D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Advances in Cryptology --- Eurocrypt '92.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....between our model and the computational one is not that signi cant. Moreover, in the general context of secure multi party computation, information theoretic VSS provides better round eciency than the alternative zeroknowledge proof methodology on which most computationally secure protocols rely [30, 5, 15]. Indeed, as noted above, our results can be used to improve the exact round complexity of computationally secure protocols which rely on information theoretic VSS (such as [6] Multicast is a very important practical problem in many of today s Internet applications (e.g. video on demand, news ....

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Eurocrypt '92, pp. 307-323, 1992. LNCS No. 658.

....has already received several encrypted messages. Learning the player s secret key will (in general) allow the adversary to read all past messages, thereby making it much harder to prove any simulationbased notion of security. In all known adaptively secure non interactive encryption schemes (e.g. [4, 11, 5, 13]) the size of the decryption key must exceed the total length of all messages to be decrypted throughout the lifetime of the system. Furthermore, Nielsen has recently shown that this property is essential for encryption schemes that are not key evolving [33] this holds even if the model itself ....

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Eurocrypt '92, LNCS vol. 658, pp. 307--323, Springer-Verlag, 1992.

....the communication. In the non adaptive model standard ChosenCiphertext Attack secure encryption [ddn91,cs98,s99] or even plain semantically secure encryption [gm84] if used appropriately) is su#cient. To obtain adaptively secure encryption, it seems that one needs to either trust data erasures [bh92], or use considerably more complex constructs [cfgn96,b97,dn00] Clearly, adaptive security implies non adaptive security, under any reasonable definition of security. However, is adaptive security really a stronger notion than non adaptive security Some initial results (indicating clear ....

D. Beaver and S. Haber, "Cryptographic Protocols Provably secure Against Dynamic Adversaries", Eurocrypt, 1992.

.... parties that have locally deviated from the protocol (say, by not erasing data that is supposed to be erased) If uncorrupted parties are trusted to carry out even unverifiable instructions such as erasing local data then adaptively secure computation can be carried out using known primitives [F, BH]. However, this trust may be unrealistic in many scenarios. We thus consider parties that, even when uncorrupted, internally deviate slightly from their protocols. We call such parties semi honest. Several degrees of internal deviation from the protocol are examined with the main focus on parties ....

....of 1 (or vice versa) This task is impossible if a standard encryption scheme (i.e. an encryption scheme where no ciphertext can be a legal encryption of both 1 and 0 ) is used. We remark that Feldman, and independently Beaver and Haber, have suggested to solve this problem as follows [F, BH]. Instruct each party to erase (say, at the end of each round) all the information involved with encrypting and decrypting of messages. If the parties indeed erase this data, then the adversary will no longer see, upon corrupting a party, how past messages were encrypted and decrypted. Thus the ....

[Article contains additional citation context not shown here]

D. Beaver and S. Haber, "Cryptographic Protocols Provably secure Against Dynamic Adversaries", Eurocrypt, 1992.

....functionality F sc to allow proving security of the above general form of protocol gsc. We modify protocol gsc by replacing the generic use of a semantically secure encryption scheme with the following more speci c encryption mechanism. This mechanism is reminiscent of that of Beaver and Haber [bh92] where it was suggested for a similar purpose. This mechanism puts a bound t on the total number of bits to be communicated by each party in the session. Initially, each party uses a pseudorandom number generator G to expand the encryption key e to two pads of length t each. Next, e is ....

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Advances in Cryptology | Eurocrypt '92, LNCS No. 658, Springer-Verlag, 1992, pages 307-323.

.... to ask whether adaptive security can also be obtained in the computational setting If one is willing to trust that honest players can erase sensitive information such that the adversary can find no trace of it, should he break in, then such adaptive security can be obtained quite e#ciently [5]. Such secure erasure can be too much to hope for in realistic scenarios, and one would like to be able to do without them. But without erasure, protocols such as the one from [15] is not known to be adaptively secure. The original simulation based security proof for [15] fails completely against ....

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Rainer A. Rueppel, editor, Advances in Cryptology - EuroCrypt '92, pages 307--323, Berlin, 1992. Springer-Verlag. Lecture Notes in Computer Science Volume 658.

....secure channels without erasures In erasure enabled adaptive threshold cryptosystems (for example our threshold Cramer Shoup of Sec. 6) we can assume secret communication between players because they can be implemented in that model with an inexpensive technique due to Beaver and Haber [BH92] However, if erasures are not allowed, implementing secure channels is more complicated. The problem arises because the adversary can tap all the channels and see all the ciphertexts passed between players. When the adaptive adversary corrupts a party, he expects to see cleartexts that ....

D. Beaver and S. Haber. Cryptographic protocols provably secure againts dynamic adversaries. In Advances in Cryptology|EUROCRYPT 92, 1992.

