Results 1  10
of
127
A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack
 CRYPTO '98
, 1998
"... A new public key cryptosystem is proposed and analyzed. The scheme is quite practical, and is provably secure against adaptive chosen ciphertext attack under standard intractability assumptions. There appears to be no previous cryptosystem in the literature that enjoys both of these properties simu ..."
Abstract

Cited by 540 (17 self)
 Add to MetaCart
(Show Context)
A new public key cryptosystem is proposed and analyzed. The scheme is quite practical, and is provably secure against adaptive chosen ciphertext attack under standard intractability assumptions. There appears to be no previous cryptosystem in the literature that enjoys both of these properties simultaneously.
Optimistic fair exchange of digital signatures
 IEEE Journal on Selected Areas in Communications
, 1998
"... Abstract. We present a new protocol that allows two players to exchange digital signatures over the Internet in a fair way, so that either each player gets the other’s signature, or neither player does. The obvious application is where the signatures represent items of value, for example, an elect ..."
Abstract

Cited by 290 (10 self)
 Add to MetaCart
Abstract. We present a new protocol that allows two players to exchange digital signatures over the Internet in a fair way, so that either each player gets the other’s signature, or neither player does. The obvious application is where the signatures represent items of value, for example, an electronic check or airline ticket. The protocol can also be adapted to exchange encrypted data. The protocol relies on a trusted third party, but is “optimistic, ” in that the third party is only needed in cases where one player attempts to cheat or simply crashes. A key feature of our protocol is that a player can always force a timely and fair termination, without the cooperation of the other player. 1
Design and Analysis of Practical PublicKey Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack
 SIAM Journal on Computing
, 2001
"... A new public key encryption scheme, along with several variants, is proposed and analyzed. The scheme and its variants are quite practical, and are proved secure against adaptive chosen ciphertext attack under standard intractability assumptions. These appear to be the first publickey encryption sc ..."
Abstract

Cited by 231 (11 self)
 Add to MetaCart
(Show Context)
A new public key encryption scheme, along with several variants, is proposed and analyzed. The scheme and its variants are quite practical, and are proved secure against adaptive chosen ciphertext attack under standard intractability assumptions. These appear to be the first publickey encryption schemes in the literature that are simultaneously practical and provably secure.
Secure Distributed Key Generation for DiscreteLog Based Cryptosystems
, 1999
"... Abstract. Distributed key generation is a main component of threshold cryptosystems and distributed cryptographic computing in general. Solutions to the distributed generation of private keys for discretelog based cryptosystems have been known for several years and used in a variety of protocols an ..."
Abstract

Cited by 172 (5 self)
 Add to MetaCart
Abstract. Distributed key generation is a main component of threshold cryptosystems and distributed cryptographic computing in general. Solutions to the distributed generation of private keys for discretelog based cryptosystems have been known for several years and used in a variety of protocols and in many research papers. However, these solutions fail to provide the full security required and claimed by these works. We show how an active attacker controlling a small number of parties can bias the values of the generated keys, thus violating basic correctness and secrecy requirements of a key generation protocol. In particular, our attacks point out to the places where the proofs of security fail. Based on these findings we designed a distributed key generation protocol which we present here together with a rigorous proof of security. Our solution, that achieves optimal resiliency, can be used as a dropin replacement for key generation modules as well as other components of threshold or proactive discretelog based cryptosystems.
Practical Verifiable Encryption and Decryption of Discrete Logarithms
, 2003
"... This paper addresses the problem of designing practical protocols for proving properties about encrypted data. To this end, it presents a variant of the new public key encryption of Cramer and Shoup based on Paillier’s decision composite residuosity assumption, along with efficient protocols for ve ..."
Abstract

Cited by 169 (24 self)
 Add to MetaCart
(Show Context)
This paper addresses the problem of designing practical protocols for proving properties about encrypted data. To this end, it presents a variant of the new public key encryption of Cramer and Shoup based on Paillier’s decision composite residuosity assumption, along with efficient protocols for verifiable encryption and decryption of discrete logarithms (and more generally, of representations with respect to multiple bases). This is the first verifiable encryption system that provides chosen ciphertext security and avoids inefficient cutandchoose proofs. The presented protocols have numerous applications, including key escrow, optimistic fair exchange, publicly verifiable secret and signature sharing, universally composable commitments, group signatures, and confirmer signatures.
Privacypreserving set operations
 in Advances in Cryptology  CRYPTO 2005, LNCS
, 2005
"... In many important applications, a collection of mutually distrustful parties must perform private computation over multisets. Each party’s input to the function is his private input multiset. In order to protect these private sets, the players perform privacypreserving computation; that is, no part ..."
Abstract

