Lecture Notes in Computer Science for Information About Vols

Total Page:16

File Type:pdf, Size:1020Kb

Lecture Notes in Computer Science for Information About Vols References ABA95 American Bar Association: Digital Signature Guidelines; Information Security Commit- tee, Science and Technology Section, American Bar Association, Draft, Oct. 5, 1995. ABEP90 Mireille Antonie, Jean-Francois Brakeland, Marc Eloy, Yves Poullet: Legal require- ments facing new signature technologies; Eurocrypt '89,. LNCS 434, Springer-Verlag, Berlin 1990, 273-287. AbTu91 Martin Abadi, Mark R. Tuttle: A Semantics for a Logic of Authentication; 10th Symposium on Principles of Distributed Computing (PoDC), 1991, ACM, New York 1991, 201-216. AdHu87 Leonard M. Adleman, Mind-Deh A. Huang: Recognizing Primes In Random Polyno- mial Time; 19th Symposium on Theory of Computing (STOC) 1987, ACM, New York 1987, 462-469. AdPR83 Leonard M. Adleman, Carl Pomerance, R. S. Rumely: On distinguishing prime numbers from composite numbers; Annals of Mathematic 117 (1983) 173-206. AGLL95 Derek Atkins, Michael Graft, Arjen K. Lenstra, Paul C. Leyland: The Magic Words are Squeamish Ossifrage; Asiacrypt '94, LNCS 917, Springer-Verlag, Berlin 1995, 263-277. Ak182 Selim G. Akl: Digital Signature with Blindfolded Arbitrators who cannot form Alliances; 1982 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 129-135. Ande94 Ross J. Anderson: Why Cryptosystems Fail; Communications of the ACM 37/11 (1994) 32-40. AnLe81 Tom Anderson, Pete A. Lee: Fault Tolerance -- Principles and Practice; Prentice Hall, Englewood Cliffs, New Jersey, 1981. ABma89 Ralf ABmann: Assembler-Implementierung von modularer Langzahlarithmetik; Studien- arbeit, Institut ftir Rechnerentwurf und Fehlertoleranz, Universi~t Karlsruhe 1989. Bach88 Eric Bach: How to generate factored random numbers; SIAM Journal on Computing 17/2 (1988) 179-193. BaDG88 Jos6 Luis Balc~izar, Josep Diaz, Joaquim Gabarr6: Structural Complexity I; EATCS Monographs on Theoretical Computer Science 11, Springer-Verlag, Berlin 1988. Bale93 D. Balenson: Privacy Enhancement for Internet Electronic Mail, Part III: Algorithms, Modes, and Identifiers; Internet RFC 1423, TIS, Feb. 1993. BCDP91 Joan Boyar, David Chaum, Ivan Damg~rd, Torben Pedersen: Convertible Undeniable Signatures; Crypto '90, LNCS 537, Springer-Verlag, Berlin 1991, 189-205. BDPW90 Mike V. D. Burmester, Yvo Desmedt, Fred Piper, Michael Walker: A general zero- knowledge scheme; Eurocrypt '89, LNCS 434, Springer-Verlag, Berlin 1990, 122-133. Beav90 Donald Beaver: Security, Fault Tolerance, and Communication Complexity in Distributed Systems; Ph.D. Thesis, Division of Applied Sciences, Harvard University, Cambridge, Massachusetts, May 1990. Beav91 Donald Beaver: Secure Multiparty Protocols and Zero Knowledge Proof Systems Tolerating a Faulty Minority; Journal of Cryptology 4/2 (1991) 75-122. Beav95 Donald Beaver: Factoring: The DNA Solution; Asiacrypt '94, LNCS 917, Springer- Verlag, Berlin 1995, 419-423. BeGG94 Mihir Bellare, Oded Goldreich, Shaft Goldwasser: Incremental cryptography: the case of hashing and signing; Crypto '94, LNCS 839, Springer-Verlag, Berlin 1994, 216-233. BeGG95 Mihir Bellare, Oded Goldreich, Shaft Goldwasser: Incremental Cryptography and Appli- cation to Virus Protection; 27th Symposium on Theory of Computing (STOC) 1995, ACM, New York 1995, 45-56. BeGo90 Mihir Bellare, Shaft Goldwasser: New Paradigms for Digital Signatures and Message Authentication Based on Non-interactive Zero-knowledge Proofs; Crypto '89, LNCS 435, Springer-Verlag, Heidelberg 1990, 194-211. 