Results 1 
3 of
3
How to break a practical MIX and design a new one
, 2000
"... . A MIX net takes a list of ciphertexts (c1 ; \Delta \Delta \Delta ; cN ) and outputs a permuted list of the plaintexts (m1 ; \Delta \Delta \Delta ; mN ) without revealing the relationship between (c1 ; \Delta \Delta \Delta ; cN ) and (m1 ; \Delta \Delta \Delta ; mN ). This paper first shows that ..."
Abstract

Cited by 41 (0 self)
 Add to MetaCart
. A MIX net takes a list of ciphertexts (c1 ; \Delta \Delta \Delta ; cN ) and outputs a permuted list of the plaintexts (m1 ; \Delta \Delta \Delta ; mN ) without revealing the relationship between (c1 ; \Delta \Delta \Delta ; cN ) and (m1 ; \Delta \Delta \Delta ; mN ). This paper first shows that the Jakobsson's MIX net of Eurocrypt'98, which was believed to be resilient and very efficient, is broken. We next propose an efficient tresilient MIX net with O(t 2 ) servers in which the cost of each MIX server is O(N ). Two new concepts are introduced, existentialhonesty and limitedopenverification. They will be useful for distributed computation in general. 1
Formal Security Proofs for a Signature Scheme with Partial Message Recovery
 Lecture Notes in Computer Science
, 2000
"... The PintsovVanstone signature scheme with partial message recovery (PVSSR) is a variant of the Schnorr and NybergRueppel signature schemes. It produces very short signatures on messages with intrinsic redundancy. At 80 bits of security, cryptographic overhead (message expansion) ranges from 20 ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
The PintsovVanstone signature scheme with partial message recovery (PVSSR) is a variant of the Schnorr and NybergRueppel signature schemes. It produces very short signatures on messages with intrinsic redundancy. At 80 bits of security, cryptographic overhead (message expansion) ranges from 20 to 30 bytes, depending on the amount of intrinsic redundancy in the message being signed. (In comparison, an ECDSA signature with the same domain parameters would have an overhead of about 40 bytes.) This article gives a formal proof of the security of PVSSR, which reduces the difficulty of existential forgery to the difficulty of the discrete logarithm problem. The proof works in the random oracle model (which assumes an ideal hash function) combined with an ideal cipher model. Suggested instantiations for the ciphers in cryptographic applications are symmetric encryption primitives, such as 3DES or AES. A second proof is given, in which the random oracle model is replaced by the ...
Anonymous Fingerprinting with Direct NonRepudiation
, 2000
"... Fingerprinting schemes support copyright protection by enabling the merchant of a data item to ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Fingerprinting schemes support copyright protection by enabling the merchant of a data item to