C. Rackoff and D. Simon, "Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack," Advances in Cryptology -- Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....We show that the protocol is secure against arbitrary active attacks if the Dolev Yao based abstraction of public key encryption is implemented using a chosen ciphertext secure public key encryption scheme with small additions like ciphertext tagging. Chosen ciphertext security was introduced in [23] and formulated as IND CCA2 in [6] Efficient encryption systems secure in this sense exist under reasonable assumptions [9] Obviously, establishing a proof in the cryptographic approach presupposes dealing with the mentioned cryptographic details, hence one naturally assumes that our proof ....

C. Rackoff and D. R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology: CRYPTO '91, volume 576 of Lecture Notes in Computer Science, pages 433--444. Springer, 1992.

....d is the corresponding private key generated by the algorithm Extract, then V F E A , Decrypt(params, d, Encrypt(params, ID, 1 ) 1 . The standard notion of security for public key encryption schemes is that of chosen ciphertext security (1N D CCA) defined by Rackoff and Sinion in [45]. This definition captures the notion that an adversary should not be able to obtain any information about a ciphertext even if he is given the decryption of any other ciphertext of his choice. However, in our setting, the adversary may also be able to obtain the private key corresponding to some ....

C. Rackoff and D. Simon. Noninteractive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack, Proceedings of Crypro '91, pp. 433-444, 1991.

....Due to the recursive nature of our encryption algorithm for mix chains, we cannot directly apply the usual definitions of security under adaptive chosen ciphertext attack (CCA) for ordinary public key encryption. We adapt the attack game described in [8, section 3. 2] which goes back to [10] and [18]) as follows to take into account the special properties of our construction: 1. The adversary queries a key generation oracle, which uses KEMM i .KeyGen to compute a key pair and responds with PK (and secretly stores SK) is an arbitrary string s of length #, and the oracle responds with mix ....

Rackoff, C. W., and Simon, D. R. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology -- CRYPTO '91 (1992), J. Feigenbaum, Ed., vol. 576 of Lecture Notes in Computer Science, pp. 433--444.

....security of RSA OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight. 1 Introduction The OAEP conversion method [3] was introduced by Bellare and Rogaway in 1994 and was believed to provide semantic security against adaptive chosenciphertext attacks [7, 12], based on the one wayness of a trapdoor permutation, using the (corrected) definition of plaintext awareness [1] Victor Shoup [15] recently showed that it is quite unlikely that such a security proof exists at least for non malleability under the one wayness of the permutation. He also ....

.... attacks [8] had been enough to break some famous encryption schemes [4, 9] namely PKCS #1 v1.5; or the decryption oracle itself, which on the input of any ciphertext, except the challenge ciphertext, responds with the corresponding plaintext (non adaptive adaptive chosen ciphertext attacks [10, 12]) The latter, the adaptive chosen ciphertext attack denoted CCA2, is clearly the strongest one. A general study of these security notions and attacks was given in [1] we therefore refer the reader to this paper for more details. However, the by now expected security level for public key ....

C. Rackoff and D. R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypto '91, LNCS 576, pages 433--444. Springer-Verlag, Berlin, 1992.

....key. The functions pke len, enc len must be bounded by multivariate polynomials. The following security definition means that any two equal length messages are indistinguishable even in adaptive chosen ciphertext attacks. Indistinguishability was introduced in [20] chosen ciphertext security in [35] and formalized as INDGGA2 in [8] k is the accepted definition for general purpose encryption. An ecient encryption system secure in this sense is [13] Definition 5.2 (Encryption Security) Given an encryption scheme, the decryptor machine Dec is defined as follows: It has one input and one ....

C. Rackoff and D. R. Simon. Non-interactive zero-knowledge proof of knowl- edge and chosen ciphertext attack. In Advances in Cryptology: CRYPTO '91, volume 576 of Lecture Notes in Computer Science, pages 433 444. Springer, 1992.

....security of RSA OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight. I Introduction The OAEP conversion method [3] was introduced by Bellare and Rogaway in 1994 and was believed to provide semantic security against adaptive chosen ciphertext attacks [7, 12], based on the one wayness of a trapdoor permutation, using the (corrected) definition of plaintext awareness [1] Victor Shoup [15] recently showed that it is quite unlikely that such a se curity proof exists at least for non malleability under the one wayness of the permutation. He also ....