372 References BeGo93 Mihir Bellare, Oded Goldreich: On Defining Proofs of Knowledge; Crypto '92, LNCS 740, Springer-Verlag, Berlin 1993, 390-420. BeGW88 Michael Ben-Or, Shaft Goldwasser, Avi Wigderson: Completeness theorems for non-cryptographic fault-tolerant distributed computation; 20th Symposium on Theory of Computing (STOC) 1988, ACM, New York 1988, 1-10. BeMa94 Josh Benaloh, Michael de Mare: One-Way Accumulators: A Decentralized Alternative to Digital Signatures; Eurocrypt '93, LNCS 765, Springer-Verlag, Berlin 1994, 274-285. BeMi88 Mihir Bellare, Silvio Micali: How to sign given any trapdoor function; 20th Sympo- sium on Theory of Computing (STOC) 1988, ACM, New York 1988, 32-42. BeMi92 Mihir Bellare, Silvio Micali: How to Sign Given Any Trapdoor Permutation; Journal of the ACM 39/1 (1992) 214-233. Bena87 Josh Cohen Benaloh: Verifiable Secret-Ballot Elections; Ph.D. Thesis, Yale Univer- sity, Sept. 1987. BtQu95 Philippe Btguin, Jean-Jasques Quisquater: Fast Server-Aided RSA Signatures Secure Against Active Attacks; Crypto '95, LNCS 963, Springer-Verlag, Berlin 1995, 57-69. BeRo93 Mihir Bellare, Phillip Rogaway: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols; 1st Conference on Computer and Communications Security, 1993, ACM, New York 1993, 62-73. BeRo94 Mihir Bellare, Phillip Rogaway: Entity Authentication and Key Distribution; Crypto '93, LNCS 773, Springer-Verlag, Berlin 1994, 232-249. BeVa93 Ethan Bernstein, Umesh Vazirani: Quantum Complexity Theory; 25th Symposium on Theory of Computing (STOC) 1993, ACM, New York 1993, 11-20. BeYu93 Mihir Bellare, Moti Yung: Certifying Cryptographic Tools: The Case of Trapdoor Permutations; Crypto '92, LNCS 740, Springer-Verlag, Berlin 1993, 442-460. BGB86 BGB Biirgerliches Gesetzbuch; (29. ed) dtv-Band 5001 (Beck-Texte), Deutscher Taschenbuch Verlag, MiJnchen 1986. BGMW93 Ernest Brickell, Daniel M. Gordon, Kevin S. McCurley, David B. Wilson: Fast expo- nentiation with precomputation; Eurocrypt '92, LNCS 658, Springer-Verlag, Berlin 1993, 200-207. BiBT94 Ingrid Biehl, Johannes Buchmann, Christoph Thiel: Cryptographic protocols based on discrete logarithms in real-quadratic orders; Crypto '94, LNCS 839, Springer-Verlag, Berlin 1994, 56-60. BiSh93 Eli Biham, Adi Shamir: Differential Cryptanalysis of the Data Encryption Standard; Springer-Verlag, New York 1993. Bisk93 Joachim Biskup: Sicherheit von IT-Systemen als "sogar wenn - sonst nichts - Eigenschaft"; Verl~iBliche Informationssysteme (VIS '93), DuD Fachbeitr~ige 16, Vieweg, Wiesbaden 1993, 239-254. BJKS94 Jiirgen Bierbrauer, Thomas Johansson, Gregory Kabatianskii, Ben Smeets: On Families of Hash Functions via Geometric Codes and Concatenation; Crypto '93, LNCS 773, Springer-Verlag, Berlin 1994, 331-342. Blak79 G. R. Blakley: Safeguarding cryptographic keys; AFIPS Conference Proceedings Vol. 48, National Computer Conference (NCC) 1979, 313-317. Bleu90 Gerrit Bleumer: Vertrauenswiirdige Schliissel fiar ein Signatursystem, dessen Brechen beweisbar ist; Studienarbeit, Institut fiir Rechnerentwurf und Fehlertoleranz, Universit~it Karlsruhe 1990. BIFM88 Manuel Blum, Paul Feldman, Silvio