### Citations

3537 | New directions in cryptography
- Diffie, Hellman
- 1976
(Show Context)
Citation Context ...rive a common secret key over an adversially controlled channel. The derived key can be used for example to establish a secure channel with a symmetric encryption scheme. Diffie-Hellman key agreement =-=[12]-=- is one of the most widely used key agreement protocols. It allows two parties to agree on a common session key without sharing any secrets in advance. The original Diffie-Hellman scheme is based on e... |

1010 |
Elliptic curve cryptosystems
- Koblitz
- 1987
(Show Context)
Citation Context ...hms have been devised for the discrete logarithm problem [9]. To avert such methods, generalizations the original scheme have been studied. For example, in elliptic curve Diffie-Hellman key agreement =-=[20, 17]-=- the platform group has been changed into a cyclic group arising from the group structure over an elliptic curve. Algebraic generalizations of the Diffie-Hellman scheme can be constructed based on the... |

740 |
Use of Elliptic Curves in Cryptography
- Miller
- 1986
(Show Context)
Citation Context ...hms have been devised for the discrete logarithm problem [9]. To avert such methods, generalizations the original scheme have been studied. For example, in elliptic curve Diffie-Hellman key agreement =-=[20, 17]-=- the platform group has been changed into a cyclic group arising from the group structure over an elliptic curve. Algebraic generalizations of the Diffie-Hellman scheme can be constructed based on the... |

464 | A Course in Universal Algebra.
- Burris, Sankappanavar
- 1981
(Show Context)
Citation Context ...f endomorphisms comprises a semigroup End (A). An automorphism is a bijective endomorphism and the set of automorphisms comprises a group Aut (A). For a treatise on universal algebra, see for example =-=[6]-=-. 2.2 Diffie-Hellman key agreement The Diffie-Hellman scheme [12] is a two-party key agreement scheme that, in its general form, allows two parties (say Alice and Bob) to derive a common secret elemen... |

334 |
A One Round Protocol for Tripartite Diffie-Hellman”,
- Joux
- 2000
(Show Context)
Citation Context ...vious way. The commutativity is the principal property in many schemes that can be considered as generalizations of the Diffie-Hellman scheme such as pairing based key agreement over algebraic curves =-=[14]-=-. On the other hand, exponentiation in a cyclic group can be also seen as a group automorphism. Several discrete logarithm based primitives can be characterized by considering a group of automorphisms... |

328 | Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
- Canetti, Krawczyk
- 2001
(Show Context)
Citation Context ...nal and a decision version of the HIP and devise a key agreement protocol that is secure in the unauthenticated links model formalized by Bellare et al. [4] and later extended by Canetti and Krawczyk =-=[7]-=-. We prove the security under the decision homomorphic image assumption. We also give an example construction of our scheme based on a symmetric encryption scheme of Armknecht and Sadeghi [3] that is ... |

244 | A Modular Approach to the Design and Analysis of Authentication and Key Exchange Protocols. STOC '98
- Bellare, Canetti, et al.
(Show Context)
Citation Context ...tion scheme with the property that ciphertexts can be re-randomized without the key. For the sake of completeness, we present the final UM secure protocol here using the signature based authenticator =-=[4]-=-. Protocol 3. Common information: A field F, nonnegative integers n, k, r and vectors x, z ∈ Fn such that (x, k, t, r+1) are valid and secure parameters for the AS scheme. Participants have also agree... |

230 |
Oblivious Transfer and Polynomial Evaluation
- Naor, Pinkas
- 1999
(Show Context)
Citation Context ...erministic way, proceed as normal and finally add a random element from Ker ( D[n] ) as the last step. This 17 property is closely related to random self-reducibility and has been previously noted in =-=[22, 15]-=-. Regarding Protocol 2, it allows Bob to randomize the element b he is about to transmit to Alice in Step 2 without knowing the key I. Proposition 5. The r-DHI assumption holds for Qr → A under the as... |

188 |
Probabilistic encryption and how to play mental poker keeping secret all partial information
- Goldwasser, Micali
- 1982
(Show Context)
Citation Context ...er of multiplications. Furthermore, the ciphertext size grows exponentially with the number of encryptions. Ciphertext indistinguishability under chosen plaintext attack (IND-CPA or semantic security =-=[13]-=-) of the AS scheme is based on the problem of decoding interleaved Reed-Solomon codes. The problem is also called the synchronized polynomial reconstruction problem (SPRP) and it is defined in the fol... |

