A protocol compiler is described, that transforms any provably secure authenticated 2-party key establishment into a provably secure authenticated group key establishment with 2 more rounds of communication. The compiler introduces neither idealizing assumptions nor high-entropy secrets, e. g., for signing. In particular, applying the compiler to a password-authenticated 2-party key establishme...

Password-protected secret sharing (PPSS) schemes allow a user to publicly share its high-entropy secret across different servers and to later recover it by interacting with some of these servers using only his password without requiring any authenticated data. In particular, this secret will remain safe as long as not too many servers get corrupted. However, servers are not always reliable and ...

We study ballot secrecy and ballot independence for election schemes. First, we propose a definition of ballot secrecy as an indistinguishability game in the computational model of cryptography. Our definition builds upon and strengthens earlier definitions to ensure that ballot secrecy is preserved in the presence of an adversary that controls the bulletin board and communication channel. Seco...

We study the two-party commitment problem, where two players have secret values they wish to commit to each other. Traditional commitment schemes cannot be used here because they do not guarantee independence of the committed values. We present three increasingly strong definitions of independence in this setting and give practical protocols for each. Our work is related to work in non-malleabl...

We consider a type of zero-knowledge protocols that are of interest for their practical applications within networks like the Internet: efficient zero-knowledge arguments of knowledge that remain secure against concurrent man-in-the-middle attacks. As negative results in the area of concurrent non-malleable zero-knowledge imply that protocols in the standard setting (i.e., under no setup assump...

Deploying distributed services over a complex network topology presents a challenge, one of mapping the objects to locations in an optimal manner. This mapping needs to be dynamic, taking current network conditions into consideration. Remapping services is manual-intensive, requires operator effort and may result in service downtime. The Mojave project described here investigates an architectur...

The inflatable penile prosthesis (IPP) is an effective erectile dysfunction (ED) treatment modality when oral and injectable therapies fail to achieve satisfactory results. Unfortunately, infection of the prosthetic remains a dreaded complication occurring in a small fraction of patients despite advances in device design and surgical techniques. With a prosthetic infection or erosion, classic m...

We show a reduction from the existence of explicit t-non-malleable extractors with a small seed length, to the construction of explicit two-source extractors with small error for sources with arbitrarily small constant rate. Previously, such a reduction was known either when one source had entropy rate above half [Raz05] or for general entropy rates but only for large error [CZ16]. As in previo...

We describe an elliptic curve encryption scheme, PSEC (provably secure elliptic curve encryption scheme), which has two versions: PSEC-1 and PSEC-2. PSEC-1 is a public-key encryption system that uses the elliptic curve ElGamal trapdoor function and a random function (hash function). PSEC-2 is a public-key encryption system that uses the elliptic curve ElGamal trapdoor function, two random funct...

We describe a novel public-key cryptosystem, EPOC (Efficient Probabilistic Public-Key Encryption), which has two versions: EPOC-1 and EPOC-2. EPOC-1 is a public-key encryption system that uses a one-way trapdoor function and a random function (hash function). EPOC-2 is a public-key encryption system that uses a one-way trapdoor function, two random functions (hash functions) and a symmetric-key...