CustodianHiding Verifiable Encryption
, 2004
In a verifiable encryption, an asymmetrically encrypted ciphertext can be publicly verified to be decipherable by a designated receiver while maintaining the semantic security of the message [2, 6, 9]. In this paper, we introduce CustodianHiding Verifiable Encryption, where it can be publicly verif
In a verifiable encryption, an asymmetrically encrypted ciphertext can be publicly verified to be decipherable by a designated receiver while maintaining the semantic security of the message [2, 6, 9]. In this paper, we introduce CustodianHiding Verifiable Encryption, where it can be publicly
Universal custodianhiding verifiable encryption for discrete logarithms
, 2006
We introduce the notion of Universal CustodianHiding Verifiable Encryption (UCHVE) and propose a scheme of this type for discrete logarithms. A UCHVE scheme allows an encryptor to designate t out of a group of n users and prepare a publicly verifiable ciphertext in such a way that any k
Abstract. We introduce the notion of Universal CustodianHiding Verifiable Encryption (UCHVE) and propose a scheme of this type for discrete logarithms. A UCHVE scheme allows an encryptor to designate t out of a group of n users and prepare a publicly verifiable ciphertext in such a way that any
CustodianHiding Verification Encryption
, 2004
In a verifiable encryption, an asymmetrically encrypted ciphertext can be publicly verified to be decypherable by a designated receiver without revealing the plaintext. In this paper, we introduce publicly verifiable encryption that is intended for a single anonymous decypherer within an ad hoc
In a verifiable encryption, an asymmetrically encrypted ciphertext can be publicly verified to be decypherable by a designated receiver without revealing the plaintext. In this paper, we introduce publicly verifiable encryption that is intended for a single anonymous decypherer within an ad hoc
Efficient Verifiable Ring Encryption for Ad Hoc Groups
We propose an efficient Verifiable Ring Encryption (VRE) for ad hoc groups. VRE is a kind of verifiable encryption [16,1,4,2,8] in which it can be publicly verified that there exists at least one user, out of a designated group of n users, who can decrypt the encrypted message, while the s
the semantic security of the message and the anonymity of the actual decryptor can be maintained. This concept was first proposed in [10] in the name of CustodianHiding Verifiable Encryption. However, their construction requires the inefficient cutandchoose methodology which is impractical when implemented
The inductive approach to verifying cryptographic protocols
 Journal of Computer Security
, 1998
Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinitestate systems. Proofs are generated using Isabelle/HOL. The human effort required to analyze a protocol can be as
spy knows some private keys and can forge messages using components decrypted from previous traffic. Three protocols are analyzed below: OtwayRees (which uses sharedkey encryption), NeedhamSchroeder (which uses publickey encryption), and a recursive protocol [9] (which is of variable length). One
IdentityBased Encryption from the Weil Pairing
, 2001
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing
Why Johnny can’t encrypt: A usability evaluation of PGP 5.0
, 1999
User errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or nearnonexistent. Is this simply due to a failure to apply standard user interface design techniques to security? We argue that, on the contrary, effective secu
contribute to security failures, and the user test demonstrated that when our test participants were given 90 minutes in which to sign and encrypt a message using PGP 5.0, the majority of them were unable to do so successfully. We conclude that PGP 5.0 is not usable enough to provide effective security
How to leak a secret
 PROCEEDINGS OF THE 7TH INTERNATIONAL CONFERENCE ON THE THEORY AND APPLICATION OF CRYPTOLOGY AND INFORMATION SECURITY: ADVANCES IN CRYPTOLOGY
, 2001
In this paper we formalize the notion of a ring signature, which makes it possible to specify a set of possible signers without revealing which member actually produced the signature. Unlike group signatures, ring signatures have no group managers, no setup procedures, no revocation procedures, and
, and exceptionally efficient: adding each ring member increases the cost of signing or verifying by a single modular multiplication and a single symmetric encryption.
Random Oracles are Practical: A Paradigm for Designing Efficient Protocols
, 1995
We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for the
encryption, signatures, and zeroknowledge proofs.
Kerberos: An Authentication Service for Open Network Systems
 IN USENIX CONFERENCE PROCEEDINGS
, 1988
In an open network computing environment, a workstation cannot be trusted to identify its users correctly to network services. Kerberos provides an alternative approach whereby a trusted thirdparty authentication service is used to verify users' identities. This paper gives an overview of the Kerb
In an open network computing environment, a workstation cannot be trusted to identify its users correctly to network services. Kerberos provides an alternative approach whereby a trusted thirdparty authentication service is used to verify users’ identities. This paper gives an overview