.... attacks [8] had been enough to break some famous encryption schemes [4, 9] namely PKCS 1 vl.5; or the decryption oracle itself, which on the input of any ciphertext, except the challenge ciphertext, responds with the corresponding plaintext (non adaptive adaptive chosen ciphertext attacks [10, 12]) The latter, the adaptive chosen ciphertext attack denoted CCA2, is clearly the strongest one. A general study of these security notions and attacks was given in [1] we therefore refer the reader to this paper for more details. However, the by now expected security level for public key ....

C. Rackoff and D. R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypro '91, LNCS 576, pages 433-444. SpringerVerlag, Berlin, 1992.

....defined in the attack model. If the scheme is secure in a specific model, then it will be called secure, yet only in the limit sense. The strongest security notion recognized publicly for digital signature is IND CCA2, semantic security under adaptive chosen ciphertext attack, which was defined in [5]. This was proved in [2] equivalent with another notion nonmalleability [3] under the adaptive chosen ciphertext attack: NM CCA2. So if a signature scheme is secure under INDCCA2 model, it is secure in other known attack model. Without loss of generality, we assume the underlying signature scheme ....

C. Rackoff and D. Simon. Non-interactive zeroknowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology CRYPTO '91, Lecture Notes in Computer Science Vol. 576, Springer-Verlag, 1991

....questions in x8. 2 Background and Related Work 2.1 Chosen ciphertext attack Impractical but provable schemes. In the context of standard (i.e. nonthreshold) cryptosystems, provably secure cryptosystems secure against chosen ciphertext attack were given by Naor and Yung [20] Rackoff and Simon [23], Dolev, Dwork, and Naor [14] and De Santis and Persiano [10] Unfortunately, all known provably secure schemes rely on theoretical constructions of non interactive zero knowledge proofs [4] and as such are quite impractical. Practical schemes. Again in the context of non threshold ....

C. Rackoff and D. Simon. Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology--Crypto '91, pages 433--444, 1991.

....questions in x8. 2 Background and Related Work 2.1 Chosen ciphertext attack Impractical but provable schemes. In the context of standard (i.e. non threshold) cryptosystems, provably secure cryptosystems secure against chosen ciphertext attack were given by Naor and Yung [20] Rackoff and Simon [23], Dolev, Dwork, and Naor [14] and De Santis and Persiano [10] Actually, the system in [20] was proven secure only against a restricted type of chosen ciphertext attack, the so called lunch time attack, wherein the target ciphertext is not revealed to the adversary until after it gets its ....

C. Rackoff and D. Simon. Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology--Crypto '91, pages 433--444, 1991.

....who is able to launch an adaptive chosen ciphertext attack (CCA) Due to the recursive nature of our encryption algorithm for mix chains, we cannot directly apply the usual CCA definitions for ordinary publickey encryption; we adapt the attack game described in [7, section 3. 2] which goes back to [13]) as follows to take into account the special properties of our construction: 1. The adversary queries a key generation oracle, which uses KEMM i .KeyGen to compute a key pair (PK, SK) and responds with PK (and secretly stores SK) is an arbitrary string s of length #, and the oracle responds ....

Rackoff, C. W., and Simon, D. R. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology -- CRYPTO '91 (1992), J. Feigenbaum, Ed., vol. 576 of Lecture Notes in Computer Science, pp. 433--444.

....proven secure when integrating symmetric encryption, which guarantees the security of the overall communication. 1 Introduction The OAEP conversion method [5] was introduced by Bellare and Rogaway in 1994 and was believed to provide semantic security against adaptive chosenciphertext attacks [17, 27], based on the one wayness of a trapdoor permutation. Therefore, when Bleichenbacher published his attack on RSA PKCS #1 v1.5 [28, 7] OAEP was the only efficient and provably secure construction. RSA OAEP thus became the natural successor, the RSA PKCS #1 v2.0. Unfortunately, Shoup [30] ....

