unconditionally secure authentication codes without secrecy. This idea is most useful when the number of authenticators is exponentially small compared to the number of possible source states (plaintext messages). We formally de ne some new classes of hash functions and then prove some new bounds and give some general constructions for these classes of hash functions. Then we discuss the implications to authentication codes.

Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the exact object ciphertext to be cryptanalyzed. The rst strengthening method is based on the use of one-way hash functions, the second on the use of universal hash functions and the third on the use of digital signature schemes. Each method is illustrated by an example ofapublickey cryptosystem based on the intractability ofcomputing discrete logarithms in nite elds. Two other issues, namely applications of the methods to public key cryptosystems based on other intractable problems and enhancement of information authentication capability to the cryptosystems, are also discussed. 1

We describe a new application of algebraic coding theory to universal hashing and authentication without secrecy. This permits to make use of the hitherto sharpest weapon of coding theory, the construction of codes from algebraic curves. We show in particular how codes derived from Artin-Schreier curves, Hermitian curves and Suzuki curves yield classes of universal hash functions which are substantially better than those known before.

. This paper shows that ffl-almost strongly universal classes of hash functions can yield better explicit constructions of identification codes via channels (ID codes) and identification plus transmission codes (IT codes) than the previous explicit constructions of Verd'u and Wei. Keywords. identification code via channels, binary constant weight code, explicit construction, universal hash function. 1

The popularity of personal computing devices (e.g. smart cards) exposes users to risks, notably identity theft, and creates new requirements for secure communication. A recently proposed approach to creating secure communication is to use human trust and human interactions. These approaches potentially eliminate the need for passwords as in Bluetooth, shared secrets or trusted parties, which are often too complex and expensive to use in portable devices. In this new technology, handheld devices exchange data (e.g. payment, heart rates or public keys) over some medium (e.g. WiFi) and then display a short and non-secret digest of the protocol’s run that the devices ’ human owners manually compare to ensure they agree on the same data, i.e. human interactions are used to prevent fraud. In this thesis, we present several new protocols of this type which are designed to optimise the work required of humans to achieve a given level of security. We discover that the design of these protocols is influenced by several principles, including the ideas of commitment without knowledge and separation of security concerns, where random and cryptographic attacks should be tackled separately.

We introduce a method for constructing optimally universal hash families and equivalently RBIBDs. As a consequence of our construction we obtain minimal optimally universal hash families, if the cardinalities of the universe and the range are powers of the same prime. A corollary of this result is that the necessary condition for the existence of an RBIBD with parameters (v, k, λ), namely v mod k = λ(v − 1) mod (k − 1) = 0, is sufficient, if v and k are powers of the same prime. As an application of our construction, we show that the k-MAXCUT algorithm of Hofmeister and Lefmann [9] can be implemented such that it has a polynomial running time, in the case that the number of vertices and k are powers of the same prime.