Learn More
In this paper we show how to divide data <italic>D</italic> into <italic>n</italic> pieces in such a way that <italic>D</italic> is easily reconstructable from any <italic>k</italic> pieces, but even complete knowledge of <italic>k</italic> - 1 pieces reveals absolutely no information about <italic>D</italic>. This technique enables the construction of(More)
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented(More)
I n t h i s p a p e r w e i n t r o d u c e a novel t y p e of c r y p t o g r a p h i c scheme, which e n a b l e s any p a i r o f u s e r s t o communicate s e c u r e l y and t o v e r i f y each o t h e r ' s s i g n a t u r e s w i t h o u t exchanging p r i v a t e o r p u b l i c k e y s , w i t h-o u t keeping key d i r e c t o r i e s , and w i t(More)
In this paper we consider a new type of cryptographic scheme, which can decode concealed images without any cryptographic computations. The scheme is perfectly secure and very easy to implement. We extend it into a visual variant of the k out of n secret sharing problem, in which a dealer provides a transparency to each one of the n users; any k of them can(More)
In this paper we present several weaknesses in the key scheduling algorithm of RC4, and describe their cryptanalytic significance. We identify a large number of weak keys, in which knowledge of a small number of key bits suffices to determine many state and output bits with non-negligible probability. We use these weak keys to construct new distinguishers(More)
Storage media such as digital optical disks, PROMS, or paper tape consist of a number of "write-once" bit positions (wits); each wit initially contains a "0" that may later be irreversibly overwritten with a "1." It is demonstrated that such "write-once memories" (woms) can be "rewritten" to a surprising degree. For example, only 3 wits suffice to represent(More)
  • R Feynman, Quan, +23 authors U Vazi-Rani
  • 1994
Are there interactive protocols for co-NP languages? " Inform. book contains reprints of the articles that were critical in the development of the fastest known factoring algorithm. A rigorous time bound for factoring integers, " J. Amer. Math. Soc. An improved algorithm for computing discrete logarithms over GF(p) and its cryptographic significance, " IEEE(More)
In this paper we formalize the notion of a ring signature, which makes it possible to specify a set of possible signers without revealing which member actually produced the signature. Unlike group signatures, ring signatures have no group managers, no setup procedures, no revocation procedures, and no coordination: any user can choose any set of possible(More)
The Data Encryption Standard (DES) is the best known and most widely used cryptosystem for civilian applications. It was developed at IBM and adopted by the National Bureau of Standards in the mid 1970s, and has successfully withstood all the attacks published so far in the open literature. In this paper we develop a new type of cryptanalytic attack which(More)