Citations: Applications of Multilinear Forms to Cryptography

27 citations found. Retrieving documents...

Dan Boneh and Alice Silverberg. Applications of multilinear forms to cryptography. Contemporary Mathematics, 324:71--90, 2003.

Home/Search Document Details and Download Summary Related Articles Check

This paper is cited in the following contexts:

First 50 documents

The Cryptographic Impact of Groups with Infeasible Inversion - Hohenberger (2003) (3 citations) (Correct)

.... signature schemes [16] Happily there exist bilinear forms, with a reasonable assumed security, that can be found using elliptic curves [33] Boneh and Silverberg recently motivated the search for realizable multilinear forms by a laundry list of cryptographic problems that they can solve [14]. Further interesting information on multilinear forms can be found online at the Pairing Based Crypto Lounge [4] including their relation to the classic Die Hellman problem [19] In our initial search for directed transitive signature schemes, multilinear forms appeared very promising; although ....

....transfer is an example of secure function evaluation. The rst de nition for secure computation was given by Micali and Rogaway in 1991 [42] Multilinear Forms (ML) Boneh and Silverberg introduced the concept of multilinear forms on groups for cryptography and gave motivating applications[14]. We say a map e : G 1 G 2 is an n multilinear map if it satis es the following properties: 1) G 1 and G 2 are groups of the same prime order. 2) If 1 ; n 2 Z and x 1 ; x n G 1 , then e(x 1 1 ; x n n ) e(x 1 ; x n ) 1 : n . 3) The map ....

[Article contains additional citation context not shown here]

D. Boneh and A. Silverberg. Applications of Multilinear Forms to Cryptography, 2002. Available from http://eprint.iacr.org.

Tate-Pairing Implementations for Tripartite Key Agreement - Duursma, Lee (2003) (2 citations) (Correct)

....or more parties share a secret key is getting more important as group communications on open networks are increasing. Therefore there have been many attempts to extend the well known two party Die Hellman key exchange protocol [DH76] to the multi party setting [BD95] STW96] AST98] BW98] [BS02]. In the following section, we present an n round key agreement protocol for any N participants, where 3 ; n 1. The case of N = 3 is done by Joux s one round protocol [J00] 8 A group key agreement protocol We assume that N participants want to share a common secret, for 3 N 3 ; n ....

D. Boneh and A. Silverberg, \Applications of multilinear forms to cryptography," To appear in Contemporary Mathematics, American Mathematical Society. See also Cryptology ePrint Archive: Report 2002/080.

An n-party Key Agreement Scheme using Bilinear Map - Barua, Dutta, Sarkar (2003) (Correct)

....proposed a new protocol for authenticated key agreement. There have been a number of proposals for authenticated and unauthenticated key agreement [15] 18] 7] Among the previously known multi party key agreement protocols only two protocols have number of rounds less than our protocol. In [4], Boneh and Silverberg proposed a single round multi party key agreement protocol. This protocol is based on the existence of multi linear maps. Currently, no such suitable maps are known and it seems unlikely that such maps can even be found [4] The other protocol which requires less number of ....

....have number of rounds less than our protocol. In [4] Boneh and Silverberg proposed a single round multi party key agreement protocol. This protocol is based on the existence of multi linear maps. Currently, no such suitable maps are known and it seems unlikely that such maps can even be found [4]. The other protocol which requires less number of rounds is due to Burmester and Desmedt [5] This is an unauthenticated protocol and requires two rounds. However, the computation complexity is higher and the total number of exponentiations required is around n . Also it is dicult to convert ....

D. Boneh and A. Silverberg. Applications of Multilinear forms to Cryptography, Report 2002.

Applications of Bilinear Maps in Cryptography - Gagné (2002) (1 citation) (Correct)

....above can be executed in times comparable to other encryption and signature schemes. An interesting line for further research would be to find a way to implement multilinear maps, i.e. maps linear in more than two components. This topic has already been explored by Boneh and Silverberg in [7]. They give several interesting applications of such multilinear maps, but also give some evidence that the imple mentation of such maps may require genuinely new techniques. It would also be interesting to see if bilinear maps can be implemented using a technique other than pairings on abelian ....

