Results 1 
8 of
8
A Sanctuary for Mobile Agents
, 1997
"... The Sanctuary project at UCSD is building a secure infrastructure for mobile agents, and examining ..."
Abstract

Cited by 136 (4 self)
 Add to MetaCart
(Show Context)
The Sanctuary project at UCSD is building a secure infrastructure for mobile agents, and examining
On the (In)security of the FiatShamir Paradigm
 In Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
, 2003
"... In 1986, Fiat and Shamir suggested a general method for transforming secure 3round publiccoin identification schemes into digital signature schemes. The significant contribution of this method is a means for designing efficient digital signatures, while hopefully achieving security against chosen ..."
Abstract

Cited by 55 (2 self)
 Add to MetaCart
In 1986, Fiat and Shamir suggested a general method for transforming secure 3round publiccoin identification schemes into digital signature schemes. The significant contribution of this method is a means for designing efficient digital signatures, while hopefully achieving security against chosen message attacks. All other known constructions which achieve such security are substantially more inefficient and complicated in design. In 1996...
Deniable Ring Authentication
 In Proceedings of Crypto 2002, volume 2442 of LNCS
, 2002
"... Abstract. Digital Signatures enable authenticating messages in a way that disallows repudiation. While nonrepudiation is essential in some applications, it might be undesirable in others. Two related notions of authentication are: Deniable Authentication (see Dwork, Naor and Sahai [25]) and Ring Si ..."
Abstract

Cited by 35 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Digital Signatures enable authenticating messages in a way that disallows repudiation. While nonrepudiation is essential in some applications, it might be undesirable in others. Two related notions of authentication are: Deniable Authentication (see Dwork, Naor and Sahai [25]) and Ring Signatures (see Rivest, Shamir and Tauman [38]). In this paper we show how to combine these notions and achieve Deniable Ring Authentication: it is possible to convince a verifier that a member of an ad hoc subset of participants (a ring) is authenticating a message m without revealing which one (source hiding), and the verifier V cannot convince a third party that message m was indeed authenticated – there is no ‘paper trail ’ of the conversation, other than what could be produced by V alone, as in zeroknowledge. We provide an efficient protocol for deniable ring authentication based on any strong encryption scheme. That is once an entity has published a publickey of such an encryption system, it can be drafted to any such ring. There is no need for any other cryptographic primitive. The scheme can be extended to yield threshold authentication (e.g. at least k members of the ring are approving the message) as well. 1
On the RandomOracle Methodology as Applied to LengthRestricted Signature Schemes
, 2003
"... In earlier work, we described a "pathological" example of a signature scheme that is secure in the Random Oracle Model, but for which no secure implementation exists. For that example, however, it was crucial that the scheme is able to sign "long messages" (i.e., messages whose ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
In earlier work, we described a "pathological" example of a signature scheme that is secure in the Random Oracle Model, but for which no secure implementation exists. For that example, however, it was crucial that the scheme is able to sign "long messages" (i.e., messages whose length is not apriori bounded). This left open the possibility that the Random Oracle Methodology is sound with respect to signature schemes that sign only "short" messages (i.e., messages of apriori bounded length, smaller than the length of the keys in use), and are "memoryless" (i.e., the only thing kept between dierent signature generations is the initial signingkey). In this work, we extend our negative result to address such signature schemes. A key ingredient in our proof is a new type of interactive proof systems, which may be of independent interest.
Probabilistically Checkable Proofs The Easy Way
"... We present a weaker variant of the PCP Theorem that admits a significantly easier proof. In this variant the prover only has n t time to compute each bit of his answer, for an arbitray but fixed constant t, in contrast to being all powerful. We show that 3SAT is accepted by a polynomialtime probabi ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
We present a weaker variant of the PCP Theorem that admits a significantly easier proof. In this variant the prover only has n t time to compute each bit of his answer, for an arbitray but fixed constant t, in contrast to being all powerful. We show that 3SAT is accepted by a polynomialtime probabilistic verifier that queries a constant number of bits from a polynomially long proof string. If a boolean formula of length n is satisfiable, then the verifier accepts with probability 1. If is not satis able, then the probability that a n t bounded prover can fool the verifier is at most 1/2. The main technical tools used in the proof are the "easy" part of the PCP Theorem in which the verifier reads a constant number of bits from an exponentially long proof string, and the construction of a pseudorandom generator from a oneway permutation.
unknown title
"... When running software applications and services, we rely on the underlying execution platform: the hardware and the lower levels of the software stack. The execution platform is susceptible to a wide range of threats, ranging from accidental bugs, faults, and leaks to maliciously induced Trojan hors ..."
Abstract
 Add to MetaCart
(Show Context)
When running software applications and services, we rely on the underlying execution platform: the hardware and the lower levels of the software stack. The execution platform is susceptible to a wide range of threats, ranging from accidental bugs, faults, and leaks to maliciously induced Trojan horses. The problem is aggravated by growing system complexity and by increasingly pertinent outsourcing and supply chain consideration. Traditional mechanisms, which painstakingly validate all system components, are expensive and limited in applicability. What if the platform assurance problem is just too hard? Do we have any hope of securely running software when we cannot trust the underlying hardware, hypervisor, kernel, libraries, and compilers? This article will discuss a potential approach for doing just so: conducting trustworthy computation on untrusted execution platforms. The approach, proofcarrying data (PCD), circumnavigates the threat of faults and leakage by reasoning solely about properties of a computation’s output data, regardless of the process that produced it. In PCD, the system designer prescribes the desired properties of the computation’s outputs. These properties are then enforced using cryptographic proofs attached to all data �owing through the system and veri�ed at the system perimeter as well as internal nodes. 40 FEATURE