Results 1  10
of
16
Simultaneous hardcore bits and cryptography against memory attacks
 IN TCC
, 2009
"... This paper considers two questions in cryptography. Cryptography Secure Against Memory Attacks. A particularly devastating sidechannel attack against cryptosystems, termed the “memory attack”, was proposed recently. In this attack, a significant fraction of the bits of a secret key of a cryptograp ..."
Abstract

Cited by 82 (8 self)
 Add to MetaCart
(Show Context)
This paper considers two questions in cryptography. Cryptography Secure Against Memory Attacks. A particularly devastating sidechannel attack against cryptosystems, termed the “memory attack”, was proposed recently. In this attack, a significant fraction of the bits of a secret key of a cryptographic algorithm can be measured by an adversary if the secret key is ever stored in a part of memory which can be accessed even after power has been turned off for a short amount of time. Such an attack has been shown to completely compromise the security of various cryptosystems in use, including the RSA cryptosystem and AES. We show that the publickey encryption scheme of Regev (STOC 2005), and the identitybased encryption scheme of Gentry, Peikert and Vaikuntanathan (STOC 2008) are remarkably robust against memory attacks where the adversary can measure a large fraction of the bits of the secretkey, or more generally, can compute an arbitrary function of the secretkey of bounded output length. This is done without increasing the size of the secretkey, and without introducing any
Group Signatures: Better Efficiency and New Theoretical Aspects
 In proceedings of SCN ’04, LNCS series
, 2005
"... A group signature scheme allows members of a group to sign messages anonymously. To counter misuse, the socalled group manager can revoke the anonymity. ..."
Abstract

Cited by 47 (7 self)
 Add to MetaCart
A group signature scheme allows members of a group to sign messages anonymously. To counter misuse, the socalled group manager can revoke the anonymity.
A lengthflexible threshold cryptosystem with applications
 IN PROCEEDINGS OF ACISP ’03, LNCS SERIES
, 2003
"... ..."
A Generalization of Paillier's PublicKey System with Applications to Electronic Voting
 P Y A RYAN
, 2003
"... We propose a generalization of Paillier's probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key has been fixed, without losing the homomorphic property. We show that the generalization is as ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
(Show Context)
We propose a generalization of Paillier's probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key has been fixed, without losing the homomorphic property. We show that the generalization is as secure as Paillier's original system and propose several ways to optimize implementations of both the generalized and the original scheme. We construct
Extensions to the Paillier Cryptosystem with Applications to Cryptological Protocols
, 2003
"... The main contribution of this thesis is a simplification, a generalization and some modifications of the homomorphic cryptosystem proposed by Paillier in 1999, and several cryptological protocols that follow from these changes. The Paillier ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
(Show Context)
The main contribution of this thesis is a simplification, a generalization and some modifications of the homomorphic cryptosystem proposed by Paillier in 1999, and several cryptological protocols that follow from these changes. The Paillier
On the Provable Security of an Efficient RSABased Pseudorandom Generator
, 2006
"... Pseudorandom Generators (PRGs) based on the RSA inversion (onewayness) problem have been extensively studied in the literature over the last 25 years. These generators have the attractive feature of provable pseudorandomness security assuming the hardness of the RSA inversion problem. However, de ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Pseudorandom Generators (PRGs) based on the RSA inversion (onewayness) problem have been extensively studied in the literature over the last 25 years. These generators have the attractive feature of provable pseudorandomness security assuming the hardness of the RSA inversion problem. However, despite extensive study, the most efficient provably secure RSAbased generators output asymptotically only at most O(log n) bits per multiply modulo an RSA modulus of bitlength n, and hence are too slow to be used in many practical applications. To bring theory closer to practice, we present a simple modification to the proof of security by Fischlin and Schnorr of an RSAbased PRG, which shows that one can obtain an RSAbased PRG which outputs Ω(n) bits per multiply and has provable pseudorandomness security assuming the hardness of a wellstudied variant of the RSA inversion problem, where a constant fraction of the plaintext bits are given. Our result gives a positive answer to an open question posed by Gennaro (J. of Cryptology, 2005) regarding finding a PRG beating the rate O(log n) bits per multiply at the cost of a reasonable assumption on RSA inversion.
Practical affiliationhiding authentication from improved polynomial interpolation
 In ASIACCS’11
, 2011
"... Abstract. Among the plethora of privacyfriendly authentication techniques, affiliationhiding (AH) protocols are valuable for their ability to hide not only identities of communicating users behind their affiliations (memberships to groups), but also these affiliations from nonmembers. These qualit ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Among the plethora of privacyfriendly authentication techniques, affiliationhiding (AH) protocols are valuable for their ability to hide not only identities of communicating users behind their affiliations (memberships to groups), but also these affiliations from nonmembers. These qualities become increasingly important in our highly computerized usercentric information society, where privacy is an elusive good. Only little work on practical aspects of AH schemes, pursuing optimized implementations and deployment, has been done so far, and the main question a practitioner might ask — whether affiliationhiding schemes are truly practical today — remained widely unanswered. Improving upon recent advances in the area of AH protocols, in particular on pioneering results in the multiaffiliation setting, we can give an affirmative answer to this question. To this end, we propose numerous algorithmic optimizations to a recent AH scheme leading to a remarkable performance gain. Our results are demonstrated not only at theoretical level, but we also offer implementations, performance measurements, and comparisons. At the same time, our improvements advance the area of efficient polynomial interpolation in finite fields, which is one of our building blocks.
PolyMany Hardcore Bits for Any OneWay Function
, 2014
"... We show how to extract an arbitrary polynomial number of simultaneously hardcore bits from any oneway function. In the case the oneway function is injective or has polynomiallybounded preimage size, we assume the existence of indistinguishability obfuscation (iO). In the general case, we assume ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We show how to extract an arbitrary polynomial number of simultaneously hardcore bits from any oneway function. In the case the oneway function is injective or has polynomiallybounded preimage size, we assume the existence of indistinguishability obfuscation (iO). In the general case, we assume the existence of differinginput obfuscation (diO), but of a form weaker than full auxiliaryinput diO. Our construction for injective oneway functions extends to extract hardcore bits on multiple, correlated inputs, yielding new DPKE schemes.
An Efficient PseudoRandom Generator with Applications to PublicKey Encryption and ConstantRound Multiparty Computation
, 2001
"... We present a pseudorandom bit generator expanding a uniformly random bitstring r of length k/2, where k is the security parameter, into a pseudorandom bitstring of length 2k  log 2 (k) using one modular exponentiation. In contrast to all previous high expansionrate pseudorandom bit genera ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
We present a pseudorandom bit generator expanding a uniformly random bitstring r of length k/2, where k is the security parameter, into a pseudorandom bitstring of length 2k  log 2 (k) using one modular exponentiation. In contrast to all previous high expansionrate pseudorandom bit generators, no hashing is necessary. The security of the generator is proved relative to Paillier's composite degree residuosity assumption. As a first application of our pseudorandom bit generator we exploit its e#ciency to optimise Paillier's cryptosystem by a factor of (at least) 2 in both running time and usage of random bits. We then exploit the algebraic properties of the generator to construct an efficient protocol for secure constantround multiparty function evaluation in the cryptographic setting. This construction gives an improvement in communication complexity over previous protocols in the order of nk², where n is the number of participants and k is the security parameter, resulting in a communication complexity of O(nk² C) bits, where C is a Boolean circuit computing the function in question.
An improved pseudorandom generator based on hardness of factoring
 In Proc. 3rd SCN
, 2002
"... ..."