Results 11  20
of
6,702
Efficient algorithms for pairingbased cryptosystems
, 2002
"... Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in ..."
Abstract

Cited by 361 (25 self)
 Add to MetaCart
Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics. We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairingbased cryptography. 1
Cryptographic Limitations on Learning Boolean Formulae and Finite Automata
 PROCEEDINGS OF THE TWENTYFIRST ANNUAL ACM SYMPOSIUM ON THEORY OF COMPUTING
, 1989
"... In this paper we prove the intractability of learning several classes of Boolean functions in the distributionfree model (also called the Probably Approximately Correct or PAC model) of learning from examples. These results are representation independent, in that they hold regardless of the syntact ..."
Abstract

Cited by 347 (15 self)
 Add to MetaCart
In this paper we prove the intractability of learning several classes of Boolean functions in the distributionfree model (also called the Probably Approximately Correct or PAC model) of learning from examples. These results are representation independent, in that they hold regardless of the syntactic form in which the learner chooses to represent its hypotheses. Our methods reduce the problems of cracking a number of wellknown publickey cryptosystems to the learning problems. We prove that a polynomialtime learning algorithm for Boolean formulae, deterministic finite automata or constantdepth threshold circuits would have dramatic consequences for cryptography and number theory: in particular, such an algorithm could be used to break the RSA cryptosystem, factor Blum integers (composite numbers equivalent to 3 modulo 4), and detect quadratic residues. The results hold even if the learning algorithm is only required to obtain a slight advantage in prediction over random guessing. The techniques used demonstrate an interesting duality between learning and cryptography. We also apply our results to obtain strong intractability results for approximating a generalization of graph coloring.
Cryptanalysis of short RSA secret exponents
 IEEE Trans. Inform. Theory
, 1990
"... Abstract. A cryptanalytic attack on the use of short RSA secret exponents is described. This attack makes use of an algorithm based on continued fractions which finds the numerator and denominator of a fraction in polynomial time when a close enough estimate of the fraction is known. The public expo ..."
Abstract

Cited by 170 (1 self)
 Add to MetaCart
Abstract. A cryptanalytic attack on the use of short RSA secret exponents is described. This attack makes use of an algorithm based on continued fractions which finds the numerator and denominator of a fraction in polynomial time when a close enough estimate of the fraction is known. The public
IdentityBased Threshold Decryption
 Proc. of PKC’04, LNCS 2947
, 2004
"... Abstract. In this paper, we examine issues related to the construction of identitybased threshold decryption schemes and argue that it is important in practice to design an identitybased threshold decryption scheme in which a private key associated with an identity is shared. A major contribution ..."
Abstract

Cited by 41 (1 self)
 Add to MetaCart
Abstract. In this paper, we examine issues related to the construction of identitybased threshold decryption schemes and argue that it is important in practice to design an identitybased threshold decryption scheme in which a private key associated with an identity is shared. A major contribution
Outsourcing the decryption of abe ciphertexts
 In Proceedings of the USENIX Security Symposium
, 2011
"... Attributebased encryption (ABE) is a new vision for public key encryption that allows users to encrypt and decrypt messages based on user attributes. For example, a user can create a ciphertext that can be decrypted only by other users with attributes satisfying (“Faculty ” OR (“PhD Student ” AND “ ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
Attributebased encryption (ABE) is a new vision for public key encryption that allows users to encrypt and decrypt messages based on user attributes. For example, a user can create a ciphertext that can be decrypted only by other users with attributes satisfying (“Faculty ” OR (“PhD Student
Analysis of keyexchange protocols and their use for building secure channels
, 2001
"... Abstract. We present a formalism for the analysis of keyexchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any keyexchange protocol that satisfies the security definition can be composed with ..."
Abstract

Cited by 328 (21 self)
 Add to MetaCart
Abstract. We present a formalism for the analysis of keyexchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any keyexchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels (as defined here); and (ii) the definition allows for simple modular proofs of security: one can design and prove security of keyexchange protocols in an idealized model where the communication links are perfectly authenticated, and then translate them using general tools to obtain security in the realistic setting of adversarycontrolled links. We exemplify the usability of our results by applying them to obtain the proof of two classes of keyexchange protocols, DiffieHellman and keytransport, authenticated via symmetric or asymmetric techniques. 1
Protecting Mobile Agents Against Malicious Hosts
, 1997
"... A key element of any mobile code based distributed system are the security mechanisms available to protect (a) the host against potentially hostile actions of a code fragment under execution and (b) the mobile code against tampering attempts by the executing host. Many techniques for the first ..."
Abstract

Cited by 323 (1 self)
 Add to MetaCart
A key element of any mobile code based distributed system are the security mechanisms available to protect (a) the host against potentially hostile actions of a code fragment under execution and (b) the mobile code against tampering attempts by the executing host. Many techniques for the first problem (a) have been developed. The second problem (b) seems to be much harder: It is the general belief that computation privacy for mobile code cannot be provided without tamper resistant hardware. Furthermore it is doubted that an agent can keep a secret (e.g., a secret key to generate digital signatures). There is an error in reasoning in the arguments supporting these beliefs which we are going to point out. In this paper we describe softwareonly approaches for providing computation privacy for mobile code in the important case that the mobile code fragment computes an algebraic circuit (a polynomial). We further describe an approach how a mobile agent can digitally sign his...
Providing robust and ubiquitous security support for mobile adhoc networks
 IN ICNP, 2001
, 2001
"... Providing security support for mobile adhoc networks is challenging for several reasons: (a) wireless networks are susceptible to attacks ranging from passive eavesdropping to active interfering, occasional breakins by adversaries may be inevitable in a large time window; (b) mobile users demand “ ..."
Abstract

Cited by 316 (8 self)
 Add to MetaCart
Providing security support for mobile adhoc networks is challenging for several reasons: (a) wireless networks are susceptible to attacks ranging from passive eavesdropping to active interfering, occasional breakins by adversaries may be inevitable in a large time window; (b) mobile users demand “anywhere, anytime ” services; (c) a scalable solution is needed for a largescale mobile network. In this paper, we describe a solution that supports ubiquitous security services for mobile hosts, scales to network size, and is robust against breakins. In our design, we distribute the certification authority functions through a threshold secret sharing mechanism, in which each entity holds a secret share and multiple entities in a local neighborhood jointly provide complete services. We employ localized certification schemes to enable ubiquitous services. We also update the secret shares to further enhance robustness against breakins. Both simulations and implementation confirm the effectiveness of our design.
Authentication and Authenticated Key Exchanges
, 1992
"... We discuss twoparty mutual authentication protocols providing authenticated key exchange, focusing on those using asymmetric techniques. A simple, efficient protocol referred to as the stationtostation (STS) protocol is introduced, examined in detail, and considered in relation to existing protoc ..."
Abstract

Cited by 307 (6 self)
 Add to MetaCart
We discuss twoparty mutual authentication protocols providing authenticated key exchange, focusing on those using asymmetric techniques. A simple, efficient protocol referred to as the stationtostation (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols. The definition of a secure protocol is considered, and desirable characteristics of secure protocols are discussed.
Results 11  20
of
6,702