Results 1  10
of
950
Random Oracles are Practical: A Paradigm for Designing Efficient Protocols
, 1995
"... We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for the ..."
Abstract

Cited by 1643 (75 self)
 Add to MetaCart
for the random oracle model, and then replacing oracle accesses by the computation of an "appropriately chosen" function h. This paradigm yields protocols much more efficient than standard ones while retaining many of the advantages of provable security. We illustrate these gains for problems including
Practical Threshold Signatures
, 1999
"... We present an RSA threshold signature scheme. The scheme enjoys the following properties: 1. it is unforgeable and robust in the random oracle model, assuming the RSA problem is hard ..."
Abstract

Cited by 240 (2 self)
 Add to MetaCart
We present an RSA threshold signature scheme. The scheme enjoys the following properties: 1. it is unforgeable and robust in the random oracle model, assuming the RSA problem is hard
Privacy Preserving Data Mining
 JOURNAL OF CRYPTOLOGY
, 2000
"... In this paper we address the issue of privacy preserving data mining. Specifically, we consider a scenario in which two parties owning confidential databases wish to run a data mining algorithm on the union of their databases, without revealing any unnecessary information. Our work is motivated b ..."
Abstract

Cited by 512 (8 self)
 Add to MetaCart
In this paper we address the issue of privacy preserving data mining. Specifically, we consider a scenario in which two parties owning confidential databases wish to run a data mining algorithm on the union of their databases, without revealing any unnecessary information. Our work is motivated
Provably Security Identitybased Sanitizable Signature Scheme without Random Oracles
, 2011
"... ..."
Robust Threshold DSS Signatures
, 1996
"... . We present threshold DSS (Digital Signature Standard) signatures where the power to sign is shared by n players such that for a given parameter t ! n=2 any subset of 2t + 1 signers can collaborate to produce a valid DSS signature on any given message, but no subset of t corrupted players can forg ..."
Abstract

Cited by 149 (12 self)
 Add to MetaCart
. We present threshold DSS (Digital Signature Standard) signatures where the power to sign is shared by n players such that for a given parameter t ! n=2 any subset of 2t + 1 signers can collaborate to produce a valid DSS signature on any given message, but no subset of t corrupted players can
PlaintextSimulatability
, 2004
"... We propose a new security class, called plaintextsimulatability, defined over the publickey encryption schemes. The notion of plaintext simulatability (denoted PS) is similar to the notion of plaintext awareness (denoted PA) [2], but it is, "properly", a weaker security class for publ ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
easier than to prove "directly" that the scheme meets INDCCA2. We show that PS also implies INDCCA2, while preserving a good view of the security proofs as well as PA. Recently, a couple of schemes [9, 15, 1] have been proposed, that have been proven to be CCA2 secure in the random oracle
Simulatable adaptive oblivious transfer
 In EUROCRYPT
, 2007
"... Abstract. We study an adaptive variant of oblivious transfer in which a sender has N messages, of which a receiver can adaptively choose to receive k oneaftertheother, in such a way that (a) the sender learns nothing about the receiverâ€™s selections, and (b) the receiver only learns about the k ..."
Abstract

Cited by 34 (1 self)
 Add to MetaCart
not addressed by the security notions achieved by previous practical schemes. Our first protocol is a very efficient generic construction from unique blind signatures in the random oracle model. The second construction does not assume random oracles, but achieves remarkable efficiency with only a constant
Invisible Designated Confirmer Signatures without Random Oracles
, 2006
"... We construct the first O(1)size designated confirmer signatures (DCS) with security in the stateoftheart model of Camenisch and Michels, Eurocrypt 2000, without random oracles. In particular, we achieve the security notion called the "invisibility of signature" therein. ..."
Abstract
 Add to MetaCart
We construct the first O(1)size designated confirmer signatures (DCS) with security in the stateoftheart model of Camenisch and Michels, Eurocrypt 2000, without random oracles. In particular, we achieve the security notion called the "invisibility of signature" therein.
Towards realizing random oracles: Hash functions that hide all partial information
, 1997
"... The random oracle model is a very convenient setting for designing cryptographic protocols. In this idealized model all parties have access to a common, public random function, called a random oracle. Protocols in this model are often very simple and efficient; also the analysis is often clearer. ..."
Abstract

Cited by 138 (14 self)
 Add to MetaCart
to simply replace  often without mathematical justification  the random oracle with a `cryptographic hash function' (e.g., MD5 or SHA). Consequently, the resulting protocols have no meaningful proofs of security. We propose a research program aimed at rectifying this situation by means
Results 1  10
of
950