Serge Mister scite author profile

Serge Mister

5Publications

56Citation Statements Received

49Citation Statements Given

How they've been cited

How they cite others

Affiliations

Entrust (Canada), Entrust

Publications

Order By: Most citations

Cryptanalysis of RC4-like Ciphers

Mister

Tavares

1999

View full text Add to dashboard Cite

Abstract. RC4, a stream cipher designed by Rivest for RSA Data Security Inc., has found several commercial applications, but little public analysis has been done to date. In this paper, alleged RC4 (hereafter called RC4) is described and existing analysis outlined. The properties of RC4, and in particular its cycle structure, are discussed. Several variants of a basic "tracking" attack are described, and we provide experimental results on their success for scaled-down versions of RC4. This analysis shows that, although the full-size RC4 remains secure against known attacks, keystreams are distinguishable from randomly generated bit streams, and the RC4 key can be recovered if a significant fraction of the full cycle of keystream bits is generated (while recognizing that for a full-size system, the cycle length is too large for this to be practical). The tracking attacks discussed provide a significant improvement over the exhaustive search of the full RC4 keyspace. For example, the state of a 5 bit RC4-like cipher can be obtained from a portion of the keystream using 2 42 steps, while the nominal keyspace of the system is 2 160 . More work is necessary to improve these attacks in the case where a reduced keyspace is used.

show abstract

On The Security of Key Derivation Functions

Adams

Kramer

Mister

et al. 2004

View full text Add to dashboard Cite

Abstract. Key derivation functions are commonly used within many cryptographic schemes in order to distribute the entropy contained in an uneven way in a long stream of bits into a string that can be used directly as a symmetric key or as a seed for a pseudo-random number generator, or to convert short strings such as passwords into symmetric keys. This paper examines the common key derivation function constructions and shows that most of these have some concerning properties. In some situations, the use of these key derivation functions may actually limit the security that would otherwise be obtained. A new construction is also provided which seems to have better properties and an intuitive justification for its security is given.

show abstract

An Attack on CFB Mode Encryption as Used by OpenPGP

Mister

Zuccherato

2006

View full text Add to dashboard Cite

Abstract. This paper describes an adaptive chosen-ciphertext attack on the Cipher Feedback (CFB) mode of encryption as used in OpenPGP. In most circumstances it will allow an attacker to determine 16 bits of any block of plaintext with about 2 15 oracle queries for the initial setup work and 2 15 oracle queries for each block. Standard CFB mode encryption does not appear to be affected by this attack. It applies to a particular variation of CFB used by OpenPGP. In particular it exploits an ad-hoc integrity check feature in OpenPGP which was meant as a "quick check" to determine the correctness of the decrypting symmetric key.

show abstract

Impact of post-quantum hybrid certificates on PKI, common libraries, and protocols

Fan¹,

Willems²,

Zahed³

et al. 2021

IJSN

View full text Add to dashboard Cite

In this work, we assessed the impact of post-quantum (PQ) cryptography on public key infrastructure (PKI). First, we modified a commercially available certification authority (CA) to issue 'hybrid' certificates (X.509 certificates with PQ extensions). Then we assessed the impact of using these certificates on some existing protocols, including TLS, OCSP, CMP, and EST, with open-source libraries OpenSSL and CFSSL, and with a commercially available cryptographic toolkit. We found that most of the protocols and libraries we tested worked with hybrid certificates, and some of the failures could be overcome with minor modifications to the existing software. Our work differentiates from and extends previous work by focusing on the impact of PQ algorithms on certificate issuance, revocation, and management protocols, which are necessary for enterprises to manage PKI in their environments. The impact on TLS is also investigated, allowing consistency with previous results to be evaluated.

show abstract

Impact of Post-Quantum Hybrid Certificates on PKI, Common Libraries, and Protocols

Fan

Willems

Zahed

et al. 2021

IJSN

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Serge Mister

Cryptanalysis of RC4-like Ciphers

On The Security of Key Derivation Functions

An Attack on CFB Mode Encryption as Used by OpenPGP

Impact of post-quantum hybrid certificates on PKI, common libraries, and protocols

Impact of Post-Quantum Hybrid Certificates on PKI, Common Libraries, and Protocols

Contact Info

Product

Resources

About