ebook img

Advances in Cryptology — EUROCRYPT ’88: Workshop on the Theory and Application of Cryptographic Techniques Davos, Switzerland, May 25–27, 1988 Proceedings PDF

441 Pages·1988·7.001 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Advances in Cryptology — EUROCRYPT ’88: Workshop on the Theory and Application of Cryptographic Techniques Davos, Switzerland, May 25–27, 1988 Proceedings

Lecture Notes in Computer Science Edited by G. Goos and J. Hartmanis 330 Christoph G. Gunther (Ed.) Advances in Cryptology - EUROCRYPT '88 Workshop on the Theory and Application of Cryptographic Techniques Davos, Switzerland, May 25-27, 1988 Proceedings Springer-Verlag Berlin Heidelbera New York London Paris Tokyo Editorial Board D. Barstow W. Brauer P: Brinch Hansen D. Gries D. Luckham C. Moler A. Pnueli G. Seegrnuller J. Stoer N Wirth Editor Christoph G. Gunther Asea Brown Boveri, Corporate Research CH-5405 Baden. Switzerland CR Subject Classification (1987): D.4.6, E.3, H.2.0 ISBN 3-540-50251 -3 Springer-Verlag Berlin Heidelberg New York ISBN 0-387-50251- 3 Springer-Verlag New York Berlin Heidelberg This work is subject to copyright All rights are reserved whether the whole or part of the material IS concerned specifically the riglts of translation reprinting re use of illustrations recitation broadcasting reproduction on microfilms or in other ways and storage in data banks Duplication oi this publication or parts thereof IS only permitted under the provisions of the German Copyrtght Law of September 9 1965 in its version of Junr 24 1985 and a copyright fee must always be paid Violations fall under the prosecution act of the Germdn Copyright Law S Springer Verlag Berlin Heidelberg 1988 PrintPd in Germdny Printing and binding Druckhaus Beltz HemsbachIBergstr 2145/3140 5432 10 PREFACE The International .4ssociation for Cryptologic Research (1.4CR) organizes tmo in- ternational conferences every year, one in Europe and one in the 1-nited States. EUROCRYI’T’88. held in the beautiful environment of the S\~isbm ountains in Davos, was the sixth European conference. The number of contributions and of participants at the meeting has increased substantiall!.. which is an indication of the high interest in cryptography and system security in general. The interest has not only increased but has also further moved towards au- thentication. signatures and other protocols. This is easy to understand in view of the urgent needs for such protocols, in particular in connection with open in- formation systems, and in view of the exciting problems in this area. The equally fascinating classical field of secrecy, 2.e. the theory, design and analysis of stream or block ciphers and of public key cryptosystems. was however also well represented and several significant results mere communicated. The present proceedings contain all contributions which were accepted for presentation. The chapters correspond to the sessions at the conference. I am grateful to all authors of these contributions for the careful preparation and prompt submission of their papers. On behalf of the General Chairman, it is a pleasure to thank the authors and the members of the Program Committee for having made the conference such an interesting and stimulating meeting. 1f-e are indebted to the sponsors for their generous donations and to the members of the Organization Committee, who have so perfectly organized the meeting. Baden, June 1988 C.G.G. EUROCRYP T'88 was sponsored by the lnternational Association for Cryptologic Research (IACR) General Chairman: James L. Massej.. Swiss Federal Institute of .lechnology. Zurich. Switzerland Program Chairman: Ingemar Ingemarsson. Linkiiping Urii\.ersitJ.. Sweden Organmng Commztttt: Program c'om nr at t Pt: Josk Clarinval. Zurich Rolf Blom. Stockholm Christoph G. Giinther, Baden Lennart Brynielsson, Stockholm Kirk H. Kirchhofer. Zug Ivan Damgard. Aarhus Ueli hlaurer. Zurich l-iveke Fak, Linktiping Rainer .4. Kueppel, Zug Tor Helleseth. Bergen Paul Schoebi, Regensdorf Rolf Johannesson. Lund Thomas Siegenthaler, Zurich Othmar Staffelbach. Kegensdorf The conference was generously supported by Union Bank of Switzerland. Zurich Springer-1-erlag. Heidelberg and Kew York Amstein Walthert Kleiner -4G. Zurich. Switzerland Asea Brown Boveri AG, Zurich, Switzerland Ascom-Radiocom AG. Solothurn. Switzerland Crypto AG. Zug, Switzerland Gretag Ltd., Regensdorf, Switzerland CONTENTS SECTION I: KEY DISTRIBUTION Key Agreements Based on Function Composition ........................... 3 Ruiner -4.R ueppel Security of Improved Identity-Based Conference Key Distribution Systems ......................................... 11 Kenji Koyama, Kazuo Ohta SECTION 11: AUTHENTICATION Subliminal-Free Authentication and Signature ............................. 23 Yvo G. Desmedt Zero-Knowledge Proofs of Identity and Veracity of Transaction Receipts ... .35 Gustavus J. Simmons, George B. PuTdy Authentication Codes with Multiple Arbiters .............................. 51 Ernest F. Brickell, Doug R. Stinson Some Constructions for A4uthentication-SecrecyC odes ..................... 3c i3 Marijke De Soete Efficient Zero-Knowledge Identification Scheme for Smart Cards ................................................... 3i -I Thomas Beth Vlll SECTION 111: SIGNATURES .4 Smart Card Implementatiorl of the Fiat-Shamir Identification Scheme ................................ .87 Hun$-J oachzm Knobloch hlanipulations and Errors. Detection and Localitation ..................... 