检索结果-内蒙古大学图书馆

Attacking (EC)DSA scheme with ephemeral keys sharing specific bits

THEORETICAL COMPUTER SCIENCE 2024年 1001卷

作者： Adamoudis, M. Draziotis, K. A. Poulakis, D. Aristotle Univ Thessaloniki Dept Math Thessaloniki 54124 Greece Aristotle Univ Thessaloniki Dept Informat Thessaloniki 54124 Greece

In this paper, we present a deterministic attack on (EC)DSA signature scheme, providing that several signatures are known such that the corresponding ephemeral keys share a certain amount of bits without knowing their value. By eliminating the shared blocks of bits between the ephemeral keys, we get a lattice of dimension equal to the number of signatures having a vector containing the private key. We compute an upper bound for the distance of this vector from a target vector, and next, using Kannan's enumeration algorithm, we determine it and hence the secret key. The attack can be made highly efficient by appropriately selecting the number of shared bits and the number of signatures.

关键词： Digital signature algorithm Elliptic curve digital signature algorithm Lattice lll algorithm Kannan's enumeration algorithm

来源：评论

学校读者我要写书评

暂无评论

Attacking (EC)DSA with partially known multiples of nonces

引用

INFORMATION AND COMPUTATION 2024年第PartB期301卷

作者： Adamoudis, Marios Draziotis, Konstantinos A. Poulakis, Dimitrios Aristotle Univ Thessaloniki Dept Math Thessaloniki 54124 Greece Aristotle Univ Thessaloniki Dept Informat GR-54124 Thessaloniki Greece

In this paper, we introduce a series of attacks on DSA schemes that, under certain assumptions, can expose the secret key when one or more signed messages are accessible. By utilizing these signed messages, we construct a system of linear congruences with at most one solution smaller than a specific bound, which can be efficiently determined using Babai's Nearest Plane algorithm. As a case study, we provide a successful attack on secp161k1, assuming that a particular multiple of an ephemeral key is 161 bits long. (c) 2024 Elsevier Inc. All rights are reserved, including those for text and data mining, AI training, and similar technologies.

关键词： Digital signature algorithm Elliptic curve digital signature algorithm lll algorithm Babai's nearest plane algorithm

来源：评论

学校读者我要写书评

暂无评论

New Results of Breaking the CLS Scheme from ACM-CCS 2014 24th

New Results of Breaking the CLS Scheme from ACM-CCS 2014

引用

24th International Conference on Information and Communications Security (ICICS)

作者： Gao, Jing Xu, Jun Wang, Tianyu Hu, Lei Chinese Acad Sci Inst Informat Engn State Key Lab Informat Secur Beijing 100093 Peoples R China Univ Chinese Acad Sci Sch Cyber Secur Beijing 100093 Peoples R China

ISBN: (纸本)9783031157776;9783031157769

At ACM-CCS 2014, Cheon, Lee and Seo introduced a particularly fast additively homomorphic encryption scheme (CLS scheme) based on a new number theoretic assumption, the co-Approximate Common Divisor (co-ACD) assumption. However, at Crypto 2015, Fouque et al. presented several lattice-based attacks that effectively devastated this scheme. They proved that a few known plaintexts are sufficient to break both the symmetric-key and the public-key variants, and they gave a heuristic lattice method for solving the search co-ACD problem. In this paper, we mainly improve in terms of the number of samples, and propose a new key-retrieval attack. We first give an effective attack by Coppersmith's method to break the co-ACD problem with N = p(1) center dot center dot center dot p(n) is known. If n is within a certain range, our work is theoretically valid for a wider range of parameters. When n = 2, we can successfully solve it with only two samples, that is the smallest number of needed samples to the best of our knowledge. A known plaintext attack on the CLS scheme can be simply converted to solving the co-ACD problem with a known N, again requiring fewer samples than before to retrieve the private key. Finally, we show a ciphertext-only attack with a hybrid approach of direct lattice and Coppersmith's method that can recover the key with a smaller number of ciphertexts and without any restriction on the plaintext size, but N is needed. All of our attacks are heuristic, but we have experimentally verified that these attacks work efficiently for the parameters proposed in the CLS scheme, which can be broken in seconds by experiments.

