Results 11  20
of
20
Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks
 In Advances in Cryptology–Crypto ’92
, 1992
"... Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the e ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the exact object ciphertext to be cryptanalyzed. The rst strengthening method is based on the use of oneway hash functions, the second on the use of universal hash functions and the third on the use of digital signature schemes. Each method is illustrated by an example ofapublickey cryptosystem based on the intractability ofcomputing discrete logarithms in nite elds. Two other issues, namely applications of the methods to public key cryptosystems based on other intractable problems and enhancement of information authentication capability to the cryptosystems, are also discussed. 1
XorTrees for Efficient Anonymous Multicast and Reception
 Advances in Cryptography  CRYPTO 97
, 1998
"... In this work we examine the problem of efficient anonymous broadcast and reception in general communication networks. We show an algorithm which achieves anonymous communication with O(1) amortized communication complexity on each link and low computational complexity. In contrast, all previous solu ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
In this work we examine the problem of efficient anonymous broadcast and reception in general communication networks. We show an algorithm which achieves anonymous communication with O(1) amortized communication complexity on each link and low computational complexity. In contrast, all previous solutions require polynomial (in the size of the network and security parameter) amortized communication complexity. An extended abstract of this paper appears in the Proc. of the 17th Annual IACR Crypto Conference, CRYPTO 1997. y Department of Mathematics and Computer Science, BenGurion University of the Negev, BeerSheva 84105, Israel. Email: dolev@cs.bgu.ac.il. Part of this work was done while this author visited Bellcore with the support of DIMACS. Partially supported by the Israeli ministry of science and arts grant #6756195. z Bell Communications Research, 445 South St., MCC 1C365B, Morristown, NJ 079606438, USA. Email: rafail@bellcore.com. 1 Introduction One of the primary ob...
PseudoRandom Functions and Factoring
 Proc. 32nd ACM Symp. on Theory of Computing
, 2000
"... The computational hardness of factoring integers is the most established assumption on which cryptographic primitives are based. This work presents an efficient construction of pseudorandom functions whose security is based on the intractability of factoring. In particular, we are able to constru ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
The computational hardness of factoring integers is the most established assumption on which cryptographic primitives are based. This work presents an efficient construction of pseudorandom functions whose security is based on the intractability of factoring. In particular, we are able to construct efficient lengthpreserving pseudorandom functions where each evaluation requires only a (small) constant number of modular multiplications per output bit. This is substantially more efficient than any previous construction of pseudorandom functions based on factoring, and matches (up to a constant factor) the efficiency of the best known factoringbased pseudorandom bit generators.
Improved public key cryptosystems secure against chosen ciphertext attacks
, 1994
"... This short note describes an improvement to the rst two of the three public key cryptosystems proposed by Zheng and Seberry, which are provably secure against chosen ciphertext attacks. The improvement removes a shortcoming with the original cryptosystems, which occurs when they are used for both co ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
This short note describes an improvement to the rst two of the three public key cryptosystems proposed by Zheng and Seberry, which are provably secure against chosen ciphertext attacks. The improvement removes a shortcoming with the original cryptosystems, which occurs when they are used for both con dentiality and sender authentication purposes. 1
Secure and Anonymous Electronic Commerce: Providing Legal Certainty in Open Digital Systems Without Compromising Anonymity
, 2000
"... The growing importance of conducting legal transactions over open digital systems creates new requirements for these systems. They have to be designed in such a way that the users remain anonymous to one another and their activities cannot be observed by uninvolved parties. At the same time, the sys ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
The growing importance of conducting legal transactions over open digital systems creates new requirements for these systems. They have to be designed in such a way that the users remain anonymous to one another and their activities cannot be observed by uninvolved parties. At the same time, the systems have to guarantee the necessary legal certainty for the transactions being carried out. It will be demonstrated (Section 1) that legal regulation alone is not sucient to ensure that these requirements are dependably met. For this reason, known technical methods and new proposals from the eld of information technology are presented as a complement to legal regulation. On the one hand, these proposals guarantee unobservability and anonymity when using the system (Section 2) and, on the other hand, they provide sucient legal certainty for the conduct of typical business processes over the open system without sacricing anonymity (Section 3). Due to their particular importance, two issues...
