We propose a novel paradigm for defining security of cryptographic protocols, called universally composable security. The salient property definitions is that they guarantee even when secure protocol composed an arbitrary set or more generally the used as component system. This essential maintaining protocols in complex and unpredictable environments such Internet. In particular, unbounded number instances are executed concurrently adversarially controlled manner, non-malleability with...

Multicast stream authentication and signing is an important challenging problem. Applications include the continuous of radio TV Internet broadcasts, authenticated data distribution by satellite. The main challenges are fourfold. First, authenticity must be guaranteed even when only sender trusted. Second, scheme needs to scale potentially millions receivers. Third, streamed media can have high packet loss. Finally system efficient support fast rates. We propose two schemes, TESLA EMSS, for...

We take a critical look at the relationship between security of cryptographic schemes in Random Oracle Model, and that result from implementing random oracle by so called "cryptographic hash functions".The main this article is negative one: There exist signature encryption are secure but for which any implementation results insecure schemes. In process devising above schemes, we consider possible definitions notion "good implementation" oracle, pointing out limitations challenges.

We show how to securely realize any multi-party functionality in a universally composable way, regardless of the number corrupted participants. That is, we consider network with open communication and an adversary that can adaptively corrupt as many parties it wishes. In this setting, our protocols allow subset (with pairs being special case) desired their local inputs, be guaranteed security is preserved activity rest network. This implies under concurrent composition unbounded protocol...

Multicast communication is becoming the basis for a growing number of applications. It therefore critical to provide sound security mechanisms multicast communication. Yet, existing protocols offer only partial solutions. We first present taxonomy scenarios on Internet and point out relevant concerns. Next we address two major problems communication: source authentication, key revocation. Maintaining authenticity in much more complex problem than unicast; particular, known solutions are...

Article The random oracle methodology, revisited (preliminary version) Share on Authors: Ran Canetti IBM Watson, P.O. Box 704, Yorktown Heights, NY NYView Profile , Oded Goldreich Department of Computer Science, Weizmann Institute Rehovot, Israel IsraelView Shai Halevi Authors Info & Claims STOC '98: Proceedings the thirtieth annual ACM symposium Theory computingMay 1998 Pages 209–218https://doi.org/10.1145/276698.276741Online:23 May 1998Publication History...

Article Free Access Share on Adaptively secure multi-party computation Authors: Ran Canetti TOC/CIS groups, LCS, MIT MITView Profile , Uri Feige Department of Computer Science and Applied Math, Weizmann Institute Science, Rehovot, Israel IsraelView Oded Goldreich Moni Naor Authors Info & Claims STOC '96: Proceedings the twenty-eighth annual ACM symposium Theory ComputingJuly 1996Pages 639–648https://doi.org/10.1145/237814.238015Published:01 July 1996Publication History...

In a proxy re-encryption (PRE) scheme, is given special information that allows it to translate ciphertext under one key into of the same message different key. The cannot, however, learn anything about messages encrypted either PRE schemes have many practical applications, including distributed storage, email, and DRM. Previously proposed achieved only semantic security; in contrast, applications often require security against chosen attacks. We propose definition attacks for schemes,...

The existence of succinct non-interactive arguments for NP (i.e., computationally-sound proofs where the verifier's work is essentially independent complexity nondeterministic verifier) has been an intriguing question past two decades. Other than CS in random oracle model [Micali, FOCS '94], only existing candidate construction based on elaborate assumption that tailored to a specific protocol [Di Crescenzo and Lipmaa, CiE '08].

We propose simple and efficient CCA‐secure public‐key encryption schemes (i.e., secure against adaptive chosen‐ciphertext attacks) based on any identity‐based (IBE) scheme. Our constructions have ramifications of both theoretical practical interest. First, our give a new paradigm for achieving CCA‐security; this avoids “proofs well‐formedness” that been shown to underlie previous constructions. Second, instantiating construction using known IBE we obtain whose performance is competitive with...

Succinct non-interactive arguments of knowledge (SNARKs) enable verifying NP statements with complexity that is essentially independent required for classical verification. In particular, they provide strong solutions to the problem verifiably delegating computation. We construct first fully-succinct publicly-verifiable SNARK. To do that, we show how "bootstrap" any SNARK requires expensive preprocessing obtain a does not, while preserving public verifiability. then apply this transformation...

We give new instantiations of the Fiat-Shamir transform using explicit, efficiently computable hash functions. improve over prior work by reducing security these protocols to qualitatively simpler and weaker computational hardness assumptions. As a consequence our framework, we obtain following concrete results.