Results 1 - 10
of
1,647
Identity-Based Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract
-
Cited by 1748 (28 self)
- Add to MetaCart
(Show Context)
We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Public-key cryptosystems based on composite degree residuosity classes
- IN ADVANCES IN CRYPTOLOGY — EUROCRYPT 1999
, 1999
"... This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to public-key cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic probabilist ..."
Abstract
-
Cited by 1009 (4 self)
- Add to MetaCart
This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to public-key cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model.
Entity Authentication and Key Distribution
, 1993
"... Entity authentication and key distribution are central cryptographic problems in distributed computing -- but up until now, they have lacked even a meaningful definition. One consequence is that incorrect and inefficient protocols have proliferated. This paper provides the first treatment of these p ..."
Abstract
-
Cited by 578 (13 self)
- Add to MetaCart
Entity authentication and key distribution are central cryptographic problems in distributed computing -- but up until now, they have lacked even a meaningful definition. One consequence is that incorrect and inefficient protocols have proliferated. This paper provides the first treatment of these problems in the complexity-theoretic framework of modern cryptography. Addressed in detail are two problems of the symmetric, two-party setting: mutual authentication and authenticated key exchange. For each we present a definition, protocol, and proof that the protocol meets its goal, assuming the (minimal) assumption of pseudorandom function. When this assumption is appropriately instantiated, the protocols given are practical and efficient.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks
, 2003
"... this paper, we provide a framework in which to study the security of key pre-distribution schemes, propose a new key pre-distribution scheme which substantially improves the resilience of the network compared to previous schemes, and give an in-depth analysis of our scheme in terms of network resili ..."
Abstract
-
Cited by 552 (18 self)
- Add to MetaCart
this paper, we provide a framework in which to study the security of key pre-distribution schemes, propose a new key pre-distribution scheme which substantially improves the resilience of the network compared to previous schemes, and give an in-depth analysis of our scheme in terms of network resilience and associated overhead. Our scheme exhibits a nice threshold property: when the number of compromised nodes is less than the threshold, the probability that communications between any additional nodes are compromised is close to zero. This desirable property lowers the initial payoff of smaller-scale network breaches to an adversary, and makes it necessary for the adversary to attack a large fraction of the network before it can achieve any significant gain
A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack
- CRYPTO '98
, 1998
"... A new public key cryptosystem is proposed and analyzed. The scheme is quite practical, and is provably secure against adaptive chosen ciphertext attack under standard intractability assumptions. There appears to be no previous cryptosystem in the literature that enjoys both of these properties simu ..."
Abstract
-
Cited by 540 (17 self)
- Add to MetaCart
(Show Context)
A new public key cryptosystem is proposed and analyzed. The scheme is quite practical, and is provably secure against adaptive chosen ciphertext attack under standard intractability assumptions. There appears to be no previous cryptosystem in the literature that enjoys both of these properties simultaneously.
Attribute-based encryption for fine-grained access control of encrypted data
- In Proc. of ACMCCS’06
, 2006
"... As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop ..."
Abstract
-
Cited by 522 (23 self)
- Add to MetaCart
(Show Context)
As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical Identity-Based Encryption (HIBE). E.3 [Data En-
Relations among notions of security for public-key encryption schemes
, 1998
"... Abstract. We compare the relative strengths of popular notions of security for public key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen plaintext attack and two kinds of chosen ciphertext attack. For each of the resulting pairs of definitions we prove e ..."
Abstract
-
Cited by 517 (69 self)
- Add to MetaCart
(Show Context)
Abstract. We compare the relative strengths of popular notions of security for public key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen plaintext attack and two kinds of chosen ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one notion must meet the other) or a separation (there is a scheme meeting one notion but not the other, assuming the first notion can be met at all). We similarly treat plaintext awareness, a notion of security in the random oracle model. An additional contribution of this paper is a new definition of non-malleability which we believe is simpler than the previous one.
Non-Malleable Cryptography
- SIAM Journal on Computing
, 2000
"... The notion of non-malleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. ..."
Abstract
-
Cited by 480 (20 self)
- Add to MetaCart
(Show Context)
The notion of non-malleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. The same concept makes sense in the contexts of string commitment and zero-knowledge proofs of possession of knowledge. Non-malleable schemes for each of these three problems are presented. The schemes do not assume a trusted center; a user need not know anything about the number or identity of other system users. Our cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.
Ciphertext-policy attribute-based encryption
- In Proceedings of the IEEE Symposium on Security and Privacy (To Appear
, 2007
"... ..."
Short Signatures without Random Oracles
, 2004
"... We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption we call the Strong Di#e-Hellman assumption. This assumption has similar properties to the Strong RS ..."
Abstract
-
Cited by 393 (11 self)
- Add to MetaCart
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption we call the Strong Di#e-Hellman assumption. This assumption has similar properties to the Strong RSA assumption, hence the name. Strong RSA was previously used to construct signature schemes without random oracles. However, signatures generated by our scheme are much shorter and simpler than signatures from schemes based on Strong RSA.
