Results 1  10
of
66
Optimistic fair exchange of digital signatures
 IEEE Journal on Selected Areas in Communications
, 1998
"... Abstract. We present a new protocol that allows two players to exchange digital signatures over the Internet in a fair way, so that either each player gets the other’s signature, or neither player does. The obvious application is where the signatures represent items of value, for example, an elect ..."
Abstract

Cited by 239 (10 self)
 Add to MetaCart
Abstract. We present a new protocol that allows two players to exchange digital signatures over the Internet in a fair way, so that either each player gets the other’s signature, or neither player does. The obvious application is where the signatures represent items of value, for example, an electronic check or airline ticket. The protocol can also be adapted to exchange encrypted data. The protocol relies on a trusted third party, but is “optimistic, ” in that the third party is only needed in cases where one player attempts to cheat or simply crashes. A key feature of our protocol is that a player can always force a timely and fair termination, without the cooperation of the other player. 1
Design and Analysis of Practical PublicKey Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack
 SIAM Journal on Computing
, 2001
"... A new public key encryption scheme, along with several variants, is proposed and analyzed. The scheme and its variants are quite practical, and are proved secure against adaptive chosen ciphertext attack under standard intractability assumptions. These appear to be the first publickey encryption sc ..."
Abstract

Cited by 189 (11 self)
 Add to MetaCart
A new public key encryption scheme, along with several variants, is proposed and analyzed. The scheme and its variants are quite practical, and are proved secure against adaptive chosen ciphertext attack under standard intractability assumptions. These appear to be the first publickey encryption schemes in the literature that are simultaneously practical and provably secure.
A Survey of Fast Exponentiation Methods
 Journal of Algorithms
, 1998
"... Publickey cryptographic systems often involve raising elements of some group (e.g. GF(2 n), Z/NZ, or elliptic curves) to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. The best method for exponentiation de ..."
Abstract

Cited by 155 (0 self)
 Add to MetaCart
Publickey cryptographic systems often involve raising elements of some group (e.g. GF(2 n), Z/NZ, or elliptic curves) to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. The best method for exponentiation depends strongly on the group being used, the hardware the system is implemented on, and whether one element is being raised repeatedly to different powers, different elements are raised to a fixed power, or both powers and group elements vary. This problem has received much attention, but the results are scattered through the literature. In this paper we survey the known methods for fast exponentiation, examining their relative strengths and weaknesses. 1
Signature Schemes Based on the Strong RSA Assumption
 ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY
, 1998
"... We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not require the the signer to maintain any state, and can be proven secure against adaptive chosen message attack under a reasonable intractability assumption, the socalled Strong RSA Assumption. Moreove ..."
Abstract

Cited by 150 (8 self)
 Add to MetaCart
We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not require the the signer to maintain any state, and can be proven secure against adaptive chosen message attack under a reasonable intractability assumption, the socalled Strong RSA Assumption. Moreover, a hash function can be incorporated into the scheme in such a way that it is also secure in the random oracle model under the standard RSA Assumption.
Fast batch verification for modular exponentiation and digital signatures
, 1998
"... Abstract Many tasks in cryptography (e.g., digital signature verification) call for verification of a basicoperation like modular exponentiation in some group: given ( g, x, y) check that gx = y. Thisis typically done by recomputing gx and checking we get y. We would like to do it differently,and f ..."
Abstract

Cited by 129 (2 self)
 Add to MetaCart
Abstract Many tasks in cryptography (e.g., digital signature verification) call for verification of a basicoperation like modular exponentiation in some group: given ( g, x, y) check that gx = y. Thisis typically done by recomputing gx and checking we get y. We would like to do it differently,and faster. The approach we use is batching. Focusing first on the basic modular exponentiation operation, we provide some probabilistic batch verifiers, or tests, that verify a sequence of modular exponentiations significantly faster than the naive recomputation method. This yields speedupsfor several verification tasks that involve modular exponentiations.
Network coding: An instant primer
 ACM SIGCOMM Computer Communication Review
, 2006
"... Network coding is a new research area that may have interesting applications in practical networking systems. With network coding, intermediate nodes may send out packets that are linear combinations of previously received information. There are two main benefits of this approach: potential throughp ..."
Abstract

Cited by 111 (4 self)
 Add to MetaCart
Network coding is a new research area that may have interesting applications in practical networking systems. With network coding, intermediate nodes may send out packets that are linear combinations of previously received information. There are two main benefits of this approach: potential throughput improvements and a high degree of robustness. Robustness translates into loss resilience and facilitates the design of simple distributed algorithms that perform well, even if decisions are based only on partial information. This paper is an instant primer on network coding: we explain what network coding does and how it does it. We also discuss the implications of theoretical results on network coding for realistic settings and show how network coding can be used in practice.
Securing Threshold Cryptosystems against Chosen Ciphertext Attack
 JOURNAL OF CRYPTOLOGY
, 1998
"... ..."
Network Coding for Efficient Communication in Extreme Networks
, 2005
"... Some forms of adhoc networks need to operate in extremely performancechallenged environments where endtoend connectivity is rare. Such environments can be found for example in very sparse mobile networks where nodes ”meet ” only occasionally and are able to exchange information, or in wireless s ..."
Abstract

Cited by 92 (3 self)
 Add to MetaCart
Some forms of adhoc networks need to operate in extremely performancechallenged environments where endtoend connectivity is rare. Such environments can be found for example in very sparse mobile networks where nodes ”meet ” only occasionally and are able to exchange information, or in wireless sensor networks where nodes sleep most of the time to conserve energy. Forwarding mechanisms in such networks usually resort to some form of intelligent flooding, as for example in probabilistic routing. We propose a communication algorithm that significantly reduces the overhead of probabilistic routing algorithms, making it a suitable building block for a delaytolerant network architecture. Our forwarding scheme is based on network coding. Nodes do not simply forward packets they overhear but may send out information that is coded over the contents of several packets they received. We show by simulation that this algorithm achieves the reliability and robustness of flooding at a small fraction of the overhead.
A new forwardsecure digital signature scheme
, 2000
"... We improve the BellareMiner (Crypto ’99) construction of signature schemes with forward security in the random oracle model. Our scheme has significantly shorter keys and is, therefore, more practical. By using a direct proof technique not used for forwardsecure schemes before, we are able to prov ..."
Abstract

Cited by 77 (6 self)
 Add to MetaCart
We improve the BellareMiner (Crypto ’99) construction of signature schemes with forward security in the random oracle model. Our scheme has significantly shorter keys and is, therefore, more practical. By using a direct proof technique not used for forwardsecure schemes before, we are able to provide better security bounds for the original construction as well as for our scheme. Bellare and Miner also presented a method for constructing such schemes without the use of the random oracle. We conclude by proposing an improvement to their method and an
Using Hash Functions as a Hedge against Chosen Ciphertext Attack
, 2000
"... The cryptosystem recently proposed by Cramer and Shoup [5] is a practical public key cryptosystem that is secure against adaptive chosen ciphertext attack provided the Decisional DiffieHellman assumption is true. Although this is a reasonable intractability assumption, it would be preferable to bas ..."
Abstract

Cited by 67 (7 self)
 Add to MetaCart
The cryptosystem recently proposed by Cramer and Shoup [5] is a practical public key cryptosystem that is secure against adaptive chosen ciphertext attack provided the Decisional DiffieHellman assumption is true. Although this is a reasonable intractability assumption, it would be preferable to base a security proof on a weaker assumption, such as the Computational DiffieHellman assumption. Indeed, this cryptosystem in its most basic form is in fact insecure if the Decisional DiffieHellman assumption is false. In this paper we present a practical hybrid scheme that is just as efficient as the scheme of of Cramer and Shoup; we prove that the scheme is secure if the Decisional DiffieHellman assumption is true; we give strong evidence that the scheme is secure if the weaker, Computational DiffieHellman assumption is true by providing a proof of security in the random oracle model.