Results 11  20
of
91
Adaptive Security for Multilayer Adhoc Networks
 SPECIAL ISSUE OF WIRELESS COMMUNICATIONS AND MOBILE COMPUTING
, 2002
"... Secure communication is critical in military environments where the network infrastructure is vulnerable to various attacks and compromises. A conventional centralized solution breaks down when the security servers are destroyed by the enemies. In this paper we design and evaluate a security framewo ..."
Abstract

Cited by 43 (3 self)
 Add to MetaCart
Secure communication is critical in military environments where the network infrastructure is vulnerable to various attacks and compromises. A conventional centralized solution breaks down when the security servers are destroyed by the enemies. In this paper we design and evaluate a security framework for multilayer adhoc wireless networks with unmanned aerial vehicles (UAVs). In battlefields, the framework adapts to the contingent damages on the network infrastructure. Depending
A New and Efficient AllOrNothing Disclosure of Secrets Protocol
, 1998
"... Twoparty protocols have been considered for a long time. ..."
Abstract

Cited by 41 (1 self)
 Add to MetaCart
Twoparty protocols have been considered for a long time.
A Group Signature Scheme Based on an RSAVariant
, 1998
"... The concept of group signatures allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signature's originator can be revealed by a designated entity. In this paper we propose a new group signature scheme that is well suited for ..."
Abstract

Cited by 39 (3 self)
 Add to MetaCart
The concept of group signatures allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signature's originator can be revealed by a designated entity. In this paper we propose a new group signature scheme that is well suited for large groups, i.e., the length of the group's public key and of signatures do not depend on the size of the group. Our scheme is based on a variation of the RSA problem called strong RSA assumption. It is also more efficient than previous ones satisfying these requirements.
Experimenting with Shared Generation of RSA keys
, 1999
"... We describe an implementation of a distributed algorithm to generate a shared RSA key. At the end of the computation, an RSA modulus N = pq is publicly known. All servers involved in the computation are convinced that N is a product of two large primes, however none of them know the factorization of ..."
Abstract

Cited by 37 (0 self)
 Add to MetaCart
We describe an implementation of a distributed algorithm to generate a shared RSA key. At the end of the computation, an RSA modulus N = pq is publicly known. All servers involved in the computation are convinced that N is a product of two large primes, however none of them know the factorization of N . In addition, a public encryption exponentispublicly known and each server holds a share of the private exponent. Such a sharing of an RSA key has many applications and can be used to secure sensitive private keys. Previously, the only known method to generate a shared RSA key was through a trusted dealer. Our implementation demonstrates the e#ectiveness of shared RSA key generation, eliminating the need for a trusted dealer. 1 Introduction To protect an RSA private key, one may break it into a number of pieces #shares# and store each piece at a separate location. Sensitive private keys, such as Certi#cation Authority #CA# keys, can be protected in this way. Fortunately, for the RSA cr...
Threshold Cryptosystems Secure against ChosenCiphertext Attacks
 IN PROC. OF ASIACRYPT
, 2000
"... Semantic security against chosenciphertext attacks (INDCCA) is widely believed as the correct security level for publickey encryption scheme. On the other hand, it is often dangerous to give to only one people the power of decryption. Therefore, threshold cryptosystems aimed at distributing the ..."
Abstract

Cited by 33 (3 self)
 Add to MetaCart
Semantic security against chosenciphertext attacks (INDCCA) is widely believed as the correct security level for publickey encryption scheme. On the other hand, it is often dangerous to give to only one people the power of decryption. Therefore, threshold cryptosystems aimed at distributing the decryption ability. However, only two efficient such schemes have been proposed so far for achieving INDCCA. Both are El Gamallike schemes and thus are based on the same intractability assumption, namely the Decisional DiffieHellman problem. In this article we rehabilitate the twinencryption paradigm proposed by Naor and Yung to present generic conversions from a large family of (threshold) INDCPA scheme into a (threshold) INDCCA one in the random oracle model. An efficient instantiation is also proposed, which is based on the Paillier cryptosystem. This new construction provides the first example of threshold cryptosystem secure against chosenciphertext attacks based on the factorization problem. Moreover, this construction provides a scheme where the “homomorphic properties” of the original scheme still hold. This is rather cumbersome because homomorphic cryptosystems are known to be malleable and therefore not to be CCA secure. However, we do not build a “homomorphic cryptosystem”, but just keep the homomorphic properties.
Two Party RSA Key Generation
 In Crypto ’99, LNCS 1666
, 1999
"... . We present a protocol for two parties to generate an RSA key in a distributed manner. At the end of the protocol the public key: a modulus N = PQ, and an encryption exponent e are known to both parties. Individually, neither party obtains information about the decryption key d and the prime fa ..."
Abstract

