32,204 Hits in 4.1 sec

An Efficient and Leakage-Resilient RSA-Based Authenticated Key Exchange Protocol with Tight Security Reduction

2007 IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences  
RSA). key words: authenticated key exchange, passwords, on-line and off-line dictionary attacks, RSA, leakage of stored secrets, efficiency, perfect forward secrecy  ...  Both mutual authentication and generation of session keys can be accomplished by an authenticated key exchange (AKE) protocol.  ...  This research has been sponsored by the Ministry of Economy, Trade and Industry (METI), Japan, under the contract of "New Generation of Information Security R&D Program."  ... 
doi:10.1093/ietfec/e90-a.2.474 fatcat:khnyy2dcxfb6xed4geb4rerjma

Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange [chapter]

Kristian Gjøsteen, Tibor Jager
2018 Lecture Notes in Computer Science  
efficiency by compensating the security loss of a reduction with larger parameters.  ...  We construct the first truly practical signature scheme with tight security in a real-world multi-user setting with adaptive corruptions.  ...  We describe the first truly practical key exchange protocol with tight security in a standard security model for authenticated key exchange.  ... 
doi:10.1007/978-3-319-96881-0_4 fatcat:vly43n24jvehhfyc3ihpswstta

On the Impossibility of Tight Cryptographic Reductions [chapter]

Christoph Bader, Tibor Jager, Yong Li, Sven Schäge
2016 Lecture Notes in Computer Science  
is transferred from an idealized single-user setting to the more realistic multi-user setting is impossible to avoid, and a lower tightness bound for non-interactive key exchange protocols.  ...  Thus, the reduction "loses" efficiency and/or efficacy. Since provable security is inspired by classical complexity theory, security proofs have traditionally been formulated asymptotically.  ...  authenticated key exchange [6, 8, 3] , and non-interactive key exchange [11] protocols.  ... 
doi:10.1007/978-3-662-49896-5_10 fatcat:hqtk4koaz5gthonpcna2upgf5e

TUP: A New eCK-Secure AKE Protocol under the CDH Assumption

Qinglei Zhou, Zengfu Yang
2012 International Journal of Communications, Network and System Sciences  
The design and analysis of authenticated key exchange protocol is an important problem in information security area.  ...  To avoid this phenomenon, by using twinning key technology we propose a new two party key agreement protocol TUP which is obtained by modifying the UP protocol, then in conjunction with the trapdoor test  ...  analysis, so the security reduction is more tight.  ... 
doi:10.4236/ijcns.2012.56043 fatcat:gpwbocfiynfvrdcxtcmee6fnci

Iterated Random Oracle: A Universal Approach for Finding Loss in Security Reduction [chapter]

Fuchun Guo, Willy Susilo, Yi Mu, Rongmao Chen, Jianchang Lai, Guomin Yang
2016 Lecture Notes in Computer Science  
We show how to apply the iterated random oracle for security transformation from key encapsulation mechanism with one-way security to normal encryption with indistinguishability security.  ...  The security reduction is very tight due to a small finding loss. The transformation does not expand the ciphertext size.  ...  Tight Reduction for Key Exchange The iterated random oracle can also be applied in the key exchange for tight(er) reduction in the IND-CHP security reduction.  ... 
doi:10.1007/978-3-662-53890-6_25 fatcat:ieai7oa7wvfoxlptebnhjvsjne

Versatile padding schemes for joint signature and encryption

Yevgeniy Dodis, Michael J. Freedman, Stanislaw Jarecki, Shabsi Walfish
2004 Proceedings of the 11th ACM conference on Computer and communications security - CCS '04  
We illustrate the utility of our signcryption schemes by applying them to build a secure key-exchange protocol, with performance results showing 3x-5x speed-up compared to standard protocols.  ...  All our signcryption schemes, built directly from trapdoor permutations such as RSA, share features such as simplicity, efficiency, generality, near-optimal exact security, flexible and ad-hoc key management  ...  Thus, a tight reduction to "claw-freeness" of such families implies a tight reduction to inverting them.  ... 
doi:10.1145/1030083.1030129 dblp:conf/ccs/DodisFJW04 fatcat:zkv427awmjc2vk63gd6mvmw37y

An Identification Scheme with Tight Reduction

2007 IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences  
Although it needs the four exchanges of messages and slightly more exponentiations, the ID-KEA1 is proved to be secure under the KEA1 and DLA assumptions with tight reduction.  ...  However, efficiencies of the reductions in those proofs of security are not tight, because they require "rewinding" a cheating prover.  ...  Thus, the IDKEA1 is not so efficient as the Schnorr scheme in computations and communications. However, the IDKEA1 has the security proof with tight reduction without loss of the security.  ... 
doi:10.1093/ietfec/e90-a.9.1949 fatcat:lmbxcxrk25eclmaca4os3bipai

On the Tight Security of TLS 1.3: Theoretically Sound Cryptographic Parameters for Real-World Deployments

