• Publications
  • Influence
Random oracles are practical: a paradigm for designing efficient protocols
We argue that the random oracle model—where all parties have access to a public random oracles—provides a bridge between cryptographic theory and cryptographic practice. Expand
Entity Authentication and Key Distribution
We provide the first formal treatment of entity authentication and authenticated key distribution appropriate to the distributed environment for the symmetric, two-party setting. Expand
Authenticated Key Exchange Secure against Dictionary Attacks
Password-based protocols for authenticated key exchange (AKE) are designed to work despite the use of passwords drawn from a space so small that an adversary might well enumerate, off line, all possible passwords. Expand
Relations among Notions of Security for Public-Key Encryption Schemes
We compare the relative strengths of popular notions of security for public key encryption schemes under chosen plaintext attack and two kinds of chosen ciphertext attack. Expand
OCB: a block-cipher mode of operation for efficient authenticated encryption
We describe a parallelizable block-cipher mode of operation that simultaneously provides privacy and authenticity. Expand
A concrete security treatment of symmetric encryption
We study notions and schemes for symmetric (ie. private key) encryption in a concrete security framework. Expand
Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC
  • P. Rogaway
  • Mathematics, Computer Science
  • 5 December 2004
We describe highly efficient constructions, XE and XEX, that turn a blockcipher \(E: \mathcal{K} \times \{0, 1 \}^{n} \rightarrow \{\mathbb{I}\) into a tweakable blockc Cipher. Expand
Optimal Asymmetric Encryption
We exhibit an encryption scheme for which (i) any string x of length slightly less than k bits can be encrypted as f(rx), where r x is a simple probabilistic encoding of x depending on the hash function, and (ii) the scheme is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack. Expand
The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin
We describe an RSA-based signing scheme which combines essentially optimal efficiency with attractive security properties; we provide a second scheme which maintains all of the above features and in addition provides message recovery. Expand
The Security of the Cipher Block Chaining Message Authentication Code
Finite PRFs, and the concrete security analysis of constructions based on them, is a technique for investigating the e cacy of many classical (not-so-classical) cryptographic constructions. Expand