Abstract. In this paper we describe a simple protocol for secure delegation of the elliptic-curve pairing. A computationally limited device (typically a smart-card) will delegate the computation of the pairing e(A, B) to a more powerful device (for example a PC), in such a way that 1) the powerful device learns nothing about the points A and B, and 2) the limited device is able to detect when the powerful device is cheating.
Abstract. In this paper, we study the problem of simultaneously achieving several security properties, for voting schemes, without non-standard assumptions. More specifically, we focus on the universal verifiability of the computation of the tally, on the unconditional privacy/anonymity of the votes, and on the receipt-freeness properties, for the most classical election processes. Under usual assumptions and efficiency requirements, we show that a voting system that wants to publish the final list of the voters who actually voted, and to compute the number of times each candidate has been chosen, we cannot achieve:-universal verifiability of the tally (UV) and unconditional privacy of the votes (UP) simultaneously, unless all the registered voters actually vote;
Abstract.It is well known that a malicious adversary can try to retrieve secret information by inducing a fault during cryptographic operations. Following the work of Seifert on fault inductions during RSA signature verification, we consider in this paper the signature counterpart.Our article introduces the first fault attack applied on RSA in standard mode. By only corrupting one public key element, one can recover the private exponent. Indeed, similarly to Seifert's attack, our attack is done by modifying the modulus.One of the strong points of our attack is that the assumptions on the induced faults' effects are relaxed. In one mode, absolutely no knowledge of the fault's behavior is needed to achieve the full recovery of the private exponent. In another mode, based on a fault model defining what is called dictionary, the attack's efficiency is improved and the number of faults is dramatically reduced. All our attacks are very practical.Note that those attacks do work even against implementations with deterministic (e.g., RSA-FDH) or random (e.g., RSA-PFDH) paddings, except for cases where we have signatures with randomness recovery (such as RSA-PSS).
Abstract. ElGamal encryption is the most extensively used alternative to RSA. Easily adaptable to many kinds of cryptographic groups, ElGamal encryption enjoys homomorphic properties while remaining semantically secure providing that the DDH assumption holds on the chosen group. Its practical use, unfortunately, is intricate: plaintexts have to be encoded into group elements before encryption, thereby requiring awkward and ad hoc conversions which strongly limit the number of plaintext bits or may partially destroy homomorphicity. Getting rid of the group encoding (e.g., with a hash function) is known to ruin the standard model security of the system. This paper introduces a new alternative to group encodings and hash functions which remains fully compatible with standard model security properties. Partially homomorphic in customizable ways, our encryptions are comparable to plain ElGamal in efficiency, and boost the encryption ratio from about 13 for classical parameters to the optimal value of 2.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.