Results 1  10
of
29
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1123 (24 self)
 Add to MetaCart
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
An IdentityBased Signature from Gap DiffieHellman Groups
 Public Key Cryptography  PKC 2003, LNCS 2139
, 2002
"... In this paper we propose an identity(ID)based signature scheme using gap DiffieHellman (GDH) groups. Our scheme is proved secure against existential forgery on adaptively chosen message and ID attack under the random oracle model. ..."
Abstract

Cited by 145 (4 self)
 Add to MetaCart
In this paper we propose an identity(ID)based signature scheme using gap DiffieHellman (GDH) groups. Our scheme is proved secure against existential forgery on adaptively chosen message and ID attack under the random oracle model.
Towards the Equivalence of Breaking the DiffieHellman Protocol and Computing Discrete Logarithms
, 1994
"... Let G be an arbitrary cyclic group with generator g and order jGj with known factorization. G could be the subgroup generated by g within a larger group H. Based on an assumption about the existence of smooth numbers in short intervals, we prove that breaking the DiffieHellman protocol for G and ..."
Abstract

Cited by 69 (6 self)
 Add to MetaCart
Let G be an arbitrary cyclic group with generator g and order jGj with known factorization. G could be the subgroup generated by g within a larger group H. Based on an assumption about the existence of smooth numbers in short intervals, we prove that breaking the DiffieHellman protocol for G and base g is equivalent to computing discrete logarithms in G to the base g when a certain side information string S of length 2 log jGj is given, where S depends only on jGj but not on the definition of G and appears to be of no help for computing discrete logarithms in G. If every prime factor p of jGj is such that one of a list of expressions in p, including p \Gamma 1 and p + 1, is smooth for an appropriate smoothness bound, then S can efficiently be constructed and therefore breaking the DiffieHellman protocol is equivalent to computing discrete logarithms.
Toward secure key distribution in truly adhoc networks
 in Proceedings of the International Symposium on Applications and the Internet Workshop
"... Adhoc networks — and in particular wireless mobile adhoc networks — have unique characteristics and constraints that make traditional cryptographic mechanisms and assumptions inappropriate. In particular, it may not be warranted to assume preexisting shared secrets between members of the network ..."
Abstract

Cited by 56 (0 self)
 Add to MetaCart
Adhoc networks — and in particular wireless mobile adhoc networks — have unique characteristics and constraints that make traditional cryptographic mechanisms and assumptions inappropriate. In particular, it may not be warranted to assume preexisting shared secrets between members of the network or the presence of a common PKI. Thus, the issue of key distribution in adhoc networks represents an important problem. Unfortunately, this issue has been largely ignored; as an example, most protocols for secure adhoc routing assume that key distribution has already taken place. Traditional key distribution schemes either do not apply in an adhoc scenario or are not efficient enough for small, resourceconstrained devices. We propose to combine efficient techniques from identitybased (IDbased) and threshold cryptography to provide a mechanism that enables flexible and efficient key distribution while respecting the constraints of adhoc networks. We also discuss the available mechanisms and their suitability for the proposed task. 1.
New PublicKey Schemes Based on Elliptic Curves over the Ring Z_n
, 1991
"... Three new trapdoor oneway functions are proposed that are based on elliptic curves over the ring Z_n. The first class of functions is a naive construction, which can be used only in a digital signature scheme, and not in a publickey cryptosystem. The second, preferred class of function, does not s ..."
Abstract

Cited by 46 (0 self)
 Add to MetaCart
Three new trapdoor oneway functions are proposed that are based on elliptic curves over the ring Z_n. The first class of functions is a naive construction, which can be used only in a digital signature scheme, and not in a publickey cryptosystem. The second, preferred class of function, does not suffer from this problem and can be used for the same applications as the RSA trapdoor oneway function, including zeroknowledge identification protocols. The third class of functions has similar properties to the Rabin trapdoor oneway functions. Although the security of these proposed schemes is based on the difficulty of factoring n, like the RSA and Rabin schemes, these schemes seem to be more secure than those schemes from the viewpoint of attacks without factoring such as low multiplier attacks.
The Relationship Between Breaking the DiffieHellman Protocol and Computing Discrete Logarithms
, 1998
"... Both uniform and nonuniform results concerning the security of the DiffieHellman keyexchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that re ..."
Abstract

