Recently Cash, Kiltz, and Shoup [20] showed a variant of the Cramer-Shoup (CS) public key encryption (PKE) scheme [21] whose chosen-ciphertext (CCA) security relies on the computa...
In this paper, we show that two variants of Stern's identification scheme [IEEE Transaction on Information Theory '96] are provably secure against concurrent attack unde...
The collision-resistance of hash functions is an important foundation of many cryptographic protocols. Formally, collision-resistance can only be expected if the hash function in f...
Every public-key encryption scheme has to incorporate a certain amount of randomness into its ciphertexts to provide semantic security against chosen ciphertext attacks (IND-CCA). ...
In an oblivious transfer (OT) protocol, a Sender with messages M1, . . . , MN and a Receiver with indices 1, . . . , k [1, N] interact in such a way that at the end the Receiver ...