Results 1  10
of
157
pean Project FP615964, Algorithmic Principles for Building Efficient Overlay Computers (AEOLUS).
, 2007
"... Studi di Salerno. Grade: 110/110 summa cum laude. Advisor: Prof. Giuseppe Persiano. Thesis title: “Oblivious Transfer for the distributed generation of RSA keys: Protocols and implementation in OpenSSL.” ..."
Abstract
 Add to MetaCart
Studi di Salerno. Grade: 110/110 summa cum laude. Advisor: Prof. Giuseppe Persiano. Thesis title: “Oblivious Transfer for the distributed generation of RSA keys: Protocols and implementation in OpenSSL.”
Noninteractive ZeroKnowledge
 SIAM J. COMPUTING
, 1991
"... This paper investigates the possibility of disposing of interaction between prover and verifier in a zeroknowledge proof if they share beforehand a short random string. Without any assumption, it is proven that noninteractive zeroknowledge proofs exist for some numbertheoretic languages for which ..."
Abstract

Cited by 216 (19 self)
 Add to MetaCart
This paper investigates the possibility of disposing of interaction between prover and verifier in a zeroknowledge proof if they share beforehand a short random string. Without any assumption, it is proven that noninteractive zeroknowledge proofs exist for some numbertheoretic languages for which no efficient algorithm is known. If deciding quadratic residuosity (modulo composite integers whose factorization is not known) is computationally hard, it is shown that the NPcomplete language of satisfiability also possesses noninteractive zeroknowledge proofs.
On Monotone Formula Closure of SZK
, 1994
"... We investigate structural properties of statistical zero knowledge (SZK) both in the interactive and in the noninteractive model. Specifically, we look into the closure properties of SZK languages under monotone logical formula composition. This gives rise to new protocol techniques. We show that i ..."
Abstract

Cited by 43 (2 self)
 Add to MetaCart
We investigate structural properties of statistical zero knowledge (SZK) both in the interactive and in the noninteractive model. Specifically, we look into the closure properties of SZK languages under monotone logical formula composition. This gives rise to new protocol techniques. We show that interactive SZK for random self reducible languages (RSR) (and for coRSR) is closed under monotone boolean operations. Namely, we give SZK proofs for monotone boolean formulae whose atoms are statements about an SZK language which is RSR (or a complement of RSR). All previously known languages in SZK are in these classes. We then show that if a language L has a noninteractive SZK proof system then honestverifier interactive SZK proof systems exist for all monotone boolean formulae whose atoms are statements about the complement of L. We also discuss extensions and generalizations. 1 Introduction Goldwasser, Micali, and Rackoff [34] introduced the notion of a zeroknowledge proof, a proof ...
Hidden vector encryption with groups of prime order
, 2008
"... Abstract. Predicate encryption schemes are encryption schemes in which each ciphertext Ct is associated with a binary attribute vector x = (x1,..., xn) and keys K are associated with predicates. A key K can decrypt a ciphertext Ct if and only if the attribute vector of the ciphertext satisfies the ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
Abstract. Predicate encryption schemes are encryption schemes in which each ciphertext Ct is associated with a binary attribute vector x = (x1,..., xn) and keys K are associated with predicates. A key K can decrypt a ciphertext Ct if and only if the attribute vector of the ciphertext satisfies the predicate of the key. Predicate encryption schemes can be used to implement finegrained access control on encrypted data and to perform search on encrypted data. Hidden vector encryption schemes [Boneh and Waters – TCC 2007] are encryption schemes in which each ciphertext Ct is associated with a binary vector x = (x1,..., xn) and each key K is associated with binary vector y = (y1, · · · , yn) with “don’t care ” entries (denoted with?). Key K can decrypt ciphertext Ct if and only if x and y agree for all i for which yi 6 =?. Hidden vector encryption schemes are an important type of predicate encryption schemes as they can be used to construct more sophisticated predicate encryption schemes (supporting for example range and subset queries). We give a construction for hiddenvector encryption from standard complexity assumptions on bilinear groups of prime order. Previous constructions were in bilinear groups of composite order and thus resulted in less efficient schemes. Our construction is both payloadhiding and attributehiding meaning that also the privacy of the attribute vector, besides privacy of the cleartext, is guaranteed. 1
RoundOptimal Composable Blind Signatures in the Common Reference String Model
 In Advances in Cryptology — CRYPTO 2006, LNCS 4117
, 2006
"... marc.fischlin @ gmail.com www.fischlin.de Abstract We build concurrently executable blind signatures schemes in the common reference string model, based on general complexity assumptions, and with optimal round complexity. Namely, each interactive signature generation requires the requesting user an ..."
Abstract

