|
|
Prof. Dr. Claus P. Schnorr
University Frankfurt
Department of Mathematics
PSF 111932
60054 Frankfurt am Main
Germany
Security of Basic Discrete Log Cryptosystems
(joint work with Markus Jakobsson, Bell Laboratories)
PDF File [160 KB]
PDF.GZ File [115 KB]
PDF.ZIP File [115 KB]
Abstract
We introduce novel security proofs that use combinatorial counting
arguments rather than reductions to the discrete logarithm or to the
Diffie-Hellman problem. Our security results are sharp with no
polynomial reduction times involved. Our approach separates in a
better way cryptographic weaknesses of the hash function, the group
and the cryptographic protocol. This separation is crucial. If an
attack is possible for a specific hash function or group we replace
the latter while keeping the cryptographic protocol. As strong hash
functions and strong groups have been proposed, it makes sense to
analyze cryptographic protocols assuming that the hash function and
the group have no cryptographic weaknesses. So we merely consider
attacks that work for all hash functions and for all groups. Formally,
we consider a combination of the random oracle model and the generic
model. This corresponds to assuming an ideal hash function given by an
oracle and an ideal group of prime order q, where the binary encoding
of the group elements is useless for cryptographic attacks.
In this model, we first show that Schnorr signatures are secure
against the one-more signature forgery: A generic adversary performing
t generic steps including l sequential interactions with the signer
cannot produce l+1 signatures with a better probability than t^2/q. We
also characterize the different power of sequential and of parallel
attacks.
Secondly, we show that signed ElGamal encryption is secure against the
adaptive chosen ciphertext attack, in which an attacker can
arbitrarily use a decryption oracle except for the challenge
ciphertext. Moreover, signed ElGamal encryption is secure against the
one-more decryption attack: A generic adversary performing t generic
steps including l interactions with the decryption oracle cannot
distinguish the plaintexts of l+1 ciphertexts from random strings with
a probability exceeding t^2/q.
About the Speaker
Claus Peter Schnorr, born in 1943, studied mathematics and physics at
the university Saarbruecken, where he obtained a Diplom in mathematics
(1966) and a promotion as Dr. rer. nat. (1967), supervised by
Prof. Dr. Hotz. In 1970 he got a Habilitation for extending the theory
of Kolmogorov random sequences. C.P. Schnorr became professor at the
University Saarbruecken (1970), at the University Erlangen-Nuernberg
(1971). Since August 1971 he is full professor in the Mathematics
Department and also in the Computer Science Department (since its
foundation) of the University Frankfurt am Main. He initiated and
continues to chair a series of workshops on Complexity Theory and
Cryptography at the Mathematical Forschungsinstitut Oberwolfach, the
IBFI Dagstuhl and the CIRM Luminy. He was visiting professor at
Stanford, Berkeley, U. Chicago, SMU Dallas, ENS Paris, U. Marseille
Luminy and at Bell Laboratories. He is author of about 60 research
papers and two books on various subjects in applied mathematics,
number theory, computer science and cryptography. He holds basic
patents in public key cryptography.
|
|
|
Udo Rockmann
BEng, MIEAust, CPEng(Reg), AFAIM, MACS, PCP
Office for Government Online
Dept of Communications, Information Technology and the Arts
Australian Government
PKI in Australia
PPT File [646 KB]
PPT.GZ File [320 KB]
PPT.ZIP File [320 KB]
Abstract
Public key cryptography can contribute to information assurance
enablers for electronic commerce - integrity, authentication,
confidentiality and non-repudiation. However, the utility of a
national public key infrastructure is dependent on more than just
state-of-the-art algorithms, digital certificates and certification
authorities.
A scalable public key infrastructure requires interoperable
certificate profiles, policies and practices. A functional national
public key infrastructure needs to protect privacy, limit liability
and give legal effect to digital signatures. There are many additional
considerations that influence widespread user acceptance of digital
signatures and other public key cryptography applications. End users
will demand robust technology and seamless applications from vendors.
They will also require trusted service providers and a supporting
legal and contractual framework. This is where government and industry
bodies can play a role.
I will describe the standards and drivers that led to the development
of Gatekeeper - a strategy for public key technology use in
Government. I will describe the role of the Government Public Key
Authority in the implementation of Gatekeeper, and detail the rigorous
evaluation and accreditation process being applied to service
providers. I will also discuss the initiatives of Standards Australia,
the Certification Forum of Australia and the National Electronic
Authentication Council, and examine recent legislative initiatives
such as the Electronic Transactions Bill.
About the Speaker
Udo Rockmann has 25 years practical experience in communications and
information technology, and has specialized in information security
for the past 15 years. He has held senior positions in Defence
Communications Stations and Intelligence Centres, and has worked in
the Defence Signals Directorate. He also had three successive
appointments to Defence Headquarters where he developed policies and
strategies for Communications Security, Information Security and
Information Assurance respectively. He is the immediate past chairman
of the International Subject Matter Experts forum on Information
Security, and holds a Bachelors Degree in Communications Engineering
from RMIT. He is a Chartered and Registered Professional Engineer, and
has professional qualifications with the Australian Computer Society,
the Institute of Engineers Australia and the Australian Institute of
Management. He is currently a director at the Office for Government
Online and responsible for whole-of-government online security and the
Government's Public Key Infrastructure.
|