Cited by 38 (3 self)
 Add to MetaCart
Both uniform and nonuniform results concerning the security of the DiffieHellman keyexchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that reduces the computation of discrete logarithms in G to breaking the DiffieHellman protocol in G and has complexity p maxf(p i )g \Delta (log jGj) O(1) , where (p) stands for the minimum of the set of largest prime factors of all the numbers d in the interval [p \Gamma 2 p p+1; p+2 p p+ 1]. Under the unproven but plausible assumption that (p) is polynomial in log p, this reduction implies that the DiffieHellman problem and the discrete logarithm problem are polynomialtime equivalent in G. Second, it is proved that the DiffieHellman problem and the discrete logarithm problem are equivalent in a uniform sense for groups whose orders belong to certain classes: there exists a p...
Security Analysis of a Practical "on the fly" Authentication and Signature Generation
 In Eurocrypt '98, LNCS 1403
, 1998
"... . In response to the current need for fast, secure and cheap publickey cryptography, we study an interactive zeroknowledge identification scheme and a derived signature scheme that combine provable security based on the general problem of computing discrete logarithms modulo any number, short iden ..."
Abstract

Cited by 28 (6 self)
 Add to MetaCart
. In response to the current need for fast, secure and cheap publickey cryptography, we study an interactive zeroknowledge identification scheme and a derived signature scheme that combine provable security based on the general problem of computing discrete logarithms modulo any number, short identitybased keys, very short transmission and minimal online computation. This leads to both efficient and secure applications well suited to the implementation on low cost smart cards. We develop complete proofs of completeness, soundness and statistical zeroknowledge property of the identification scheme. The security analysis of the signature scheme leads to present a novel number theoretical lemma of independent interest and an original use of the "forking lemma" technique. From a practical point of view, the possible choice of parameters is discussed and we submit performances of an actual implementation on a cheap smart card. As an example, a complete and secure authentication can be ...
The advantages of Elliptic Curve Cryptography For Wireless Security
 IEEE Wireless Communications
, 2004
"... As the wireless industry explodes, it faces a growing need for security. Both for secure (authenticated, private) Web transactions and for secure (signed, encrypted) messaging, a full and efficient ..."
Abstract

Cited by 27 (0 self)
 Add to MetaCart
As the wireless industry explodes, it faces a growing need for security. Both for secure (authenticated, private) Web transactions and for secure (signed, encrypted) messaging, a full and efficient
Protecting against Key Exposure: Strongly KeyInsulated Encryption with Optimal Threshold
, 2002
"... A new framework for protection against key exposure was recently suggested by Dodis et. al. [16]. We take its realization further towards practice by presenting simple new schemes that provide benefits over previous ones in terms of scalability, performance and security. Our first contribution is a ..."
Abstract

Cited by 27 (1 self)
 Add to MetaCart
A new framework for protection against key exposure was recently suggested by Dodis et. al. [16]. We take its realization further towards practice by presenting simple new schemes that provide benefits over previous ones in terms of scalability, performance and security. Our first contribution is a simple, practical, scalable scheme called SKIEOT that achieves the best possible security in their framework. SKIEOT is based on the BonehFranklin identitybased encryption (IBE) scheme [10] and exploits algebraic properties of the latter. We also present a general transform which can be applied to yield alternative practical schemes with the same security characteristics as SKIEOT, starting from other IBE schemes such as that of Cocks [14]. Finally, we show that the role of identitybased encryption is not coincidental by proving that IBE is equivalent to (not strongly) keyinsulated encryption with optimal threshold and allowing randomaccess key updates.
The DiffieHellman Protocol
 DESIGNS, CODES, AND CRYPTOGRAPHY
, 1999
"... The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protoco ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protocol, allowing two parties who share no secret information initially, to generate a mutual secret key. This paper summarizes the present knowledge on the security of this protocol.