Results 1  10
of
24
Software performance of universal hash functions
 In Advances in Cryptology — EUROCRYPT ’99
, 1999
"... Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying approaches is achieved by defining constructions that offer a comparable security level. It is also demonstrated how the security of these constructions compares favorably to existing MAC algorithms, the security of which is less understood. 1
kwise Independent Sample Spaces and Their Cryptologic Applications
, 1997
"... . An almost kwise independent sample space is a small subset of m bit sequences in which any k bits are "almost independent". We show that this idea has close relationships with useful cryptologic notions such as multiple authentication codes (multiple Acodes), almost strongly universal hash famil ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
. An almost kwise independent sample space is a small subset of m bit sequences in which any k bits are "almost independent". We show that this idea has close relationships with useful cryptologic notions such as multiple authentication codes (multiple Acodes), almost strongly universal hash families and almost kresilient functions. We use almost kwise independent sample spaces to construct new efficient multiple Acodes such that the number of key bits grows linearly as a function of k (here k is the number of messages to be authenticated with a single key). This improves on the construction of Atici and Stinson [2], in which the number of key bits is\Omega (k 2 ). We also introduce the concept of fflalmost kresilient functions and give a construction that has parameters superior to kresilient functions. Finally, new bounds (necessary conditions) are derived for almost kwise independent sample spaces, multiple Acodes and balanced fflalmost k resilient functions. 1 Intro...
Square Hash: Fast Message Authentication via Optimized Universal Hash Functions
 In Proc. CRYPTO 99, Lecture Notes in Computer Science
, 1999
"... This paper introduces two new ideas in the construction of fast universal hash functions geared towards the task of message authentication. ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
This paper introduces two new ideas in the construction of fast universal hash functions geared towards the task of message authentication.
Universal hashing and multiple authentication
 In Proc. CRYPTO 96, Lecture Notes in Computer Science
, 1996
"... at,iciOcse.unl.edu ..."
Authentication protocols based on lowbandwidth unspoofable channels: a comparative survey
, 2009
"... unspoofable channels: a comparative survey ..."
Reliable Communication over Partially Authenticated Networks
 Theoretical Computer Science
, 1998
"... Reliable communication between parties in a network is a basic requirement for executing any protocol. In this work, we consider the effect on reliable communication when some pairs of parties have common authentication keys. The pairs sharing keys define a natural "authentication graph", which may ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Reliable communication between parties in a network is a basic requirement for executing any protocol. In this work, we consider the effect on reliable communication when some pairs of parties have common authentication keys. The pairs sharing keys define a natural "authentication graph", which may be quite different from the "communication graph" of the network. We characterize when reliable communication is possible in terms of these two graphs, focusing on the very strong setting of a Byzantine adversary with unlimited computational resources. Key Words: Reliable Communication, Private Communication, Authentication Keys, Graph Connectivity, Byzantine Failures. 1 Introduction Suppose that some processors are connected by a network of reliable channels. All of the processors cooperate to execute some protocol, but some of them are maliciously faulty. Dolev [4] and Dolev et al. [5] proved that if there are t faulty processors, then every pair of processors can communicate reliably if...
Error correction in the bounded storage model
 In 2nd Theory of Cryptography Conference — TCC 2005, volume 3378 of LNCS
, 2005
"... Abstract. We initiate a study of Maurer’s bounded storage model (JoC, 1992) in presence of transmission errors and perhaps other types of errors that cause different parties to have inconsistent views of the public random source. Such errors seem inevitable in any implementation of the model. All pr ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Abstract. We initiate a study of Maurer’s bounded storage model (JoC, 1992) in presence of transmission errors and perhaps other types of errors that cause different parties to have inconsistent views of the public random source. Such errors seem inevitable in any implementation of the model. All previous schemes and protocols in the model assume a perfectly consistent view of the public source from all parties, and do not function correctly in presence of errors, while the privatekey encryption scheme of Aumann, Ding and Rabin (IEEE IT, 2002) can be extended to tolerate only a O(1 / log (1/ε)) fraction of errors, where ε is an upper bound on the advantage of an adversary. In this paper, we provide a general paradigm for constructing secure and errorresilient privatekey cryptosystems in the bounded storage model that tolerate a constant fraction of errors, and attain the near optimal parameters achieved by Vadhan’s construction (JoC, 2004) in the errorless case. In particular, we show that any local fuzzy extractor yields a secure and errorresilient cryptosystem in the model, in analogy to the result of Lu (JoC, 2004) that any local strong extractor yields a secure cryptosystem in the errorless case, and construct efficient local fuzzy extractors by extending Vadhan’s samplethenextract paradigm. The main ingredients of our constructions are averaging samplers (Bellare and Rompel, FOCS ’94), randomness extractors (Nisan and Zuckerman, JCSS, 1996), error correcting codes, and fuzzy extractors (Dodis, Reyzin and Smith, EUROCRYPT ’04). 1
Hb#: Increasing the security and efficiency of hb
 of LNCS
"... Abstract. The innovative HB + protocol of Juels and Weis [10] extends device authentication to lowcost RFID tags. However, despite the very simple ontag computation there remain some practical problems with HB + and despite an elegant proof of security against some limited active attacks, there is ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Abstract. The innovative HB + protocol of Juels and Weis [10] extends device authentication to lowcost RFID tags. However, despite the very simple ontag computation there remain some practical problems with HB + and despite an elegant proof of security against some limited active attacks, there is a simple maninthemiddle attack due to Gilbert et al. [8]. In this paper we consider improvements to HB + in terms of both security and practicality. We introduce a new protocol that we denote randomHB #. This proposal avoids many practical drawbacks of HB +, remains provably resistant to attacks in the model of Juels and Weis, and at the same time is provably resistant to a broader class of active attacks that includes the attack of [8]. We then describe an enhanced variant called HB # which offers practical advantages over HB +. Key words: HB +, RFID tags, authentication, LPN, Toeplitz matrix. 1
Efficient reliable communication over partially authenticated networks
 In Proceedings of the 22nd Symposium on Principles of Distributed Computing — PODC ’03
, 2003
"... Reliable communication between parties in a network is a basic requirement for executing any protocol. Dolev [4] and Dolev et al. [5] showed that reliable communication is possible if and only if the communication network is sufficiently connected. Beimel and Franklin [1] showed that the connectivit ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Reliable communication between parties in a network is a basic requirement for executing any protocol. Dolev [4] and Dolev et al. [5] showed that reliable communication is possible if and only if the communication network is sufficiently connected. Beimel and Franklin [1] showed that the connectivity requirement can be relaxed if some pairs of parties share authentication keys. That is, costly communication links can be replaced by authentication keys. In this work, we continue this line of research. We consider the scenario where there is a specific sender and a specific receiver. In this case, the protocol of [1] has rounds even if there is a single Byzantine processor. We present a more efficient protocol with round complexity of, where is the number of processors in the network and is an upper bound on the number of Byzantine processors in the network. Specifically, our protocol is polynomial when the number of Byzantine processors is, and for every its round complexity is bounded by. The same improvements hold for reliable and private communication. The improved protocol is obtained by analyzing the properties of a “communication and authentication graph ” that characterizes reliable communication. 1.