Public-Key Encryption (PKE) and Message Authentication (PKMA, aka as digital signatures) are fundamental cryptographic primitives. Traditionally, both notions are defined as non-interactive (i.e., single-message). In this work, we initiate rigorous study of (possibly) interactive PKE and PKMA schemes. We obtain the following results demonstrating the power of interaction to resolve questions wh...

Modeling security for protocols running in the complex network environment of the Internet can be a daunting task. Ideally, a security model for the Internet should provide the following guarantee: a protocol that “securely” implements a particular task specification will retain all the same security properties as the specification itself, even when an arbitrary set of protocols runs concurrent...

Email: [email protected] Let’s start with the deniable truth—at present sustainable forestry is rare or localized. This is apparent when looking at global scales but also at regional and local scales. Globally, deforestation and land conversion continue. There is less forest each year (-5.2 million ha yr-1), and conversion of frontier (primary, or ancient) forests to second growth forests of shorter ...

In this paper, we present both practical and general 4-round concurrent and resettable zeroknowledge arguments with concurrent soundness in the bare public-key (BPK) model. To our knowledge, our result is the first work that achieves concurrent soundness for ZK protocols in the BPK model and stands for the current state-of-the-art of concurrent zero-knowledge with setup assumptions. Since the B...

The ring signature can guarantee the signer’s anonymity. Most proposed ring signature schemes have two problems: One is that the size of ring signature depends linearly on the ring size, and the other is that the signer can shift the blame to victims because of the anonymity. Some authors have studied the constant-size ring signature and deniable ring signature to solve these two problems. This...

In a ) , ( n t threshold proxy signature scheme, one original signer delegates a group of n proxy signers to sign messages on behalf of the original signer. When the proxy signature is created, at least t proxy signers cooperate to generate valid proxy signatures and any less than t proxy signers can’t cooperatively generate valid proxy signatures. So far, all of proposed threshold proxy signat...

Consider a CIA agent who wants to authenticate herself to a server, but does not want to reveal her CIA credentials unless the server is a genuine CIA outlet. Consider also that the CIA server does not want to reveal its CIA credentials to anyone but CIA agents – not even to other CIA servers. In this paper we first show how pairing-based cryptography can be used to implement such secret handsh...

Deniable encryption, introduced in 1997 by Canetti, Dwork, Naor, and Ostrovsky, guarantees that the sender or the receiver of a secret message is able to “fake” the message encrypted in a specific ciphertext in the presence of a coercing adversary, without the adversary detecting that he was not given the real message. Sender side deniable encryption scheme is considered to be one of the classi...