 3G1

Received  August 2011 Revised  March 2012 Published  January 2013

We take a critical look at security models that are often used to give "provable security" guarantees. We pay particular attention to digital signatures, symmetric-key encryption, and leakage resilience. We find that there has been a surprising amount of uncertainty about what the "right" definitions might be. Even when definitions have an appealing logical elegance and nicely reflect certain notions of security, they fail to take into account many types of attacks and do not provide a comprehensive model of adversarial behavior.
Citation: Neal Koblitz, Alfred Menezes. Another look at security definitions. Advances in Mathematics of Communications, 2013, 7 (1) : 1-38. doi: 10.3934/amc.2013.7.1
References:
[1]

M. Albrecht, P. Farshim, K. Paterson and G. Watson, On cipher-dependent related-key attacks in the ideal-cipher model,, in, (2011), 128.

[2]

M. Albrecht, K. Paterson and G. Watson, Plaintext recovery attacks against SSH,, in, (2009), 16.

[3]

J. Alwen, Y. Dodis, M. Naor, G. Segev, S. Walfish and D. Wichs, Public-key encryption in the bounded-retrieval model,, in, (2010), 113. doi: 10.1007/978-3-642-13190-5_6.

[4]

J. Alwen, Y. Dodis and D. Wichs, Leakage-resilient public-key cryptography in the bounded-retrieval model,, in, (2009), 36. doi: 10.1007/978-3-642-03356-8_3.

[5]

R. Anderson, "Security Engineering,'' 2nd edition,, Wiley, (2008).

[6]

M. Bellare and D. Cash, Pseudorandom functions and permutations provably secure against related-key attacks,, in, (2010), 666.

[7]

M. Bellare and S. Duan, Partial signatures and their applications,, available online at \url{http://eprint.iacr.org/2009/336.pdf}, ().

[8]

M. Bellare, O. Goldreich and A. Mityagin, The power of verification queries in message authentication and authenticated encryption,, available online at \url{http://eprint.iacr.org/2004/309.pdf}, ().

[9]

M. Bellare, D. Hofheinz and E. Kiltz, Subtleties in the definition of IND-CCA: When and how should challenge-decryption be disallowed?,, available online at \url{http://eprint.iacr.org/2009/418.pdf}, ().

[10]

M. Bellare and T. Kohno, A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PFRs, and applications,, in, (2003), 491. doi: 10.1007/3-540-39200-9_31.

[11]

M. Bellare, T. Kohno and C. Namprempre, Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encrypt-and-MAC paradigm,, in, 1 (2004), 206. doi: 10.1145/996943.996945.

[12]

M. Bellare and P. Rogaway, Entity authentication and key distribution,, in, (1994), 232.

[13]

D. J. Bernstein, H.-C. Chen, C.-M. Cheng, T. Lange, R. Niederhagen, P. Schwabe and B.-Y. Yang, ECC2K-130 on NVIDIA GPUs,, in, (2010), 328. doi: 10.1007/978-3-642-17401-8_23.

[14]

I. Biehl, B. Meyer and V. Müller, Differential fault attacks on elliptic curve cryptosystems,, in, (2000), 131. doi: 10.1007/3-540-44598-6_8.

[15]

A. Biryukov, O. Dunkelman, N. Keller, D. Khovratovich and A. Shamir, Key recovery attacks of practical complexity on AES variants with up to 10 rounds,, in, (2010), 299. doi: 10.1007/978-3-642-13190-5_15.

[16]

S. Blake-Wilson and A. Menezes, Unknown key-share attacks on the station-to-station (STS) protocol,, in, (1999), 156.

[17]

J. Blömer, M. Otto and J.-P. Seifert, Sign change fault attacks on elliptic curve cryptosystems,, in, (2006), 36. doi: 10.1007/11889700_4.

[18]

J.-M. Bohli, S. Röhrich and R. Steinwandt, Key substitution attacks revisited: Taking into account malicious signers,, Intern. J. Information Security, 5 (2006), 30. doi: 10.1007/s10207-005-0071-2.

[19]

A. Boldyreva, M. Fischlin, A. Palacio and B. Warinschi, A closer look at PKI: Security and efficiency,, in, (2007), 458. doi: 10.1007/978-3-540-71677-8_30.

[20]

R. Canetti, Universally composable signature, certification, and authentication,, available online at \url{http://eprint.iacr.org/2003/239}; a shorter version appeared in, (2004), 219.

