How to prove all NP-statements in zero-knowledge, and a methodology of cryptographic protocol design
Proceedings on Advances in cryptology---CRYPTO '86
Practical zero-knowledge proofs: giving hints and using deficiencies
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Zero-knowledge undeniable signatures (extended abstract)
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Practical and provably secure release of a secret and exchange of signatures
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
RSA-Based Undeniable Signatures for General Moduli
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
A Simple and Secure Way to Show the Validity of Your Public Key
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Proving in zero-knowledge that a number is the product of two safe primes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
A Generic Construction of Timed-Release Encryption with Pre-open Capability
IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
Journal of Computer Science and Technology
Efficient and non-interactive timed-release encryption
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Timed release cryptography from bilinear pairings using hash chains
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
A timed-release key management scheme for backward recovery
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Timed encryption with application to deniable key exchange
TAMC'12 Proceedings of the 9th Annual international conference on Theory and Applications of Models of Computation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Efficient modular exponentiation-based puzzles for denial-of-service protection
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Improved anonymous timed-release encryption
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Practical time capsule signatures in the standard model from bilinear maps
Pairing'07 Proceedings of the First international conference on Pairing-Based Cryptography
Hi-index | 0.00 |
Let n be a large composite number. Without factoring n, the computation of a2t (mod n) given a, t with gcd(a, n) = 1 and t n can be done in t squarings modulo n. For t ≪ n (e.g., n ≥ 21024 and t 100), no lower complexity than t squarings is known to fulfill this task. Rivest et al suggested to use such constructions as good candidates for realising timed-release crypto problems. We argue the necessity for a zero-knowledge proof of the correctness of such constructions and propose the first practically efficient protocol for a realisation. Our protocol proves, in log2 t standard crypto operations, the correctness of (ae)2t (mod n) with respect to ae where e is an RSA encryption exponent. With such a proof, a Timed-release Encryption of a message M can be given as a2t M (mod n) with the assertion that the correct decryption of the RSA ciphertext Me (mod n) can be obtained by performing t squarings modulo n starting from a. Timed-release RSA signatures can be constructed analogously.