"... Symbolic encryption, in the style of DolevYao models, is ubiquitous in formal security analysis aiming at the automated verification of network protocols. The naïve use of symbolic encryption, however, may unnecessarily require an expensive construction: an arbitrarylength encryption scheme that i ..."
Abstract
that is private and nonmalleable in an adaptive CCACPA setting. Most of the time, such assumptions remain hidden and rather symbolic encryption is instantiated with a seemingly “good ” cryptographic encryption, such as AES in the CBC configuration. As an illustration of this problem, we first report new attacks
Characterization of Security Notions for Probabilistic PrivateKey Encryption
 JOURNAL OF CRYPTOLOGY
, 2006
"... The development of precise definitions of security for encryption, as well as a detailed understanding of their relationships, has been a major area of research in modern cryptography. Here, we focus on the case of privatekey encryption. Extending security notions from the publickey setting, we ..."
Abstract

Cited by 67
The development of precise definitions of security for encryption, as well as a detailed understanding of their relationships, has been a major area of research in modern cryptography. Here, we focus on the case of privatekey encryption. Extending security notions from the publickey setting
FunctionPrivate Functional Encryption in the PrivateKey Setting
"... Functional encryption supports restricted decryption keys that allow users to learn specic functions of the encrypted messages. Whereas the vast majority of research on functional encryption has so far focused on the privacy of the encrypted messages, in many realistic scenarios it is crucial to of ..."
Abstract

Cited by 12
to offer privacy also for the functions for which decryption keys are provided. Whereas function privacy is inherently limited in the publickey setting, in the privatekey setting it has a tremendous potential. Specically, one can hope to construct schemes where encryptions of messages m1; : : :;m
Attributebased encryption for finegrained access control of encrypted data
 In Proc. of ACMCCS’06
, 2006
"... As more sensitive data is shared and stored by thirdparty sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarsegrained level (i.e., giving another party your private key). We develop ..."
Abstract

Cited by 481
As more sensitive data is shared and stored by thirdparty sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarsegrained level (i.e., giving another party your private key). We
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1699
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing
PKCS #8: PrivateKey Information Syntax Standard
, 1993
"... This standard describes a syntax for privatekey information. Privatekey information includes a private key for some publickey algorithm and a set of attributes. The standard also describes a syntax for encrypted private keys. A passwordbased encryption algorithm (e.g., one of those described in ..."
Abstract
This standard describes a syntax for privatekey information. Privatekey information includes a private key for some publickey algorithm and a set of attributes. The standard also describes a syntax for encrypted private keys. A passwordbased encryption algorithm (e.g., one of those described
Why Johnny can’t encrypt: A usability evaluation of PGP 5.0
, 1999
"... User errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or nearnonexistent. Is this simply due to a failure to apply standard user interface design techniques to security? We argue that, on the contrary, effective secu ..."
Abstract

Cited by 472
contribute to security failures, and the user test demonstrated that when our test participants were given 90 minutes in which to sign and encrypt a message using PGP 5.0, the majority of them were unable to do so successfully. We conclude that PGP 5.0 is not usable enough to provide effective security
A Concrete Security Treatment of Symmetric Encryption
 Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE
, 1997
"... We study notions and schemes for symmetric (ie. private key) encryption in a concrete security framework. We give four di erent notions of security against chosen plaintext attack and analyze the concrete complexity ofreductions among them, providing both upper and lower bounds, and obtaining tight ..."
Abstract

Cited by 423
We study notions and schemes for symmetric (ie. private key) encryption in a concrete security framework. We give four di erent notions of security against chosen plaintext attack and analyze the concrete complexity ofreductions among them, providing both upper and lower bounds, and obtaining tight
Timing Attacks on Implementations of DiffieHellman, RSA, DSS, and Other Systems
, 1996
"... By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known cip ..."
Abstract

Cited by 644
By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known
Random Oracles are Practical: A Paradigm for Designing Efficient Protocols
, 1995
"... We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for the ..."
Abstract

Cited by 1643
encryption, signatures, and zeroknowledge proofs.