.... [18] had been enough to break some famous encryption schemes [7, 20] namely PKCS #1 v1.5; or the decryption oracle itself, which on the input of any ciphertext, except the challenge ciphertext, responds with the corresponding plaintext (non adaptive adaptive chosen ciphertext attacks [21, 27]) The latter, the adaptive chosen ciphertext attack denoted CCA2, is clearly the strongest one. A general study of these security notions and attacks was given in [3] we therefore refer the reader to this paper for more details. However, the by now expected security level for public key ....

C. Rackoff and D. R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypto '91, LNCS 576, pages 433--444. Springer-Verlag, Berlin, 1992.

....definitions. Goldwasser, Micali, and Tong [17] investigated interactive public key cryptosystems secure against chosen ciphertext attacks. Naor and Yung [20] defined and constructed schemes secure against a priori chosen ciphertext attacks also known as lunch break attack . Rackoff and Simon [24] defined the stronger type of attack, a posteriori chosen ciphertext attacks and Dolev, Dwork and Naor [9] constructed cryptosystems resistant to such attacks. Other constructions where given in [14, 6, 21, 22, 19] Other works have explored the relationship This specific formulation was first ....

....plaintexts of its choice) We consider two types of such attacks: In the milder type (cf. 20] called a priori chosen ciphertext attacks, decryption requests can be made only before the challenge ciphertext (for which the adversary should gain knowledge) is presented. In the stronger type (cf. [24, 9]) called a posteriori chosen ciphertext attacks, decryption requests can be made also after the challenge ciphertext is presented, as long as one does not request to decrypt this very (challenge) ciphertext. Following the outline provided in Section 1.1, we recall the technical definition of ....

C. Rackoff and D.R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypto91, Springer Verlag, Lecture Notes in Computer Science (Vol. ), pages 433--444.

....plaintexts of its choice) We consider two types of such attacks: In the milder type (cf. 18] called a priori chosen ciphertext attacks, decryption requests can be made only before the challenge ciphertext (for which the adversary should gain knowledge) is presented. In the stronger type (cf. [22]) called a posteriori chosen ciphertext attacks, decryption requests can be made also after the challenge ciphertext is presented, as long as one does not request to decrypt this very (challenge) ciphertext. Following the outline provided in Section 1.1, we recall the technical definition of ....

C. Rackoff and D.R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypto91, Springer Verlag, Lecture Notes in Computer Science (Vol. ), pages 433--444.

....two types of attacks, namely attacks on the user and attacks on the helper. In both cases we consider chosen ciphertext attacks, not just chosen plaintext attacks. Attacks on the user. The formalization of security for the user requires a strong form of privacy, namely indistinguishability as per [22, 31], in the face of key exposure and chosen ciphertext attacks. To de ne it we consider the following experiment related to key updating encryption scheme KUS = KG; HKU;UKU; Enc; Dec) adversary A and security parameter k. The key generation algorithm KG is run on input k to produce (pk; usk 0 ; ....

C. Rackoff and D. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Advances in Cryptology { CRYPTO '91, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.

....Keywords: Public Key Encryption, Chosen Ciphertext Security, Zero Knowledge, Non Interactive Zero Knowledge, Non Malleability Dept of Computer Science, Princeton University. Princeton, NJ 08544. E Mail: elkind, sahai cs.princeton.edu. 1 Introduction Achieving provable chosen ciphertext security [12, 13] for public key encryption has been one of the main challenges for cryptographic research of the past several years. The first public key encryption scheme provably secure against adaptive chosen ciphertext attack was given in the pioneering work of Dolev, Dwork, and Naor [6] In the last few ....

C. RACKOFF AND D. SIMON, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Advances in Cryptology -- Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.

....is by now called the chosenciphertext security. Indeed, it prevents [1] both the distinction of encrypted messages (semantic security [16] and the malleability of ciphertexts [11] for an adversary who can ask the decryption of any ciphertext of her choice (the adaptive chosen ciphertext attacks [28]) A promising way to construct a practical public key encryption scheme that reaches the chosen ciphertext security is to convert a primitive trapdoor one way function (such as RSA [30] or El Gamal [12] by using random functions. Here, some hash functions, such as MD5 [29] or SHA 1 [19] are ....

C. Rackoff and D. R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypto '91, LNCS 576, pages 433--444. Springer-Verlag, Berlin, 1992.

