Results 1  10
of
5,675
Efficient pseudorandom generators based on the ddh assumption
 IN PKC 2007, VOLUME ???? OF LNCS
, 2007
"... A family of pseudorandom generators based on the decisional DiffieHellman assumption is proposed. The new construction is a modified and generalized version of the Dual Elliptic Curve generator proposed by Barker and Kelsey. Although the original Dual Elliptic Curve generator is shown to be insec ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
A family of pseudorandom generators based on the decisional DiffieHellman assumption is proposed. The new construction is a modified and generalized version of the Dual Elliptic Curve generator proposed by Barker and Kelsey. Although the original Dual Elliptic Curve generator is shown
T.: EfficiencyImproved Fully Simulatable Adaptive OT under the DDH Assumption
 SCN 2010. LNCS
, 2010
"... Abstract. At Asiacrypt 2009, Kurosawa and Nojima showed a fully simulatable adaptive oblivious transfer (OT) protocol under the DDH assumption in the standard model. However, Green and Hohenberger pointed out that the communication cost of each transfer phase is O(n), where n is the number of the se ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. At Asiacrypt 2009, Kurosawa and Nojima showed a fully simulatable adaptive oblivious transfer (OT) protocol under the DDH assumption in the standard model. However, Green and Hohenberger pointed out that the communication cost of each transfer phase is O(n), where n is the number
A Commitment Protocol Based on KEA1 and Revocable DDH Assumptions
"... Abstract. This paper shows a commitment protocol which under the KEA1 and Revocable DDH assumptions securely realizes the ideal functionality FCOM of a single commitment. We use an extractor in KEA1 assumption in order to realize extractability of the protocol. By the protocol we can commit to kbit ..."
Abstract
 Add to MetaCart
Abstract. This paper shows a commitment protocol which under the KEA1 and Revocable DDH assumptions securely realizes the ideal functionality FCOM of a single commitment. We use an extractor in KEA1 assumption in order to realize extractability of the protocol. By the protocol we can commit to k
Highlyefficient universallycomposable commitments based on the DDH assumption
 of Lecture Notes in Computer Science
, 2011
"... Universal composability (or UC security) provides very strong security guarantees for protocols that run in complex realworld environments. In particular, security is guaranteed to hold when the protocol is run concurrently many times with other secure and possibly insecure protocols. Commitment sc ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
schemes are a basic building block in many cryptographic constructions, and as such universally composable commitments are of great importance in constructing UCsecure protocols. In this paper, we construct highly efficient UCsecure commitments from the standard DDH assumption, in the common reference
Efficiently Obfuscating ReEncryption Program under DDH Assumption
"... Abstract. A reencryption program (or a circuit) converts a ciphertext encrypted under Alice’s public key pk1 to a ciphertext of the same message encrypted under Bob’s public key pk2. Hohenberger et al. (TCC 2007) constructed a pairingbased obfuscator for a family of circuits implementing the reen ..."
Abstract
 Add to MetaCart
by Hohenberger et al. and prove the averagecase virtual black box property of our obfuscator as well as the security of our encryption reencryption system (in the strengthened model) under the DDH assumption. All our proofs are in the standard model.
DDHlike assumptions based on extension rings
 In PKC
, 2012
"... Abstract. We introduce and study a new type of DDHlike assumptions based on groups of prime order q. Whereas standard DDH is based on encoding elements of Fq “in the exponent ” of elements in the group, we ask what happens if instead we put in the exponent elements of the extension ring Rf = Fq[X]/ ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We introduce and study a new type of DDHlike assumptions based on groups of prime order q. Whereas standard DDH is based on encoding elements of Fq “in the exponent ” of elements in the group, we ask what happens if instead we put in the exponent elements of the extension ring Rf = Fq
Secure Hashed DiffieHellman over NonDDH Groups
, 2004
"... We show that in applications that use the DiffieHellman (DH) transform but take care of hashing the DH output (as required, for example, for secure DHbased encryption and key exchange) the usual requirement to work over a DDH group (i.e., a group in which the Decisional DiffieHellman assumption h ..."
Abstract

Cited by 21 (3 self)
 Add to MetaCart
We show that in applications that use the DiffieHellman (DH) transform but take care of hashing the DH output (as required, for example, for secure DHbased encryption and key exchange) the usual requirement to work over a DDH group (i.e., a group in which the Decisional DiffieHellman assumption
Hidden pairings and trapdoor DDH groups
 In ANTS (2006
, 2006
"... Abstract. This paper suggests a new building block for cryptographic protocols and gives two instantiations of it. The concept is to generate two descriptions of the same group: a public description that allows a user to compute a restricted set of operations, and a private description that allows a ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
decision DiffieHellman problems, and potentially also discrete logarithm problems. Some possible cryptographic applications of this idea are given. Both of our instantiations are based on elliptic curves. The first relies on the factoring assumption for hiding the pairing. The second relies
Linearly Homomorphic Encryption from DDH
"... Abstract. We design a linearly homomorphic encryption scheme whose security relies on the hardness of the decisional DiffieHellman problem. Our approach requires some special features of the underlying group. In particular, its order is unknown and it contains a subgroup in which the discrete logar ..."
Abstract
 Add to MetaCart
Abstract. We design a linearly homomorphic encryption scheme whose security relies on the hardness of the decisional DiffieHellman problem. Our approach requires some special features of the underlying group. In particular, its order is unknown and it contains a subgroup in which the discrete logarithm problem is tractable. Therefore, our instantiation holds in the class group of a non maximal order of an imaginary quadratic field. Its algebraic structure makes it possible to obtain such a linearly homomorphic scheme whose message space is the whole set of integers modulo a prime p and which supports an unbounded number of additions modulo p from the ciphertexts. A notable difference with previous works is that, for the first time, the security does not depend on the hardness of the factorization of integers. As a consequence, under some conditions, the prime p can be scaled to fit the application needs.
Unique signatures and verifiable random functions from the DHDDH separation
 Proceedings of Crypto 2002, volume 2442 of LNCS
, 2002
"... Abstract. A unique signature scheme has the property that a signature σPK(m) is a (hardtocompute) function of the public key PK and message m, for all, even adversarially chosen, PK. Unique signatures, introduced by Goldwasser and Ostrovsky, have been shown to be a building block for constructing ..."
Abstract

Cited by 62 (3 self)
 Add to MetaCart
verifiable random functions. Another useful property of unique signatures is that they are stateless: the signer does not need to update his secret key after an invocation. The only previously known construction of a unique signature in the plain model was based on the RSA assumption. The only other
Results 1  10
of
5,675