There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality.

Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

I and i

From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

Handbook of Applied Cryptography

PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

https://apps.dtic.mil/dtic/tr/fulltext/u2/a423264.pdf

Systems and Methods for Secure Transaction Management and Electronic Rights Protection

We will review some of the major results in random graphs and some of the more challenging open problems. We will cover algorithmic and structural questions. We will touch on newer models, including those related to the WWW.

Random graphs

We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on the Weil pairing. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.

/pdf/identity-based-encryption-from-the-weil-pairing-sfqdyadlbb.pdf

Identity-Based Encryption from the Weil Pairing

Luby and Rackoff [21] showed a method for constructing a pseudo-random permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudo-random function. We reduce somewhat the complexity of the construction and simplify its proof of security by showing that two Feistel permutations are sufficient together with initial and final pair-wise independent permutations. The revised construction and proof provide a framework in which similar constructions may be brought up and their security can be easily proved. We demonstrate this by presenting some additional adjustments of the construction that achieve the following: ● Reduce the success probability of the adversary. ● Provide a construction of pseudo-random permutations with large input size using pseudo-random functions with small input size. ●A full version of this paper is available as Theory of C~yptography Library: Record 96-11 at: http: //theory.lcs .m.it. edul tcryptol/homepage .html f Incumbent of the Morris and Rose Goldman Career Development Chair, Dept. of Applied Mathematics and Computer Science, Weizmann Institute of Science, Rehovot 76100, Israel. Research supported by grant no. 356/94 from the Israel Science Foundation administered by the Israeli Academy of Sciences. E-mail: naor@wisdom.weizmann .ac.iL tDePt, of Applied Mathematics and Computer Science, Weizmann Institute of Science, Rehovot 76100, Israel. Part of this research was supported by a Clore Scholars award. E-mail: reingold@wisdom .weiznmnn.ac.il. Permission 10 make digil;llhml copies offlll or pall o~lhis nl:llcriitl Ibr person:lIor Atssroom uw is grmlcli wilhwlt Fecprnvidcd th:ll Ihe copies are nrrl made or dislrilwled Iiw prolil or Lwnmcrcin I adinnl:Ige. Ihe copy ri@ notice. Ihc Ii[lc ol’lhc p(lhlicnli(m and ils dnlc nppc~l-.and noliw is given Ilmt copyright IS by permission oflhc ;\CA1. [nc, T(I copv olhwwiw. to rqwhlish. 10 posl (m scrww (Ir II) rcdwlril>lllc 10 Iisls. rcqllir.x yrwilic permissim mxVor Lx SW)( ‘ 97 1;11’:1s0, ‘1’cxwI is,\ Copyrighl I 997 .A(.’hl O-W791 -88 X-(197:(J5 S3 S(J ● 1 Provide a construction of a pseudo-random permutation using a single pseud~random function.

On the construction of pseudo-random permutations: Luby-Rackoff revisited (extended abstract)

We initiate the study of compression that preserves the solution to an instance of a problem rather than preserving the instance itself. Our focus is on the compressibility of NP decision problems. We consider NP problems that have long instances but relatively short witnesses. The question is, can one efficiently compress an instance and store a shorter representation that maintains the information of whether the original input is in the language or not. We want the length of the compressed instance to be polynomial in the length of the witness rather than the length of original input. Such compression enables to succinctly store instances until a future setting will allow solving them, either via a technological or algorithmic breakthrough or simply until enough time has elapsed. We give a new classification of NP with respect to compression. This classification forms a stratification of NP that we call the VC hierarchy. The hierarchy is based on a new type of reduction called W-reduction and there are compression-complete problems for each class. Our motivation for studying this issue stems from the vast cryptographic implications compressibility has. For example, we say that SAT is compressible if there exists a polynomial p(middot, middot) so that given a formula consisting of m clauses over n variables it is possible to come up with an equivalent (w.r.t satisfiability) formula of size at most p(n, log m). Then given a compression algorithm for SAT we provide a construction of collision resistant hash functions from any one-way function. This task was shown to be impossible via black-box reductions (D. Simon, 1998), and indeed the construction presented is inherently non-black-box. Another application of SAT compressibility is a cryptanalytic result concerning the limitation of everlasting security in the bounded storage model when mixed with (time) complexity based cryptography. In addition, we study an approach to constructing an oblivious transfer protocol from any one-way function. This approach is based on compression for SAT that also has a property that we call witness retrievability. However, we mange to prove severe limitations on the ability to achieve witness retrievable compression of SAT

On the Compressibility of NP Instances and Cryptographic Applications.

We study compression that preserves the solution to an instance of a problem rather than preserving the instance itself. Our focus is on the compressibility of $\mathcal{NP}$ decision problems. We consider $\mathcal{NP}$ problems that have long instances but relatively short witnesses. The question is whether one can efficiently compress an instance and store a shorter representation that maintains the information of whether the original input is in the language or not. We want the length of the compressed instance to be polynomial in the length of the witness and polylog in the length of original input. Such compression enables succinctly storing instances until a future setting will allow solving them, either via a technological or algorithmic breakthrough or simply until enough time has elapsed. In this paper, we first develop the basic complexity theory of compression, including reducibility, completeness, and a stratification of $\mathcal{NP}$ with respect to compression. We then show that compressibility (say, of SAT) would have vast implications for cryptography, including constructions of one-way functions and collision resistant hash functions from any hard-on-average problem in $\mathcal{NP}$ and cryptanalysis of key agreement protocols in the “bounded storage model” when mixed with (time) complexity-based cryptography.

On the Compressibility of $\mathcal{NP}$ Instances and Cryptographic Applications

A method for secure accounting and auditing of a communications network operates in an environment in which many servers serve an even larger number of clients (e.g. the web), and are required to meter the interaction between servers and clients (e.g. counting the number of clients that were served by a server). The method (metering process) is very efficient and does not require extensive usage of any new communication channels. The metering is secure against fraud attempts by servers which inflate the number of their clients and against clients that attempt to disrupt the metering process. Several secure and efficient constructions of this method are based on efficient cryptographic techniques, are also very accurate, and preserver the privacy of the clients.

Method for secure accounting and auditing on a communications network

We consider an environment in which many servers serve an even larger number of clients (e.g. the web), and it is required to meter the interaction between servers and clients. More specifically, it is desired to count the number of clients that were served by a server. A major possible application is to measure the popularity of web pages in order to decide on advertisement fees. The metering process must be very efficient and should not require extensive usage of any new communication channels. The metering ­ould also be secure against fraud attempts by servers which inflate the number of their clients and against clients that attempt to disrupt the metering process. We suggest several secure and efficient constructions of metering systems, based on efficient cryptographic techniques. They are also very accurate and can preserve the privacy of the clients.

/pdf/secure-and-efficient-metering-100wow10fg.pdf

Moni Naor

Papers

On the construction of pseudo-random permutations: Luby-Rackoff revisited (extended abstract)

On the Compressibility of NP Instances and Cryptographic Applications.

On the Compressibility of $\mathcal{NP}$ Instances and Cryptographic Applications

Method for secure accounting and auditing on a communications network

Secure and efficient metering