Results 11  20
of
17,521
FFTHashII is not yet Collisionfree
, 1992
"... . In this paper, we show that the FFTHash function proposed by Schnorr [2] is not collision free. Finding a collision requires about 2 24 computation of the basic function of FFT. This can be done in few hours on a SUN4workstation. In fact, it is at most as strong as a oneway hash function whic ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
. In this paper, we show that the FFTHash function proposed by Schnorr [2] is not collision free. Finding a collision requires about 2 24 computation of the basic function of FFT. This can be done in few hours on a SUN4workstation. In fact, it is at most as strong as a oneway hash function
A Framework for the Design of OneWay Hash Functions Including Cryptanalysis of Damg˚ard’s OneWay Function Based on a Cellular Automaton
 Advances in cryptology  ASIACRYPT '91, Lecture Notes in Computer Science
, 1993
"... At Crypto ’89 Ivan Damg˚ard [1] presented a method that allows one to construct a computationally collision free hash function that has provably the same level of security as the computationally collision free function with input of constant length that it is based upon. He also gave three examples ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
At Crypto ’89 Ivan Damg˚ard [1] presented a method that allows one to construct a computationally collision free hash function that has provably the same level of security as the computationally collision free function with input of constant length that it is based upon. He also gave three examples
CollisionFree Accumulators and FailStop Signature Schemes Without Trees
, 1997
"... . Oneway accumulators, introduced by Benaloh and de Mare, can be used to accumulate a large number of values into a single one, which can then be used to authenticate every input value without the need to transmit the others. However, the oneway property does is not sufficient for all applications ..."
Abstract

Cited by 185 (0 self)
 Add to MetaCart
applications. In this paper, we generalize the definition of accumulators and define and construct a collisionfree subtype. As an application, we construct a failstop signature scheme in which many onetime public keys are accumulated into one short public key. In contrast to previous constructions with tree
Efficient implementation of a BDD package
 In Proceedings of the 27th ACM/IEEE conference on Design autamation
, 1991
"... Efficient manipulation of Boolean functions is an important component of many computeraided design tasks. This paper describes a package for manipulating Boolean functions based on the reduced, ordered, binary decision diagram (ROBDD) representation. The package is based on an efficient implementat ..."
Abstract

Cited by 500 (9 self)
 Add to MetaCart
implementation of the ifthenelse (ITE) operator. A hash table is used to maintain a strong carwnical form in the ROBDD, and memory use is improved by merging the hash table and the ROBDD into a hybrid data structure. A memory funcfion for the recursive ITE algorithm is implemented using a hashbased cache
SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks
, 2003
"... An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vec ..."
Abstract

Cited by 522 (8 self)
 Add to MetaCart
. In order to support use with nodes of limited CPU processing capability, and to guard against DenialofService attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient oneway hash functions and do not use asymmetric cryptographic
On building hash functions from multivariate quadratic equations
 of Lecture Notes in Computer Science
, 2007
"... Abstract. Recent advances in hash functions cryptanalysis provide a strong impetus to explore new designs. This paper describes a new hash function mqhash that depends for its security on the difficulty of solving randomly drawn systems of multivariate equations over a finite field. While provably ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
achieving preimage resistance for a hash function based on multivariate equations is relatively easy, naïve constructions using multivariate equations are susceptible to collision attacks. In this paper, therefore, we describe a mechanism—also using multivariate quadratic polynomials—yielding the collisionfree
Universal OneWay Hash Functions and their Cryptographic Applications
, 1989
"... We define a Universal OneWay Hash Function family, a new primitive which enables the compression of elements in the function domain. The main property of this primitive is that given an element x in the domain, it is computationally hard to find a different domain element which collides with x. We ..."
Abstract

Cited by 357 (15 self)
 Add to MetaCart
We define a Universal OneWay Hash Function family, a new primitive which enables the compression of elements in the function domain. The main property of this primitive is that given an element x in the domain, it is computationally hard to find a different domain element which collides with x. We
Freenet: A Distributed Anonymous Information Storage and Retrieval System
 INTERNATIONAL WORKSHOP ON DESIGNING PRIVACY ENHANCING TECHNOLOGIES: DESIGN ISSUES IN ANONYMITY AND UNOBSERVABILITY
, 2001
"... We describe Freenet, an adaptive peertopeer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers. Freenet operates as a network of identical nodes that collectively pool their storage space to store data ..."
Abstract

Cited by 1062 (12 self)
 Add to MetaCart
We describe Freenet, an adaptive peertopeer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers. Freenet operates as a network of identical nodes that collectively pool their storage space to store data files and cooperate to route requests to the most likely physical location of data. No broadcast search or centralized location index is employed. Files are referred to in a locationindependent manner, and are dynamically replicated in locations near requestors and deleted from locations where there is no interest. It is infeasible to discover the true origin or destination of a file passing through the network, and difficult for a node operator to determine or be held responsible for the actual physical contents of her own node.
Practical network support for IP traceback
, 2000
"... This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of denialofservice attacks and by the difficulty in tracing packets with incorrect, or “spoofed”, source ad ..."
Abstract

Cited by 666 (14 self)
 Add to MetaCart
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of denialofservice attacks and by the difficulty in tracing packets with incorrect, or “spoofed”, source addresses. In this paper we describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed “postmortem ” – after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backwards compatible and can be efficiently implemented using conventional technology. 1.
Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Technical Report 2003/235, Cryptology ePrint archive, http://eprint.iacr.org, 2006. Previous version appeared at EUROCRYPT 2004
 34 [DRS07] [DS05] [EHMS00] [FJ01] Yevgeniy Dodis, Leonid Reyzin, and Adam
, 2004
"... We provide formal definitions and efficient secure techniques for • turning noisy information into keys usable for any cryptographic application, and, in particular, • reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying mater ..."
Abstract

Cited by 532 (38 self)
 Add to MetaCart
We provide formal definitions and efficient secure techniques for • turning noisy information into keys usable for any cryptographic application, and, in particular, • reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible precisely and (2) not distributed uniformly. We propose two primitives: a fuzzy extractor reliably extracts nearly uniform randomness R from its input; the extraction is errortolerant in the sense that R will be the same even if the input changes, as long as it remains reasonably close to the original. Thus, R can be used as a key in a cryptographic application. A secure sketch produces public information about its input w that does not reveal w, and yet allows exact recovery of w given another value that is close to w. Thus, it can be used to reliably reproduce errorprone biometric inputs without incurring the security risk inherent in storing them. We define the primitives to be both formally secure and versatile, generalizing much prior work. In addition, we provide nearly optimal constructions of both primitives for various measures of “closeness” of input data, such as Hamming distance, edit distance, and set difference.
Results 11  20
of
17,521