front-matter
Lecture Notes in Computer Science
Advances in Cryptology -CRYPT0 '91
Preface
Contents
fulltext
The Problem
Overview
The Basic Logic
A calculus of principals
A logic of principals and their statements
Semantics
On idempotence
Roles
Roles versus groups
The encoding
Delegation
The forms of delegation
The encoding
Protocols and Algorithms
Delegation
Delegation from users to nodes
Delegation from nodes to nodes
Access control decisions
A general access control problem
A more tractable problem
An example
Conclusions
Acknowledgements
References
fulltext_001
Introduction
Modeling States of Knowledge
Modeling the Cryptosystem
Modeling Participants’ Knowledge
Modeling the Possible Inferences of a User fromhis State of Knowledge
Problem Statement
Inferences Obtained by Computing the Participant’s Seen F’raction
Inferences Obtained &om the Closure of Belief States
Summary of the Possible Inferences
Unifiable Elements
Inferred States of Knowledge and “Known F’ractions” of theParticipants
Conclusions
Acknowledgements
References
fulltext_002
Introduction
Scenario and attacks
Related Works
Objectives and Results
One Way Authentication
A trivial, but insecure, one way protocol
A Secure One-way Authentication Protocol
Two-way authentication is not simply twice one-way!
A Technique for Breaking Protocols
Attack on IS0 Protocol
A Secure Two-way Authentication Protocol
Avoiding Security Weaknesses
A secure protocol
Open Questions
Acknowledgments
References
Appendix: an Exhaustive Search of Sessions’ Interleaving
The Equations
fulltext_003
Introduction
Basic results on authentication codes
Authentication without secrecy
GenePal authentication codes
Acknowledgements
References
fulltext_004
Introduction
Authentication codes
Universal hashing
Lower bounds on the size of classes of hash functions
Construct ions
The application of universal hashing to authentication
Further comments and open questions
Acknowledgements
References
fulltext_005
Introduction
Correlation-immune functions
Others definitions
Orthogonal arrays
A recursive definition
Correlation-immune functions and Reed-Muller codes
Construction of correlation-immune functions
Extending an orthogonal array to a stronger one
Quadratic balanced correlation-immune functions of maximalorder
More balanced correlation-immune functions of maximal orders
References
fulltext_006
Introduction
Preliminaries
Secret Sharing Schemes
Bounds on the size of shares
Acknowledgments
References
fulltext_007
Introduction
Definitions
Related Work
Separating Unverified Secret Sharing from VerifiableSecret Sharing
Separating the Strong Versions of the Problems
Implications for t-VSS
Discussion and Open Questions
Acknowledgements
References
fulltext_008
Introduction
Notation
The Commitment Scheme
Non- interactive Verifiable Secret Sharing
Verification of Shares
The Scheme
Efficiency and Security
Computing on Shared Secrets
Linear Combinations
Choosing an Anonymous Shared Secret
Conclusion
References
fulltext_009
Introduction
A One-Bit Secret Key Exchange Protocol
An n-Bit Secret Key Exchange Protocol
Lower Bound Results
Key Set Protocols Revisited
Concluding Remarks
Acknowledgements
References
fulltext_010
Introduction
Cryptanalysis of Snefru
Cryptanalysis of Khafre
Cryptanalysis of REDOC-I1
Cryptanalysis of LOKI
Cryptanalysis of Lucifer
References
fulltext_011
The FEAL-N cryptosystem
Principle of the attack
A l i n e a r approximation of the FEAL S-boxes.
The attack of FEAL-4
S t a t i s t i c s
Derivation of the expanded key
The attack of FEAL-6
S t a t i s t i c s
Derivation of the expanded key
Improved r e s u l t s on m L - 4
Conclusion
Acknowledgements
REFERENCES
fulltext_012
Introduction
Background
What is a closure structure?
Meet-in-the-middle closure test (MCT) [KaRiSh]
Related Work
Switching closure test (SCT) procedure
Memoryless meet-in-the-middle procedure
Closure test for cryptography functions
Feasibility study
Caesar cipher as symmetric cipher
RSA cryptosystem as asymmetric cipher
Conclusion
References
fulltext_013
Introduction
Short description of MD4
Description of the attack on the last two rounds
References
fulltext_014
Introduction
The Proposed Cryptosystem
The Cryptanalytic Principle
The Attack of Y.M. Chee
The Attack of A. Joux and J. Stern
Conclusion
Acknowledgement
References
fulltext_015
Introduction
Definitions
The Two Prover Protocol
Correctness
Where is The Problem?
The Proof of Soundness .
The Protocol is a Proof of Knowledge.
Acknowledgments
References
fulltext_016
Introduction
Definitions
Main Theorem
Bounding the Power of an s-space Prover.
Acknowledgments
References
fulltext_017
Introduction
Definitions
Communication Complexity
Two Party Communication Complexity
Multi-Party Communication Complexity
Communication Topologies and Functional Inversion
Rings
Trees
Cliques
Inverting Planar Circuits
Area Requirement of One-way Functions
Final Remarks
References
fulltext_018
Introduction
Overview of the oracle for three passes versus two
Notation and definitions
Construction of the oracle for k = 3
A three pass public cryptosystem
Three passes are required
Defining knowledge about the oracle.
