Results 1 
5 of
5
A new paradigm for collisionfree hashing: incrementality at reduced cost
 In Eurocrypt97
, 1997
"... We present a simple, new paradigm for the design of collisionfree hash functions. Any function emanating from this paradigm is incremental. (This means that if a message x which Ihave previously hashed is modi ed to x 0 then rather than having to recompute the hash of x 0 from scratch, I can quick ..."
Abstract

Cited by 79 (2 self)
 Add to MetaCart
We present a simple, new paradigm for the design of collisionfree hash functions. Any function emanating from this paradigm is incremental. (This means that if a message x which Ihave previously hashed is modi ed to x 0 then rather than having to recompute the hash of x 0 from scratch, I can quickly \update " the old hash value to the new one, in time proportional to the amount of modi cation made in x to get x 0.) Also any function emanating from this paradigm is parallelizable, useful for hardware implementation. We derive several speci c functions from our paradigm. All use a standard hash function, assumed ideal, and some algebraic operations. The rst function, MuHASH, uses one modular multiplication per block of the message, making it reasonably e cient, and signi cantly faster than previous incremental hash functions. Its security is proven, based on the hardness of the discrete logarithm problem. A second function, AdHASH, is even faster, using additions instead of multiplications, with security proven given either that approximation of the length of shortest lattice vectors is hard or that the weighted subset sum problem is hard. A third function, LtHASH, is a practical variant of recent lattice based functions, with security proven
Homomorphic Signature Schemes
"... Privacy homomorphisms, encryption schemes that are also homomorphisms relative to some binary operation, have been studied for some time, but one may also consider the analogous problem of homomorphic signature schemes. In this paper we introduce basic definitions of security for homomorphic signa ..."
Abstract

Cited by 69 (2 self)
 Add to MetaCart
Privacy homomorphisms, encryption schemes that are also homomorphisms relative to some binary operation, have been studied for some time, but one may also consider the analogous problem of homomorphic signature schemes. In this paper we introduce basic definitions of security for homomorphic signature systems, motivate the inquiry with example applications, and describe several schemes that are homomorphic with respect to useful binary operations. In particular, we describe a scheme that allows a signature holder to construct the signature on an arbitrarily redacted submessage of the originally signed message. We present another scheme for signing sets that is homomorphic with respect to both union and taking subsets. Finally, we show that any signature scheme that is homomorphic with respect to integer addition must be insecure.
Synthesizers and Their Application to the Parallel Construction of PseudoRandom Functions
, 1995
"... A pseudorandom function is a fundamental cryptographic primitive that is essential for encryption, identification and authentication. We present a new cryptographic primitive called pseudorandom synthesizer and show how to use it in order to get a parallel construction of a pseudorandom function. ..."
Abstract

Cited by 41 (10 self)
 Add to MetaCart
A pseudorandom function is a fundamental cryptographic primitive that is essential for encryption, identification and authentication. We present a new cryptographic primitive called pseudorandom synthesizer and show how to use it in order to get a parallel construction of a pseudorandom function. We show several NC¹ implementations of synthesizers based on concrete intractability assumptions as factoring and the DiffieHellman assumption. This yields the first parallel pseudorandom functions (based on standard intractability assumptions) and the only alternative to the original construction of Goldreich, Goldwasser and Micali. In addition, we show parallel constructions of synthesizers based on other primitives such as weak pseudorandom functions or trapdoor oneway permutations. The security of all our constructions is similar to the security of the underlying assumptions. The connection with problems in Computational Learning Theory is discussed.
Constructing VILMACs from FILMACs: Message authentication under weakened assumptions
, 1999
"... ..."
Sanitizable signatures
 ESORICS: Proceedings of the 10th European Symposium on Research in Computer Security
, 2005
"... Abstract. We introduce the notion of sanitizable signatures that offer many attractive security features for certain current and emerging applications. A sanitizable signature allows authorized semitrusted censors to modify – in a limited and controlled fashion – parts of a signed message without i ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
Abstract. We introduce the notion of sanitizable signatures that offer many attractive security features for certain current and emerging applications. A sanitizable signature allows authorized semitrusted censors to modify – in a limited and controlled fashion – parts of a signed message without interacting with the original signer. We present constructions for this new primitive, based on standard signature schemes and secure under common cryptographic assumptions. We also provide experimental measurements for the implementation of a sanitizable signature scheme and demonstrate its practicality. 1