Filters








576 Hits in 3.8 sec

Practical Yet Composably Secure Cryptographic Protocols (Dagstuhl Seminar 19042)

Jan Camenisch, Ralf Küsters, Anna Lysyanskaya, Alessandra Scafuro, Michael Wagner
2019 Dagstuhl Reports  
This report documents the program and the outcomes of Dagstuhl Seminar 19042 "Practical Yet Composably Secure Cryptographic Protocols".  ...  security protocols in such a model; (3) how to prove security of protocols in such a model.  ...  Marc Fischlin on composition of key agreement; Markulf Kohlweiss on structuring game-based proofs; Ran Cohen on probabilistic termination in cryptographic protocols; Antigoni Polychandrou presented two-round  ... 
doi:10.4230/dagrep.9.1.88 dblp:journals/dagstuhl-reports/CamenischKLS19 fatcat:j2dfgtcoxnbvtgpu7mtxdehequ

Probabilistic Termination and Composability of Cryptographic Protocols

Ran Cohen, Sandro Coretti, Juan Garay, Vassilis Zikas
2018 Journal of Cryptology  
In this work, we put forth the first simulation-based treatment of multi-party cryptographic protocols with probabilistic termination.  ...  We define secure multi-party computation (MPC) with probabilistic termination in the UC framework and prove a universal composition theorem for probabilistic-termination protocols.  ...  A On Parallel (In)Composability of Protocols with Probabilistic Termination Ben-Or and El-Yaniv [5] observed that when executing randomized protocols with probabilistic termination in parallel, then,  ... 
doi:10.1007/s00145-018-9279-y fatcat:wojkptxvfjcehpz7ymjzppyozm

Probabilistic Termination and Composability of Cryptographic Protocols [chapter]

Ran Cohen, Sandro Coretti, Juan Garay, Vassilis Zikas
2016 Lecture Notes in Computer Science  
In this work, we put forth the first simulation-based treatment of multi-party cryptographic protocols with probabilistic termination.  ...  We define secure multi-party computation (MPC) with probabilistic termination in the UC framework and prove a universal composition theorem for probabilistic-termination protocols.  ...  termination in parallel, then, in general, the expected running time of the composed protocol (i.e., the rounds its takes for all protocols to give output to all parties) is not preserved.  ... 
doi:10.1007/978-3-662-53015-3_9 fatcat:mxwa72ilzbhnxapui2mmbyamjq

Simultaneous Resettability from One-Way Functions

Kai-Min Chung, Rafail Ostrovsky, Rafael Pass, Ivan Visconti
2013 2013 IEEE 54th Annual Symposium on Foundations of Computer Science  
Resettable-security, introduced by Canetti, Goldreich, Goldwasser and Micali (STOC'00), considers the security of cryptographic two-party protocols (in particular zero-knowledge arguments) in a setting  ...  To date, all known constructions of protocols satisfying simultaneous resettable security rely on the existence of ZAPs; constructions of ZAPs are only known based on the existence of trapdoor permutations  ...  of Defense, the Defense Advanced Research Projects Agency or the U.S.  ... 
doi:10.1109/focs.2013.15 dblp:conf/focs/ChungOPV13 fatcat:47hibd5hzncntacjrxkrgz2wly

Analysing Randomized Distributed Algorithms [chapter]

Gethin Norman
2004 Lecture Notes in Computer Science  
To prove a randomized distributed algorithm correct one usually involves two levels: classical, assertion-based reasoning, and a probabilistic analysis based on a suitable probability space on computations  ...  In this paper we describe a number of approaches which allows us to verify the correctness of randomized distributed algorithms.  ...  To allow the construction of complex probabilistic systems it is straightforward to extend the definition of parallel composition in standard labelled transition systems to this probabilistic setting.  ... 
doi:10.1007/978-3-540-24611-4_11 fatcat:beepcl2jabdglhtgijk7frncvm

Foundations of Cryptography – A Primer

Oded Goldreich
2005 Foundations and Trends® in Theoretical Computer Science  
Acknowledgments 115 116 General Cryptographic Protocols I wish to thank Minh-Huyen Nguyen for carefully reading this manuscript and pointing out various difficulties and errors.  ...  Yet, some zero-knowledge proofs (for NP) preserve their security when many copies are executed in parallel. Furthermore, some of these protocol use a constant number of rounds (cf. (66) ).  ...  The protocol in Figure 4 .2 calls for invoking some constant-round protocol for a non-constant number of times (and its analysis relies on the preservation of zero-knowledge under sequential composition  ... 
doi:10.1561/0400000001 fatcat:qaczeoomwvh7bhu4wquga6eipi

Cryptographically Sound Implementations for Communicating Processes [chapter]

Pedro Adão, Cédric Fournet
2006 Lecture Notes in Computer Science  
For example, Lincoln, Mitchell, Mitchell, and Scedrov [18] introduce a probabilistic process algebra for analyzing security protocols, such that parallel contexts coincide with probabilistic polynomial-time  ...  To this end, we develop a cryptographic implementation that preserves all properties for all safe programs.  ...  Parallel composition represents processes that run in parallel, with the inert process 0 as unit.  ... 
doi:10.1007/11787006_8 fatcat:cztwkb7tsjg5xmu5owj23cpjaa

