Showing 1–2 of 2 results for author: Verheul, E R

Remote Document Encryption - encrypting data for e-passport holders

Authors: Eric R. Verheul

Abstract: We show how any party can encrypt data for an e-passport holder such that only with physical possession of the e-passport decryption is possible. The same is possible for electronic identity cards and driver licenses. We also indicate possible applications. Dutch passports allow for 160 bit security, theoretically giving sufficient security beyond the year 2079, exceeding current good practice of… ▽ More We show how any party can encrypt data for an e-passport holder such that only with physical possession of the e-passport decryption is possible. The same is possible for electronic identity cards and driver licenses. We also indicate possible applications. Dutch passports allow for 160 bit security, theoretically giving sufficient security beyond the year 2079, exceeding current good practice of 128 bit security. We also introduce the notion of RDE Extraction PIN which effectively provides the same security as a regular PIN. Our results ironically suggest that carrying a passport when traveling abroad might violate export or import laws on strong cryptography. △ Less

Submitted 9 June, 2017; v1 submitted 19 April, 2017; originally announced April 2017.

Best Effort and Practice Activation Codes

Authors: Gerhard de Koning Gans, Eric R. Verheul

Abstract: Activation Codes are used in many different digital services and known by many different names including voucher, e-coupon and discount code. In this paper we focus on a specific class of ACs that are short, human-readable, fixed-length and represent value. Even though this class of codes is extensively used there are no general guidelines for the design of Activation Code schemes. We discuss diff… ▽ More Activation Codes are used in many different digital services and known by many different names including voucher, e-coupon and discount code. In this paper we focus on a specific class of ACs that are short, human-readable, fixed-length and represent value. Even though this class of codes is extensively used there are no general guidelines for the design of Activation Code schemes. We discuss different methods that are used in practice and propose BEPAC, a new Activation Code scheme that provides both authenticity and confidentiality. The small message space of activation codes introduces some problems that are illustrated by an adaptive chosen-plaintext attack (CPA-2) on a general 3-round Feis- tel network of size 2^(2n) . This attack recovers the complete permutation from at most 2^(n+2) plaintext-ciphertext pairs. For this reason, BEPAC is designed in such a way that authenticity and confidentiality are in- dependent properties, i.e. loss of confidentiality does not imply loss of authenticity. △ Less

Submitted 23 June, 2011; v1 submitted 4 January, 2011; originally announced January 2011.

Comments: 15 pages, 3 figures, TrustBus 2011