Multifeature security through homomorphic encryption

  • Thomas Beth
Invited Lecture 1
Part of the Lecture Notes in Computer Science book series (LNCS, volume 917)


After the announcement of a U.S. digital signature standard by NIST, the role of the Exponential One Way Function — which had been used in the initial illustration of public key cryptography — has again received proper recognition as being another security primitive in addition to the RSA-scheme.

In this paper we present the exponential security system TESS developed at the European Institute for System Security (E.I.S.S.) embedded in a package of freeware. The system has meanwhile been applied to some TCP/IP based services such as telnet, rsh and rcp supplementing these services with additional security features. TESS is based on the use of the one way function exp that had originally been described by Pohlig and Hellman and is the central feature in the well-known Diffie-Hellman key exchange protocol. The subsequent contributions by El-Gamal have indicated the multifeature capabilities of this proper one way function. Based on these results, the invention of the Beth-Schnorr-Zero-Knowledge Protocols in extension of the Chaum-Evertse-van de Graaf-Zero Knowledge Scheme has made authentication and signature procedures available, which support the view that the exponential one way function is a security primitive suited for supporting practically all mechanisms needed for the design of secure systems.

The implementation of the authenticated key exchange protocol KATHY within the Network Security System SELANE developed at E.I.S.S., Karlsruhe, based on the Günther-Bauspieß-Knobloch scheme forms an integral part of TESS, providing a universal security toolbox for access control, authentication, key exchange, confidentiality protection, digital signatures and verifiable distributed network security management. Its suitability for the incorporation in the X.509 Directory Authentication Framework as well as its free availability make it an interesting system to extend the features of KERBEROS or DSSA towards a proposed Open System Security Architecture.

A further mechanisms composed from TESS primitives is the Electronic Exponential Signature (EES) scheme. It had been developed for EDI purposes and banking applications already in 1989, when after an indepth study of up-to-date signature procedures, prior to the new U.S. standard, the superiority of the exponential scheme became apparent.


