International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Willi Geiselmann

Affiliation: Universitaet Karlsruhe

Publications

Year
Venue
Title
2007
EUROCRYPT
2007
EPRINT
Cryptanalysis of a Hash Function Proposed at ICISC 2006
Willi Geiselmann Rainer Steinwandt
A simple method for constructing collisions for Shpilrain’s polynomial-based hash function from ICISC 2006 is presented. The attack relies on elementary linear algebra and can be considered as practical: For the parameters suggested, we give a specific collision, computed by means of a computer algebra system.
2006
EPRINT
A Simpler Sieving Device: Combining ECM and TWIRL
A main obstacle in manufacturing the TWIRL device for realizing the sieving step of the Number Field Sieve is the sophisticated chip layout. Especially the logic for logging and recovering large prime factors found during sieving adds significantly to the layout complexity. We describe a device building on the Elliptic Curve Method (ECM) that for parameters of interest enables the replacement of the complete logging part in TWIRL by an off-wafer postprocessing. The postprocessing is done in real time, leaving the total sieving time basically unchanged. The proposed device is an optimized ECM implementation building on curves chosen to cope with factor sizes as expected in the output of TWIRL. According to our preliminary analysis, for the relation collection step expected for a 1024-bit factorization our design is realizable with current fab technology at very moderate cost. The proposed ECM engine also finds the vast majority of the needed cofactor factorizations. In summary, we think the proposed device to enable a significant decrease of TWIRL's layout complexity and therewith its cost.
2006
EPRINT
Non-Wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-bit
Willi Geiselmann Rainer Steinwandt
Significant progress in the design of special purpose hardware for supporting the Number Field Sieve (NFS) has been made. From a practical cryptanalytic point of view, however, none of the published proposals for coping with the sieving step is satisfying. Even for the best known designs, the technological obstacles faced for the parameters expected for a 1024-bit RSA modulus are significant. Below we present a new hardware design for implementing the sieving step. The suggested chips are of moderate size and the inter-chip communication does not seem unrealistic. According to our preliminary analysis of the 1024-bit case, we expect the new design to be about 2 to 3.5 times slower than TWIRL (a wafer-scale design). Due to the more moderate technological requirements, however, from a practical cryptanalytic point of view the new design seems to be no less attractive than TWIRL.
2005
CHES
2003
CHES
2003
PKC
2003
EPRINT
Yet Another Sieving Device
Willi Geiselmann Rainer Steinwandt
A compact mesh architecture for supporting the relation collection step of the number field sieve is described. Differing from TWIRL, only isolated chips without inter-chip communication are used. According to a preliminary analysis for 768-bit numbers, with a 130 nm process one mesh-based device fits on a single chip of ca. (4.9 cm)^2 - the largest proposed chips in the TWIRL cluster for 768-bit occupy ca. (6.7 cm)^2. A 300 mm silicon wafer filled with the mesh-based devices is about 6.3 times slower than a wafer with TWIRL clusters, but due to the moderate chip size, lack of inter-chip communication, and the comparatively regular structure, from a practical point of view the mesh-based approach might be as attractive as TWIRL.
2003
EPRINT
A short comment on the affine parts of SFLASH^{v3}
Willi Geiselmann Rainer Steinwandt
In [http://eprint.iacr.org/2003/211/] SFLASH^{v3} is presented, which supersedes SFLASH^{v2}, one of the digital signature schemes in the NESSIE Portfolio of recommended cryptographic primitives. We show that a known attack against the affine parts of SFLASH^{v1} and SFLASH^{v2} carries over immediately to the new version SFLASH^{v3}: The 861 bit representing the affine parts of the secret key can easily be derived from the public key alone.
2003
EPRINT
Attacks on a Secure Group Communication Scheme With Hierarchical Access Control
Willi Geiselmann Rainer Steinwandt
At ICICS 2001, Zou, Ramamurthy, and Magliveras proposed CRTHACS, a chinese remainder theorem based scheme for secure group communication with hierarchical access control. The scheme is designed in such a way that the underlying hierarchy remains hidden from the participating parties/users. This contribution describes several practical attacks on CRTHACS which can reveal significant parts of the hierarchy.
2003
EPRINT
A Key Substitution Attack on SFLASH^{v3}
Willi Geiselmann Rainer Steinwandt
A practical key substitution attack on SFLASH^{v3} is described: Given a valid (message, signature) pair (m,\sigma) for some public key v_0, one can derive another public key v_1 (along with matching secret data) such that (m,\sigma) is also valid for v_1. The computational effort needed for finding such a `duplicate' key is comparable to the effort needed for ordinary key generation.
2002
EPRINT
An Attack on the Isomorphisms of Polynomials Problem with One Secret
Willi Geiselmann Willi Meier Rainer Steinwandt
At EUROCRYPT '96 J. Patarin introduced the "Isomorphisms of Polynomials (IP)" problem as a basis of authentication and signature schemes. We describe an attack on the secret key of "IP with one secret" and demonstrate its efficiency through examples with realistic parameter sizes. To prevent our attack, additional restrictions on the suggested parameters should be imposed.
2001
PKC
2001
PKC
2000
CRYPTO
1996
ASIACRYPT
1996
FSE
1990
AUSCRYPT