Proceedings ArticleDOI
Why and how to establish a private code on a public network
Shafi Goldwasser,Silvio Micali,Po Tong +2 more
- pp 134-144
Reads0
Chats0
TLDR
It is shown how users, which are more powerful adversarys than the traditionally considered passive eavesdroppers, can decrypt other users messages, in implementations of Public Key Cryptosystem using the RSA function, the Rabin function and the Goldwasser&Micali scheme.Abstract:
The Diffie and Hellman model of a Public Key Cryptosystem has received much attention as a way to provide secure network communication. In this paper, we show that the original Diffie and Hellman model does not guarantee security against other users in the system. It is shown how users, which are more powerful adversarys than the traditionally considered passive eavesdroppers, can decrypt other users messages, in implementations of Public Key Cryptosystem using the RSA function, the Rabin function and the Goldwasser&Micali scheme. This weakness depends on the bit security of the encryption function. For the RSA (Rabin) function we show that computing, from the cyphertext, specific bits of the cleartext, is polynomially equivalent to inverting the function (factoring). As for many message spaces, this bit can be easily found out by communicating, the system is insecure. We present a modification of the Diffie and Hellman model of a Public-Key Cryptosystem, and one concrete implementation of the modified model. For this implementation, the difficulty of extracting partial information about clear text messages from their encoding, by eavesdroppers, users or by Chosen Cyphertext Attacks is proved equivalent to the computational difficulty of factoring. Such equivalence proof holds in a very strong probabilistic sense and for any message space. No additional assumptions, such as the existence of a perfect signature scheme, or a trusted authentication center, are made.read more
Citations
More filters
Journal ArticleDOI
How to construct random functions
TL;DR: In this paper, a constructive theory of randomness for functions, based on computational complexity, is developed, and a pseudorandom function generator is presented, which is a deterministic polynomial-time algorithm that transforms pairs (g, r), where g is any one-way function and r is a random k-bit string, to computable functions.
Journal ArticleDOI
A Pseudorandom Generator from any One-way Function
TL;DR: It is shown how to construct a pseudorandom generator from any one-way function, and it is shown that there is a Pseudorandom Generator if and only ifthere is a one- way function.
Book ChapterDOI
How to construct random functions
TL;DR: A constructive theory of randomness for functions, based on computational complexity, is developed, and a pseudorandom function generator is presented that has applications in cryptography, random constructions, and complexity theory.
Proceedings ArticleDOI
Public-key cryptosystems provably secure against chosen ciphertext attacks
Moni Naor,Moti Yung +1 more
TL;DR: This work shows how to construct a public-key cryptosystem (as originally defined by DiNe and Hellman) secure against chosen ciphertezt attacks, given aPublic-Key cryptosystern secure against passive eavesdropping and a noninteractive zero-knowledge proof system in the shared string model.
Proceedings ArticleDOI
Non-malleable cryptography
TL;DR: Non-malleable schemes for each of the contexts of string commitment and zero-knowledge proofs of possession of knowledge, where a user need not know anything about the number or identity of other system users are presented.
References
More filters
Journal ArticleDOI
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Journal ArticleDOI
On the security of public key protocols
Danny Dolev,Andrew Chi-Chih Yao +1 more
TL;DR: Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.
Journal ArticleDOI
Using encryption for authentication in large networks of computers
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Digitalized signatures and public-key functions as intractable as factorization
TL;DR: It is proved that for any given n, if the authors can invert the function y = E (x1) for even a small percentage of the values y then they can factor n, which seems to be the first proved result of this kind.
Related Papers (5)
A method for obtaining digital signatures and public-key cryptosystems
How to generate cryptographically strong sequences of pseudo-random bits
Manuel Blum,Silvio Micali +1 more