Results 11  20
of
69
PracticeOriented ProvableSecurity
 in First International Workshop on Information Security(ISW97
, 1997
"... This article is intended to provide some background and tell you about the bigger picture. the plaintext M to create a ciphertext C, which is transmitted to the receiver. The latter applies ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
This article is intended to provide some background and tell you about the bigger picture. the plaintext M to create a ciphertext C, which is transmitted to the receiver. The latter applies
Randomness extraction and key derivation using the cbc, cascade and hmac modes
 In Franklin [14
"... Abstract. We study the suitability of common pseudorandomness modes associated with cryptographic hash functions and block ciphers (CBCMAC, Cascade and HMAC) for the task of “randomness extraction”, namely, the derivation of keying material from semisecret and/or semirandom sources. Important appl ..."
Abstract

Cited by 34 (5 self)
 Add to MetaCart
Abstract. We study the suitability of common pseudorandomness modes associated with cryptographic hash functions and block ciphers (CBCMAC, Cascade and HMAC) for the task of “randomness extraction”, namely, the derivation of keying material from semisecret and/or semirandom sources. Important applications for such extractors include the derivation of strong cryptographic keys from nonuniform sources of randomness (for example, to extract a seed for a pseudorandom generator from a weak source of physical or digital noise), and the derivation of pseudorandom keys from a DiffieHellman value. Extractors are closely related in their applications to pseudorandom functions and thus it is attractive to (re)use the common pseudorandom modes as randomness extractors. Yet, the crucial difference between pseudorandom generation and randomness extraction is that the former uses random secret keys while the latter uses random but known keys. We show that under a variety of assumptions on the underlying primitives (block ciphers and compression functions), ranging from ideal randomness assumptions to realistic universalhashing properties, these modes induce good extractors. Hence, these schemes represent a more practical alternative to combinatorial extractors (that are seldom used in practice), and a betteranalyzed alternative to the common practice of using SHA1 or MD5 (as a single unkeyed function) for randomness extraction. In particular, our results serve to validate the method of key extraction and key derivation from DiffieHellman values used in the IKE (IPsec’s Key Exchange) protocol.
FloatingPoint Arithmetic And Message Authentication
, 2000
"... There is a wellknown class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed  much more quickly than previous systems at the same securi ..."
Abstract

Cited by 28 (8 self)
 Add to MetaCart
There is a wellknown class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed  much more quickly than previous systems at the same security level  using IEEE floatingpoint arithmetic. This paper also presents a survey of the literature in a unified mathematical framework.
Sampling and Filtering Techniques for IP Packet Selection", RFC 5475
, 2009
"... This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards " (STD 1) for the standardization state and status of this protocol. Dis ..."
Abstract

Cited by 27 (4 self)
 Add to MetaCart
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards " (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the
Constructing VILMACs from FILMACs: Message authentication under weakened assumptions
, 1999
"... ..."
The Foundations of Modern Cryptography
, 1998
"... In our opinion, the Foundations of Cryptography are the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. In this essay, we survey some of these paradigms, approaches and techniques as well as some of the fundamental result ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
In our opinion, the Foundations of Cryptography are the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. In this essay, we survey some of these paradigms, approaches and techniques as well as some of the fundamental results obtained using them. Special effort is made in attempt to dissolve common misconceptions regarding these paradigms and results. c flCopyright 1998 by Oded Goldreich. Permission to make copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that new copies bear this notice and the full citation on the first page. Abstracting with credit is permitted. A preliminary version of this essay has appeared in the proceedings of Crypto97 (Springer's Lecture Notes in Computer Science, Vol. 1294). 0 Contents 1 Introduction 2 I Basic Tools 6 2 Central Paradigms 6 2.1 Computati...
LubyRackoff backwards: Increasing security by making block ciphers noninvertible
 ADVANCES IN CRYPTOLOGYEUROCRYPT '98 PROCEEDINGS
, 1998
"... We argue that the invertibility of a block cipher can reduce the security of schemes that use it, and a better starting point for scheme design is the noninvertible analog of a block cipher, that is, a pseudorandom function (PRF). Since a block cipher may be viewed as a pseudorandom permutation, ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
We argue that the invertibility of a block cipher can reduce the security of schemes that use it, and a better starting point for scheme design is the noninvertible analog of a block cipher, that is, a pseudorandom function (PRF). Since a block cipher may be viewed as a pseudorandom permutation, we are led to investigate the reverse of the problem studied by Luby and Rackoff, and ask: "how can one transform a PRP into a PRF in as securitypreserving a way as possible?" The solution we propose is datadependent rekeying. As an illustrative special case, let E:f0; 1g nf0;1g n!f0;1g n be the block cipher. Then we can construct the PRF F from the PRP E by setting F (k; x) =E(E(k; x);x). We generalize this to allow for arbitrary block and key lengths, and to improve e ciency. We prove strong quantitative bounds on the value of datadependent rekeying in the Shannon model of an ideal cipher, and take some initial steps towards an analysis in the standard model.
How to Stretch Random Functions: The Security of Protected Counter Sums
 Journal of Cryptology
, 1999
"... . Let f be an unpredictable random function taking (b + c)bit inputs to bbit outputs. This paper presents an unpredictable random function f 0 taking variablelength inputs to bbit outputs. This construction has several advantages over chaining, which was proven unpredictable by Bellare, Ki ..."
Abstract

Cited by 19 (7 self)
 Add to MetaCart
. Let f be an unpredictable random function taking (b + c)bit inputs to bbit outputs. This paper presents an unpredictable random function f 0 taking variablelength inputs to bbit outputs. This construction has several advantages over chaining, which was proven unpredictable by Bellare, Kilian, and Rogaway, and cascading, which was proven unpredictable by Bellare, Canetti, and Krawczyk. The highlight here is a very simple proof of security. 1.
Building PRFs from PRPs
 Advances in Cryptology—CRYPTO ’98, LNCS 1462
, 1998
"... . We evaluate constructions for building pseudorandom functions (PRFs) from pseudorandom permutations (PRPs). We present two constructions: a slower construction which preserves the security of the PRP and a faster construction which has less security. One application of our construction is to ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
. We evaluate constructions for building pseudorandom functions (PRFs) from pseudorandom permutations (PRPs). We present two constructions: a slower construction which preserves the security of the PRP and a faster construction which has less security. One application of our construction is to build a wider block cipher given a block cipher as a building tool. We do not require any additional constructionse.g. pseudorandom generatorsto create the wider block cipher. The security of the resulting cipher will be as strong as the original block cipher. Keywords. pseudorandom permutations, pseudorandom functions, concrete security, block ciphers, cipher feedback mode. 1 Introduction and Background In this paper we examine building psuedorandom functions from pseudorandom permutations. There are several well known constructions for building pseudorandom permutations from pseudorandom functions, notably [LR88]. However, the only results we are aware of for going in t...
Lecture Notes on Cryptography
, 2001
"... This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MI ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MIT with notes written for Mihir Bellare’s Cryptography and network security course at UCSD. In addition, Rosario Gennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5, and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E. Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduate students who attended Professor Goldwasser’s Cryptography and Cryptanalysis course over the years, and later edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science. Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his Cryptography and network security course at UCSD.