In RSA public-key cryptosystem, a small private key is often preferred for efficiency but such a small key could degrade security. Thus the Chinese Remainder Theorem (CRT) is tactically used, especially in time-critical applications like smart cards. As for using the CRT in RSA, care must be taken to resist partial key exposure attacks. While it is common to choose two distinct primes with similar size in RSA, May has shown that a composite modulus N can be factored in the balanced RSA with the CRT of half of the least (or most) significant bits of a private key is revealed with a small public key. However, in the case that efficiency is more critical than security, such as smart cards, unbalanced primes might be chosen. Thus, we are interested in partial key exposure attacks to the unbalanced RSA with the CRT. In this paper, we obtain the similar results as the balanced RSA. We show that in the unbalanced RSA if the N1/4 least (or most) significant bits are revealed, a private key can be recovered in polynomial time under a small public key.

XQuery has become the standard for querying XML. Just like SQL, XQuery allows nested expressions. To optimize XQuery processing, a lot of research has been done on normalization, i.e., transforming nested expressions to equivalent unnested ones. Previous normalization rules are classified into two categories—source-level/ and algebra-level/—depending on whether a construct is specified in the XQuery syntax or as equivalent algebraic expressions. From an implementation point of view, the former is preferable to the latter since it can be implemented in a variety of XQuery engines with different algebras. However, existing source-level rules have several problems: They do not handle quantified expressions, incur duplicated query results, and use many temporary files. In this paper, we propose new source-level normalization rules that solve these problems. Through analysis and experiments, we show that our normalization rules can reduce query execution time from hours to a few seconds and can be adapted to a variety of XQuery engines.

In 1999, Gennaro, Halevi and Rabin proposed a signature which achieves provable security without assuming the random oracles, and it is the first RSA-type signature whose security is proved in the standard model. Since that time, several signatures have been proposed to achieve better efficiency or useful property along with the provable security in the standard model. In this paper, we construct a trapdoor hash function, and design an efficient online/offline signature by using the trapdoor hash function. Our signature scheme requires only one non-modular multiplication of two small integers for online signing, and it provides the fastest online signing among all online/offline signatures that achieve provable security in the standard model.

We propose a new linear array for multiplication in GF(2m) which outperforms most of the existing linear multipliers in terms of the area and time complexity. Moreover we will give a very detailed comparison of our array with other existing architectures for the five binary fields GF(2m), m=163,233,283,409,571, recommended by NIST for elliptic curve cryptography.

We propose a new analysis technique against a class of countermeasure using randomized binary signed digit (BSD) representations. We also introduce some invariant properties between BSD representations. The proposed analysis technique can directly recover the secret key from power measurements without information for algorithm because of the invariant properties of BSD representation. Thus the proposed attack is applicable to all countermeasures using BSD representations. Finally, we give the simulation results against some countermeasures using BSD representation such as Ha-Moon method, Ebeid-Hasan method, and the method of Agagliate et al. The results show that the proposed attack is practical analysis method.

Trapdoor commitment schemes are widely used for adding valuable properties to ordinary signatures or enhancing the security of weakly secure signatures. In this letter, we propose a trapdoor commitment scheme based on RSA function, and prove its security under the hardness of the integer factoring. Our scheme is very efficient in computing a commitment. Especially, it requires only three multiplications for evaluating a commitment when e=3 is used as a public exponent of RSA function. Moreover, our scheme has two useful properties, key exposure freeness and strong trapdoor opening, which are useful for designing secure chameleon signature schemes and converting a weakly secure signature to a strongly secure signature, respectively.

Due to the recent technical advances, GPUs are used for general applications as well as screen display. Many research results have been proposed to the performance of previous CPU-based algorithms by a few hundred times using the GPUs. In this paper, we propose a density-based clustering algorithm called GSCAN, which reduces the number of unnecessary distance computations using a grid structure. As a result of our experiments, GSCAN outperformed CUDA-DClust [2] and DBSCAN [3] by up to 13.9 and 32.6 times, respectively.

Previously proposed batch signature schemes do not allow a signer to generate a signature immediately for sequentially asked signing queries. In this letter, we propose flexible batch signatures which do not need any waiting period and have very light computational overhead. Therefore our schemes are well suited for low power devices.

A multisignature (MS) scheme enables a group of signers to produce a compact signature on a common message. In analyzing security of MS schemes, a key registration protocol with proof-of-possession (POP) is considered to prevent rogue key attacks. In this paper, we refine the POP-based security model by formalizing a new strengthened POP model and showing relations between the previous POP models and the new one. We next suggest a MS scheme that achieves: (1) non-interactive signing process, (2) O(1) pairing computations in verification, (3) tight security reduction under the co-CDH assumption, and (4) security under the new strengthened POP model. Compared to the tightly-secure BNN-MS scheme, the verification in ours can be at least 7 times faster at the 80-bit security level and 10 times faster at the 128-bit security level. To achieve our goal, we introduce a novel and simple POP generation method that can be viewed as a one-time signature without random oracles. Our POP technique can also be applied to the LOSSW-MS scheme (without random oracles), giving the security in the strengthened POP model.