[21]

J. le Carré, "The Looking Glass War,'', Coward-McCann, (1965).

[22]

D. Cash, Y. Z. Ding, Y. Dodis, W. Lee, R. J. Lipton and S. Walfish, Intrusion-resilient key exchange in the bounded retrieval model,, in, (2007), 479.

[23]

S. Chatterjee, A. Menezes and P. Sarkar, Another look at tightness,, in, (2012), 293.

[24]

J. Clayton, "Charles Dickens in Cyberspace: The Afterlife of the Nineteenth Century in Postmodern Culture,'', Oxford Univ. Press, (2003).

[25]

R. Cooke, "The Mathematics of Sonya Kovalevskaya,'', Springer-Verlag, (1984). doi: 10.1007/978-1-4612-5274-0.

[26]

J. Coron, Resistance against differential power analysis for elliptic curve cryptosystems,, in, (1999), 292. doi: 10.1007/3-540-48059-5_25.

[27]

R. Cramer and V. Shoup, Signature schemes based on the strong RSA assumption,, ACM Trans. Inform. Sys. Secur., 3 (2000), 161. doi: 10.1145/357830.357847.

[28]

G. Di Crescenzo, R. J. Lipton and S. Walfish, Perfectly secure password protocols in the bounded retrieval model,, in, (2006), 225.

[29]

J. P. Degabriele, K. G. Paterson and G. J. Watson, Provable security in the real world,, IEEE Secur. Privacy, 9 (2011), 18.

[30]

R. L. Dennis, Security in the computer environment,, SDC-SP 2440/00/01, (2440).

[31]

W. Diffie, P. van Oorschot and M. Wiener, Authentication and authenticated key exchanges,, Des. Codes Crypt., 2 (1992), 107. doi: 10.1007/BF00124891.

[32]

Y. Dodis, P. Lee and D. Yum, Optimistic fair exchange in a multi-user setting,, J. Universal Comp. Sci., 14 (2008), 318.

[33]

A. Domínguez-Oviedo, "On Fault-Based Attacks and Countermeasures for Elliptic Curve Cryptosystems,'', Ph.D. thesis, (2008).

[34]

C. Donnelly and P. Embrechts, The devil is in the tails,, ASTIN Bulletin, 40 (2010), 1. doi: 10.2143/AST.40.1.2049222.

[35]

O. Dunkelman, N. Keller and A. Shamir, A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony,, in, (2010), 393. doi: 10.1007/978-3-642-14623-7_21.

[36]

S. Dziembowski, Intrusion-resilience via the bounded-storage model,, in, (2006), 207.

[37]

S. Dziembowski and K. Pietrzak, Leakage-resilient cryptography,, in, (2008), 293.

[38]

W. van Eck, Electromagnetic radiation from video display units: An eavesdropping risk?,, Comput. Soc., 4 (1985), 269.

[39]

J. Fan, X. Guo, E. De Mulder, P. Schaumont, B. Preneel and I. Verbauwhede, State-of-the-art of secure ECC implementations: A survey of known side-channel attacks and countermeasures,, in, (2010), 76. doi: 10.1109/HST.2010.5513110.

[40]

P. Fouque, R. Lercier, D. Réal and F. Valette, Fault attack on elliptic curve Montgomery ladder implementation,, in, (2008), 92.

[41]

R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle,, in, (1999), 123.

[42]

C. Gentry, Practical identity-based encryption without random oracles,, in, (2006), 445. doi: 10.1007/11761679_27.

[43]

S. Goldwasser, S. Micali and R. Rivest, A “paradoxical” solution to the signature problem,, in, (1984), 441.

[44]

S. Jones, The formula that felled Wall St.,, in, (2009), 8.

[45]

M. Joye, J. J. Quisquater, S. M. Yen and M. Yung, Observability analysis - Detecting when improved cryptosystems fail,, in, (2002), 17. doi: 10.1007/3-540-45760-7_2.

[46]

M. Joye and S. M. Yen, Checking before output may not be enough against fault-based cryptanalysis,, IEEE Trans. Comp., 49 (2000), 967. doi: 10.1109/12.869328.

[47]

M. Joye and S. M. Yen, The Montgomery powering ladder,, in, (2002), 291.

[48]

B. Kaliski, Contribution to ANSI X9F1 and IEEE P1363 working groups,, 17 June 1998., (1998).

[49]

J. Katz, Signature schemes with bounded leakage resilience,, available online at \url{http://eprint.iacr.org/2009/220.pdf}, ().

[50]

J. Katz and Y. Lindell, "Introduction to Modern Cryptography,'', Chapman and Hall/CRC, (2008).

[51]

J. Katz and V. Vaikuntanathan, Signature schemes with bounded leakage resilience,, in, (2009), 703. doi: 10.1007/978-3-642-10366-7_41.