Cited by 161 (0 self)
 Add to MetaCart
(Show Context)
In many important applications, a collection of mutually distrustful parties must perform private computation over multisets. Each party’s input to the function is his private input multiset. In order to protect these private sets, the players perform privacypreserving computation; that is, no party learns more information about other parties ’ private input sets than what can be deduced from the result. In this paper, we propose efficient techniques for privacypreserving operations on multisets. By employing the mathematical properties of polynomials, we build a framework of efficient, secure, and composable multiset operations: the union, intersection, and element reduction operations. We apply these techniques to a wide range of practical problems, achieving more efficient results than those of previous work.
Sharing decryption in the context of voting or lotteries
, 2000
"... Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform computation with encrypted data without the knowledge of any secret information. In many applications, the ability to perform decryption, i.e. the knowledge of the secret key, giv ..."
Abstract

Cited by 96 (6 self)
 Add to MetaCart
(Show Context)
Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform computation with encrypted data without the knowledge of any secret information. In many applications, the ability to perform decryption, i.e. the knowledge of the secret key, gives a huge power. A classical way to reduce the trust in such a secret owner, and consequently to increase the security, is to share the secret between many entities in such a way that cooperation between them is necessary to decrypt. In this paper, we propose a distributed version of the Paillier cryptosystem presented at Eurocrypt ’99. This shared scheme can for example be used in an electronic voting scheme or in a lottery where a random number related to the winning ticket has to be jointly chosen by all participants.
Formal Proofs for the Security of Signcryption
 In PKC ’02
, 2002
"... Signcryption is a public key or asymmetric cryptographic method that provides simultaneously both message confidentiality and unforgeability at a lower computational and communication overhead. ..."
Abstract

Cited by 85 (3 self)
 Add to MetaCart
(Show Context)
Signcryption is a public key or asymmetric cryptographic method that provides simultaneously both message confidentiality and unforgeability at a lower computational and communication overhead.
REACT: Rapid Enhancedsecurity Asymmetric Cryptosystem Transform
 CTRSA 2001, volume 2020 of LNCS
, 2001
"... Abstract. Seven years after the optimal asymmetric encryption padding (OAEP) which makes chosenciphertext secure encryption scheme from any trapdoor oneway permutation (but whose unique application is RSA), this paper presents REACT, a new conversion which applies to any weakly secure cryptosystem ..."
Abstract

Cited by 85 (19 self)
 Add to MetaCart
(Show Context)
Abstract. Seven years after the optimal asymmetric encryption padding (OAEP) which makes chosenciphertext secure encryption scheme from any trapdoor oneway permutation (but whose unique application is RSA), this paper presents REACT, a new conversion which applies to any weakly secure cryptosystem, in the random oracle model: it is optimal from both the computational and the security points of view. Indeed, the overload is negligible, since it just consists of two more hashings for both encryption and decryption, and the reduction is very tight. Furthermore, advantages of REACT beyond OAEP are numerous: 1. it is more general since it applies to any partially trapdoor oneway function (a.k.a. weakly secure publickey encryption scheme) and therefore provides security relative to RSA but also to the DiffieHellman problem or the factorization; 2. it is possible to integrate symmetric encryption (block and stream ciphers) to reach very high speed rates; 3. it provides a key distribution with session key encryption, whose overall scheme achieves chosenciphertext security even with weakly secure symmetric scheme. Therefore, REACT could become a new alternative to OAEP, and even reach security relative to factorization, while allowing symmetric integration.
Direct Chosen Ciphertext Security from IdentityBased Techniques
 In ACM Conference on Computer and Communications Security
, 2005
"... We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very e#cient IdentityBased Encryption (IBE) schemes without random oracles due to Boneh and Boyen, and Waters. ..."
Abstract

Cited by 83 (6 self)
 Add to MetaCart
We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very e#cient IdentityBased Encryption (IBE) schemes without random oracles due to Boneh and Boyen, and Waters.