Cited by 27 (0 self)
 Add to MetaCart
. We present a protocol for two parties to generate an RSA key in a distributed manner. At the end of the protocol the public key: a modulus N = PQ, and an encryption exponent e are known to both parties. Individually, neither party obtains information about the decryption key d and the prime factors of N : P and Q. However, d is shared among the parties so that threshold decryption is possible. 1 Introduction We show how two parties can jointly generate RSA public and private keys. Following the execution of our protocol each party learns the public key: N = PQ and e, but does not know the factorization of N or the decryption exponent d. The exponent d is shared among the two players in such a way that joint decryption of ciphertexts is possible. Generation of RSA keys in a private, distributed manner figures prominently in several cryptographic protocols. An example is threshold cryptography, see [12] for a survey. In a threshold RSA signature scheme there are k parties who ...
Optimistic Mixing for ExitPolls
 Asiacrypt 2002, LNCS 2501
, 2002
"... We propose a new mix network that is optimized to produce a correct output very fast when all mix servers execute the mixing protocol correctly (the usual case). Our mix network only produces an output if no server cheats. However, in the rare case when one or several mix servers cheat, we convert t ..."
Abstract

Cited by 27 (3 self)
 Add to MetaCart
We propose a new mix network that is optimized to produce a correct output very fast when all mix servers execute the mixing protocol correctly (the usual case). Our mix network only produces an output if no server cheats. However, in the rare case when one or several mix servers cheat, we convert the inputs to a format that allows "backup" mixing. This backup mixing can be implemented using any one of a wide array of already proposed (but slower) mix networks. When all goes well, our mix net is the fastest, both in real terms and asymptotically, of all those that offer standard guarantees of privacy and correctness. In practice, this benefit far outweighs the drawback of a comparatively complex procedure to recover from cheating. Our new mix is ideally suited to compute almost instantly the output of electronic elections, whence the name "exitpoll" mixing.
Computing inverses over a shared secret modulus
, 2000
"... Abstract. We discuss the following problem: Given an integer φ shared secretly among n players and a prime number e, how can the players efficiently compute a sharing of e −1 mod φ. The most interesting case is when φ is the Euler function of a known RSA modulus N, φ = φ(N). The problem has several ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
Abstract. We discuss the following problem: Given an integer φ shared secretly among n players and a prime number e, how can the players efficiently compute a sharing of e −1 mod φ. The most interesting case is when φ is the Euler function of a known RSA modulus N, φ = φ(N). The problem has several applications, among which the construction of threshold variants for two recent signature schemes proposed by GennaroHaleviRabin and CramerShoup. We present new and efficient protocols to solve this problem, improving over previous solutions by BonehFranklin and Frankel et al. Our basic protocol (secure against honest but curious players) requires only two rounds of communication and a single GCD computation. The robust protocol (secure against malicious players) adds only a couple of rounds and a few modular exponentiations to the computation. 1
On the Utility of Distributed Cryptography in P2P and MANETs: the Case of Membership Control
"... Peertopeer systems enable efficient resource aggregation and are inherently scalable since they do not depend on any centralized authority. However, lack of a centralized authority, prompts many securityrelated challenges. Providing efficient security services in these systems is an active resear ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
Peertopeer systems enable efficient resource aggregation and are inherently scalable since they do not depend on any centralized authority. However, lack of a centralized authority, prompts many securityrelated challenges. Providing efficient security services in these systems is an active research topic which is receiving much attention in the security research community. In this paper, we explore the use of threshold cryptography in peertopeer settings (both Internet and MANETbased) to provide, in a robust and fault tolerant fashion, security services such as authentication, certificate issuance and access control. Threshold cryptography provides high availability by distributing trust throughout the group and is, therefore, an attractive solution for secure peergroups. At least, so it seems... Our work investigates the applicability of threshold cryptography for membership control in peertopeer systems. In the process, we discover that one interesting recently proposed scheme contains an unfortunate (yet serious) flaw. We then present an alternative solution and its performance measurements. More importantly, our preliminary work casts a certain degree of skepticism on the practicality and even viability of using (seemingly attractive) threshold cryptography in certain peertopeer settings.
Multiround anonymous auction protocols
 In Proceedings of the First IEEE Workshop on Dependable and RealTime ECommerce Systems
, 1998
"... Auctions are a critical element of the electronic commerce infrastructure. But for realtime applications, auctions are a potential problem – they can cause significant time delays. Thus, for most realtime applications, sealedbid auctions are recommended. But how do we handle tiebreaking in sealed ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
Auctions are a critical element of the electronic commerce infrastructure. But for realtime applications, auctions are a potential problem – they can cause significant time delays. Thus, for most realtime applications, sealedbid auctions are recommended. But how do we handle tiebreaking in sealedbid auctions? This paper analyzes the use of multiround auctions where the winners from an auction round participate in a subsequent tiebreaking second auction round. We perform this analysis over the classical firstprice sealedbid auction that has been modified to provide privacy. We analyze the expected number of rounds and optimal values to minimize communication delays. 1