Micali: Non-interactive zero-knowledge and its applications; 20th Symposium on Theory of Computing (STOC) 1988, ACM, New York 1988, 103-112. BIMa94 Daniel Bleichenbacher, Ueli M. Maurer: Directed acyclic graphs, one-way functions and digital signatures; Crypto '94, LNCS 839, Springer-Verlag, Berlin 1994, 75-82. BIMi84 Manuel Blum, Silvio Micali: How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits; SIAM Journal on Computing 13/4 (1984) 850-864. References 373 BIPW91 Gerrit Bleumer, Birgit Pfitzmann, Michael Waidner: A remark on a signature scheme where forgery can be proved; Eurocrypt '90, LNCS 473, Springer-Vedag, Berlin 1991, 441-445. Blum82 Manuel Blum: Coin Flipping by Telephone -- A Protocol for Solving Impossible Problems; compcon spring 1982, 133-137. BoCh93 Jurjen Bos, David Chaum: Provably Unforgeable Signatures; Crypto '92, LNCS 740, Springer-Verlag, Berlin 1993, 1-14. BoCo90 Jurjen Bos, Matthijs Coster: Addition chain heuristics; Crypto '89, LNCS 435, Springer-Verlag, Heidelberg 1990, 400-407. BoCP88 Jurjen Bos, David Chaum, George Purdy: A Voting Scheme; unpublished manuscript, presented at the rump session of Crypto '88. BoFL91 Joan Boyar, Katalin Friedl, Carsten Lund: Practical Zero-Knowledge Proofs: Giving Hints and Using Deficiencies; Journal of Cryptology 4/3 (1991) 185-206. BoKK90 Joan F. Boyar, Stuart A. Kurtz, Mark W. Krentel: A Discrete Logarithm Implementa- tion of Perfect Zero-Knowledge Blobs; Journal of Cryptology 2/2 (1990) 63-76. BoLi95 Dan Boneh, Richard J. Lipton: Quantum Cryptanalysis of Hidden Linear Functions; Crypto '95, LNCS 963, Springer-Verlag, Berlin 1995, 424-437. Bos92 Jurjen Bos: Practical Privacy; Proefschrift (Ph.D. Thesis), Technische Universiteit Eindhoven 1992. Boyd86 Colin Boyd: Digital Multisignatures; IMA Conference on Coding and Cryptography, Cirencester 1986, proceedings published 1989. Bran93 Stefan Brands: An Efficient Off-line Electronic Cash System Based On The Represen- tation Problem; Centrum voor Wiskunde en Informatica (CWI), Report CS-R9323, Amsterdam 1993. Bran94 Stefan Brands: Untraceable Off-line Cash in Wallet with Observers; Crypto '93, LNCS 773, Springer-Verlag, Bedin 1994, 302-318. Bran95 Stefan Brands: Restrictive Blinding of Secret-Key Certificates; Eurocrypt '95, LNCS 921, Springer-Verlag, Berlin 1995, 231-247. Bras88 Gilles Brassard: Modern Cryptology -- A Tutorial; LNCS 325, Springer-Verlag, Berlin 1988. Bras90 Gilles Brassard: How to improve signature schemes; Eurocrypt '89, LNCS 434, Springer-Verlag, Berlin 1990, 16-22. BrCC88 Gilles Brassard, David Chaum, Claude Cr6peau: Minimum Disclosure Proofs of Knowledge; Journal of Computer and System Sciences 37 (1988) 156-189. BrCh94 Stefan Brands, David Chaum: Distance-Bounding Protocols; Eurocrypt '93, LNCS 765, Springer-Verlag, Berlin 1994, 344-359. BrCr90 Gilles Brassard, Claude Cr6peau: Sorting out zero-knowledge; Eurocrypt '89, LNCS 434, Springer-Verlag, Berlin 1990, 181-191. BrDL93 JCrgen Brandt,
Recommended publications
  • Mihir Bellare Curriculum Vitae Contents
    Mihir Bellare Curriculum vitae August 2018 Department of Computer Science & Engineering, Mail Code 0404 University of California at San Diego 9500 Gilman Drive, La Jolla, CA 92093-0404, USA. Phone: (858) 534-4544 ; E-mail: [email protected] Web Page: http://cseweb.ucsd.edu/~mihir Contents 1 Research areas 2 2 Education 2 3 Distinctions and Awards 2 4 Impact 3 5 Grants 4 6 Professional Activities 5 7 Industrial relations 5 8 Work Experience 5 9 Teaching 6 10 Publications 6 11 Mentoring 19 12 Personal Information 21 2 1 Research areas ∗ Cryptography and security: Provable security; authentication; key distribution; signatures; encryp- tion; protocols. ∗ Complexity theory: Interactive and probabilistically checkable proofs; approximability ; complexity of zero-knowledge; randomness in protocols and algorithms; computational learning theory. 2 Education ∗ Massachusetts Institute of Technology. Ph.D in Computer Science, September 1991. Thesis title: Randomness in Interactive Proofs. Thesis supervisor: Prof. S. Micali. ∗ Massachusetts Institute of Technology. Masters in Computer Science, September 1988. Thesis title: A Signature Scheme Based on Trapdoor Permutations. Thesis supervisor: Prof. S. Micali. ∗ California Institute of Technology. B.S. with honors, June 1986. Subject: Mathematics. GPA 4.0. Class rank 4 out of 227. Summer Undergraduate Research Fellow 1984 and 1985. ∗ Ecole Active Bilingue, Paris, France. Baccalauréat Série C, June 1981. 3 Distinctions and Awards ∗ PET (Privacy Enhancing Technologies) Award 2015 for publication [154]. ∗ Fellow of the ACM (Association for Computing Machinery), 2014. ∗ ACM Paris Kanellakis Theory and Practice Award 2009. ∗ RSA Conference Award in Mathematics, 2003. ∗ David and Lucille Packard Foundation Fellowship in Science and Engineering, 1996. (Twenty awarded annually in all of Science and Engineering.) ∗ Test of Time Award, ACM CCS 2011, given for [81] as best paper from ten years prior.
    [Show full text]
  • Design and Analysis of Secure Encryption Schemes
    UNIVERSITY OF CALIFORNIA, SAN DIEGO Design and Analysis of Secure Encryption Schemes A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Computer Science by Michel Ferreira Abdalla Committee in charge: Professor Mihir Bellare, Chairperson Professor Yeshaiahu Fainman Professor Adriano Garsia Professor Mohan Paturi Professor Bennet Yee 2001 Copyright Michel Ferreira Abdalla, 2001 All rights reserved. The dissertation of Michel Ferreira Abdalla is approved, and it is acceptable in quality and form for publication on micro¯lm: Chair University of California, San Diego 2001 iii DEDICATION To my father (in memorian) iv TABLE OF CONTENTS Signature Page . iii Dedication . iv Table of Contents . v List of Figures . vii List of Tables . ix Acknowledgements . x Vita and Publications . xii Fields of Study . xiii Abstract . xiv I Introduction . 1 A. Encryption . 1 1. Background . 2 2. Perfect Privacy . 3 3. Modern cryptography . 4 4. Public-key Encryption . 5 5. Broadcast Encryption . 5 6. Provable Security . 6 7. Concrete Security . 7 B. Contributions . 8 II E±cient public-key encryption schemes . 11 A. Introduction . 12 B. De¯nitions . 17 1. Represented groups . 17 2. Message Authentication Codes . 17 3. Symmetric Encryption . 19 4. Asymmetric Encryption . 21 C. The Scheme DHIES . 23 D. Attributes and Advantages of DHIES . 24 1. Encrypting with Di±e-Hellman: The ElGamal Scheme . 25 2. De¯ciencies of ElGamal Encryption . 26 3. Overcoming De¯ciencies in ElGamal Encryption: DHIES . 29 E. Di±e-Hellman Assumptions . 31 F. Security against Chosen-Plaintext Attack . 38 v G. Security against Chosen-Ciphertext Attack . 41 H. ODH and SDH .
