Seminar
2003-2004
October
22, 2003. Ronald
Cramer.
Primitive Sets over Number Fields and
Absolutely Optimal Black-Box Secret Sharing
November 5 and November 12, 2003. Jordi
Pujolàs. El Tate Pairing
November 19, 2003. Marc Heymann. Authentication Codes incondicionalmente
seguros
November 26, 2003
and December 10, 2003. David Galindo. Certificateless Public Key Cryptography
December 3, 2003. Sergio Arcos. Criptoanálisis de algoritmos
ópticos basados en llaves de fase aleatoria en el plano de
Fourier
January 21, 2004. Javier Herranz. The Security of Internet Key Exchange
Protocols
February 2 to February 13, 2004. Advanced
Course on Contemporary Cryptology, jointly organized by the Centre de Recerca Matemàtica and
our research group. Speakers: Dario Catalano, Ivan Damgard, Giovani Di
Crescenzo, David
Pointcheval and Tsuyoshi
Takagi.
February 25, 2004. Jorge L. Villar. Hacia la máxima seguridad en
criptosistemas de curvas elípticas basados en el problema de la
factorización
March 3, 2004. Eike Kiltz. General Construction of IND-CCA2 Secure
Public Key Encryption
March 10, 2004. Jens Groth. Rerandomizable and Replayable Adaptive
Chosen Ciphertext Attack Secure Cryptosystems
March 17, 2004. Carles Padró. A new family of identically self-dual
matroids that are representable by a self-dual code
March 24, 2004. Javier Herranz. Unbalanced Group Key Exchange Schemes
March 31, 2004. David Galindo. Evaluating elliptic curve based KEMs in
light of pairings
April 21, 2004. Sebastià
Martín. A semantically secure
knapsack cryptosystem.
April 26, 2004. Jordi Pujolàs. Algoritmo de Cantor para la suma en
jacobianas de curvas hiperelípticas.
June 2, 2004. Carles Padró. On secret sharing matroids.
June 16, 2004. Matthew Robshaw. The Advanced Encryption Standard Four Years
On
From July 1 to July 9, 2004. Rosario
Gennaro. Issues of Provable
Security and Efficiency in Cryptographic
Constructions.
July 12, 2004. Jordi Pujolàs. The DDH problem in Jacobians of curves of
genus two.
Ronald
Cramer. Aarhus
University.
Primitive Sets over Number Fields and
Absolutely Optimal Black-Box Secret Sharing
Dimecres 22 d'octubre de 2003, 11.30, Aula 005, Mòdul C3,
Campus Nord
Return to the top of this page
Jordi
Pujolàs. Universitat Politècnica de Catalunya.
El Tate Pairing
Dimecres 5 de novembre i dimecres 12 de novembre de 2003, 11.30,
sala 204a (Biblioteca de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
Nocions basiques, definició, com calcular-lo, i en quines
corbes, de
moment, es calcula efectivament.
Return
to the top of this page
Marc
Heymann. Universitat Politècnica de Catalunya.
Authentication Codes
incondicionalmente seguros
Dimecres 19 de novembre de 2003, 11.30, sala 204a (Biblioteca de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
Un A-code provee un método para asegurar la integridad de un
mensaje. Repasaremos las nociones básicas y algunas de las
construcciones conocidas: arrays ortogonales, universal hashing y
A-codes lineales a partir de rank distance codes.
Return
to the top of this page
David
Galindo. Universitat Politècnica de Catalunya.
Certificateless Public Key Cryptography
Dimecres 26 de novembre i dimecres 10 de desembre de 2003, 11.30, sala
204a (Biblioteca de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
We review a paper by Sattam S. Al-Riyami and Kenneth G.
Paterson. This paper introduces the concept of 'certificateless public
key cryptography' (CL-PKC). In contrast to traditional public key
cryptographic systems, CL-PKC does not require the use of certificates
to guarantee the authenticity of public keys. It does rely on the use
of a trusted third party (TTP) who is in possession of a master key. In
these respects, CL-PKC is similar to identity-based public key
cryptography (ID-PKC). On the other hand, CL-PKC does not suffer from
the key escrow property that seems to be inherent in ID-PKC. Thus
CL-PKC can be seen as a model for the use of public key cryptography
that is intermediate between traditional certificated PKC and ID-PKC. A
certificateless public key encryption scheme is presented and
discussed.
Return
to the top of this page
Sergio
Arcos. Universitat de Barcelona.
Criptoanálisis de algoritmos
ópticos basados en llaves de fase aleatoria en el plano de
Fourier
Dimecres 3 de desembre de 2003, 11.30, sala 204a (Biblioteca de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
Aproximadamente en 1995, Philippe Refregier y Braham Javidi sugirieron
en un artículo en la revista OPTICS LETTERS [April 1, 1995 /Vol.
