Results 11  20
of
5,501
NonMalleable Cryptography
 SIAM Journal on Computing
, 2000
"... The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. ..."
Abstract

Cited by 480 (20 self)
 Add to MetaCart
The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related
Broadcast Encryption
, 1994
"... We introduce new theoretical measures for the qualitative and quantitative assessment of encryption schemes designed for broadcast transmissions. The goal is to allow a central broadcast site to broadcast secure transmissions to an arbitrary set of recipients while minimizing key management related ..."
Abstract

Cited by 331 (8 self)
 Add to MetaCart
We introduce new theoretical measures for the qualitative and quantitative assessment of encryption schemes designed for broadcast transmissions. The goal is to allow a central broadcast site to broadcast secure transmissions to an arbitrary set of recipients while minimizing key management related
Leakage Resilient ElGamal Encryption
"... Abstract. Blinding is a popular and wellknown countermeasure to protect publickey cryptosystems against sidechannel attacks. The high level idea is to randomize an exponentiation in order to prevent multiple measurements of the same operation on different data, as such measurements might allow th ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
. In particular, we consider a multiplicatively blinded version of ElGamal publickey encryption where ā we prove that the scheme, instantiated over bilinear groups of prime order p (where pā1 is not smooth) is leakage resilient in the genericgroup model. Here we consider the model of chosenciphertext security
Secure Integration of Asymmetric and Symmetric Encryption Schemes
, 1999
"... This paper shows a generic and simple conversion from weak asymmetric and symmetric encryption schemes into an asymmetric encryption scheme which is secure in a very strong sense  indistinguishability against adaptive chosenciphertext attacks in the random oracle model. In particular, this convers ..."
Abstract

Cited by 206 (9 self)
 Add to MetaCart
, this conversion can be applied efficiently to an asymmetric encryption scheme that provides a large enough coin space and, for every message, many enough variants of the encryption, like the ElGamal encryption scheme.
Efficient identitybased encryption without random oracles
, 2005
"... We present the first efficient IdentityBased Encryption (IBE) scheme that is fully secure without random oracles. We first present our IBE construction and reduce the security of our scheme to the decisional Bilinear DiffieHellman (BDH) problem. Additionally, we show that our techniques can be use ..."
Abstract

Cited by 346 (19 self)
 Add to MetaCart
We present the first efficient IdentityBased Encryption (IBE) scheme that is fully secure without random oracles. We first present our IBE construction and reduce the security of our scheme to the decisional Bilinear DiffieHellman (BDH) problem. Additionally, we show that our techniques can
Aggregate and Verifiably Encrypted Signatures from Bilinear Maps
, 2002
"... An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verif ..."
Abstract

Cited by 336 (12 self)
 Add to MetaCart
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince
On The Limits of Steganography
 IEEE Journal of Selected Areas in Communications
, 1998
"... In this paper, we clarify what steganography is and what it can do. We contrast it with the related disciplines of cryptography and tra#c security, present a unified terminology agreed at the first international workshop on the subject, and outline a number of approachesmany of them developed to ..."
Abstract

Cited by 413 (2 self)
 Add to MetaCart
to hide encrypted copyright marks or serial numbers in digital audio or video. We then present a number of attacks, some new, on such information hiding schemes. This leads to a discussion of the formidable obstacles that lie in the way of a general theory of information hiding systems (in the sense
A Fuzzy Commitment Scheme
 ACM CCS'99
, 1999
"... We combine wellknown techniques from the areas of errorcorrecting codes and cryptography to achieve a new type of cryptographic primitive that we refer to as a fuzzy commitment scheme. Like a conventional cryptographic commitment scheme, our fuzzy commitment scheme is both concealing and binding: i ..."
Abstract

Cited by 344 (1 self)
 Add to MetaCart
that it accepts a witness that is close to the original encrypting witness in a suitable metric, but not necessarily identical. This characteristic of our fuzzy commitment scheme makes it useful for applications such as biometric authentication systems, in which data is subject to random noise. Because the scheme
An identity based encryption scheme based on quadratic residues
 IN IMA INT. CONF
, 2001
"... We present a novel public key cryptosystem in which the public key of a subscriber can be chosen to be a publicly known value, such as his identity. We discuss the security of the proposed scheme, and show that this is related to the difficulty of solving the quadratic residuosity problem. ..."
Abstract

Cited by 284 (0 self)
 Add to MetaCart
We present a novel public key cryptosystem in which the public key of a subscriber can be chosen to be a publicly known value, such as his identity. We discuss the security of the proposed scheme, and show that this is related to the difficulty of solving the quadratic residuosity problem.
Optimal Asymmetric Encryption
, 1994
"... Given an arbitrary kbit to kbit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string z of length slightly less than k bits can be encrypted as where r= is a simple probabilistic encoding of z depending on the hash function; and (ii) the scheme ca ..."
Abstract

Cited by 275 (14 self)
 Add to MetaCart
Given an arbitrary kbit to kbit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string z of length slightly less than k bits can be encrypted as where r= is a simple probabilistic encoding of z depending on the hash function; and (ii) the scheme
Results 11  20
of
5,501