Learn More
Our contribution is twofold: first we describe a very compact hardware implementation of AES-128, which requires only 2400 GE. This is to the best of our knowledge the smallest implementation reported so far. Then we apply the threshold countermeasure by Nikova et al. to the AES S-box and yield an implementation of the AES improving the level of resistance(More)
Pseudorandom Generators (PRGs) based on the RSA inversion (one-wayness) problem have been extensively studied in the literature over the last 25 years. These generators have the attractive feature of provable pseudorandomness security assuming the hardness of the RSA inversion problem. However, despite extensive study, the most efficient provably secure(More)
We study the natural problem of secure n-party computation (in the passive, computationally unbounded attack model) of the n-product function f G (x 1 ,. .. , x n) = x 1 · x 2 · · · x n in an arbitrary finite group (G, ·), where the input of party Pi is xi ∈ G for i = 1,. .. , n. For flexibility, we are interested in protocols for f G which require only(More)
Motivated by privacy issues associated with dissemination of signed digital certificates, we define a new type of signature scheme called a 'Universal Designated-Verifier Signature' (UDVS). A UDVS scheme can function as a standard publicly-verifiable digital signature but has additional functional-ity which allows any holder of a signature (not necessarily(More)
Multireceiver authentication codes allow one sender to construct an authenticated message for a group of receivers such that each receiver can verify authenticity of the received message. In this paper, we give a formal dee-nition of multireceiver authentication codes, derive information theoretic and combinatorial lower bounds on their performance and give(More)
Standard signature schemes are usually designed only to achieve weak unforgeability – i.e. preventing forgery of signatures on new messages not previously signed. However, most signature schemes are randomised and allow many possible signatures for a single message. In this case, it may be possible to produce a new signature on a previously signed message.(More)
We present efficient Identity-Based Encryption (IBE) and signature schemes under the Symmetric External Diffie-Hellman (SXDH) assumption in bilinear groups; our IBE scheme also achieves anonymity. In both the IBE and the signature schemes, all parameters have constant numbers of group elements, and are shorter than those of previous constructions based on(More)