A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Filters
Ensuring high-quality randomness in cryptographic key generation
2013
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13
Preserved Fulltext
Yet, recent experimental work demonstrates that tens of thousands of devices on the Internet use RSA and DSA secrets drawn from a small pool of candidate values. ...
The security of any cryptosystem relies on the secrecy of the system's secret keys. ...
Acknowledgements We gratefully acknowledge Justin Holmgren for pointing out an error in the DSA security proof of the proceedings version of this paper. ...
doi:10.1145/2508859.2516680
dblp:conf/ccs/Corrigan-GibbsMBF13
fatcat:2g53rp35hbelhkw4jamjnvykpe
Ensuring High-Quality Randomness in Cryptographic Key Generation
[article]
2014
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Yet, recent experimental work demonstrates that tens of thousands of devices on the Internet use RSA and DSA secrets drawn from a small pool of candidate values. ...
The security of any cryptosystem relies on the secrecy of the system's secret keys. ...
Acknowledgements We gratefully acknowledge Justin Holmgren for pointing out an error in the DSA security proof of the proceedings version of this paper. We thank David Wolinsky, Ewa Syta ...
arXiv:1309.7366v2
fatcat:akkas26u2jczzl7f3bpvmuq7ee
Linkable message tagging: solving the key distribution problem of signature schemes
2016
International Journal of Information Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Digital signatures are one of the most extensively used cryptographic primitives today. ...
The appealing consequence is that our primitive fully avoids public keys and hence elegantly sidesteps the key distribution problem of signature schemes. ...
Acknowledgments The authors thank all anonymous reviewers for their valuable comments. Both authors were sup- ...
doi:10.1007/s10207-016-0327-z
fatcat:bzakmftetratdoha5ohvfvkt64
Validating Orchestration of Web Services with BPEL and Aggregate Signatures
2008
2008 Sixth European Conference on Web Services
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2010; you can also visit the original URL.
The file type is application/pdf.
We further give a generalization of our basic scheme that can be used to validate generic workflows. ...
In this paper, we address a recent cryptographic tool, aggregate signatures, to validate the orchestration by requiring all partners to sign the result of their computation. ...
However, the actual size of the header in the plain-RSA solution is much bigger than the one in the SAS case. ...
doi:10.1109/ecows.2008.9
dblp:conf/ecows/BlundoCGP08
fatcat:yffghgjzxngd3o7pmanlfxcynu
Offline Submission with RSA Time-Lock Puzzles
2010
2010 10th IEEE International Conference on Computer and Information Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
We introduce a non-interactive RSA time-lock puzzle scheme whose level of difficulty can be arbitrarily chosen by artificially enlarging the public exponent. ...
We have implemented a platform-independent tool performing all parts of our offline submission protocol: puzzle benchmark, issuing a time-lock RSA certificate, solving a puzzle and finally verifying the ...
Other Applications for RSA Time-Lock Puzzles Generally speaking, the solution of an RSA time-lock puzzle constitutes a non-interactive and non-parallelizable proof of work for an arbitrarily chosen context ...
doi:10.1109/cit.2010.193
dblp:conf/IEEEcit/JerschowM10
fatcat:okahxj7wcfhvrixfyrov6go4be
An integrated approach to cryptographic mitigation of denial-of-service attacks
2011
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Our hash-based client puzzle provides finer granularity of difficulty and is proven secure in the puzzle difficulty model of Chen et al. (2009). ...
our integration of client puzzles with client authentication imposes no performance penalty on the server since puzzle verification is a part of signature verification. ...
The authors would like to thank the ASIACCS anonymous referees for their reviews. ...
doi:10.1145/1966913.1966929
dblp:conf/ccs/RangasamySBN11
fatcat:gjrjlscaencfpm3tmpzvqpv5fa
Signcryption and its applications in efficient public key solutions
[chapter]
1998
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
applications of signcryption in the search of efficient security solutions based on public key cryptography. ...
Signcryption is a new paradigm in public key cryptography that simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly ...
Acknowledgment Part of this work was completed while I was on sabbatical leave at the University of Tokyo. I would like to take this opportunity to thank Professor Hideki Imai for his hospitality. ...
doi:10.1007/bfb0030430
fatcat:xxst3lvvdvdblmatr6nt2wdh5m
Fine-grained control of security capabilities
2004
ACM Transactions on Internet Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a number of practical advantages over current revocation techniques. ...
We present a new approach for fine-grained control over users' security privileges (fast revocation of credentials) centered around the concept of an on-line semi-trusted mediator (SEM). ...
