Results 1 
8 of
8
Universal Hashing and Authentication Codes
, 1991
"... unconditionally secure authentication codes without secrecy. This idea is most useful when the number of authenticators is exponentially small compared to the number of possible source states (plaintext messages). We formally de ne some new classes of hash functions and then prove some new bounds a ..."
Abstract

Cited by 59 (1 self)
 Add to MetaCart
unconditionally secure authentication codes without secrecy. This idea is most useful when the number of authenticators is exponentially small compared to the number of possible source states (plaintext messages). We formally de ne some new classes of hash functions and then prove some new bounds and give some general constructions for these classes of hash functions. Then we discuss the implications to authentication codes.
Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks
 In Advances in Cryptology–Crypto ’92
, 1992
"... Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the e ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the exact object ciphertext to be cryptanalyzed. The rst strengthening method is based on the use of oneway hash functions, the second on the use of universal hash functions and the third on the use of digital signature schemes. Each method is illustrated by an example ofapublickey cryptosystem based on the intractability ofcomputing discrete logarithms in nite elds. Two other issues, namely applications of the methods to public key cryptosystems based on other intractable problems and enhancement of information authentication capability to the cryptosystems, are also discussed. 1
Universal Hashing and Geometric Codes
 DESIGNS, CODES AND CRYPTOGRAPHY
, 1997
"... We describe a new application of algebraic coding theory to universal hashing and authentication without secrecy. This permits to make use of the hitherto sharpest weapon of coding theory, the construction of codes from algebraic curves. We show in particular how codes derived from ArtinSchreier cu ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
We describe a new application of algebraic coding theory to universal hashing and authentication without secrecy. This permits to make use of the hitherto sharpest weapon of coding theory, the construction of codes from algebraic curves. We show in particular how codes derived from ArtinSchreier curves, Hermitian curves and Suzuki curves yield classes of universal hash functions which are substantially better than those known before.
Strongly Universal Hashing and Identification Codes Via Channels
 IEEE Trans. Information Theory
, 1999
"... . This paper shows that fflalmost strongly universal classes of hash functions can yield better explicit constructions of identification codes via channels (ID codes) and identification plus transmission codes (IT codes) than the previous explicit constructions of Verd'u and Wei. Keywords. identif ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
. This paper shows that fflalmost strongly universal classes of hash functions can yield better explicit constructions of identification codes via channels (ID codes) and identification plus transmission codes (IT codes) than the previous explicit constructions of Verd'u and Wei. Keywords. identification code via channels, binary constant weight code, explicit construction, universal hash function. 1
Authentication protocols in pervasive computing
"... The popularity of personal computing devices (e.g. smart cards) exposes users to risks, notably identity theft, and creates new requirements for secure communication. A recently proposed approach to creating secure communication is to use human trust and human interactions. These approaches potentia ..."
Abstract
 Add to MetaCart
The popularity of personal computing devices (e.g. smart cards) exposes users to risks, notably identity theft, and creates new requirements for secure communication. A recently proposed approach to creating secure communication is to use human trust and human interactions. These approaches potentially eliminate the need for passwords as in Bluetooth, shared secrets or trusted parties, which are often too complex and expensive to use in portable devices. In this new technology, handheld devices exchange data (e.g. payment, heart rates or public keys) over some medium (e.g. WiFi) and then display a short and nonsecret digest of the protocol’s run that the devices ’ human owners manually compare to ensure they agree on the same data, i.e. human interactions are used to prevent fraud. In this thesis, we present several new protocols of this type which are designed to optimise the work required of humans to achieve a given level of security. We discover that the design of these protocols is influenced by several principles, including the ideas of commitment without knowledge and separation of security concerns, where random and cryptographic attacks should be tackled separately.
A Construction Method for Optimally Universal Hash Families and its Consequences for the Existence of RBIBDs (Extended Abstract)
"... We introduce a method for constructing optimally universal hash families and equivalently RBIBDs. As a consequence of our construction we obtain minimal optimally universal hash families, if the cardinalities of the universe and the range are powers of the same prime. A corollary of this result is t ..."
Abstract
 Add to MetaCart
We introduce a method for constructing optimally universal hash families and equivalently RBIBDs. As a consequence of our construction we obtain minimal optimally universal hash families, if the cardinalities of the universe and the range are powers of the same prime. A corollary of this result is that the necessary condition for the existence of an RBIBD with parameters (v, k, λ), namely v mod k = λ(v − 1) mod (k − 1) = 0, is sufficient, if v and k are powers of the same prime. As an application of our construction, we show that the kMAXCUT algorithm of Hofmeister and Lefmann [9] can be implemented such that it has a polynomial running time, in the case that the number of vertices and k are powers of the same prime.
Direct Proof of Security of WegmanCarter Authentication with Partially Known Key
"... Abstract. Informationtheoretically secure (ITS) authentication is needed in Quantum Key Distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman&Carter, in the case of partially known authentication key. This scheme uses a new authentication key in eac ..."
Abstract
 Add to MetaCart
Abstract. Informationtheoretically secure (ITS) authentication is needed in Quantum Key Distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman&Carter, in the case of partially known authentication key. This scheme uses a new authentication key in each authentication attempt, to select a hash function from an Almost Strongly Universal2 hash function family. The partial knowledge of the attacker is measured as the trace distance between the authentication key distribution and the uniform distribution; this is the usual measure in QKD. We provide direct proofs of security of the scheme, when using partially known key, first in the informationtheoretic setting and then in terms of witness indistinguishability as used in the Universal Composability (UC) framework. We find that if the authentication procedure has a failure probability ε and the authentication key has an ε ′ trace distance to the uniform, then under ITS, the adversary’s success probability conditioned on an authentic messagetag pair is only bounded by ε + T ε ′ , where T  is the size of the set of tags. Furthermore, the trace distance between the authentication key distribution and the uniform increases to T ε ′ after having seen an authentic messagetag pair. Despite this, we are able to prove directly that the authenticated channel is indistinguishable from an (ideal) authentic channel (the desired functionality), except with probability less than ε + ε ′. This proves that the scheme is (ε + ε ′)UCsecure, without using the composability theorem.
The Improvement of the Bound on Hash Family
, 806
"... In this paper, we study the bound on three kinds of hash family using the Singleton bound. To ε − U(N; n, m) hash family, in the caes of n> m 2> 1 and 1 ≥ ε ≥ ε1(n, m), we get that the new bound is better. To ε − △U(N; n, m) hash family, in the case of n> m> 1 and 1 ≥ ε ≥ ε3(n, m), the new bound is ..."
Abstract
 Add to MetaCart
In this paper, we study the bound on three kinds of hash family using the Singleton bound. To ε − U(N; n, m) hash family, in the caes of n> m 2> 1 and 1 ≥ ε ≥ ε1(n, m), we get that the new bound is better. To ε − △U(N; n, m) hash family, in the case of n> m> 1 and 1 ≥ ε ≥ ε3(n, m), the new bound is better. To ε − SU(N; n, m) hash family, in the case of n> 2 m> 2 and 1 ≥ ε ≥ ε4(n, m), we get that the new bound is better.