Results 1  10
of
15
Cryptographic HashFunction Basics: Definitions, Implications, and Separations for Preimage Resistance, SecondPreimage Resistance, and Collision Resistance
, 2004
"... We consider basic notions of security for cryptographic hash functions: collision resistance, preimage resistance, and secondpreimage resistance. We give seven di#erent definitions that correspond to these three underlying ideas, and then we work out all of the implications and separations among ..."
Abstract

Cited by 98 (4 self)
 Add to MetaCart
We consider basic notions of security for cryptographic hash functions: collision resistance, preimage resistance, and secondpreimage resistance. We give seven di#erent definitions that correspond to these three underlying ideas, and then we work out all of the implications and separations among these seven definitions within the concretesecurity, provablesecurity framework.
Postal revenue collection in the digital age
 In Proceedings of Financial Cryptography
, 2000
"... Abstract. In recent years postal revenue collection underwent a major transformation due to widespread transition to digital methods of communication. This transition directly affected not only telecommunications which form an integral part of the postal revenue collection but also, and in a much mo ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Abstract. In recent years postal revenue collection underwent a major transformation due to widespread transition to digital methods of communication. This transition directly affected not only telecommunications which form an integral part of the postal revenue collection but also, and in a much more profound way, postage evidencing. Traditional postage evidencing remained unchanged for several dozens years until the introduction of digital printing which drastically changed all its security related aspects and considerations. This paper defines conceptual foundations of the postal revenue collection system (which is simultaneously a payment system for mailers), fundamental requirements imposed by the nature of hardcopybased communication and suggests what the authors believe to be an optimal solution for public keybased postage evidencing founded on ellipticcurve cryptography.
Security proofs for the RSAPSS signature schemes and its variants
 SECOND OPEN NESSIE WORKSHOP
, 2001
"... We analyze the security of different versions of the adapted RSAPSS signature scheme, including schemes with variable salt lengths and message recovery. We also examine a variant with RabinWilliams (RW) as the underlying verication primitive. Our conclusion is that the security of RSAPSS and RWP ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
We analyze the security of different versions of the adapted RSAPSS signature scheme, including schemes with variable salt lengths and message recovery. We also examine a variant with RabinWilliams (RW) as the underlying verication primitive. Our conclusion is that the security of RSAPSS and RWPSS in the random oracle model can be tightly related to the hardness of inverting the underlying RSA and RW primitives, at least if the PSS salt length is reasonably large. Our security proofs are based on already existing work by Bellare and Rogaway [3] and by Coron [10], who examined signature schemes based on the original PSS encoding method.
Provably Secure Implicit Certificate Schemes
, 2000
"... Optimal mail certificates, introduced in [11], are efficient types of implicit certificates which offer many advantages over traditional (explicit) certificates. For example, an optimal mail certificate is small enough to fit on a twodimensional digital postal mark together with a digital signature ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Optimal mail certificates, introduced in [11], are efficient types of implicit certificates which offer many advantages over traditional (explicit) certificates. For example, an optimal mail certificate is small enough to fit on a twodimensional digital postal mark together with a digital signature. This paper defines a general notion of security for implicit certificates, and proves that optimal mail certificates are secure under this definition.
Advanced Course on Contemporary Cryptology, chapter Provable Security for PublicKey Schemes
 Advanced Courses CRM Barcelona. Birkhuser Publishers, Basel, juin 2005. ISBN: 376437294X (248
, 2005
"... Abstract. Since the appearance of publickey cryptography in the DiffieHellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for a long time, the simple fact that a cryptographic algorithm had withstood cryptanalytic attacks for several years was considered as a ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. Since the appearance of publickey cryptography in the DiffieHellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for a long time, the simple fact that a cryptographic algorithm had withstood cryptanalytic attacks for several years was considered as a kind of validation. But some schemes took a long time before being widely studied, and maybe thereafter being broken. A much more convincing line of research has tried to provide “provable ” security for cryptographic protocols, in a complexity theory sense: if one can break the cryptographic protocol, one can efficiently solve the underlying problem. Unfortunately, this initially was a purely theoretical work: very few practical schemes could be proven in this socalled “standard model ” because such a security level rarely meets with efficiency. Ten years ago, Bellare and Rogaway proposed a tradeoff to achieve some kind of validation of efficient schemes, by identifying some concrete cryptographic objects with ideal random ones. The most famous identification appeared in the socalled “randomoracle model”. More recently, another direction has been taken to prove the security of efficient schemes in the standard model (without any ideal assumption) by using stronger computational assumptions. In these lectures, we focus on practical asymmetric protocols together with their “reductionist ” security proofs, mainly in the randomoracle model. We cover the two main goals that publickey cryptography is devoted to solve: authentication with digital signatures, and confidentiality with publickey encryption schemes. 1
Short Signatures in the Random Oracle Model
 In Asiacrypt ’02, LNCS 2501
, 2002
"... We study how digital signature schemes can generate signatures as short as possible, in particular in the case where partial message recovery is allowed. We give a concrete proposition named OPSSR that achieves the lower bound for message expansion, and give an exact security proof of the scheme ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We study how digital signature schemes can generate signatures as short as possible, in particular in the case where partial message recovery is allowed. We give a concrete proposition named OPSSR that achieves the lower bound for message expansion, and give an exact security proof of the scheme in the ideal cipher model. We extend it to the multikey setting. We also show that this padding can be used for an asymmetric encryption scheme with minimal message expansion.
