V. Shoup, "A Proposal for an ISO Standard for Public Key Encryption (version 2.1)", December, 2001. Available at http://www.shoup.net/papers; Home/Search Document Details and Download
Summary Related Articles Check |
This paper is cited in the following contexts:
Concealment and its Applications to Authenticated Encryption - Dodis, An (2003) (5 citations) (Correct)
.... j j (log k) jH(h)j jhj (log k) and P is a strong PRP: m) hP K ( kH(h) G( mi. This remarkably simple scheme means that we can let the Card perform a single block cipher operation per call ASSOCIATED DATA. Finally, we briefly discuss extensions to supporting associated data [30, 26]. Intuitively, associated data allows one to bind a public label to the message. Viewing the label as part of the message is a possible solution, but the generalized view can bring non trivial efficiency gains, as was shown by [26] This extension is presented in more detail in Appendix B. ....
V. SHOUP, "A proposal for an ISO standard for public key encryption (version 2.1)," IACR E-Print Archive, 2001.
An overview of side-channel attacks on the asymmetric NESSIE.. - Dent, Dottax (2002) (Correct)
....is vulnerable to an error message attack but note that ECIES KEM is even less likely then PSEC KEM to be attacked in this manner. There is no known error message attack on ACE KEM. However there exists some small scope for such an attack within the decapsulation process (acknowledged by Shoup in [7]) The decapsulation process checks equality of two seperate equation and it is technically possible that if an attacker could decide which equation had caused decapsulation to fail then they might be able to derive some information about some key. It seems unlikely that a theoretical attack can ....
....is also unusual because the attacker need only has access to the side channel it is not necessary for the attacker have access to a decryption oracle and indeed a decryption oracle wouldn t help the attack as most of the ciphertexts would be invalid. We describe how the attack works on KDF1 [7] (also known as MGF1) using the hash function SHA 1. Suppose that the hash function has an output length hLen and that a key of length is kLen is to be derived from a seed x. Let k = #kLen hLen# and let I2OS(#, l) be the function that converts the integer # into the l byte representation of #. ....
[Article contains additional citation context not shown here]
V. Shoup. `A Proposal for an ISO Standard for Public Key Encryption (version 2.0)'. http://www.shoup.net/, 2001. 18
An efficient hybrid encryption in standard model - Lu (2006) (Correct)
No context found.
V. Shoup, "A Proposal for an ISO Standard for Public Key Encryption (version 2.1)", December, 2001. Available at http://www.shoup.net/papers;
Revisit of chosen ciphertext secure public key encryption in.. - Lu, He, Li (2006) (Correct)
No context found.
V. Shoup, "A Proposal for an ISO Standard for Public Key Encryption (version 2.1)", December, 2001. Available at http://www.shoup.net/papers;
Achieving Anonymous Location-Based Services - Alisdair Mcdiarmid University (Correct)
No context found.
Victor Shoup, "A Proposal for an ISO Standard for Public Key Encryption (version 2.1)," http://www.shoup.net/papers/, December 2001.
On the Equivalence of Several Security Notions of Key.. - Nagao, Manabe, Okamoto (2006) (Correct)
No context found.
V.Shoup, "A Proposal for an ISO Standard for Public Key Encryption (version 2.1)," ISO/IEC JTC1/SC27, N2563, 2001 Dec. http://shoup.net/papers/.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC