Omar Sagga scite author profile

Omar Sagga

2Publications

22Citation Statements Received

44Citation Statements Given

How they've been cited

How they cite others

Affiliations

Boston University

Publications

Order By: Most citations

MaxLength Considered Harmful to the RPKI

Gilad

Sagga

Goldberg

2017

View full text Add to dashboard Cite

User convenience and strong security are often at odds, and most security applications need to nd some sort of balance between these two (often opposing) goals. The Resource Public Key Infrastructure (RPKI), a security infrastructure built on top of interdomain routing, is not immune to this issue. The RPKI uses the maxLength attribute to reduce the amount of information that must be explicitly recorded in its cryptographic objects. MaxLength also allows operators to easily recon gure their networks without modifying their RPKI objects. Our network measurements, however, suggest that the maxLength attribute strikes the wrong balance between security and user convenience. We therefore believe that operators should avoid using maxLength. We give operational recommendations and develop software that allow operators to reap many of the bene ts of maxLength without its security costs.

show abstract

Efficient Noninteractive Certification of RSA Moduli and Beyond

Goldberg

Reyzin

Sagga

et al. 2019

View full text Add to dashboard Cite

In many applications, it is important to verify that an RSA public key (N, e) specifies a permutation over the entire space Z N , in order to prevent attacks due to adversarially-generated public keys. We design and implement a simple and efficient noninteractive zero-knowledge protocol (in the random oracle model) for this task. Applications concerned about adversarial key generation can just append our proof to the RSA public key without any other modifications to existing code or cryptographic libraries. Users need only perform a one-time verification of the proof to ensure that raising to the power e is a permutation of the integers modulo N . For typical parameter settings, the proof consists of nine integers modulo N ; generating the proof and verifying it both require about nine modular exponentiations.We extend our results beyond RSA keys and also provide efficient noninteractive zeroknowledge proofs for other properties of N , which can be used to certify that N is suitable for the Paillier cryptosystem, is a product of two primes, or is a Blum integer. As compared to the recent work of Auerbach and Poettering (PKC 2018), who provide two-message protocols for similar languages, our protocols are more efficient and do not require interaction, which enables a broader class of applications.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Omar Sagga

MaxLength Considered Harmful to the RPKI

Efficient Noninteractive Certification of RSA Moduli and Beyond

Contact Info

Product

Resources

About