Results 1 
4 of
4
The Free Haven Project: Distributed Anonymous Storage Service
 In Proceedings of the Workshop on Design Issues in Anonymity and Unobservability
, 2000
"... We present a design for a system of anonymous storage which resists the attempts of powerful adversaries to find or destroy any stored data. We enumerate distinct notions of anonymity for each party in the system, and suggest a way to classify anonymous systems based on the kinds of anonymity provid ..."
Abstract

Cited by 204 (7 self)
 Add to MetaCart
We present a design for a system of anonymous storage which resists the attempts of powerful adversaries to find or destroy any stored data. We enumerate distinct notions of anonymity for each party in the system, and suggest a way to classify anonymous systems based on the kinds of anonymity provided. Our design ensures the availability of each document for a publisherspecified lifetime. A reputation system provides server accountability by limiting the damage caused from misbehaving servers. We identify attacks and defenses against anonymous storage services, and close with a list of problems which are currently unsolved.
Efficient Group Signatures without Trapdoors
, 2002
"... Group signature schemes are fundamental cryptographic tools that enable unlinkably anonymous authentication, in the same fashion that digital signatures provide the basis for strong authentication protocols. In this paper we present the first group signature scheme with constantsize parameters that ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
Group signature schemes are fundamental cryptographic tools that enable unlinkably anonymous authentication, in the same fashion that digital signatures provide the basis for strong authentication protocols. In this paper we present the first group signature scheme with constantsize parameters that does not employ any trapdoor function. This novel type of group signature scheme allows public parameters to be shared among organizations. Such sharing represents a highly desirable simpli cation over existing schemes, which require each organization to maintain a separate cryptographic domain.
Efficient Convertible Undeniable Signature Schemes
, 1997
"... Undeniable signatures are digital signatures which are not universally verifiable but can only be checked with the signer's help. However, the signer cannot deny the validity of a correct signature. An extended concept, convertible undeniable signatures, allows the signer to convert single undeniabl ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
Undeniable signatures are digital signatures which are not universally verifiable but can only be checked with the signer's help. However, the signer cannot deny the validity of a correct signature. An extended concept, convertible undeniable signatures, allows the signer to convert single undeniable signatures or even the whole scheme into universally verifiable signatures or into an ordinary digital signature scheme, respectively. In this paper we propose a new convertible undeniable signature scheme and provide proofs for all relevant security properties. The scheme is based on Schnorr's signature scheme and it is efficient. Unlike previous efficient solutions, this new scheme can be used as a basis for an efficient...
Fast MonteCarlo Primality Evidence Shown in the Dark
, 2000
"... We construct an efficient proof of knowledge protocol for the demonstration of MonteCarlo evidence that a number n is the product of twooddprimes of roughly equal size without the prime factors being disclosed. The cost for a proof amounts to 12k log 2 n multiplications of integers of size of n ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We construct an efficient proof of knowledge protocol for the demonstration of MonteCarlo evidence that a number n is the product of twooddprimes of roughly equal size without the prime factors being disclosed. The cost for a proof amounts to 12k log 2 n multiplications of integers of size of n where k is a security parameter which controls the error probability of the proof under 2 ;k . With the same security parameter this error probability improves from the previous result of e ;k=74 for n in the general case of the twoprimeproduct structure. Wealsoprove the securityofour protocol with respect to a decisionDiffieHellman problem. Key Words MonteCarlo primality test, Zeroknowledge protocols. 1 Introduction In publickey cryptography, the private component of an individual user's cryptographic key should be known only to the user. On the other hand, the user's public key should be certified by a known authority for authentication. The authority may naturally demand that...