97 Ph. Godleuiskl. P. Camzon Privacy Protected Payments - Realization uf a I’rotocol that <;uaran tees Pa>w .hon!.mi t y ............................... .lo7 S~izfn J. Knapskng -4 Practical Zero-Knowledge l’rotocol Fitted to Security llicroprocessor hlinimizing Both Transmission and hlemor!. ...................... 123 c. Louzs (;ud1ou. Jean-Jacyws @LasqualtT A Generalized Birthday Attack .......................................... .129 .flIarc Gzrau11, Robert Cohen. ,\fzrezlk Campanu SECTION IV: PROTOCOLS -4n Interactive Data Exchange Protocol Based on Discrete Exponentiation ......................................... .159 G. B. ilgnew. R. C. Afdlzn. S. A. Ihnstone Anonymous and Terifiable Registration in Databases ..................... .167 J~rgenB randt. Iran B J ~ TDTam~g drd, Peter Landrock Elections with Unconditionally-Secret Ballots and Disruption Equivalent to Breaking RS.4 ..................................... 177 Davnd Chaum Passports and l*isas Versus ID’S ......................................... .183 Georgt I. Damda, I-Tio G. DPsmedt IX SECTION V: COMPLEXITY AND NUMBER THEORY The Probabilistic Theory of Linear Complexity ........................... 191 Harald Nzederrtzter A Probabilistic Primalit! Test Based on the Properties of Certain Generalized Lucas Kumbers ........................... 211 ildzna Dz Porto, Pztro Falzpponz On the Construction of Random Number Generators and Random Function Generators ............................... ,225 c. P. Schnorr SECTION VI: NUMERICAL METHODS Factorization of Large Integers on a hlassivdy Parallel Computer .........2 35 James A. Darzs. Diane R. Holdridge A Fast Modular Arithmetic Algorithm Using a Residue Table ............ ,235 Shan-achz Kawumura, Kyoko Hzrano Fast Exponentiation in GF(2“) .......................................... .231 G. B. AgntuilLR’,. C. Alullzn, S. A. lanstont Fast RSA-Hardware: Dream or Reality? ................................. ,237 Frank Hoornaert, hfarc DECTOOS. Joos ?‘andeulalle, Re& Govaerts X SECTION VII: CRYPTANALYSIS Properties of the Euler Totient Function Modulo 24 and Some of its Cryptographic Implications ...................... 267 Raouf N. Gorgui-Xaguib, Satnam S.D lay An Observation on the Security of McEliece's Public-Key Cryptosystem .. .275 P. J. Lee, E. F. Brzckell How to Break Okamoto's Cryptosystern by Reducing Lattice Bases ....................................... 281 Brzgitte Ihllee, Marc Girault, Phzlzppe Tofin Cryptanalysis of F. E. A. L. ............................................. .293 Bert Den Boer Fast Correlation Attacks on Stream Ciphers .............................. 301 M-illi hleier, Othmar Staffelbach SECTION VIII: RUNNING-KEY CIPHERS A New Class of Nonlinear Functions for Running-Key Generators ........................................ .317 Shu Tezuka Windmill Generators: A Generalization and an Observation of How Many There Are ......................................... .325 B. J. M. Smeets, 14'. G. Chambers Lock-in Effect in Cascades of Clock-Controlled Shift-Registers .................................................. .331 William G. Chambers, Dieter Gollmann Proof of Massey's Conjectured Algorithm ................................ .345 Cunshe ng Ding Linear Recurring m-Arrays .............................................. .351 Dongdai Lin? Mulan Liu XI SECTION IX: CIPHER THEORY AND THRESHOLD Substantial Number of Cryptographic Keys and its Application to Encryption Designs ........................................... .361 Eiji Okamoto A Measure of Semiequivocation .......................................... .375 Andrea SgaTTO Some New Classes of Geometric Threshold Schemes ...................... .389 Marzjke De Soete, Klaus Vedder SECTION X: NEW CIPHERS A Universal Algorithm for Homophonic Coding .......................... .405 Christoph G. Ginther A New Probabilistic Encryption Scheme ................................. .415 He Jingmin, Lu Kaicheng Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption ......................................... 419 Tsutomu Matsumoto, Hideki Imai Some Applications of Multiple Key Ciphers .............................. .455 Colin Boyd Author Index ............................................................ 469 .......................................................... Keyword Index .471 KEY AGREEMENTS BASED ON FUNCTION COMPOSITION Rainer A. Rueppel Crypto AG 6312 Steinhausen Switzerland Abstract: Two protocols are presented that accomplish the same goal as the original Diffie-Hellman protocol, namely, to establish a common secret key using only public messages. They are based on n-fold composition of some suitable elementary function. The first protocol is shown to fail always when the elementary function is chosen to be linear. This does not preclude its use for a suitable nonlinear elementary function. The second protocol is shown to be equivalent to the Diffie-Hellman protocol when the elementary function is chosen to be linear. Some examples are given to illustrate the use of both protocols. It is still an open problem whether the presented approach allows for an improvement in terms of speed and/or security over the original DH-protocol. Suppose we are given an autonomous finite-state machine with next-state function F. After one time step an initial state SO will be transferred to sl=F(so). After n time steps we have sn= F(F(. ..F (SJ ...))= F"(So) where Fn stands for the n-fold application of F to its argument. (Although we do not need the finite-state machine context to derive some results, we use it to illustrate the approach). Now define two functions g and h, C.G. Guenther (Ed.): Advances in Cryptology - EUROCRYPT '88, LNCS 330, pp. 3-10, 1988. 0 Springer-Verlag Berlin Heidelberg 1988

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.