Results 1  10
of
402
A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack
 CRYPTO '98
, 1998
"... A new public key cryptosystem is proposed and analyzed. The scheme is quite practical, and is provably secure against adaptive chosen ciphertext attack under standard intractability assumptions. There appears to be no previous cryptosystem in the literature that enjoys both of these properties simu ..."
Abstract

Cited by 540 (17 self)
 Add to MetaCart
(Show Context)
A new public key cryptosystem is proposed and analyzed. The scheme is quite practical, and is provably secure against adaptive chosen ciphertext attack under standard intractability assumptions. There appears to be no previous cryptosystem in the literature that enjoys both of these properties simultaneously.
The exact security of digital signatures  How to sign with RSA and Rabin
, 1996
"... We describe an RSAbased signing scheme called PSS which combines essentially optimal efficiency with attractive security properties. Signing takes one RSA decryption plus some hashing, ..."
Abstract

Cited by 386 (17 self)
 Add to MetaCart
We describe an RSAbased signing scheme called PSS which combines essentially optimal efficiency with attractive security properties. Signing takes one RSA decryption plus some hashing,
Security Arguments for Digital Signatures and Blind Signatures
 JOURNAL OF CRYPTOLOGY
, 2000
"... Since the appearance of publickey cryptography in the seminal DiffieHellman paper, many new schemes have been proposed and many have been broken. Thus, the ..."
Abstract

Cited by 375 (39 self)
 Add to MetaCart
Since the appearance of publickey cryptography in the seminal DiffieHellman paper, many new schemes have been proposed and many have been broken. Thus, the
Security Proofs for Signature Schemes
, 1996
"... In this paper, we address the question of providing security proofs for signature schemes in the socalled random oracle model [1]. In particular, we establish the generality of this technique against adaptively chosen message attacks. Our main application achieves such a security proof for a slight ..."
Abstract

Cited by 263 (25 self)
 Add to MetaCart
(Show Context)
In this paper, we address the question of providing security proofs for signature schemes in the socalled random oracle model [1]. In particular, we establish the generality of this technique against adaptively chosen message attacks. Our main application achieves such a security proof for a slight variant of the El Gamal signature scheme [3] where committed values are hashed together with the message. This is a rather surprising result since the original El Gamal is, as RSA [11], subject to existential forgery.
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
, 1999
"... Differential Power Analysis, first introduced by Kocher et al. in [14], is a powerful technique allowing to recover secret smart card information by monitoring power signals. In [14] a specific DPA attack against smartcards running the DES algorithm was described. As few as 1000 encryptions were su ..."
Abstract

Cited by 250 (2 self)
 Add to MetaCart
Differential Power Analysis, first introduced by Kocher et al. in [14], is a powerful technique allowing to recover secret smart card information by monitoring power signals. In [14] a specific DPA attack against smartcards running the DES algorithm was described. As few as 1000 encryptions were sufficient to recover the secret key. In this paper we generalize DPA attack to elliptic curve (EC) cryptosystems and describe a DPA on EC DiffieHellman key exchange and EC ElGamal type encryption. Those attacks enable to recover the private key stored inside the smartcard. Moreover, we suggest countermeasures that thwart our attack.
Practical Threshold Signatures
, 1999
"... We present an RSA threshold signature scheme. The scheme enjoys the following properties: 1. it is unforgeable and robust in the random oracle model, assuming the RSA problem is hard ..."
Abstract

Cited by 240 (2 self)
 Add to MetaCart
(Show Context)
We present an RSA threshold signature scheme. The scheme enjoys the following properties: 1. it is unforgeable and robust in the random oracle model, assuming the RSA problem is hard
The NPcompleteness column: an ongoing guide
 JOURNAL OF ALGORITHMS
, 1987
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freem ..."
Abstract

Cited by 239 (0 self)
 Add to MetaCart
(Show Context)
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freeman & Co., New York, 1979 (hereinafter referred to as "[G&J]"; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
Improved proxy reencryption schemes with applications to secure distributed storage
 IN NDSS
, 2005
"... In 1998, Blaze, Bleumer, and Strauss proposed an application called atomic proxy reencryption, in which a semitrusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure reencryption will become increasingly popu ..."
Abstract

Cited by 203 (15 self)
 Add to MetaCart
In 1998, Blaze, Bleumer, and Strauss proposed an application called atomic proxy reencryption, in which a semitrusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure reencryption will become increasingly popular as a method for managing encrypted file systems. Although efficiently computable, the widespread adoption of BBS reencryption has been hindered by considerable security risks. Following recent work of Ivan and Dodis, we present new reencryption schemes that realize a stronger notion of security and we demonstrate the usefulness of proxy reencryption as a method of adding access control to the SFS readonly file system. Performance measurements of our experimental file system demonstrate that proxy reencryption can work effectively in practice.
Digital Signatures for Flows and Multicasts
, 1999
"... We present chaining techniques for signing/verifying multiple packets using a single signing/verification operation. We then present flow signing and verification procedures based upon a tree chaining technique. Since a single signing/verification operation is amortized over many packets, these proc ..."
Abstract

Cited by 169 (2 self)
 Add to MetaCart
We present chaining techniques for signing/verifying multiple packets using a single signing/verification operation. We then present flow signing and verification procedures based upon a tree chaining technique. Since a single signing/verification operation is amortized over many packets, these procedures improve signing and verification rates by one to two orders of magnitude compared to the approach of signing/verifying packets individually. Our procedures do not depend upon reliable delivery of packets, provide delaybounded signing, and are thus suitable for delaysensitive flows and multicast applications. To further improve our procedures, we propose several extensions to the FeigeFiatShamir digital signature scheme to substantially speed up both the signing and verification operations, as well as to allow “adjustable and incremental ” verification. The extended scheme, called eFFS, is compared to four other digital signature schemes (RSA, DSA, ElGamal, Rabin). We compare their signing and verification times, as well as key and signature sizes. We observe that (i) eFFS is the fastest in signing (by a large margin over any of the other four schemes) and as fast as RSA in verification (tie for a close second behind Rabin), (ii) eFFS allows a tradeoff between memory and signing/verification time, and (iii) eFFS allows adjustable and incremental verification by receivers.
CoercionResistant Electronic Elections
 In WPES ’05
, 2002
"... We introduce a model for electronic election schemes that involves a more powerful adversary than in previous work. In particular, we allow the adversary to demand of coerced voters that they vote in a particular manner, abstain from voting, or even disclose their secret keys. We define a scheme ..."
Abstract

Cited by 155 (0 self)
 Add to MetaCart
We introduce a model for electronic election schemes that involves a more powerful adversary than in previous work. In particular, we allow the adversary to demand of coerced voters that they vote in a particular manner, abstain from voting, or even disclose their secret keys. We define a scheme to be coercion resistant if it is impossible for the adversary to determine whether a coerced voter complies with the demands. Furthermore, we relax the requirements made in some previous proposals from an untappable channel to only requiring the existence of an anonymous channel.