    [Show full text]
  • Butler Lampson, Martin Abadi, Michael Burrows, Edward Wobber
    Outline • Chapter 19: Security (cont) • A Method for Obtaining Digital Signatures and Public-Key Cryptosystems Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. Communications of the ACM 21,2 (Feb. 1978) – RSA Algorithm – First practical public key crypto system • Authentication in Distributed Systems: Theory and Practice, Butler Lampson, Martin Abadi, Michael Burrows, Edward Wobber – Butler Lampson (MSR) - He was one of the designers of the SDS 940 time-sharing system, the Alto personal distributed computing system, the Xerox 9700 laser printer, two-phase commit protocols, the Autonet LAN, and several programming languages – Martin Abadi (Bell Labs) – Michael Burrows, Edward Wobber (DEC/Compaq/HP SRC) Oct-21-03 CSE 542: Operating Systems 1 Encryption • Properties of good encryption technique: – Relatively simple for authorized users to encrypt and decrypt data. – Encryption scheme depends not on the secrecy of the algorithm but on a parameter of the algorithm called the encryption key. – Extremely difficult for an intruder to determine the encryption key. Oct-21-03 CSE 542: Operating Systems 2 Strength • Strength of crypto system depends on the strengths of the keys • Computers get faster – keys have to become harder to keep up • If it takes more effort to break a code than is worth, it is okay – Transferring money from my bank to my credit card and Citibank transferring billions of dollars with another bank should not have the same key strength Oct-21-03 CSE 542: Operating Systems 3 Encryption methods • Symmetric cryptography – Sender and receiver know the secret key (apriori ) • Fast encryption, but key exchange should happen outside the system • Asymmetric cryptography – Each person maintains two keys, public and private • M ≡ PrivateKey(PublicKey(M)) • M ≡ PublicKey (PrivateKey(M)) – Public part is available to anyone, private part is only known to the sender – E.g.
    [Show full text]
  • ACM Honors Eminent Researchers for Technical Innovations That Have Improved How We Live and Work 2016 Recipients Made Contribu
    Contact: Jim Ormond 212-626-0505 [email protected] ACM Honors Eminent Researchers for Technical Innovations That Have Improved How We Live and Work 2016 Recipients Made Contributions in Areas Including Big Data Analysis, Computer Vision, and Encryption NEW YORK, NY, May 3, 2017 – ACM, the Association for Computing Machinery (www.acm.org), today announced the recipients of four prestigious technical awards. These leaders were selected by their peers for making significant contributions that have had far-reaching impact on how we live and work. The awards reflect achievements in file sharing, broadcast encryption, information visualization and computer vision. The 2016 recipients will be formally honored at the ACM Awards Banquet on June 24 in San Francisco. The 2016 Award Recipients include: • Mahadev Satyanarayanan, Michael L. Kazar, Robert N. Sidebotham, David A. Nichols, Michael J. West, John H. Howard, Alfred Z. Spector and Sherri M. Nichols, recipients of the ACM Software System Award for developing the Andrew File System (AFS). AFS was the first distributed file system designed for tens of thousands of machines, and pioneered the use of scalable, secure and ubiquitous access to shared file data. To achieve the goal of providing a common shared file system used by large networks of people, AFS introduced novel approaches to caching, security, management and administration. AFS is still in use today as both an open source system and as the file system in commercial applications. It has also inspired several cloud-based storage applications. The 2016 Software System Award recipients designed and built the Andrew File System in the 1980s while working as a team at the Information Technology Center (ITC), a partnership between Carnegie Mellon University and IBM.
    [Show full text]
  • On the Randomness Complexity of Interactive Proofs and Statistical Zero-Knowledge Proofs*
    On the Randomness Complexity of Interactive Proofs and Statistical Zero-Knowledge Proofs* Benny Applebaum† Eyal Golombek* Abstract We study the randomness complexity of interactive proofs and zero-knowledge proofs. In particular, we ask whether it is possible to reduce the randomness complexity, R, of the verifier to be comparable with the number of bits, CV , that the verifier sends during the interaction. We show that such randomness sparsification is possible in several settings. Specifically, unconditional sparsification can be obtained in the non-uniform setting (where the verifier is modelled as a circuit), and in the uniform setting where the parties have access to a (reusable) common-random-string (CRS). We further show that constant-round uniform protocols can be sparsified without a CRS under a plausible worst-case complexity-theoretic assumption that was used previously in the context of derandomization. All the above sparsification results preserve statistical-zero knowledge provided that this property holds against a cheating verifier. We further show that randomness sparsification can be applied to honest-verifier statistical zero-knowledge (HVSZK) proofs at the expense of increasing the communica- tion from the prover by R−F bits, or, in the case of honest-verifier perfect zero-knowledge (HVPZK) by slowing down the simulation by a factor of 2R−F . Here F is a new measure of accessible bit complexity of an HVZK proof system that ranges from 0 to R, where a maximal grade of R is achieved when zero- knowledge holds against a “semi-malicious” verifier that maliciously selects its random tape and then plays honestly.