An Efficient PseudoRandom Generator with Applications to PublicKey Encryption and ConstantRound Multiparty Computation
, 2001
"... We present a pseudorandom bit generator expanding a uniformly random bitstring r of length k/2, where k is the security parameter, into a pseudorandom bitstring of length 2k  log 2 (k) using one modular exponentiation. In contrast to all previous high expansionrate pseudorandom bit genera ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We present a pseudorandom bit generator expanding a uniformly random bitstring r of length k/2, where k is the security parameter, into a pseudorandom bitstring of length 2k  log 2 (k) using one modular exponentiation. In contrast to all previous high expansionrate pseudorandom bit generators, no hashing is necessary. The security of the generator is proved relative to Paillier's composite degree residuosity assumption. As a first application of our pseudorandom bit generator we exploit its e#ciency to optimise Paillier's cryptosystem by a factor of (at least) 2 in both running time and usage of random bits. We then exploit the algebraic properties of the generator to construct an efficient protocol for secure constantround multiparty function evaluation in the cryptographic setting. This construction gives an improvement in communication complexity over previous protocols in the order of nk², where n is the number of participants and k is the security parameter, resulting in a communication complexity of O(nk² C) bits, where C is a Boolean circuit computing the function in question.
Survey of Computational Assumptions Used in Cryptography Broken or Not by Shor's Algorithm
, 2001
"... We survey the computational assumptions of various cryptographic schemes, and discuss the security threat posed by Shor's quantum algorithm. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We survey the computational assumptions of various cryptographic schemes, and discuss the security threat posed by Shor's quantum algorithm.
Protecting Individuals' Interests in Electronic Commerce Protocols
, 2000
"... Commerce transactions are being increasingly conducted in cyberspace. We not only browse through online catalogs of products, but also shop, bank, and hold auctions online. The general goal of this research is to answer questions such as: What electronic commerce protocols try to achieve? What th ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Commerce transactions are being increasingly conducted in cyberspace. We not only browse through online catalogs of products, but also shop, bank, and hold auctions online. The general goal of this research is to answer questions such as: What electronic commerce protocols try to achieve? What they must achieve? And how they achieve it? My thesis in this dissertation is that 1) In electronic commerce transactions where participants have different interests to preserve, protection of individual interests is a concern of the participants, and should be guaranteed by the protocols; and 2) A protocol should protect a participant's interests whenever the participant behaves according to the protocol and trusted parties behave as trusted. In this dissertation, we propose a formal definition of protection of individual interests and a framework in which protocols can be analyzed with respect to this property. Our definition is abstract and general, and can be instantiated to a wide range ...
Random Oracles are Practical: AParadigm for Designing Efficient Protocols
 in: First ACM Conference on Computer and Communications Security, ACM
, 1995
"... We argue that the random oracle model where all parties have access to a public random oracle provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for ..."
Abstract
 Add to MetaCart
We argue that the random oracle model where all parties have access to a public random oracle provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for the random oracle model, and then replacing oracle accesses by the computation of an "appropriately chosen" function h. This paradigm yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.We illustrate these gains for problems including encryption, signatures, and zeroknowledge proofs. Department of Computer Science & Engineering, Mail Code 0114, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA 92093. Email: mihir@cs.ucsd.edu y Department of Computer Science, University of California at Davis, Davis, CA 95616, USA. Email: rogaway@cs.davis.edu 1 1 Introduction Cryptographic theory has provided a po...
PseudoRandom Functions and Factoring
, 2001
"... Factoring integers is the most established problem on which cryptographic primitives are based. This work presents an e cient construction of pseudorandom functions whose security is based on the intractability of factoring. In particular, we are able to construct e cient lengthpreserving pseudorand ..."
Abstract
 Add to MetaCart
Factoring integers is the most established problem on which cryptographic primitives are based. This work presents an e cient construction of pseudorandom functions whose security is based on the intractability of factoring. In particular, we are able to construct e cient lengthpreserving pseudorandom functions where each evaluation requires only a constant number of modular multiplications per output bit. This is substantially more e cient than any previous construction of pseudorandom functions based on factoring, and matches (up to a constant factor) the e ciency of the best known factoringbased pseudorandom bit generators.