Results 1  10
of
18
Tamper Detection in Audit Logs
 IN PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON VERY LARGE DATABASES
, 2004
"... Audit logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and ..."
Abstract

Cited by 45 (6 self)
 Add to MetaCart
(Show Context)
Audit logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and inalterable. It is not su# cient to say, "our data is correct, because we store all interactions in a separate audit log." The integrity of the audit log itself must also be guaranteed. This paper proposes mechanisms within a database management system (DBMS), based on cryptographically strong oneway hash functions, that prevent an intruder, including an auditor or an employee or even an unknown bug within the DBMS itself, from silently corrupting the audit log. We propose that the DBMS store additional information in the database to enable a separate audit log validator to examine the database along with this extra information and state conclusively whether the audit log has been compromised.
Creating Strong Total Commutative Associative OneWay Functions from Any OneWay Function
 JOURNAL OF COMPUTER AND SYSTEM SCIENCES
, 1998
"... Rabi and Sherman [RS97] presented novel digital signature and unauthenticated secretkey agreement protocols, developed by themselves and by Rivest and Sherman. These protocols use "strong," total, commutative (in the case of multiparty secretkey agreement), associative oneway functions ..."
Abstract

Cited by 16 (8 self)
 Add to MetaCart
Rabi and Sherman [RS97] presented novel digital signature and unauthenticated secretkey agreement protocols, developed by themselves and by Rivest and Sherman. These protocols use "strong," total, commutative (in the case of multiparty secretkey agreement), associative oneway functions as their key building blocks. Though Rabi and Sherman did prove that associative oneway functions exist if P 6= NP, they left as an open question whether any natural complexitytheoretic assumption is sufficient to ensure the existence of "strong," total, commutative, associative oneway functions. In this paper, we prove that if P 6= NP then "strong," total, commutative, associative oneway functions exist.
Algebraic properties for selector functions
 SIAM JOURNAL ON COMPUTING
, 2005
"... The nondeterministic advice complexity of the Pselective sets is known to be exactly linear. Regarding the deterministic advice complexity of the Pselective sets—i.e., the amount of Karp– Lipton advice needed for polynomialtime machines to recognize them in general—the best current upper bound is ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
The nondeterministic advice complexity of the Pselective sets is known to be exactly linear. Regarding the deterministic advice complexity of the Pselective sets—i.e., the amount of Karp– Lipton advice needed for polynomialtime machines to recognize them in general—the best current upper bound is quadratic [Ko83] and the best current lower bound is linear [HT96]. We prove that every associatively Pselective set is commutatively, associatively Pselective. Using this, we establish an algebraic sufficient condition for the Pselective sets to have a linear upper bound (which thus would match the existing lower bound) on their deterministic advice complexity: If all Pselective sets are associatively Pselective then the deterministic advice complexity of the Pselective sets is linear. The weakest previously known sufficient condition was P = NP. We also establish related results for algebraic properties of, and advice complexity of, the nondeterministically selective sets.
If P != NP then Some Strongly Noninvertible Functions are Invertible
 IN PROCEEDINGS OF THE 13TH INTERNATIONAL SYMPOSIUM ON FUNDAMENTALS OF COMPUTATION THEORY
, 2000
"... Rabi, Rivest, and Sherman alter the standard notion of noninvertibility to a new notion they call strong noninvertibility, and show  via explicit cryptographic protocols for secretkey agreement ([RS93,RS97] attribute this to Rivest and Sherman) and digital signatures [RS93,RS97]  that strong ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
Rabi, Rivest, and Sherman alter the standard notion of noninvertibility to a new notion they call strong noninvertibility, and show  via explicit cryptographic protocols for secretkey agreement ([RS93,RS97] attribute this to Rivest and Sherman) and digital signatures [RS93,RS97]  that strongly noninvertible functions would be very useful components in protocol design. Their denition of strong noninvertibility has a small twist (\respecting the argument given") that is needed to ensure cryptographic usefulness. In this paper, we show that this small twist has a large, unexpected consequence: Unless P = NP, some strongly noninvertible functions are invertible.
Low ambiguity in strong, total, associative, oneway functions
, 2000
"... Rabi and Sherman [RS97] present a cryptographic paradigm based on associative, oneway functions that are strong (i.e., hard to invert even if one of their arguments is given) and total. Hemaspaandra and Rothe [HR99] proved that such powerful oneway functions exist exactly if (standard) oneway fun ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Rabi and Sherman [RS97] present a cryptographic paradigm based on associative, oneway functions that are strong (i.e., hard to invert even if one of their arguments is given) and total. Hemaspaandra and Rothe [HR99] proved that such powerful oneway functions exist exactly if (standard) oneway functions exist, thus showing that the associative oneway function approach is as plausible as previous approaches. In the present paper, we study the degree of ambiguity of oneway functions. Rabi and Sherman showed that no associative oneway function (over a universe having at least two elements) can be unambiguous (i.e., onetoone). Nonetheless, we prove that if standard, unambiguous, oneway functions exist, then there exist strong, total, associative, oneway functions that are O(n)toone. This puts a reasonable upper bound on the ambiguity. Our other main results are: 1. P = FewP if and only if there exists an (n O(1))toone, strong, total AOWF. 2. No O(1)toone total, associative functions exist in Σ ∗ × Σ ∗ → Σ ∗. 3. For every nondecreasing, unbounded, total, recursive function g: N → N, there is a g(n)toone, total, commutative, associative, recursive function in Σ ∗ × Σ ∗ → Σ ∗.
