Learn More
reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. Abstract We present a rigorous model for secure reactive systems in asynchronous networks with a sound(More)
We consider compositional properties of reactive systems that are secure in a cryptographic sense. We follow the well-known simulatability approach, i.e., the specification is an ideal system and a real system should in some sense simulate it. We recently presented the first detailed general definition of this concept for reactive systems that allows(More)
Fingerprinting schemes deter people from illegally redistributing digital data by enabling the original merchant of the data to identify the original buyer of a redistributed copy. Recently, asymmetric fingerprinting schemes were introduced. Here, only the buyer knows the fingerprinted copy after a sale, and if the merchant finds this copy somewhere, he(More)
Fail-stop signatures can briefly be characterized as digital signatures that allow the signer to prove that a given forged signature is indeed a forgery. After such a proof has been published, the system can be stopped. This type of security is strictly stronger than that achievable with ordinary digital signatures as introduced by Diffie and Hellman in(More)
One-way accumulators, introduced by Benaloh and de Mare, can be used to accumulate a large number of values into a single one, which can then be used to authenticate every input value without the need to transmit the others. However, the one-way property does is not suucient for all applications. In this paper, we generalize the deenition of accumulators(More)
Bridging the gap between formal methods and cryptography has recently received a lot of interest, i.e., investigating to what extent proofs of cryptographic protocols made with abstracted cryptographic operations are valid for real implementations. However, a major goal has not been achieved yet: a soundness proof for an abstract crypto-library as needed(More)
At Eurocrypt 1993, Park, Itoh, and Kurosawa presented an " all/nothing election scheme and anonymous channel ". The schemes are based on the mix-net and the election scheme constructed from this anonymous channel (Chaum 1981). One of the two main improvements is that the messages sent by normal participants are significantly shorter in the two new anonymous(More)
MIXes are a means of untraceable communication based on a public key cryptosystem, as published by David Chaum in 1981 (CACM 24/2, 84-88) (=[6]). In the case where RSA is used as this cryptosystem directly, i.e. without composition with other functions (e.g. destroying the multiplicative structure), we show how the resulting MIXes can be broken by an active(More)