Results 1 
4 of
4
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1123 (24 self)
 Add to MetaCart
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Timed commitments (Extended Abstract)
 IN ADVANCES IN CRYPTOLOGY— CRYPTO ’00
, 2000
"... We introduce and construct timed commitment schemes, an extension to the standard notion of commitments in which a potential forced opening phase permits the receiver to recover (with effort) the committed value without the help of the committer. An important application of our timedcommitment sche ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
We introduce and construct timed commitment schemes, an extension to the standard notion of commitments in which a potential forced opening phase permits the receiver to recover (with effort) the committed value without the help of the committer. An important application of our timedcommitment scheme is contract signing: two mutually suspicious parties wish to exchange signatures on a contract. We show a twoparty protocol that allows them to exchange RSA or Rabin signatures. The protocol is strongly fair: if one party quits the protocol early, then the two parties must invest comparable amounts of time to retrieve the signatures. This statement holds even if one party has many more machines than the other. Other applications, including honesty preserving auctions and collective coinflipping, are discussed.
Time capsule signature
 In Financial Cryptography and Data Security 2005
, 2005
"... Abstract. We introduce a new cryptographic problem called time capsule signature. Time capsule signature is a ‘future signature ’ that becomes valid from a specific future time t, when a trusted third party (called Time Server) publishes some trapdoor information associated with the time t. In addit ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. We introduce a new cryptographic problem called time capsule signature. Time capsule signature is a ‘future signature ’ that becomes valid from a specific future time t, when a trusted third party (called Time Server) publishes some trapdoor information associated with the time t. In addition, time capsule signature should satisfy the following properties: (1) If the signer wants, she can make her time capsule signature effective before the predefined time t. (2) The recipient of ‘future signature ’ can verify right away that the signature will become valid no later than at time t. (3) Time Server need not contact any user at any time, and in fact does not need to know anything about the PKI employed by the users. (4) Signatures completed by the signer before time t are indistinguishable from the ones completed using the Time Server at time t. We provide the rigorous definition of time capsule signature and the generic construction based on another new primitive of independent interest, which we call identitybased trapdoor hardtoinvert relation (IDTHIR). We also show an efficient construction of IDTHIRs (and, hence, time capsule signatures) in the random oracle model, and a less efficient construction in the standard model. If the time t is replaced by a specific event, the concept of time capsule signature can be generalized to event capsule signature.
Foundations and applications for secure triggers
 In ACM Transactions of Information Systems Security
, 2006
"... Imagine there is certain content we want to maintain private until some particular event occurs, when we want to have it automatically disclosed. Suppose furthermore, that we want this done in a (possibly) malicious host. Say, the confidential content is a piece of code belonging to a computer progr ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Imagine there is certain content we want to maintain private until some particular event occurs, when we want to have it automatically disclosed. Suppose furthermore, that we want this done in a (possibly) malicious host. Say, the confidential content is a piece of code belonging to a computer program that should remain ciphered and then “be triggered ” (i.e., deciphered and executed) when the underlying system satisfies a preselected condition which must remain secret after code inspection. In this work we present different solutions for problems of this sort, using different “declassification ” criteria, based on a primitive we call secure triggers. We establish the notion of secure triggers in the universallycomposable security framework of [Canetti 2001] and introduce several examples. Our examples demonstrate that a new sort of obfuscation is possible. Finally, we motivate its use with applications in realistic scenarios. 1