Results 1  10
of
5,570
The inductive approach to verifying cryptographic protocols
 Journal of Computer Security
, 1998
"... Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinitestate systems. Proofs are generated using Isabelle/HOL. The human effort required to analyze a protocol can be as ..."
Abstract

Cited by 480 (29 self)
 Add to MetaCart
Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinitestate systems. Proofs are generated using Isabelle/HOL. The human effort required to analyze a protocol can
A calculus for cryptographic protocols: The spi calculus
 Information and Computation
, 1999
"... We introduce the spi calculus, an extension of the pi calculus designed for the description and analysis of cryptographic protocols. We show how to use the spi calculus, particularly for studying authentication protocols. The pi calculus (without extension) suffices for some abstract protocols; the ..."
Abstract

Cited by 898 (50 self)
 Add to MetaCart
We introduce the spi calculus, an extension of the pi calculus designed for the description and analysis of cryptographic protocols. We show how to use the spi calculus, particularly for studying authentication protocols. The pi calculus (without extension) suffices for some abstract protocols
Universally composable security: A new paradigm for cryptographic protocols
, 2013
"... We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved ..."
Abstract

Cited by 833 (37 self)
 Add to MetaCart
We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols
Security and Composition of Multiparty Cryptographic Protocols
 JOURNAL OF CRYPTOLOGY
, 1998
"... We present general definitions of security for multiparty cryptographic protocols, with focus on the task of evaluating a probabilistic function of the parties' inputs. We show that, with respect to these definitions, security is preserved under a natural composition operation. The definiti ..."
Abstract

Cited by 463 (19 self)
 Add to MetaCart
We present general definitions of security for multiparty cryptographic protocols, with focus on the task of evaluating a probabilistic function of the parties' inputs. We show that, with respect to these definitions, security is preserved under a natural composition operation
Scaling security in pairingbased protocols
"... In number theoretic cryptography there is always the problem of scalingup security to a higher level. This usually means increasing the size of the modulus, from, say 1024 bits to 2048 bits. In pairingbased cryptography however another option is available, keeping the modulus constant and increas ..."
Abstract
 Add to MetaCart
In number theoretic cryptography there is always the problem of scalingup security to a higher level. This usually means increasing the size of the modulus, from, say 1024 bits to 2048 bits. In pairingbased cryptography however another option is available, keeping the modulus constant
On the Importance of Checking Cryptographic Protocols for Faults
, 1997
"... We present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults. We show how to attack certain implementations of RSA and Rabin signatures. An implementation of RSA based on the Chinese Remainder Theorem can be broken using a single erroneous s ..."
Abstract

Cited by 405 (6 self)
 Add to MetaCart
We present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults. We show how to attack certain implementations of RSA and Rabin signatures. An implementation of RSA based on the Chinese Remainder Theorem can be broken using a single erroneous
Prudent Engineering Practice for Cryptographic Protocols
 Proc. IEEE Computer Society Symposium on Research in Security and Privacy
, 1994
"... We present principles for the design of cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have avoided a considerable number of published errors. Our principles are informal guidelines. They complem ..."
Abstract

Cited by 399 (15 self)
 Add to MetaCart
We present principles for the design of cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have avoided a considerable number of published errors. Our principles are informal guidelines
A randomized protocol for signing contracts
, 1990
"... Two parties, A and B, want to sign a contract C over a communication network. To do so, they must “simultaneously” exchange their commitments to C. Since simultaneous exchange is usually impossible in practice, protocols are needed to approximate simultaneity by exchanging partial commitments in pie ..."
Abstract

Cited by 599 (11 self)
 Add to MetaCart
commit both parties to the contract given that the other party can, is close to zero. This is true even if A and B have vastly different computing powers, and is proved under very weak cryptographic assumptions. Our protocol has the following additional properties: 4 during the procedure the parties
Random Oracles are Practical: A Paradigm for Designing Efficient Protocols
, 1995
"... We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for the ..."
Abstract

Cited by 1646 (70 self)
 Add to MetaCart
We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R
Results 1  10
of
5,570