• Publications
  • Influence
Universally composable security: a new paradigm for cryptographic protocols
  • R. Canetti
  • Computer Science
    Proceedings IEEE International Conference on…
  • 14 October 2001
It is shown how to formulate universally composable definitions of security for practically any cryptographic task, and it is demonstrated that practically any such definition can be realized using known techniques, as long as only a minority of the participants are corrupted.
HMAC: Keyed-Hashing for Message Authentication
This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in
Keying Hash Functions for Message Authentication
Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Efficient authentication and signing of multicast streams over lossy channels
This work proposes two efficient schemes, TESLA and EMSS, for secure lossy multicast streams, and offers sender authentication, strong loss robustness, high scalability and minimal overhead at the cost of loose initial time synchronization and slightly delayed authentication.
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
A formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that allows for simple modular proofs of security is presented.
The TESLA Broadcast Authentication Protocol
The TESLA (Timed Efficient Stream Loss-tolerant Authentication) broadcast authentication protocol is presented, an efficient protocol with low communication and computation overhead, which scales to large numbers of receivers, and tolerates packet loss.
Security and Composition of Multiparty Cryptographic Protocols
  • R. Canetti
  • Computer Science, Mathematics
    Journal of Cryptology
  • 2000
In the computational model, this work provides the first definition of security of protocols that is shown to be preserved under composition, and follows the general paradigm of known definitions.
Chosen-Ciphertext Security from Identity-Based Encryption
This work proposes a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme, which avoids non-interactive proofs of “well-formedness” which were shown to underlie most previous constructions.
Chosen-ciphertext secure proxy re-encryption
This work proposes a definition of security against chosen ciphertext attacks for PRE schemes, and presents a scheme that satisfies the definition and formally captures CCA security for PRE scheme via both a game-based definition and simulation-based definitions that guarantee universally composable security.
Universally composable two-party and multi-party secure computation
It is shown how to securely realize any multi-party functionality in a universally composable way, regardless of the number of corrupted participants, which implies that security is preserved under concurrent composition of an unbounded number of protocol executions.