Enforcing and defying associativity, commutativity, totality, and strong noninvertibility for oneway functions in complexity theory
 In ICTCS
, 2005
"... Rabi and Sherman [RS97,RS93] proved that the hardness of factoring is a sufficient condition for there to exist oneway functions (i.e., ptime computable, honest, ptime noninvertible functions) that are total, commutative, and associative but not strongly noninvertible. In this paper we improve th ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Rabi and Sherman [RS97,RS93] proved that the hardness of factoring is a sufficient condition for there to exist oneway functions (i.e., ptime computable, honest, ptime noninvertible functions) that are total, commutative, and associative but not strongly noninvertible. In this paper we improve the sufficient condition to P = NP. More generally, in this paper we completely characterize which types of oneway functions stand or fall together with (plain) oneway functions—equivalently, stand or fall together with P = NP. We look at the four attributes used in Rabi and Sherman’s seminal work on algebraic properties of oneway functions (see [RS97,RS93]) and subsequent papers—strongness (of noninvertibility), totality, commutativity, and associativity—and for each attribute, we allow it to be required to hold, required to fail, or “don’t care. ” In this categorization there are 3 4 = 81 potential types of oneway functions. We prove that each of these 81 featureladen types stand or fall together with the existence of (plain) oneway functions. Key words: computational complexity, complexitytheoretic oneway functions, associativity, 1.1
A new cryptosystem based on hidden order groups. Cryptology ePrint Archive, Report 2006/178, 2006. Available at http://eprint.iacr.org/2006/178.pdf
"... Let G1 be a cyclic multiplicative group of order n. It is known that the DiffieHellman problem is random selfreducible in G1 with respect to a fixed generator g if φ(n) is known. That is, given g, g x ∈ G1 and having oracle access to a ‘DiffieHellman Problem ’ solver with fixed generator g, it is ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Let G1 be a cyclic multiplicative group of order n. It is known that the DiffieHellman problem is random selfreducible in G1 with respect to a fixed generator g if φ(n) is known. That is, given g, g x ∈ G1 and having oracle access to a ‘DiffieHellman Problem ’ solver with fixed generator g, it is possible to compute g 1/x ∈ G1 in polynomial time (see theorem 3.2). On the other hand, it is not known if such a reduction exists when φ(n) is unknown (see conjuncture 3.1). We exploit this “gap” to construct a cryptosystem based on hidden order groups and present a practical implementation of a novel cryptographic primitive called an Oracle Strong Associative OneWay Function (OSAOWF). OSAOWFs have applications in multiparty protocols. We demonstrate this by presenting a key agreement protocol for dynamic adhoc groups. 1
Quantum Cryptography: A Survey
, 2005
"... We survey some results in quantum cryptography. After a brief introduction to classical cryptography, we provide the physical and mathematical background needed and present some fundamental protocols from quantum cryptography, including quantum key distribution and quantum bit commitment protocols. ..."
Abstract
 Add to MetaCart
We survey some results in quantum cryptography. After a brief introduction to classical cryptography, we provide the physical and mathematical background needed and present some fundamental protocols from quantum cryptography, including quantum key distribution and quantum bit commitment protocols. 1
Invertible calculation's noninvertibility
"... In cryptosystem theory, it is wellknown that a logical mapping that returns the same value that was used as its argument can be inverted with a zero failure probability in linear time. In this paper, however, I show that such a mapping, while trivially assigning a logical state to itself, comes up ..."
Abstract
 Add to MetaCart
(Show Context)
In cryptosystem theory, it is wellknown that a logical mapping that returns the same value that was used as its argument can be inverted with a zero failure probability in linear time. In this paper, however, I show that such a mapping, while trivially assigning a logical state to itself, comes up against an impassable entropy wall such that its computational path is undone inside the thresholds of the physical world. Present cryptologyrelated theory is heavily based on an unproven onewayness proposition of computational paths (15). This mathematical conjecture holds that there must be a onetoone correspondence for which the calculation in one direction is easy, while reconstructing the input state from the output state is hard – "easy " and "hard " are to be understood in the sense of timecomplexity (3,4,6,7). More specifically, this computational hardness proposition essentially requires the existence of an invertible function that is noninvertible (6,7). In the last few years, the idea has arisen that a proof of computational hardness is linked to physical constraints rather than purely mathematical limitations (812). Taking this new perspective into account, one could preliminarily infer that all previous efforts to prove the existence of a oneway
SIGACT News Complexity Theory Column 26
"... I n t roduct ion to Complex i ty Theory Co lumn 26 This issue's column overviews papers asking what additional algebraic and security properties oneway functions may have and whether equiring such properties is costly or a freebie. For example, it has recently been shown that if oneway functi ..."
Abstract
 Add to MetaCart
(Show Context)
I n t roduct ion to Complex i ty Theory Co lumn 26 This issue's column overviews papers asking what additional algebraic and security properties oneway functions may have and whether equiring such properties is costly or a freebie. For example, it has recently been shown that if oneway functions exist then strong, total, commutative, associative oneway functions exist. Looking towards the future, in the next issues will be guest columns by Madhu Sudan on listdecoding algorithms and applications, and by Ulrich Hertrampf on algebraic acceptance mechanisms for polynomialtime machines. OneWay Funct ions in Wors tCase Cryptography: A lgebra ic and Secur i ty P roper t ies are on the House I A l ina Beyge lz imer, ~ Lane A. Hemaspaandra, 2 Chr is topher M. Homan, ~ and J6rg Rothe ~ 1 Mot ivat ion