....public key cryptosystems secure against chosen ciphertext attacks, from the theoretical and practical points of view. Theoretically, non interactive zero knowledge proof was shown to be a nice tool for this purpose [3] 9] and several such concrete public key cryptosystems have been proposed [16] [18]. However, due to the enormous data expansion during the enciphering transformation, the resulting schemes are highly inefficient and thus no one would try to implement them in practice. Practical approaches to this field were initiated by Damgard [7] and further extended by Zheng and Seberry ....

C.Rackoff and D.Simon, "Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attacks," Advances in Cryptology - Crypto'91, LNCS vol.576, SpringerVerlag (1992), 433-444.

..... 57 ii 1 Introduction In this paper, we present and analyze a new public key encryption scheme, and several variants, proving that they are secure against adaptive chosen ciphertext attack (as de ned by Racko and Simon [RS91]) under standard intractability assumptions. The schemes are quite practical, requiring just a few exponentiations in a group for both encryption and decryption. Moreover, the proofs of security of these schemes rely only on standard intractability assumptions: one variant relies only on the ....

....completely passive, i.e. can only eavesdrop. Indeed, semantic security o ers no guarantee of secrecy at all if an adversary can mount an active attack, i.e. inject messages into a network or otherwise in uence the behavior of parties in the network. To deal with active attacks, Racko and Simon [RS91] de ned the notion of security against an adaptive chosen ciphertext attack. If an adversary can inject messages into a network, these messages may be ciphertexts, and the adversary may be able to extract partial information about the corresponding cleartexts through its interactions with the ....

[Article contains additional citation context not shown here]

C. Racko and D. Simon. Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology{Crypto '91, pages 433-444, 1991.

.... One can adapt this general definition to obtain the common adversarial models of chosen plaintext attack, chosen ciphertext attack in the pre processing mode (or non adaptive CCA, as defined in [17] and chosen ciphertext attack in the post processing mode (or adaptive CCA, as defined in [20]) If the encryption scheme Enc is used as part of a combined scheme (Enc, Sig) as in Definition 3 above, we may augment the encryption scheme adversary by allowing it to make use of Sig in its attack. This may be formalized with the following augmented encryption scheme attack scenario: ....

C. Racko# and D. Simon, Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack, Adv. in Cryptology -- Proc. of Crypto '91, pp. 433-444.

....Laboratory. Email: sho zurich.ibm.com 1 Introduction It is generally considered that the right notion of security for security for a general purpose public key encryption scheme is that of security against adaptive chosen ciphertext attack. This notion was introduced by Racko and Simon [RS]. While there are weaker notions of security, such as that de ned by Naor and Yung [NY2] experience in the design and analysis of cryptographic protocols has shown that security against adaptive chosen ciphertext attack is both necessary and sucient in many applications. Dolev, Dwork, and Naor ....

C. Racko and D. Simon. Non-interactive zero knowledge proof of knowledge and chosen ciphertext attacks. In Proc. CRYPTO '91, Springer Verlag LNCS, 1991.

....an adaptive chosen message attack the adversary is not able to forge a signature for any message whatsoever not used during the attack. The strongest security definition for a public key cryptosystem, proposed by Rackoff and Simon, is semantic security against an adaptive chosen ciphertext attack [72]. The adversary must specify two plaintexts m 0 and m 1 , receives encryptions of m 0 and m 1 in random order, and must guess which encryption belongs to which plaintext. The adversary also has access to a decryption oracle, before and after specifying m 0 and m 1 , of course with the (only) ....

C. Rackoff and D. Simon, Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack, Advances in Cryptology --- CRYPTO '91, Lecture Notes in Computer Science, vol. 576, pp. 377--391, SpringerVerlag, 1991.

....also a special case of our general theory. 1 Introduction It is generally considered that the right notion of security for security for a general purpose public key encryption scheme is that of security against adaptive chosen ciphertext attack. This notion was introduced by Racko and Simon [8]. While there are weaker notions of security, such as that de ned by Naor and Yung [6] experience in the design and analysis of cryptographic protocols has shown that security against adaptive chosen ciphertext attack is both necessary and sucient in many applications. Dolev, Dwork, and Naor [4] ....

