Learn More
In this paper, we propose a new approach for designing distributed systems to survive Internet catastrophes called informed replication, and demonstrate this approach with the design and evaluation of a cooperative backup system called the Phoenix Recovery Service. Informed replication uses a model of correlated failures to exploit software diversity. The(More)
We study Pseudorandom Number Generators (PRNGs) as used in practice. We first give a general security framework for PRNGs, incorporating the attacks that users are typically concerned about. We then analyze the most popular ones, including the ANSI X9.17 PRNG and the FIPS 186 PRNG. Our results also suggest ways in which these PRNGs can be made more(More)
Essentially all known one-time signature schemes can be described as special instances of a general scheme suggested by Bleichen-bacher and Maurer based on " graphs of one-way functions ". Bleichen-bacher and Maurer thoroughly analyze graph based signatures from a combinatorial point of view, studying the graphs that result in the most efficient schemes(More)
We revisit the problem of anonymous communication, in which users wish to send messages to each other without revealing their identities. We propose a novel framework to organize and compare anonymity definitions. In this framework, we present simple and practical definitions for anonymous channels in the context of computational indistinguishability. The(More)
Accumulator schemes were introduced in order to represent a large set of values as one short value called the accumulator. These schemes allow one to generate membership proofs, that is, short witnesses that a certain value belongs to the set. In universal accumulator schemes, efficient proofs of non-membership can also be created. Li et al. (Proceedings of(More)
We study the vulnerability of two implementations of the Data Encryption Standard (DES) cryptosystem under a timing attack. A timing attack is a method, recently proposed by Paul Kocher, that is designed to break cryptographic systems. It exploits the engineering aspects involved in the implementation of cryptosystems and might succeed even against(More)
A transitive signature scheme allows to sign a graph in such a way that, given the signatures of edges (a, b) and (b, c), it is possible to compute the signature for the edge (or path) (a, c) without the signer's secret. Constructions for undirected graphs are known but the case of directed graphs remains open. A first solution for the case of directed(More)