173 |
Hyperelliptic cryptosystems
- Koblitz
- 1989
(Show Context)
Citation Context ...e logarithms is infeasible for that group. An example of such a generalization is the elliptic curve Diffie-Hellman key agreement scheme [20, 17]. Other groups over Abelian varieties can be also used =-=[18]-=-. Conjugacy search problem is one of the possible generalizations of the discrete logarithm problem to non-commutative groups. Commuting automorphisms have both the commutativity and the homomorphic p... |

153 | An algebraic method for public-key cryptography,
- Anshel, Anshel, et al.
- 1999
(Show Context)
Citation Context ...[21]. Similar schemes can be found in [19, 26]. We are not aware of any generalizations based on non-commuting homomorphisms. A related algebraic key agreement scheme is suggested by Anshel et al. in =-=[2]-=-. The scheme is based on three special mappings β, γ1, γ2 defined using two monoids. Of the three functions, β has a homomorphic property. In [2, 1], Anshel et al. suggest conjugation and the braid gr... |

126 | New public-key cryptosystem using braid group,
- Ko, Lee, et al.
- 2000
(Show Context)
Citation Context ...rithm based primitives can be characterized by considering a group of automorphisms acting on a group [24]. Swapping exponentiation with conjugation yields schemes that work on non-commutative groups =-=[16, 23]-=-. Such generalizations typically concentrate on the commutativity rather than on the homomorphic property. In this paper, we show that if the homomorphic property is satisfied, then the commutativity ... |

39 |
New key agreement protocols in braid group cryptography,”
- Ahshel, Anshel, et al.
- 2001
(Show Context)
Citation Context ... key agreement scheme is suggested by Anshel et al. in [2]. The scheme is based on three special mappings β, γ1, γ2 defined using two monoids. Of the three functions, β has a homomorphic property. In =-=[2, 1]-=-, Anshel et al. suggest conjugation and the braid group as the basis for a key agreement protocol. Although the scheme of Anshel et al. is not a generalization of the Diffie-Hellman scheme, it bears m... |

31 |
Discrete logarithms in GF(p).
- Coppersmith, Odlyzko, et al.
- 1986
(Show Context)
Citation Context ...security is based on the hardness of computing discrete logarithms. Since the seminal paper of Diffie and Hellman, sub-exponential time algorithms have been devised for the discrete logarithm problem =-=[9]-=-. To avert such methods, generalizations the original scheme have been studied. For example, in elliptic curve Diffie-Hellman key agreement [20, 17] the platform group has been changed into a cyclic g... |

26 | Cryptographic Hardness based on the Decoding of Reed-Solomon Codes with Applications.
- Kiayias, Yung
- 2002
(Show Context)
Citation Context ... Armknecht-Sadeghi scheme Armknecht and Sadeghi suggest in [3] a homomorphic symmetric encryption scheme that is a modification of a non-homomorphic encryption scheme suggested by Kiayias and Yung in =-=[15]-=-. The AS scheme supports an unlimited number of additions but a very limited number of multiplications. Furthermore, the ciphertext size grows exponentially with the number of encryptions. Ciphertext ... |

25 | Reconstructing curves in three (and higher) dimensional space from noisy data.
- Coppersmith, Sudan
- 2003
(Show Context)
Citation Context ...heme is based on the problem of decoding interleaved Reed-Solomon codes. The problem is also called the synchronized polynomial reconstruction problem (SPRP) and it is defined in the following way in =-=[10]-=-. Let [m] = {1, 2, . . . ,m} and let F be a field. Definition 7 (SPRP). Given k, t, r ∈ N, a vector x = (x1, x2, . . . , xn) ∈ Fn with xi 6= xj for i 6= j and r vectors y1,y2, . . . ,yr such that yi =... |

20 |
Yashchenko, “Systems of open distribution of keys on the basis of noncommutative semigroups
- Sidelnikov, Cherepnev, et al.
- 1993
(Show Context)
Citation Context ...ke scheme using the braid group and commuting inner automorphisms. According to Dehornoy [11], the same scheme has been independently suggested by Sidel’nikov et al. using a non-commutative semigroup =-=[25]-=-. In [24], the possibility of using commuting endomorphisms instead of automorphisms is suggested. In [24], Shpilrain and Zapata also algebraically classify exponentiation and conjugation based scheme... |

19 |
The decision diffie-hellman problem," Algorithmic Number Theory
- Boneh
- 1998
(Show Context)
Citation Context ...llman protocol. For instance, there are many groups for which the computational Diffie-Hellman problem is generally considered infeasible, but there is an efficient algorithm for the decision version =-=[5]-=-. For clarity, we shall not in this section consider full indistinguishability of the session key. We call the construction ”a scheme” in order to differentiate from a complete protocol. We also do no... |

19 | Braid-based cryptography
- Dehornoy
(Show Context)
Citation Context ...ty and the homomorphic property of the exponentiation operation. In [16], Ko et al. suggest a Diffie-Hellman like scheme using the braid group and commuting inner automorphisms. According to Dehornoy =-=[11]-=-, the same scheme has been independently suggested by Sidel’nikov et al. using a non-commutative semigroup [25]. In [24], the possibility of using commuting endomorphisms instead of automorphisms is s... |

19 | Combinatorial group theory and public key cryptography.
- Shpilrain, Zapata
- 2006
(Show Context)
Citation Context ..., exponentiation in a cyclic group can be also seen as a group automorphism. Several discrete logarithm based primitives can be characterized by considering a group of automorphisms acting on a group =-=[24]-=-. Swapping exponentiation with conjugation yields schemes that work on non-commutative groups [16, 23]. Such generalizations typically concentrate on the commutativity rather than on the homomorphic p... |

18 | New public key cryptosystem using finite nonAbelian groups,”
- Paeng, Ha, et al.
- 2001
(Show Context)
Citation Context ...rithm based primitives can be characterized by considering a group of automorphisms acting on a group [24]. Swapping exponentiation with conjugation yields schemes that work on non-commutative groups =-=[16, 23]-=-. Such generalizations typically concentrate on the commutativity rather than on the homomorphic property. In this paper, we show that if the homomorphic property is satisfied, then the commutativity ... |

15 | Semirings and semigroup actions in public-key cryptography
- Monico
- 2002
(Show Context)
Citation Context ...action [24, Definition 1]. They suggest a generalization of the Diffie-Hellman scheme using commuting semigroup actions. To the best of our knowledge, semigroup actions were first suggested by Monico =-=[21]-=-. Similar schemes can be found in [19, 26]. We are not aware of any generalizations based on non-commuting homomorphisms. A related algebraic key agreement scheme is suggested by Anshel et al. in [2].... |

14 | A new approach for algebraically homomorphic encryption, Cryptology ePrint Archive,
- Armknecht, Sadeghi
- 2008
(Show Context)
Citation Context ...Krawczyk [7]. We prove the security under the decision homomorphic image assumption. We also give an example construction of our scheme based on a symmetric encryption scheme of Armknecht and Sadeghi =-=[3]-=- that is additively homomorphic over a vector space. We show that the protocol is secure in the Canetti-Krawczyk model whenever the IND-CPA security assumption of the encryption scheme holds. 1.1 Rela... |

10 | Public key cryptography based on semigroup actions
- Maze, Monico, et al.
(Show Context)
Citation Context ...t a generalization of the Diffie-Hellman scheme using commuting semigroup actions. To the best of our knowledge, semigroup actions were first suggested by Monico [21]. Similar schemes can be found in =-=[19, 26]-=-. We are not aware of any generalizations based on non-commuting homomorphisms. A related algebraic key agreement scheme is suggested by Anshel et al. in [2]. The scheme is based on three special mapp... |

5 |
Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves
- Stolbunov
(Show Context)
Citation Context ...t a generalization of the Diffie-Hellman scheme using commuting semigroup actions. To the best of our knowledge, semigroup actions were first suggested by Monico [21]. Similar schemes can be found in =-=[19, 26]-=-. We are not aware of any generalizations based on non-commuting homomorphisms. A related algebraic key agreement scheme is suggested by Anshel et al. in [2]. The scheme is based on three special mapp... |