Aggregate and verifiably encrypted signatures from bilinear maps
An aggregate signature scheme is a digital signature that supports aggregation: Given n
signatures on n distinct messages from n distinct users, it is possible to aggregate all these …
signatures on n distinct messages from n distinct users, it is possible to aggregate all these …
An efficient system for non-transferable anonymous credentials with optional anonymity revocation
J Camenisch, A Lysyanskaya - … Conference on the Theory and Application …, 2001 - Springer
A credential system is a system in which users can obtain credentials from organizations
and demonstrate possession of these credentials. Such a system is anonymous when …
and demonstrate possession of these credentials. Such a system is anonymous when …
Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack
R Cramer, V Shoup - SIAM Journal on Computing, 2003 - SIAM
A new public-key encryption scheme, along with several variants, is proposed and analyzed.
The scheme and its variants are quite practical and are proved secure against adaptive …
The scheme and its variants are quite practical and are proved secure against adaptive …
Random oracles in constantipole: practical asynchronous byzantine agreement using cryptography
Byzantine agreement requires a set of parties in a distributed system to agree on a value
even if some parties are corrupted. A new protocol for Byzantine agreement in a completely …
even if some parties are corrupted. A new protocol for Byzantine agreement in a completely …
Tree-based group key agreement
Secure and reliable group communication is an active area of research. Its popularity is
fueled by the growing importance of group-oriented and collaborative applications. The …
fueled by the growing importance of group-oriented and collaborative applications. The …
Compact e-cash
J Camenisch, S Hohenberger… - … Conference on the Theory …, 2005 - Springer
This paper presents efficient off-line anonymous e-cash schemes where a user can
withdraw a wallet containing 2 ℓ coins each of which she can spend unlinkably. Our first …
withdraw a wallet containing 2 ℓ coins each of which she can spend unlinkably. Our first …
Practical verifiable encryption and decryption of discrete logarithms
J Camenisch, V Shoup - Annual International Cryptology Conference, 2003 - Springer
This paper addresses the problem of designing practical protocols for proving properties
about encrypted data. To this end, it presents a variant of the new public key encryption of …
about encrypted data. To this end, it presents a variant of the new public key encryption of …
Sequential aggregate signatures and multisignatures without random oracles
We present the first aggregate signature, the first multisignature, and the first verifiably
encrypted signature provably secure without random oracles. Our constructions derive from …
encrypted signature provably secure without random oracles. Our constructions derive from …
Optimistic fair exchange of digital signatures
We present a new protocol that allows two players to exchange digital signatures over the
Internet in a fair way, so that either each player gets the other's signature, or neither player …
Internet in a fair way, so that either each player gets the other's signature, or neither player …
Accountability: definition and relationship to verifiability
R Küsters, T Truderung, A Vogt - … of the 17th ACM conference on …, 2010 - dl.acm.org
Many cryptographic tasks and protocols, such as non-repudiation, contract-signing, voting,
auction, identity-based encryption, and certain forms of secure multi-party computation …
auction, identity-based encryption, and certain forms of secure multi-party computation …