One-way functions and Pseudorandom generators
Combinatorica - Theory of Computing
Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
One-way functions are necessary and sufficient for secure signatures
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
The longtime behavior of solutions to a quasilinear combustion model
Nonlinear Analysis: Theory, Methods & Applications
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
On the power of cascade ciphers
ACM Transactions on Computer Systems (TOCS)
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Communications of the ACM
Pubic Randomness in Cryptography
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On the Security of Joint Signature and Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Security Amplification by Composition: The Case of Doubly-Iterated, Ideal Ciphers
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
OCB: A block-cipher mode of operation for efficient authenticated encryption
ACM Transactions on Information and System Security (TISSEC)
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Characterization of Security Notions for Probabilistic Private-Key Encryption
Journal of Cryptology
Foundations of cryptography: a primer
Foundations and Trends® in Theoretical Computer Science
Using hash functions as a hedge against chosen ciphertext attack
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Robuster combiners for oblivious transfer
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Multi-property preserving combiners for hash functions
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Chosen-ciphertext security of multiple encryption
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
On robust combiners for oblivious transfer and other primitives
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On robust combiners for private information retrieval and other primitives
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
On the impossibility of efficiently combining collision resistant hash functions
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
The security of triple encryption and a framework for code-based game-playing proofs
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
On complete primitives for fairness
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
| Hi-index | 0.00 |
Cryptographic schemes are often designed as a combination of multiple component cryptographic modules. Such a combiner design is robust for a (security) specification if it meets the specification, provided that a sufficient subset of the components meet their specifications. A folklore combiner for encryption is cascade, i.e. c=ℰ ′′ e ′′(ℰ ′ e ′(m)). We show that cascade is a robust combiner for cryptosystems, under three important indistinguishability specifications: chosen plaintext attack (IND-CPA), non-adaptive chosen ciphertext attack (IND-CCA1), and replayable chosen ciphertext attack (IND-rCCA). We also show that cascade is not robust for the important specifications adaptive CCA (IND-CCA2) and generalized CCA (IND-gCCA). The IND-rCCA and IND-gCCA specifications are closely related, and this is an interesting difference between them. All specifications are defined within. We also analyze few other basic and folklore combiners. In particular, we show that the following are robust combiners: the parallel combiner f(x)=f″(x)‖f′(x) for one-way functions, the XOR-input combiner c=(ℰ″ e ′′(m⌖r),ℰ′ e ′(r)) for cryptosystems, and the copy combiner f k″,k′(m)=f″ k″(m)‖f′ k′(m) for integrity tasks such as Message Authentication Codes (MAC) and signature schemes. Cascade is also robust for the hiding property of commitment schemes, and the copy combiner is robust for the binding property, but neither is a robust combiner for both properties. We present (new) robust combiners for commitment schemes; these new combiners can be viewed as a composition of the cascade and the copy combiners. Our combiners are simple, efficient and practical.