Shafi Goldwasser and Mihir Bellare. Lecture Notes on Cryptography. Summer Course "Cryptography and Computer Security " at MIT, 1996.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....key X,evenifallkeys K 0 ,K 1 , K w 1 are known. Without the secret master key , it is computationally intractable for an attacker to derive a key K i that the sender has not yet disclosed. To construct the PRF function F , we can use a pseudo random permutation, i.e. a block cipher [14], or a message authentication code, such as HMAC [4] The sender selects a key expiration interval I , and thus determines a schedule with which each of its keys will expire. Specifically, key K 0 expires at time 0 ,keyK 1 expires at time 1 = 0 I, key K i expires at time i = i 1 I = 0 ....

Shafi Goldwasser and Mihir Bellare. Lecture Notes on Cryptography. Summer Course "Cryptography and Computer Security" at MIT, 1996.

....a secret master key of the PRF . The sender can then easily compute each key K i as K i = FX (i) Without the secret master key , it is computationally infeasible for an attacker to derive a key K j that the sender has not yet disclosed. The PRF function could be a block cipher [15] or a message authentication code such as HMAC [4] To authenticate the keys, we use the Merkle hash tree construction [27] Figure 2 shows the basic Merkle hash tree construction over the eight keys k 0 , k 1 , k 2 , k 7 . The sender places these keys at the leaves of a binary tree of ....

Shafi Goldwasser and Mihir Bellare. Lecture Notes on Cryptography. Summer Course "Cryptography and Computer Security" at MIT, 1996.

....bit string. Thus, H: 0, 1 0, 1 P, where O is the length in bits of the output of the hash function. The function H should be simple to compute yet must be computationally infeasible in general to invert. A more formal definition of one way hash functions is provided by Goldwasser and Bellare [11], and a number of such functions have been proposed, including MD5 [40] and SHA 1 [29] To create a one way hash chain, a node chooses a random initial value x C 0, 1 P and computes the list of values ho, hi, h2, h3, hn where ho x, and hi H(hi ) for 0 i n, for some n. The node at ....

Shaft Goldwasser and Mihir Bellare. Lecture Notes on Cryptography. Summer Course "Cryptography and Computer Security " at MIT, 1996.

No context found.

Shafi Goldwasser and Mihir Bellare. Lecture Notes on Cryptography. Summer Course "Cryptography and Computer Security " at MIT, 1996.

No context found.

Shafi Goldwasser and Mihir Bellare. Lecture Notes on Cryptography. Summer Course "Cryptography and Computer Security" at MIT, 1996.

No context found.

S. Goldwasser and M. Bellare. Lecture notes on cryptography. Summer Course "Cryptography and Computer Security" at MIT, 1996.

No context found.

S. Goldwasser and M. Bellare. Lecture notes on cryptography. Summer Course "Cryptography and Computer Security" at MIT, 1996--1999, 1999.

No context found.

Shafi Goldwasser and Mihir Bellare. Lecture Notes on Cryptography. Summer Course "Cryptography and Computer Security " at MIT, 1996.

No context found.

S. Goldwasser and M. Bellare. Lecture notes on cryptography. Summer Course "Cryptography and Computer Security" at MIT, 1996.

No context found.

Shafi Goldwasser and Mihir Bellare. Lecture notes on cryptography. Summer Course "Cryptography and Computer Security" at MIT, 1996.

No context found.

S. Goldwasser and M. Bellare. Lecture notes on cryptography. Summer Course "Cryptography and Computer Security" at MIT, 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC