Wang et al. [B. Wang, Q. Wu, Y. Hu, A knapsack-based probabilistic encryption scheme, Information Sciences 177(19) (2007) 3981–3994] proposed a high density knapsack-based probabilistic encryption scheme with non-binary coefficients. In this paper, we present a heuristic attack that can be used to recover the private key parameters from the known public key parameters. In particular, we show th...

Recently, Yang et al. proposed an improvement to Tseng et al.’s protected password changing scheme that can withstand denial of service attack. However, the improved scheme is still susceptible to stolen-verifier attack and denial of service attack. Accordingly, the current paper demonstrates the vulnerability of Yang et al.’s scheme to two simple attacks and presents an improved protected pass...

Based on the ideas: “invertible cycle”, “tame transformation” and “special oil and vinegar”, three different nonlinear invertible transformations were constructed separately. Then making use of the idea of the extended multivariate public key cryptosystem, and combining the nonlinear invertible transformations above with Matsumoto-Imai (MI) scheme, three methods of designing extended multivaria...

This paper presents and analyzes cryptanalytic attacks on knapsack public key cryptosystems that are based on ideas from Diophantine approximation. Shamir’s attack on the basic Merkle-Hellman knapsack cryptosystem is shown to depend on the existence of ‘‘unusually good’’ simultaneous Diophantine approximations to a vector constructed from the public key. This aspect of Shamir’s attack carries o...

The Internet Key Exchange (IKE) and Public Key Infrastructure for X.509 (PKIX) certificate profile both provide frameworks that must be profiled for use in a given application. This document provides a profile of IKE and PKIX that defines the requirements for using PKI technology in the context of IKE/IPsec. The document complements protocol specifications such as IKEv1 and IKEv2, which assume ...

Albrecht et al. [1] at Crypto 2016 and Cheon et al. [4] at ANTS 2016 independently presented a subfield attack on overstretched NTRU problem. Their idea is to map the public key down to the subfield (by norm and trace map respectively) and hence obtain a lattice of smaller dimension for which a lattice reduction algorithm is efficiently applicable. At Eurocrypt 2017, Kirchner and Fouque propose...

This paper proposes a “mechanism-based PKI”, in which only a mechanism for generating user's private keys is installed on a smart card. The private key is generated inside the smart card at the event that the legitimate user gives a “seed of private key” to his/her smart card in order to sign a massage. The key exists nowhere except while users are signing a massage. Thus, users no longer need ...

Group encryption (GE) schemes, introduced at Asiacrypt’07, are an encryption analogue of group signatures with a number of interesting applications. They allow a sender to encrypt a message (in the CCA2 security sense) for some member of a PKI group concealing that member’s identity (in a CCA2 security sense, as well); the sender is able to convince a verifier that, among other things, the ciph...

In 2003 and 2004, Kasahara and Sakai suggested the two schemes RSE(2)PKC and RSSE(2)PKC, respectively. Both are examples of public key schemes based on Multivariate Quadratic equations. In this article, we first introduce Step-wise Triangular Schemes (STS) as a new class of Multivariate Quadratic public key schemes. These schemes have m equations, n variables, L steps or layers, r the number of...

Authentication protocols based on an asymmetric keypair provide strong authentication as long as the private key remains secret, but may fail catastrophically if the private key is lost or stolen. Even when encrypted with a password, stolen key material is susceptible to offline brute-force attacks. In this paper we demonstrate a method for rate-limiting password guesses on stolen key material,...