Shin-Jia Hwang

Using smart cards to authenticate remote passwords

Abstract A remote password authentication scheme is a mechanism used to support a computer system to solve the privacy and security problems in a multi-user network. In this paper, we will propose a new remote password authentication scheme without password tables. By using our scheme, each legal user has his/her identity, password and smart card. Using his/her identity, password and smart card, the computer system can validate whether the login user is a legal one or not. In our scheme, intruders cannot derive any secret information from the public information. Besides, intruders are not able to find any password from previous intercepted messages. Also, the new scheme can withstand replaying attacks.

Authenticated encryption schemes with message linkage

Authenticated encryption schemes need redundancy schemes to link up the message blocks; however, these redundancies increase communication costs. To construct links without increasing communication costs, we propose a general solution for all the authenticated encryption schemes based on the discrete logarithm problem. Because the computation cost to construct links is small, the improved scheme adopting our solution is almost as efficient as the original one. Moreover, by our solution, the recipient can easily determine the missing message blocks, and then acknowledge the sender to send only these blocks again. The communication cost will be also reduced. Adopting our solution, we also propose two new authenticated encryption schemes with message linkage.

Confidential deniable authentication using promised signcryption

In a deniable authentication protocol, a receiver is convinced that a received message is indeed from a particular sender, but cannot prove this to any third party. Deniable authentication protocols satisfy deniability and intended receiver properties. Among the proposed deniable authentication protocols, non-interactive protocols are more efficient than interactive protocols by reducing communication cost. The Hwang and Ma, and the Hwang and Chao non-interactive protocols provide sender anonymity. Recently some interactive protocols provide confidentiality while no non-interactive protocols do. However, the transferred data may damage sender or receiver anonymity. To provide confidentiality and anonymity efficiently, the first promised signcryption scheme is proposed. Using our promised signcryption scheme, we propose the first efficient non-interactive deniable authentication protocol with confidentiality, sender anonymity, and sender protection.

Cryptanalysis of Shieh-Lin-Yang-Sun signature scheme

Due to the special requirements of the mobile code system, Shieh et al. (see IEEE Trans. Veh. Technol., vol.49, p.1464-73, July 2000) proposed some multisignature schemes based on a new digital signature scheme with message recovery. One major characteristic of these schemes is to avoid using one-way hash functions and message redundancy schemes. However, this causes some security flaw. An attack is proposed to show that the underlying signature scheme is not secure. To overcome the attack, the message redundancy schemes may be still used.

AN ENCRYPTION/SIGNATURE SCHEME WITH LOW MESSAGE EXPANSION

Abstract Secrecy, authenticity and integrity are three major services provided by the public key cryptography. To provide these three services via the ElGamal public key cryptosystem and Signature scheme, the message expanding ratio is four and the overhead of communication is heavy. In this paper, a concurrent encryption/signature scheme will be proposed to provide these three services with a lower message expanding ratio. In the new scheme, the signer can encrypt and sign the message concurrently so the signature that serves as the ciphertext is a pair of integers. Thus the message expanding ratio can be decreased to two.

A simple approach for generating RSA keys

Abstract We propose a modification of Deromes method (1993) to compute the RSA secret data d = e−1 mod (P − 1)(Q − 1) by utilizing the modular arithmetic operations, when e is not prime. Here P and Q are two large prime numbers in RSA cryptosystem and e is the public data.

Some Active Attacks on Fast Server-Aided Secret Computation Protocols for Modular Exponentiation

Four server-aided secret computation protocols, Protocols 1, 2, 3, and 4, for modular exponentiation were proposed by Kawamura and Shimbo in 1993. By these protocols, the client can easily compute the modular exponentiation Md mod N with the help of a powerful server, where N is the product of two large primes. To enhance the security, the client was suggested to use a verification scheme and a slight modification on each proposed protocol. In this paper, we propose two new active attacks to break Protocols 3 and 4, respectively. Even if Protocols 3 and 4 have included the slight modification and verification, the untrusted server can still obtain the secret data d. The client cannot detect these attacks by the proposed verification. To adopt these new attacks, the difficulty of finding the value of the secret data d will be decreased drastically.

Sharing a dynamic secret

The authors propose a new finite ideal threshold scheme which provides Shannon perfect secrecy and can be used to handle the changeable master keys system in finite times without affecting any secret shadow. Since the idea was inspired by A. Shamirs (1979) threshold scheme, this threshold scheme is introduced. The definition of the finite ideal threshold scheme is given. The dynamic secret is described. The security analysis of the method is considered.<<ETX>>

Security of Tzeng-Hwang's authenticated encryption scheme based on elliptic curve discrete logarithm problems

Tzeng and Hwang first proposed their authenticated encryption scheme based on ECDLP in 2004. However, a known-plaintext attack is proposed on Tzeng-Hwangs scheme. To guard against our attack, our improvement is also proposed.

Improvement of Tseng et al.'s authenticated encryption scheme

An attack is proposed to show that Tseng et al.s authenticated encryption scheme is not secure enough to provide confidentiality for messages. So an improvement is also proposed.