[52]

T. Kleinjung, et al., Factorization of a 768-bit RSA modulus,, in, (2010), 333. doi: 10.1007/978-3-642-14623-7_18.

[53]

A. H. Koblitz, "A Convergence of Lives: Sofia Kovalevskaia - Scientist, Writer, Revolutionary,'', Birkhaüser, (1983). doi: 10.1007/978-1-4684-9438-9.

[54]

A. H. Koblitz, N. Koblitz and A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm shift,, J. Number Theory, 131 (2011), 781. doi: 10.1016/j.jnt.2009.01.006.

[55]

N. Koblitz, The uneasy relationship between mathematics and cryptography,, Notices Amer. Math. Soc., 54 (2007), 972.

[56]

N. Koblitz and A. Menezes, Another look at “provable security”,, J. Cryptology, 20 (2007), 3. doi: 10.1007/s00145-005-0432-z.

[57]

N. Koblitz and A. Menezes, Another look at “provable security” II,, in, (2006), 148. doi: 10.1007/11941378_12.

[58]

P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,, in, (1996), 104.

[59]

P. Kocher, Differential power analysis,, in, (1999), 388.

[60]

H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol,, in, (2005), 546. doi: 10.1007/11535218_33.

[61]

M. G. Kuhn, Compromising emanations: Eavesdropping risks of computer displays,, Technical Report 577, (2003).

[62]

A. K. Lenstra, J. Hughes, M. Augier, J. Bos, T. Kleinjung and C. Wachter, Ron was wrong, Whit is right,, available online at \url{http://eprint.iacr.org/2012/064.pdf}, ().

[63]

M. Luby and C. Rackoff, How to construct pseudorandom permutations from pseudorandom functions,, SIAM J. Comput., 17 (1988), 373. doi: 10.1137/0217022.

[64]

L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar and V. Makarov, Hacking commercial quantum cryptography systems by tailored bright illumination,, Nature Photonics, 4 (2010), 686. doi: 10.1038/nphoton.2010.214.

[65]

J. Manger, A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1 v2.0,, in, (2001), 230. doi: 10.1007/3-540-44647-8_14.

[66]

J. Markoff, Researchers find a flaw in a widely used online encryption method,, The New York Times, (2012).

[67]

K. McCurley, Language modeling and encryption on packet switched networks,, in, (2006), 359. doi: 10.1007/11761679_22.

[68]

A. Menezes, Another look at HMQV,, J. Math. Crypt., 1 (2007), 47.

[69]

A. Menezes, P. van Oorschot and S. Vanstone, "Handbook of Applied Cryptography,'', CRC Press, (1996). doi: 10.1201/9781439821916.

[70]

A. Menezes and N. Smart, Security of signature schemes in a multi-user setting,, Des. Codes Crypt., 33 (2004), 261. doi: 10.1023/B:DESI.0000036250.18062.3f.

[71]

Z. Merali, Hackers blind quantum cryptographers,, Nature News, ().

[72]

S. Micali and L. Reyzin, Physically observable cryptography,, in, (2004), 278.

[73]

P. Montgomery and R. Silverman, An FFT extension to the $P-1$ factoring algorithm,, Math. Comput., 54 (1990), 839.

[74]

M. Myers, C. Adams, D. Solo and D. Kapa, Internet X.509 certificate request message format,, IETF RFC 2511, (2511).

[75]

National Institute of Standards and Technology, Digital Signature Standard,, FIPS Publication 186, (1994).

[76]

National Security Agency, Tempest: A signal problem,, approved for release 27 September 2007, (2007).

[77]

P. Nguyen and I. Shparlinski, The insecurity of the digital signature algorithm with partially known nonces,, Des. Codes Crypt., 30 (2003), 201. doi: 10.1023/A:1025436905711.

[78]

T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes,, in, (1993), 31. doi: 10.1007/3-540-48071-4_3.

[79]

K. Paterson, T. Ristenpart and T. Shrimpton, Tag size does matter: Attacks and proofs for the TLS record protocol,, in, (2011), 371. doi: 10.1007/978-3-642-25385-0_20.

[80]

K. Paterson and G. Watson, Plaintext-dependent decryption: A formal security treatment of SSH-CTR,, in, (2010), 345. doi: 10.1007/978-3-642-13190-5_18.

[81]

S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over $GF(p)$ and its cryptographic significance,, IEEE Trans. Inform. Theory, 24 (1978), 106. doi: 10.1109/TIT.1978.1055817.