Cited by 27 (0 self)
 Add to MetaCart
marc.fischlin @ gmail.com www.fischlin.de Abstract We build concurrently executable blind signatures schemes in the common reference string model, based on general complexity assumptions, and with optimal round complexity. Namely, each interactive signature generation requires the requesting user and the issuing bank to transmit only one message each. We also put forward the definition of universally composable blind signature schemes, and show how to extend our concurrently executable blind signature protocol to derive such universally composable schemes in the common reference string model under general assumptions. While this protocol then guarantees very strong security properties when executed within larger protocols, it still supports signature generation in two moves. 1
ConstantRound Resettable Zero Knowledge With Concurrent Soundness in the Bare PublicKey Model
 Advances in Cryptology – CRYPTO 2004, volume 3152 Lecture Notes in Computer Science
, 2004
"... In the bare publickey model (BPK in short), each veri er is assumed to have deposited a public key in a le that is accessible by all users at all times. In this model, introduced by Canetti et al. [STOC 2000], constantround blackbox concurrent and resettable zero knowledge is possible as opp ..."
Abstract

Cited by 26 (9 self)
 Add to MetaCart
In the bare publickey model (BPK in short), each veri er is assumed to have deposited a public key in a le that is accessible by all users at all times. In this model, introduced by Canetti et al. [STOC 2000], constantround blackbox concurrent and resettable zero knowledge is possible as opposed to the standard model for zero knowledge.
On the Achievability of SimulationBased Security for Functional Encryption
"... Abstract. This work attempts to clarify to what extent simulationbased security (SIMsecurity) is achievable for functional encryption (FE) and its relation to the weaker indistinguishabilitybased security (INDsecurity). Our main result is a compiler that transforms any FE scheme for the general ci ..."
Abstract

Cited by 20 (7 self)
 Add to MetaCart
Abstract. This work attempts to clarify to what extent simulationbased security (SIMsecurity) is achievable for functional encryption (FE) and its relation to the weaker indistinguishabilitybased security (INDsecurity). Our main result is a compiler that transforms any FE scheme for the general circuit functionality (which we denote by CircuitFE) meeting indistinguishabilitybased security (INDsecurity) to a CircuitFE scheme meeting SIMsecurity, where: – In the random oracle model, the resulting scheme is secure for an unbounded number of encryption and key queries, which is the strongest security level one can ask for. – In the standard model, the resulting scheme is secure for a bounded number of encryption and nonadaptive key queries, but an unbounded number of adaptive key queries. This matches known impossibility results and improves upon Gorbunov et al. [CRYPTO’12] (which is only secure for nonadaptive key queries).
BranchandBound and Backtrack Search on MeshConnected Arrays of Processors
 Mathematical Systems Theory
, 1992
"... In this paper we investigate the parallel complexity of backtrack and branchandbound search on the meshconnected array. We present an \Omega\Gamma p dN= p log N) lower bound for the time needed by a randomized algorithm to perform backtrack and branchandbound search of a tree of depth d on ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
In this paper we investigate the parallel complexity of backtrack and branchandbound search on the meshconnected array. We present an \Omega\Gamma p dN= p log N) lower bound for the time needed by a randomized algorithm to perform backtrack and branchandbound search of a tree of depth d on the p N \Theta p N mesh, even when the depth of the tree is known in advance. The lower bound holds also for algorithms that are allowed to move treenodes and create multiple copies of the same treenode. For the upper bounds we give deterministic algorithms that are within a factor of O(log 3 2 N) from our lower bound. Our algorithms do not make any assumption on the shape of the tree to be searched, do not know the depth of the tree in advance and do not move treenodes nor create multiple copies of the same node. The best previously known algorithm for backtrack search on the mesh was randomized and required \Theta(d p N= log N) time. Our algorithm for branchandbound is the fir...
Results 1  10
of
157