Learn More
We propose a new methodology for rational secret sharing leading to various instantiations (in both the two-party and multi-party settings) that are simple and efficient in terms of computation , share size, and round complexity. Our protocols do not require physical assumptions or simultaneous channels, and can even be run over asynchronous, point-to-point(More)
A modular approach to constructing cryptographic protocols leads to simple designs but often inefficient instantiations. On the other hand, ad hoc constructions may yield efficient protocols at the cost of losing conceptual simplicity. We suggest a new design paradigm, structure-preserving cryptography, that provides a way to construct modular protocols(More)
We introduce signatures where signers can only sign messages that conform to some policy, yet privacy of the policy is maintained. We provide definitions and show that policy-based signatures provide a framework which yields a unified view of many other existing types of signatures that now appear as special cases. We also show how still other primitives(More)
Electronic cash (e-cash) refers to money exchanged electronically. The main features of traditional cash are usually considered desirable also in the context of e-cash. One such property is off-line trans-ferability, meaning the recipient of a coin in a transaction can transfer it in a later payment transaction to a third person without contacting a central(More)
Since its introduction in 2009, Bitcoin has become the most successful cryptocurrency ever deployed. However, the currency's dramatic expansion has also raised serious concerns about its long-term sustainability: (1) Bitcoin mining dynamics have shifted away from decentralization, as dedicated hardware and entry of governments and energy producers has(More)
In 2008, Groth and Sahai proposed a general methodology for constructing non-interactive zero-knowledge (and witness-indistinguishable) proofs in bilinear groups. While avoiding expensive NP-reductions, these proof systems are still inefficient due to the number of pairing computations required for verification. We apply recent techniques of batch(More)
We extend the notion of verifiable random functions (VRF) to constrained VRFs, which generalize the concept of constrained pseudorandom functions, put forward by Boneh and Waters (Asiacrypt'13), and independently by Kiayias et al. (CCS'13) and Boyle et al. (PKC'14), who call them delegatable PRFs and functional PRFs, respectively. In a standard VRF the(More)
Round-optimal blind signatures are notoriously hard to construct in the standard model, especially in the malicious-signer model, where blindness must hold under adversarially chosen keys. This is substantiated by several impossibility results. The only construction that can be termed theoretically efficient, by Garg and Gupta (Eurocrypt'14), requires(More)
Cryptographic access control promises to offer easily distributed trust and broader applicability, while reducing reliance on low-level online monitors. Traditional implementations of cryptographic access control rely on simple cryptographic primitives whereas recent endeavors employ primitives with richer functionality and security guarantees. Worryingly,(More)
Motivated by the subversion of " trusted " public parameters in mass-surveillance activities, this paper studies the security of NIZKs in the presence of a maliciously chosen common reference string. We provide definitions for subversion soundness, subversion witness indistinguishability and subversion zero knowledge. We then provide both negative and(More)