Results 1  10
of
17,034
Proof of Plaintext Knowledge for the Regev Cryptosystems
, 2007
"... Goldwasser and Kharchenko (TCC 2006) showed a proof of plaintext knowledge for the AjtaiDwork cryptosystem and left the open problem designing a proof of plaintext knowledge for the Regev’04 cryptosystem (JACM 2004). In this paper, we show a proof of plaintext knowledge for the Regev’04 cryptosyste ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Goldwasser and Kharchenko (TCC 2006) showed a proof of plaintext knowledge for the AjtaiDwork cryptosystem and left the open problem designing a proof of plaintext knowledge for the Regev’04 cryptosystem (JACM 2004). In this paper, we show a proof of plaintext knowledge for the Regev’04
Efficient and NonMalleable Proofs of Plaintext Knowledge and Applications (Extended Abstract)
 Advances in Cryptology – proc. of EUROCRYPT ’03, LNCS 2656
, 2002
"... We describe efficient protocols for nonmalleable (interactive) proofs of plaintext knowledge for the RSA, Rabin, Paillier, and El Gamal encryption schemes. We also highlight some important applications of these protocols:  Chosenciphertextsecure, interactive encryption. In settings where both p ..."
Abstract

Cited by 29 (1 self)
 Add to MetaCart
We describe efficient protocols for nonmalleable (interactive) proofs of plaintext knowledge for the RSA, Rabin, Paillier, and El Gamal encryption schemes. We also highlight some important applications of these protocols:  Chosenciphertextsecure, interactive encryption. In settings where both
Proof of Plaintext Knowledge for CodeBased PublicKey Encryption Revisited
"... In a recent paper at Asiacrypt’2012, Jain et al point out that Véron codebased identification scheme is not perfect zeroknowledge. In particular, this creates a gap in security arguments of proof of plaintext knowledge (PPK) and verifiable encryption for the McEliece public key encryption (PKE) p ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In a recent paper at Asiacrypt’2012, Jain et al point out that Véron codebased identification scheme is not perfect zeroknowledge. In particular, this creates a gap in security arguments of proof of plaintext knowledge (PPK) and verifiable encryption for the McEliece public key encryption (PKE
NonMalleable Cryptography
 SIAM Journal on Computing
, 2000
"... The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. ..."
Abstract

Cited by 490 (21 self)
 Add to MetaCart
The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related
New Directions in Cryptography
, 1976
"... Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper sug ..."
Abstract

Cited by 3499 (7 self)
 Add to MetaCart
Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
A Security Architecture for Computational Grids
, 1998
"... Stateoftheart and emerging scientific applications require fast access to large quantities of data and commensurately fast computational resources. Both resources and data are often distributed in a widearea network with components administered locally and independently. Computations may involve ..."
Abstract

Cited by 569 (49 self)
 Add to MetaCart
Stateoftheart and emerging scientific applications require fast access to large quantities of data and commensurately fast computational resources. Both resources and data are often distributed in a widearea network with components administered locally and independently. Computations may involve hundreds of processes that must be able to acquire resources dynamically and communicate e#ciently. This paper analyzes the unique security requirements of largescale distributed (grid) computing and develops a security policy and a corresponding security architecture. An implementation of the architecture within the Globus metacomputing toolkit is discussed.
Data Security
, 1979
"... The rising abuse of computers and increasing threat to personal privacy through data banks have stimulated much interest m the techmcal safeguards for data. There are four kinds of safeguards, each related to but distract from the others. Access controls regulate which users may enter the system and ..."
Abstract

Cited by 611 (3 self)
 Add to MetaCart
The rising abuse of computers and increasing threat to personal privacy through data banks have stimulated much interest m the techmcal safeguards for data. There are four kinds of safeguards, each related to but distract from the others. Access controls regulate which users may enter the system and subsequently whmh data sets an active user may read or wrote. Flow controls regulate the dissemination of values among the data sets accessible to a user. Inference controls protect statistical databases by preventing questioners from deducing confidential information by posing carefully designed sequences of statistical queries and correlating the responses. Statlstmal data banks are much less secure than most people beheve. Data encryption attempts to prevent unauthorized disclosure of confidential information in transit or m storage. This paper describes the general nature of controls of each type, the kinds of problems they can and cannot solve, and their inherent limitations and weaknesses. The paper is intended for a general audience with little background in the area.
Breaking and Fixing the NeedhamSchroeder PublicKey Protocol using FDR
, 1996
"... In this paper we analyse the well known NeedhamSchroeder PublicKey Protocol using FDR, a refinement checker for CSP. We use FDR to discover an attack upon the protocol, which allows an intruder to impersonate another agent. We adapt the protocol, and then use FDR to show that the new protocol is s ..."
Abstract

Cited by 716 (13 self)
 Add to MetaCart
In this paper we analyse the well known NeedhamSchroeder PublicKey Protocol using FDR, a refinement checker for CSP. We use FDR to discover an attack upon the protocol, which allows an intruder to impersonate another agent. We adapt the protocol, and then use FDR to show that the new protocol is secure, at least for a small system. Finally we prove a result which tells us that if this small system is secure, then so is a system of arbitrary size. 1 Introduction In a distributed computer system, it is necessary to have some mechanism whereby a pair of agents can be assured of each other's identitythey should become sure that they really are talking to each other, rather than to an intruder impersonating the other agent. This is the role of an authentication protocol. In this paper we use the Failures Divergences Refinement Checker (FDR) [11, 5], a model checker for CSP, to analyse the NeedhamSchroeder PublicKey Authentication Protocol [8]. FDR takes as input two CSP processes, ...
Timing Attacks on Implementations of DiffieHellman, RSA, DSS, and Other Systems
, 1996
"... By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known cip ..."
Abstract

Cited by 644 (3 self)
 Add to MetaCart
By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed DiffieHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, networkbased cryptosystems, and other applications where attackers can make reasonably accurate timing measurements. Techniques for preventing the attack for RSA and DiffieHellman are presented. Some cryptosystems will need to be revised to protect against the attack, and new protocols and algorithms may need to incorporate measures to prevent timing attacks.
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1699 (29 self)
 Add to MetaCart
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Results 1  10
of
17,034