Very few countermeasures are known to protect an exponentiation against simple side-channel analyses. Moreover, all of them are heuristic. This paper presents a universal exponentiation algorithm. By tying the exponent to a corresponding addition chain, our algorithm can virtually execute any exponentiation method. Our aim is to transfer the security of the exponentiation method being implement...

On Crypto '88, an untraceable payment system with provable security against abuse by individuals was presented by Damgård. We show how to break the untraceability of that system completely. Next, an improved version of the system is presented. We also augment the system by security for the individuals against loss of money, and we introduce the possibility of receipts for payments. Finally, whe...

Building on a previous important work of Cachin, Crépeau, and Marcil [15], we present a provably secure and more efficient protocol for ( 2 1 ) -Oblivious Transfer with a storage-bounded receiver. A public random string of n bits long is employed, and the protocol is secure against any receiver who can store γn bits, γ < 1. Our work improves the work of CCM [15] in two ways. First, the CCM prot...

Modern Critical infrastructures have command and control systems. These command and control systems are commonly called supervisory control and data acquisition (SCADA). In the past, SCADA system has a closed operational environment, so these systems were designed without security functionality. Nowadays, as a demand for connecting the SCADA system to the open network growths, the study of SCAD...

We identify a flaw in the security proof and a flaw in the concrete security analysis of the WOTS-PRF variant of the Winternitz one-time signature scheme, and discuss the implications to its concrete security.

This paper investigates the Random Oracle Model (ROM) feature known as programmability, which allows security reductions in the ROM to dynamically choose the range points of an ideal hash function. This property is interesting for at least two reasons: first, because of its seeming artificiality (no standard model hash function is known to support such adaptive programming); second, the only kn...

Tokenization is the process of consistently replacing sensitive elements, such as credit cards numbers, with non-sensitive surrogate values. As tokenization is mandated for any organization storing credit card data, many practical solutions have been introduced and are in commercial operation today. However, all existing solutions are static yet, i.e., they do not allow for efficient updates of...

In this paper, we first construct a security model for delegation-bywarrant ID-based proxy signcryption schemes and formalize notions of security for them. To the best of our knowledge, no related work has been done. Then we present such a scheme based on the bilinear pairings, and show that it is provably secure in the random oracle model. Specifically, we prove its semantic security under the...

We construct a provably secure mix-net from any CCA2 secure cryptosystem. The mix-net is secure against active adversaries that statically corrupt less than λ out of k mix-servers, where λ is a threshold parameter, and it is robust provided that at most min(λ− 1, k − λ) mix-servers are corrupted. The main component of our construction is a mix-net that outputs the correct result if all mix-serv...

Very few countermeasures are known to protect an exponentiation against simple side-channel analyses. Moreover, all of them are heuristic. This paper presents a universal exponentiation algorithm. By tying the exponent to a corresponding addition chain, our algorithm can virtually execute any exponentiation method. Our aim is to transfer the security of the exponentiation method being implement...