Topics in Cryptology — CT-RSA 2002: The Cryptographers’ Track at the RSA Conference 2002 San Jose, CA, USA, February 18–22, 2002 Proceedings PDF
Preview Topics in Cryptology — CT-RSA 2002: The Cryptographers’ Track at the RSA Conference 2002 San Jose, CA, USA, February 18–22, 2002 Proceedings
L e c t u r e N o t e s i n C o m p u t e r S c i e n c e 2 2 7 1 E d i t e d b y G . G o o s , J . H a r t m a n i s , a n d J . v a n L e e u w e n 3 B e r lin H e id e lb e r g N e w Y o r k B a r c e lo n a H o n g K o n g L o n d o n M ila n P a r is T o k y o B a r t P r e n e e l ( E d . ) T o p i c s i n C r y p t o l o g y – C T - R S A 2 0 0 2 T h e C r y p t o g r a p h e r s ’ T r a c k a t t h e R S A C o n f e r e n c e 2 0 0 2 S a n J o s e , C A , U S A , F e b r u a r y 1 8 - 2 2 , 2 0 0 2 P r o c e e d i n g s 1 3 S e r ie s E d ito r s G e r h a r d G o o s , K a r ls r u h e U n iv e r s ity , G e r m a n y J u r is H a r tm a n is , C o r n e ll U n iv e r s ity , N Y , U S A J a n v a n L e e u w e n , U tr e c h t U n iv e r s ity , T h e N e th e r la n d s V o lu m e E d ito r B a r t P r e n e e l K a th o lie k e U n iv e r s ite it L e u v e n , D e p a r tm e n t o f E le c tr ic a l E n g in e e r in g K a s te e lp a r k A r e n b e rg 1 0 , 3 0 0 1 L e u v e n - H e v e r le e , B e lg iu m E - m a il: b a r t.p r e n e e l@ e s a t.k u le u v e n .a c .b e C a ta lo g in g - in - P u b lic a tio n D a ta a p p lie d f o r D ie D e u ts c h e B ib lio th e k - C I P - E in h e its a u f n a h m e T o p ic s in c r y p to lo g y : th e C r y p to g r a p h e r s ’ T r a c k a t th e R S A C o n f e r e n c e 2 0 0 2 ; p r o c e e d in g s / C T - R S A 2 0 0 2 , S a n J o s é , C A , U S A , F e b r u a r y 1 8 - 2 2 , 2 0 0 2 . B a r t P r e n e e l ( e d .) . - B e r lin ; H e id e lb e rg ; N e w Y o r k ; B a r c e lo n a ; H o n g K o n g ; L o n d o n ; M ila n ; P a r is ; T o k y o : S p r in g e r, 2 0 0 2 ( L e c tu r e n o te s in c o m p u te r s c ie n c e ; V o l. 2 2 7 1 ) I S B N 3 - 5 4 0 - 4 3 2 2 4 - 8 C R S u b je c t C la s s ifi c a tio n ( 1 9 9 8 ) : E .3 , G .2 .1 , D .4 .6 , K .6 .5 , F .2 .1 - 2 , C .2 , J .1 I S S N 0 3 0 2 - 9 7 4 3 I S B N 3 - 5 4 0 - 4 3 2 2 4 - 8 S p r in g e r- V e r la g B e r lin H e id e lb e rg N e w Y o r k T h is w o rk is su b je c t to c o p y rig h t. A ll rig h ts a re re se rv e d , w h e th e r th e w h o le o r p a rt o f th e m a te ria l is c o n c e rn e d , sp e c ifi c a lly th e rig h ts o f tra n sla tio n , re p rin tin g , re -u se o f illu stra tio n s, re c ita tio n , b ro a d c a stin g , re p ro d u c tio n o n m ic ro fi lm s o r in a n y o th e r w a y , a n d sto ra g e in d a ta b a n k s. D u p lic a tio n o f th is p u b lic a tio n o r p a rts th e re o f is p e rm itte d o n ly u n d e r th e p ro v isio n s o f th e G e rm a n C o p y rig h t L a w o f S e p te m b e r 9 , 1 9 6 5 , in its c u rre n t v e rsio n , a n d p e rm issio n fo r u se m u st a lw a y s b e o b ta in e d fro m S p rin g e r-V e rla g . V io la tio n s a re lia b le fo r p ro se c u tio n u n d e r th e G e rm a n C o p y rig h t L a w . S p rin g e r-V e rla g B e rlin H e id e lb e rg N e w Y o rk a m e m b e r o f B e rte lsm a n n S p rin g e r S c ie n c e + B u sin e ss M e d ia G m b H h ttp ://w w w .sp rin g e r.d e © S p rin g e r-V e rla g B e rlin H e id e lb e rg 2 0 0 2 P rin te d in G e rm a n y T y p e se ttin g : C a m e ra -re a d y b y a u th o r, d a ta c o n v e rsio n b y O lg u n C o m p u te rg ra fi k P rin te d o n a c id -fre e p a p e r S P IN : 1 0 8 4 6 1 5 7 0 6 /3 1 4 2 5 4 3 2 1 0 Preface This volume continues the tradition established in 2001 of publishing the con- tributionspresentedattheCryptographers’Track(CT-RSA)oftheyearlyRSA Security Conference in