David M'raihi

Can D.S.A. be improved? — Complexity trade-offs with the digital signature standard —

The Digital Signature Algorithm (DSA) was proposed in 1991 by the US National Institute of Standards and Technology to provide an appropriate core for applications requiring digital signatures. Undoubtedly, many applications will include this standard in the future and thus, the foreseen domination of DSA as a legal certification tool is sufficiently important to focus research endeavours on the suitability of this scheme to various situations.

Cryptographic smart cards

Smart cards have the tremendous advantage over their magnetic-stripe ancestors of being able to execute cryptographic algorithms in their internal circuitry. This means that the users secrets (be these PIN codes or keys) never have to leave the boundaries of the tamper-resistant silicon chip, which brings maximum security to the overall system in which the cards participate. Smart cards also provide special-purpose microcontrollers with built-in, self-programmable memory. Together, these features make the cost of a malevolent attack far greater than the benefits. in 1996, 600 million IC cards will be manufactured throughout the world. This article surveys the existing crypto-dedicated microprocessors and describes some of their possible evolutions.

Mix-Based Electronic Payments

We introduce a new payment architecture that limits the power of an attacker while providing the honest user with privacy. Our proposed method defends against all known attacks on the bank, implements revocable privacy, and results in an efficient scheme which is well-suited for smartcard-based payment schemes over the Internet.

Batch exponentiation: a fast DLP-based signature generation strategy

The signature generation phase of most DLP-based signature schemes (for instance Schnorr[10], El-Gamal[4] or the newly standardized D.S.A.[3]) includes the timeconsuming computation of r = g K mod p where k is random. This paper introduces a new computational strategy that can apply in this particular context : A batch exponentiation technique which allows the generation of large sets of exponentials without introducing any bias between the ks (that is, the signer can batch-compute the exponentials corresponding to arbitrarily imposed powers -for instance by an external random number generator). Our method offers real improvements over the prior art with various time and memory trade-offs.

Computational Alternatives to Random Number Generators

In this paper, we present a simple method for generating random-based signatures when random number generators are either unavailable or of suspected quality (malicious or accidental). By opposition to all past state-machine models, we assume that the signer is a memoryless automaton that starts from some internal state, receives a message, outputs its signature and returns precisely to the same initial state; therefore, the new technique formally converts randomized signatures into deterministic ones. Finally, we show how to translate the random oracle concept required in security proofs into a realistic set of tamper-resistance assumptions.

Fast Generation of Pairs (k, [k]P) for Koblitz Elliptic Curves

We propose a method for increasing the speed of scalar multiplication on binary anomalous (Koblitz) elliptic curves. By introducing a generator which produces random pairs (k, [k]P) of special shape, we exhibit a specific setting where the number of elliptic curve operations is reduced by 25% to 50% compared with the general case when k is chosen uniformly. This generator can be used when an ephemeral pair (k, [k]P) is needed by a cryptographic algorithm, and especially for Elliptic Curve Diffie-Hellman key exchange, ECDSA signature and El-Gamal encryption. The presented algorithm combines normal and polynomial basis operations to achieve optimal performance. We prove that a probabilistic signature scheme using our generator remains secure against chosen message attacks.

Electronic Payments: Where Do We Go from Here?

Currently, the Internet and the World Wide Web on-line business is booming, with traffic, advertising and content growing at sustained exponential rates. However, the full potential of on-line commerce has not been possible to realize due to the lack of convenient and secure electronic payment methods (e.g., for buying e-goods and paying with e-money). Although it became clear very early that it is vital for payments to be safe and efficient, and to avoid requiring complicated user intervention, it is still the case that the Internet payment method of choice today is that of traditional credit cards. Despite their widespread use and market penetration, these have a number of significant limitations and shortcomings, including lack of security, lack of anonymity, inability to reach all audiences due to credit requirements, large overhead with respect to payments, and the related inefficiency in processing small payment amounts. These limitations (some of which are present in the real world) prompted the design of alternative electronic payment systems very early in the Internet age - even before the conception of the World Wide Web. Such designs promised the security, anonymity, efficiency, and universal appeal of cash transactions, but in an electronic form. Some early schemes, such as the one proposed by First Virtual, were built around the credit card structure; others, such as the scheme developed by DigiCash, offered a solution with cryptographic security and payer anonymity. Still others, such as Millicent, introduced micropayment solutions. However, none of these systems managed to proliferate in the marketplace, and most have either ceased to exist or have only reached a limited audience. This paper is associated with a panel discussion whose purpose is to address the reasons why the international e-commerce market has rejected proposed solutions, and to suggest new ways for electronic payments to be used over the Internet, avoiding the problems inherent in credit card transactions. The purpose of this paper is to set the stage for such a discussion by presenting, in brief, some of the payment schemes currently available and to discuss some of the basic problems in the area.

XMX: A Firmware-Oriented Block Cipher Based on Modular Multiplications

This paper presents xmx, a new symmetric block cipher optimized for public-key libraries and microcontrollers with arithmetic co-processors, xmx has no S-boxes and uses only modular multiplications and xors. The complete scheme can be described by a couple of compact formulae that offer several interesting time-space trade-offs (number of rounds/key-size for constant security).

Distributed Trustees and Revocability: A Framework for Internet Payment

From von Solms and Naccaches standpoint, constructing a practical and secure e-money system implies a proper regulation of its privacy level. Furthermore, when the system benefits from a widely connected communication network, tuning precisely this control for achieving efficiency without endangering security is a hard task. In order to solve this specific problem, we propose an e-cash scheme based on the usage of provably secure primitives, where trustee quora are in charge of privacy control. Moreover, Trustees remain off-line throughout the e-coins life to reduce the communication flow and improve the resulting scheme performance.

Asymmetric Currency Rounding

The euro was introduced on the first of January 1999 as a common currency in fourteen European nations. EC regulations are fundamentally different from usual banking practices for they forbid fees when converting national currencies to euros (fees would otherwise deter users from adopting the euro); this creates a unique fraud context where money can be made by taking advantage of the ECs official rounding rules.This paper proposes a public-key-based protection against such attacks. In our scheme, the parties conducting a transaction can not predict whether the rounding will cause loss or gain while the expected statistical difference between an amount and its euro-equivalent decreases exponentially as the number of transactions increases.