Results 1  10
of
3,631
A secure deniable authentication protocol based on Bilinear Diffie Hellman algorithm, Cryptology eprint Archive
, 2010
"... Abstract. This paper describes a new deniable authentication protocol whose security is based DiffeHellman (CDH) Problem of type Decisional DiffieHellman(DDH) and the Hash DiffieHellman (HDDH) problem.This protocol can be implemented in low power and small processor mobile devices such as smart c ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. This paper describes a new deniable authentication protocol whose security is based DiffeHellman (CDH) Problem of type Decisional DiffieHellman(DDH) and the Hash DiffieHellman (HDDH) problem.This protocol can be implemented in low power and small processor mobile devices such as smart card, PDA etc which work in low power and small processor. A deniable authentication protocol enables a receiver to identify the true source of a given message, but not to prove the identity of the sender to a third party. This property is very useful for providing secure negotiation over the internet. Our proposed protocol will be achieving the most three security requirement like deniable authentication, Confidentialities and also it is resistant against Manin middle Attack.
Collisions and other NonRandom Properties for StepReduced SHA256. Cryptology eprint Archive, April 2008. Available at http://eprint.iacr
"... Abstract. We study the security of stepreduced but otherwise unmodified SHA256. We show the first collision attacks on SHA256 reduced to 23 and 24 steps with complexities 2 18 and 2 28.5, respectively. We give example colliding message pairs for 23step and 24step SHA256. The best previous, rec ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
Abstract. We study the security of stepreduced but otherwise unmodified SHA256. We show the first collision attacks on SHA256 reduced to 23 and 24 steps with complexities 2 18 and 2 28.5, respectively. We give example colliding message pairs for 23step and 24step SHA256. The best previous, recently obtained result was a collision attack for up to 22 steps. We extend our attacks to 23 and 24step reduced SHA512 with respective complexities of 2 44.9 and 2 53.0. Additionally, we show nonrandom behaviour of the SHA256 compression function in the form of freestart nearcollisions for up to 31 steps, which is 6 more steps than the recently obtained nonrandom behaviour in the form of a freestart nearcollision. Even though this represents a step forwards in terms of cryptanalytic techniques, the results do not threaten the security of applications using SHA256. Keywords: SHA256, SHA512, hash functions, collisions, semifreestart collisions, freestart collisions, freestart nearcollisions.
Security of Verifiably Encrypted Signatures and a Construction Without Random Oracles (Extended Version). Number 2009/027 in Cryptology eprint archive. eprint.iacr.org
, 2009
"... rueckert @ cdc.informatik.tudarmstadt.de schroeder @ me.com Abstract. In a verifiably encrypted signature scheme, signers encrypt their signature under the public key of a trusted third party and prove that they did so correctly. The security properties, due to Boneh et al. (Eurocrypt 2003), are un ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
rueckert @ cdc.informatik.tudarmstadt.de schroeder @ me.com Abstract. In a verifiably encrypted signature scheme, signers encrypt their signature under the public key of a trusted third party and prove that they did so correctly. The security properties, due to Boneh et al. (Eurocrypt 2003), are unforgeability and opacity. This paper proposes two novel fundamental requirements for verifiably encrypted signatures, called extractability and abusefreeness, and analyzes its effects on the established security model. Extractability ensures that the trusted third party is always able to extract a valid signature from a valid verifiably encrypted signature and abusefreeness guarantees that a malicious signer, who cooperates with the trusted party, is not able to forge a verifiably encrypted signature. We further show that both properties are not covered by the model of Boneh et al. The second main contribution of this paper is a verifiably encrypted signature scheme, provably secure without random oracles, that is more efficient and greatly improves the public key size of the only other construction in the standard model by Lu et al. (Eurocrypt 2006). Moreover, we present strengthened definitions for unforgeability and opacity in the spirit of strong unforgeability of digital signature schemes. 1
Assessing security of some group based cryptosystems, Contemporary Mathematics, to appear. (Cryptology Eprint Archive: Report 2003/123) David Garber, Einstein institute of Mathematics, The Hebrew University, GivatRam 91904
 Kaplan, Mina Teicher, and Uzi Vishne, Department of Mathematics and Statistics, BarIlan University, RamatGan 52900, Israel
"... Abstract. One of the possible generalizations of the discrete logarithm problem to arbitrary groups is the socalled conjugacy search problem (sometimes erroneously called just the conjugacy problem) : given two elements a, b of a group G and the information that a x = b for some x ∈ G, find at leas ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
Abstract. One of the possible generalizations of the discrete logarithm problem to arbitrary groups is the socalled conjugacy search problem (sometimes erroneously called just the conjugacy problem) : given two elements a, b of a group G and the information that a x = b for some x ∈ G, find at least one particular element x like that. Here a x stands for xax −1. The computational difficulty of this problem in some particular groups has been used in several group based cryptosystems. Recently, a few preprints have been in circulation that suggested various “neighbourhood search ” type heuristic attacks on the conjugacy search problem. The goal of the present survey is to stress a (probably well known) fact that these heuristic attacks alone are not a threat to the security of a cryptosystem, and, more importantly, to suggest a more credible approach to assessing security of group based cryptosystems. Such an approach should be necessarily based on the concept of the average case complexity (or expected running time) of an algorithm. These arguments support the following conclusion: although it is generally feasible to base the security of a cryptosystem on the difficulty of the conjugacy search problem, the group G itself (the “platform”) has to be chosen very carefully. In particular, experimental as well as theoretical evidence collected so far makes it appear likely that braid groups are not a good choice for the platform. We also reflect on possible replacements. 1
New logic minimization techniques with applications to cryptology. Cryptology ePrint Archive, Report 2009/191
, 2009
"... to cryptology. ..."
Cryptology ePrint Archive
"... ABSTRACT Censorshipcircumvention tools are in an arms race against censors. The censors study all traffic passing into and out of their controlled sphere, and try to disable censorshipcircumvention tools without completely shutting down the Internet. Tools aim to shape their traffic patterns to ma ..."
Abstract
 Add to MetaCart
ABSTRACT Censorshipcircumvention tools are in an arms race against censors. The censors study all traffic passing into and out of their controlled sphere, and try to disable censorshipcircumvention tools without completely shutting down the Internet. Tools aim to shape their traffic patterns to match unblocked programs, so that simple traffic profiling cannot identify the tools within a reasonable number of traces; the censors respond by deploying firewalls with increasingly sophisticated deeppacket inspection. Cryptography hides patterns in user data but does not evade censorship if the censor can recognize patterns in the cryptography itself. In particular, ellipticcurve cryptography often transmits points on known elliptic curves, and those points are easily distinguishable from uniform random strings of bits. This paper introduces highsecurity highspeed ellipticcurve systems in which ellipticcurve points are encoded so as to be indistinguishable from uniform random strings. At a lower level, this paper introduces a new bijection between strings and about half of all curve points; this bijection is applicable to every oddcharacteristic elliptic curve with a point of order 2, except for curves of jinvariant 1728. This paper also presents guidelines to construct, and two examples of, secure curves suitable for these encodings.
Provably secure ciphertext policy ABE. Cryptology ePrint Archive Report 2007/183
, 2007
"... In ciphertext policy attributebased encryption (CPABE), every secret key is associated with a set of attributes, and every ciphertext is associated with an access structure on attributes. Decryption is enabled if and only if the user’s attribute set satisfies the ciphertext access structure. This ..."
Abstract

Cited by 99 (1 self)
 Add to MetaCart
In ciphertext policy attributebased encryption (CPABE), every secret key is associated with a set of attributes, and every ciphertext is associated with an access structure on attributes. Decryption is enabled if and only if the user’s attribute set satisfies the ciphertext access structure. This provides finegrained access control on shared data in many practical settings, e.g., secure database and IP multicast. In this paper, we study CPABE schemes in which access structures are AND gates on positive and negative attributes. Our basic scheme is proven to be chosen plaintext (CPA) secure under the decisional bilinear DiffieHellman (DBDH) assumption. We then apply the CanettiHaleviKatz technique to obtain a chosen ciphertext (CCA) secure extension using onetime signatures. The security proof is a reduction to the DBDH assumption and the strong existential unforgeability of the signature primitive. In addition, we introduce hierarchical attributes to optimize our basic scheme—reducing both ciphertext size and encryption/decryption time while maintaining CPA security. We conclude with a discussion of practical applications of
Sharemind: a framework for fast privacypreserving computations. Cryptology ePrint Archive, Report 2008/289
, 2008
"... Abstract. Gathering and processing sensitive data is a difficult task. In fact, there is no common recipe for building the necessary information systems. In this paper, we present a provably secure and efficient generalpurpose computation system to address this problem. Our solution—SHAREMIND—is a ..."
Abstract

Cited by 95 (16 self)
 Add to MetaCart
Abstract. Gathering and processing sensitive data is a difficult task. In fact, there is no common recipe for building the necessary information systems. In this paper, we present a provably secure and efficient generalpurpose computation system to address this problem. Our solution—SHAREMIND—is a virtual machine for privacypreserving data processing that relies on share computing techniques. This is a standard way for securely evaluating functions in a multiparty computation environment. The novelty of our solution is in the choice of the secret sharing scheme and the design of the protocol suite. We have made many practical decisions to make largescale share computing feasible in practice. The protocols of SHAREMIND are informationtheoretically secure in the honestbutcurious model with three computing participants. Although the honestbutcurious model does not tolerate malicious participants, it still provides significantly increased privacy preservation when compared to standard centralised databases. 1
Efficient Mutual Data Authentication Using Manually Authenticated Strings. Cryptology ePrint Archive, Report 2005/424
, 2005
"... Abstract. Solutions for an easy and secure setup of a wireless connection between two devices are urgently needed for WLAN, Wireless USB, Bluetooth and similar standards for short range wireless communication. All such key exchange protocols employ data authentication as an unavoidable subtask. As a ..."
Abstract

Cited by 84 (7 self)
 Add to MetaCart
Abstract. Solutions for an easy and secure setup of a wireless connection between two devices are urgently needed for WLAN, Wireless USB, Bluetooth and similar standards for short range wireless communication. All such key exchange protocols employ data authentication as an unavoidable subtask. As a solution, we propose an asymptotically optimal protocol family for data authentication that uses short manually authenticated outofband messages. Compared to previous articles by Vaudenay and Pasini the results of this paper are more general and based on weaker security assumptions. In addition to providing security proofs for our protocols, we focus also on implementation details and propose practically secure and efficient subprimitives for applications. 1
Multiparty computation from somewhat homomorphic encryption. Cryptology ePrint Archive, Report 2011/535, 2011. http: //eprint.iacr.org
"... Abstract. We propose a general multiparty computation protocol secure against an active adversary corrupting up to n−1 of the n players. The protocol may be used to compute securely arithmetic circuits over any finite field F p k. Our protocol consists of a preprocessing phase that is both independe ..."
Abstract

Cited by 85 (5 self)
 Add to MetaCart
Abstract. We propose a general multiparty computation protocol secure against an active adversary corrupting up to n−1 of the n players. The protocol may be used to compute securely arithmetic circuits over any finite field F p k. Our protocol consists of a preprocessing phase that is both independent of the function to be computed and of the inputs, and a much more efficient online phase where the actual computation takes place. The online phase is unconditionally secure and has total computational (and communication) complexity linear in n, the number of players, where earlier work was quadratic in n. Moreover, the work done by each player is only a small constant factor larger than what one would need to compute the circuit in the clear. We show this is optimal for computation in large fields. In practice, for 3 players, a secure 64bit multiplication can be done in 0.05 ms. Our preprocessing is based on a somewhat homomorphic cryptosystem. We extend a scheme by Brakerski et al., so that we can perform distributed decryption and handle many values in parallel in one ciphertext. The computational complexity of our preprocessing phase is dominated by the publickey operations, we need O(n 2 /s) operations per secure multiplication where s is a parameter that increases with the security parameter of the cryptosystem. Earlier work in this model needed Ω(n 2) operations. In practice, the preprocessing prepares a secure 64bit multiplication for 3 players in about 13 ms. 1
Results 1  10
of
3,631