S. Goldwasser and S. Micali. Probabilistic Encryption. J. of Computer and System Sciences, 28(2):270-- 299, 1984.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....realizes a presumably much harder access structure, whose computational complexity is equivalent to the general quadratic residuosity problem. The latter is widely conjectured to require exponential size circuits, and its intractability is implied by the so called Quadratic Residuosity Assumption [38], which is commonly relied on in cryptography. In contrast to the first construction, the second construction only meets a more liberal notion of secret sharing (with a statistical relaxation of the perfect correctness and privacy requirements, see Section 2) and its reconstruction procedure is ....

....would imply in particular that NQRP cannot be efficiently realized by linear schemes. We start by describing some known facts about the complexity of the quadratic residuosity problem. Unlike quadratic residuosity modulo a composite, whose intractability is commonly assumed in cryptography (see [38]) quadratic residuosity modulo a prime can be decided in polynomial time. All known algorithms for this problem are sequential. It is not known if efficient parallel algorithms for this problem exist; that is, the situation is similar to the exponentiationfunction and the gcd function. There are ....

[Article contains additional citation context not shown here]

S. Goldwasser and S. Micali. Probabilistic encryption. J. of Computer and System Sciences, 28(21):270--299, 1984.

....e#cient and also based on general assumptions (such as one way functions) As an example, consider public key encryption. The most e#cient construction of a public key encryption scheme based on trapdoor permutations requires log k) invocations of the permutation to encrypt an m bit message [11, 10, 24], where k is the security parameter. On the other hand, schemes based on specific assumptions can be much more e#cient; i.e. the El Gamal encryption scheme [5] whose security is based on the decisional Di#e Hellman assumption) requires only a single function application to encrypt O(k) bits. ....

....1 S (for concreteness, one can think of S as a slightly super polynomial function of n, such as log n , but our results hold for any choice of S) Given this definition, our results may be stated as follows. Encryption. A public key encryption (PKE) scheme is said to be semantically secure [11] 2 if for any two messages M 0 , M 1 the distribution over encryptions of M 0 is computationally indistinguishable from the distribution over encryptions of M 1 , even when given the public key as input. A similar definition (but with no public key) holds for the case of private key ....

[Article contains additional citation context not shown here]

S. Goldwasser and S. Micali. Probabilistic Encryption. J. Computer and System Sciences 28(2): 270--299 (1984).

....standard cryptographic assumptions, this framework may also shed new light on basic questions in cryptography. In particular, the characterization of secure encryption function, for use in protocols, does not appear to have been completely settled. While the definition of semantic security in [18] appears to have been accepted, there are stronger notions such as non malleability [11] that are more appropriate to protocol analysis. In a sense, the di#erence is that semantic security is natural for the single transmission of an encrypted message, while non malleability accounts for ....

S. Goldwasser and S. Micali. Probabilistic encryption. J. Computer and System Sciences, 28:281--308, 1984.

....standard cryptographic assumptions, this framework may also shed new light on basic questions in cryptography. In particular, the characterization of secure encryption function, for use in protocols, does not appear to have been completely settled. While the definition of semantic security in [GM84] appears to have been accepted, there are stronger notions such as non malleability [DDN91] that are more appropriate to protocol analysis. In a sense, the di#erence is that semantic security is natural for the single transmission of an encrypted message, while non malleability accounts for ....

S. Goldwasser and S. Micali. Probabilistic encryption. J. Computer and System Sciences, 28:281--308, 1984.

....a negligible probability of success, i.e. for each d 0 except for finitely many n s jP r[A(G(x) 1] Gamma P r[A(y) 1]j n where x 2 f0; 1g and y 2 f0; 1g are uniformly chosen. Pseudo random generators have many applications in cryptography. These include: private key encryption [22, 20, 35], bit commitment [38] the strong committer variant, which allows zero knowledge proofs [21] and succinct secret sharing [31] Cryptographically strong pseudo random generators were defined by Blum and Micali [5] who constructed a pseudo random generator based on discrete log. Blum, Blum and ....

S. Goldwasser and S. Micali, Probabilistic Encryption, J. of Computer and Systems Sciences, vol 28, 1984, pp 270-299.

....on standard cryptographic assumptions, this framework may also shed new light on basic questions in cryptography. In particular, the characterization of secure encryption function, for use in protocols, does not appear to have been completely settled. While the de nition of semantic security in [GM84] appears to have been accepted, there are stronger notions such as non malleability [DDN91] that are more appropriate to protocol analysis. In a sense, the di erence is that semantic security is natural for the single transmission of an encrypted message, while non malleability accounts for ....

S. Goldwasser and S. Micali. Probabilistic encryption. J. Computer and System Sciences, 28:281-308, 1984.

....The Merkle Hellman scheme [21] and the Rivest Shamir Adelman scheme [26] Some more PKC have been proposed since that time. Most of these implementationsy can be put into two categories: a) PKC based on hard number theoretic problems (e.g. RSA [26] Rabin [24] Williams [31] Goldwasser Micali [13]) b) PKC related to the knapsack problem (e.g. Merkle Hellman [21] Shamir [30] While no ecient attacks against number theoretic PKC are known, several knapsack type PKC have been shown to be insecure. Most of those systems have a concealed superincreasing sequence. Shamir made the rst ....

