Ivan Bjerre Damgard: Collision Free Hash Functions and Public Key Signature Schemes; Eurocrypt '87, LNCS 304, Springer-Verlag, Berlin 1988, 203--216.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....the encrypted message (such as a string of zeros at the end, although this is a rather weak form) After deciphering, the recipient only outputs the message if it is correct; moreover, one has to check for duplicates. For special measures against active attacks on the EIGamal cryptosystem, see [6, 11]. In the given scenario, the recipient under attack can be any mix M i . Hence there must be redundancy in the result any M i obtains after its operation. With all known scheme, this makes the total length of the ciphertext proportional to the number of mixes again, which [8] tried to avoid. 4.4 ....

Ivan Damgd: Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks; CRYFrO '91, Springer-Verlag, Berlin 1992, 445-456.

....we rigorously define a real system for labeled certified mail. Recall that we already sketched and explained the system in Section 2. 6.1 More Details about the Primitives Used A signature scheme is a triple of algorithms (gen S ; sign; test) We assume w.l.o.g. that the message space is [D88] and f0; 1g . We use slightly abbreviated notation: We write (sign u ; test u ) gen S (1 k ) for the generation of a signing key and a test key based on a security parameter k. By sig sign u (m) we denote a signature on the message m, including m itself. More precisely, we assume that ....

.... distribution of the pair (c; r ) in (c; r) comr u (m) r trans u (c; m; r; m ) equals that in (c; r ) comr u (m ) 3 For example, we can use the commitment scheme from [BCP88, CHP92, P92] with a chameleon extension combined with a family of collision resistant hash functions [D88] In the basic scheme, key generation means to randomly choose a k bit prime q and a k 0 (k) bit prime p with qj(p 1) for a function k 0 determining a suitable second security parameter) a generator g of the unique subgroup G q of order q in Z p and x R Z q , and to set h = g ....

Ivan Bjerre Damgard: Collision free hash functions and public key signature schemes; Eurocrypt '87, LNCS 304, Springer-Verlag, Berlin 1988, 203--216.

....we only have to de ne the intended structure (M ; S ) and the trust model, but for readability of 40 We repeat the security de nitions in more detail in Section 6.5. If the original scheme has a too small message space, a combination with a collision free hash functions retains security [Damg 88] 41 We even assume that it is a pair of the message and the actual signature which can be uniquely decomposed. Then sig uniquely determines m independently of the key. Otherwise more complicated message formats would be needed below, which is a waste of bandwidth in the standard case. 42 We ....

Ivan Bjerre Damgard: Collision free hash functions and public key signature schemes; Eurocrypt '87, LNCS 304, Springer-Verlag, Berlin 1988, 203-216.

....in G is mainly one modular multiplication, since the exponent of 4 is 0 or 1, and a multiplication by 4 can be replaced by shifts and subtractions. We can choose any fixed message length r; long messages are hashed before signing. Since even the hash functions as secure as factoring from [D88] take only one multiplication per message bit, i.e. not more than signing or testing, one should always hash messages as short as possible. Thus r is determined by the size of the output of the hash function. In the following table of the efficiency of signing one message block, we assume r = k. ....

Ivan Bjerre Damgård: Collision free hash functions and public key signature schemes; Eurocrypt '87, LNCS 304, Springer-Verlag, Berlin 1988, 203-216.

....by a user as they are subject to the user configuration. This allows high flexibility and adaptability to future needs. Among the available mechanisms are: Encipherment mechanisms like DES, G DES [5] RSA encipherment [6] 8 , electronic signature mechanisms like RSA, ElGamal [7] and Damg rd [8] signatures, DSS [9] the crypto world s first provably secure 9 electronic signature mechanism GMR [10] etc. hash 8 To avoid active attacks, RSA encipherment is improved by a redundancy predicate. 9 Provably secure here means: provable under the assumption that factoring large integers is ....

....large integers is hard. No other unproven assumption is needed in contrast to many other electronic signature mechanisms like RSA, El Gamal, DSS, etc. Security for decentralized information systems 8 functions based on any blockcipher available and cryptographically collision free ones [8] and cryptographically strong pseudo random number generators like the one presented by Blum, Blum, and Shub [11] Acknowledgement I would like to thank Birgit Pfitzmann, Joachim Biskup and Andreas Pfitzmann for fruitful discussions. Thilo Baldin did an excellent job on designing and ....

Ivan Bjerre Damgård: Collision free hash functions and public key signature schemes; Eurocrypt '87, LNCS 304, Springer-Verlag, Berlin 1988, 203-216.

No context found.

Damg_90 Ivan Bjerre Damgård: Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals; Crypto '88, LNCS 403, Springer-Verlag, Berlin 1990, 328-335.

No context found.

Damg_90 Ivan Bjerre Damgård: Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals; Crypto '88, LNCS 403, Springer-Verlag, Berlin 1990, 328-335.

No context found.

Ivan Bjerre Damgard: Collision Free Hash Functions and Public Key Signature Schemes; Eurocrypt '87, LNCS 304, Springer-Verlag, Berlin 1988, 203--216.

No context found.

Damg_88 Ivan Bjerre Damgrd: Collision free hash functions and public key signature schemes; Eurocrypt '87, LNCS 304, Springer-Verlag, Berlin 1988, 203-216.

No context found.

Damg_92 Ivan Damgård: Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks; Crypto '91, LNCS 576, Springer Verlag, Berlin 1992, 445-456.

No context found.

Damg_88 Ivan Bjerre Damgård: Collision free hash functions and public key signature schemes; Eurocrypt '87, LNCS 304, Springer-Verlag, Berlin 1988, 203-216.

No context found.

Damg1 90 Ivan Bjerre Damgård: Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals; Crypto '88, LNCS 403, Springer-Verlag, Berlin 1990, 328-335.

No context found.

Damg_88 Ivan Bjerre Damgård: Collision free hash functions and public key signature schemes; Eurocrypt '87, LNCS 304, Springer-Verlag, Berlin 1988, 203-216.

No context found.

Damg_88 Ivan Bjerre Damgård: Collision free hash functions and public key signature schemes; Eurocrypt '87, LNCS 304, Springer-Verlag, Berlin 1988, 203-216.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC