Relations among notions of security for public-key encryption schemes

Bellare, Mihir; Desai, Anand; Pointcheval, David; Rogaway, Phillip

doi:10.1007/bfb0055718

Cited by 667 publications

(698 citation statements)

References 19 publications

Supporting

Mentioning

687

Contrasting

Unclassified

Order By: Relevance

“…In our protocols we assume the existence of a semantically secure (in the sense of IND-CPA [BDPR98]) probabilistic public-key encryption function E Z : M×R → E, (m, α) → M , where Z denotes the public key, M denotes a set of messages, R denotes the set of random strings, and E denotes the set of encryptions. We write…”

Section: Homomorphic Encryption Schemementioning

confidence: 99%

Upper Bounds on the Communication Complexity of Optimally Resilient Cryptographic Multiparty Computation

Hirt

Nielsen

2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We give improved upper bounds on the communication complexity of optimally-resilient secure multiparty computation in the cryptographic model. We consider evaluating an n-party randomized function and show that if f can be computed by a circuit of size c, then O(cn 2 κ) is an upper bound for active security with optimal resilience t < n/2 and security parameter κ. This improves on the communication complexity of previous protocols by a factor of at least n. This improvement comes from the fact that in the new protocol, only O(n) messages (of size O(κ) each) are broadcast during the whole protocol execution, in contrast to previous protocols which require at least O(n) broadcasts per gate.Furthermore, we improve the upper bound on the communication complexity of passive secure multiparty computation with resilience t < n from O(cn 2 κ) to O(cnκ). This improvement is mainly due to a simple observation.

show abstract

Section: Homomorphic Encryption Schemementioning

confidence: 99%

Upper Bounds on the Communication Complexity of Optimally Resilient Cryptographic Multiparty Computation

Hirt

Nielsen

2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Syntax of an asymmetric encryption scheme is usually defined as a triple of algorithms (K, E, D), where K returns a pair of both encryption and decryption keys [BDPR98]. But then I is simply a projection and the decryption algorithm simply ignores one of the parameters.…”

Section: Encryption Schemesmentioning

confidence: 99%

Model–Based Testing of Cryptographic Protocols

Rosenzweig

Runje

Schulte

2005

Trustworthy Global Computing

View full text Add to dashboard Cite

Abstract. Modeling is a popular way of representing the behavior of a system. A very useful type of model in computing is an abstract state machine which describes transitions over first order structures. The general purpose model-based testing tool SpecExplorer (used within Microsoft, also available externally) uses such a model, written in AsmL or Spec#, to perform a search that checks that all reachable states of the model are safe, and also to check conformance of an arbitrary .NET implementation to the model. Spec Explorer provides a variety of ways to cut down the state space of the model, for instance by finitizing parameter domains or by providing predicate abstraction. It has already found subtle bugs in production software. First order structures and abstract state machines over them are also a useful way to think about cryptographic protocols, since models formulated in these terms arise by natural abstraction from computational cryptography. In this paper we explain this abstraction process, 'experiments as structures', and argue for its faithfulness. We show how the Dolev-Yao intruder model fits into SpecExplorer. In a word, the actions of the DolevYao intruder are the 'controllable' actions of the testing framework, whereas the actions of protocol participants are the 'observable' actions of the model. The unsafe states are the states violating say Lowe's security guarantees. Under this view, the general purpose software testing tool quickly finds known attacks, such as Lowe's attack on the NeedhamSchroeder protocol.

show abstract

“…We require two public key schemes: a public-key encryption scheme, which should be semantically secure under adaptive chosen ciphertext attack (equivalent to IND-CCA2 in the definitions of [2]) 1 , and a publickey signature scheme, which should be existentially unforgeable under adaptive chosen message attack.…”

Section: Cryptographic Algorithmsmentioning

confidence: 99%

A Reputation System to Increase MIX-Net Reliability

Dingledine¹,

Freedman

Hopwood

et al. 2001

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We describe a design for a reputation system that increases the reliability and thus efficiency of remailer services. Our reputation system uses a MIX-net in which MIXes give receipts for intermediate messages. Together with a set of witnesses, these receipts allow senders to verify the correctness of each MIX and prove misbehavior to the witnesses. We suggest a simple model and metric for evaluating the reliability of a MIX-net, and show that our reputation system improves over randomly picking MIX paths while maintaining anonymity.

show abstract

Relations among notions of security for public-key encryption schemes

Cited by 667 publications

References 19 publications

Upper Bounds on the Communication Complexity of Optimally Resilient Cryptographic Multiparty Computation

Upper Bounds on the Communication Complexity of Optimally Resilient Cryptographic Multiparty Computation

Model–Based Testing of Cryptographic Protocols

A Reputation System to Increase MIX-Net Reliability

Contact Info

Product

Resources

About