#### Filter Results:

- Full text PDF available (238)

#### Publication Year

1988

2017

- This year (4)
- Last 5 years (52)
- Last 10 years (90)

#### Publication Type

#### Co-author

#### Journals and Conferences

#### Key Phrases

Learn More

- Mihir Bellare, Phillip Rogaway
- ACM Conference on Computer and Communications…
- 1993

We argue that the random oracle model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol <italic>P</italic> is produced by first devising and proving correct a protocol <italic>P<supscrpt>R</supscrpt></italic> for the… (More)

- Mihir Bellare, Ran Canetti, Hugo Krawczyk
- CRYPTO
- 1996

The use of cryptographic hash functions like MD5 or SHA for message authentication has become a standard approach in many Internet applications and protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis. We present new constructions of message authentication schemes based on a… (More)

- Mihir Bellare, Phillip Rogaway
- CRYPTO
- 1993

Entity authentication and key distribution are central cryptographic problems in distributed computing|but up until now, they have lacked even a meaningful de nition. One consequence is that incorrect and ine cient protocols have proliferated. This paper provides the rst treatment of these problems in the complexity-theoretic framework of modern… (More)

- Mihir Bellare, Chanathip Namprempre
- Journal of Cryptology
- 2000

An authenticated encryption scheme is a symmetric encryption scheme whose goal is to provide both privacy and integrity. We consider two possible notions of authenticity for such schemes, namely integrity of plaintexts and integrity of ciphertexts, and relate them, when coupled with IND-CPA (indistinguishability under chosen-plaintext attack), to the… (More)

- Mihir Bellare, Anand Desai, David Pointcheval, Phillip Rogaway
- CRYPTO
- 1998

We compare the relative strengths of popular notions of security for public-key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen-plaintext attack and two kinds of chosen-ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one notion must meet the… (More)

- Mihir Bellare, Phillip Rogaway
- EUROCRYPT
- 1996

We describe an RSA-based signing scheme which combines essentially optimal e ciency with attractive security properties. Signing takes one RSA decryption plus some hashing, veri cation takes one RSA encryption plus some hashing, and the size of the signature is the size of the modulus. Assuming the underlying hash functions are ideal, our schemes are not… (More)

- Mihir Bellare, Phillip Rogaway
- EUROCRYPT
- 1994

- Phillip Rogaway, Mihir Bellare, John Black, Ted Krovetz
- ACM Conference on Computer and Communications…
- 2001

We describe a parallelizable block-cipher mode of operation that simultaneously provides privacy and authenticity. OCB encrypts-and-authenticates a nonempty string <i>M</i> ε {0,1}• using \lceil |M|/n\rceil + 2 block-cipher invocations, where <i>n</i> is the block length of the underlying block cipher. Additional overhead is small. OCB refines a… (More)

- Mihir Bellare, Joe Kilian, Phillip Rogaway
- J. Comput. Syst. Sci.
- 2000

Let F be some block cipher (eg., DES) with block length l. The Cipher Block Chaining Message Authentication Code (CBC MAC) speci es that an m-block message x = x1 xm be authenticated among parties who share a secret key a for the block cipher by tagging x with a pre x of ym, where y0 = 0 l and yi = Fa(mi yi 1) for i = 1; 2; : : : ;m. This method is a… (More)

- Mihir Bellare, Phillip Rogaway
- STOC
- 1995

We study session key distribution in the three party set ting of Needham and Schroeder This is the trust model assumed by the popular Kerberos authentication system Such protocols are basic building blocks for contemporary distributed systems yet the underlying problem has up un til now lacked a de nition or provably good solution One consequence is that… (More)