M. Blum and S. Goldwasser, "An efficient probabilistic public-key encryption scheme which hides all partial information," Advances in Cryptology -- Crypto 84 Proceedings, Lecture Notes in Computer Science Vol. 196, R. Blakely ed., Springer-Verlag, 1984.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....secure assuming intractability of Quadratic Residuosity Problem in [5] and subsequently under the assumption that factoring Blum integers is hard (Assumption 4. 1) in [26] by adapting the techniques in [1] Note also that it is the basis for the Blum Goldwasser public key encryption scheme [6]. For simplicity of exposition , we choose to replace the LSB( Delta) hard core predicate with the Goldreich Levin B r ( Delta) The easy access problem arises when one notices that it is easy to access exponentially far away bits in the BBS pseudorandom pad. The question is whether the BBS pad ....

M. Blum and S. Goldwasser, An Efficient Probabilistic Public-key Encryption Scheme Which Hides All Partial Information, Advances in Cryptology - CRYPTO'84, Lecture Notes in Computer Science, vol. 196, Springer-Verlag, 1985, pp. 289--302.

....issues rather than cryptography because, obviously, encrypting X yields a different result than encrypting Y. However, by using a random initialization vector and CBC mode when encrypting, this assumption can be made to hold. These assumptions can be summarized as perfect encryption [22]. Shared key ciphers achieve their secrecy by diffusing the data out over the encrypted data, and by making the relationship between the key and the cipher text as complex as possible. Complex combinations of transposions and substitutions are repeatedly transforming the data under control of the ....

BLUM, M., AND GOLDWASSER, S. An efficient probabilistic public-key encryption scheme which hides all partial information. In Proceedings of Advances in Cryptology---Crypto'84 (1984), vol. 196 of Lecture Noets in Computer Science, Springer verlag.

....secure assuming intractability of Quadratic Residuosity Problem in [5] and subsequently under the assumption that factoring Blum integers is hard (Assumption 4. 1) in [24] by adapting the techniques in [1] Note also that it is the basis for the Blum Goldwasser public key encryption scheme [6]. For simplicity of exposition , we choose to replace the LSB( Delta) hard core predicate with the Goldreich Levin B r ( Delta) predicate [14] where B r (m) denotes the inner product, hm; ri mod 2) We obtain a generator which stretches an n bit seed, x 2 QN , to an bit pseudorandom string (and ....

M. Blum and S. Goldwasser, An Efficient Probabilistic Public-key Encryption Scheme Which Hides All Partial Information, Advances in Cryptology - CRYPTO'84, Lecture Notes in Computer Science, vol. 196, Springer-Verlag, 1985, pp. 289--302.

.... generator cannot be distinguished by a polynomial time algorithm from truly random sequences of the same length (such a generator is said to be perfect) Thus these generators can be used for constructing more efficient probabilistic encryption schemes, as first illustrated by Blum and Goldwasser [4] : Send the exclusive or of a message sequence with an output sequence of the same length of a pseudorandom number generator, together with a public key encryption of a random seed used . Consequently, cryptosystems constructed like this can be proved to be secure against any passive attacks ....

....the exclusive or of a message sequence with an output sequence of the same length of a pseudorandom number generator, together with a public key encryption of a random seed used . Consequently, cryptosystems constructed like this can be proved to be secure against any passive attacks (e.g. see [4] for detailed proof) and thus as far as passive attacks are concerned, the problem of constructing a secure public key cryptosystem is settled. Furthermore, the plaintext is only expanded by a constant factor in this case, the portion of public key encryption of a random seed used. Several ....

[Article contains additional citation context not shown here]

M.Blum and S.Goldwasser, "An efficient probabilistic public key encryption scheme which hides all partial information," Advances in Cryptology - Crypto'84, Lecture Notes in Computer Science vol.196, Springer-Verlag (1985), 289-299.

