Results 1  10
of
28
On cryptographic assumptions and challenges
 in Proceedings of IACR CRYPTO
, 2003
"... Abstract. We deal with computational assumptions needed in order to design secure cryptographic schemes. We suggest a classi£cation of such assumptions based on the complexity of falsifying them (in case they happen not to be true) by creating a challenge (competition) to their validity. As an outco ..."
Abstract

Cited by 77 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We deal with computational assumptions needed in order to design secure cryptographic schemes. We suggest a classi£cation of such assumptions based on the complexity of falsifying them (in case they happen not to be true) by creating a challenge (competition) to their validity. As an outcome of this classi£cation we propose several open problems regarding cryptographic tasks that currently do not have a good challenge of that sort. The most outstanding one is the design of an ef£cient block ciphers. 1 The Main Dilemma Alice and Bob are veteran cryptographers (see Dif£e [15] for their history; apparently RSA [38] is their £rst cooperation). One day, while Bob is sitting in his of£ce his colleague Alice enters and says: “I have designed a new signature scheme. It has an 120 bits long public key and the signatures are 160 bits long”. That’s fascinating, says Bob, but what computational assumption is it based on? Well, says Alice, it is based on a new trapdoor permutation fk and a new hash function h and the assumption that after given fk (but not the trapdoor information) and many pairs of the form (mi, f −1
Semantics and Program Analysis of Computationally Secure Information Flow
, 2001
"... This paper presents a definition of secure information flow. It is not based on noninterference, but on computational indistinguishability of the secret inputs, when the public outputs are observed. This definition allows cryptographic primitives to be handled. This paper also presents a Denningsty ..."
Abstract

Cited by 74 (6 self)
 Add to MetaCart
This paper presents a definition of secure information flow. It is not based on noninterference, but on computational indistinguishability of the secret inputs, when the public outputs are observed. This definition allows cryptographic primitives to be handled. This paper also presents a Denningstyle informationflow analysis for programs that use encryption as a primitive operation. The proof of the correctness of the analysis is sketched.
PracticeOriented ProvableSecurity
 in First International Workshop on Information Security(ISW97
, 1997
"... This article is intended to provide some background and tell you about the bigger picture. the plaintext M to create a ciphertext C, which is transmitted to the receiver. The latter applies ..."
Abstract

Cited by 40 (0 self)
 Add to MetaCart
(Show Context)
This article is intended to provide some background and tell you about the bigger picture. the plaintext M to create a ciphertext C, which is transmitted to the receiver. The latter applies
Quantum publickey cryptosystems
 in Proc. of CRYPT0 2000
, 2000
"... Abstract. This paper presents a new paradigm of cryptography, quantum publickey cryptosystems. In quantum publickey cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) polytime Turing (QPT) machines and only classical channels (i.e., no q ..."
Abstract

Cited by 37 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a new paradigm of cryptography, quantum publickey cryptosystems. In quantum publickey cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) polytime Turing (QPT) machines and only classical channels (i.e., no quantum channels) are employed. A quantum trapdoor oneway function, f, plays an essential role in our system, in which a QPT machine can compute f with high probability, any QPT machine can invert f with negligible probability, and a QPT machine with trapdoor data can invert f. This paper proposes a concrete scheme for quantum publickey cryptosystems: a quantum publickey encryption scheme or quantum trapdoor oneway function. The security of our schemes is based on the computational assumption (over QPT machines) that a class of subsetsum problems is intractable against any QPT machine. Our scheme is very efficient and practical if Shor’s discrete logarithm algorithm is efficiently realized on a quantum machine.
Universal ServiceProviders for Database Private Information Retrieval
, 1999
"... A private information retrieval scheme allows a user to retrieve a data item of his choice from a remote database (or several copies of a database) while hiding from the database owner which particular data item he is interested in. We consider the question of private information retrieval in the ..."
Abstract

