Results 1  10
of
33
Sharing decryption in the context of voting or lotteries
, 2000
"... Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform computation with encrypted data without the knowledge of any secret information. In many applications, the ability to perform decryption, i.e. the knowledge of the secret key, giv ..."
Abstract

Cited by 81 (6 self)
 Add to MetaCart
Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform computation with encrypted data without the knowledge of any secret information. In many applications, the ability to perform decryption, i.e. the knowledge of the secret key, gives a huge power. A classical way to reduce the trust in such a secret owner, and consequently to increase the security, is to share the secret between many entities in such a way that cooperation between them is necessary to decrypt. In this paper, we propose a distributed version of the Paillier cryptosystem presented at Eurocrypt ’99. This shared scheme can for example be used in an electronic voting scheme or in a lottery where a random number related to the winning ticket has to be jointly chosen by all participants.
An Intensive Survey of Fair NonRepudiation Protocols
 Computer Communications
, 2002
"... With the phenomenal growth of the Internet and open networks in general, security services, such as nonrepudiation, become crucial to many applications. Nonrepudiation services must ensure that when Alice sends some information to Bob over a network, neither Alice nor Bob can deny having participat ..."
Abstract

Cited by 53 (4 self)
 Add to MetaCart
(Show Context)
With the phenomenal growth of the Internet and open networks in general, security services, such as nonrepudiation, become crucial to many applications. Nonrepudiation services must ensure that when Alice sends some information to Bob over a network, neither Alice nor Bob can deny having participated in a part or the whole of this communication. Therefore a fair nonrepudiation protocol has to generate nonrepudiation of origin evidences intended to Bob, and nonrepudiation of receipt evidences destined to Alice. In this paper, we clearly define the properties a fair nonrepudiation protocol must respect, and give a survey of the most important nonrepudiation protocols without and with trusted third party (TTP). For the later ones we discuss the evolution of the TTP's involvement and, between others, describe the most recent protocol using a transparent TTP. We also discuss some adhoc problems related to the management of nonrepudiation evidences.
On the fly authentication and signature schemes based on groups of unknown order
 Journal of Cryptology
"... Abstract. In response to the current need for fast, secure and cheap publickey cryptography, we propose an interactive zeroknowledge identification scheme and a derived signature scheme that combine provable security based on the problem of computing discrete logarithms in any group, short keys, ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In response to the current need for fast, secure and cheap publickey cryptography, we propose an interactive zeroknowledge identification scheme and a derived signature scheme that combine provable security based on the problem of computing discrete logarithms in any group, short keys, very short transmission and minimal online computation. This leads to both efficient and secure applications well suited to implementation on low cost smart cards. We introduce GPS, a Schnorrlike scheme that does not require knowledge of the order of the group nor of the group element. As a consequence, it can be used with most cryptographic group structures, including those of unknown order. Furthermore, the computation of the prover’s response is done over the integers, hence can be done with very limited computational capabilities. This paper provides complete security proofs of the identification scheme. From a practical point of view, the possible range of parameters is discussed and a report on the performances of an actual implementation on a cheap smart card is included: a complete and secure authentication can be performed in less than 20 milliseconds with low cost equipment. Key words. Identification scheme, Digital signature, Discrete logarithm problem, Minimal online computation, Low cost smart cards.
Mutual Authentication for LowPower Mobile Devices
 In Proc. of Financial Cryptography
, 2001
"... Abstract. We propose methods for mutual authentication and key exchange. Our methods are well suited for applications with strict power consumption restrictions, such as wireless medical implants and contactless smart cards. We prove the security of our schemes based on the discrete log gap problem. ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We propose methods for mutual authentication and key exchange. Our methods are well suited for applications with strict power consumption restrictions, such as wireless medical implants and contactless smart cards. We prove the security of our schemes based on the discrete log gap problem.
Fair Encryption of RSA Keys
 IN PROCEEDINGS OF EUROCRYPT 2000, VOLUME 1807 OF LNCS
, 2000
"... Cryptography is more and more concerned with elaborate protocols involving many participants. In some cases, it is crucial to be sure that players behave fairly especially when they use public key encryption. Accordingly, mechanisms are needed to check the correctness of encrypted data, without comp ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
(Show Context)
Cryptography is more and more concerned with elaborate protocols involving many participants. In some cases, it is crucial to be sure that players behave fairly especially when they use public key encryption. Accordingly, mechanisms are needed to check the correctness of encrypted data, without compromising secrecy. We consider an optimistic scenario in which users have pairs of public and private keys and give an encryption of their secret key with the public key of a third party. In this setting we wish to provide a publicly verifiable proof that the third party is able to recover the secret key if needed. Our emphasis is on size; we believe that the proof should be of the same length as the original key. In this paper, we propose such proofs of fair encryption for El Gamal and RSA keys, using the Paillier cryptosystem. Our proofs are really efficient since in practical terms they are only a few hundred bytes long. As an application, we design a very simple and efficient key recovery system.
The composite discrete logarithm and secure authentication
 In Public Key Cryptography
, 2000
"... Abstract. For the two last decades, electronic authentication has been an important topic. The first applications were digital signatures to mimic handwritten signatures for digital documents. Then, Chaum wanted to create an electronic version of money, with similar properties, namely bank certifica ..."
Abstract