Two pass protocols have restricted form
Two pass protocols can be broken by Eve
Putting it together
Acknowledgments
References
fulltext_019
Introduction
Elliptic Curves over a Finite Field
Elliptic Curves over a Ring
Naive Construction of TOF Based on EllipticCurves over a Ring
Basic TOF Based on Elliptic Curves over a Ring
Rabin-type Generalization
Protocol
Halving Algorithm
Security
Solving the Order
Finding the Secret Key
Complete Breaking
Homomorphism Attacks and Their Countermeasures
Isomorphism Attacks and Their Countermeasures
Security for Low Multiplier Attack
Performance
Conclusions
Acknowledgements
References
fulltext_020
Introduction
Hyperelliptic Curves and the Jacobian
Extension of the Weil Pairing
Definition of the extended W-eii pairing
Miller's algorithm
Extended Weil pairing algorithm
Correctness of the definition
Complexity of Determining Hyperelliptic GroupStructure
Complexity of Hyperelliptic Discrete Logarithm
Discrete logarithms over the Jacobians
HEDL is NP n co-NP when non-half-degenerate
Reducing hyperelliptic logarithms to multiplicative logarithms
Conclusion
Acknowledgments
References
fulltext_021
Introduction
Anomalous curves
Number of points
Examples defined over F 2
Examples defined over F 4 , F 8 and F16
Some aspects of efficient implementation
Acknowledgments
References
fulltext_022
Background
Center algorithm priori to key sharing
ID information pre-processing
Publicized information common to all entities
Center Secret information common to all entities
Center secrets for each entities
Individual secrets for each entities
Common Key Generation
A Working Example
Security Considerat ion Against Conspiracy
Condition required to break the scheme
Consideration on the Carmichael function
Conclusion
Acknowledgment
References
fulltext_023
References
fulltext_024
Notatioiis and definitions
The case m = 2
General properties of PI, P; and P;*
$3 and $ when m 2 O(2;)
Properties of $’ and $6
Example of application
Remark for $(f, f, ,f, f2)
Conclusion
References
fulltext_025
Introduction
Overview of the Algorithm
Scaling the Modulus
Solutions for Radix 2
Improved Circuits for Radix 2
Final Detail and Conclusions
References
fulltext_026
Introduction
Preparations
Number Theoretic Conventions
Hierarchical Structure Table
Basic Universal Electronic Cash Scheme
Protocol
Correctness
Transferable Universal Electronic Cash
Performance Estimation
Conclusion
Acknowledgments
References
fulltext_027
Introduction
Untraceable payment systems in general
Overview over this paper
Breaking the Untraceability of Damgsrd's PaymentSystem
Description of the system
How to trace all payments
Repairing the Untraceability
Security for individuals against fraud
More General On-line Payments
Off-line Payments
Outlook
Acknowledgements
References
fulltext_028
Introduction and history
Method
Review of useful tools
Concatenated codes
Privacy amplification
Various cheats and how to overcome them
The standard attack
The Breidbart attack
Beamsplitting
More sophisticated attacks
Pulse storing
Coherent measurements
Acknowledgements
References
fulltext_029
Introduction
Algorithm Kernel
Key Parallelism
XOR Rearrangement
Multi-Round Parallelism
Pipeline
Computation Farm
System-Level Parallelism
Conclusion
References
fulltext_030
Introduction
Defining Security
Ensembles Induced by Protocol Execution
Relative Resilience
Resilience
Unifying All Interactive Computations
Folk Theorems and Modular Proof Techniques
The Share-Compute-Reveal Paradigm
Summary
References
fulltext_031
Invocation
In These Proceedings
Secure-Computation Problems
Privacy and Correctness
Prior and Related Definitions
Critique of These Definitions
Our Definitions
Key Features of Our Definitions
Key Choices
Key Properties
The Definition, in a Nutshell
Other Scenarios
Acknowledgments
References
fulltext_032
Introduction
Relation to Previous Work
The Election Privacy Homomorphism
Election Triples
Index Classes
The Election Privacy Homomorphism Assumption
EPH Based Votes
Unreusable Eligibility Tokens
Initialization
Token Issuing
Using the Token
ET Security
The Election Scheme
Election Initialization
Voter Registration
Voter Initialization
Voting
Tally Computing
Security
Discussion
References
fulltext_033
Introduction
An Efficient Protocol for Circuit Evaluation
An Optimization
Main Results
Proof Sketch
Theory and Practice
Acknowledgements
References
fulltext_034
Introduction
The Setting and the Problem
Tools
Public-Key Cryptography
Non-interactive proof systems and zero-knowledge
Digital signature
Non-Interactive Zero-Knowledge Proofs of Knowledgeand A Cryptosystem Secure against ChosenCiphertext Attack
Conclusions
References
fulltext_035
Introduction
Deterministic Public Key Systems
The El Gamal/Diffie-Hellman System
Connection to Identification Protocols
Conclusion and Open Problems
References
fulltext_036
Introduction
The model and notation
Threshold RSA signatures
Polynomial approach
The use of extensions of rings
A provably secure threshold authentication scheme
Attempt at a group based liomoinorphic threshold scheme
Homomorphic threshold scheme over an Abelian group
The provable scheme
An unconditionally secure version
Conclusion
Acknowledgements
References
fulltext_037
Abstract
Introduction
Unconditional security for signers
Undeniable signatures: Invisibility
The new schemes
Interesting new subprotocols
Overview
BasicIdea
The Discrete Logarithm Scheme
Assumption and notation
System structure for one message of fixed length
Security of the signer
Invisibility
Security of the recipient
Efficient verification
Efficient disavowal
A Theoretical Construction from Claw-free Permutation Pairs
A Practical Scheme Based on Factoring
Efficient Extension to Many Long Messages
Acknowledgements
References
back-matter
Author Index