[82]

J. M. Pollard, Theorems on factorization and primality testing,, Proc. Cambridge Philos. Soc., 76 (1974), 521.

[83]

M. O. Rabin, Digitalized signatures and public-key functions as intractable as factorization,, MIT/LCS/TR-212, (1979).

[84]

R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems,, Commun. ACM, 21 (1978), 120. doi: 10.1145/359340.359342.

[85]

P. Rogaway, Practice-oriented provable security and the social construction of cryptography,, Unpublished essay based on an invited talk at Eurocrypt 2009, (2009).

[86]

P. Rogaway, M. Bellare and J. Black, OCB: A block-cipher mode of operation for efficient authenticated encryption,, ACM Trans. Inform. Sys. Secur., 6 (2003), 365. doi: 10.1145/937527.937529.

[87]

P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem,, in, (2006), 373. doi: 10.1007/11761679_23.

[88]

RSA Laboratories, PKCS #1 v2.1: RSA Cryptography Standard,, available online at \url{ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf}, (): 2.

[89]

RSA Laboratories, PKCS #10 v1.7: Certification Request Syntax Standard,, available online at \url{ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-10/pkcs-10v1_7.pdf}, ().

[90]

D. Russell and G. T. Gangemi Sr., Computer security basics,, in, (1991).

[91]

F. Salmon, Recipe for disaster: the formula that killed Wall Street,, Wired Magazine, (2009).

[92]

V. Shoup, Why chosen ciphertext security matters,, IBM Research Report RZ 3076 (#93122), (3076).

[93]

F.-X. Standaert, How leaky is an extractor?,, in, (2010), 294. doi: 10.1007/978-3-642-14712-8_18.

[94]

F.-X. Standaert, T. Malkin and M. Yung, A unified framework for the analysis of side-channel key recovery attacks,, in, (2009), 443. doi: 10.1007/978-3-642-01001-9_26.

[95]

N. Stephenson, "Cryptonomicon,'', Perennial, (1999).

[96]

C.-H. Tan, Key substitution attacks on some provably secure signature schemes,, IEICE Trans. Fundam., E87-A (2004), 226.

[97]

M. Turan, et al., Status report on the second round of the SHA-3 cryptographic hash algorithm competition,, NIST Interagency Report 7764, (7764).

[98]

S. Vaudenay, Provable security in block ciphers by decorrelation,, in, (1998), 249.

[99]

D. Wagner, The boomerang attack,, in, (1999), 156. doi: 10.1007/3-540-48519-8_12.

[100]

M. Whitehouse, Slices of risk,, The Wall Street Journal, (2005).

[101]

P. Wright, "Spycatcher - The Candid Autobiography of a Senior Intelligence Officer,'', William Heinemann, (1987).

[102]

G. Yang, D. S. Wong, X. Deng and H. Wang, Anonymous signature schemes,, in, (2006), 347. doi: 10.1007/11745853_23.

[103]

T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol,, IETF RFC 4252, (4252).

show all references

References:
[1]

M. Albrecht, P. Farshim, K. Paterson and G. Watson, On cipher-dependent related-key attacks in the ideal-cipher model,, in, (2011), 128.

[2]

M. Albrecht, K. Paterson and G. Watson, Plaintext recovery attacks against SSH,, in, (2009), 16.

[3]

J. Alwen, Y. Dodis, M. Naor, G. Segev, S. Walfish and D. Wichs, Public-key encryption in the bounded-retrieval model,, in, (2010), 113. doi: 10.1007/978-3-642-13190-5_6.

[4]

J. Alwen, Y. Dodis and D. Wichs, Leakage-resilient public-key cryptography in the bounded-retrieval model,, in, (2009), 36. doi: 10.1007/978-3-642-03356-8_3.

[5]

R. Anderson, "Security Engineering,'' 2nd edition,, Wiley, (2008).

[6]

M. Bellare and D. Cash, Pseudorandom functions and permutations provably secure against related-key attacks,, in, (2010), 666.

[7]

M. Bellare and S. Duan, Partial signatures and their applications,, available online at \url{http://eprint.iacr.org/2009/336.pdf}, ().

[8]

M. Bellare, O. Goldreich and A. Mityagin, The power of verification queries in message authentication and authenticated encryption,, available online at \url{http://eprint.iacr.org/2004/309.pdf}, ().

[9]

M. Bellare, D. Hofheinz and E. Kiltz, Subtleties in the definition of IND-CCA: When and how should challenge-decryption be disallowed?,, available online at \url{http://eprint.iacr.org/2009/418.pdf}, ().