Computational Security for Cryptography
, 2009
"... Since the appearance of publickey cryptography in the DiffieHellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for a long time, the simple fact that a cryptographic algorithm had withstood cryptanalytic attacks for several years was considered as a kind of v ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Since the appearance of publickey cryptography in the DiffieHellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for a long time, the simple fact that a cryptographic algorithm had withstood cryptanalytic attacks for several years was considered as a kind of validation. But some schemes took a long time before being widely studied, and maybe thereafter being broken. A much more convincing line of research has tried to provide “provable ” security for cryptographic protocols, in a complexity theory sense: if one can break the cryptographic protocol, one can efficiently solve the underlying problem. Unfortunately, this initially was a purely theoretical work: very few practical schemes could be proven in this socalled “standard model ” because such a security level rarely meets with efficiency. Ten years ago, Bellare and Rogaway proposed a tradeoff to achieve some kind of validation of efficient schemes, by identifying some concrete cryptographic objects with ideal random ones. The most famous identification appeared in the socalled “randomoracle model”. More recently, another direction has been taken to prove the security of efficient schemes in the standard model (without any ideal assumption) by using stronger computational assumptions. In these lectures, we focus on practical asymmetric protocols together with their “reductionist” security proofs. We cover the two main goals that publickey cryptography is devoted to solve: authentication with digital signatures, and confidentiality with publickey encryption schemes.
Short Signatures with Message Recovery In The Random Oracle Model
, 2004
"... Granboulan [4] proposed the signature scheme in the ideal cipher model named OPSSR that achieves the lower bound for message expansion. In this paper, we propose a scheme which can give the security equivalent to that of OPSSR in the random permutation model that is weaker than the ideal cipher m ..."
Abstract
 Add to MetaCart
Granboulan [4] proposed the signature scheme in the ideal cipher model named OPSSR that achieves the lower bound for message expansion. In this paper, we propose a scheme which can give the security equivalent to that of OPSSR in the random permutation model that is weaker than the ideal cipher model. We also show exact security proof. We extend our scheme to the multi key setting. By the results of this paper, we partially solve the open problems posed by Granboulan.
Contributors
, 2013
"... PU Public X PP Restricted to other programme participants (including the Commission services) RE Restricted to a group speci ed by the consortium (including the Commission services) CO Con dential, only for members of the consortium (including the Commission services) Report on Sidechannel Aware De ..."
Abstract
 Add to MetaCart
(Show Context)
PU Public X PP Restricted to other programme participants (including the Commission services) RE Restricted to a group speci ed by the consortium (including the Commission services) CO Con dential, only for members of the consortium (including the Commission services) Report on Sidechannel Aware Design Methods for
Short Signatures in the Random Oracle Model
 In Asiacrypt ’02, LNCS 2501
, 2002
"... We study how digital signature schemes can generate signatures as short as possible, in particular in the case where partial message recovery is allowed. We give a concrete proposition named OPSSR that achieves the lower bound for message expansion, and give an exact security proof of the scheme ..."
Abstract
 Add to MetaCart
We study how digital signature schemes can generate signatures as short as possible, in particular in the case where partial message recovery is allowed. We give a concrete proposition named OPSSR that achieves the lower bound for message expansion, and give an exact security proof of the scheme in the ideal cipher model. We extend it to the multikey setting. We also show that this padding can be used for an asymmetric encryption scheme with minimal message expansion.