关键词： co-ACD problem Lattice lll algorithm Coppersmith's method

来源：评论

学校读者我要写书评

暂无评论

Precoder Design for Communication-Efficient Distributed MIMO Receivers With Controlled Peak-Average Power Ratio

引用

IEEE TRANSACTIONS ON COMMUNICATIONS 2021年第7期69卷 4704-4716页

作者： Vaishampayan, Vinay A. CUNY Dept Engn & Environm Sci Coll Staten Isl New York NY 10314 USA

We consider the problem of communicating over a relay-assisted multiple-input multiple-output (MIMO) channel with additive noise, in which physically separated relays forward quantized information to a central decoder where the transmitted message is to be decoded. We assume that channel state information is available in the transmitter and show that the design of a rational-forcing precoder-a precoder which is matched to the quantizers used in the relays-is beneficial for reducing the symbol error probability. It turns out that for such rationalforcing precoder based systems, there is natural tradeoff between the peak to average power ratio in the transmitter and the rate of communication between the relays and the central decoder. The precoder design problem is formulated mathematically, and several algorithms are developed for realizing this tradeoff. Optimality of the decoder communication rate is shown based on a result in distributed function computation. Numerical and simulation results show that a useful tradeoff can be obtained between the excess decoder communication rate and the peakaverage power ratio in the transmitter.

关键词： MIMO communication peak to average power ratio precoder distributed function computation lattices lattice basis reduction lll algorithm closest lattice point decision feedback equalization successive interference cancellation communication complexity

来源：评论

学校读者我要写书评

暂无评论

An exponential Diophantine equation related to the sum of powers of two consecutive terms of a Lucas sequence and x-coordinates of Pell equations

引用

PERIODICA MATHEMATICA HUNGARICA 2021年第2期83卷 165-184页

作者： Erazo, Harold S. Gomez, Carlos A. Inst Nacl Matemat Pura & Aplicada Estr Dona Castorina 110 Rio De Janeiro Brazil Univ Valle Dept Matemat Calle 13 100-00 Cali Colombia

For the Fibonacci sequence the identity F-n(2) + F-n+1(2) = F2n+1 holds for all n >= 0. Let X := (X-l)(l >= 1) be the sequence of X-coordinates of the positive integer solutions (X, Y) of the Pell equation X-2 - dY(2) = +/- 1 corresponding to a nonsquare integer d > 1. In this paper, we investigate all positive nonsquare integers d for which there are at least two positive integers X and X' of X having a representation as the sum of xth powers of two consecutive terms of a Lucas sequence. Then we solve this problem for Fibonacci numbers.

关键词： Pell equation Fibonacci numbers Lower bounds for linear forms in logarithms lll algorithm

来源：评论

学校读者我要写书评

暂无评论

A PARAMETRIC VERSION OF lll AND SOME CONSEQUENCES: PARAMETRIC SHORTEST AND CLOSEST VECTOR PROBLEMS

引用

SIAM JOURNAL ON DISCRETE MATHEMATICS 2020年第4期34卷 2363-2387页

作者： Bogart, Tristram Goodrick, John Woods, Kevin Univ Los Andes Dept Matemat Bogota 11001000 Colombia

Given a parametric lattice with a basis given by polynomials in Z[t], we give an algorithm to construct an lll-reduced basis whose elements are eventually quasi-polynomial in t: that is, they are given by formulas that are piecewise polynomial in t (for sufficiently large t), such that each piece is given by a congruence class modulo a period. As a consequence, we show that there are parametric solutions of the shortest vector problem and closest vector problem that are also eventually quasi-polynomial in t.

关键词： lattices lll algorithm shortest vector problem parametric lattices

来源：评论

学校读者我要写书评

暂无评论

TOTALLY POSITIVE ALGEBRAIC INTEGERS WITH SMALL TRACE

引用

MATHEMATICS OF COMPUTATION 2021年第331期90卷 2317-2332页

作者： Wang, Cong Wu, Jie Wu, Qiang Southwest Univ China Dept Math 2 Tiansheng Rd Chongqing 400715 Peoples R China Univ Paris Est Creteil CNRS UMR 8050 Lab Anal & Math Appl 61 Ave Gen Gaulle F-94010 Creteil France

The "Schur-Siegel-Smyth trace problem" is a famous open problem that has existed for nearly 100 years. To study this problem with the known methods, we need to find all totally positive algebraic integers with small trace. In this work, on the basis of the classical algorithm, we construct a new type of explicit auxiliary functions related to Chebyshev polynomials to give better bounds for Sk, and reduce sharply the computing time. We are then able to push the computation to degree 15 and prove that there is no such totally positive algebraic integer with absolute trace 1.8. As an application, we improve the lower bound for the absolute trace of totally positive algebraic integers to 1.793145 . . . .