....Asymmetric Encryption Padding) However, their method was not applied to a (probabilistic) public key encryption scheme. Therefore, several (practical) public key encryption schemes lie outside the range of the OAEP conversion, e.g. the ElGamal, Blum Goldwasser, and Okamoto Uchiyama schemes [11, 5, 18]. 1.2 Classification of Encryption Scheme Security The strongest security notion in public key encryption is that of indistinguishability against adaptive chosen ciphertext attacks (IND CCA2) or non malleability against adaptive chosen ciphertext attacks (NM CCA2) In [4] Bellare, Desai, ....

....one way hash assumption and the decision Diffie Hellman assumption) but our scheme still has better efficiency, at least twice that of theirs. In addition, since our approach is generic, unlike the Cramer Shoup scheme, it can be adopted by other IND CPA secure schemes such as Blum Goldwasser [5] and Okamoto Uchiyama [18] schemes. Compared with the converted ElGamal scheme presented by Tsiounis and Yung [25] which is secure in the IND CCA2 (i.e. NM CCA2) sense, our converted one is at least twice as efficient as theirs under the same assumptions, the random oracle model and the decision ....

[Article contains additional citation context not shown here]

M. Blum, and S. Goldwasser, "An efficient probabilistic public-key encryption scheme which hides all partial information", Proceeding of CRYPTO'84, LNCS 196, Springer-Verlag, pp.289-299 (1985).

....decryption mechanism as well. A precise definition for these classical attacks is given in the next section. Furthermore, schemes for cryptosystems which are provably secure as factoring against a chosen plaintext attack such as the Blum Goldwasser efficient scheme for probabilistic encryption [6] are provably insecure against a chosen ciphertext attack. The same basis for its security [1] is the basis for its vulnerability to chosen ciphertext attacks. Previously, in order to construct message transmission systems secure against chosen ciphertext attacks, the public key model was ....

....f0; 1g p(n) D d (E e (b; r) b ffl Indistinguishability for all polynomial time machines M jProb[M(e; E e (0; r) 1] Gamma Prob[M(e; E e (1; r) 1]j 1 poly(n) where the probability is taken over the coin flips of G; E and M . For implementations of probabilistic encryption see [19, 1, 6, 35, 28]. From the hard core predicate results of Yao [35] Levin [25] and Goldreich and Levin [17] it follows that if there are public key cryptosystems which are secure in any reasonable sense (i.e. if the plaintext is chosen at random, then it is hard to completely retrieve it given only its ....

M. Blum and S. Goldwasser, An Efficient Probabilistic Public-key Encryption that Hides All Partial Information, Proc. of Crypto 84, pp. 289-299.

....ffl unmask: t Theta t t; ffl hash: t t; ffl aux hash: t Theta t t; 4. Conversion rules: ffl 8K : t; x : t; y : t, unmask(mask(K; x) y) K, if and only if x = y; ffl 8x : t; y : t, aux hash(x, hash(y) hash(unmask(x; y) Note that we make the Perfect Encryption Assumption [45, 12] in our framework. In its most basic form, this assumptions says that the only way to obtain any information from an encrypted message is to have the right decryption key. The conversion rule regarding mask and unmask specifies that a masked secret cannot be retrieved unless it is unmasked by the ....

M. Blum and S. Goldwasser. An efficient probabilistic public key encryption scheme which hides all partial information. In Advances in Cryptology - CRYPTO '84. Springer Verlag, 1984. LNCS no. 196.

....against active adversaries, we augment the abovementioned protocol of [39] by several additional mechanisms. Indeed, we use non malleable commitments [19] but in addition we also use a specific zero knowledge proof [41] ordinary commitment schemes [8] a specific pseudorandom generator (of [11, 46, 10]) and message authentication schemes (MACs) The analysis of the resulting protocol is very complicated, even when the adversary initiates a single session. As explained below, we believe that these 4 An alternative interpretation is to view the random oracle model literally. That is, assume ....

M. Blum and S. Goldwasser. An Efficient Probabilistic Public-Key Encryption Scheme which hides all partial information. In CRYPTO'84, Springer-Verlag (LNCS 196), pages 289--302.

....system has the property of indistinguishability: for all polynomial time machines M jProb[M(e; E e (0; r) 1] Gamma Prob[M(e; E e (1; r) 1]j 1 poly(n) where the probability is taken over the coin flips of GP , M and the choice of r. For implementations of probabilistic encryption see [1, 5, 15, 22, 30]. In particular, such schemes can be constructed from trapdoor permutations. Our version of semantic security is the following: Let R be a relation. We define two probabilities. Let A be an adversary that gets a key e and produces a distribution M on messages of length (n) by producing a ....

M. Blum and S. Goldwasser, An Efficient Probabilistic Public-key Encryption that Hides All Partial Information, Advances in Cryptology - Crypto 84, Lecture Notes in Computer Science No. 196, 1985 Springer Verlag, pp. 289-299.

....tree of [93, 95] the randomized encryption paradigm of [74] proof techniques as the hybrid argument of [74] cf. 62, Sec. 3.2.3] and many others. 3. Presentation of schemes which are suitable for practical applications: Typical examples include the public key encryption schemes of [21], the digital signature schemes of [50, 49] the session key protocols of [13, 14] and many others. Typically, it is quite easy to determine to which of the above categories a specific technical contribution belongs. Unfortunately, the classification is not always stated in the paper; however, ....

....long moduli. Then, encrypting n=2 bit messages by padding the message with n=2 random bits and applying RSA (with an n bit moduli) on the result constitutes a secure public key encryption system, hereafter referred to as Randomized RSA. An alternative public key encryption scheme is presented in [21]. The encryption scheme augments the construction of a pseudorandom generator, given in Section 3, as follows. The key generation algorithm consists of selecting at random a permutation p ff together with a trapdoor. To encrypt the n bit string x (using public key p ff ) the encryption algorithm ....

[Article contains additional citation context not shown here]

M. Blum and S. Goldwasser. An Efficient Probabilistic Public-Key Encryption Scheme which hides all partial information. In Crypto84, Lecture Notes in Computer Science (Vol. 196) Springer-Verlag, pages 289--302.

No context found.

M. Blum and S. Goldwasser. An Efficient Probabilistic Public-Key Encryption Scheme which Hides All Partial Information. in Proceedings of CRYPTO '84, Springer-Verlag, 1985, pp. 289-299.

No context found.

M. Blum and S. Goldwasser. An Efficient Probabilistic Public-Key Encryption Scheme which Hides All Partial Information. in Proceedings of CRYPTO '84, Springer-Verlag, 1985, pp. 289-299.

....following protocols and we won t mention it again. 7 A VTDKE scheme for RSA Many popular cryptosystems are based on factoring. Specifically, in these systems, the public key of the user is a composite modulus N product of two primes, and the secret key of the user is the prime factorization of N [RSA, BlGo, BeRo]. It is important to be able to accomplish VTDKE for such systems as well. In the solution for DH provided in Section 6 we seemed to use the properties of the discrete logarithm function quite strongly in the way we generated s 0 and s 1 . So it may not be clear a priori how we can get a VTDKE ....

M. Blum and S. Goldwasser. An efficient probabilistic public-key encryption that hides all partial information. Advances in Cryptology -- Crypto 84 Proceedings, Lecture Notes in Computer Science Vol. 196, R. Blakely ed., Springer-Verlag, 1984.

....coNP set. These preconditions are satisfied in certain encryption schemes, and in particular in the schemes known at the time the claim was made (e.g. plain RSA) but are not satisfied in probabilistic encryption schemes such as the Goldwasser Micali scheme [12] and the Blum Goldwasser scheme [5] (as well as in the recent lattice based schemes of [3, 11] We mention that probabilistic encryption is essential to security as defined in [12] Thus, Brassard s Claim does not rule out the possibility of basing cryptography (or even public key encryption) on the assumption that P 6= NP ....

