Filters








155 Hits in 4.4 sec

Non-Malleable Encryption: Simpler, Shorter, Stronger [chapter]

Sandro Coretti, Yevgeniy Dodis, Björn Tackmann, Daniele Venturi
2015 Lecture Notes in Computer Science  
In a seminal paper, Dolev et al. [15] introduced the notion of non-malleable encryption (NM-CPA).  ...  Hence, to overcome such "malleability" problems, stronger forms of security are required.  ...  Non-malleability (NM-CPA).  ... 
doi:10.1007/978-3-662-49096-9_13 fatcat:pteqfo5nbvdclkubuojhaj5o5q

Inception Makes Non-malleable Codes Stronger [chapter]

Divesh Aggarwal, Tomasz Kazana, Maciej Obremski
2017 Lecture Notes in Computer Science  
Our result is obtained by a series of black-box reductions starting from the non-malleable codes from [ADL14].  ...  A large body of the recent work has focused on various constructions of non-malleable codes in the split-state model.  ...  For the purpose of conveniently defining continuous non-malleable codes, an even stronger notion called super-strong non-malleable codes has been considered in the literature [FMNV14, JW15].  ... 
doi:10.1007/978-3-319-70503-3_10 fatcat:fpj5iwlwpzd6dmocwfenfh5a7y

A New Family of Practical Non-Malleable Diffie-Hellman Protocols [article]

Andrew C. Yao, Yunlei Zhao
2011 arXiv   pre-print
Finally, it is direct that strong non-malleable independence is stronger than general non-malleable independence.  ...  Outside Non-Malleability.  ...  an efficient solver C for GDH problem also with non-negligible probability.  ... 
arXiv:1105.1071v5 fatcat:wldounfymvekdlwdvlhmymne3y

Characterization of the Relations between Information-Theoretic Non-malleability, Secrecy, and Authenticity [chapter]

Akinori Kawachi, Christopher Portmann, Keisuke Tanaka
2011 Lecture Notes in Computer Science  
Roughly speaking, an encryption scheme is said to be non-malleable, if no adversary can modify a ciphertext so that the resulting message is meaningfully related to the original message.  ...  We define approximate non-malleability by relaxing the security conditions and only requiring non-malleability to hold with high probability (over the choice of secret key), and show that any authentication  ...  This forces any non-malleable scheme to use the first method outlined above, which is stronger than secrecy.  ... 
doi:10.1007/978-3-642-20728-0_2 fatcat:t5rcxtzugza4rifciu7oqfttpm

New and improved constructions of non-malleable cryptographic protocols

Rafael Pass, Alon Rosen
2005 Proceedings of the thirty-seventh annual ACM symposium on Theory of computing - STOC '05  
This gives rise to a modular construction of non-malleable commitments and results in a somewhat simpler analysis.  ...  We present a new constant round protocol for non-malleable zero-knowledge. Using this protocol as a subroutine, we obtain a new constant-round protocol for non-malleable commitments.  ...  A formal proof proceeds along the lines of the proof of non-malleability (but is simpler.)  ... 
doi:10.1145/1060590.1060670 dblp:conf/stoc/PassR05 fatcat:xh6fxpf4irbr3angb7z7f5wupe

Non-malleable Codes for Bounded Depth, Bounded Fan-In Circuits [chapter]

Marshall Ball, Dana Dachman-Soled, Mukul Kulkarni, Tal Malkin
2016 Lecture Notes in Computer Science  
message, thus immediately breaking non-malleability.  ...  [ADKO15] prove that in this case a non-malleable code 1. Set count 1 = 0, count 2 = 0.  ...  For example, [CKM11] , in the context of designing UC secure protocols via tamperable hardware tokens, consider a variant of non-malleable codes which has deterministic encryption and decryption.  ... 
doi:10.1007/978-3-662-49896-5_31 fatcat:kglagswfbna3hdgguxnv5jbjoq

Non-malleable Condensers for Arbitrary Min-entropy, and Almost Optimal Protocols for Privacy Amplification [chapter]

Xin Li
2015 Lecture Notes in Computer Science  
This is the notion of a non-malleable condenser introduced in [Li12a].  ...  While a non-malleable extractor requires the output to be close to uniform, a non-malleable condenser only requires the output to have enough min-entropy. Definition 1.4.  ...  To better illustrate the key idea, we also give a slightly simpler 2-round protocol with optimal entropy loss, without using the non-malleable condenser.  ... 
doi:10.1007/978-3-662-46494-6_21 fatcat:dlhjn6ihurbdvjut34kr4j5abe

Linear-Time Non-Malleable Codes in the Bit-Wise Independent Tampering Model [chapter]

