`)) and O(c·`1/c(κ+log `)); these require two mutually incorruptible parties, but are highly competitive with respect to online complexity when compared to existing protocols. Key words: Additively homomorphic encryption, arithmetic black box, secure comparison, secure equality test 1

protocol specification, one can quickly test for specific desired properties, as well as directly manipulate the representation to perform other kinds of analysis, such as protocol comparison. This paper describes applications of theory generation to more than a dozen security protocols using four

This paper presents and evaluates two principles for designing robust, reliable, and efficient collection protocols. These principles allow a protocol to benefit from accurate and agile link estimators by handling the dynamism such estimators introduce to routing tables. The first is datapath

the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company); acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet.

Abstract—Several security protocols require a human to compare two hash values to ensure successful completion. When the hash values are represented as long sequences of numbers, humans may make a mistake or require significant time and patience to accurately compare the hash values. To improve

, however, these protocols created new avenues for denial of service (DoS). Consequently, the trade-off between security strength and DoS vulnerability has emerged as an area requiring further investigation. It is believed that different trust methods can be used to develop protocols at various levels

of the comparison while preventing the other one from getting it. The protocol requires O(k) exponentiations only, where k is a security parameter.

problems, such as equality test, comparison, public modulo reduction and private exponentiation, which are four main applications of bit-decomposition. However, when considering perfect security, bit-decomposition does not have a linear communication complexity. Thus any protocols involving bit

Hiermit versichere ich, die vorliegende Diplomarbeit selbstständig und unter ausschliesslicher Verwendung der angegebenen Quellen und Hilfsmittel angefertigt zu haben. Diese Arbeit hat in gleicher oder ähnlicher Form noch keiner Prüfungsbehörde vorgelegen. Darmstadt, 14. Februar 2006

We present the design of a new symmetric key management API for cryptographic devices intended to implement security protocols in distributed systems. Our API has a formal security policy expressed in terms of invariants under various threat scenarios, and proofs of security in the symbolic model