International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Maria Isabel Gonzalez Vasco

Affiliation: Universidad Rey Juan Carlos

Publications

Year
Venue
Title
2015
EPRINT
2009
EPRINT
A note on the security of MST3
In this paper, we study the recently proposed encryption scheme MST3, focusing on a concrete instantiation using Suzuki-2-groups. In a passive scenario, we argue that the one wayness of this scheme may not, as claimed, be proven without the assumption that factoring group elements with respect to random covers for a subset of the group is hard. As a result, we conclude that for the proposed Suzuki 2-groups instantiation, impractical key sizes should be used in order to prevent more or less straightforward factorization attacks.
2008
EPRINT
Combined (identity-based) public key schemes
Maria Isabel Gonzalez Vasco Florian Hess Rainer Steinwandt
Consider a scenario in which parties use a public key encryption scheme and a signature scheme with a single public key/private key pair---so the private key sk is used for both signing and decrypting. Such a simultaneous use of a key is in general considered poor cryptographic practice, but from an efficiency point of view looks attractive. We offer security notions to analyze such violations of key separation. For both the identity- and the non-identity-based setting, we show that---although being insecure in general---for schemes of interest the resulting combined (identity-based) public key scheme can offer strong security guarantees.
2007
TCC
2006
EPRINT
Password-Authenticated Constant-Round Group Key Establishment with a Common Reference String
Jens-Matthias Bohli Maria Isabel Gonzalez Vasco Rainer Steinwandt
A provably secure password-authenticated protocol for group key establishment in the common reference string (CRS) model is presented. Our construction assumes the participating users to share a common password and combines smooth hashing as introduced by Cramer and Shoup with a construction of Burmester and Desmedt. Our protocol is constant-round. Namely, it is a three-round protocol that can be seen as generalization of a two-party proposal of Gennaro and Lindell.
2005
TCC
2005
EPRINT
Burmester-Desmedt Tree-Based Key Transport Revisited: Provable Security
Jens Matthias-Bohli Maria Isabel Gonzalez Vasco Rainer Steinwandt
A tree-based key transport protocol is presented which can be seen as a generalizing variant of the star- and tree-based protocols proposed by Burmester and Desmedt at EUROCRYPT '94. Our scheme does not rely on the availability of globally verifiable signatures or arbitrary point-to-point connections, and its security against active adversaries is proven in the standard model under the Decision Diffie Hellman assumption.
2005
EPRINT
Secure Group Key Establishment Revisited
Jens-Matthias Bohli Maria Isabel Gonzalez Vasco Rainer Steinwandt
We examine the popular proof models for group key establishment of Bresson et al. and point out missing security properties that are present in some models for two-party key establishment. These properties are actually of more importance in group key establishments due to the possibility of malicious insiders. We show that established group key establishment schemes from CRYPTO 2003 and ASIACRYPT 2004 do not fully meet these new requirements. Next to giving a formal definition of these extended security properties, we prove a variant of the explored proposal from ASIACRYPT 2004 secure in this stricter sense.
2004
PKC
2004
EPRINT
Pitfalls in public key cryptosystems based on free partially commutative monoids and groups
Maria Isabel Gonzalez Vasco Rainer Steinwandt
At INDOCRYPT 2003 Abisha, Thomas, and Subramanian proposed two public key schemes based on word problems in free partially commutative monoids and groups. We show that both proposals are vulnerable to chosen ciphertext attacks, and thus in the present form must be considered as insecure.
2004
EPRINT
Attacking a Public Key Cryptosystem Based on Tree Replacement
Mar?a Isabel Gonz?lez Vasco David P?rez Garc?a
We point out several security flaws in the cryptosystem based on tree replacement systems proposed by Samuel, Thomas, Abisha and Subramanian at INDOCRYPT 2002. Due to the success of (among others) very simple ciphertext-only attacks, we evidence that this system does not, in its present form, offer acceptable security guarantees for cryptographic applications.
2002
EPRINT
Towards a Uniform Description of Several Group Based Cryptographic Primitives
Maria Isabel Gonzalez Vasco Consuelo Martínez Rainer Steinwandt
The public key cryptosystems $MST_1$ and $MST_2$ make use of certain kinds of factorizations of finite groups. We show that generalizing such factorizations to infinite groups allows a uniform description of several proposed cryptographic primitives. In particular, a generalization of $MST_2$ can be regarded as a unifying framework for several suggested cryptosystems including the ElGamal public key system, a public key system based on braid groups and the MOR cryptosystem.
2002
EPRINT
Weak Keys in MST1
The public key cryptosystem $MST_1$ has been introduced in~\cite{MaStTr00}. Its security relies on the hardness of factoring with respect to wild logarithmic signatures. To identify `wild-like' logarithmic signatures, the criterion of being totally-non-transversal has been proposed. We give tame totally-non-transversal logarithmic signatures for the alternating and symmetric groups of degree $\ge 5$. Hence, basing a key generation procedure on the assumption that totally-non-transversal logarithmic signatures are `wild like' seems critical. We also discuss the problem of recognizing `weak' totally-non-transversal logarithmic signatures, and demonstrate that another proposed key generation procedure based on permutably transversal logarithmic signatures may produce weak keys.
2002
EPRINT
Reaction Attacks on Public Key Cryptosystems Based on the Word Problem
Maria Isabel Gonzalez Vasco Rainer Steinwandt
Wagner and Magyarik outlined a general construction for public key cryptosystems based on the hardness of the word problem for finitely presented groups. At the same time, they gave a specific example of such a system. We prove that their approach is vulnerable to so-called reaction attacks, namely, it is possible to retrieve the private key just by watching the performance of a legitimate recipient.
2000
EPRINT
On the Security of Diffie--Hellman Bits
Maria Isabel Gonzalez Vasco Igor E. Shparlinski
Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a "hidden" element $\alpha$ of a finite field $\F_p$ of $p$ elements from rather short strings of the most significant bits of the remainder modulo $p$ of $\alpha t$ for several values of $t$ selected uniformly at random from $\F_p^*$. We use some recent bounds of exponential sums to generalize this algorithm to the case when $t$ is selected from a quite small subgroup of $\F_p^*$. Namely, our results apply to subgroups of size at least $p^{1/3+ \varepsilon}$ for all primes $p$ and to subgroups of size at least $p^{\varepsilon}$ for almost all primes $p$, for any fixed $\varepsilon >0$. We also use this generalization to improve (and correct) one of the statements of the aforementioned work about the computational security of the most significant bits of the Diffie--Hellman key.
2000
EPRINT
Security of the Most Significant Bits of the Shamir Message Passing Scheme
Maria Isabel Gonzalez Vasco Igor E. Shparlinski
Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a ``hidden'' element $\alpha$ of a finite field $\F_p$ of $p$ elements from rather short strings of the most significant bits of the remainder mo\-du\-lo $p$ of $\alpha t$ for several values of $t$ selected uniformly at random from $\F_p^*$. Unfortunately the applications to the computational security of most significant bits of private keys of some finite field exponentiation based cryptosystems given by Boneh and Venkatesan are not quite correct. For the Diffie-Hellman cryptosystem the result of Boneh and Venkatesan has been corrected and generalized in our recent paper. Here a similar analysis is given for the Shamir message passing scheme. The results depend on some bounds of exponential sums.

Program Committees

PKC 2010
PKC 2008