![Loading...](https://link.springer.com/static/c4a417b97a76cc2980e3c25e2271af3129e08bbe/images/pdf-preview/spacer.gif)
-
Chapter and Conference Paper
Honey Encryption Beyond Message Recovery Security
Juels and Ristenpart introduced honey encryption (HE) and showed how to achieve message recovery security even in the face of attacks that can exhaustively try all likely keys. This is important in contexts li...
-
Chapter and Conference Paper
Message-Locked Encryption and Secure Deduplication
We formalize a new cryptographic primitive that we call Message-Locked Encryption (MLE), where the key under which encryption and decryption are performed is itself derived from the message. MLE provides a way...
-
Chapter and Conference Paper
The Mix-and-Cut Shuffle: Small-Domain Encryption Secure against N Queries
We provide a new shuffling algorithm, called Mix-and-Cut, that provides a provably-secure block cipher even for adversaries that can observe the encryption of all N = 2 n do...
-
Chapter and Conference Paper
Careful with Composition: Limitations of the Indifferentiability Framework
We exhibit a hash-based storage auditing scheme which is provably secure in the random-oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash constructions. This contradicts ...
-
Chapter and Conference Paper
Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol
We analyze the security of the TLS Record Protocol, a MAC-then-Encode-then-Encrypt (MEE) scheme whose design targets confidentiality and integrity for application layer communications on the Internet. Our main...
-
Chapter and Conference Paper
Random Oracles with(out) Programmability
This paper investigates the Random Oracle Model (ROM) feature known as programmability, which allows security reductions in the ROM to dynamically choose the range points of an ideal hash function. This property ...
-
Chapter and Conference Paper
Salvaging Merkle-Damgård for Practical Applications
Many cryptographic applications of hash functions are analyzed in the random oracle model. Unfortunately, most concrete hash functions, including the SHA family, use the iterative (strengthened) Merkle-Damgård...
-
Chapter and Conference Paper
Simulation without the Artificial Abort: Simplified Proof and Improved Concrete Security for Waters’ IBE Scheme
Waters’ variant of the Boneh-Boyen IBE scheme is attractive because of its efficency, applications, and security attributes, but suffers from a relatively complex proof with poor concrete security. This is due...
-
Chapter and Conference Paper
The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks
Multiparty signature protocols need protection against rogue-key attacks, made possible whenever an adversary can choose its public key(s) arbitrarily. For many schemes, provable security has only been establishe...
-
Chapter and Conference Paper
Multi-Property-Preserving Hash Domain Extension and the EMD Transform
We point out that the seemingly strong pseudorandom oracle preserving (PRO-Pr) property of hash function domain-extension transforms defined and implemented by Coron et. al. [1] can actually weaken our guarantees...