A pseudorandom function F:\mathcalK*\mathcalX→\mathcalY is said to be key homomorphic
if given F (k 1, x) and F (k 2, x) there is an efficient algorithm to compute F (k 1⊕ k 2, x) …

We introduce a new primitive, called trapdoor hash functions (TDH), which are hash
functions H:{0, 1\}^ n → {0, 1\}^ λ with additional trapdoor function-like properties …

A key-homomorphic pseudorandom function (PRF) family {F s: D→ R} allows one to
efficiently compute the value F s+ t (x) given F s (x) and F t (x). Such functions have many …

We provide a formal treatment of security of digital signatures against subversion attacks
(SAs). Our model of subversion generalizes previous work in several directions, and is …

Non-malleable codes, defined by Dziembowski, Pietrzak, and Wichs (ICS'10), provide
roughly the following guarantee: if a codeword c encoding some message x is tampered to …

Yao's garbled-circuit approach enables constant-round secure two-party computation of any
function. In Yao's original construction, each gate in the circuit requires the parties to perform …

We show how to leverage the RKA (Related-Key Attack) security of blockciphers to provide
RKA security for a suite of high-level primitives. This motivates a more general theoretical …

We undertake a general study of hash functions secure under correlated inputs, meaning
that security should be maintained when the adversary sees hash values of many related …

WeN consider a public and keyless code (Enc, Dec) which is used to encode a message m
and derive a codeword c= Enc (m). The codeword can be adversarially tampered via a …

In this work, we present efficient public-key encryption schemes resilient against linear
related key attacks (RKA) under standard assumptions and in the standard model …