....answer to the latter deems these efforts to be futile) In this note we present some extensions of Brassard s Claim. On one hand, these extensions do cover some probabilistic encryption public key encryption schemes (such as the Goldwasser Micali scheme [12] and the Blum Goldwasser scheme [5]) But, on the other hand, these extensions fall very short of providing an answer to the above Open Problem. 1 In our discussion, we ignore the known fact that worst case hardness of retrieving the plaintext is an inadequate (i.e. much too weak) notion of security of encryption schemes. 2 ....

M. Blum and S. Goldwasser. An Efficient Probabilistic Public-Key Encryption Scheme which hides all partial information. In Crypto84, LNCS (196) Springer-Verlag, pages 289--302.

No context found.

M. Blum and S. Goldwasser, "An efficient probabilistic public-key encryption scheme which hides all partial information," Advances in Cryptology -- Crypto 84 Proceedings, Lecture Notes in Computer Science Vol. 196, R. Blakely ed., Springer-Verlag, 1984.

No context found.

M. Blum and S. Goldwasser, An Efficient Probabilistic Public-key Encryption Scheme Which Hides All Partial Information, Advances in Cryptology - CRYPTO'84, Lecture Notes in Computer Science, vol. 196, Springer-Verlag, 1985, pp. 289--302.

No context found.

Blum, M., and Goldwasser, S.: An efficient probabilistic public-key encryption scheme 9130 Place de Montgolfier Fax: +1-514-385-5900 Montral, Qc C003428 E-m ail: info@connotech.com which hides all partial information, Advances in Cryptology: Proc. of Crypto'84, 1985, (Springer-Verlag), pp. 289-299

No context found.

M. Blum and S. Goldwasser. An Efficient Probabilistic Public-Key Encryption Scheme which Hides all Partial Information. In Crypto84, Lecture Notes in Computer Science (Vol. 196) Springer-Verlag, pages 289--302.

No context found.

Manuel Blum and Shafi Goldwasser, An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information, In Advances in Cryptology --- Crypto 1984, Lecture Notes in Computer Science, Springer-Verlag, vol. 196, pp. 289--302, 1985.

No context found.

M. Blum and S. Goldwasser. An efficient probabilistic public key encryption scheme which hides all partial information. In G. R. Blakeley and D. Chaum, editors, Advances in Cryptology --- CRYPTO'84, volume 196 of Lecture Notes in Computer Science, pages 289--299, Berlin, New York, Tokyo, 1985. Springer-Verlag.

No context found.

M. Blum and S. Goldwasser. An Efficient Probabilistic Public-Key Encryption Scheme which Hides all Partial Information. In Crypto84, Lecture Notes in Computer Science (Vol. 196) Springer-Verlag, pages 289--302.

No context found.

M. Blum and S. Goldwasser, "An efficient probabilistic public key encryption scheme which hides all partial information," in Advances in Cryptology - Proceedings of Crypto'84, Lecture Notes in Computer Science, Vol. 196 (G. R. Blakeley and D. Chaum, eds.), pp. 289--299, Springer-Verlag, 1985.

No context found.

M. Blum and S. Goldwasser. An efficient probabilistic public-key encryption scheme which hides all partial information. Proc. of Crypto '84, LNCS vol. 196, pages 289-302

No context found.

M. Blum and S. Goldwasser. An efficient probabilistic public-key encryption scheme which hides all partial 150 information. In Advances in Cryptology - Crypto '84, pages 289--299, Springer-Verlag, New York, 1985.

No context found.

M. Blum and S. Goldwasser. An efficient probabilistic public-key encryption scheme which hides all partial information. In Advances in Cryptology - Crypto '84, pages 289--299, Springer-Verlag, New York,

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC