Results 1  10
of
19
The OneMoreRSAInversion Problems and the Security of Chaum’s Blind Signature Scheme
 Journal of Cryptology
, 2003
"... Abstract We introduce a new class of computational problems which we call the "onemoreRSAinversion " problems. Our main result is that two problems in this class, which we call the chosentarget and knowntarget inversion problems respectively, have polynomiallyequivalent comput ..."
Abstract

Cited by 92 (5 self)
 Add to MetaCart
(Show Context)
Abstract We introduce a new class of computational problems which we call the &quot;onemoreRSAinversion &quot; problems. Our main result is that two problems in this class, which we call the chosentarget and knowntarget inversion problems respectively, have polynomiallyequivalent computational complexity. We show how this leads to a proof of security for Chaum's RSAbased blind signature scheme in the random oracle model based on the assumed hardness of either of these problems. We define and prove analogous results for &quot;onemorediscretelogarithm &quot; problems. Since the appearence of the preliminary version of this paper, the new problems we have introduced have found other uses as well.
Constructing fair exchange protocols for ecommerce via distributed computation of RSA signatures
 in PODC 2003
, 2003
"... Applications such as ecommerce payment protocols, electronic contract signing, and certified email delivery require that fair exchange be assured. A fairexchange protocol allows two parties to exchange items in a fair way so that either each party gets the other's item, or neither party do ..."
Abstract

Cited by 31 (2 self)
 Add to MetaCart
(Show Context)
Applications such as ecommerce payment protocols, electronic contract signing, and certified email delivery require that fair exchange be assured. A fairexchange protocol allows two parties to exchange items in a fair way so that either each party gets the other's item, or neither party does. We describe a novel method of constructing very efficient fairexchange protocols by distributing the computation of RSA signatures. Specifically, we employ multisignatures based on the RSAsignature scheme. To date, the vast majority of fairexchange protocols require the use of zeroknowledge proofs, which is the most computationally intensive part of the exchange protocol. Using the intrinsic features of our multisignature model, we construct protocols that require no zeroknowledge proofs in the exchange protocol. Use of zeroknowledge proofs is needed only in the protocol setup phasethis is a onetime cost. Furthermore, our scheme uses multisignatures that are compatible with the underlying standard (singlesigner) signature scheme, which makes it possible to readily integrate the fairexchange feature with existing ecommerce systems.
FineGrained Control of Security Capabilities
 ACM Transactions on Internet Technology
, 2004
"... We present a new approach for finegrained control over users ’ security privileges (fast revocation of credentials) centered around the concept of an online semitrusted mediator (SEM). The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
(Show Context)
We present a new approach for finegrained control over users ’ security privileges (fast revocation of credentials) centered around the concept of an online semitrusted mediator (SEM). The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a number of practical advantages over current revocation techniques. The benefits include simplified validation of digital signatures, efficient certificate revocation for legacy systems and fast revocation of signature and decryption capabilities. This paper discusses both the architecture and the implementation of our approach as well as its performance and compatibility with the existing infrastructure. Experimental results demonstrate its practical aspects.
Proactive TwoParty Signatures for User Authentication
 Proc. 10th Annual Network and Distributed System Security Symposium (NDSS’03), The Internet Society
, 2003
"... We study proactive twoparty signature schemes in the context of user authentication. A proactive twoparty signature scheme (P2SS) allows two partiesthe client and the serverjointly to produce signatures and periodically to refresh their sharing of the secret key. The signature generation rem ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
We study proactive twoparty signature schemes in the context of user authentication. A proactive twoparty signature scheme (P2SS) allows two partiesthe client and the serverjointly to produce signatures and periodically to refresh their sharing of the secret key. The signature generation remains secure as long as both parties are not compromised between successive refreshes. We construct the first such proactive scheme based on the discrete log assumption by efficiently transforming Schnorr's popular signature scheme into a P2SS. We also extend our technique to the signature scheme of Guillou and Quisquater (GQ), providing two practical and efficient P2SSs that can be proven secure in the random oracle model under standard discrete log or RSA assumptions.