    [Show full text]
  • LINEAR ALGEBRA METHODS in COMBINATORICS László Babai
    LINEAR ALGEBRA METHODS IN COMBINATORICS L´aszl´oBabai and P´eterFrankl Version 2.1∗ March 2020 ||||| ∗ Slight update of Version 2, 1992. ||||||||||||||||||||||| 1 c L´aszl´oBabai and P´eterFrankl. 1988, 1992, 2020. Preface Due perhaps to a recognition of the wide applicability of their elementary concepts and techniques, both combinatorics and linear algebra have gained increased representation in college mathematics curricula in recent decades. The combinatorial nature of the determinant expansion (and the related difficulty in teaching it) may hint at the plausibility of some link between the two areas. A more profound connection, the use of determinants in combinatorial enumeration goes back at least to the work of Kirchhoff in the middle of the 19th century on counting spanning trees in an electrical network. It is much less known, however, that quite apart from the theory of determinants, the elements of the theory of linear spaces has found striking applications to the theory of families of finite sets. With a mere knowledge of the concept of linear independence, unexpected connections can be made between algebra and combinatorics, thus greatly enhancing the impact of each subject on the student's perception of beauty and sense of coherence in mathematics. If these adjectives seem inflated, the reader is kindly invited to open the first chapter of the book, read the first page to the point where the first result is stated (\No more than 32 clubs can be formed in Oddtown"), and try to prove it before reading on. (The effect would, of course, be magnified if the title of this volume did not give away where to look for clues.) What we have said so far may suggest that the best place to present this material is a mathematics enhancement program for motivated high school students.
    [Show full text]
  • Rivest, Shamir, and Adleman Receive 2002 Turing Award, Volume 50
    Rivest, Shamir, and Adleman Receive 2002 Turing Award Cryptography and Information Se- curity Group. He received a B.A. in mathematics from Yale University and a Ph.D. in computer science from Stanford University. Shamir is the Borman Profes- sor in the Applied Mathematics Department of the Weizmann In- stitute of Science in Israel. He re- Ronald L. Rivest Adi Shamir Leonard M. Adleman ceived a B.S. in mathematics from Tel Aviv University and a Ph.D. in The Association for Computing Machinery (ACM) has computer science from the Weizmann Institute. named RONALD L. RIVEST, ADI SHAMIR, and LEONARD M. Adleman is the Distinguished Henry Salvatori ADLEMAN as winners of the 2002 A. M. Turing Award, Professor of Computer Science and Professor of considered the “Nobel Prize of Computing”, for Molecular Biology at the University of Southern their contributions to public key cryptography. California. He earned a B.S. in mathematics at the The Turing Award carries a $100,000 prize, with University of California, Berkeley, and a Ph.D. in funding provided by Intel Corporation. computer science, also at Berkeley. As researchers at the Massachusetts Institute of The ACM presented the Turing Award on June 7, Technology in 1977, the team developed the RSA 2003, in conjunction with the Federated Computing code, which has become the foundation for an en- Research Conference in San Diego, California. The tire generation of technology security products. It award was named for Alan M. Turing, the British mathematician who articulated the mathematical has also inspired important work in both theoret- foundation and limits of computing and who was a ical computer science and mathematics.
    [Show full text]
  • Compact E-Cash and Simulatable Vrfs Revisited
    Compact E-Cash and Simulatable VRFs Revisited Mira Belenkiy1, Melissa Chase2, Markulf Kohlweiss3, and Anna Lysyanskaya4 1 Microsoft, [email protected] 2 Microsoft Research, [email protected] 3 KU Leuven, ESAT-COSIC / IBBT, [email protected] 4 Brown University, [email protected] Abstract. Efficient non-interactive zero-knowledge proofs are a powerful tool for solving many cryptographic problems. We apply the recent Groth-Sahai (GS) proof system for pairing product equations (Eurocrypt 2008) to two related cryptographic problems: compact e-cash (Eurocrypt 2005) and simulatable verifiable random functions (CRYPTO 2007). We present the first efficient compact e-cash scheme that does not rely on a ran- dom oracle. To this end we construct efficient GS proofs for signature possession, pseudo randomness and set membership. The GS proofs for pseudorandom functions give rise to a much cleaner and substantially faster construction of simulatable verifiable random functions (sVRF) under a weaker number theoretic assumption. We obtain the first efficient fully simulatable sVRF with a polynomial sized output domain (in the security parameter). 1 Introduction Since their invention [BFM88] non-interactive zero-knowledge proofs played an important role in ob- taining feasibility results for many interesting cryptographic primitives [BG90,GO92,Sah99], such as the first chosen ciphertext secure public key encryption scheme [BFM88,RS92,DDN91]. The inefficiency of these constructions often motivated independent practical instantiations that were arguably conceptually less elegant, but much more efficient ([CS98] for chosen ciphertext security). We revisit two important cryptographic results of pairing-based cryptography, compact e-cash [CHL05] and simulatable verifiable random functions [CL07], that have very elegant constructions based on non-interactive zero-knowledge proof systems, but less elegant practical instantiations.