29, Nº 7] un método para encriptar información
ópticamente basándose en el uso
de dos llaves de fase generadas de manera aleatoria.
Aquel artículo, revolucionario por entonces, ha sido usado
posteriormente como base para diseñar nuevos algoritmos
ópticos para encriptar información, partiendo, en casi
todos ellos, de la idea principal del original considerada
completamente segura.
Como podremos ver en la sesión del seminario, no solo NO es
segura, sino que expondré el método que hemos ideado y
con el que podemos obtener la totalidad de las llaves que necesitamos
para recuperar la información cifrada.
Return
to the top of this page
Javier
Herranz. Universitat
Politècnica de Catalunya.
The Security of Internet Key Exchange
Protocols
Dimecres 21 de gener de 2004, 11.30, sala 204a (Biblioteca de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
En 1976, Diffie y Hellman propusieron un sencillo protocolo de
intercambio de claves entre dos usuarios. A la hora de llevar este
esquema a la práctica (por ejemplo, en Internet), varios
aspectos deben
ser tenidos en cuenta para que el protocolo resultante conserve las
propiedades de seguridad deseadas. En esta charla repasamos algunos de
los protocolos que se han propuesto como estándar para resolver
este problema, así como varios ataques posibles contra algunos
de ellos. Finalmente, comentaremos la prueba de
seguridad del protocolo SIGMA, propuesto recientemente por Krawczyk.
Return
to the top of this page
Jorge
L. Villar. Universitat
Politècnica de Catalunya
Hacia la máxima seguridad en
criptosistemas de curvas elípticas basados en el problema de la
factorización
Dimecres 21 de gener de 2004, 11.30, sala 204a (Biblioteca de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
En los inicios de los años 90, nacen los primeros
criptosistemas basados en curvas elípticas análogos al
RSA: los esquemas KMOV y Demytko. Habrá que esperar al
año 2002 (Galindo et al.) para que aparezcan las primeras
versiones probabilísticas de tales criptosistemas, que resultan
ser semánticamente seguros bajo nuevas hipótesis y son
bastante eficientes. En este seminario se propone un nuevo
criptosistema probabilístico, semánticamente seguro bajo
una nueva hipótesis, pero cuya unidireccionalidad es equivalente
a factorizar un módulo RSA. Es el primer criptosistema de tales
características basado en curvas elípticas.
De hecho, se trata de la versión elíptica del primer
criptosistema semánticamente seguro cuya unidireccionalidad es
equivalente a la factorización de un módulo RSA: el
Rabin-Paillier (también de Galindo et al. en PKC'03).
Return
to the top of this page
Eike
Kiltz.
Ruhr-Universität Bochum
General Construction of IND-CCA2
Secure Public Key Encryption
Dimecres 3 de març de 2004, 11.30, sala 204a (Biblioteca
de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
We propose a general construction for public key encryption
schemes that are IND-CCA2 secure in the random oracle model.
We show that the scheme proposed in [BLK2000, BLK2000b]
fits our general framework and moreover our method of analysis leads
to a more efficient security reduction.
Return
to the top of this page
Jens
Groth. Cryptomathic A/S
Rerandomizable and Replayable Adaptive
Chosen Ciphertext Attack Secure Cryptosystems
Dimecres 10 de març de 2004, 11.30, sala 204a (Biblioteca
de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
Recently Canetti, Krawczyk and Nielsen defined the notion of
replayable adaptive chosen ciphertext attack (RCCA) secure encryption.
Essentially a cryptosystem that is RCCA secure has full CCA2 security
except for the little detail that it may be possible to modify a
ciphertext into another ciphertext containing the same plaintext.
We investigate the possibility of perfectly
replayable RCCA secure encryption. By this, we mean that anybody can
convert a ciphertext y with
plaintext m into a different
ciphertext y' that is
distributed identically to a fresh encryption of m. We propose such a rerandomizable
cryptosystem, which is secure against semi-generic adversaries.
We also define a weak form of RCCA (WRCCA) security. For this notion we
provide a construction (inspired by Cramer and Shoup's CCA2 secure
cryptosystems) that is both rerandomizable and provably WRCCA secure.
We use it as a building block in our conjectured RCCA secure
cryptosystem.
Return
to the top of this page
Carles
Padró. Universitat Politècnica de Catalunya
A new family of identically self-dual
matroids that are representable by a self-dual code
Dimecres 17 de març de 2004, 11.30, sala 204a (Biblioteca
de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
Some new steps towards the solution of an open problem proposed
in a recent work are given here. Namely, can any identically self-dual
matroid be represented by a self-dual code? This question is related to
the study of the multiplicative property in linear secret sharing
schemes and, hence, to the construction of efficient secure multiparty
computation protocols for general adversaries. We conjecture an
affirmative answer and present some new examples of identically
self-dual matroids with that property. Among them, all identically
sef-dual matroids on at most eight points.
