Results 1 
8 of
8
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1246 (25 self)
 Add to MetaCart
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Timed commitments (Extended Abstract)
 IN ADVANCES IN CRYPTOLOGY— CRYPTO ’00
, 2000
"... We introduce and construct timed commitment schemes, an extension to the standard notion of commitments in which a potential forced opening phase permits the receiver to recover (with effort) the committed value without the help of the committer. An important application of our timedcommitment sche ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
We introduce and construct timed commitment schemes, an extension to the standard notion of commitments in which a potential forced opening phase permits the receiver to recover (with effort) the committed value without the help of the committer. An important application of our timedcommitment scheme is contract signing: two mutually suspicious parties wish to exchange signatures on a contract. We show a twoparty protocol that allows them to exchange RSA or Rabin signatures. The protocol is strongly fair: if one party quits the protocol early, then the two parties must invest comparable amounts of time to retrieve the signatures. This statement holds even if one party has many more machines than the other. Other applications, including honesty preserving auctions and collective coinflipping, are discussed.
Time capsule signature
 In Financial Cryptography and Data Security 2005
, 2005
"... Abstract. We introduce a new cryptographic problem called time capsule signature. Time capsule signature is a ‘future signature ’ that becomes valid from a specific future time t, when a trusted third party (called Time Server) publishes some trapdoor information associated with the time t. In addit ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. We introduce a new cryptographic problem called time capsule signature. Time capsule signature is a ‘future signature ’ that becomes valid from a specific future time t, when a trusted third party (called Time Server) publishes some trapdoor information associated with the time t. In addition, time capsule signature should satisfy the following properties: (1) If the signer wants, she can make her time capsule signature effective before the predefined time t. (2) The recipient of ‘future signature ’ can verify right away that the signature will become valid no later than at time t. (3) Time Server need not contact any user at any time, and in fact does not need to know anything about the PKI employed by the users. (4) Signatures completed by the signer before time t are indistinguishable from the ones completed using the Time Server at time t. We provide the rigorous definition of time capsule signature and the generic construction based on another new primitive of independent interest, which we call identitybased trapdoor hardtoinvert relation (IDTHIR). We also show an efficient construction of IDTHIRs (and, hence, time capsule signatures) in the random oracle model, and a less efficient construction in the standard model. If the time t is replaced by a specific event, the concept of time capsule signature can be generalized to event capsule signature.
Foundations and applications for secure triggers
 In ACM Transactions of Information Systems Security
, 2006
"... Imagine there is certain content we want to maintain private until some particular event occurs, when we want to have it automatically disclosed. Suppose furthermore, that we want this done in a (possibly) malicious host. Say, the confidential content is a piece of code belonging to a computer progr ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Imagine there is certain content we want to maintain private until some particular event occurs, when we want to have it automatically disclosed. Suppose furthermore, that we want this done in a (possibly) malicious host. Say, the confidential content is a piece of code belonging to a computer program that should remain ciphered and then “be triggered ” (i.e., deciphered and executed) when the underlying system satisfies a preselected condition which must remain secret after code inspection. In this work we present different solutions for problems of this sort, using different “declassification ” criteria, based on a primitive we call secure triggers. We establish the notion of secure triggers in the universallycomposable security framework of [Canetti 2001] and introduce several examples. Our examples demonstrate that a new sort of obfuscation is possible. Finally, we motivate its use with applications in realistic scenarios. 1
Moderately Hard Functions: From Complexity to Spam Fighting
"... Abstract. A key idea in cryptography is using hard functions in order to obtain secure schemes. The theory of hard functions (e.g. oneway functions) has been a great success story, and the community has developed a fairly strong understanding of what types of cryptographic primitives can be achieve ..."
Abstract
 Add to MetaCart
Abstract. A key idea in cryptography is using hard functions in order to obtain secure schemes. The theory of hard functions (e.g. oneway functions) has been a great success story, and the community has developed a fairly strong understanding of what types of cryptographic primitives can be achieved under which assumption. We explore the idea of using moderately hard functions in order to achieve many tasks for which a perfect solution is impossible, for instance, denialofservice. We survey some of the applications of such functions and in particular describe the properties moderately hard functions need for fighting unsolicited electronic mail. We suggest several research directions and (re)call for the development of a theory of such functions. 1
Payload Security in the Attack Scenario ∗
"... We describe dangerous and realistic attack techniques that help to deter detection and forensic analysis which are new or seldom discussed in the literature. ..."
Abstract
 Add to MetaCart
We describe dangerous and realistic attack techniques that help to deter detection and forensic analysis which are new or seldom discussed in the literature.
Fair Secure TwoParty Computation Extended Abstract
"... Abstract. We demonstrate a transformation of Yao’s protocol for secure twoparty computation to a fair protocol in which neither party gains any substantial advantage by terminating the protocol prematurely. The transformation adds additional steps before and after the execution of the original prot ..."
Abstract
 Add to MetaCart
Abstract. We demonstrate a transformation of Yao’s protocol for secure twoparty computation to a fair protocol in which neither party gains any substantial advantage by terminating the protocol prematurely. The transformation adds additional steps before and after the execution of the original protocol, but does not change it otherwise, and does not use a trusted third party. It is based on the use of gradual release timed commitments, which are a new variant of timed commitments, and on a novel use of blind signatures for verifying that the committed values are correct. 1
unknown title
"... Abstract. We introduce a new cryptographic problem called time capsule signature. Time capsule signature is a `future signature ' that becomes valid from a specific future time t, when a trusted third party (called Time Server) publishes some trapdoor information associated with the time t. In ..."
Abstract
 Add to MetaCart
Abstract. We introduce a new cryptographic problem called time capsule signature. Time capsule signature is a `future signature ' that becomes valid from a specific future time t, when a trusted third party (called Time Server) publishes some trapdoor information associated with the time t. In addition, time capsule signature should satisfy the following properties: (1) If the signer wants, she can make her time capsule signature effective before the predefined time t. (2) The recipient of `future signature ' can verify right away that the signature will become valid no later than at time t. (3) Time Server need not contact any user at any time, and in fact does not need to know anything about the PKI employed by the users. (4) Signatures completed by the signer before time t are indistinguishable from the ones completed using the Time Server at time t. We provide the rigorous definition of time capsule signature and the generic construction based on another new primitive of independent interest, which we call identitybased trapdoor hardtoinvert relation (IDTHIR). We also show an efficient construction of IDTHIRs (and, hence, time capsule signatures) in the random oracle model, and a less efficient construction in the standard model. If the time t is replaced by a specific event, the concept of time capsule signature can be generalized to event capsule signature. 1 Introduction 1.1 Time Capsule Signature In an ordinary signature scheme, the validity of a signature value is determinedat the point of signature generation and never changes (unless the signer's public key is revoked). Users cannot generate the socalled `future signature ' which isnot currently valid but becomes valid from a future time