Cited by 19 (2 self)
 Add to MetaCart
(Show Context)
Abstract. For the two last decades, electronic authentication has been an important topic. The first applications were digital signatures to mimic handwritten signatures for digital documents. Then, Chaum wanted to create an electronic version of money, with similar properties, namely bank certification and users ’ anonymity. Therefore, he proposed the concept of blind signatures. For all those problems, and furthermore for online authentication, zeroknowledge proofs of knowledge became a very powerful tool. Nevertheless, high computational load is often the drawback of a high security level. More recently, witnessindistinguishability has been found to be a better property that can conjugate security together with efficiency. This paper studies the discrete logarithm problem with a composite modulus and namely its witnessindistinguishability. Then we offer new authentications more secure than factorization and furthermore very efficient from the prover point of view. Moreover, we significantly improve the reduction cost in the security proofs of Girault’s variants of the Schnorr schemes which validates practical sizes for security parameters. Finally, thanks to the witnessindistinguishability of the basic protocol, we can derive a blind signature scheme with security related to factorization.
Efficient Proofs of Knowledge of Discrete Logarithms and Representations in Groups with Hidden Order
 In PKC 2005, LNCS 3386
, 2005
"... Abstract. For many oneway homomorphisms used in cryptography, there exist efficient zeroknowledge proofs of knowledge of a preimage. Examples of such homomorphisms are the ones underlying the Schnorr or the GuillouQuisquater identification protocols. In this paper we present, for the first time, ..."
Abstract

Cited by 14 (7 self)
 Add to MetaCart
(Show Context)
Abstract. For many oneway homomorphisms used in cryptography, there exist efficient zeroknowledge proofs of knowledge of a preimage. Examples of such homomorphisms are the ones underlying the Schnorr or the GuillouQuisquater identification protocols. In this paper we present, for the first time, efficient zeroknowledge proofs of knowledge for exponentiation ψ(x1). = h x1 1 and multiexponentiation homomorphisms ψ(x1,..., xl). = h x1 1 ·... · hx l l with h1,..., hl ∈ H (i.e., proofs of knowledge of discrete logarithms and representations) where H is a group of hidden order, e.g., an RSA group. 1
Verifiable encryption of digital signatures and applications
 ACM Trans. Inf. Syst. Secur
, 2004
"... This paper presents a new simple schemes for verifiable encryption of digital signatures. We make use of a trusted third party (TTP) but in an optimistic sense, that is, the TTP takes part in the protocol only if one user cheats or simply crashes. Our schemes can be used as primitives to build effic ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
This paper presents a new simple schemes for verifiable encryption of digital signatures. We make use of a trusted third party (TTP) but in an optimistic sense, that is, the TTP takes part in the protocol only if one user cheats or simply crashes. Our schemes can be used as primitives to build efficient fair exchange and certified email protocols.
Cryptanalysis of an efficient proof of knowledge of discrete logarithm
 In PKC 06, volume 3958 of LNCS
, 2006
"... Abstract. At PKC 2005, Bangerter, Camenisch and Maurer proposed an efficient protocol to prove knowledge of discrete logarithms in groups of unknown order. We describe an attack that enables the verifier to recover the full secret with essentially no computing power beyond what is required to run th ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. At PKC 2005, Bangerter, Camenisch and Maurer proposed an efficient protocol to prove knowledge of discrete logarithms in groups of unknown order. We describe an attack that enables the verifier to recover the full secret with essentially no computing power beyond what is required to run the protocol and after only a few iterations of it. We also describe variants of the attack that apply when some additional simple checks are performed by the prover.
Lowcost cryptography for privacy in RFID systems
 Smart Card Research and Advanced Applications, 7th IFIP WG 8.8/11.2 International Conference, CARDIS 2006
"... systems ..."
(Show Context)