Abstract. We describe a new explicit function that given an elliptic curve E defined over Fpn, maps elements of Fpn into E in deterministic polynomial time and in a constant number of operations over Fpn . The function requires to compute a cube root. As an application we show how to hash deterministically into an elliptic curve.
Abstract.We provide the first construction of a hash function into ordinary elliptic curves that is indifferentiable from a random oracle, based on Icart's deterministic encoding from Crypto 2009. While almost as efficient as Icart's encoding, this hash function can be plugged into any cryptosystem that requires hashing into elliptic curves, while not compromising proofs of security in the random oracle model.We also describe a more general (but less efficient) construction that works for a large class of encodings into elliptic curves, for example the Shallue-Woestijne-Ulas (SWU) algorithm. Finally we describe the first deterministic encoding algorithm into elliptic curves in characteristic 3.
On an elliptic curve, the degree of an isogeny corresponds essentially to the degrees of the polynomial expressions involved in its application. The multiplicationby map [ ] has degree 2 , therefore the complexity to directly evaluate [ ](P ) is O(2 ). For a small prime (= 2, 3) such that the additive binary representation provides no better performance, this represents the true cost of application of scalar multiplication. If an elliptic curves admits an isogeny ϕ of degree then the costs of computing ϕ(P ) should in contrast be O( ) eld operations. Since we then have a product expression [ ] =φϕ, the existence of an -isogeny ϕ on an elliptic curve yields a theoretical improvement from O( 2 ) to O( ) eld operations for the evaluation of [ ](P ) by naïve application of the dening polynomials. In this work we investigate actual improvements for small of this asymptotic complexity. For this purpose, we describe the general construction of families of curves with a suitable decomposition [ ] =φϕ, and provide explicit examples of such a family of curves with simple decomposition for [3]. Finally we derive a new tripling algorithm to nd complexity improvements to triplication on a curve in certain projective coordinate systems, then combine this new operation to non-adjacent forms for -adic expansions in order to obtain an improved strategy for scalar multiplication on elliptic curves.
Abstract. In 2004, Molnar and Wagner introduced a very appealing scheme dedicated to the identification of RFID tags. Their protocol relies on a binary tree of secrets which are shared -for all nodes except the leaves -amongst the tags. Hence the compromise of one tag also has implications on the other tags with whom it shares keys. We describe a new man-in-the-middle attack against this protocol which allows to break privacy even without opening tags. Moreover, it can be applied to some other RFID protocols which use correlated keys as the one described recently by Damgård and Pedersen at CT-RSA 2008. We introduce a modification of the initial scheme to allow us to thwart this and to strengthen RFID tags by implementing secrets with Physical Obfuscated Keys (POKs). This doing, we augment tags and scheme privacy, particularly general resistance against physical threats.
At first glance, privacy and zero-knowledgeness seem to be similar properties. A scheme is private when no information is revealed on the prover and in a zero-knowledge scheme, communications should not leak provers' secrets.Until recently, privacy threats were only partially formalized and some zero-knowledge (ZK) schemes have been proposed so far to ensure privacy. We here explain why the intended goal is not reached. Following the privacy model proposed by Vaudenay at Asiacrypt 2007, we reconsider the analysis of these schemes. We firstly propose a framework which enables to transform some generic ZK scheme into private scheme. We then apply as a relevant example this framework to the GPS scheme. This leads to efficient implementations of zero-knowledge identification schemes which respect privacy. Their security and their privacy are based on the problem of the Short Exponent Decisional DiffieHellman problem.
Abstract. We here describe a new Password-based Authenticated Key Exchange (PAKE) protocol based on elliptic curve cryptography. We prove it secure in the Bellare-Pointcheval-Rogaway (BPR) model. A significant novelty in our work is that the elliptic curve public parameters remain private. This is important in the context of ID contactless devices as, in this case, there will exist most probably a way to link these parameters with the nationality of the ID document owners.
This paper describes an innovative and highly secure networking architecture, dedicated to the Internet of Things (IoT). We propose an infrastructure that works with a new type of tags, supporting the recently standardized Host Identity Protocol (HIP). Our main concern is to ensure RFID tags privacy, while enabling things to things communications.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.