Results 1  10
of
3,800
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1748 (28 self)
 Add to MetaCart
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing
Password Authentication with Insecure Communication
, 1981
"... A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system. The method assumes a secure oneway encryption function and can be implemented with a mi ..."
Abstract

Cited by 548 (0 self)
 Add to MetaCart
A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system. The method assumes a secure oneway encryption function and can be implemented with a
EndToEnd Arguments In System Design
, 1984
"... This paper presents a design principle that helps guide placement of functions among the modules of a distributed computer system. The principle, called the endtoend argument, suggests that functions placed at low levels of a system may be redundant or of little value when compared with the cost o ..."
Abstract

Cited by 1037 (10 self)
 Add to MetaCart
of providing them at that low level. Examples discussed in the paper include bit error recovery, security using encryption, duplicate message suppression, recovery from system crashes, and delivery acknowledgement. Low level mechanisms to support these functions are justified only as performance enhancements
Random Oracles are Practical: A Paradigm for Designing Efficient Protocols
, 1995
"... We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for the ..."
Abstract

Cited by 1646 (70 self)
 Add to MetaCart
for the random oracle model, and then replacing oracle accesses by the computation of an "appropriately chosen" function h. This paradigm yields protocols much more efficient than standard ones while retaining many of the advantages of provable security. We illustrate these gains for problems including
A hardcore predicate for all oneway functions
 In Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing
, 1989
"... Abstract rity of f. In fact, for inputs (to f*) of practical size, the pieces effected by f are so small A central tool in constructing pseudorandom that f can be inverted (and the “hardcore” generators, secure encryption functions, and bit computed) by exhaustive search. in other areas are “hardc ..."
Abstract

Cited by 440 (5 self)
 Add to MetaCart
Abstract rity of f. In fact, for inputs (to f*) of practical size, the pieces effected by f are so small A central tool in constructing pseudorandom that f can be inverted (and the “hardcore” generators, secure encryption functions, and bit computed) by exhaustive search. in other areas are “hard
Proofs that Yield Nothing but Their Validity or All Languages in NP Have ZeroKnowledge Proof Systems
 JOURNAL OF THE ACM
, 1991
"... In this paper the generality and wide applicability of Zeroknowledge proofs, a notion introduced by Goldwasser, Micali, and Rackoff is demonstrated. These are probabilistic and interactive proofs that, for the members of a language, efficiently demonstrate membership in the language without convey ..."
Abstract

Cited by 427 (43 self)
 Add to MetaCart
conveying any additional knowledge. All previously known zeroknowledge proofs were only for numbertheoretic languages in NP fl CONP. Under the assumption that secure encryption functions exist or by using “physical means for hiding information, ‘ ‘ it is shown that all languages in NP have zero
Optimal Asymmetric Encryption
, 1994
"... Given an arbitrary kbit to kbit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string z of length slightly less than k bits can be encrypted as where r= is a simple probabilistic encoding of z depending on the hash function; and (ii) the scheme ca ..."
Abstract

Cited by 275 (14 self)
 Add to MetaCart
Given an arbitrary kbit to kbit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string z of length slightly less than k bits can be encrypted as where r= is a simple probabilistic encoding of z depending on the hash function; and (ii) the scheme
A survey of peertopeer content distribution technologies
 ACM Computing Surveys
, 2004
"... Distributed computer architectures labeled “peertopeer ” are designed for the sharing of computer resources (content, storage, CPU cycles) by direct exchange, rather than requiring the intermediation or support of a centralized server or authority. Peertopeer architectures are characterized by t ..."
Abstract

Cited by 378 (7 self)
 Add to MetaCart
typically allow personal computers to function in a coordinated manner as a distributed storage medium by contributing, searching, and obtaining digital content. In this survey, we propose a framework for analyzing peertopeer content distribution technologies. Our approach focuses on nonfunctional
On the (im)possibility of obfuscating programs
 Lecture Notes in Computer Science
, 2001
"... Informally, an obfuscator O is an (efficient, probabilistic) “compiler ” that takes as input a program (or circuit) P and produces a new program O(P) that has the same functionality as P yet is “unintelligible ” in some sense. Obfuscators, if they exist, would have a wide variety of cryptographic an ..."
Abstract

Cited by 348 (24 self)
 Add to MetaCart
approximately preserve the functionality, and (c) only need to work for very restricted models of computation (TC 0). We also rule out several potential applications of obfuscators, by constructing “unobfuscatable” signature schemes, encryption schemes, and pseudorandom function families.
A Fuzzy Commitment Scheme
 ACM CCS'99
, 1999
"... We combine wellknown techniques from the areas of errorcorrecting codes and cryptography to achieve a new type of cryptographic primitive that we refer to as a fuzzy commitment scheme. Like a conventional cryptographic commitment scheme, our fuzzy commitment scheme is both concealing and binding: i ..."
Abstract

Cited by 344 (1 self)
 Add to MetaCart
that it accepts a witness that is close to the original encrypting witness in a suitable metric, but not necessarily identical. This characteristic of our fuzzy commitment scheme makes it useful for applications such as biometric authentication systems, in which data is subject to random noise. Because the scheme
Results 1  10
of
3,800