Return
to the top of this page
Javier
Herranz. Universitat Politècnica de Catalunya
Unbalanced Group Key Exchange Schemes
Dimecres 24 de març de 2004, 11.30, sala 204a (Biblioteca de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
In a group key exchange protocol, a group of players must compute a
common secret key by using only public channels. In this talk we review
a group key exchange scheme due to Desmedt and Burmester, which is
probably the most efficient one. As it happens in most of these
protocols, this scheme is balanced or symmetric: all the players must
perform the same amount of computation in the protocol.
Then we explain an unbalanced group key exchange scheme: two of the
players perform most of the computations of the protocol. This scheme
can be useful in situations where players do not all have the same
computational resources. The security of the protocol is based on the
Decisional Diffie-Hellman Assumption.
Return
to the top of this page
David
Galindo. Universitat Politècnica de Catalunya
Evaluating elliptic curve based KEMs
in light of pairings
Dimecres 31 de març de 2004, 11.30, sala 204a (Biblioteca
de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
Several efforts to put forward a set of cryptographic primitives
for public key encryption, suitable to be standardized, have been taken
recently. In two of them (in first place the NESSIE project, already
finished, and in second place ISO/IEC 18033), the methodology by Victor
Shoup for hybrid encryption, known as Key Encapsulation Method-Data
Encapsulation Mechanism (KEM-DEM), has been accepted.
In this work we re-evaluate the elliptic curve based KEMs studied to
become standards, which are called ACE-KEM, ECIES-KEM and PSEC-KEM. We
analyse both their security properties and performance when pairing
curves are used. It turns out that these KEMs present a very tight
security reduction to the CDH problem over pairing curves; moreover,
one can even relate their security to the DL problem in certain pairing
curves with a small security loss. It is also shown that ECIES-KEM
arises as the best option among these KEMs when pairing curves are
used. This is remarkable, since NESSIE refused ECIES-KEM over a general
curve to be proposed as a standard.
It is concluded that for medium security level applications, which is
likely the case for many embedded systems (e.g. smart cards), ECIES-KEM
should be considered the best candidate.
Return
to the top of this page
Sebastià
Martín. Univeristat Politècnica de Catalunya
A semantically secure knapsack
cryptosystem.
Dimecres 21 d'abril de 2004, 11.30, sala 204a (Biblioteca
de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
We will describe a new multiplicative knapsack cryptosystem inspired on
Naccache-Stern knapsack. Opposed to former knapsack cryptosystems, our
proposal is semantically secure. Moreover, semantic security is based
on a standard assumption, namely the Decisional Diffie-Hellman (DDH)
assumption.
Return
to the top of this page
Jordi
Pujolàs. Universitat Politècnica de Catalunya
Algoritmo de Cantor para la suma en
jacobianas de curvas hiperelípticas.
Dilluns 26 d'abril de 2004, 10.30, sala 204a (Biblioteca
de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
Identity-Based Cryptography makes use of the so called "Bilinear
Groups". Cantor's algorithms allow to compute in other such
groups which are not Elliptic Curves.
Return
to the top of this page
Carles
Padró. Universitat
Politècnica de Catalunya
On secret sharing matroids
Dimecres 2 de juny de 2004, 11.30, sala 204a (Biblioteca
de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
We review the current state of the art about the
characterization of
ideal access structures and the connections of this problem with
Matroid Theory.
Return
to the top of this page
Matthew
Robshaw. Royal Holloway, University of London
The Advanced Encryption Standard Four
Years On
Dimecres 16 de juny de 2004, 15.30, sala 204a (Biblioteca
de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
It is nearly four years since the block cipher Rijndael
was chosen as the Advanced Encryption Standard (AES). In this
presentation we highlight the novel design features of this
interesting block cipher and we describe the current state of its
cryptanalysis.
Return
to the top of this page
Jordi
Pujolàs. Universitat Politècnica de Catalunya
The DDH problem in Jacobians of curves
of genus two.
Dilluns 12 de juliol de 2004, 15.00, sala 204a (Biblioteca
de
Matemàtiques), Mòdul C3, Campus Nord
Abstract
I will talk about some work in progress. I am studying the DDH problem
in Jacobians of curves of genus two. I will give some examples of
curves over finite fields whose Jacobian has an endomorphism ring such
that DDH
becomes easy.
Return
to the top of this page
Back to
MAK's main page
Last Update: July 30, 2004