Goldwasser, S. and S. Micali, \Probabilistic Encryption", Jour. of Computer and System Science, Vol. 28, No. 2, 1984, pp. 270-299.

....realizes a presumably much harder access structure, whose computational complexity is equivalent to the general quadratic residuosity problem. The latter is widely conjectured to require exponentialsize circuits, and its intractability is implied by the so called Quadratic Residuosity Assumption [37], which is commonly relied on in cryptography. In contrast to the first construction, the second construction only meets a more liberal notion of secret sharing (with a statistical relaxation of the perfect correctness and privacy requirements, see Section 2) and its reconstruction procedure is ....

....would imply in particular that NQRP cannot be efficiently realized by linear schemes. We start by describing some known facts about the complexity of the quadratic residuosity problem. Unlike quadratic residuosity modulo a composite, whose intractability is commonly assumed in cryptography (see [37]) quadratic residuosity modulo a prime can be decided in polynomial time. All known algorithms for this problem are sequential. It is not known if efficient parallel algorithms for this problem exist; that is, the situation is similar to the exponentiation function and the gcd function. There are ....

[Article contains additional citation context not shown here]

S. Goldwasser and S. Micali. Probabilistic encryption. J. of Computer and System Sciences, 28(21):270--299, 1984.

....decryption. Sections 4 and 5 review the NTRU cryptosystem and its suggested padding schemes. Section 6 presents the new attacks and some implementation results. 2 Encryption Schemes and Security 2. 1 Public Key Encryption Schemes The standard de nition of a public key encryption scheme (PKE) [1, 3, 8] is a triple of algorithms, K; E ; D) where K, the key generation algorithm, is a probabilistic algorithm which takes as input a security parameter k 2 N and returns a pair (pk; sk) of matching public and secret keys. E , the encryption algorithm, is a probabilistic algorithm that ....

Goldwasser, S., and Micali, S. Probablilistic Encryption. J. of Computer and System Sciences, 28 (1984), 270-299.

....parameter 1 , written in unary, and produces a pair (pk; sk) of matching public and secret keys for the user. Another user, given pk, can encrypt a message M via M = E pk (M ) and the user can decrypt this via M = D sk (M ) Security is in the usual sense of probabilistic encryption [GM]. The VTDKE system has several parameters. There is the number t n of trustees that are not trusted. There are two security parameters, k 1 and k 2 . The first governs the size of keys (pk; sk) and hence the security of the underlying cryptosystem. The second governs the time for delayed ....

....The most straightforward definition of breaking a capsule C would be obtaining the information s. But an effective capsule ought to meet a stronger requirement. Namely, partial information about s should also be hidden, just like in an encryption scheme. Our approach to formalizing this follows [GM]. A capsule cracker is an algorithm A that takes 1 ; C and a pair m 0 ; m 1 of plaintexts, and outputs a bit. Let P i ; m 0 ; m 1 ) be the probability that A(1 ; C; m 0 ; m 1 ) 1 when C = Encap(1 ; K;m i ) for a randomly chosen, Kl(k) bit key K (i = 0; 1) The advantage of A, ....

S. Goldwasser and S. Micali. Probabilistic encryption. J. of Computer and System Sciences 28, 270--299, April 1984. 17

No context found.

S. Goldwasser and S. Micali. Probabilistic Encryption. J. of Computer and System Sciences, 28(2):270-- 299, 1984.

No context found.

S. Goldwasser and S. Micali. Probabilistic encryption. J. Computer and System Sciences, 28:270--299, 1984.

No context found.

S. Goldwasser and S. Micali, Probabilistic encryption, J. Computer and System Science, 28 (1984), pp. 270-299.

No context found.

S. Goldwasser, S. Micali, Probabilistic Encryption, J. of Computer and System Sciences 28 (1984), 270--299 105

No context found.

S. Goldwasser and S. Micali, Probabilistic Encryption, J. of Computer and System Sciences 28 (1984) 270--299 17, 38, 45

No context found.

S. Goldwasser and S. Micali, Probabilistic encryption, J. Computer and System Science, 28 (1984), pp. 270-299. 34

No context found.

S. Goldwasser and S. Micali. Probabilistic Encryption. J. Computer and System Sciences, 28(2): 270--299, 1984.

No context found.

S. Goldwasser, S. Micali, Probabilistic Encryption, J. of Computer and System Sciences 28 (1984) 270--299

No context found.

S. Goldwasser and S. Micali. Probabilistic Encryption. J. Computer and System Sciences, 28(2): 270--299, 1984.

No context found.

S. Goldwasser and S. Micali. Probabilistic Encryption. J. of Computer and System Sciences, 28(2):270--299, 1984.

No context found.

S. Goldwasser and S. Micali. Probabilistic encryption. J. of Computer and System Sciences, 28:270--299, April 1984.

No context found.

S. Goldwasser and S. Micali. Probabilistic encryption. J. of Computer and System Sciences, 28:270--299, 1984.

No context found.

S. Goldwasser and S. Micali. Probabilistic encryption. J. of Computer and System Sciences, 28:270--299, April 1984.

No context found.

S. Goldwasser and S. Micali. Probabilistic encryption. J. Computer and System Sciences 28:270--299, 1984.

No context found.

S. Goldwasser and S. Micali. Probabilistic encryption. J. of Computer and System Sciences, 28:270--299, 1984.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC