U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Publications

Search Publications by

John M. Kelsey (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 31

Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process

July 5, 2022
Author(s)
Gorjan Alagic, David A. Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, Daniel Apon
The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public

Coalition and Threshold Hash-Based Signatures

February 25, 2022
Author(s)
John M. Kelsey, Stefan Lucks
We show how to construct a threshold version of stateful hash-based signature schemes like those defined in XMSS (defined in RFC8391) and LMS (defined in RFC8554). Our techniques assume a trusted dealer and secure point-to-point communications; are

Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process

July 20, 2021
Author(s)
Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Cagdas Calik, Lawrence E. Bassham, Jinkeon Kang, John M. Kelsey
The National Institute of Standards and Technology (NIST) is in the process of selecting one or more authenticated encryption and hashing schemes suitable for constrained environments through a public, competition-like process. In February 2019, 57

Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process

July 22, 2020
Author(s)
Dustin Moody, Gorjan Alagic, Daniel C. Apon, David A. Cooper, Quynh H. Dang, John M. Kelsey, Yi-Kai Liu, Carl A. Miller, Rene C. Peralta, Ray A. Perlner, Angela Y. Robinson, Daniel C. Smith-Tone, Jacob Alperin-Sheriff
The National Institute of Standards and Technology is in the process of selecting one or more public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify one or more additional

TMPS: Ticket-Mediated Password Strengthening

February 14, 2020
Author(s)
John M. Kelsey, Dana Dachman-Soled, Meltem Sonmez Turan, Sweta Mishra
We introduce the notion of Ticket-Mediated Password Strengthening (TMPS), a technique for allowing users to derive keys from passwords while imposing a strict limit on the number of guesses of their password any attacker can make, and strongly protecting

Recommendation for the Entropy Sources Used for Random Bit Generation

January 10, 2018
Author(s)
Meltem Sonmez Turan, Elaine B. Barker, John M. Kelsey, Kerry A. McKay, Mary L. Baish, Mike Boyle
This Recommendation specifies the design principles and requirements for the entropy sources used by Random Bit Generators, and the tests for the validation of entropy sources. These entropy sources are intended to be combined with Deterministic Random Bit

Cryptocurrency Smart Contracts for Distributed Consensus of Public Randomness

October 7, 2017
Author(s)
Peter M. Mell, John M. Kelsey, James Shook
Most modern electronic devices can produce a random number. However, it is dicult to see how a group of mutually distrusting entities can have con dence in any such hardware-produced stream of random numbers, since the producer could control the output to

SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash

December 22, 2016
Author(s)
John M. Kelsey, Shu-jen H. Chang, Ray Perlner
This Recommendation specifies four types of SHA-3-derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash, each defined for a 128- and 256-bit security strength. cSHAKE is a customizable variant of the SHAKE function, as defined in FIPS 202. KMAC (for

Measuring the Usability and Security of Permuted Passwords on Mobile Platforms

April 25, 2016
Author(s)
Kristen K. Greene, John M. Kelsey, Joshua M. Franklin
Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics

Predictive Models for Min-Entropy Estimation

September 13, 2015
Author(s)
John M. Kelsey, Kerry McKay, Meltem Sonmez Turan
Random numbers are essential for cryptography. In most real-world systems, these values come from a cryptographic pseudorandom number generator (PRNG), which in turn is seeded by an entropy source. The security of the entire cryptographic system then

New Second-Preimage Attacks on Hash Functions

June 23, 2015
Author(s)
Elena Andreeva, Charles Bouillaguet, Orr Dunkelman, Pierre-Alain Fouque, Jonathan J. Hoch, John M. Kelsey, Adi Shamir, Sebastien Zimmer
In this work, we present several new generic second-preimage attacks on hash functions. Our first attack is based on the herding attack and applies to various Merkle-Damgard-based iterative hash functions. Compared to the previously known long-message

Tap On, Tap Off: Onscreen Keyboards and Mobile Password Entry

May 1, 2015
Author(s)
Kristen Greene, Joshua M. Franklin, John M. Kelsey
Password entry on mobile devices significantly impacts both usability and security, but there is a dearth of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics

How Random is Your RNG?