    [Show full text]
  • Anna Lysyanskaya Curriculum Vitae
    Anna Lysyanskaya Curriculum Vitae Computer Science Department, Box 1910 Brown University Providence, RI 02912 (401) 863-7605 email: [email protected] http://www.cs.brown.edu/~anna Research Interests Cryptography, privacy, computer security, theory of computation. Education Massachusetts Institute of Technology Cambridge, MA Ph.D. in Computer Science, September 2002 Advisor: Ronald L. Rivest, Viterbi Professor of EECS Thesis title: \Signature Schemes and Applications to Cryptographic Protocol Design" Massachusetts Institute of Technology Cambridge, MA S.M. in Computer Science, June 1999 Smith College Northampton, MA A.B. magna cum laude, Highest Honors, Phi Beta Kappa, May 1997 Appointments Brown University, Providence, RI Fall 2013 - Present Professor of Computer Science Brown University, Providence, RI Fall 2008 - Spring 2013 Associate Professor of Computer Science Brown University, Providence, RI Fall 2002 - Spring 2008 Assistant Professor of Computer Science UCLA, Los Angeles, CA Fall 2006 Visiting Scientist at the Institute for Pure and Applied Mathematics (IPAM) Weizmann Institute, Rehovot, Israel Spring 2006 Visiting Scientist Massachusetts Institute of Technology, Cambridge, MA 1997 { 2002 Graduate student IBM T. J. Watson Research Laboratory, Hawthorne, NY Summer 2001 Summer Researcher IBM Z¨urich Research Laboratory, R¨uschlikon, Switzerland Summers 1999, 2000 Summer Researcher 1 Teaching Brown University, Providence, RI Spring 2008, 2011, 2015, 2017, 2019; Fall 2012 Instructor for \CS 259: Advanced Topics in Cryptography," a seminar course for graduate students. Brown University, Providence, RI Spring 2012 Instructor for \CS 256: Advanced Complexity Theory," a graduate-level complexity theory course. Brown University, Providence, RI Fall 2003,2004,2005,2010,2011 Spring 2007, 2009,2013,2014,2016,2018 Instructor for \CS151: Introduction to Cryptography and Computer Security." Brown University, Providence, RI Fall 2016, 2018 Instructor for \CS 101: Theory of Computation," a core course for CS concentrators.
    [Show full text]
  • Oacerts: Oblivious Attribute Certificates
    OACerts: Oblivious Attribute Certificates Jiangtao Li and Ninghui Li CERIAS and Department of Computer Science, Purdue University 250 N. University Street, West Lafayette, IN 47907 {jtli,ninghui}@cs.purdue.edu Abstract. We propose Oblivious Attribute Certificates (OACerts), an attribute certificate scheme in which a certificate holder can select which attributes to use and how to use them. In particular, a user can use attribute values stored in an OACert obliviously, i.e., the user obtains a service if and only if the attribute values satisfy the policy of the service provider, yet the service provider learns nothing about these attribute values. This way, the service provider’s access con- trol policy is enforced in an oblivious fashion. To enable the oblivious access control using OACerts, we propose a new cryp- tographic primitive called Oblivious Commitment-Based Envelope (OCBE). In an OCBE scheme, Bob has an attribute value committed to Alice and Alice runs a protocol with Bob to send an envelope (encrypted message) to Bob such that: (1) Bob can open the envelope if and only if his committed attribute value sat- isfies a predicate chosen by Alice, (2) Alice learns nothing about Bob’s attribute value. We develop provably secure and efficient OCBE protocols for the Pedersen commitment scheme and predicates such as =, ≥, ≤, >, <, 6= as well as logical combinations of them. 1 Introduction In Trust Management and certificate-based access control Systems [3, 40, 19, 11, 34, 33], access control decisions are based on attributes of requesters, which are estab- lished by digitally signed certificates. Each certificate associates a public key with the key holder’s identity and/or attributes such as employer, group membership, credit card information, birth-date, citizenship, and so on.