[10]

M. Bellare and T. Kohno, A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PFRs, and applications,, in, (2003), 491. doi: 10.1007/3-540-39200-9_31.

[11]

M. Bellare, T. Kohno and C. Namprempre, Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encrypt-and-MAC paradigm,, in, 1 (2004), 206. doi: 10.1145/996943.996945.

[12]

M. Bellare and P. Rogaway, Entity authentication and key distribution,, in, (1994), 232.

[13]

D. J. Bernstein, H.-C. Chen, C.-M. Cheng, T. Lange, R. Niederhagen, P. Schwabe and B.-Y. Yang, ECC2K-130 on NVIDIA GPUs,, in, (2010), 328. doi: 10.1007/978-3-642-17401-8_23.

[14]

I. Biehl, B. Meyer and V. Müller, Differential fault attacks on elliptic curve cryptosystems,, in, (2000), 131. doi: 10.1007/3-540-44598-6_8.

[15]

A. Biryukov, O. Dunkelman, N. Keller, D. Khovratovich and A. Shamir, Key recovery attacks of practical complexity on AES variants with up to 10 rounds,, in, (2010), 299. doi: 10.1007/978-3-642-13190-5_15.

[16]

S. Blake-Wilson and A. Menezes, Unknown key-share attacks on the station-to-station (STS) protocol,, in, (1999), 156.

[17]

J. Blömer, M. Otto and J.-P. Seifert, Sign change fault attacks on elliptic curve cryptosystems,, in, (2006), 36. doi: 10.1007/11889700_4.

[18]

J.-M. Bohli, S. Röhrich and R. Steinwandt, Key substitution attacks revisited: Taking into account malicious signers,, Intern. J. Information Security, 5 (2006), 30. doi: 10.1007/s10207-005-0071-2.

[19]

A. Boldyreva, M. Fischlin, A. Palacio and B. Warinschi, A closer look at PKI: Security and efficiency,, in, (2007), 458. doi: 10.1007/978-3-540-71677-8_30.

[20]

R. Canetti, Universally composable signature, certification, and authentication,, available online at \url{http://eprint.iacr.org/2003/239}; a shorter version appeared in, (2004), 219.

[21]

J. le Carré, "The Looking Glass War,'', Coward-McCann, (1965).

[22]

D. Cash, Y. Z. Ding, Y. Dodis, W. Lee, R. J. Lipton and S. Walfish, Intrusion-resilient key exchange in the bounded retrieval model,, in, (2007), 479.

[23]

S. Chatterjee, A. Menezes and P. Sarkar, Another look at tightness,, in, (2012), 293.

[24]

J. Clayton, "Charles Dickens in Cyberspace: The Afterlife of the Nineteenth Century in Postmodern Culture,'', Oxford Univ. Press, (2003).

[25]

R. Cooke, "The Mathematics of Sonya Kovalevskaya,'', Springer-Verlag, (1984). doi: 10.1007/978-1-4612-5274-0.

[26]

J. Coron, Resistance against differential power analysis for elliptic curve cryptosystems,, in, (1999), 292. doi: 10.1007/3-540-48059-5_25.

[27]

R. Cramer and V. Shoup, Signature schemes based on the strong RSA assumption,, ACM Trans. Inform. Sys. Secur., 3 (2000), 161. doi: 10.1145/357830.357847.

[28]

G. Di Crescenzo, R. J. Lipton and S. Walfish, Perfectly secure password protocols in the bounded retrieval model,, in, (2006), 225.

[29]

J. P. Degabriele, K. G. Paterson and G. J. Watson, Provable security in the real world,, IEEE Secur. Privacy, 9 (2011), 18.

[30]

R. L. Dennis, Security in the computer environment,, SDC-SP 2440/00/01, (2440).

[31]

W. Diffie, P. van Oorschot and M. Wiener, Authentication and authenticated key exchanges,, Des. Codes Crypt., 2 (1992), 107. doi: 10.1007/BF00124891.

[32]

Y. Dodis, P. Lee and D. Yum, Optimistic fair exchange in a multi-user setting,, J. Universal Comp. Sci., 14 (2008), 318.

[33]

A. Domínguez-Oviedo, "On Fault-Based Attacks and Countermeasures for Elliptic Curve Cryptosystems,'', Ph.D. thesis, (2008).

[34]

C. Donnelly and P. Embrechts, The devil is in the tails,, ASTIN Bulletin, 40 (2010), 1. doi: 10.2143/AST.40.1.2049222.

[35]

O. Dunkelman, N. Keller and A. Shamir, A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony,, in, (2010), 393. doi: 10.1007/978-3-642-14623-7_21.

