We consider the problem of modeling and designing efficient and privacy-preserving publish/subscribe protocols in a distributed model where parties can act as publishers or subscribers or both, and there are no brokers or other types of parties. The problem is particularly challenging as privacy demands on such protocols come with efficiency limitations; most notably, the publisher must send me...

We present an attack on plain ElGamal and plain RSA encryption. The attack shows that without proper preprocessing of the plaintexts, both ElGamal and RSA encryption are fundamentally insecure. Namely, when one uses these systems to encrypt a (short) secret key of a symmetric cipher it is often possible to recover the secret key from the ciphertext. Our results demonstrate that preprocessing me...

At CRYPTO 2000, a new public-key encryption based on braid groups was introduced. This paper demonstrates how to solve its underlying problem using the Burau representation. By this method, we show that the private-key can be recovered from the public-key for several parameters with significant probability in a reasonable time. Our attack can be mounted directly on the revised scheme mentioned ...

Present key sizes for symmetric cryptography are usually required to be at least 80-bit long for short-term protection, and 128-bit long for long-term protection. However, current tools for security evaluations against side-channel attacks do not provide a precise estimation of the remaining key strength after some leakage has been observed, e.g. in terms of number of candidates to test. This l...

Traditionally, due to efficiency considerations, when encrypting long messages using an asymmtric cryptosystem, one needs to use a symmetric cryptosystem in addition. To eliminate this requirement, Hwang, Chang, and Hwang introduced an asymmetric cryptosystem for encrypting long messages. However, they did not give any formal proof of the security of this cryptosystem. In this paper, we propose...

The existing secure e-auction schemes are shown to be too costly for users using mobile devices in wireless network as they heavily depend on costly asymmetric cipher. A new secure e-auction efficient enough for devices with low computation capability and limited communication bandwidth is designed in this paper. Most of its operations are symmetric cipher computations and the only asymmetric c...

Very recently, a key exchange scheme called HK17 was submitted to NIST as a candidate of the standard of post-quantum cryptography. The HK17 scheme employs some hypercomplex numbers as the basic objects, such as quaternions and octonions. In this paper, we show that HK17 is insecure since a passive adversary can recover the shared key in polynomial time.

Information theoretic cryptography is discussed based on conditional Rényi entropies. Our discussion focuses not only on cryptography but also on the definitions of conditional Rényi entropies and the related information theoretic inequalities. First, we revisit conditional Rényi entropies, and clarify what kind of properties are required and actually satisfied. Then, we propose security criter...

Recently, Pareek et al. proposed a symmetric key block cipher using multiple onedimensional chaotic maps. This paper reports some new findings on the security problems of this kind of chaotic cipher: 1) a number of weak keys exists; 2) some important intermediate data of the cipher are not sufficiently random; 3) the whole secret key can be broken by a known-plaintext attack with only 120 conse...

Several of the basic cryptographic constructs have associated algebraic structures. Formal models proposed by Dolev and Yao to study the (unconditional) security of public key protocols form a group. The security of some types of protocols can be neatly formulated in this algebraic setting. We investigate classes of two-party protocols. We then consider extension of the formal algebraic framewo...