Results 1 
5 of
5
Universal OneWay Hash Functions and their Cryptographic Applications
, 1989
"... We define a Universal OneWay Hash Function family, a new primitive which enables the compression of elements in the function domain. The main property of this primitive is that given an element x in the domain, it is computationally hard to find a different domain element which collides with x. We ..."
Abstract

Cited by 313 (13 self)
 Add to MetaCart
We define a Universal OneWay Hash Function family, a new primitive which enables the compression of elements in the function domain. The main property of this primitive is that given an element x in the domain, it is computationally hard to find a different domain element which collides with x. We prove constructively that universal oneway hash functions exist if any 11 oneway functions exist. Among the various applications of the primitive is a OneWay based Secure Digital Signature Scheme which is existentially secure against adoptive attacks. Previously, all provably secure signature schemes were based on the stronger mathematical assumption that trapdoor oneway functions exist. Key words. cryptography, randomized algorithms AMS subject classifications. 68M10, 68Q20, 68Q22, 68R05, 68R10 Part of this work was done while the authors were at the IBM Almaden Research Center. The first author was supported in part by NSF grant CCR88 13632. A preliminary version of this work app...
PayWord and MicroMint: two simple micropayment schemes
 CryptoBytes
, 1996
"... 1 Introduction We present two simple micropayment schemes, "PayWord " and "MicroMint, " for making small purchases over the Internet. We were inspired to work on this problem by DEC's "Millicent " scheme[10]. Surveys of some electronic payment schemes can be found in Ha ..."
Abstract

Cited by 220 (5 self)
 Add to MetaCart
1 Introduction We present two simple micropayment schemes, "PayWord " and "MicroMint, " for making small purchases over the Internet. We were inspired to work on this problem by DEC's "Millicent " scheme[10]. Surveys of some electronic payment schemes can be found in HallamBaker [6], Schneier[16], and Wayner[18]. Our main goal is to minimize the number of publickey operations required per payment, using hash operations instead whenever possible. As a rough guide, hash functions are about 100 times faster than RSA signature verification, and about 10,000 times faster than RSA signature generation: on a typical workstation, one can sign two messages per second, verify 200 signatures per second, and compute 20,000 hash function values per second.
The Security of Cipher Block Chaining
, 1994
"... The Cipher Block Chaining  Message Authentication Code (CBC MAC) specifies that a message x = x 1 \Delta \Delta \Delta xm be authenticated among parties who share a secret key a by tagging x with a prefix of f (m) a (x) def = f a (f a (\Delta \Delta \Delta f a (f a (x 1 )\Phix 2 )\Phi \Delta ..."
Abstract

Cited by 144 (26 self)
 Add to MetaCart
The Cipher Block Chaining  Message Authentication Code (CBC MAC) specifies that a message x = x 1 \Delta \Delta \Delta xm be authenticated among parties who share a secret key a by tagging x with a prefix of f (m) a (x) def = f a (f a (\Delta \Delta \Delta f a (f a (x 1 )\Phix 2 )\Phi \Delta \Delta \Delta \Phix m\Gamma1 )\Phix m ) ; where f is some underlying block cipher (eg. f = DES). This method is a pervasively used international and U.S. standard. We provide its first formal justification, showing the following general lemma: that cipher block chaining a pseudorandom function gives a pseudorandom function. Underlying our results is a technical lemma of independent interest, bounding the success probability of a computationally unbounded adversary in distinguishing between a random mlbit to lbit function and the CBC MAC of a random lbit to lbit function. Advanced Networking Laboratory, IBM T.J. Watson Research Center, PO Box 704, Yorktown Heights, NY 10598, USA. em...
An Efficient Scheme for Secure Message Transmission using ProxySigncryption
"... Previous proxy signature schemes enable a principal to have a trusted proxy agent sign messages on its behalf. We present a proxy signature scheme that combines the functionality of proxy signing and encryption. This proxysigncryption scheme is useful for applications that are based on unreliable ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Previous proxy signature schemes enable a principal to have a trusted proxy agent sign messages on its behalf. We present a proxy signature scheme that combines the functionality of proxy signing and encryption. This proxysigncryption scheme is useful for applications that are based on unreliable datagram style network communication model where messages are individually signed and not serially linked via a session key to provide authenticity and integrity. Use of a proxy agent to perform signature function is desirable for applications that are expected to support computing devices with low computational power and storage capacities. Integration of encryption functionality to provide secrecy at no additional cost to the proxy signature generation is an efficient means by which to support the class of applications targeted by this research work such as ecommerce using mobile computing and communication devices.
Protecting Individuals' Interests in Electronic Commerce Protocols
, 2000
"... Commerce transactions are being increasingly conducted in cyberspace. We not only browse through online catalogs of products, but also shop, bank, and hold auctions online. The general goal of this research is to answer questions such as: What electronic commerce protocols try to achieve? What th ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Commerce transactions are being increasingly conducted in cyberspace. We not only browse through online catalogs of products, but also shop, bank, and hold auctions online. The general goal of this research is to answer questions such as: What electronic commerce protocols try to achieve? What they must achieve? And how they achieve it? My thesis in this dissertation is that 1) In electronic commerce transactions where participants have different interests to preserve, protection of individual interests is a concern of the participants, and should be guaranteed by the protocols; and 2) A protocol should protect a participant's interests whenever the participant behaves according to the protocol and trusted parties behave as trusted. In this dissertation, we propose a formal definition of protection of individual interests and a framework in which protocols can be analyzed with respect to this property. Our definition is abstract and general, and can be instantiated to a wide range ...