An AbuseFree Fair Contract Signing Protocol Based on the RSA Signature
, 2005
"... A fair contract signing protocol allows two potentially mistrusted parities to exchange their commitments (i.e., digital signatures) to an agreed contract over the Internet in a fair way, so that either each of them obtains the other's signature, or neither party does. Based on the RSA signatur ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
(Show Context)
A fair contract signing protocol allows two potentially mistrusted parities to exchange their commitments (i.e., digital signatures) to an agreed contract over the Internet in a fair way, so that either each of them obtains the other's signature, or neither party does. Based on the RSA signature scheme, a new digital contract signing protocol is proposed in this paper. Like the existing RSAbased solutions for the same problem, our protocol is not only fair, but also optimistic, since the third trusted party is involved only in the situations where one party is cheating or the communication channel is interrupted. Furthermore, the proposed protocol satisfies a new property, i.e., it is abusefree. That is, if the protocol is executed unsuccessfully, none of the two parties can show the validity of intermediate results to others. Technical details are provided to analyze the security and performance of the proposed protocol. In summary, we present the first abusefree fair contract signing protocol based on the RSA signature, and show that it is both secure and e#cient.
Separation Results on the “OneMore ” Computational Problems
"... the notion of “onemore ” computational problems. Since their introduction, these problems have found numerous applications in cryptography. For instance, Bellare et al. showed how they lead to a proof of security for Chaum’s RSAbased blind signature scheme in the random oracle model. In this paper ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
the notion of “onemore ” computational problems. Since their introduction, these problems have found numerous applications in cryptography. For instance, Bellare et al. showed how they lead to a proof of security for Chaum’s RSAbased blind signature scheme in the random oracle model. In this paper, we provide separation results for the computational hierarchy of a large class of algebraic “onemore ” computational problems (e.g. the onemore discrete logarithm problem, the onemore RSA problem and the onemore static Computational DiffieHellman problem in a bilinear setting). We also give some cryptographic implications of these results and, in particular, we prove that it is very unlikely, that one will ever be able to prove the unforgeability of Chaum’s RSAbased blind signature scheme under the sole RSA assumption. Keywords: “Onemore ” problems, Blackbox reductions, Random selfreducible problems, Algebraic algorithms.
An Improved Security Enabled Distribution of Protected Cloud Storage Services by Zero Knowledge Proof based on RSA Assumption
"... Cloud computing dynamically provides high quality cloudbased secure services and applications over the internet. The efficient sharing of secure cloud storage services (ESC) scheme which allows the upperlevel user to share the secure cloud storage services with multiple lowerlevel users. In hierar ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Cloud computing dynamically provides high quality cloudbased secure services and applications over the internet. The efficient sharing of secure cloud storage services (ESC) scheme which allows the upperlevel user to share the secure cloud storage services with multiple lowerlevel users. In hierarchical identitybased architecture, the sender needs to encrypt a file only once and store only one copy of the corresponding ciphertext in a cloud. The lowerlevel user needs to decrypt a file which will increase the computational overhead, because the lowerlevel user does not perform any partial decipherment. In this paper, we propose a Trapdoor commitment scheme that enables a lowerlevel user to send a short trapdoor to the cloud service provider before retrieving files. This scheme allows the CSP to participate in the partial decipherment, so as to reduce computational overhead on the users without leaking any information about the plaintext. If a lowerlevel user wants to retrieve a file with limited bandwidth, CPU and memory, the trapdoor which will largely helps to reduce computational power. Keywords Hierarchical identitybased encryption; secure storage; trapdoor; partial decipherment. 1.
Automatic Generation of TwoParty Computations (Extended Abstract)
, 2003
"... We present the design and implementation of a compiler that automatically generates protocols that perform twoparty computations. The input to our protocol is the specification of a computation with secret inputs (e.g., a signature algorithm) expressed using operations in the field Zq of integers ..."
Abstract
 Add to MetaCart
We present the design and implementation of a compiler that automatically generates protocols that perform twoparty computations. The input to our protocol is the specification of a computation with secret inputs (e.g., a signature algorithm) expressed using operations in the field Zq of integers modulo a prime q and in the multiplicative subgroup of order q in Z # p for qp 1 with generator g. The output of our compiler is an implementation of each party in a twoparty protocol to perform the same computation securely, i.e., so that both parties can together compute the function but neither can alone. The protocols generated by our compiler are provably secure, in that their strength can be reduced to that of the original cryptographic computation via simulation arguments. Our compiler can be applied to various cryptographic primitives (e.g., signature schemes, encryption schemes, oblivious transfer protocols) and other protocols that employ a trusted party (e.g., key retrieval, key distribution).