Ronald Cramer, Ivan Damgård, Nico Döttling, Irene Giacomelli, Chaoping Xing
2017 Lecture Notes in Computer Science  
It is known that non-malleability is possible only for restricted classes of tampering functions.  ...  The second construction is inspired by the recent works about non-malleable codes of Agrawal et al.  ...  Since 2010, a line of works has established increasingly stronger results concerning the feasibility of non-malleable codes against different families of tampering functions.  ... 
doi:10.1007/978-3-319-72089-0_1 fatcat:can3cd3rdnhy5kyvsqtdqotn5m

Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation [chapter]

Jonathan Katz, Moti Yung
2001 Lecture Notes in Computer Science  
Secondly, though the importance of secure encryption of single blocks is well known, the security of modes of encryption (used to encrypt multiple blocks) is often ignored.  ...  We find certain neglected issues in the study of private-key encryption schemes.  ...  Note that this differs from a non-malleability attack; in the case of non-malleability, the adversary does not know the plaintext corresponding to the "challenge" ciphertext.  ... 
doi:10.1007/3-540-44706-7_20 fatcat:g7ckubszore6xevz5sudwxsqia

Message Franking via Committing Authenticated Encryption [chapter]

Paul Grubbs, Jiahui Lu, Thomas Ristenpart
2017 Lecture Notes in Computer Science  
We initiate the study of message franking, recently introduced in Facebook's end-to-end encrypted message system.  ...  An implication of our results is the first proofs that several in-use symmetric encryption schemes are committing in the traditional sense.  ...  Acknowledgments The authors would like to thank the anonymous reviewers of Crypto 2017 for their thoughtful comments, as well as Mihir Bellare for discussions about robust encryption and its relation to  ... 
doi:10.1007/978-3-319-63697-9_3 fatcat:mtorkdiehnekbpkufevqthpmou

Reducing Metadata Leakage from Encrypted Files and Communication with PURBs [article]

Kirill Nikitin, Ludovic Barman, Wouter Lueks, Matthew Underwood, Jean-Pierre Hubaux, Bryan Ford
2019 arXiv   pre-print
Most encrypted data formats leak metadata via their plaintext headers, such as format version, encryption schemes used, number of recipients who can decrypt the data, and even the recipients' identities  ...  the precise encryption software version and configuration the sender used.  ...  Non-malleability By default, our encoding scheme does not ensure nonmalleability.  ... 
arXiv:1806.03160v4 fatcat:aesd5teyjrb2rbcoi4vnuui4ae

Concurrent Non-Malleable Commitments

R. Pass, A. Rosen
46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05)  
We present a non-malleable commitment scheme that retains its security properties even when concurrently executed a polynomial number of times.  ...  encryption).  ...  Our definitions of non-malleability are somewhat stronger that the ones proposed by DDN [12] .  ... 
doi:10.1109/sfcs.2005.27 dblp:conf/focs/PassR05 fatcat:j6vkocjjzjfgng3usehto3uikq

mpENC Multi-Party Encrypted Messaging Protocol design document [article]

Ximin Luo, Guy Kloss
2016 arXiv   pre-print
Message encryption For now, message encryption is very simple.  ...  The cipher we choose is malleable, to give better deniability when we publish ephemeral signature keys, similar to OTR [OTR-spec]. • MESSAGE_PAYLOAD -Ciphertext payload.  ... 
arXiv:1606.04598v1 fatcat:yygtbqrhffbzdnborlrr4kmine

Optimal Asymmetric Encryption and Signature Paddings [chapter]

Benoît Chevallier-Mames, Duong Hieu Phan, David Pointcheval
2005 Lecture Notes in Computer Science  
As a consequence, such a padding has to introduce both randomness and redundancy, which does not lead to an optimal encryption nor an optimal signature.  ...  A few years ago, Coron et al. suggested the design of a common construction, a universal padding, which one could apply for both encryption and signature.  ...  Non-malleability [26] says the adversary wins if it manages to forge a new signature.  ... 
doi:10.1007/11496137_18 fatcat:aztecsm5qbczhg7d6dld6sjr2y

A tapestry of identity-based encryption: practical frameworks compared

Xavier Boyen
2008 International Journal of Applied Cryptography  
This paper surveys the practical benefits and drawbacks of several identitybased encryption schemes based on bilinear pairings.  ...  He has published extensively in the top cryptology conferences on a range of topics including signatures, encryption, foundations, and human-oriented cryptography.  ...  We require the availability of three cryptographic hash functions viewed as random oracles: 3. a function H 3 : G t × {0, 1} × G × G → Z p to make the ciphertext non-malleable.  ... 
doi:10.1504/ijact.2008.017047 fatcat:2kxynfqh2jd25jvvnyb3wgqtry
« Previous Showing results 1 — 15 out of 155 results