Results 1  10
of
12,221
Direct Anonymous Attestation
, 2004
"... This paper describes the direct anonymous attestation scheme (DAA). This scheme was adopted by the Trusted Computing Group as the method for remote authentication of a hardware module, called trusted platform module (TPM), while preserving the privacy of the user of the platform that contains the ..."
Abstract

Cited by 205 (21 self)
 Add to MetaCart
model under the strong RSA and the decisional Di#eHellman assumption.
An Algebraic Framework for DiffieHellman Assumptions
"... We put forward a new algebraic framework to generalize and analyze DiffieHellman like Decisional Assumptions which allows us to argue about security and applications by considering only algebraic properties. Our Dℓ,kMDDH assumption states that it is hard to decide whether a vector in G ℓ is linear ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
We put forward a new algebraic framework to generalize and analyze DiffieHellman like Decisional Assumptions which allows us to argue about security and applications by considering only algebraic properties. Our Dℓ,kMDDH assumption states that it is hard to decide whether a vector in G ℓ
A calculus for cryptographic protocols: The spi calculus
 Information and Computation
, 1999
"... We introduce the spi calculus, an extension of the pi calculus designed for the description and analysis of cryptographic protocols. We show how to use the spi calculus, particularly for studying authentication protocols. The pi calculus (without extension) suffices for some abstract protocols; the ..."
Abstract

Cited by 919 (55 self)
 Add to MetaCart
We introduce the spi calculus, an extension of the pi calculus designed for the description and analysis of cryptographic protocols. We show how to use the spi calculus, particularly for studying authentication protocols. The pi calculus (without extension) suffices for some abstract protocols
DiffieHellman without Difficulty
"... Abstract. An excellent way for a protocol to obtain shared keys is DiffieHellman. For the automated verification of security protocols, the use of DiffieHellman poses a certain amount of difficulty, because it requires algebraic reasoning. Several tools work in the free algebra and even for tools ..."
Abstract
 Add to MetaCart
Abstract. An excellent way for a protocol to obtain shared keys is DiffieHellman. For the automated verification of security protocols, the use of DiffieHellman poses a certain amount of difficulty, because it requires algebraic reasoning. Several tools work in the free algebra and even for tools
AttitudeBehavior Relations: A Theoretical Analysis and
 Review of Empirical Research, Psychological Bulletin
, 1977
"... Research on the relation between attitude and behavior is examined in light of the correspondence between attitudinal and behavioral entities. Such entities are defined by their target, action, context, and time elements. A review of available empirical research supports the contention that strong a ..."
Abstract

Cited by 473 (3 self)
 Add to MetaCart
Research on the relation between attitude and behavior is examined in light of the correspondence between attitudinal and behavioral entities. Such entities are defined by their target, action, context, and time elements. A review of available empirical research supports the contention that strong
DiffieHellman Oracles
 ADVANCES IN CRYPTOLOGY  CRYPTO '96 , LECTURE NOTES IN COMPUTER SCIENCE
, 1996
"... This paper consists of three parts. First, various types of DiffieHellman oracles for a cyclic group G and subgroups of G are defined and their equivalence is proved. In particular, the security of using a subgroup of G instead of G in the DiffieHellman protocol is investigated. Second, we derive ..."
Abstract

Cited by 46 (3 self)
 Add to MetaCart
This paper consists of three parts. First, various types of DiffieHellman oracles for a cyclic group G and subgroups of G are defined and their equivalence is proved. In particular, the security of using a subgroup of G instead of G in the DiffieHellman protocol is investigated. Second, we derive
An efficient system for nontransferable anonymous credentials with optional anonymity revocation
, 2001
"... A credential system is a system in which users can obtain credentials from organizations and demonstrate possession of these credentials. Such a system is anonymous when transactions carried out by the same user cannot be linked. An anonymous credential system is of significant practical relevance ..."
Abstract

Cited by 312 (14 self)
 Add to MetaCart
because it is the best means of providing privacy for users. In this paper we propose a practical anonymous credential system that is based on the strong RSA assumption and the decisional DiffieHellman assumption modulo a safe prime product and is considerably superior to existing ones: (1) We give
Security analysis of the strong DiffieHellman problem
, 2006
"... Abstract. Let g be an element of prime order p in an abelian group and α ∈ Zp. We show that if g, g α, and g αd are given for a positive divisor d of p−1, we can compute the secret α in O(log p· ( √ p/d+ √ d)) group operations using O(max { √ p/d, √ d}) memory. If g αi (i = 0, 1, 2,..., d) are pr ..."
Abstract

Cited by 70 (2 self)
 Add to MetaCart
) are provided for a positive divisor d of p + 1, α can be computed in O(log p · ( √ p/d + d)) group operations using O(max { √ p/d, √ d}) memory. This implies that the strong DiffieHellman problem and its related problems have computational complexity reduced by O ( √ d) from that of the discrete
AN OBSERVATION ABOUT VARIATIONS OF THE DIFFIEHELLMAN ASSUMPTION
, 2009
"... We generalize the Strong BonehBoyen (SBB) signature scheme to sign vectors; we call this scheme GSBB. We show that if a particular (but most natural) average case reduction from SBB to GSBB exists, then the Strong DiffieHellman (SDH) and the Computational DiffieHellman (CDH) have the same worst ..."
Abstract
 Add to MetaCart
We generalize the Strong BonehBoyen (SBB) signature scheme to sign vectors; we call this scheme GSBB. We show that if a particular (but most natural) average case reduction from SBB to GSBB exists, then the Strong DiffieHellman (SDH) and the Computational DiffieHellman (CDH) have the same worst
Dynamic Group DiffieHellman Key Exchange under Standard Assumptions
 EUROCRYPT
, 2002
"... Authenticated DiffieHellman key exchange allows two principals communicating over a public network, and each holding public /private keys, to agree on a shared secret value. In this paper we study the natural extension of this cryptographic problem to a group of principals. We begin from existin ..."
Abstract

Cited by 72 (11 self)
 Add to MetaCart
existing formal security models and refine them to incorporate major missing details (e.g., strongcorruption and concurrent sessions). Within this model we define the execution of a protocol for authenticated dynamic group DiffieHellman and show that it is provably secure under the decisional DiffieHellman
Results 1  10
of
12,221