关键词： Absolute trace totally positive algebraic integers Chebyshev polynomial explicit auxiliary function semi-infinite linear programming lll algorithm

来源：评论

学校读者我要写书评

暂无评论

Product of repdigits with consecutive lengths in the Fibonacci sequence.

引用

BOLETIN DE LA SOCIEDAD MATEMATICA MEXICANA 2021年第2期27卷 1-9页

作者： Gomez, Jhonny C. Luca, Florian Univ Valle Dept Matemat Calle 13 100-00 Cali 25360 Colombia Univ Witwatersrand Sch Math Johannesburg South Africa King Abdulaziz Univ Res Grp Algebra Struct & Applicat Jeddah Saudi Arabia UNAM Ctr Ciencias Matemat Morelia Michoacan Mexico

From the well-known Fibonacci sequence, the number F-10=55=5 center dot 11 is an example not only as a repdigit (a number with only one distinct digit) but also as a product of two repdigits with consecutive lengths, 5 and 11. Here we find all the Fibonacci numbers that can be written as the product of k repdigits with consecutive lengths.

关键词： Fibonacci numbers Repdigits Applications of lower bounds for nonzero linear forms in logarithms of algebraic numbers lll algorithm

来源：评论

学校读者我要写书评

暂无评论

Successful cryptanalysis on RSA type modulus N=p²q

引用

e-Prime - Advances in Electrical Engineering, Electronics and Energy 2024年 8卷

作者： Nek Abd Rahman, Normahirah Pusat PERMATA@Pintar Negara Universiti Kebangsaan Malaysia Selangor UKM Bangi 43600 Malaysia

As internet technology advances and our interactions increasingly take place online, cryptography emerges as a valuable tool to address security concerns. Cryptography serves as a means to guarantee the protection of privacy and confidential information, thereby instilling confidence when sharing and exchanging such data with other parties. One of the benefits of cryptography is providing confidentiality, which protects our information;either data in transit or data at ease. Three new attacks have been proposed on RSA type modulus N=p²q. The equation eX−NY=Z−(p²k+q²m)Y is the basis for the first attack involves random values of k and m such that k being a multiple of 2 and m being a multiple of 3, both being integers with |p²k+q²m|1/2 and gcd(X,Y)=1. If Z<[Formula presented]N^1/3Y and XY<[Formula presented], then by using continued fractions, factoring N can be accomplished within polynomial *** paper also suggested the vulnerabilities t RSA cryptosystem moduli N_s=p_s²q_s for t≥2 and s=1,…,t for the second and third attack. The attacks are effective if there exists a relationship between t RSA public keys (N_t,e_t) expressed as e_sx−N_sy_s=z_s−(p_s²k+q_s²m)y_s or e_sx_s−N_sy=z_s−(p_s²k+q_s²m)y, where the variables x, x_s, y, y_s, and z_s are sufficiently small. The importance lies in the presence of an algorithm that operates within probabilistic polynomial time, which is capable of accepting public parameters as input and yield the factors p and q as output. By employing this algorithm, one can verify whether a key falls within the vulnerable class or not. This characteristic can be valuable when designing a cryptosystem

关键词： Continued fraction expansion lll algorithm RSA Simultaneous Diophantine approximation

来源：评论

学校读者我要写书评

暂无评论

Improving BDD Enumeration for LWE Problem Using GPU

引用

IEEE ACCESS 2020年 8卷 19737-19749页

作者： Esseissah, Mohamed S. Bhery, Ashraf Bahig, Hatem M. Ain Shams Univ Fac Sci Math Dept Comp Sci Div Cairo 11566 Egypt

In this paper, we present a GPU-based parallel algorithm for the Learning With Errors (LWE) problem using a lattice-based Bounded Distance Decoding (BDD) approach. To the best of our knowledge, this is the first GPU-based implementation for the LWE problem. Compared to the sequential BDD implementation of Lindner-Peikert and pruned-enumeration strategies by Kirshanova [1], our GPU-based implementation is almost faster by a factor 6 and 9 respectively. The used GPU is NVIDIA GeForce GTX 1060 6G. We also provided a parallel implementation using two GPUs. The results showed that our algorithm is scalable and faster than the sequential version (Lindner-Peikert and pruned-enumeration) by a factor of almost 13 and 16 respectively. Moreover, the results showed that our parallel implementation using two GPUs is more efficient than Kirshanova et al.'s parallel implementation using 20 CPU-cores.

关键词： Learning with error lattice-based cryptography lll algorithm shortest vector problem closest vector problem bounded distance decoding GPU cryptanalysis

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：