Results 11  20
of
125
On Formal Models for Secure Key Exchange
, 1999
"... A new formal security model for session key exchange protocols in the public key setting is proposed, and several efficient protocols are analyzed in this model. The relationship between this new model and previously proposed models is explored, and several interesting, subtle distinctions between s ..."
Abstract

Cited by 80 (2 self)
 Add to MetaCart
(Show Context)
A new formal security model for session key exchange protocols in the public key setting is proposed, and several efficient protocols are analyzed in this model. The relationship between this new model and previously proposed models is explored, and several interesting, subtle distinctions between static and adaptive adversaries are explored. We also give a brief account of anonymous users.
Using Hash Functions as a Hedge against Chosen Ciphertext Attack
, 2000
"... The cryptosystem recently proposed by Cramer and Shoup [5] is a practical public key cryptosystem that is secure against adaptive chosen ciphertext attack provided the Decisional DiffieHellman assumption is true. Although this is a reasonable intractability assumption, it would be preferable to bas ..."
Abstract

Cited by 70 (7 self)
 Add to MetaCart
(Show Context)
The cryptosystem recently proposed by Cramer and Shoup [5] is a practical public key cryptosystem that is secure against adaptive chosen ciphertext attack provided the Decisional DiffieHellman assumption is true. Although this is a reasonable intractability assumption, it would be preferable to base a security proof on a weaker assumption, such as the Computational DiffieHellman assumption. Indeed, this cryptosystem in its most basic form is in fact insecure if the Decisional DiffieHellman assumption is false. In this paper we present a practical hybrid scheme that is just as efficient as the scheme of of Cramer and Shoup; we prove that the scheme is secure if the Decisional DiffieHellman assumption is true; we give strong evidence that the scheme is secure if the weaker, Computational DiffieHellman assumption is true by providing a proof of security in the random oracle model.
Quasiefficient revocation of group signatures
 Proceedings of Financial Cryptography 2002
, 2002
"... Abstract. A group signature scheme allows any group member to sign on behalf of the group in an anonymous and unlinkable fashion. In the event of a dispute, a designated trusted entity can reveal the identity of the signer. Group signatures are claimed to have many useful applications such as voting ..."
Abstract

Cited by 60 (2 self)
 Add to MetaCart
(Show Context)
Abstract. A group signature scheme allows any group member to sign on behalf of the group in an anonymous and unlinkable fashion. In the event of a dispute, a designated trusted entity can reveal the identity of the signer. Group signatures are claimed to have many useful applications such as voting and electronic cash. A number of group signature schemes have been proposed todate. However, in order for the whole group signature concept to become practical and credible, the problem of secure and efficient group member revocation must be addressed. In this paper, we construct a new revocation method for group signatures based on the signature scheme by Ateniese et al. [ACJT]. This new method represents an advance in the stateoftheart since the only revocation schemes proposed thus far are either: 1) based on implicit revocation and the use of fixed time periods, or 2) require the signature size to be linear in the number of revoked members. Our method, in contrast, does not rely on time periods, offers constantlength signatures and constant work for the signer.
Fairness in Electronic Commerce
, 1998
"... Commerce over open networks like the Internet, sometimes referred to as electronic commerce, is becoming more widespread. This makes it important to study, and solve the security problems associated with electronic commerce. There are three prominent characteristics of commerce which are relevant in ..."
Abstract

Cited by 60 (0 self)
 Add to MetaCart
(Show Context)
Commerce over open networks like the Internet, sometimes referred to as electronic commerce, is becoming more widespread. This makes it important to study, and solve the security problems associated with electronic commerce. There are three prominent characteristics of commerce which are relevant in this respect. First, the crux of a commercial transaction is usually one or more exchanges of items of value. Second, players in a commercial transaction do not necessarily trust each other fully. Thus, protecting players from each other is as important as protecting them from outside attackers. Third, commercial transactions have legal significance. Therefore, it must be possible to gather sufficient evidence during the transaction to enable correctly behaving players to win any subsequent disputes. This dissertation addresses the problem of fairness in electronic commerce. A system that does not discriminate against a correctly behaving player is said to be fair. Several protocols are pr...
Verifiable encryption, group encryption, and their applications to group signatures and signature sharing schemes
, 2000
"... Abstract. We generalize and improve the security and efficiency ofthe verifiable encryption scheme ofAsokan et al., such that it can rely on more general assumptions, and can be proven secure without assuming random oracles. We extend our basic protocol to a new primitive called verifiable group enc ..."
Abstract

Cited by 54 (9 self)
 Add to MetaCart
(Show Context)
Abstract. We generalize and improve the security and efficiency ofthe verifiable encryption scheme ofAsokan et al., such that it can rely on more general assumptions, and can be proven secure without assuming random oracles. We extend our basic protocol to a new primitive called verifiable group encryption. We show how our protocols can be applied to construct group signatures, identity escrow, and signature sharing schemes from a wide range of signature, identification, and encryption schemes already in use. In particular, we achieve perfect separability for all these applications, i.e., all participants can choose their signature and encryption schemes and the keys thereofindependent ofeach other, even without having these applications in mind. 1
Offline Fair Payment Protocols using Convertible Signatures
, 1998
"... . An exchange or payment protocol is considered fair if neither of the two parties exchanging items or payment at any time during the protocol has a significant advantage over the other entity. Fairness is an important property for electronic commerce. This paper identifies a design framework ba ..."
Abstract

Cited by 52 (0 self)
 Add to MetaCart
. An exchange or payment protocol is considered fair if neither of the two parties exchanging items or payment at any time during the protocol has a significant advantage over the other entity. Fairness is an important property for electronic commerce. This paper identifies a design framework based on existing fair protocols which use offline trusted third parties, but with convertible signatures as the underlying mechanism. We show that in principle any convertible signature scheme can be used to design a fair payment protocol. A specific protocol is detailed based on RSA undeniable signatures which is more efficient than other similar fair payment schemes. Furthermore, in this protocol the final signature obtained is always an ordinary RSA signature. 1 Introduction As more and more electronic transactions are being conducted on insecure networks, it is becoming obvious that electronic transactions are governed by different forces from the ones which affect normal physical...
Oblivious Transfer with Adaptive Queries
 Proc. CRYPTO, Springer LNCS
, 1999
"... . We provide protocols for the following twoparty problem: One party, the sender, has N values and the other party, the receiver, would like to learn k of them, deciding which ones in an adaptive manner (i.e. the ith value may depend on the first i \Gamma 1 values). The sender does not want the rec ..."
Abstract

Cited by 47 (2 self)
 Add to MetaCart
(Show Context)
. We provide protocols for the following twoparty problem: One party, the sender, has N values and the other party, the receiver, would like to learn k of them, deciding which ones in an adaptive manner (i.e. the ith value may depend on the first i \Gamma 1 values). The sender does not want the receiver to obtain more than k values. This is a variant of the well known Oblivious Transfer (OT) problem and has applications in protecting privacy in various settings. We present efficient protocols for the problem that require an O(N) computation in the preprocessing stage and fixed computation (independent of k) for each new value the receiver obtains. The online computation involves roughly log N invocations of a 1out2 OT protocol. The protocols are based on a new primitive, sum consistent synthesizers. 1 Introduction Oblivious Transfer (abbrev. OT) refers to several types of twoparty protocols where at the beginning of the protocol one party, the Sender (or sometimes Bob or B), has ...
Adaptive Security for Multilayer Adhoc Networks
 SPECIAL ISSUE OF WIRELESS COMMUNICATIONS AND MOBILE COMPUTING
, 2002
"... Secure communication is critical in military environments where the network infrastructure is vulnerable to various attacks and compromises. A conventional centralized solution breaks down when the security servers are destroyed by the enemies. In this paper we design and evaluate a security framewo ..."
Abstract

Cited by 46 (3 self)
 Add to MetaCart
(Show Context)
Secure communication is critical in military environments where the network infrastructure is vulnerable to various attacks and compromises. A conventional centralized solution breaks down when the security servers are destroyed by the enemies. In this paper we design and evaluate a security framework for multilayer adhoc wireless networks with unmanned aerial vehicles (UAVs). In battlefields, the framework adapts to the contingent damages on the network infrastructure. Depending
Secure Multiparty Computation for PrivacyPreserving Data Mining
, 2008
"... In this paper, we survey the basic paradigms and notions of secure multiparty computation and discuss their relevance to the field of privacypreserving data mining. In addition to reviewing definitions and constructions for secure multiparty computation, we discuss the issue of efficiency and demon ..."
Abstract

Cited by 46 (0 self)
 Add to MetaCart
(Show Context)
In this paper, we survey the basic paradigms and notions of secure multiparty computation and discuss their relevance to the field of privacypreserving data mining. In addition to reviewing definitions and constructions for secure multiparty computation, we discuss the issue of efficiency and demonstrate the difficulties involved in constructing highly efficient protocols. We also present common errors that are prevalent in the literature when secure multiparty computation techniques are applied to privacypreserving data mining. Finally, we discuss the relationship between secure multiparty computation and privacypreserving data mining, and show which problems it solves and which problems it does not. 1
Privacypreserving audit and extraction of digital contents
, 2008
"... A growing number of online services, such as Google, Yahoo!, and Amazon, are starting to ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
(Show Context)
A growing number of online services, such as Google, Yahoo!, and Amazon, are starting to