Therefore, we believe the SEM architecture is appropriate for small-to medium-sized organizations where tight control of security capabilities is desired. ...
doi:10.1145/967030.967033
fatcat:ehafcnzkgjal7fql7b4cm2f2iu
Group Secret Handshakes Or Affiliation-Hiding Authenticated Group Key Agreement
[chapter]
2006
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2010; you can also visit the original URL.
The file type is application/pdf.
Finally, our protocols, unlike prior results, retain their security and privacy properties without the use of one-time certificates. ...
However, this AH-AGKA protocol is secure only with the use of one-time certificates. 1 Also, the model of security for AH-AGKA protocols considered in [12] is restricted to a single instance of an AH-AGKA ...
Assuming that the RSA problem is ( , t )-hard on random safe RSA moduli of length 2κ , the above tuple of algorithms (Setup, KGen, Add, Revoke, Handshake) is an ( , t, q s , q H , l, m)
-secure AH-AGKE ...
doi:10.1007/11967668_19
fatcat:xuuxd3zehjh3nne6iurwr47nge
Some Like It Private: Sharing Confidential Information Based on Oblivious Authorization
2010
IEEE Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Consider the following: the University of Springfield is confronted with an FBI investigation concerning one Privacy-Preserving Policy-Based Information Transfer (PPIT) lets entities that lack mutual trust ...
The authors discuss the security of two efficient PPIT constructs, then propose an innovative construct that allows entities to efficiently verify the equality of their information. ...
RSA-PPIT is immune to this problem because it includes ephemeral values bound to only one interaction. ...
doi:10.1109/msp.2010.91
fatcat:o5znjnis2bcc3kwgnsiojdswli
Invisibility and Anonymity of Undeniable and Confirmer Signatures
[chapter]
2003
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2003; you can also visit the original URL.
The file type is application/pdf.
Gennaro, Krawczyk and Rabin (GKR) developed an RSA-based scheme which is much more efficient than the schemes of Camenisch and Michels, but it does not have invisibility. ...
We give an RSA-based scheme which is as efficient as the GKR scheme, and which has invisibility. ...
The authors particularly thank an anonymous referee for pointing out a weakness in an earlier version of the paper. ...
doi:10.1007/3-540-36563-x_6
fatcat:c7omrocvxbfl5htjot2skydmwy
Privacy-Preserving Policy-Based Information Transfer
[chapter]
2009
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We construct three PPIT schemes based, respectively, on: RSA, Schnorr and IBE techniques. ...
We then investigate various performance improvements and demonstrate the practicality of proposed PPIT schemes. ...
Recall that this scheme is based on RSA-OSBE from [14] . However, in the first step of the transfer, C picks µ = σ 2 · g r instead of σ · h r . ...
doi:10.1007/978-3-642-03168-7_10
fatcat:cjobj3ckvvalvk7hbvzajtxwby
Privacy-Preserving Group Discovery with Linear Complexity
[chapter]
2010
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL.
The file type is application/pdf.
Finding efficient solutions for this group discovery problem has been considered an open research problem, inherent to the practical deployment of these protocols. ...
Our generic solution is based on a new primitive -Index-Hiding Message Encoding (IHME), for which we provide definitions and an unconditionally secure construction. ...
Conclusion We discussed several solutions to the open problem of efficient group discovery in AH-AKE protocols. ...
doi:10.1007/978-3-642-13708-2_25
fatcat:phvmjuppfrg4dcy6tgem3pgpq4
Concurrently-secure credential ownership proofs
2007
Proceedings of the 2nd ACM symposium on Information, computer and communications security - ASIACCS '07
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We give two generic constructions of credential ownership proofs based on identity-based encryption and identity-based identification schemes. ...
Finally, we show that the GQ identification protocol yields an efficient credential ownership proof for credentials signed by the RSA-FDH signature scheme of Bellare and Rogaway and prove the protocol ...
Corollary 2 In the random oracle model, RSA-COP is cop-imp-ca-secure if one-more RSA inversion problem is hard for moduli generated by Gen RSA and the challenge space . ...
doi:10.1145/1229285.1229309
dblp:conf/ccs/ShahandashtiSB07
fatcat:j42ymtjprzaebdbyzyb7sh3xfi
Robust and Efficient Sharing of RSA Functions
[chapter]
1996
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Solutions for the case of the RSA signature scheme are especially important because of its widespread use. ...
a valid RSA signature on any given message, but no subset of fewer than T corrupted players can forge a signature. ...
To alleviate this problem one could have the dealer generate a large set of moduli n l , n2, -. . from which the players collectively choose a random element, say ni. ...
doi:10.1007/3-540-68697-5_13
fatcat:i6enacw4czdq3cbbao3v4bwidm
« Previous
Showing results 1 — 15 out of 110 results