Hash functions are fundamental cryptographic primitives that compress messages of arbitrary length into message digests of a fixed length. They are used as the building block in many important security applications such as digital signatures, message authentication codes, password protection, etc. The three main security properties of hash functions are collision, second preimage and preimage r...

The design of cryptographic algorithms presents certain unique challenges. Over time, we have learned that our intuition about what is secure and what is not is very poor. The history of cryptography is filled with examples of cryptosystems that were thought to be highly-secure but turned out to be completely broken. In addition, unlike other areas of computer science, we have no way of testing...

We provide a new provably-secure steganographic encryption protocol that is proven secure in the complexity-theoretic framework of Hopper et al. The fundamental building block of our steganographic encryption protocol is a “one-time stegosystem” that allows two parties to transmit one-time steganographic messages of length shorter than the shared key with information-theoretic security guarante...

This paper examines methods for formally proving the security of cryptographic schemes. We show that, despite many years of active research and dozens of significant results, there are fundamental problems which have yet to be solved. We also present a new approach to one of the more controversial aspects of provable security, the random oracle model.

Strong, machine-checked security proofs of operating systems have been in the too hard basket long enough. They will still be too hard for large mainstream operating systems, but even for systems designed from the ground up for security they have been counted as infeasible. There are high-level formal models, nice security properties, ways of architecting and engineering secure systems, but no ...

This thesis deals with two main matters of modern public key cryptography: provable security and efficient implementation. Indubitably, security is the most important property of any cryptographic scheme. Nevertheless, cryptographic algorithms have often been designed on a trial-and-error basis, i. e., a system has been regarded as secure as long as it withstood cryptanalytic attacks. In contra...

The design of cryptographic algorithms presents certain unique challenges. Over time, we have learned that our intuition about what is secure and what is not is very poor. The history of cryptography is filled with examples of cryptosystems that were thought to be highly-secure but turned out to be completely broken. In addition, unlike other areas of computer science, we have no way of testing...

We propose a formal model for security of verifiable shuffles and a new efficient verifiable shuffle system based on the Paillier encryption scheme, and prove its security in the proposed model. The model is general, so it can be extended to verifiable shuffle decryption and provides a direction for provable security of mix-nets.