. A protocol is described which allows to send and receive messages anonymously using an arbitrary communication network, and it is proved to be unconditionally secure. This improves a result by DAVID CHAUM: The DC-net guarantees the same, but on the assumption of a reliable broadcast network. Since unconditionally secure Byzantine Agreement cannot be achieved, such a reliable broadcast network cannot be realized by algorithmic means. The solution proposed here, the DC + -net, uses the DC-net, but replaces the reliable broadcast network by a fail-stop one. By choosing the keys necessary for the DC-net dependently on the previously broadcast messages, the fail-stop broadcast can be achieved unconditionally secure and without increasing the complexity of the DC-net significantly, using an arbitrary communication network. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General --- Security and protection, E.3 [Data Encryption], F.2.1 [Analysis of Algorithms...

The main difference between confirmer signatures and ordinary digital signatures is that a confirmer signature can be verified only with the assistance of a semitrusted third party, the confirmer. Additionally, the confirmer can selectively convert single confirmer signatures into ordinary signatures. This paper points out that previous models for confirmer signature schemes are too restricted to address the case where several signers share the same confirmer. More seriously, we show that various proposed schemes (some of which are provably secure in these restricted models) are vulnerable to an adaptive signature-transformation attack. We define a new stronger model that covers this kind of attack and provide a generic solution based on any secure ordinary signa...

Abstract—We suggest a method of controlling the access to a secure database via quorum systems. A quorum system is a collection of sets (quorums) every two of which have a nonempty intersection. Quorum systems have been used for a number of applications in the area of distributed systems. We propose a separation between access servers, which are protected and trustworthy, but may be outdated, and the data servers, which may all be compromised. The main paradigm is that only the servers in a complete quorum can collectively grant (or revoke) access permission. The method we suggest ensures that, after authorization is revoked, a cheating user Alice will not be able to access the data even if many access servers still consider her authorized and even if the complete raw database is available to her. The method has a low overhead in terms of communication and computation. It can also be converted into a distributed system for issuing secure signatures. An important building block in our method is the use of secret sharing schemes that realize the access structures of quorum systems. We provide several efficient constructions of such schemes which may be of interest in their own right. Index Terms—Quorum systems, replication, secret sharing, security, cryptography.

We present a digital signature scheme which is based on the existence of any trapdoor permutation. Our scheme is secure in the strongest possible natural sense: namely, it is secure against existential forgery under adaptive chosen message attack.

For most digital signature schemes used in practice, such as ISO9796/RSA or DSA, it has only been shown that certain plausible cryptographic assumptions, such as the difficulty of factoring integers, computing discrete logarithms or the collision-intractability of certain hash-functions are necessary for the security of the scheme, while their sufficiency is, strictly speaking, an open question. A clear advantage of such schemes over many signature schemes with security proven relative to such common cryptographic assumptions, is their efficiency: as a result of their relatively weak requirements regarding computation, bandwidth and storage, these schemes have so far beaten proven secure schemes in practice. Our aim is to contribute to the bridging of the gap that seems to exist between the theory and practice of digital signature schemes. We present a digital signature that offers both proven security and practical value. More precisely, under an appropriate assumption about RSA, the ...

In our opinion, the Foundations of Cryptography are the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. In this essay, we survey some of these paradigms, approaches and techniques as well as some of the fundamental results obtained using them. Special effort is made in attempt to dissolve common misconceptions regarding these paradigms and results. c flCopyright 1998 by Oded Goldreich. Permission to make copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that new copies bear this notice and the full citation on the first page. Abstracting with credit is permitted. A preliminary version of this essay has appeared in the proceedings of Crypto97 (Springer's Lecture Notes in Computer Science, Vol. 1294). 0 Contents 1 Introduction 2 I Basic Tools 6 2 Central Paradigms 6 2.1 Computati...

Probabilistic Signature Scheme (PSS), Full Domain Hash (FDH) and several of their variants are widely used signature schemes, which can be formally analyzed in the random oracle model. These schemes output a signature of the form , where y somehow depends on the message signed (and pub) and f is some public trapdoor permutation (typically RSA). Interestingly, all these signature schemes can be proven asymptotically secure for an arbitrary trapdoor permutation f, but their exact security seems to be significantly better for special trapdoor permutations like RSA.

Abstract not found

Blind digital signatures were introduced by Chaum. In this paper, we show how security and blindness properties for blind digital signatures, can be simultaneously defined and satisfied, assuming an arbitrary one-way trapdoor permutation family. Thus, this paper presents the first complexity-based proof of security for blind signatures.

s, and Summary of Discussions Joan Feigenbaum and Michael Merritt AT&T Bell Laboratories Murray Hill, NJ 07974 The DIMACS Workshop on Distributed Computing and Cryptography was held at the Nassau Inn in Princeton, New Jersey, on October 4, 5, and 6, 1989. Participants took a critical look at the results, choice of problems, guiding philosophies, research methodology, and engineering projects that currently absorb much of the effort of people working in "cryptography" and "computer system security." This report summarizes both the formal presentations and the informal discussions that took place. Section 1 contains our account of the group discussions and statements of open questions, both general and specific, that we think are important. This report on the workshop is based on our recollections, our notes, and notes taken by the graduate-student participants; we assume responsibility for any inaccuracies in our account. Section 2 contains abstracts of the talks presented at the worksh...