.... are all proven secure with respect to a non adaptive adversary who must choose which participants to corrupt before protocol execution begins (this is the type of adversary we consider here) Many recent works have dealt with stronger classes of adversaries, including adaptive adversaries [1, 5] who may corrupt participants at any time during the protocol based on its entire history. Proactive systems [38] consider adversaries who may corrupt up to k 1 participants during any single time period. We refer the reader elsewhere for exhaustive references (e.g. 25, 33] The ....

D. Beaver and S. Haber. Cryptographic Protocols Provably Secure Against Dynamic Adversaries. Eurocrypt '92.

....proactive systems (e.g. 16, 6, 15] and key exchange protocols with key expiration and the related notion of perfect forward secrecy [9] In our construction of forward secure signatures we use forward secure pseudorandom generators. Such generators have been used in di erent contexts, e.g. [2, 6], and have simple realizations based on regular pseudorandom generators or pseudorandom functions. A formalization of this notion can be found in [4] Here we describe them informally and point to one simple (generic) construction (other implementations are possible) A forward secure ....

Beaver, D., and Haber, S., \Cryptographic protocols provably secure against dynamic adversaries", Eurocrypt '92, LNCS No. 658, pages 307-323.

....our model and the computational one is not that significant. Moreover, in the general context of secure multi party computation, information theoretic VSS provides better round efficiency than the alternative zeroknowledge proof methodology on which most computationally secure protocols rely [30, 5, 15]. Indeed, as noted above, our results can be used to improve the exact round complexity of computationally secure protocols which rely on information theoretic VSS (such as [6] Multicast is a very important practical problem in many of today s Internet applications (e.g. video on demand, news ....

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Eurocrypt '92, pp. 307--323, 1992. LNCS No. 658.

....communication. In the non adaptive model standard Chosen Ciphertext Attack secure encryption [ddn91, cs98, s99] or even plain semantically secure encryption [gm84] if used appropriately) is su#cient. To obtain adaptively secure encryption, it seems that one needs to either trust data erasures [bh92], or use considerably more complex constructs [cfgn96, b97, dn00] Clearly, adaptive security implies non adaptive security, under any reasonable definition of security. However, is adaptive security really a stronger notion than non adaptive security Some initial results (indicating clear ....

D. Beaver and S. Haber, "Cryptographic Protocols Provably secure Against Dynamic Adversaries ", Eurocrypt, 1992.

....instructions in the protocol, thereby enabling the parties to remove sensitive data from their local state when this data is no longer necessary. Indeed, timely erasures of sensitive data can greatly simplify the design and analysis of protocols. The case of encryption is an instructive example [bh92, cfgn96]. However, basing the security of a protocol on such erasures is often problematic. One reason is that in real world systems erasures do not always work: System backups are often hard to prevent (they are even made without a protocol s knowledge) and retrieving data that was stored on magnetic ....

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Advances in Cryptology --- Eurocrypt '92, LNCS No. 658, Springer-Verlag, 1992, pages 307--323.

No context found.

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Advances in Cryptology --- Eurocrypt '92.

No context found.

D. Beaver and S. Haber. Cryptographic Protocols Provably Secure Against Dynamic Adversaries. in Advance in Cryptology-Eurocrypt 1992, LNCS 658, pp. 307-323, 1992.

No context found.

D. Beaver and S. Haber. Cryptographic Protocols Provably Secure Against Dynamic Adversaries. Adv. in Cryptology --- Eurocrypt

No context found.

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. Eurocrypt '92, LNCS 658, Springer-Verlag, Berlin 1993, 307323.

No context found.

D. Beaver and S. Haber. Cryptographic Protocols Provably secure Against Dynamic Adversaries. In Eurocrypt92, preproceedings 281--297.

No context found.

Donald Beaver and Stuart Haber. Cryptographic protocols provably secure against dynamic adversaries. In Rainer A. Rueppel, editor, Advances in Cryptology - EuroCrypt '92, pages 307--323, Berlin, 1992. Springer-Verlag. Lecture Notes in Computer Science Volume 658.

No context found.

D. Beaver, S. Haber, Cryptographic Protocols Provably Secure Against Dynamic Adversaries, Eurocrypt '92, LNCS 658, Springer-Verlag, 1993, 307--323

No context found.

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Eurocrypt '92, LNCS vol. 658, pp. 307--323, Springer-Verlag, 1992.

No context found.

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Advances in Cryptology: EUROCRYPT '92, volume 658 of Lecture Notes in Computer Science, pages 307--323. Springer, 1992.

No context found.

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Advances in Cryptology: EUROCRYPT '92, volume 658 of Lecture Notes in Computer Science, pages 307--323. Springer, 1992.

No context found.

D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In Eurocrypt '92, LNCS vol. 658, pp. 307--323, Springer-Verlag, 1992.

No context found.

D. Beaver and S. Haber. Cryptographic Protocols Provably secure Against Dynamic Adversaries. In Eurocrypt92, preproceedings 281--297.

No context found.

D. Beaver and S. Haber. Cryptographic protocols provably secure againts dynamic adversaries. In Advances in Cryptology| EUROCRYPT 92. Springer-Verlag, 1992.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC