Results 1  10
of
258,217
Programmable encryption and keydependent messages
, 2012
"... This is a preliminary version. The technical content is complete, but discussion and examples will be extended. Feedback is welcome. We present the notion of PROGKDM security for publickey encryption schemes. This security notion captures both KDM security and revealing of secret keys (key corrupt ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
This is a preliminary version. The technical content is complete, but discussion and examples will be extended. Feedback is welcome. We present the notion of PROGKDM security for publickey encryption schemes. This security notion captures both KDM security and revealing of secret keys (key
A Digital Signature Scheme Secure Against Adaptive ChosenMessage Attacks
, 1995
"... We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosenmessage attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a ..."
Abstract

Cited by 985 (43 self)
 Add to MetaCart
We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosenmessage attack: an adversary who receives signatures for messages of his choice (where each message may be chosen
Security under keydependent inputs
 In proceedings of the 14th ACM conference on computer and communications security (CCS
, 2007
"... In this work we revisit the question of building cryptographic primitives that remain secure even when queried on inputs that depend on the secret key. This was investigated by Black, Rogaway, and Shrimpton in the context of randomized encryption schemes and in the random oracle model. We extend th ..."
Abstract

Cited by 31 (1 self)
 Add to MetaCart
In this work we revisit the question of building cryptographic primitives that remain secure even when queried on inputs that depend on the secret key. This was investigated by Black, Rogaway, and Shrimpton in the context of randomized encryption schemes and in the random oracle model. We extend
Keydependent message security under active attacks  BRSIM/UC . . .
 JOURNAL OF OPERATIONS MANAGEMENT
, 2007
"... Keydependent message security, short KDM security, was introduced by Black, Rogaway and Shrimpton to address the case where key cycles occur among encryptions, e.g., a key is encrypted with itself. It was mainly motivated by key cycles in DolevYao models, i.e., symbolic abstractions of cryptograp ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
Keydependent message security, short KDM security, was introduced by Black, Rogaway and Shrimpton to address the case where key cycles occur among encryptions, e.g., a key is encrypted with itself. It was mainly motivated by key cycles in DolevYao models, i.e., symbolic abstractions
Towards keydependent message security in the standard mode
 In Eurocryptâ€™08
, 2008
"... Abstract. Standard security notions for encryption schemes do not guarantee any security if the encrypted messages depend on the secret key. Yet it is exactly the stronger notion of security in the presence of keydependent messages (KDM security) that is required in a number of applications: most p ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
Abstract. Standard security notions for encryption schemes do not guarantee any security if the encrypted messages depend on the secret key. Yet it is exactly the stronger notion of security in the presence of keydependent messages (KDM security) that is required in a number of applications: most
KeyDependent Message Security: Generic Amplification and Completeness
, 2013
"... Keydependent message (KDM) secure encryption schemes provide secrecy even when the attacker sees encryptions of messages related to the secretkey sk. Namely, the scheme should remain secure even when messages of the form f(sk) are encrypted, where f is taken from some function class F. A KDM ampli ..."
Abstract
 Add to MetaCart
Keydependent message (KDM) secure encryption schemes provide secrecy even when the attacker sees encryptions of messages related to the secretkey sk. Namely, the scheme should remain secure even when messages of the form f(sk) are encrypted, where f is taken from some function class F. A KDM
KeyDependent Message Security: Generic Amplification and Completeness
, 2011
"... Keydependent message (KDM) secure encryption schemes provide secrecy even when the attacker sees encryptions of messages related to the secretkey sk. Namely, the scheme should remain secure even when messages of the form f(sk) are encrypted, where f is taken from some function class F. A KDM ampli ..."
Abstract
 Add to MetaCart
Keydependent message (KDM) secure encryption schemes provide secrecy even when the attacker sees encryptions of messages related to the secretkey sk. Namely, the scheme should remain secure even when messages of the form f(sk) are encrypted, where f is taken from some function class F. A KDM
KeyDependent Message Security: Generic Amplification and Completeness
, 2011
"... Keydependent message (KDM) secure encryption schemes provide secrecy even when the attacker sees encryptions of messages related to the secretkey sk. Namely, the scheme should remain secure even when messages of the form f(sk) are encrypted, where f is taken from some function class F. A KDM ampli ..."
Abstract
 Add to MetaCart
Keydependent message (KDM) secure encryption schemes provide secrecy even when the attacker sees encryptions of messages related to the secretkey sk. Namely, the scheme should remain secure even when messages of the form f(sk) are encrypted, where f is taken from some function class F. A KDM
Semantic security under relatedkey attacks and applications
 Cited on page 4.) 16 M. Bellare. New proofs for NMAC and HMAC: Security without collisionresistance. In C. Dwork, editor, CRYPTO 2006, volume 4117 of LNCS
, 2011
"... In a relatedkey attack (RKA) an adversary attempts to break a cryptographic primitive by invoking the primitive with several secret keys which satisfy some known, or even chosen, relation. We initiate a formal study of RKA security for randomized encryption schemes. We begin by providing general de ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
In a relatedkey attack (RKA) an adversary attempts to break a cryptographic primitive by invoking the primitive with several secret keys which satisfy some known, or even chosen, relation. We initiate a formal study of RKA security for randomized encryption schemes. We begin by providing general
Encrypted Key Exchange: PasswordBased Protocols Secure Against Dictionary Attacks
 IEEE SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY
, 1992
"... Classical cryptographic protocols based on userchosen keys allow an attacker to mount passwordguessing attacks. We introduce a novel combination of asymmetric (publickey) and symmetric (secretkey) cryptography that allow two parties sharing a common password to exchange confidential and authenti ..."
Abstract

Cited by 431 (5 self)
 Add to MetaCart
Classical cryptographic protocols based on userchosen keys allow an attacker to mount passwordguessing attacks. We introduce a novel combination of asymmetric (publickey) and symmetric (secretkey) cryptography that allow two parties sharing a common password to exchange confidential
Results 1  10
of
258,217