C. Racko and D. Simon. Non-interactive zero knowledge proof of knowledge and chosen ciphertext attacks. In: Proc. CRYPTO '91, Springer Verlag LNCS, 1991.

....The scheme is quite practical, and the proof of security relies only on standard intractability assumptions. 1 Introduction In this paper, we present and analyze a new public key cryptosystem that is provably secure against adaptive chosen ciphertext attack (as defined by Rackoff and Simon [13]) The scheme is quite practical, requiring just a few exponentiations over a group, and the application of a hash function. Moreover, the proof of security relies only on standard intractability assumptions, namely, the hardness of the Diffie Hellman decision problem in the underlying group, and ....

....allowing the adversary to decrypt ciphertexts of his choice. Typically, one distinguishes between a weak form of this attack, known as a lunch time attack (defined by Naor and Yung [12] and the strongest possible form, known as an adaptive chosen ciphertext attack (defined by Rackoff and Simon [13]) In a lunch time attack, the adversary queries the decryption oracle some number of times, after which, he obtains the target ciphertext that he wishes to cryptanalyze, and is not allowed to query the decryption oracle further. In an adaptive attack, the adversary may continue to query the ....

C. Rackoff and D. Simon. Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology--Crypto '91, pages 433--444, 1991.

....There are various schemes that are designed to meet these goals separately. In the public key setting, asymmetric encryption schemes are designed to provide privacy, while (digital) signature schemes are designed to provide authenticity. Well de ned formal security notions for encryption schemes [9, 15, 7] and signature schemes [10] exist, and schemes have been analyzed according to those notions. Recently, there have been rising interests in combining these schemes in such a way that the goals of both privacy and authenticity are met at the same time [12, 17, 14, 11] However, schemes that are ....

C. Racko and D. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In J. Feigenbaum, editor, Crypto'91, volume 576 of LNCS. Springer-Verlag, Berlin Germany, Aug. 1991.

....out attacks that would eciently scale to larger sizes of keys. For public key encryption schemes, it is widely agreed that the right notion of security for a scheme intended for general purpose use is that of security against adaptive chosen ciphertext attack. This notion was introduced in [RS91], and implies other useful properties, like non malleability. See [DDN91, DDN98, BDPR98] for further discussion. In this document, this will be the relevant notion of security used for judging the security of an encryption scheme. 3 1.4 A summary of submissions and proposed schemes In this ....

....one can exhibit an even tighter security reduction) A small distinguishing advantage implies that the adversary will not behave signi cantly di erently when this substitution is made. See [BBM00] for more details. This de nition, in slightly di erent form, was rst proposed by Racko and Simon [RS91]. It is generally agreed in the cryptographic research community that this is the right security property for a general purpose public key encryption scheme. This notion of security implies other useful properties, like non malleability. See [DDN91, DDN98, BDPR98] for more on notions of security ....

C. Racko and D. Simon. Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology{Crypto '91, pages 433-444, 1991.

....i.e. where one global escrow key can decrypt ciphertexts encrypted under any public key. To argue about the security of our IBE system we de ne chosen ciphertext security for identitybased encryption. Our model gives the adversary more power than the standard model for chosen ciphertext security [29, 1]. The reason is that while mounting a chosen ciphertext attack on the public key ID, the attacker can obtain from the PKG the private key of some public key ID 0 6= ID. This private key might help the attacker. Hence, during the chosen ciphertext attack we allow the attacker to obtain the ....

....key generated by algorithm Extract when it is given ID as the public key, then 8M 2 M : Decrypt(params; C; d) M where C = Encrypt(params; ID; M) Chosen ciphertext security. Chosen ciphertext security (IND CCA) is the standard acceptable notion of security for a public key encryption scheme [29, 1, 10]. Hence, it is natural to require that an identity based encryption scheme also satisfy this strong notion of security. However, the de nition of chosen ciphertext security must be strengthened a bit. The reason is that when an adversary attacks a public key ID in an identity based system, the ....

[Article contains additional citation context not shown here]

C. Racko, D. Simon, \Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack", in proc. Crypto '91, pp. 433-444, 1991.

No context found.

C. Rackoff and D. Simon, "Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack," Advances in Cryptology -- Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.

