Selecting Cryptographic Key Sizes

Lenstra, Arjen K.; Verheul, Eric R.

doi:10.1007/978-3-540-46588-1_30

Cited by 190 publications

(126 citation statements)

References 14 publications

Supporting

Mentioning

122

Contrasting

Unclassified

Order By: Relevance

“…From [5], the estimated key size used in ECC is 28 bytes and a signature size of 56 bytes. The security strength of 224-bit key in ECC is equivalent to that of 2048-bit key in RSA cryptosystem [10]. In [9], Lu et al measured the computation times of the multiplication, pairing and exponentiation operations using 3 GHz processor and 512 MB RAM.…”

Section: B Computation Overheadmentioning

confidence: 99%

Privacy-preserving route reporting scheme for traffic management in VANETs

Rabieh

Mahmoud

Younis

2015

2015 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

With the large increase in the number of registered vehicles, the congestion and slow traffic problems are expected to worsen. Vehicular Ad Hoc Networks (VANETs) can play a great role in avoiding these problems by sending guidance to vehicles to pursue alternative routes. However, the published schemes require vehicles to report their future routes which can seriously violate privacy. In this paper, we present privacy-preserving route reporting scheme that suits VANET-enabled traffic management rather than warning vehicles after congestion happens. Vehicles provide encrypted segment-based route information to road side units (RSUs). Instead of sending one message for each route segment, all the segments' data can be collected by one message using homomorphic encryption. RSUs compute the encryption of the expected number of vehicles in each segment of the road without knowing the actual routes of vehicles. Each RSU shares the vehicles' routes information with a traffic management center (TMC), which decrypts the expected total number of vehicles at different segments of the road without knowing the individual vehicles' routes. Then, it conducts analysis and sends predictions and recommendations back to the RSUs. Passing vehicles solicit hints from RSUs on the expected traffic condition in order to decide to take an alternating route if there is a potential of congestion or slow traffic in its main route. Our analysis and evaluation results demonstrate that our scheme can preserve the privacy of the drivers' future routes in an efficient and secure way.

show abstract

Section: B Computation Overheadmentioning

confidence: 99%

Privacy-preserving route reporting scheme for traffic management in VANETs

Rabieh

Mahmoud

Younis

2015

2015 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

show abstract

“…( (6) where rand() is a function that generates a random number ∊ (0,1) drawn from a random distribution (uniform in our case). The randomization term computes a random step-size in a way that ri does not cross the boundary of the search domain.…”

Section: Movement Equationmentioning

confidence: 99%

“…In view of this, Lenstra and Verheul [6] suggested secure symmetric and asymmetric key sizes by year which can be found in Table I. The exact algorithms often incur huge memory and runtime expenses as we have seen in many such algorithms applied to various NP-Hard problems.…”

Section: Introductionmentioning

confidence: 99%

A New Heuristic Algorithm Based on Molecular Geometry Optimization and Its Application to the Integer Factorization Problem

Mishraa

Chaturvedib

Shukla

2014

2014 International Conference on Soft Computing and Machine Intelligence

View full text Add to dashboard Cite

In this paper, the intractable problem of finding the prime factors of an integer has been represented as the integer programming problem to be solved using nature inspired heuristics. Integer factorization is a one-way mathematical function and because of its computational intractability, it is frequently used in public key cryptography, for example in RSA encryption systems. Since integer factorization can be represented in the form of a discrete optimization task, more specifically as integer programming problem, various optimization tools can be utilized for cryptanalysis. In this contribution, we approach this problem using a heuristic algorithm designed with concepts derived from computational chemistry that involves energy minimization of a molecular geometry of a crystal. We observe that computational chemistry can provide a great insight into such problems of unknown dynamics. Future work remains to optimize the algorithm for scalability.

show abstract

“…Indeed, estimating the rate of future cryptanalytical successes is difficult, see e.g. Lenstra and Verheul [26]. Prudent designers use safety margins to allow for unexpected breakthroughs; however, there is often resistance to replace widely deployed standards which were not broken yet, 'just' since the safety margins were eroded.…”

Section: Introductionmentioning

confidence: 99%

Folklore, practice and theory of robust combiners

Herzberg

2009

JCS

View full text Add to dashboard Cite

Cryptographic schemes are often designed as a combination of multiple component cryptographic modules. Such a combiner design is robust for a (security) specification if it meets the specification, provided that a sufficient subset of the components meet their specifications. A folklore combiner for encryption is cascade, i.e. c = E e (E e (m)). We show that cascade is a robust combiner for cryptosystems, under three important indistinguishability specifications: chosen plaintext attack (IND-CPA), non-adaptive chosen ciphertext attack (IND-CCA1), and replayable chosen ciphertext attack (IND-rCCA). We also show that cascade is not robust for the important specifications adaptive CCA (IND-CCA2) and generalized CCA (IND-gCCA). The IND-rCCA and IND-gCCA specifications are closely related, and this is an interesting difference between them. All specifications are defined within.We also analyze few other basic and folklore combiners. In particular, we show that the following are robust combiners: the parallel combiner f (x) = f (x) f (x) for one-way functions, the XORinput combiner c = (E e (m ⊕ r), E e (r)) for cryptosystems, and the copy combinerfor integrity tasks such as Message Authentication Codes (MAC) and signature schemes. Cascade is also robust for the hiding property of commitment schemes, and the copy combiner is robust for the binding property, but neither is a robust combiner for both properties.We present (new) robust combiners for commitment schemes; these new combiners can be viewed as a composition of the cascade and the copy combiners. Our combiners are simple, efficient and practical. A. Herzberg / Folklore, practice and theory of robust combinersThis motivates the usage, and study, of robust combiners for cryptographic mechanisms. A robust combiner 1 combines several cryptographic modules, such that the combined mechanism is secure even if some of the modules turn out to be insecure. In particular, the robust combiner remains secure following successful cryptanalysis of some of its modules, refutation of one or few of the assumptions underlying its security (e.g. the assumption that factoring is a hard problem), or attempts to exploit a vulnerability in some of the modules, due to implementation error, design errors, or even an intentional trapdoor in the design or implementation. Using a robustcombiner does not guarantee security; however, it would hopefully provide sufficient advance-warning time to replace the broken cryptographic modules.Many cryptographic systems combine redundant components in hope of achieving robustness (tolerance). There are several known (often folklore) combiners of cryptographic modules, often with the stated or implicit goal of achieving robustness (tolerance) or even improving security. Possibly the most well known combiner is the cascade combiner, applied e.g. to block ciphers and encryption schemes. Cascading of cryptosystems and ciphers has been a common practice in cryptography for hundreds of years.However, there were not many publications, prior to this work, an...

show abstract

Selecting Cryptographic Key Sizes

Abstract: Abstract. In this article we give guidelines for the determination of cryptographic key sizes. Our recommendations are based on a set of explicitly formulated hypotheses, combined with existing data points about the cryptosystems. This article is an abbreviated version of [15].

Cited by 190 publications

References 14 publications

Privacy-preserving route reporting scheme for traffic management in VANETs

Privacy-preserving route reporting scheme for traffic management in VANETs

A New Heuristic Algorithm Based on Molecular Geometry Optimization and Its Application to the Integer Factorization Problem

Folklore, practice and theory of robust combiners

Contact Info

Product

Resources

About