    [Show full text]
  • MODELING and ANALYSIS of MOBILE TELEPHONY PROTOCOLS by Chunyu Tang a DISSERTATION Submitted to the Faculty of the Stevens Instit
    MODELING AND ANALYSIS OF MOBILE TELEPHONY PROTOCOLS by Chunyu Tang A DISSERTATION Submitted to the Faculty of the Stevens Institute of Technology in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY Chunyu Tang, Candidate ADVISORY COMMITTEE David A. Naumann, Chairman Date Yingying Chen Date Daniel Duchamp Date Susanne Wetzel Date STEVENS INSTITUTE OF TECHNOLOGY Castle Point on Hudson Hoboken, NJ 07030 2013 c 2013, Chunyu Tang. All rights reserved. iii MODELING AND ANALYSIS OF MOBILE TELEPHONY PROTOCOLS ABSTRACT The GSM (2G), UMTS (3G), and LTE (4G) mobile telephony protocols are all in active use, giving rise to a number of interoperation situations. This poses serious challenges in ensuring authentication and other security properties. Analyzing the security of all possible interoperation scenarios by hand is, at best, tedious under- taking. Model checking techniques provide an effective way to automatically find vulnerabilities in or to prove the security properties of security protocols. Although the specifications address the interoperation cases between GSM and UMTS and the switching and mapping of established security context between LTE and previous technologies, there is not a comprehensive specification of which are the possible interoperation cases. Nor is there comprehensive specification of the procedures to establish security context (authentication and short-term keys) in the various interoperation scenarios. We systematically enumerate the cases, classifying them as allowed, disallowed, or uncertain with rationale based on detailed analysis of the specifications. We identify the authentication and key agreement procedure for each of the possible cases. We formally model the pure GSM, UMTS, LTE authentication protocols, as well as all the interoperation scenarios; we analyze their security, in the symbolic model of cryptography, using the tool ProVerif.
    [Show full text]
  • Department of Computer Science
    i cl i ck ! MAGAZINE click MAGAZINE 2014, VOLUME II FIVE DECADES AS A DEPARTMENT. THOUSANDS OF REMARKABLE GRADUATES. 50COUNTLESS INNOVATIONS. Department of Computer Science click! Magazine is produced twice yearly for the friends of got your CS swag? CS @ ILLINOIS to showcase the innovations of our faculty and Commemorative 50-10 Anniversary students, the accomplishments of our alumni, and to inspire our t-shirts are available! partners and peers in the field of computer science. Department Head: Editorial Board: Rob A. Rutenbar Tom Moone Colin Robertson Associate Department Heads: Rob A. Rutenbar shop now! my.cs.illinois.edu/buy Gerald DeJong Michelle Wellens Jeff Erickson David Forsyth Writers: David Cunningham CS Alumni Advisory Board: Elizabeth Innes Alex R. Bratton (BS CE ’93) Mike Koon Ira R. Cohen (BS CS ’81) Rick Kubetz Vilas S. Dhar (BS CS ’04, BS LAS BioE ’04) Leanne Lucas William M. Dunn (BS CS ‘86, MS ‘87) Tom Moone Mary Jane Irwin (MS CS ’75, PhD ’77) Michelle Rice Jennifer A. Mozen (MS CS ’97) Colin Robertson Daniel L. Peterson (BS CS ’05) Laura Schmitt Peter L. Tannenwald (BS LAS Math & CS ’85) Michelle Wellens Jill C. Zmaczinsky (BS CS ’00) Design: Contact us: SURFACE 51 [email protected] 217-333-3426 Machines take me by surprise with great frequency. Alan Turing 2 CS @ ILLINOIS Department of Computer Science College of Engineering, College of Liberal Arts & Sciences University of Illinois at Urbana-Champaign shop now! my.cs.illinois.edu/buy click i MAGAZINE 2014, VOLUME II 2 Letter from the Head 4 ALUMNI NEWS 4 Alumni
    [Show full text]