D. Boneh and A. Silverberg. Applications of Multilinear Forms to Cryptography, Cryptology ePrint Archive, Report 2002.

Multi-Party Authenticated Key Agreement Protocols From.. - Lee, Lee, Lee (2002) (2 citations) (Correct)

....of Mathematics, Ewha Womans University, Seoul, Korea Abstract. Joux [10] presented a one round protocol for tripartitie key agreement and Al Riyami et.al. 15] developed a number of tripartitie, one round, authenticated protocols related to MTI and MQV protocols. Recently, Boneh and Silverleg [4] studied multilinear forms, which provides a one round multi party key agreement protocol. In this paper, we propose (n 1) types of one round authenticated multi party key agreement protocols from multilinear forms based on the application of MTI and MQV protocols. Keywords : Multilinear forms, ....

....is based on the ideas from Joux s protocol and MTI [14] H.S.Lee was supported by KOSEF grant No. R06 2002 012 01001. H.K.Lee and Y.R.Lee was supported by Brain Korea 21 Project. e mail : hokyu dreamwiz.com, hsl ewha.ac.kr, panic ewha.ac.kr. and MQV [12] protocols. Recently, Boneh and Silverberg [4] studied the problem of finding e#ciently computable non degenerate multilinear maps and presented several applications to cryptography using multilinear forms. The e#ciently computable multilinear forms would enable one round multi party key exchange, a unique signature scheme and secure ....

[Article contains additional citation context not shown here]

D. Boneh and A. Silverberg, Applications of Multilinear forms to Cryptography, Report 2002.

Signature Schemes and Applications to Cryptographic Protocol.. - Lysyanskaya (2002) (6 citations) (Correct)

....is preferable as far as eciency is concerned. This is because our construction is direct, while they rst give a unique signature for short messages, then show how to construct a VRF and a unique signature of arbitrary length from that. Reducing the length of signatures. Boneh and Silverberg [BS02] point out that, if the language L( q; g) fg yn ; g i=1 y i g is eciently decidable, then the signature does not need to contain the labels of the intermediate nodes. i.e. to sign a message M , m = C(M ) it is sucient to give s = g i=1 a i;m i . This reduces the length of a ....

....intermediate nodes. i.e. to sign a message M , m = C(M ) it is sucient to give s = g i=1 a i;m i . This reduces the length of a signature by a factor of n. However, nding groups where L( q; g) is eciently decidable, and yet the Many DH Assumption is still reasonable, is an open question [BS02] On the need for an error correcting code. The reason that the construction uses an error correcting code is purely a technical tweak that allows the signature scheme to be provable under the Many DH assumption. In order to contradict the assumption, we reduce an instance of the Many DH problem ....

Dan Boneh and Alice Silverberg. Applications of multilinear forms to cryptography. Manuscript obtained by personal communication, 2002.

Unique Signatures and Veriable Random Functions - Lysyanskaya (2002) (8 citations) (Correct)

....is preferable as far as eciency is concerned. This is because our construction is direct, while they rst give a unique signature for short messages, then show how to construct a VRF and a unique signature of arbitrary length from that. Reducing the length of signatures. Boneh and Silverberg [BS02] point out that, if the language L( q; g) fg yn ; g i=1 y i g is eciently decidable, then the signature does not need to contain the labels of the intermediate nodes. i.e. to sign a message M , m = C(M ) it is sucient to give s = g i=1 ai;m i . This reduces the length of a signature ....

....the intermediate nodes. i.e. to sign a message M , m = C(M ) it is sucient to give s = g i=1 ai;m i . This reduces the length of a signature by a factor of n. However, nding groups where L( q; g) is eciently decidable, and yet the Many DH Assumption is still reasonable, is an open question [BS02]. 6 Proof of Security for the Unique Signature In this section, we show how to reduce breaking the Many DH problem to forging a signature of the construction in Section 5. First, we show the following lemma: Lemma 1. Suppose Verify( q; g) fA i;b g 1 i n;b2f0;1g ) m; s 1 ; s n ) ....

Dan Boneh and Alice Silverberg. Applications of multilinear forms to cryptography. Manuscript obtained by personal communication, 2002.

A Fully Collusion Resistant Broadcast, Trace, and Revoke .. - Stanford University.. (2006) Self-citation (Boneh) (Correct)