Springer-Verlag’s Lecture Notes in Computer Science series. With 14 parallel tracks and many thousands of participants, the RSA Se- curity Conference is the largest e-security and cryptography conference. In this setting, the Cryptographers’ Track presents the latest scientific developments. The program committee considered 49 papers and selected 20 for presenta- tion. One paper was withdrawn by the authors. The program also included two invitedtalksbyRonRivest(“MicropaymentsRevisited”–jointworkwithSilvio Micali) and by Victor Shoup (“The Bumpy Road from Cryptographic Theory to Practice”). Each paper was reviewed by at least three program committee members; paperswrittenbyprogramcommitteemembersreceivedsixreviews.Theauthors of accepted papers made a substantial effort to take into account the comments intheversionsubmittedtotheseproceedings.Inalimitednumberofcases,these revisions were checked by members of the program committee. I would like to thank the 20 members of the program committee who helped tomaintaintherigorousscientificstandardstowhichtheCryptographers’Track aims to adhere. They wrote thoughtful reviews and contributed to long discus- sions; more than 400 Kbyte of comments were accumulated. Many of them at- tended the program committee meeting, while they could have been enjoying the sunny beaches of Santa Barbara. I gratefully acknowledge the help of a large number of colleagues who re- viewedsubmissionsintheirareaofexpertise:MasayukiAbe,N.Asokan,Tonnes Brekne,EmmanuelBresson,EricBrier,JanCamenisch,ChristianCollberg,Don Coppersmith, Jean-S´ebastien Coron, Serge Fehr, Marc Fischlin, Matthias Fitzi, Pierre-Alain Fouque, Anwar Hasan, Clemens Holenstein, Kamal Jain, Marc Joye, Darko Kirovski, Lars Knudsen, Neal Koblitz, Anna Lysyanskaya, Lennart Meier, David M’Raihi, Phong Nguyen, Pascal Paillier, Adrian Perrig, David Pointcheval, Tal Rabin, Tomas Sander, Berk Sunar, Michael Szydlo, Christophe Tymen, Frederik Vercauteren, Colin Walter, Andre Weimerskirch, and Susanne Wetzel. I apologize for any inadvertent omissions. Electronic submissions were made possible by a collection of PHP scripts originally written by Chanathip Namprempre and some perl scripts written by Sam Rebelsky and SIGACT’s Electronic Publishing Board. For the review pro- cedure, web-based software was used which I designed for Eurocrypt 2000; the code was written by Wim Moreau and Joris Claessens. IwouldliketothankWimMoreauforhelpingwiththeelectronicprocessing of the submissions and final versions, Ari Juels and Burt Kaliski for interfacing VI Preface with the RSA Security Conference, and Alfred Hofmann and his colleagues at Springer-Verlag for the timely production of this volume. Finally,Iwishtothankalltheauthorswhosubmittedpapersandtheauthors ofacceptedpapersforthesmoothcooperationwhichenabledustoprocessthese proceedings as a single LaTeX document. We hope that in the coming years the Cryptographers’ Track will continue to be a forum for dialogue between researchers and practitioners in information security. November 2001 Bart Preneel RSA Cryptographers’ Track 2002 February 18–22, 2002, San Jose, California The RSA Conference 2002 was organized by RSA Security Inc. and its partner organizations around the world. The Cryptographers’ Track was organized by RSA Laboratories (http://www.rsasecurity. com). Program Chair Bart Preneel, Katholieke Universiteit Leuven, Belgium Program Committee Dan Boneh ............................. Stanford University, USA Yvo Desmedt .......................Florida State University, USA Dieter Gollmann ........................Microsoft Research, USA Stuart Haber .....................................Intertrust, USA Shai Halevi .................................. IBM Research, USA Helena Handschuh ...............................Gemplus, France Martin Hirt ....................................ETH, Switzerland Markus Jakobssen ........................RSA Laboratories, USA Ari Juels .................................RSA Laboratories, USA Pil Jong Lee ...................................... Postech, Korea Alfred Menezes ...................University of Waterloo, Canada Kaisa Nyberg ..................................... Nokia, Finland Tatsuaki Okamoto ..............................NTT Labs, Japan Christof Paar .............Worcester Polytechnique Institute, USA Jean-Jacques Quisquater ........Univ. Cath. de Louvain, Belgium Jacques Stern .................. Ecole Normale Sup´erieure, France Michael Wiener ...........................................Canada Yacov Yacobi ............................Microsoft Research, USA Moti Yung ...........................................Certco, USA Yuliang Zheng ......................Monash University, Australia Table of Contents Public Key Cryptography On Hash Function Firewalls in Signature Schemes...................... 1 Burton S. Kaliski Jr. Observability Analysis – Detecting When Improved Cryptosystems Fail... 17 Marc Joye, Jean-Jacques Quisquater, Sung-Ming Yen, and Moti Yung Efficient Hardware Implementations Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli ........................... 30 Colin D. Walter Montgomery in Practice: How to Do It More Efficiently in Hardware ..... 40 Lejla Batina and Geeke Muurling Mist: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis ........................................ 53 Colin D. Walter An ASIC Implementation of the AES SBoxes ......................... 67 Johannes Wolkerstorfer, Elisabeth Oswald, and Mario Lamberger Public Key Cryptography: Theory On the Impossibility of Constructing Non-interactive Statistically-Secret Protocols from Any Trapdoor One-Way Function ...................... 79 Marc Fischlin The Representation Problem Based on Factoring....................... 96 Marc Fischlin and Roger Fischlin Symmetric Ciphers Ciphers with Arbitrary Finite Domains ............................... 114 John Black and Phillip Rogaway Known Plaintext Correlation Attack against RC5 ...................... 131 Atsuko Miyaji, Masao Nonaka, and Yoshinori Takii E-Commerce and Applications Micropayments Revisited ........................................... 149 Silvio Micali and Ronald L. Rivest X Table of Contents Proprietary Certificates............................................. 164 Markus Jakobsson, Ari Juels, and Phong Q. Nguyen Stateless-Recipient Certified E-Mail System Based on Verifiable Encryption ...................................... 182 Giuseppe Ateniese and Cristina Nita-Rotaru Digital Signatures RSA-Based Undeniable Signatures for General Moduli.................. 200 Steven D. Galbraith, Wenbo Mao, and Kenneth G. Paterson Co-operatively Formed Group Signatures ............................. 218 Greg Maitland and Colin Boyd Transitive Signature Schemes........................................ 236 Silvio Micali and Ronald L. Rivest Homomorphic Signature Schemes .................................... 244 Robert Johnson, David Molnar, Dawn Song, and David Wagner Public Key Encryption GEM: A Generic Chosen-Ciphertext Secure Encryption Method ......... 263 Jean-S´ebastien Coron, Helena Handschuh, Marc Joye, Pascal Paillier, David Pointcheval, and Christophe Tymen Securing “Encryption + Proof of Knowledge” in the Random Oracle Model ........................................ 277 Masayuki Abe Discrete Logarithm Nonuniform Polynomial Time Algorithm to Solve Decisional Diffie-Hellman Problem in Finite Fields under Conjecture .............. 290 Qi Cheng and Shigenori Uchiyama Secure Key-Evolving Protocols for Discrete Logarithm Schemes.......... 300 Cheng-Fen Lu and ShiuhPyng Winston Shieh Author Index ................................................. 311
The list of books you might like
