Search results

| journal = [[SIAM Journal on Computing]] ...FER $0000100.00 TO ACCOUNT #199}}." If an attacker can modify the message on the wire, and can guess the format of the unencrypted message, the attacker ...

...|first3=E.|last4=Rogaway|first4=P.|title=Proceedings 38th Annual Symposium on Foundations of Computer Science |chapter=A concrete security treatment of s ...tant cryptographic [[smart card]]s must be particularly cognizant of these attacks, as these devices may be completely under the control of an adversary, who ...

The '''Naccache–Stern Knapsack cryptosystem''' is an atypical [[public-key cryptosystem]] developed by [[David Naccache]] and [[Jacques Stern]] in 199 This system is based on a type of [[knapsack problem]]. Specifically, the underlying problem is thi ...

...ext attack using standard cryptographic assumptions. Its security is based on the computational intractability (widely assumed, but not proved) of the [[ ==Adaptive chosen ciphertext attacks== ...

...nd combinatorial versions of HFE. The HFE family of cryptosystems is based on the hardness of the problem of finding solutions to a system of multivariat ...2001/029.pdf Nicolas T. Courtois On Multivariate Signature-only public key cryptosystems]</ref> We start with the simplest kind of polynomials, namely monomials, an ...

{{Short description|Public-key cryptosystem that uses lattice-based cryptography}} ...ture]]s. Unlike other popular public-key cryptosystems, it is resistant to attacks using [[Shor's algorithm]]. NTRUEncrypt was patented, but it was placed in ...

{{Short description|Public-key cryptosystem}} ...a Signature Scheme Based on Discrete Logarithms |journal=IEEE Transactions on Information Theory |volume=31 |issue=4 |year=1985 |pages=469–472 |doi=10.11 ...

...ckdoor. Kleptography encompasses secure and covert communications through cryptosystems and cryptographic protocols. This is reminiscent of, but not the same as [[ ...om |first1= Chuck|title= Electrical Engineering (ICEE), Iranian Conference on|chapter= A Study of Cryptographic Backdoors in Cryptographic Primitives|dat ...

...sack cryptosystem''' was one of the earliest [[public key]] [[cryptography|cryptosystems]]. It was published by [[Ralph Merkle]] and [[Martin Hellman]] in 1978. A p ...nformation and signatures in trapdoor knapsacks|journal= IEEE Transactions on Information Theory|volume=24|issue=5|pages=525–530|doi=10.1109/TIT.1978.105 ...

...nces in Cryptology — EUROCRYPT '99 |chapter=Public-Key Cryptosystems Based on Composite Degree Residuosity Classes |series=Lecture Notes in Computer Scie ...as shown above does provide [[semantic security]] against chosen-plaintext attacks ([[IND-CPA]]). The ability to successfully distinguish the challenge cipher ...

...hange was impossible with any previously known cryptographic schemes based on [[symmetric cipher]]s, because with these schemes it is necessary that the ...been done to assess security of the present-day implementations of quantum cryptosystems, mostly because they are not in widespread use as of 2014. ...

...OA model usually requires that the cryptanalyst must have some information on the plaintext, such as its distribution, the language in which the plaintex ...p>''N-1''</sup>. This is often used as a standard of comparison for other attacks. Brute-force can be applied in ciphertext-only settings, but the cryptanaly ...

| known_for = MOV attack on [[Elliptic-curve cryptography|ECC]]<br/> [[MQV]] key agreement, co-founder '''Alfred Menezes''' is co-author of several books on [[cryptography]], including the ''Handbook of Applied Cryptography'', and i ...

...do arithmetic, just as we use the [[Group (mathematics)|group]] of points on an elliptic curve in ECC. ...(algorithm)|RSA]]). The efficiency of implementing the arithmetic depends on the underlying finite field <math>K</math>, in practice it turns out that f ...

...A (algorithm)|RSA]] and [[elliptic curve cryptography]] (ECC) and is based on the [[lattice problems|shortest vector problem]] in a lattice (which is not ...ice]]s. Careful choice of parameters is necessary to thwart some published attacks. ...

...mental poker keeping secret all partial information], Annual ACM Symposium on Theory of Computing, 1982.</ref> This concept is the computational complexi ...c security because it better facilitates proving the security of practical cryptosystems. ...

...choices). However, BG is highly vulnerable to adaptive chosen ciphertext attacks (see below). The Blum–Goldwasser scheme is [[semantically-secure]] based on the hardness of predicting the keystream bits given only the final BBS stat ...

{{Short description|Type of public-key encryption}} ...nt primitive of [[identity-based cryptography]]. As such it is a type of [[public-key encryption]] in which the [[public key]] of a user is some unique informati ...

|title=A Public-Key Cryptosystem Based on Algebraic Coding Theory ...but is a candidate for "[[post-quantum cryptography]]", as it is immune to attacks using [[Shor's algorithm]] and – more generally – measuring coset states us ...

...li Biham]] and [[Adi Shamir]] in the late 1980s, who published a number of attacks against various block ciphers and hash functions, including a theoretical w ...g to author [[Steven Levy]], IBM had discovered differential cryptanalysis on its own, and the [[NSA]] was apparently well aware of the technique.<ref>{{ ...