January 18, 2015
Author(s)
Meltem Sonmez Turan, John M. Kelsey, Kerry A. McKay
Cryptographic primitives need random numbers to protect your data. Random numbers are used for generating secret keys, nonces, random paddings, initialization vectors, salts, etc. Deterministic pseudorandom number generators are useful, but they still need

Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition

November 15, 2012
Author(s)
Shu-jen H. Chang, Ray A. Perlner, William E. Burr, Meltem Sonmez Turan, John M. Kelsey, Souradyuti Paul, Lawrence E. Bassham
The National Institute of Standards and Technology (NIST) opened a public competition on November 2, 2007 to develop a new cryptographic hash algorithm - SHA-3, which will augment the hash algorithms specified in the Federal Information Processing Standard

A Keyed Sponge Construction with Pseudorandomness in the Standard Model

March 22, 2012
Author(s)
Donghoon Chang, Morris Dworkin, Seokhie Hong, John M. Kelsey, Mridul Nandi
The sponge construction, designed by Bertoni, Daemen, Peeters, and Asscheis, is the framework for hash functions such as Keccak, PHOTON, Quark, and spongent. The designers give a keyed sponge construction by prepending the message with key and prove a

Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition

February 23, 2011
Author(s)
Meltem Sonmez Turan, Ray A. Perlner, Lawrence E. Bassham, William E. Burr, Dong H. Chang, Shu-jen H. Chang, Morris J. Dworkin, John M. Kelsey, Souradyuti Paul, Rene C. Peralta
The National Institute of Standards and Technology (NIST) opened a public competition on November 2, 2007 to develop a new cryptographic hash algorithm - SHA-3, which will augment the hash algorithms currently specified in the Federal Information

On the privacy threats of electronic poll books

October 4, 2010
Author(s)
Stefan Popoveniuc, John M. Kelsey
Electronic poll books make the process of verifying that a voter is authorized to vote and issuing her a ballot faster and more convenient. However, they also introduce a privacy risk: if both the electronic poll book and voting machine or optical scanner

Performance Requirements for End-to-End Verifiable Elections

August 9, 2010
Author(s)
Stefan Popoveniuc, John M. Kelsey, Andrew Regenscheid, Poorvi Vora
The term end-to-end verifiability has been used over the past several years to describe multiple voting system proposals. The term has, however, never been formally defined. As a result, its meaning tends to change from voting system to voting system. We

On Hash Functions Using Checksums

April 1, 2010
Author(s)
Praveen Gauruvarum, John M. Kelsey, L. Knudsen, S. Thomsen
We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one- way checksum functions

Attacking Paper-Based E2E Voting Systems

February 1, 2010
Author(s)
John M. Kelsey, Andrew R. Regenscheid, Tal Moran, David Chaum
In this paper, we develop methods for constructing vote-buying/coercion attacks on end-to-end voting systems, and describe vote-buying/coercion attacks on three end-to-end voting systems: Punchscan, Pret-a-Voter, and Threeballot. We also demonstrate a

Herding, Second Preimage, and Trojan Message Attacks Beyond Merkle-Damgaard

November 3, 2009
Author(s)
Elena Andreeva, Charles Bouillaguet , Orr Dunkelman, John M. Kelsey
In this paper we present new attack techniques to analyze the structure of hash functions that are not based on the classical Merkle-Damgaard construction. We extend the herding attack to concatenated hashes, and to certain hash functions that process each

Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition

September 23, 2009
Author(s)
Andrew R. Regenscheid, Ray A. Perlner, Shu-jen H. Chang, John M. Kelsey, Mridul Nandi, Souradyuti Paul
The National Institute of Standards and Technology is in the process of selecting a new cryptographic hash algorithm through a public competition. The new hash algorithm will be referred to as SHA-3 and will complement the SHA-2 hash algorithms currently