[36]

S. Dziembowski, Intrusion-resilience via the bounded-storage model,, in, (2006), 207.

[37]

S. Dziembowski and K. Pietrzak, Leakage-resilient cryptography,, in, (2008), 293.

[38]

W. van Eck, Electromagnetic radiation from video display units: An eavesdropping risk?,, Comput. Soc., 4 (1985), 269.

[39]

J. Fan, X. Guo, E. De Mulder, P. Schaumont, B. Preneel and I. Verbauwhede, State-of-the-art of secure ECC implementations: A survey of known side-channel attacks and countermeasures,, in, (2010), 76. doi: 10.1109/HST.2010.5513110.

[40]

P. Fouque, R. Lercier, D. Réal and F. Valette, Fault attack on elliptic curve Montgomery ladder implementation,, in, (2008), 92.

[41]

R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle,, in, (1999), 123.

[42]

C. Gentry, Practical identity-based encryption without random oracles,, in, (2006), 445. doi: 10.1007/11761679_27.

[43]

S. Goldwasser, S. Micali and R. Rivest, A “paradoxical” solution to the signature problem,, in, (1984), 441.

[44]

S. Jones, The formula that felled Wall St.,, in, (2009), 8.

[45]

M. Joye, J. J. Quisquater, S. M. Yen and M. Yung, Observability analysis - Detecting when improved cryptosystems fail,, in, (2002), 17. doi: 10.1007/3-540-45760-7_2.

[46]

M. Joye and S. M. Yen, Checking before output may not be enough against fault-based cryptanalysis,, IEEE Trans. Comp., 49 (2000), 967. doi: 10.1109/12.869328.

[47]

M. Joye and S. M. Yen, The Montgomery powering ladder,, in, (2002), 291.

[48]

B. Kaliski, Contribution to ANSI X9F1 and IEEE P1363 working groups,, 17 June 1998., (1998).

[49]

J. Katz, Signature schemes with bounded leakage resilience,, available online at \url{http://eprint.iacr.org/2009/220.pdf}, ().

[50]

J. Katz and Y. Lindell, "Introduction to Modern Cryptography,'', Chapman and Hall/CRC, (2008).

[51]

J. Katz and V. Vaikuntanathan, Signature schemes with bounded leakage resilience,, in, (2009), 703. doi: 10.1007/978-3-642-10366-7_41.

[52]

T. Kleinjung, et al., Factorization of a 768-bit RSA modulus,, in, (2010), 333. doi: 10.1007/978-3-642-14623-7_18.

[53]

A. H. Koblitz, "A Convergence of Lives: Sofia Kovalevskaia - Scientist, Writer, Revolutionary,'', Birkhaüser, (1983). doi: 10.1007/978-1-4684-9438-9.

[54]

A. H. Koblitz, N. Koblitz and A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm shift,, J. Number Theory, 131 (2011), 781. doi: 10.1016/j.jnt.2009.01.006.

[55]

N. Koblitz, The uneasy relationship between mathematics and cryptography,, Notices Amer. Math. Soc., 54 (2007), 972.

[56]

N. Koblitz and A. Menezes, Another look at “provable security”,, J. Cryptology, 20 (2007), 3. doi: 10.1007/s00145-005-0432-z.

[57]

N. Koblitz and A. Menezes, Another look at “provable security” II,, in, (2006), 148. doi: 10.1007/11941378_12.

[58]

P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,, in, (1996), 104.

[59]

P. Kocher, Differential power analysis,, in, (1999), 388.

[60]

H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol,, in, (2005), 546. doi: 10.1007/11535218_33.

[61]

M. G. Kuhn, Compromising emanations: Eavesdropping risks of computer displays,, Technical Report 577, (2003).

[62]

A. K. Lenstra, J. Hughes, M. Augier, J. Bos, T. Kleinjung and C. Wachter, Ron was wrong, Whit is right,, available online at \url{http://eprint.iacr.org/2012/064.pdf}, ().

[63]

M. Luby and C. Rackoff, How to construct pseudorandom permutations from pseudorandom functions,, SIAM J. Comput., 17 (1988), 373. doi: 10.1137/0217022.

[64]

L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar and V. Makarov, Hacking commercial quantum cryptography systems by tailored bright illumination,, Nature Photonics, 4 (2010), 686. doi: 10.1038/nphoton.2010.214.