Cited by 31 (6 self)
 Add to MetaCart
A private information retrieval scheme allows a user to retrieve a data item of his choice from a remote database (or several copies of a database) while hiding from the database owner which particular data item he is interested in. We consider the question of private information retrieval in the socalled "commoditybased" model, recently proposed by Beaver for practicallyoriented serviceprovider internet applications. We present simple and modular schemes allowing to dramatically reduce the overall communication involving users, and substantially reduce their computation, using offline messages sent from serviceproviders to databases and users. The serviceproviders do not need to know neither the database contents nor the future user's requests; all they need to know is an upper bound on the data size. Our solutions can be made resilient against collusions of databases with more than a majority (in fact, allbutone) of the serviceproviders.
Sound computational interpretation of formal encryption with composed keys
 In ICISC
, 2003
"... Abstract. The formal and computational views of cryptography have been related by the seminal work of Abadi and Rogaway. In their work, a formal treatment of encryption that uses atomic keys is justified in the computational world. However, many proposed formal approaches allow the use of composed k ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The formal and computational views of cryptography have been related by the seminal work of Abadi and Rogaway. In their work, a formal treatment of encryption that uses atomic keys is justified in the computational world. However, many proposed formal approaches allow the use of composed keys, where any arbitrary expression can be used as encryption key. In this paper we consider an extension of the formal model presented by Abadi and Rogaway, in which it is allowed to use composed keys in formal encryption. We then provide a computational interpretation for expressions that allow us to establish the computational soundness of formal encryption with composed keys. 1
GEM: a Generic ChosenCiphertext Secure Encryption Method
, 2002
"... This paper proposes an efficient and provably secure transform to encrypt a message with any asymmetric oneway cryptosystem. The resulting scheme ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
This paper proposes an efficient and provably secure transform to encrypt a message with any asymmetric oneway cryptosystem. The resulting scheme
Online negative databases
 PROCEEDINGS OF THIRD INTERNATIONAL CONFERENCE ON ARTIFICIAL IMMUNE SYSTEMS (ICARIS 2004), PAGES 175 – 188
, 2004
"... The benefits of negative detection for obscuring information are explored in the context of Artificial Immune Systems (AIS). AIS based on string matching have the potential for an extra security feature in which the “normal” profile of a system is hidden from its possible hijackers. Even if the mode ..."
Abstract

Cited by 17 (7 self)
 Add to MetaCart
(Show Context)
The benefits of negative detection for obscuring information are explored in the context of Artificial Immune Systems (AIS). AIS based on string matching have the potential for an extra security feature in which the “normal” profile of a system is hidden from its possible hijackers. Even if the model of normal behavior falls into the wrong hands, reconstructing the set of valid or “normal” strings is an N Phard problem. The datahiding aspects of negative detection are explored in the context of an application to negative databases. Previous work is reviewed describing possible representations and reversibility properties for privacyenhancing negative databases. New algorithms are described, which allow online creation and updates of negative databases, and future challenges are discussed.
Another Look at Tightness
 Proceedings of Selected Areas in Cryptography (SAC’11), LNCS. 7118
, 2012
"... Abstract. We examine a natural, but nontight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multiuser setting. If security parameters for the MAC scheme are selected without accounting for the nontightness in the reduction, then the MAC scheme is s ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We examine a natural, but nontight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multiuser setting. If security parameters for the MAC scheme are selected without accounting for the nontightness in the reduction, then the MAC scheme is shown to provide a level of security that is less than desirable in the multiuser setting. We find similar deficiencies in the security assurances provided by nontight proofs when we analyze some protocols intheliteratureincludingonesfor networkauthentication and aggregate MACs. Our observations call into question the practical value of nontight reductionist security proofs. We also exhibit attacks on authenticated encryption schemes, disk encryption schemes, and stream ciphers in the multiuser setting. 1
On the Role of Definitions in and Beyond Cryptography
 9TH ASIAN COMPUTING SCIENCE CONFERENCE  ASIAN 2004’, SPRINGERVERLAG. VOLUME 3321/2004 OF LECTURE NOTES IN COMPUTER SCIENCE
, 2004
"... More than new algorithms, proofs, or technologies, it is the emergence of definitions that has changed the landscape of cryptography. We describe how ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
More than new algorithms, proofs, or technologies, it is the emergence of definitions that has changed the landscape of cryptography. We describe how