110 Hits in 5.0 sec

Ensuring high-quality randomness in cryptographic key generation

Henry Corrigan-Gibbs, Wendy Mu, Dan Boneh, Bryan Ford
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Yet, recent experimental work demonstrates that tens of thousands of devices on the Internet use RSA and DSA secrets drawn from a small pool of candidate values.  ...  The security of any cryptosystem relies on the secrecy of the system's secret keys.  ...  Acknowledgements We gratefully acknowledge Justin Holmgren for pointing out an error in the DSA security proof of the proceedings version of this paper.  ... 
doi:10.1145/2508859.2516680 dblp:conf/ccs/Corrigan-GibbsMBF13 fatcat:2g53rp35hbelhkw4jamjnvykpe

Ensuring High-Quality Randomness in Cryptographic Key Generation [article]

Henry Corrigan-Gibbs and Wendy Mu and Dan Boneh and Bryan Ford
2014 arXiv   pre-print
Yet, recent experimental work demonstrates that tens of thousands of devices on the Internet use RSA and DSA secrets drawn from a small pool of candidate values.  ...  The security of any cryptosystem relies on the secrecy of the system's secret keys.  ...  Acknowledgements We gratefully acknowledge Justin Holmgren for pointing out an error in the DSA security proof of the proceedings version of this paper. We thank David Wolinsky, Ewa Syta  ... 
arXiv:1309.7366v2 fatcat:akkas26u2jczzl7f3bpvmuq7ee

Linkable message tagging: solving the key distribution problem of signature schemes

Felix Günther, Bertram Poettering
2016 International Journal of Information Security  
Digital signatures are one of the most extensively used cryptographic primitives today.  ...  The appealing consequence is that our primitive fully avoids public keys and hence elegantly sidesteps the key distribution problem of signature schemes.  ...  Acknowledgments The authors thank all anonymous reviewers for their valuable comments. Both authors were sup-  ... 
doi:10.1007/s10207-016-0327-z fatcat:bzakmftetratdoha5ohvfvkt64

Validating Orchestration of Web Services with BPEL and Aggregate Signatures

Carlo Blundo, Emiliano De Cristofaro, Clemente Galdi, Giuseppe Persiano
2008 2008 Sixth European Conference on Web Services  
We further give a generalization of our basic scheme that can be used to validate generic workflows.  ...  In this paper, we address a recent cryptographic tool, aggregate signatures, to validate the orchestration by requiring all partners to sign the result of their computation.  ...  However, the actual size of the header in the plain-RSA solution is much bigger than the one in the SAS case.  ... 
doi:10.1109/ecows.2008.9 dblp:conf/ecows/BlundoCGP08 fatcat:yffghgjzxngd3o7pmanlfxcynu

Offline Submission with RSA Time-Lock Puzzles

Yves Igor Jerschow, Martin Mauve
2010 2010 10th IEEE International Conference on Computer and Information Technology  
We introduce a non-interactive RSA time-lock puzzle scheme whose level of difficulty can be arbitrarily chosen by artificially enlarging the public exponent.  ...  We have implemented a platform-independent tool performing all parts of our offline submission protocol: puzzle benchmark, issuing a time-lock RSA certificate, solving a puzzle and finally verifying the  ...  Other Applications for RSA Time-Lock Puzzles Generally speaking, the solution of an RSA time-lock puzzle constitutes a non-interactive and non-parallelizable proof of work for an arbitrarily chosen context  ... 
doi:10.1109/cit.2010.193 dblp:conf/IEEEcit/JerschowM10 fatcat:okahxj7wcfhvrixfyrov6go4be

An integrated approach to cryptographic mitigation of denial-of-service attacks

Jothi Rangasamy, Douglas Stebila, Colin Boyd, Juan González Nieto
2011 Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11  
Our hash-based client puzzle provides finer granularity of difficulty and is proven secure in the puzzle difficulty model of Chen et al. (2009).  ...  our integration of client puzzles with client authentication imposes no performance penalty on the server since puzzle verification is a part of signature verification.  ...  The authors would like to thank the ASIACCS anonymous referees for their reviews.  ... 
doi:10.1145/1966913.1966929 dblp:conf/ccs/RangasamySBN11 fatcat:gjrjlscaencfpm3tmpzvqpv5fa

Signcryption and its applications in efficient public key solutions [chapter]

Yuliang Zheng
1998 Lecture Notes in Computer Science  
applications of signcryption in the search of efficient security solutions based on public key cryptography.  ...  Signcryption is a new paradigm in public key cryptography that simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly  ...  Acknowledgment Part of this work was completed while I was on sabbatical leave at the University of Tokyo. I would like to take this opportunity to thank Professor Hideki Imai for his hospitality.  ... 
doi:10.1007/bfb0030430 fatcat:xxst3lvvdvdblmatr6nt2wdh5m

Fine-grained control of security capabilities

Dan Boneh, Xuhua Ding, Gene Tsudik
2004 ACM Transactions on Internet Technology  
The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a number of practical advantages over current revocation techniques.  ...  We present a new approach for fine-grained control over users' security privileges (fast revocation of credentials) centered around the concept of an on-line semi-trusted mediator (SEM).  ...  Therefore, we believe the SEM architecture is appropriate for small-to medium-sized organizations where tight control of security capabilities is desired.  ... 
doi:10.1145/967030.967033 fatcat:ehafcnzkgjal7fql7b4cm2f2iu

