Results 11  20
of
35
Equitable key escrow with limited time span (or, How to enforce time expiration cryptographically)
 ADVANCES IN CRYPTOLOGY, ASIACRYPT 98, LNCS 1514
, 1998
"... With equitable key escrow the control of society over the individual and the control of the individual over society are shared fairly. In particular, the control is limited to specified time periods. We consider two applications: time controlled key escrow and time controlled auctions with closed b ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
With equitable key escrow the control of society over the individual and the control of the individual over society are shared fairly. In particular, the control is limited to specified time periods. We consider two applications: time controlled key escrow and time controlled auctions with closed bids. In the rst the individual cannot be targeted outside the period authorized by the court. In the second the individual cannot withhold his closed bid beyond the bidding period. We propose two protocols, one for each application. We do not require the use of temperproof devices.
An observation on associative oneway functions in complexity theory
 Information Processing Letters
, 1997
"... Abstract We introduce the notion of associative oneway functions and prove that they exist if and only if P 6 = NP. As evidence of their utility, we present two novel protocols that apply strong forms of these functions to achieve secret key agreement and digital signatures. ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Abstract We introduce the notion of associative oneway functions and prove that they exist if and only if P 6 = NP. As evidence of their utility, we present two novel protocols that apply strong forms of these functions to achieve secret key agreement and digital signatures.
Searching for Elements in Black Box Fields and Applications
 In Advances in CryptologyCrypto’96, LNCS1109
, 1996
"... We introduce the notion of a black box field and discuss the problem of explicitly exposing field elements given in a black box form. We present several subexponential algorithms for this problem using a technique due to Maurer. These algorithms make use of elliptic curves over finite fields in a c ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
We introduce the notion of a black box field and discuss the problem of explicitly exposing field elements given in a black box form. We present several subexponential algorithms for this problem using a technique due to Maurer. These algorithms make use of elliptic curves over finite fields in a crucial way. We present three applications for our results: (1) We show that any algebraically homomorphic encryption scheme can be broken in expected subexponential time. The existence of such schemes has been open for a number of years. (2) We give an expected subexponential time reduction from the problem of finding roots of polynomials over finite fields with low straight line complexity (e.g. sparse polynomials) to the problem of testing whether such polynomials have a root in the field. (3) We show that the hardness of computing discretelog over elliptic curves implies the security of the DiffieHellman protocol over elliptic curves. Finally in the last section of the paper we prove ...
Protection of authenticated keyagreement protocol against a denialofservice attack
 In International Symposium on Information Theory and Its Applications (ISITA
, 1998
"... ..."
The Equivalence Between The Dhp And Dlp For Elliptic Curves Used In Practical Applications
, 2004
"... We reexamine the reduction of Maurer and Wolf of the Discrete Logarithm problem to the Di#eHellman problem. We give a precise estimate for the number of operations required in the reduction and use this to estimate the exact security of the elliptic curve variant of the Di#eHellman protocol for ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We reexamine the reduction of Maurer and Wolf of the Discrete Logarithm problem to the Di#eHellman problem. We give a precise estimate for the number of operations required in the reduction and use this to estimate the exact security of the elliptic curve variant of the Di#eHellman protocol for various elliptic curves defined in standards. 1.
