Download Advances in Cryptology – CRYPTO 2008: 28th Annual by Jean-Sébastien Coron, Jacques Patarin, Yannick Seurin PDF

By Jean-Sébastien Coron, Jacques Patarin, Yannick Seurin (auth.), David Wagner (eds.)

This booklet constitutes the refereed court cases of the twenty eighth Annual foreign Cryptology convention, CRYPTO 2008, held in Santa Barbara, CA, united states in August 2008.

The 32 revised complete papers offered have been conscientiously reviewed and chosen from 184 submissions. Addressing all present foundational, theoretical and examine elements of cryptology, cryptography, and cryptanalysis in addition to complicated functions, the papers are prepared in topical sections on random oracles, functions, public-key crypto, hash capabilities, cryptanalysis, multiparty computation, privateness, 0 wisdom, and oblivious transfer.

Show description

Read or Download Advances in Cryptology – CRYPTO 2008: 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008. Proceedings PDF

Similar international_1 books

Logic-Based Program Synthesis and Transformation: 18th International Symposium, LOPSTR 2008, Valencia, Spain, July 17-18, 2008, Revised Selected Papers

This e-book constitutes the completely refereed post-conference lawsuits of the 18th overseas Symposium on Logic-Based application Synthesis and Transformation, LOPSTR 2008, held in Valencia, Spain, in the course of July 17-18, 2008. The eleven revised complete papers provided including one invited speak have been conscientiously reviewed and chosen for inclusion within the publication.

Computational Methods in Systems Biology: 13th International Conference, CMSB 2015, Nantes, France, September 16-18, 2015, Proceedings

This publication constitutes the refereed lawsuits of the thirteenth foreign convention on Computational equipment in structures Biology, CMSB 2015, held in Nantes, France, in September 2015. The 20 complete papers and a couple of brief papers awarded have been conscientiously reviewed and chosen from forty three complete and four brief paper submissions.

Extra info for Advances in Cryptology – CRYPTO 2008: 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008. Proceedings

Sample text

Kiltz Table 1. Recommended signature sizes of different schemes. The parameters are chosen to provide unforgeability with k = 80 bits security after revealing maximal q = 230 signatures. RSA signatures are instantiated with a modulus of |N | = 1024 bits, bilinear maps signatures in asymmetric pairings with |G| = log p = 160 bits. We assume without loss of generality that messages are of size bits (otherwise, we can apply a collisionresistant hash function first), where must be in the order of 2k = 160 in order to provide k bits of security.

We now discuss our results in more detail. We refer to [6, 9] for applications of short signatures. The birthday paradox and randomized signatures. A signature scheme SIGFisch by Fischlin [19] (itself a variant of the RSA-based Cramer-Shoup signatures [17]) is defined as follows. The signature for a message m is given by mod 2 1/e sig := (e, r, (h0 hr1 hm+r ) mod N ), where e is a random η-bit prime and 2 r is a random bit mask. The birthday paradox (for uniformly sampled primes) 2 We remark that the impossibility results from [18] do not imply that (poly, 1)programmable hash functions do not exist since they only rule out the possibility of proving the security of such constructions based on any assumption which is satisfied by random functions, thus it might still be possible to construct such objects using, say homomorphic properties.

In fact, Fischlin’s signature scheme can be seen as our generic RSA signatures scheme from (2), instantiated with a concrete (1, 1)-RPHF (RHPoly1 ). In our notation, the programmability of the hash function is used at the point where an adversary uses a given signature (e, y1 ) to create a forgery (e, y) with the same prime e. , to compute g 1/e and e > 1 from g. However, since the hash function is (1, 1)-programmable we can program H with g and h = g e such that, with some non-negligible probability, H(X)1/e = hbX = g bX1 can be computed but H(Z)1/e = (g aZ hbZ )1/e = g aZ /e g bZ can be used to break the strong RSA assumption since aZ = 0.

Download PDF sample

Rated 4.62 of 5 – based on 34 votes