Results 1  10
of
31
Universal Hashing and Authentication Codes
, 1991
"... unconditionally secure authentication codes without secrecy. This idea is most useful when the number of authenticators is exponentially small compared to the number of possible source states (plaintext messages). We formally de ne some new classes of hash functions and then prove some new bounds a ..."
Abstract

Cited by 58 (1 self)
 Add to MetaCart
unconditionally secure authentication codes without secrecy. This idea is most useful when the number of authenticators is exponentially small compared to the number of possible source states (plaintext messages). We formally de ne some new classes of hash functions and then prove some new bounds and give some general constructions for these classes of hash functions. Then we discuss the implications to authentication codes.
Bucket Hashing and its Application to Fast Message Authentication
, 1995
"... We introduce a new technique for constructing a family of universal hash functions. ..."
Abstract

Cited by 51 (4 self)
 Add to MetaCart
We introduce a new technique for constructing a family of universal hash functions.
On diffusing updates in a byzantine environment
 In Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems
, 1999
"... We study how to efficiently diffuse updates to a large distributed system of data replicas, some of which may exhibit arbitrary (Byzantine) failures. We assume that strictly fewer than t replicas fail, and that each update is initially received by at least t correct replicas. The goal is to diffuse ..."
Abstract

Cited by 28 (5 self)
 Add to MetaCart
We study how to efficiently diffuse updates to a large distributed system of data replicas, some of which may exhibit arbitrary (Byzantine) failures. We assume that strictly fewer than t replicas fail, and that each update is initially received by at least t correct replicas. The goal is to diffuse each update to all correct replicas while ensuring that correct replicas accept no updates generated spuriously by faulty replicas. To achieve reliable diffusion, each correct replica accepts an update only after receiving it from at least t others. We provide the first analysis of epidemicstyle protocols for such environments. This analysis is fundamentally different from known analyses for the benign case due to our treatment of fully Byzantine failures—which, among other things, precludes the use of digital signatures for authenticating forwarded updates. We propose two epidemicstyle diffusion algorithms and two measures that characterize the efficiency of diffusion algorithms in general. We characterize both of our algorithms according to these measures, and also prove lower bounds with regards to these measures that show that our algorithms are close to optimal. 1
Applications of Combinatorial Designs to Communications, Cryptography, and Networking
, 1999
"... ... In this paper, we focus on another collection of recent applications in the general area of communications, including cryptography and networking. Applications have been chosen to represent those in which design theory plays a useful, and sometimes central, role. Moreover, applications have been ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
... In this paper, we focus on another collection of recent applications in the general area of communications, including cryptography and networking. Applications have been chosen to represent those in which design theory plays a useful, and sometimes central, role. Moreover, applications have been chosen to reflect in addition the genesis of new and interesting problems in design theory in order to treat the practical concerns. Of many candidates, thirteen applications areas have been included. They are as follows:
Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks
 In Advances in Cryptology–Crypto ’92
, 1992
"... Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the e ..."
Abstract

Cited by 25 (2 self)
 Add to MetaCart
Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the exact object ciphertext to be cryptanalyzed. The rst strengthening method is based on the use of oneway hash functions, the second on the use of universal hash functions and the third on the use of digital signature schemes. Each method is illustrated by an example ofapublickey cryptosystem based on the intractability ofcomputing discrete logarithms in nite elds. Two other issues, namely applications of the methods to public key cryptosystems based on other intractable problems and enhancement of information authentication capability to the cryptosystems, are also discussed. 1
New results on multireceiver authentication codes
 Advances in Cryptology  EUROCRYPT '98, LNCS
, 1998
"... Abstract. Multireceiver authentication is an extension of traditional pointtopoint message authentication in which a sender broadcasts a single authenticated message such that all the receivers can independently verify the authenticity of the message, and malicious groups of up to a given size o ..."
Abstract

Cited by 23 (0 self)
 Add to MetaCart
Abstract. Multireceiver authentication is an extension of traditional pointtopoint message authentication in which a sender broadcasts a single authenticated message such that all the receivers can independently verify the authenticity of the message, and malicious groups of up to a given size of receivers can not successfully impersonate the transmitter, or substitute a transmitted message. This paper presents some new results on unconditionally secure multireceiver authentication codes. First we generalize a polynomial construction due to Desmedt, Frankel and Yung, to allow multiple messages be authenticated with each key. Second, we propose a new flexible construction for multireceiver Acode by combining an Acode and an (n, m, k)coverfree family. Finally, we introduce the model of multireceiver Acode with dynamic sender and present an efficient construction for that. Keywords: Authentication code, Multireceiver authentication code. 1
Diffusion without False Rumors: On Propagating Updates in a Byzantine Environment
 Theoretical Computer Science
, 2003
"... We study how to efficiently diffuse updates to a large distributed system of data replicas, some of which may exhibit arbitrary (Byzantine) failures. We assume that strictly fewer than t replicas fail, and that each update is initially received by at least t correct replicas. The goal is to diffus ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
We study how to efficiently diffuse updates to a large distributed system of data replicas, some of which may exhibit arbitrary (Byzantine) failures. We assume that strictly fewer than t replicas fail, and that each update is initially received by at least t correct replicas. The goal is to diffuse each update to all correct replicas while ensuring that correct replicas accept no updates generated spuriously by faulty replicas. To achieve this, each correct replica further propagates an update only after receiving it from at least t others. In this way, no correct replica will ever propagate or accept an update that only faulty replicas introduce, since it will receive that update from only the t 1 faulty replicas.
Applications of designs to cryptography. The
 CRC Handbook of Combinatorial Designs, CRC Press, Boca Raton, FL
, 1996
"... ..."
Codes for Interactive Authentication

, 1998
"... An authentication protocol is a procedure by which an informant tries to convey n bits of information, which we call an input message, to a recipient. An intruder, I, controls the network over which the informant and the recipient talk and may change any message before it reaches its destination ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
An authentication protocol is a procedure by which an informant tries to convey n bits of information, which we call an input message, to a recipient. An intruder, I, controls the network over which the informant and the recipient talk and may change any message before it reaches its destination. a If the protocol ha security p, then the the recipient must detect this a cheating with probability at leat I  p. This paper
Reliable Communication over Partially Authenticated Networks
 Theoretical Computer Science
, 1998
"... Reliable communication between parties in a network is a basic requirement for executing any protocol. In this work, we consider the effect on reliable communication when some pairs of parties have common authentication keys. The pairs sharing keys define a natural "authentication graph", ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Reliable communication between parties in a network is a basic requirement for executing any protocol. In this work, we consider the effect on reliable communication when some pairs of parties have common authentication keys. The pairs sharing keys define a natural "authentication graph", which may be quite different from the "communication graph" of the network. We characterize when reliable communication is possible in terms of these two graphs, focusing on the very strong setting of a Byzantine adversary with unlimited computational resources. Key Words: Reliable Communication, Private Communication, Authentication Keys, Graph Connectivity, Byzantine Failures. 1 Introduction Suppose that some processors are connected by a network of reliable channels. All of the processors cooperate to execute some protocol, but some of them are maliciously faulty. Dolev [4] and Dolev et al. [5] proved that if there are t faulty processors, then every pair of processors can communicate reliably if...