Publication

Quantum Cryptography : On the Security of the BB84 Key-Exchange Protocol

Related publications (124)

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.

Smashing SQUASH-0

Serge Vaudenay, Khaled Ouafi

At the RFID Security Workshop 2007, Adi Shamir presented a new challenge-response protocol well suited for RFIDs, although based on the Rabin public-key cryptosystem. This protocol, which we call SQUASH-0, was using a linear mixing function which was subse ...

Springer2009

SAS-Based Group Authentication and Key Agreement Protocols

Sylvain Pasini

New trends in consumer electronics have created a strong demand for fast, reliable and user-friendly key agreement protocols. However, many key agreement protocols are secure only against passive attacks. Therefore, message authentication is often unavoida ...

Springer2008

Cryptanalysis of e-mail protocols providing perfect forward secrecy

Recently, two e-mail protocols were proposed claiming to provide perfect secrecy. These protocols use authentication and (Diffie-Hellman) key-exchange techniques, and as such, other standard security criteria besides perfect forward secrecy include key-rep ...

2008

Weariness and Loyalty Loss in Recurrent Service Models

Max-Olivier Hongler, Olivier Gallay

For recurrent service providers (fast-food, entertainment, medical care,...), retaining loyal customers is obviously a key issue. The customers' loyalty essentially depends on their service satisfaction defined via an ad-hoc utility function. Among several ...

2008

Local deformation models for monocular 3D shape recovery

Pascal Fua, Mathieu Salzmann, Raquel Urtasun

Without a deformation model, monocular 3D shape recovery of deformable surfaces is severly under-constrained. Even when the image information is rich enough, prior knowledge of the feasible deformations is required to overcome the ambiguities. This is furt ...

2008

Secrecy for bounded security protocols with freshness check is NEXPTIME-complete

The secrecy problem for security protocols is the problem to decide whether or not a given security protocol has leaky runs. In this paper, the (initial) secrecy problem for bounded protocols with freshness check is shown to be NEXPTIME-complete. Relating ...

2008

On Reconstruction of RC4 Keys from Internal States

Willi Meier, Shahram Khazaei

In this work key recovery algorithms from the known internal states of RC4 are investigated. In particular, we propose a bit-by-bit approach to recover the key by starting from LSB's of the key bytes and ending with their MSB's. ...

Springer-Verlag New York, Ms Ingrid Cunningham, 175 Fifth Ave, New York, Ny 10010 Usa2008

Architecture for Secure and Private Vehicular Communications

Jean-Pierre Hubaux, Panagiotis Papadimitratos, Maxime Raya, Levente Buttyan

The deployment of vehicular communication (VC) systems is strongly dependent on their security and privacy features. In this paper, we propose a security architecture for VC. The primary objectives of the architecture include the management of identities a ...

2007

Provable Security in Cryptography

Thomas Baignères

These lecture notes are a compilation of some of my readings while I was preparing two lectures given at EPFL on provable security in cryptography. They are essentially based on a book chapter from David Pointcheval called “Provable Security for Public Key ...

2007

Cryptanalysis of the Sidelnikov cryptosystem

Mohammad Amin Shokrollahi, Lorenz Minder

We present a structural attack against the Sidelnikov cryptosystem. The attack creats a private key from a give public key. Its running time is subexponential and it is effective if the parameters of the Reed-Muller code allow for efficient sampling of min ...

Springer Verlag2007