Denis Diemert, Tibor Jager
2021 Journal of Cryptology  
For some building blocks, such as the symmetric record layer encryption scheme, we can then rely on prior work to establish tight security.  ...  In this work, we provide a new security proof for the cryptographic core of TLS 1.3 in the random oracle model, which reduces the security of TLS 1.3 tightly (that is, with constant security loss) to the  ...  Furthermore, [38] describe an efficient digital signature scheme with tight security in the multi-user setting with adaptive corruptions.  ... 
doi:10.1007/s00145-021-09388-x fatcat:vhz6kgeejfd7tgfvbowgjbrfne

An Identity Based-Identification Scheme with Tight Security against Active and Concurrent Adversaries

Jason Chia, Ji-Jian Chin
2020 IEEE Access  
We show tight security reduction against active and concurrent attackers (imp-aa/ca) on our scheme that is obtained from the same transform.  ...  We demonstrate the tight security of our scheme which allows usage of even shorter key sizes.  ...  [12] showed a variant of the Schnorr signature based IBI with tight security reduction.  ... 
doi:10.1109/access.2020.2983750 fatcat:gxsznxewr5fkvasru4sx5gjari

Another Look at "Provable Security". II [chapter]

Neal Koblitz, Alfred Menezes
2006 Lecture Notes in Computer Science  
We discuss the question of how to interpret reduction arguments in cryptography. We give some examples to show the subtlety and difficulty of this question.  ...  Acknowledgments We would like to thank Andrey Sidorenko for his valuable comments on pseudorandom bit generators and Bart Preneel for answering our queries about the provable security of MAC algorithms  ...  Let SPAKE1 be the above password-based encrypted key exchange protocol associated with these primitives.  ... 
doi:10.1007/11941378_12 fatcat:fatlcjwmj5gdthxhx7pylbn3li

CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM

Joppe Bos, Leo Ducas, Eike Kiltz, T Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, Damien Stehle
2018 2018 IEEE European Symposium on Security and Privacy (EuroS&P)  
We implemented and benchmarked the CCA-secure KEM and key exchange protocols against the ones that are based on LWE and Ring-LWE: we conclude that our schemes are not only as efficient but also feature  ...  , key exchange, and authenticatedkey-exchange schemes.  ...  Note that the security bound is tight. In particular, in combination with Theorems 3.1 and 3.3 we obtain a tight reduction from the Module-LWE hardness assumption.  ... 
doi:10.1109/eurosp.2018.00032 dblp:conf/eurosp/BosDKLLSSSS18 fatcat:o7dl5wpwcndarjp3wtm2eqwycm

Tightly-Secure Authenticated Key Exchange [chapter]

Christoph Bader, Dennis Hofheinz, Tibor Jager, Eike Kiltz, Yong Li
2015 Lecture Notes in Computer Science  
We construct the first Authenticated Key Exchange (AKE) protocol whose security does not degrade with an increasing number of users or sessions.  ...  We show how to construct efficient schemes that satisfy the new definitions with tight security proofs under standard assumptions. $ ← E 0 and all proofs are generated with respect to CRS sim .  ...  Provably-secure AKE and tight reductions.  ... 
doi:10.1007/978-3-662-46494-6_26 fatcat:mtiwizqx45a4jgktnjwrshmlmm

On the Security of Distributed Multiprime RSA [chapter]

Ivan Damgård, Gert Læssøe Mikkelsen, Tue Skeltved
2015 Lecture Notes in Computer Science  
This is not a big problem in a setup where one organization has a few high profile keys to secure, however, this does not scale well to systems with a lot of secret keys, like eID schemes where there exist  ...  Then we show the first 2-party distributed multiprime RSA key generation protocol that are as efficient as standard centralized key generation, even if security against malicious adversaries is desired  ...  Since the bounds of [FOPS04] (Theorem 1) are less tight compared with the reduction from M-RSA to RSA (Corollary 1), the bound for breaking OAEP-RSA and OAEP-M-RSA is the same.  ... 
doi:10.1007/978-3-319-15943-0_2 fatcat:yx7cjhcvpfhrlj3rqvyarn6jtq

An Efficient MQ-based Signature with Tight Security Proof

Hiroki Furue, Dung Hoang Duong, Tsuyoshi Takagi
2020 International Journal of Networking and Computing  
At PKC 2018, Chen et al. proposed SOFIA, the first MQ-based digital signature scheme having tight security in the quantum random oracle model (QROM).  ...  In this paper, we propose an MQ-based 3-pass IDS with impersonation probability of 1 2 and apply the original version of the Unruh transform to it to obtain a more efficient MQ-based digital signature  ...  In this paper, we propose a more efficient MQ-based DSS with tight security proof in the QROM.  ... 
doi:10.15803/ijnc.10.2_308 fatcat:tm44tidasvgpfmbz7kspdqj5ki

Tightly-Secure Authenticated Key Exchange without NAXOS' Approach Based on Decision Linear Problem

Mojahed Mohamed, Xiaofen Wang, Xiaosong Zhang
2016 OALib  
Design secure Authenticated Key Exchange (AKE) protocol without NAXOS approach is remaining as an open problem.  ...  We fasten our security using games sequences tool which gives tight security for our protocol.  ...  Introduction An Authenticated Key Exchange protocol (AKE) allows two parties to end up with a shared secret key in secure and authenticated manner.  ... 
doi:10.4236/oalib.1103033 fatcat:ihqfxeip45finep4tfuvsgxd6e
« Previous Showing results 1 — 15 out of 32,204 results