Public key cryptography sans certificates in ad hoc networks
 In Applied Cryptography and Network Security (ACNS
, 2006
"... Abstract. Several researchers have proposed the use of threshold cryptographic model to enable secure communication in ad hoc networks without the need of a trusted center. In this model, the system remains secure even in the presence of a certain threshold t of corrupted/malicious nodes. In this pa ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. Several researchers have proposed the use of threshold cryptographic model to enable secure communication in ad hoc networks without the need of a trusted center. In this model, the system remains secure even in the presence of a certain threshold t of corrupted/malicious nodes. In this paper, we show how to perform necessary public key operations without nodespecific certificates in ad hoc networks. These operations include pairwise key establishment, signing, and encryption. We achieve this by using Feldman’s verifiable polynomial secret sharing (VSS) as a key distribution scheme and treating the secret shares as the private keys. Unlike in the standard public key cryptography, where entities have independent private/public key pairs, in the proposed scheme the private keys are related (they are points on a polynomial of degree t) andeach public key can be computed from the public VSS information and node identifier. We show that such related keys can still be securely used for standard signature and encryption operations (using resp. Schnorr signatures and ElGamal encryption) and for pairwise key establishment, as long as there are no more that t collusions/corruptions in the system. The proposed usage of shares as private keys can also be viewed as a thresholdtolerant identitybased cryptosystem under standard (discrete logarithm based) assumptions. 1
Security arguments for the UM key agreement protocol
 in the NIST SP
"... The Unified Model (UM) key agreement protocol is an efficient DiffieHellman scheme that has been included in many cryptographic standards, most recently in the NIST SP 80056A standard. The UM protocol is believed to possess all important security attributes including key authentication and secrecy ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
The Unified Model (UM) key agreement protocol is an efficient DiffieHellman scheme that has been included in many cryptographic standards, most recently in the NIST SP 80056A standard. The UM protocol is believed to possess all important security attributes including key authentication and secrecy, resistance to unknown keyshare attacks, forward secrecy, resistance to knownsession key attacks, and resistance to leakage of ephemeral private keys, but is known to succumb to keycompromise impersonation attacks. In this paper we present a strengthening of the CanettiKrawczyk security definition for key agreement that captures resistance to all important attacks that have been identified in the literature with the exception of keycompromise impersonation attacks. We then present a reductionist security proof that the UM protocol satisfies this new definition in the random oracle model under the Gap DiffieHellman assumption.
H.: Modification of internet key exchange resistant against denialofservice
 In: PreProceedings of Internet Workshop
, 2000
"... ..."
Elliptic Curves and their use in Cryptography
 DIMACS Workshop on Unusual Applications of Number Theory
, 1997
"... The security of many cryptographic protocols depends on the difficulty of solving the socalled "discrete logarithm" problem, in the multiplicative group of a finite field. Although, in the general case, there are no polynomial time algorithms for this problem, constant improvements are ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The security of many cryptographic protocols depends on the difficulty of solving the socalled "discrete logarithm" problem, in the multiplicative group of a finite field. Although, in the general case, there are no polynomial time algorithms for this problem, constant improvements are being made  with the result that the use of these protocols require much larger key sizes, for a given level of security, than may be convenient. An abstraction of these protocols shows that they have analogues in any group. The challenge presents itself: find some other groups for which there are no good attacks on the discrete logarithm, and for which the group operations are sufficiently economical. In 1985, the author suggested that the groups arising from a particular mathematical object known as an "elliptic curve" might fill the bill. In this paper I review the general cryptographic protocols which are involved, briefly describe elliptic curves and review the possible attacks again...
A Secure and Efficient Authenticated Diffie–Hellman Protocol
, 2009
"... Abstract. The Exponential Challenge Response (XRC) and Dual Exponential Challenge Response (DCR) signature schemes are the building blocks of the HMQV protocol. We propose a complementary analysis of these schemes; on the basis of this analysis we show how impersonation and man in the middle attacks ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. The Exponential Challenge Response (XRC) and Dual Exponential Challenge Response (DCR) signature schemes are the building blocks of the HMQV protocol. We propose a complementary analysis of these schemes; on the basis of this analysis we show how impersonation and man in the middle attacks can be mounted against the HMQV protocol, when some session specific information leakages happen. We define the Full Exponential Challenge Response (FXRC) and Full Dual Exponential Challenge Response (FDCR) signature schemes; using these schemes we propose the Fully Hashed MQV protocol (with security arguments), which preserves the remarkable performance of the (H)MQV protocol and resists the attacks we present. 1