A formal security analysis of the signal messaging protocol
The Signal protocol is a cryptographic messaging protocol that provides end-to-end
encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among …
encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among …
Wave: A new family of trapdoor one-way preimage sampleable functions based on codes
We present here a new family of trapdoor one-way functions that are Preimage Sampleable
on Average (PSA) based on codes, the Wave-PSA family. The trapdoor function is one-way …
on Average (PSA) based on codes, the Wave-PSA family. The trapdoor function is one-way …
Practical and tightly-secure digital signatures and authenticated key exchange
K Gjøsteen, T Jager - Advances in Cryptology–CRYPTO 2018: 38th …, 2018 - Springer
Tight security is increasingly gaining importance in real-world cryptography, as it allows to
choose cryptographic parameters in a way that is supported by a security proof, without the …
choose cryptographic parameters in a way that is supported by a security proof, without the …
On the tight security of TLS 1.3: Theoretically sound cryptographic parameters for real-world deployments
We consider the theoretically sound selection of cryptographic parameters, such as the size
of algebraic groups or RSA keys, for TLS 1.3 in practice. While prior works gave security …
of algebraic groups or RSA keys, for TLS 1.3 in practice. While prior works gave security …
Tighter proofs for the SIGMA and TLS 1.3 key exchange protocols
H Davis, F Günther - … Conference on Applied Cryptography and Network …, 2021 - Springer
We give new, fully-quantitative and concrete bounds that justify the SIGMA and TLS 1.3 key
exchange protocols not just in principle, but in practice. By this we mean that, for …
exchange protocols not just in principle, but in practice. By this we mean that, for …
More efficient digital signatures with tight multi-user security
We construct the currently most efficient signature schemes with tight multi-user security
against adaptive corruptions. It is the first generic construction of such schemes, based on …
against adaptive corruptions. It is the first generic construction of such schemes, based on …
Toothpicks: More efficient fork-free two-round multi-signatures
Tightly secure cryptographic schemes can be implemented with standardized parameters,
while still having a sufficiently high security level backed up by their analysis. In a recent …
while still having a sufficiently high security level backed up by their analysis. In a recent …
Authenticated key exchange and signatures with tight security in the standard model
We construct the first authenticated key exchange protocols that achieve tight security in the
standard model. Previous works either relied on techniques that seem to inherently require a …
standard model. Previous works either relied on techniques that seem to inherently require a …
Lattice-based signatures with tight adaptive corruptions and more
We construct the first tightly secure signature schemes in the multi-user setting with adaptive
corruptions from lattices. In stark contrast to the previous tight constructions whose security is …
corruptions from lattices. In stark contrast to the previous tight constructions whose security is …
Highly efficient key exchange protocols with optimal tightness
In this paper we give nearly-tight reductions for modern implicitly authenticated Diffie-
Hellman protocols in the style of the Signal and Noise protocols, which are extremely simple …
Hellman protocols in the style of the Signal and Noise protocols, which are extremely simple …