No context found.

C. Rackoff and D. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In J. Feigenbaum, editor, Advances in Cryptology -- CRYPTO'91, volume 576 of Lecture Notes in Computer Science. Springer-Verlag, Berlin Germany, Aug. 1991.

No context found.

Rackoff, C., and Simon, D. Non-interactive Zero Knowledge Proof of Knowledge and Chosen Ciphertext Attacks. In Advances in Cryptology -- CRYPTO '91 (Santa Barbara, California, USA, August 1991), J. Feigenbaum, Ed., vol. 576 of Lecture Notes in Computer Science, Springer-Verlag, pp. 433--444.

No context found.

C. Rackoff and D. Simon, Non-Interactive Zero-Knowledge Proofs of Knowledge and Chosen-Ciphertext Attack, in Proc. of CRYPTO 91.

No context found.

C. Rackoff and D. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. Advances in Cryptology -- Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.

No context found.

C. Rackoff and D. R. Simon. Noninteractive Zero-knowledgeProof of Knowledge and Chosen Ciphertext Attack. In J. Feigenbaum, editor, CRYPTO'91, Lecture Notes in Computer Science 576, pages 433--444, 1991.

No context found.

C. RACKOFF AND D. SIMON, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Advances in Cryptology -- Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.

No context found.

C. Rackoff and D. R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Crypto '91, LNCS 576, Springer-Verlag, Berlin 1992, 433-444.

No context found.

C. Rackoff and D. Simon, \Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack." Advances in Cryptology { CRYPTO '91, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.

No context found.

C. Rackoff and D.R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypto91, Springer-Verlag Lecture Notes in Computer Science (Vol. 576), pages 433--444.

No context found.

C. Rackoff, D. Simon. Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology -- CRYPTO '91, (Lecture Notes in Computer Science 576), pp. 433--444, 1991

No context found.

C. Rackoff and D. R. Simon, "Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack," in Advances in Cryptology: CRYPTO '91 (J. Feigenbaum, ed.), vol. 576 of Lecture Notes in Computer Science, pp. 433--444, Springer, 1992.

No context found.

C. Rackoff and D. Simon. Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology---CRYPTO '91, pp. 433--444, 1991.

No context found.

C. Rackoff and D. R. Simon, "Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack," in Advances in Cryptology: CRYPTO '91 (J. Feigenbaum, ed.), vol. 576 of Lecture Notes in Computer Science, pp. 433--444, Springer, 1992.

No context found.

C. Rackoff and D. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Advances in Cryptology - CRYPTO '91, volume 576 of Lecture Notes in Computer Science, pages 433-444. Springer-Verlag, 1992.

No context found.

C. Rackoff, D. R. Simon, Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack, Crypto '91, LNCS 576, Springer-Verlag, 1992, 433--444

No context found.

C. Rackoff and D. R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology: CRYPTO '91, volume 576 of Lecture Notes in Computer Science, pages 433--444. Springer, 1992.

No context found.

C. RACKOFF AND D. SIMON, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Advances in Cryptology -- Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.

No context found.

C. RACKOFF AND D. SIMON, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Advances in Cryptology -- Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.

No context found.

C. Rackoff and D. R. Simon, "Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack," in Advances in Cryptology - CRYPTO '91, 11th Annual International Cryptology Conference, ser. LNCS, J. Feigenbaum, Ed., vol. 576. Santa Barbara, California: Springer-Verlag, Aug. 1991, pp. 433--444.

No context found.

C. Rackoff and D.R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypto91, Springer-Verlag Lecture Notes in Computer Science (Vol. 576), pages 433--444.

No context found.

C. Rackoff and D. Simon, "Non-interactive zero-knowledge proof of knowledge and chosen-ciphertext attacks," in Advances in Cryptology - Proceedings 18 of Crypto'91, Lecture Notes in Computer Science, Vol.576 (J. Feigenbaum, ed.), pp. 433--444, Springer-Verlag, 1992.

No context found.

C. Rako and D. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Advances in Cryptology - CRYPTO '91, volume 576 of LNCS, pages 433-444, Springer-Verlag, 1992.

No context found.

C. RACKOFF AND D. SIMON, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Advances in Cryptology -- Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC