Results 1  10
of
796,549
Trapdoors for Hard Lattices and New Cryptographic Constructions
, 2007
"... We show how to construct a variety of “trapdoor ” cryptographic tools assuming the worstcase hardness of standard lattice problems (such as approximating the shortest nonzero vector to within small factors). The applications include trapdoor functions with preimage sampling, simple and efficient “ha ..."
Abstract

Cited by 186 (25 self)
 Add to MetaCart
“hashandsign ” digital signature schemes, universally composable oblivious transfer, and identitybased encryption. A core technical component of our constructions is an efficient algorithm that, given a basis of an arbitrary lattice, samples lattice points from a Gaussianlike probability
Electronic Colloquium on Computational Complexity, Report No. 133 (2007) Trapdoors for Hard Lattices and New Cryptographic Constructions
, 2007
"... We show how to construct a variety of “trapdoor ” cryptographic tools assuming the worstcase hardness of standard lattice problems (such as approximating the shortest nonzero vector to within small factors). The applications include trapdoor functions with preimage sampling, simple and efficient “ha ..."
Abstract
 Add to MetaCart
“hashandsign ” digital signature schemes, universally composable oblivious transfer, and identitybased encryption. A core technical component of our constructions is an efficient algorithm that, given a basis of an arbitrary lattice, samples lattice points from a Gaussianlike probability
How to Use a Short Basis: Trapdoors for Hard Lattices and New Cryptographic Constructions
, 2008
"... We show how to construct a variety of “trapdoor ” cryptographic tools assuming the worstcase hardness of standard lattice problems (such as approximating the length of the shortest nonzero vector to within certain polynomial factors). Our contributions include a new notion of preimage sampleable fu ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
functions, simple and efficient “hashandsign ” digital signature schemes, and identitybased encryption. A core technical component of our constructions is an efficient algorithm that, given a basis of an arbitrary lattice, samples lattice points from a discrete Gaussian probability distribution whose
Abstract
, 2008
"... We show how to construct a variety of “trapdoor ” cryptographic tools assuming the worstcase hardness of standard lattice problems (such as approximating the length of the shortest nonzero vector to within certain polynomial factors). Our contributions include a new notion of trapdoor function with ..."
Abstract
 Add to MetaCart
with preimage sampling, simple and efficient “hashandsign ” digital signature schemes, and identitybased encryption. A core technical component of our constructions is an efficient algorithm that, given a basis of an arbitrary lattice, samples lattice points from a discrete Gaussian probability distribution
Realizing hashandsign signatures under standard assumptions
 In Advances in Cryptology – EUROCRYPT ’09, volume 5479 of LNCS
, 2009
"... Currently, there are relatively few instances of “hashandsign ” signatures in the standard model. Moreover, most current instances rely on strong and less studied assumptions such as the Strong RSA and qStrong DiffieHellman assumptions. In this paper, we present a new approach for realizing hash ..."
Abstract

Cited by 24 (6 self)
 Add to MetaCart
hashandsign signatures in the standard model. In our approach, a signer associates each signature with an index i that represents how many signatures that signer has issued up to that point. Then, to make use of this association, we create simple and efficient techniques that restrict an adversary
Secure hashandsign signatures without the random oracle
, 1999
"... We present a new signature scheme which is existentially unforgeable under chosen message attacks, assuming some variant of the RSA conjecture. This scheme is not based on "signature trees", and instead it uses the so called "hashandsign" paradigm. It is unique in that the assu ..."
Abstract

Cited by 147 (10 self)
 Add to MetaCart
We present a new signature scheme which is existentially unforgeable under chosen message attacks, assuming some variant of the RSA conjecture. This scheme is not based on "signature trees", and instead it uses the so called "hashandsign" paradigm. It is unique
Twin Signatures: An Alternative to the HashandSign Paradigm
, 2001
"... This paper introduces a simple alternative to the hashandsign paradigm called twinning. A twin signature is obtained by signing twice the same short message by a probabilistic signature scheme. Analysis of the concept in di#erent settings yields the following results:  We prove that no generi ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
This paper introduces a simple alternative to the hashandsign paradigm called twinning. A twin signature is obtained by signing twice the same short message by a probabilistic signature scheme. Analysis of the concept in di#erent settings yields the following results:  We prove
A Digital Signature Scheme Secure Against Adaptive ChosenMessage Attacks
, 1995
"... We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosenmessage attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a ..."
Abstract

Cited by 985 (43 self)
 Add to MetaCart
We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosenmessage attack: an adversary who receives signatures for messages of his choice (where each message may be chosen
CollisionResistant No More: HashandSign Paradigm Revisited
 In 9th International Workshop on Practice and Theory in Public Key Cryptography, PKC 2006
"... Abstract. A signature scheme constructed according to the hashandsign paradigm—hash the message and then sign the hash, symbolically σ(H(M))—is no more secure than the hash function H against a collisionfinding attack. Recent attacks on standard hash functions call the paradigm into question. It is ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract. A signature scheme constructed according to the hashandsign paradigm—hash the message and then sign the hash, symbolically σ(H(M))—is no more secure than the hash function H against a collisionfinding attack. Recent attacks on standard hash functions call the paradigm into question
Hashandsign with Weak Hashing Made Secure
"... Abstract. Digital signatures are often proven to be secure in the random oracle model while hash functions deviate more and more from this idealization. Liskov proposed to model a weak hash function by a random oracle together with another oracle allowing to break some properties of the hash functio ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
in signature length in the TCR construction, Mironov suggested to recycle some signing coins in the message preprocessing. In this paper, we develop and apply all those techniques. In particular, we obtain a generic preprocessing which allows to build strongly secure signature schemes when hashing is weak
Results 1  10
of
796,549