This paper builds on the multi-time signature scheme proposed by Merkle. We prove that the original scheme is existentially unforgeable under adaptive chosen message attack. Moreover, we present an improved version which has three advantages: It is provably forward secure. The number of signatures that can be made with one private key is -- in a practical sense -- unlimited. Finally, the cost for key generation is kept low. The theoretical exposition is complemented...

Distributed systems experience and should tolerate faults beyond simple component crashes as such systems grow in size and importance. Unfortunately, tolerating arbitrary faults, also known as Byzantine faults, poses several challenges to system designers, often limiting performance, requiring additional hardware, or both. This dissertation presents new protocols that provide substantially better performance than previously demonstrated. The Byzantine fault-tolerant erasure-coded block storage protocol proposed in this thesis provides 40 % higher write throughput than the best prior approach. The Byzantine fault-tolerant replicated state machine provides a factor of 2.2–2.9 times

A secure hash structure in Random Oracle Model may not be a secure model in true design. In this paper, we give an integrated proof method on security proof of iterated hash structure. Based on the proof method, we can distinguish the security of Merkel-Damagård structure, wide-pipe hash, double-pipe hash and 3c hash and know the requirement of true design on compression function, and give a new recommend structure. At last, we give new hash structure, MAC structure, encryption model, which use same block cipher round function and key schedule algorithm, the security proofs on those structures are given.

Abstract. We revisit the enhanced target collision resistance (eTCR) property as a newly emerged notion of security for dedicated-key hash functions, which has been put forth by Halevi and Krawczyk at CRYPTO’06, in conjunction with the Randomized Hashing mode to achieve this property. Our contribution is twofold. Firstly, we provide a full picture of the relationships between eTCR and each of the seven security properties for a dedicatedkey hash function, considered by Rogaway and Shrimpton at FSE’04; namely, collision resistance (CR), the three variants of second-preimage resistance (Sec, aSec, eSec) and the three variants of preimage resistance (Pre, aPre, ePre). The results show that, for an arbitrary dedicated-key hash function, eTCR is not implied by any of these seven properties, and it can only imply three of the properties; namely, eSec (TCR), Sec, Pre. In the second part of the paper, we analyze the eTCR preservation capabilities of several domain extension transforms (a.k.a. modes of operation) for hash functions, including (Plain, Strengthened, and Prefix-free) Merkle-Damg˚ard, Randomized Hashing, Shoup, Enveloped Shoup, XOR Linear Hash (XLH), and Linear Hash (LH). From this analysis it turns out that, with the exception of a nested variant of LH, none of the investigated transforms can preserve the eTCR property.

We study an extension of the well-known Abadi-Rogaway logic with hashes. Previously, we have given a sound computational interpretation of this extension using Canetti's oracle hashing. This paper extends Micciancio and Warinschi's completeness result for the original logic to this setting.

This document is intended as a response to the call for comments by NIST related to the establishment of design and evaluation criteria for the upcoming hash competition. We start by presenting a list of specific recommendations for NIST’s consideration and then follow with an article that expands on these recommendations and their rationale. We intend the list of recommendations also as an “executive summary ” of the article for those not interested in the full details of our discussion. Our approach is that due to the wide range of cryptographic applications for which the new hash function is intended (as implied by the FIPS 180-2 hash standard), NIST should select a relatively small set of core functionalities to serve as the basis for applicability of the new function, and derive from it a corresponding set of core security requirements that will serve as design and evaluation criteria in the competition. Moreover, we strongly recommend that NIST requires submitters of new functions to explicitly specify how to use the proposed function to achieve each one of the core functionalities, including the specification of how to key the function in keyed applications (for example, how to use the hash function to implement a PRF). We include detailed rationale for our recommendations as well as specific suggestions and considerations relevant to the planning of the upcoming hash competition.

A direct implication of both the industry and academia proclaiming the Age of Tera-(even the Peta)-scale computing, is that applications have become more data intensive than ever. The increased data volume from applications tackling larger and larger problems has fueled the need for efficient management of this data. In this thesis, we evaluate a technique called Content Addressable Storage or CAS, for managing large volumes of data. This evaluation focuses on the benefits and demerits of using CAS for, i) improved application performance via lockless and lightweight synchronization of accesses to shared storage data; ii) improved cache performance; iii) increase in storage capacity; and, iv) increased network bandwidth. We present the design of a CAS-based file store that significantly improves the storage performance providing lightweight and lock-less user-defined consistency semantics. As a result, our file-system shows a 28% increase in read-bandwidth and a 13 % increase in write bandwidth, over a popular file-system in common use. We use the same experimental file-system to analyze CAS on data from real world application benchmarks. We also estimate the potential benefits of using CAS for a virtual

This thesis is typeset using LATEX. Cover: Zimmermann Telegram, written by German Foreign Secretary Arthur Zimmermann, is an encrypted message sent to Mexico, proposing a military alliance against the United States. It was intercepted and decrypted by British cryptographers. The telegram inflamed American public opinion and draw the United States to declare war against Germany in 1917. The bookmarker contains the telegram as partially decrypted by the British cryptographers of Room 40.

Abstract. With the security of standardised cryptographic hash functions in question, interest in new designs based on provably secure foundations has been reignited. LASH is a hash function design whose security is related to hard lattice problems. Although the tightness of the security reduction is dubious, LASH makes an interesting trade-off in that it is claimed to offer efficient implementations in comparison to alternatives such as VSH. In this paper we investigate this claim by investigating implementations of LASH in software and hardware, and by examining the issue of physical security; all of these aspects are crucial to the deployment of LASH in an embedded environment. 1

In Cryptography, hash functions play a fundamental role in mapping messages into hash codes, where hash codes are served as compact representative of input messages. The hash function is a many-to-one function. Same hash function can be generated from different input messages, implying that the existence of collisions. Cryptographic hash functions are used for data integrity in conjunction with digital signature schemes, where a message is hashed first, and then the hash-value is used as a representative of the message, and is signed in place of the original message. Keyed hash functions whose specific purpose is message authentication are called message authentication code (MAC) algorithms. In this paper, we use the NMACA technique that is proposed in a previous paper, where the MAC key is used in building the hash functions by defining the order for accessing source words and defining the number of bit positions for left shifts. Our main contribution is using a new hashing technique that is based on language interpreters. In other words, our hash function is dynamic and depends on the code being hashed, and is not fixed as in the case of most hash functions used in cryptography. The used language interpreters are used in accordance with a secret key to form a fast robust MAC algorithm. A language and an interpreter induced from the input message will be defined while the key will be used also to permute the input message. 1.