Group Secret Handshakes Or Affiliation-Hiding Authenticated Group Key Agreement [chapter]

Stanisław Jarecki, Jihye Kim, Gene Tsudik
2006 Lecture Notes in Computer Science  
Finally, our protocols, unlike prior results, retain their security and privacy properties without the use of one-time certificates.  ...  However, this AH-AGKA protocol is secure only with the use of one-time certificates. 1 Also, the model of security for AH-AGKA protocols considered in [12] is restricted to a single instance of an AH-AGKA  ...  Assuming that the RSA problem is ( , t )-hard on random safe RSA moduli of length 2κ , the above tuple of algorithms (Setup, KGen, Add, Revoke, Handshake) is an ( , t, q s , q H , l, m) -secure AH-AGKE  ... 
doi:10.1007/11967668_19 fatcat:xuuxd3zehjh3nne6iurwr47nge

Some Like It Private: Sharing Confidential Information Based on Oblivious Authorization

Emiliano De Cristofaro, Jihye Kim
2010 IEEE Security and Privacy  
Consider the following: the University of Springfield is confronted with an FBI investigation concerning one Privacy-Preserving Policy-Based Information Transfer (PPIT) lets entities that lack mutual trust  ...  The authors discuss the security of two efficient PPIT constructs, then propose an innovative construct that allows entities to efficiently verify the equality of their information.  ...  RSA-PPIT is immune to this problem because it includes ephemeral values bound to only one interaction.  ... 
doi:10.1109/msp.2010.91 fatcat:o5znjnis2bcc3kwgnsiojdswli

Invisibility and Anonymity of Undeniable and Confirmer Signatures [chapter]

Steven D. Galbraith, Wenbo Mao
2003 Lecture Notes in Computer Science  
Gennaro, Krawczyk and Rabin (GKR) developed an RSA-based scheme which is much more efficient than the schemes of Camenisch and Michels, but it does not have invisibility.  ...  We give an RSA-based scheme which is as efficient as the GKR scheme, and which has invisibility.  ...  The authors particularly thank an anonymous referee for pointing out a weakness in an earlier version of the paper.  ... 
doi:10.1007/3-540-36563-x_6 fatcat:c7omrocvxbfl5htjot2skydmwy

Privacy-Preserving Policy-Based Information Transfer [chapter]

Emiliano De Cristofaro, Stanislaw Jarecki, Jihye Kim, Gene Tsudik
2009 Lecture Notes in Computer Science  
We construct three PPIT schemes based, respectively, on: RSA, Schnorr and IBE techniques.  ...  We then investigate various performance improvements and demonstrate the practicality of proposed PPIT schemes.  ...  Recall that this scheme is based on RSA-OSBE from [14] . However, in the first step of the transfer, C picks µ = σ 2 · g r instead of σ · h r .  ... 
doi:10.1007/978-3-642-03168-7_10 fatcat:cjobj3ckvvalvk7hbvzajtxwby

Privacy-Preserving Group Discovery with Linear Complexity [chapter]

Mark Manulis, Benny Pinkas, Bertram Poettering
2010 Lecture Notes in Computer Science  
Finding efficient solutions for this group discovery problem has been considered an open research problem, inherent to the practical deployment of these protocols.  ...  Our generic solution is based on a new primitive -Index-Hiding Message Encoding (IHME), for which we provide definitions and an unconditionally secure construction.  ...  Conclusion We discussed several solutions to the open problem of efficient group discovery in AH-AKE protocols.  ... 
doi:10.1007/978-3-642-13708-2_25 fatcat:phvmjuppfrg4dcy6tgem3pgpq4

Concurrently-secure credential ownership proofs

Siamak Shahandashti, Reihaneh Safavi-Naini, Joonsang Baek
2007 Proceedings of the 2nd ACM symposium on Information, computer and communications security - ASIACCS '07  
We give two generic constructions of credential ownership proofs based on identity-based encryption and identity-based identification schemes.  ...  Finally, we show that the GQ identification protocol yields an efficient credential ownership proof for credentials signed by the RSA-FDH signature scheme of Bellare and Rogaway and prove the protocol  ...  Corollary 2 In the random oracle model, RSA-COP is cop-imp-ca-secure if one-more RSA inversion problem is hard for moduli generated by Gen RSA and the challenge space .  ... 
doi:10.1145/1229285.1229309 dblp:conf/ccs/ShahandashtiSB07 fatcat:j42ymtjprzaebdbyzyb7sh3xfi

Robust and Efficient Sharing of RSA Functions [chapter]

Rosario Gennaro, Stanisław Jarecki, Hugo Krawczyk, Tal Rabin
1996 Lecture Notes in Computer Science  
Solutions for the case of the RSA signature scheme are especially important because of its widespread use.  ...  a valid RSA signature on any given message, but no subset of fewer than T corrupted players can forge a signature.  ...  To alleviate this problem one could have the dealer generate a large set of moduli n l , n2, -. . from which the players collectively choose a random element, say ni.  ... 
doi:10.1007/3-540-68697-5_13 fatcat:i6enacw4czdq3cbbao3v4bwidm
« Previous Showing results 1 — 15 out of 110 results