Efficient anonymity-preserving data collection

Justin Brickell, Vitaly Shmatikov
2006 Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '06  
To achieve collusion resistance, previously proposed protocols for anonymity-preserving data collection have quadratically many communication rounds in the number of respondents, and employ (sometimes  ...  Protocols for anonymity-preserving data collection provide this assurance, in the absence of trusted parties, by allowing a set of mutually distrustful respondents to anonymously contribute data to an  ...  It is not clear whether the proofs of [13, 15] can be carried out in parallel (in general, zero-knowledge proofs do not preserve their properties under concurrent composition), and executing them sequentially  ... 
doi:10.1145/1150402.1150415 dblp:conf/kdd/BrickellS06 fatcat:4ialv7oauvbwvbbd5a6nfxm35e

On Concurrent and Resettable Zero-Knowledge Proofs for NP [article]

Joe Kilian and Erez Petrank and Ransom Richardson
2001 arXiv   pre-print
This protocol requires k^θ(1) rounds. We note that their technique also applies to our current proof system, yielding a resettable zero-knowledge proof for NP with Õ(^2 k) rounds.  ...  It is known that zero-knowledge is not necessarily preserved in such an environment.  ...  is preserved in an asynchronous composition.  ... 
arXiv:cs/0107004v1 fatcat:sx4w7e76mzarfagqkvqipt3ik4

Semantic Analysis of Gossip Protocols for Wireless Sensor Networks [chapter]

Ruggero Lanotte, Massimo Merro
2011 Lecture Notes in Computer Science  
In this paper, we propose a compositional analysis technique to study formal probabilistic models of gossip protocols in the context of wireless sensor networks.  ...  A simulation theory is developed to compare probabilistic protocols that have similar behaviour up to a certain probability.  ...  Structural congruence over pTCWS, written ≡, is defined as the smallest equivalence relation, preserved by parallel composition, which is a commutative monoid with respect to parallel composition and for  ... 
doi:10.1007/978-3-642-23217-6_11 fatcat:6xaccv24f5adbe4b6j5ilngwyi

Concurrent Zero-Knowledge with Timing, Revisited [chapter]

Oded Goldreich
2006 Lecture Notes in Computer Science  
We show that the constant-round zero-knowledge proof for NP of Goldreich and Kahan (Jour. of Crypto., 1996) preserves its security when polynomially-many independent copies are executed concurrently under  ...  Our analysis identi es two extreme schedulings of concurrent executions under the above timing model: the rst is the case of parallel execution of polynomially-many copies, and the second is of concurrent  ...  We also wish to thank Ra Ostrovsky for pointing out that that our techniques can be applied to the protocols in 5, 6], Boaz Barak and Daniele Micciancio for interesting discussions regarding the use of  ... 
doi:10.1007/11685654_2 fatcat:pn6mbczgpbatboaulfhx6k6eha

Provably authenticated group Diffie-Hellman key exchange

Emmanuel Bresson, Olivier Chevassut, David Pointcheval, Jean-Jacques Quisquater
2001 Proceedings of the 8th ACM conference on Computer and Communications Security - CCS '01  
Group Diffie-Hellman protocols for Authenticated Key Exchange (AKE) are designed to provide a pool of players with a shared secret key which may later be used, for example, to achieve multicast message  ...  However, no formal treatment for this cryptographic problem has ever been suggested.  ...  Acknowledgements The authors thank Deborah Agarwal for many insightful comments on an early draft of this paper and the anonymous referees for their many useful comments.  ... 
doi:10.1145/501983.502018 dblp:conf/ccs/BressonCPQ01 fatcat:b6sa6dnomnbibkjrkwpny6wkxq

Provably authenticated group Diffie-Hellman key exchange

Emmanuel Bresson, Olivier Chevassut, David Pointcheval, Jean-Jacques Quisquater
2001 Proceedings of the 8th ACM conference on Computer and Communications Security - CCS '01  
Group Diffie-Hellman protocols for Authenticated Key Exchange (AKE) are designed to provide a pool of players with a shared secret key which may later be used, for example, to achieve multicast message  ...  However, no formal treatment for this cryptographic problem has ever been suggested.  ...  Acknowledgements The authors thank Deborah Agarwal for many insightful comments on an early draft of this paper and the anonymous referees for their many useful comments.  ... 
doi:10.1145/502014.502018 fatcat:nxjrht6a2bbixlmacproi5d4gy

Privacy-Aware Processing of Biometric Templates by Means of Secure Two-Party Computation [chapter]

Riccardo Lazzeretti, Pierluigi Failla, Mauro Barni
2013 Security and Privacy in Biometrics  
The basic concepts behind STPC are reviewed together with the basic cryptographic primitives needed to achieve privacyaware processing of biometric data in a STPC context.  ...  The two main approaches proposed so far, namely homomorphic encryption and garbled circuits are discussed and the way such techniques can be used to develop a full biometric matching protocol described  ...  By considering these instantiations, a parallel OT of n secrets each t-bit long requires 2 rounds where 2nt bits are transmitted.  ... 
doi:10.1007/978-1-4471-5230-9_7 fatcat:uivjbqnp3bdmbcxwt2jss5dasi

Task-structured probabilistic I/O automata

Ran Canetti, Ling Cheung, Dilsun Kaynar, Moses Liskov, Nancy Lynch, Olivier Pereira, Roberto Segala
2018 Journal of computer and system sciences (Print)  
However, such schedulers are too powerful for certain settings, such as cryptographic protocol analysis, where information must sometimes be hidden.  ...  The resulting task-PIOA framework yields simple notions of external behavior and implementation, and supports simple compositionality results.  ...  , Birgit Pfitzmann, and Andre Scedrov for technical discussions that helped us in clarifying our ideas and their connections to other work in analysis of cryptographic protocols.  ... 
doi:10.1016/j.jcss.2017.09.007 fatcat:45hz27ezovbhpaez4e5hkfc4zm
« Previous Showing results 1 — 15 out of 576 results