Results 1  10
of
1,735
Reusable garbled circuits and succinct functional encryption
, 2013
"... Garbled circuits, introduced by Yao in the mid 80s, allow computing a function f on an input x without leaking anything about f or x besides f(x). Garbled circuits found numerous applications, but every known construction suffers from one limitation: it offers no security if used on multiple inputs ..."
Abstract

Cited by 42 (3 self)
 Add to MetaCart
x. In this paper, we construct for the first time reusable garbled circuits. The key building block is a new succinct singlekey functional encryption scheme. Functional encryption is an ambitious primitive: given an encryption Enc(x) of a value x, and a secret key skf for a function f, anyone can
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1748 (28 self)
 Add to MetaCart
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing
A Fuzzy Commitment Scheme
 ACM CCS'99
, 1999
"... We combine wellknown techniques from the areas of errorcorrecting codes and cryptography to achieve a new type of cryptographic primitive that we refer to as a fuzzy commitment scheme. Like a conventional cryptographic commitment scheme, our fuzzy commitment scheme is both concealing and binding: i ..."
Abstract

Cited by 344 (1 self)
 Add to MetaCart
: it is infeasible for an attacker to learn the committed value, and also for the committer to decommit a value in more than one way. In a conventional scheme, a commitment must be opened using a unique witness, which acts, essentially, as a decryption key. By contrast, our scheme is fuzzy in the sense
Optimal Asymmetric Encryption
, 1994
"... Given an arbitrary kbit to kbit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string z of length slightly less than k bits can be encrypted as where r= is a simple probabilistic encoding of z depending on the hash function; and (ii) the scheme ca ..."
Abstract

Cited by 275 (14 self)
 Add to MetaCart
Given an arbitrary kbit to kbit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string z of length slightly less than k bits can be encrypted as where r= is a simple probabilistic encoding of z depending on the hash function; and (ii) the scheme
A survey of peertopeer content distribution technologies
 ACM Computing Surveys
, 2004
"... Distributed computer architectures labeled “peertopeer ” are designed for the sharing of computer resources (content, storage, CPU cycles) by direct exchange, rather than requiring the intermediation or support of a centralized server or authority. Peertopeer architectures are characterized by t ..."
Abstract

Cited by 378 (7 self)
 Add to MetaCart
typically allow personal computers to function in a coordinated manner as a distributed storage medium by contributing, searching, and obtaining digital content. In this survey, we propose a framework for analyzing peertopeer content distribution technologies. Our approach focuses on nonfunctional
Succinct functional encryption and applications: Reusable garbled circuits and beyond
, 2013
"... Functional encryption is a powerful primitive: given an encryption Enc(x) of a value x and a secret key skf corresponding to a circuit f, it enables efficient computation of f(x) without revealing any additional information about x. Constructing functional encryption schemes with succinct ciphertext ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
ciphertexts that guarantee security for even a single secret key (for a general function f) is an important open problem with far reaching applications, which this paper addresses. Our main result is a functional encryption scheme for any general function f of depth d, with succinct ciphertexts whose size
On the (im)possibility of obfuscating programs
 Lecture Notes in Computer Science
, 2001
"... Informally, an obfuscator O is an (efficient, probabilistic) “compiler ” that takes as input a program (or circuit) P and produces a new program O(P) that has the same functionality as P yet is “unintelligible ” in some sense. Obfuscators, if they exist, would have a wide variety of cryptographic an ..."
Abstract

Cited by 348 (24 self)
 Add to MetaCart
approximately preserve the functionality, and (c) only need to work for very restricted models of computation (TC 0). We also rule out several potential applications of obfuscators, by constructing “unobfuscatable” signature schemes, encryption schemes, and pseudorandom function families.
Optimal Asymmetric Encryption – How to Encrypt with RSA
, 1995
"... Given an arbitrary kbit to kbit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string x of length slightly less than k bits can be encrypted as f(rx), where rx is a simple probabilistic encoding of x depending on the hash function; and (ii) the scheme ..."
Abstract

Cited by 224 (21 self)
 Add to MetaCart
Given an arbitrary kbit to kbit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string x of length slightly less than k bits can be encrypted as f(rx), where rx is a simple probabilistic encoding of x depending on the hash function; and (ii
Succinct Garbling Schemes and Applications
, 2014
"... Assuming the existence of iO for P/poly and oneway functions, we show how to succinctly garble boundedspace computations (BSC) M: the size of the garbled program (as well as the time needed to generate the garbling) only depends on the size and space (including the input and output) complexity of ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
of M, but not its running time. The key conceptual insight behind this construction is a method for using iO to “compress ” a computation that can be performed piecemeal, without revealing anything about it. As corollaries of our succinct garbling scheme, we demonstrate the following: • functional
Opportunistic Media Access for Multirate Ad Hoc Networks
, 2002
"... The IEEE 802.11 wireless media access standard supports multiple data rates at the physical layer. Moreover, various auto rate adaptation mechanisms at the medium access layer have been proposed to utilize this multirate capability by automatically adapting the transmission rate to best match the c ..."
Abstract

Cited by 332 (12 self)
 Add to MetaCart
for the same timeshares as achieved by singlerate IEEE 802.11. We describe mechanisms to implement OAR on top of any existing autorate adaptation scheme in a nearly IEEE 802.11 compliant manner. We also analytically study OAR and characterize the gains in throughput as a function of the channel conditions
Results 1  10
of
1,735