[65]

J. Manger, A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1 v2.0,, in, (2001), 230. doi: 10.1007/3-540-44647-8_14.

[66]

J. Markoff, Researchers find a flaw in a widely used online encryption method,, The New York Times, (2012).

[67]

K. McCurley, Language modeling and encryption on packet switched networks,, in, (2006), 359. doi: 10.1007/11761679_22.

[68]

A. Menezes, Another look at HMQV,, J. Math. Crypt., 1 (2007), 47.

[69]

A. Menezes, P. van Oorschot and S. Vanstone, "Handbook of Applied Cryptography,'', CRC Press, (1996). doi: 10.1201/9781439821916.

[70]

A. Menezes and N. Smart, Security of signature schemes in a multi-user setting,, Des. Codes Crypt., 33 (2004), 261. doi: 10.1023/B:DESI.0000036250.18062.3f.

[71]

Z. Merali, Hackers blind quantum cryptographers,, Nature News, ().

[72]

S. Micali and L. Reyzin, Physically observable cryptography,, in, (2004), 278.

[73]

P. Montgomery and R. Silverman, An FFT extension to the $P-1$ factoring algorithm,, Math. Comput., 54 (1990), 839.

[74]

M. Myers, C. Adams, D. Solo and D. Kapa, Internet X.509 certificate request message format,, IETF RFC 2511, (2511).

[75]

National Institute of Standards and Technology, Digital Signature Standard,, FIPS Publication 186, (1994).

[76]

National Security Agency, Tempest: A signal problem,, approved for release 27 September 2007, (2007).

[77]

P. Nguyen and I. Shparlinski, The insecurity of the digital signature algorithm with partially known nonces,, Des. Codes Crypt., 30 (2003), 201. doi: 10.1023/A:1025436905711.

[78]

T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes,, in, (1993), 31. doi: 10.1007/3-540-48071-4_3.

[79]

K. Paterson, T. Ristenpart and T. Shrimpton, Tag size does matter: Attacks and proofs for the TLS record protocol,, in, (2011), 371. doi: 10.1007/978-3-642-25385-0_20.

[80]

K. Paterson and G. Watson, Plaintext-dependent decryption: A formal security treatment of SSH-CTR,, in, (2010), 345. doi: 10.1007/978-3-642-13190-5_18.

[81]

S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over $GF(p)$ and its cryptographic significance,, IEEE Trans. Inform. Theory, 24 (1978), 106. doi: 10.1109/TIT.1978.1055817.

[82]

J. M. Pollard, Theorems on factorization and primality testing,, Proc. Cambridge Philos. Soc., 76 (1974), 521.

[83]

M. O. Rabin, Digitalized signatures and public-key functions as intractable as factorization,, MIT/LCS/TR-212, (1979).

[84]

R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems,, Commun. ACM, 21 (1978), 120. doi: 10.1145/359340.359342.

[85]

P. Rogaway, Practice-oriented provable security and the social construction of cryptography,, Unpublished essay based on an invited talk at Eurocrypt 2009, (2009).

[86]

P. Rogaway, M. Bellare and J. Black, OCB: A block-cipher mode of operation for efficient authenticated encryption,, ACM Trans. Inform. Sys. Secur., 6 (2003), 365. doi: 10.1145/937527.937529.

[87]

P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem,, in, (2006), 373. doi: 10.1007/11761679_23.

[88]

RSA Laboratories, PKCS #1 v2.1: RSA Cryptography Standard,, available online at \url{ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf}, (): 2.

[89]

RSA Laboratories, PKCS #10 v1.7: Certification Request Syntax Standard,, available online at \url{ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-10/pkcs-10v1_7.pdf}, ().

[90]

D. Russell and G. T. Gangemi Sr., Computer security basics,, in, (1991).

[91]

F. Salmon, Recipe for disaster: the formula that killed Wall Street,, Wired Magazine, (2009).

[92]

V. Shoup, Why chosen ciphertext security matters,, IBM Research Report RZ 3076 (#93122), (3076).

[93]

F.-X. Standaert, How leaky is an extractor?,, in, (2010), 294. doi: 10.1007/978-3-642-14712-8_18.

[94]

F.-X. Standaert, T. Malkin and M. Yung, A unified framework for the analysis of side-channel key recovery attacks,, in, (2009), 443. doi: 10.1007/978-3-642-01001-9_26.

[95]

N. Stephenson, "Cryptonomicon,'', Perennial, (1999).

[96]

C.-H. Tan, Key substitution attacks on some provably secure signature schemes,, IEICE Trans. Fundam., E87-A (2004), 226.

