Maria Isabel Gonzalez Vasco

Learn More
We examine the popular proof models for group key establishment of Bresson et al. (LNCS 2248: 290–309, 2001; Proceedings of the 8th ACM conference on computer and communications security (CCS-8), 2001) and point out missing security properties addressing malicious protocol participants. We show that established group key establishment schemes from CRYPTO(More)
A protocol compiler is described, that transforms any provably secure authenticated 2-party key establishment into a provably secure authenticated group key establishment with 2 more rounds of communication. The compiler introduces neither idealizing assumptions nor high-entropy secrets, e. g., for signing. In particular, applying the compiler to a(More)
Abstract. Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a “hidden” element α of a finite field IFp of p elements from rather short strings of the most significant bits of the remainder modulo p of αt for several values of t selected uniformly at random from IF∗p. We use some recent bounds of exponential sums to(More)
Wagner and Magyarik outlined a conceptual public key cryptosystem based on the hardness of the word problem for finitely presented groups. At the same time, they gave a specific example of such a system. We prove that in the present form their approach is vulnerable to so-called reaction attacks. In particular, for the proposed instance it is possible to(More)
We generalize and extend results obtained by Boneh and Venkatesan in 1996 and by González Vasco and Shparlinski in 2000 on the hardness of computing bits of the Diffie-Hellman key, given the public values. Specifically, while these results could only exclude (essentially) error-free predictions, we here exclude any non-negligible advantage, though for(More)
A mode of operation of the Elliptic Curve Digital Signature Algorithm (ECDSA) is presented which provably excludes subliminal communication through ECDSA signatures. For this, the notion of a signature scheme that is subliminal-free with proof is introduced which can be seen as generalizing subliminal-free signatures and being intermediate to the(More)
In traditional e-cash systems, the tradeoff between anonymity and fraud-detection is solved by hiding the identity of the user into the e-coin, and providing an additional triggering mechanism that opens this identity in case of double spending. Hence, fraud detection implies loss of anonymity. This seems to be a somewhat natural solution when universality(More)
Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a “hidden” element α of a finite field Fp of p elements from rather short strings of the most significant bits of the remainder modulo p of αt for several values of t selected uniformly at random from Fp. Unfortunately the applications to the computational security of(More)
A provably secure password-authenticated protocol for group key establishment in the common reference string (CRS) model is presented. Our construction assumes the participating users to share a common password and combines smooth hashing as introduced by Cramer and Shoup with a construction of Burmester and Desmedt. Our protocol is constant-round. Namely,(More)