Password-based protocols for authenticated key exchange (AKE) are designed to work despite the use of passwords drawn from a space so small that an adversary might well enumerate, off line, all possible passwords. While several such protocols have been suggested, the underlying theory has been lagging. We begin by defining a model for this problem, one rich enough to deal with password guessing, forward secrecy, server compromise, and loss of session keys. The one model can be used to define various goals. We take AKE (with "implicit" authentication) as the "basic" goal, and we give definitions for it, and for entity-authentication goals as well. Then we prove correctness for the idea at the center of the Encrypted Key-Exchange (EKE) protocol of Bellovin and Merritt: we prove security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.
Entity authentication and key distribution are central cryptographic problems in distributed computing|but up until now, they have lacked even a meaningful de nition. One consequence is that incorrect and ine cient protocols have proliferated. This paper provides the rst treatment of these problems in the complexity-theoretic framework of modern cryptography. Addressed in detail are two problems of the symmetric, two-party setting: mutual authentication and authenticated key exchange. For each w e present a de nition, protocol, and proof that the protocol meets its goal, assuming the minimal assumption of pseudorandom function. When this assumption is appropriately instantiated, the protocols given are practical and e cient.
We study notions and schemes for symmetric ie. private key encryption in a concrete security framework.We give four di erent notions of security against chosen plaintext attack and analyze the concrete complexity o f reductions among them, providing both upper and lower bounds, and obtaining tight relations. In this way w e classify notions even though polynomially reducible to each other as stronger or weaker in terms of concrete security.Next we provide concrete security analyses of methods to encrypt using a block cipher, including the most popular encryption method, CBC. We establish tight bounds meaning matching upper bounds and attacks on the success of adversaries as a function of their resources.
Abstract. We compare the relative strengths of popular notions of security for public key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen plaintext attack and two kinds of chosen ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one no~ion must meet the other) or a separation (there is a scheme meeting one notion but not the other, assuming the first notion can be met at all). We similaxly treat plaintext awareness, a notion of security in the random oracle model. An additional contribution of this paper is a new definition of non-malleability which we believe is simpler than the previous one.
Abstract.We describe an RSA-based signing scheme which corribines essentially optimal efficiency with attractive security properties. Signing takes one RSA decryption plus sonic hashing, verification takes one RSA encryption plus some hashing, and the size of the signature is the size of the modulus. Assuming the underlying hash functions are ideal, our schemes are not only provably secure, but are so in a tight wayan ability to forge signatures with a certain amount of coniputational resources implies the ability to invert R.SA (on the same size modulus) with about the same computational effort. Furthermore, we provide a second scheme which maintains all of the above features and in addition provides message recovery. These ideas cxt,entl to provide schemes for Rabin signatures with analogous properties; in particular their security can be tightly related to the hardness of factor-ing.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.