Jacques Stern scite author profile

In this paper, wc address the question of providing security proofs for signature schemes in the so-called random oracle model [l]. In particular, we establish the generality of this technique against adapt,ively chosen message attacks. Our main application achieves such a security proof for a slight variant of the El Garrial signature schemc [4]where comniitted values are hashed together with the message. This is a rather surprising result since the original El Gamal is, as RSA [ll], subject to cxistcnt,ial forgery.U. Maurer (Ed.): Advances in Cryptology -

show abstract

A method for finding codewords of small weight

Stern

338

253

View full text Add to dashboard Cite

Practical multi-candidate election system

et al. 2001

View full text Add to dashboard Cite

International audienceThe aim of electronic voting schemes is to provide a set of protocols that allow voters to cast ballots while a group of authorities collect the votes and output the final tally. In this paper we describe a practical multi-candidate election scheme that guarantees privacy of voters, public verifiablity and robustness against a coalition of malicious authorities. Furthermore, we address the problem of receipt-freeness and incoercibility of voters. Our new scheme is based on the Paillier cryptosystem and on some related zero-knowledge proof techniques. The voting schemes are very practical and can be efficiently implemented in a real system

show abstract

RSA-OAEP Is Secure under the RSA Assumption

et al. 2002

View full text Add to dashboard Cite

Recently Victor Shoup noted that there is a gap in the widely believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven secure from the one-wayness of the underlying trapdoor permutation. This paper establishes another result on the security of OAEP. It proves that OAEP offers semantic security against adaptive chosen-ciphertext attacks, in the random oracle model, under the partial-domain one-wayness of the underlying permutation. Therefore, this uses a formally stronger assumption. Nevertheless, since partial-domain one-wayness of the RSA function is equivalent to its (full-domain) onewayness, it follows that the security of RSA-OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight.

show abstract

A new public key cryptosystem based on higher residues

Naccache¹,

Stern

1998

261

197

View full text Add to dashboard Cite

Sharing Decryption in the Context of Voting or Lotteries

2001

View full text Add to dashboard Cite

Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform c o mputation with e ncrypted data without the knowledge of any secret information. In many applications, the ability to perform decryption, i.e. the knowledge of the secret key, gives a huge power. A classical way to reduce the trust in such a secret owner, and consequently to increase the security, is to s hare the s ecret between many entities in such a w ay that cooperation between them is necessary to decrypt. In this paper, we propose a distributed version of the Paillier cryptosystem presented at Eurocrypt '99. This shared scheme can for example be used in an electronic voting scheme or in a lottery where a random number related to the winning ticket has to be jointly chosen by all participants.

show abstract

A new identification scheme based on syndrome decoding

Stern

1994

259

187

View full text Add to dashboard Cite

Laboratoire d'informatique, Ecole N u m a l e Suy&ricLu-c Abstract. Zero-knowledge proofs were introduced in 1985, in a paper by Goldwasser, Micali and Rackoff ([6]). Their practical significance was soon demonstrated in the work of Fiat and Shamir ([4]), who turned zero-knowledge proofs of quadratic residuosity into efficient means of establishing user identities. Still, as is almost always the case in public-key cryptography, the Fiat-Shamir scheme relied on arithmetic operations on larep niimhws. Tn 1989, there were two attempts to build identification protocols that only use simple operations (see [U, lo]). One appeared in the EUROCRYPT proceedings and relies on the intractability of some coding problems, the other waa presented at the CRYPTO rump session and depends on the so-called Permuted Kernel problem (PKP). Unfortunately, the first of the schemes wati uot really practical. In the prcscnt paper, we propose a new identification scheme, based on error-correcting codes, which is zero-knowledge and is of practical value. Furthermore, we describe several variants, including one which has an identity based character. The security of our scheme dependson the hardness of decoding a word of given syndrome w.r.t. some binary linear error-correcting code.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jacques Stern

Security Arguments for Digital Signatures and Blind Signatures

Security Proofs for Signature Schemes

A method for finding codewords of small weight

Practical multi-candidate election system

RSA-OAEP Is Secure under the RSA Assumption

A new public key cryptosystem based on higher residues

Sharing Decryption in the Context of Voting or Lotteries

A new identification scheme based on syndrome decoding

Contact Info

Product

Resources

About