A cryptanalytic attack on the use of short RSA secret exponents is described. This attack makes use of an algorithm based on continued fractions which finds the numerator and denominator of a fraction in polynomial time when a close enough estimate of the fraction is known. The public exponent e and the modulus pq can be used to create an estimate of a fraction which involves the secret exponen...

In 2013, Borghoff et al. introduced a slender-set linear cryptanalysis on PRESENT-like ciphers with key-dependent secret S-boxes. In this paper, we propose an improved slender-set linear attack to PRESENTlike ciphers with secret S-boxes. We investigate three new cryptanalytic techniques, and use them to recover the secret S-boxes efficiently. Our first new idea is that we propose a new techniqu...

Under rather general assumptions about the properties of a noisy quantum channel, a first quantum protocol is proposed which allows to implement the secret bit commitment with the probability arbitrarily close to unity. The idea that quantum physics can provide more secure communication between two distant parties than the classical one was first put forward by Wiesner [1]. Later, after the wor...

We introduce a new traffic analysis attack: the Two-sided Statistical Disclosure Attack, that tries to uncover the receivers of messages sent through an anonymizing network supporting anonymous replies. We provide an abstract model of an anonymity system with users that reply to messages. Based on this model, we propose a linear approximation describing the likely receivers of sent messages. Us...

Statistical disclosure is a well-studied technique that an attacker can use to uncover relations between users in mix-based anonymity systems. Prior work has focused on finding the receivers to whom a given targeted user sends. In this paper, we investigate the effectiveness of statistical disclosure in finding all of a users’ contacts, including those from whom she receives messages. To this e...

ing Mixes Because an adversary can easily determine anonymity sets at the network level, Mixes assume that all network links are observable. Thus, by observing messages to and from an anonymity service, an attacker can determine anonymity sets. Rather than discuss the technical details of any anonymity technique here, we abstract them using the following properties2: • In each anonymous communi...

1 We describe a side-channel attack on a substitution block, which is usually implemented as a table lookup operation. In particular, we have investigated smartcard implementations. The attack is based on the identifying equal intermediate results from power measurements while the actual values of these intermediates remain unknown. A powerful attack on substitution blocks can be mounted if the...

Over the past decade, besides authentication, ownership management protocols have been suggested to transfer or delegate the ownership of RFID tagged items. Recently, Niu et al. have proposed an authentication and ownership management protocol based on 16-bit pseudo random number generators and exclusive-or operations which both can be easily implemented on low-cost RFID passive tags in EPC glo...

The goal of anonymity providing techniques is to preserve the privacy of users, who has communicated with whom, for how long, and from which location, by hiding traffic information. This is accomplished by organizing additional traffic to conceal particular communication relationships and by embedding the sender and receiver of a message in their respective anonymity sets. If the number of over...

In an ` out of n threshold scheme, ` out of n members must cooperate to recover a secret. A kleptographic attack is a backdoor which can be implemented in an algorithm and further used to retrieve a user’s secret key. We combine the notions of threshold scheme and kleptographic attack to construct the first ` out of n threshold kleptographic attack on discrete logarithm based digital signatures...