[97]

M. Turan, et al., Status report on the second round of the SHA-3 cryptographic hash algorithm competition,, NIST Interagency Report 7764, (7764).

[98]

S. Vaudenay, Provable security in block ciphers by decorrelation,, in, (1998), 249.

[99]

D. Wagner, The boomerang attack,, in, (1999), 156. doi: 10.1007/3-540-48519-8_12.

[100]

M. Whitehouse, Slices of risk,, The Wall Street Journal, (2005).

[101]

P. Wright, "Spycatcher - The Candid Autobiography of a Senior Intelligence Officer,'', William Heinemann, (1987).

[102]

G. Yang, D. S. Wong, X. Deng and H. Wang, Anonymous signature schemes,, in, (2006), 347. doi: 10.1007/11745853_23.

[103]

T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol,, IETF RFC 4252, (4252).

[1]

John Banks, Brett Stanley. A note on equivalent definitions of topological transitivity. Discrete & Continuous Dynamical Systems - A, 2013, 33 (4) : 1293-1296. doi: 10.3934/dcds.2013.33.1293

[2]

Florian Luca, Igor E. Shparlinski. On finite fields for pairing based cryptography. Advances in Mathematics of Communications, 2007, 1 (3) : 281-286. doi: 10.3934/amc.2007.1.281

[3]

Isabelle Déchène. On the security of generalized Jacobian cryptosystems. Advances in Mathematics of Communications, 2007, 1 (4) : 413-426. doi: 10.3934/amc.2007.1.413

[4]

Andreas Klein. How to say yes, no and maybe with visual cryptography. Advances in Mathematics of Communications, 2008, 2 (3) : 249-259. doi: 10.3934/amc.2008.2.249

[5]

Gerhard Frey. Relations between arithmetic geometry and public key cryptography. Advances in Mathematics of Communications, 2010, 4 (2) : 281-305. doi: 10.3934/amc.2010.4.281

[6]

Gérard Maze, Chris Monico, Joachim Rosenthal. Public key cryptography based on semigroup actions. Advances in Mathematics of Communications, 2007, 1 (4) : 489-507. doi: 10.3934/amc.2007.1.489

[7]

Diego F. Aranha, Ricardo Dahab, Julio López, Leonardo B. Oliveira. Efficient implementation of elliptic curve cryptography in wireless sensors. Advances in Mathematics of Communications, 2010, 4 (2) : 169-187. doi: 10.3934/amc.2010.4.169

[8]

Archana Prashanth Joshi, Meng Han, Yan Wang. A survey on security and privacy issues of blockchain technology. Mathematical Foundations of Computing, 2018, 1 (2) : 121-147. doi: 10.3934/mfc.2018007

[9]

Liqun Qi, Zheng yan, Hongxia Yin. Semismooth reformulation and Newton's method for the security region problem of power systems. Journal of Industrial & Management Optimization, 2008, 4 (1) : 143-153. doi: 10.3934/jimo.2008.4.143

[10]

Jian Mao, Qixiao Lin, Jingdong Bian. Application of learning algorithms in smart home IoT system security. Mathematical Foundations of Computing, 2018, 1 (1) : 63-76. doi: 10.3934/mfc.2018004

[11]

Zongmin Li, Jiuping Xu, Wenjing Shen, Benjamin Lev, Xiao Lei. Bilevel multi-objective construction site security planning with twofold random phenomenon. Journal of Industrial & Management Optimization, 2015, 11 (2) : 595-617. doi: 10.3934/jimo.2015.11.595

[12]

Jose-Luis Roca-Gonzalez. Designing dynamical systems for security and defence network knowledge management. A case of study: Airport bird control falconers organizations. Discrete & Continuous Dynamical Systems - S, 2015, 8 (6) : 1311-1329. doi: 10.3934/dcdss.2015.8.1311

[13]

Shuai Ren, Tao Zhang, Fangxia Shi, Zongzong Lou. The application of improved-DAA for the vehicle network node security in single- and multi-trusted domain. Discrete & Continuous Dynamical Systems - S, 2015, 8 (6) : 1301-1309. doi: 10.3934/dcdss.2015.8.1301

[14]

Yang Lu, Jiguo Li. Forward-secure identity-based encryption with direct chosen-ciphertext security in the standard model. Advances in Mathematics of Communications, 2017, 11 (1) : 161-177. doi: 10.3934/amc.2017010

2016 Impact Factor: 0.8

Metrics

  • PDF downloads (1)
  • HTML views (0)
  • Cited by (5)

Other articles
by authors

[Back to Top]