Smart Card Secret Sharing Access Structure Authentication Protocol Discrete Logarithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AdMa93]
    L. M. Adleman, J. DeMarrais: A Subexponential Algorithm for Discrete Logarithms over all Finite Fields, Santa Barbara, Crypto '93, PreprintsGoogle Scholar
  2. [AnMi90]
    C. I'Anson, C. J. Mitchell: Security Defects in CCITT Recommendation X.509, Technical Memo, HP Labs, Bristol, Jan. 1990Google Scholar
  3. [Baus88]
    F. Bauspieß: SELANE, Studienarbeit, Fakultät für Informatik, Universität Karlsruhe, 1988Google Scholar
  4. [BaKn89]
    F. Bauspieß, H.-J. Knobloch: How to keep Authenticity Alive in a Computer Network, Eurocrypt '89, Advances in Cryptology, LNCS 434, Springer-Verlag, Berlin, 1989, pp. 38–46Google Scholar
  5. [Beth88]
    Th. Beth: Efficient Zero-Knowledge Identification Scheme for Smart Cards, Eurocrypt '88, Advances in Cryptology, LNCS 330, Springer-Verlag, Berlin, 1988, pp. 77–84Google Scholar
  6. [BeAV90]
    Th. Beth, G. Agnew, S. A. Vanstone: What one should know about Public Key Algorithms —Today!, Proceedings SECURICOM '90.Google Scholar
  7. [BeGo89]
    Th. Beth, D. Gollmann: Algorithm Engineering for Public Key Algorithms, IEEE JSAC, Vol. 7, No. 4, pp. 458–466, 1989Google Scholar
  8. [BeKO93]
    Th. Beth, H.-J. Knobloch, M. Otten: Verifiable Secret Sharing for Monotone Access Structures, Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, USA, November 1993, to be publishedGoogle Scholar
  9. [BeSc91]
    Th. Beth, F. Schaefer: Non-Supersingular Elliptic Curves for Public Key Cryptosystems, Eurocrypt '91, Advances in Cryptology, LNCS 547, Springer-Verlag, Berlin, 1991 pp. 316–327Google Scholar
  10. [BuAN89]
    M. Burrows, M. Abadi, R. Needham: A Logic of Authentication, DEC-SRC, Research Report Series No. 39, 1989Google Scholar
  11. [ChEG87]
    D. Chaum, J.-H. Evertse, J. van de Graaf: An Improved Protocol for Demonstrating Possession of a Discrete Logarithm and Some Generalizations, Eurocrypt '87, Advances in Cryptology, LNCS 304, Springer-Verlag, Berlin, 1988, pp. 127–141Google Scholar
  12. [Chim90]
    A. Tarah, C. Huitema: CHIMAERA: A Network Security Model, Proc. ESORICS '90, afcet, 1990, pp. 127–145Google Scholar
  13. [DiHe76]
    W. Diffie, M. E. Hellman: New Directions in Cryptography, IEEE Trans. Inf. Theory, IT-22, 1976, pp. 664–654Google Scholar
  14. [ElGa85]
    T. ElGamal: A public key crypto-system and signature scheme based on discrete logarithms, IEEE Trans. Inf. Theory, IT-31, 1985, 469–472.Google Scholar
  15. [Günt89]
    C. Günther: Diffie-Hellman and El-Gamal Protocols With One Single Authentication Key, Eurocrypt '89, Advances in Cryptology, LNCS 434, Springer-Verlag, Berlin, 1989, pp. 29–37Google Scholar
  16. [HoKn91]
    P. Horster, H.-J. Knobloch: Discrete Logarithm Based Protocols, Eurocrypt '91, Advances in Cryptology, LNCS 547, Springer-Verlag, Berlin, 1991, pp. 399–408Google Scholar
  17. [ITSE91]
    ITSEC: Harmonised Criteria of France, Germany, the Netherlands, the United Kingdom, Brussels, 1991Google Scholar
  18. [Kerb89]
    Network Working Group J. Kohl, B. C. Neumann, J. Steiner: MIT Project Athena: The Kerberos Network Authentication Service, Draft 2, MIT, November 1989Google Scholar
  19. [Klei93]
    B. Klein: Authentifikationsdienste für sichere Informationssysteme, Dissertation, Universität Karlsruhe, 1993, to be publishedGoogle Scholar
  20. [Odly84]
    A. M. Odlyzko: Discrete logarithms in finite fields and their cryptographic significance, Eurocrypt '84, Advances in Cryptology, LNCS 209, Springer-Verlag, Berlin, 1985, pp. 224–314Google Scholar
  21. [Otte92]
    M. Otten: Mehrparteienprotokolle und Korrektes Verteilen von Geheimnissen, Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe, 1992Google Scholar
  22. [Otto90]
    C. Otto: SELANE-Hardwareentwicklung, Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe, 1990Google Scholar
  23. [PoHe78]
    S. C. Pohlig, M. E. Hellman: An improved algorithm for computing logarithms in GF(p) and its cryptographic significance, IEEE Trans. Inf. Theory, IT-24, 1978, pp. 106–111Google Scholar
  24. [Scha93]
    F. Schaefer-Lorinser: Arithmetik auf elliptischen Kurven zur Konstruktion kryptographischer Einwegfunktionen, Dissertation, Universität Karlsruhe, 1993Google Scholar
  25. [Schn89]
    C. P. Schnorr: Efficient Identification and Signatures for Smart Cards, Crypto '89, Advances in Cryptology, LNCS 435, Springer-Verlag, Berlin, 1989, pp. 239–252Google Scholar
  26. [SiJM91]
    G. J. Simmons, W.-A. Jackson, K. Martin: The Geometry of Shared Secret Schemes, Bulletin of the Institute of Combinatorics, Winnipeg Canada, January 1991Google Scholar
  27. [Stem90]
    S. Stempel: SELANE Pilot-Implementierung, Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe, 1990Google Scholar
  28. [YaKB93]
    R. Yahalom, B. Klein, Th. Beth: Trust Relationships in Secure Systems — A Distributed Authentication Perspective, Proceedings of the IEEE Conference on Research in Security and Privacy, 1993.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Thomas Beth
    • 1
  1. 1.Europäisches Institut für SystemsicherheitUniversität KarlsruheKarlsruheGermany

Personalised recommendations