M. Naor and A. Shamir. Visual Cryptography, Advances in cryptology - Eurocrypt - 1994.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....By using two projectors, there is no need for any computational device or a complex approach to decrypt the message. Decryption is done by the human visual system and the laws of Physics. INTRODUCTION The concept of visual cryptography was rst proposed in the open literature by Naor and Shamir [2] in 1994. In this novel idea, an image consisting of text, drawings etc. is encrypted into two images. These images reveal nothing about the original image (plaintext) These images are given to two di erent parties as shares. Decryption is not possible without having both of them together. These ....

....Therefore according to the algorithm, c = g k and g = c k. This scheme is perfectly secure because the message g is independent of the ciphertext c. Formally: proablity(message = gjc = k g) proablity(message = g) 2. 2 Technical Survey of Naor and Shamir s paper In their original paper [2] in 1994, the idea of visual cryptography was applied to transparencies for secret sharing. We present here a brief outline of this novel idea. The simplest of the implementations assumed that the message (original image) consisted of a collection of black and white pixels. The original image was ....

[Article contains additional citation context not shown here]

M. Naor and A. Shamir. Visual Cryptography, Advances in cryptology - Eurocrypt - 1994.

....allows them to compute a signature. A scheme is said to be robust if it can detect corrupted participants, and they can not avoid honest players to generate a valid signature. The result of the process of a threshold signature scheme is a standard signature. Metering schemes were introduced in [15] in order to measure the number of interactions between servers and clients (for example, the access of a client to a web server) Each client that visits a server must send to him some 1 secret information. When a server has been visited by a certain number (the threshold) of clients in a period ....

....has received. This proof is sent to a trusted third party, who will take it into account in order to decide on advertisement fees for web servers, for example. Some proposals of metering schemes have been done in both the information theoretic scenario ( 14, 3] and the computationally secure one ([15, 18]) In this work, we show how any threshold signature scheme which is secure and non interactive can be used to construct a computationally secure metering scheme. In this new scheme, anyone (for instance, the person who must pay web advertisment fees) can publicly verify the proofs computed by ....

[Article contains additional citation context not shown here]

M. Naor and B. Pinkas. Secure and Ecient Metering. Advances in Cryptology-Eurocrypt'98, LNCS 1403, pp. 576-590 (1998).

....n bit message e and K, thus S = e K; Bob can decode this by computing e = S K. The resulting stegotext S is uniformly distributed in the set of n bit strings and therefore D(PC kP S ) 0. Incidentally, the one time pad stegosystem is equivalent to the basic scheme of visual cryptography [17]. This technique hides a monochrome picture by splitting it into two random layers of dots. When these are superimposed, the picture appears. Using a slight modi cation of the basic scheme, it is also possible to produce two innocent looking pictures such that both of them together reveal an ....

M. Naor and A. Shamir, \Visual cryptography," in Advances in Cryptology: EUROCRYPT '94 (A. De Santis, ed.), vol. 950 of Lecture Notes in Computer Science, pp. 1-12, Springer, 1995.

....uniformly distributed in the set of n bit strings and therefore D(PC kP S ) 0. Thus, the one time pad provides perfect steganographic security if the covertext is uniformly random. As a side remark, we note that this one time pad system is equivalent to the basic scheme of visual cryptography [NS95] This technique hides a monochrome picture by splitting it into two random layers of dots. When these are superimposed, the picture appears. It is also possible to produce two innocent looking pictures such that both of them together reveal an embedded message. For general covertext ....

Moni Naor and Adi Shamir, Visual cryptography, Advances in Cryptology: EUROCRYPT '94 (Alfredo De Santis, ed.), Lecture Notes in Computer Science, vol. 950, Springer, 1995, pp. 1--12.

.... Another very attractive scheme one may desire is a function sharing scheme for pseudo random functions (in an analogous meaning to functionsharing schemes for trapdoor one way permutations as de ned in [25] Two examples for applications of such schemes are ecient metering of web usage [53] and the distribution of KDCs (key distribution centers) 55] In this section, we design several protocols for operations on the pseudo random functions. Though there is much room for improving these designs, they are still a signi cant 27 improvement over the protocols that are available for ....

....j . 2 Eciency: The work in the protocol consists of O(n) exponentiations as in Protocol 6.1 plus O(m) exponentiations for proving that a triple is not a Die Hellman one. 6. 2 Function Sharing For many applications, such as the undeniable signature scheme above and the applications described in [53, 55]) one would like a simple function sharing scheme for pseudorandom functions. In recent years there has been considerable work on threshold public key cryptography and in particular on function sharing schemes for trapdoor permutations (see [25, 26, 27] for some of the early works on this ....

M. Naor and B. Pinkas, Secure and ecient metering, Advances in Cryptology - EUROCRYPT '98, LNCS vol. 1462, Springer, 1998.

.... in particular the distribution of the evaluation of pseudo random functions, was neglected (an exception is the work of [31] Threshold evaluation of randomlike functions is required for seemingly unrelated applications, for example for secure and efficient metering of web usage [32], for threshold evaluation of the Cramer Shoup cryptosystem [13] and for the applications we discuss in this paper (in particular, distributed KDCs and long term repository for encrypted data) These applications require that the protocol for the collective function evaluation does not invovle ....

.... trusted never to reveal their secret keys, but some of them might not have received updates regarding the permissions of users (which is a weaker assumption than regarded in this paper) Our first two constructions are similar in nature to the constructions of Naor and Pinkas for metering schemes [32]. The problem they considered was to enable a server to prove that it served a certain number of clients (a representing application might be to meter the popularity of web sites in order to decide on advertisement fees) In general, not every solution for the metering problem is relevant to the ....

Naor M. and Pinkas B., Secure and efficient metering, Advances in Cryptology -- Eurocrypt '98, LNCS 1403, Springer-Verlag, 1998, pp. 576--590.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC