November  2019, 13(4): 517-558. doi: 10.3934/amc.2019034

Critical perspectives on provable security: Fifteen years of "another look" papers

1. 

Department of Mathematics, University of Washington, USA

2. 

Department of Combinatorics & Optimization, University of Waterloo, Canada

Received  October 2018 Published  June 2019

We give an overview of our critiques of "proofs" of security and a guide to our papers on the subject that have appeared over the past decade and a half. We also provide numerous additional examples and a few updates and errata.

Citation: Neal Koblitz, Alfred Menezes. Critical perspectives on provable security: Fifteen years of "another look" papers. Advances in Mathematics of Communications, 2019, 13 (4) : 517-558. doi: 10.3934/amc.2019034
References:
[1]

M. Abdalla, et al., Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions, J. Cryptology, 21 (2008), 350-391. doi: 10.1007/s00145-007-9006-6. Google Scholar

[2]

M. Abdalla, M. Bellare and G. Neven, Robust encryption, Theory of Cryptography, 480–497, Lecture Notes in Comput. Sci., 5978, Springer, Berlin, 2010. doi: 10.1007/978-3-642-11799-2_28. Google Scholar

[3]

M. Abdalla, F. Benhamouda, A. Passelègue and K. Paterson, Related-key security for pseudorandom functions beyond the linear barrier, Advances in Cryptology–CRYPTO 2014. Part I, 77–94, Lecture Notes in Comput. Sci., 8616, Springer, Heidelberg, 2014. doi: 10.1007/978-3-662-44371-2_5. Google Scholar

[4]

M. Abe, A three-move blind signature scheme for polynomially many signatures, Advances in Cryptology - Eurocrypt 2001, 136–151, Lecture Notes in Comput. Sci., 2045, Springer, Berlin, 2001. doi: 10.1007/3-540-44987-6_9. Google Scholar

[5]

M. Abe and M. Ohkub, Provably secure fair blind signatures with tight revocation, Advances in Cryptology - Asiacrypt 2001, 583–601, Lecture Notes in Comput. Sci., 2248, Springer, Berlin, 2001. doi: 10.1007/3-540-45682-1_34. Google Scholar

[6]

M. Albrecht, P. Farshim, J. Faugère and L. Perret, Polly cracker, revisited, Advances in Cryptology - Asiacrypt 2011, 179–196, Lecture Notes in Comput. Sci., 7073, Springer, Heidelberg, 2011. doi: 10.1007/978-3-642-25385-0_10. Google Scholar

[7]

M. Albrecht, J. Faugère, R. Fitzpatrick, L. Perret, Y. Todo and K. Xagawa, Practical cryptanalysis of a public-key encryption scheme based on new multivariate quadratic assumptions, Public Key Cryptography - PKC 2014, 446–464, Lecture Notes in Comput. Sci., 8383, Springer, Heidelberg, 2014. doi: 10.1007/978-3-642-54631-0_26. Google Scholar

[8]

M. Albrecht and K. Paterson, Breaking an identity-based encryption scheme based on DHIES, Cryptography and Coding, 344–355, Lecture Notes in Comput. Sci., 7089, Springer, Heidelberg, 2011. doi: 10.1007/978-3-642-25516-8_21. Google Scholar

[9]

W. AlexiB. ChorO. Goldreich and C. P. Schnorr, RSA and Rabin functions: Certain parts are as hard as the whole, SIAM J. Computing, 17 (1988), 194-209. doi: 10.1137/0217013. Google Scholar

[10]

N. AlFardan and K. Paterson, Lucky thirteen: Breaking the TLS and DTLS record protocols, Proc. 2013 IEEE Symposium on Security and Privacy, 526–540.Google Scholar

[11]

E. Alkim, N. Bindel, J. Buchmann and Ö. Dagdelen, TESLA: Tightly-secure efficient signatures from standard lattices, version 20150730: 095248, available at http://eprint.iacr.org/2015/755.Google Scholar

[12]

E. Alkim, N. Bindel, J. Buchmann, Ö. Dagdelen, E. Eaton, G. Gutoski, J. Krämer and F. Pawlega, Revisiting TESLA in the quantum random oracle model, Post-Quantum Cryptography, 143–162, Lecture Notes in Comput. Sci., 10346, Springer, Cham, 2017. Google Scholar

[13]

M. Ambrona, G. Barthe, R. Gay and H. Wee, Attribute-based encryption in the generic group model: Automated proofs and new constructions, Proc. 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17, 2017, 647–664. doi: 10.1145/3133956.3134088. Google Scholar

[14]

M. Ambrona, G. Barthe and B. Schmidt, Automated unbounded analysis of cryptographic constructions in the generic group model, Advances in Cryptology–EUROCRYPT 2016. Part II, 822–851, Lecture Notes in Comput. Sci., 9666, Springer, Berlin, 2016. doi: 10.1007/978-3-662-49896-5_29. Google Scholar

[15]

J. An, Y. Dodis and T. Rabin, On the security of joint signature and encryption, Advances in Cryptology - Eurocrypt 2002, 83–107, Lecture Notes in Comput. Sci., 2332, Springer, Berlin, 2002. doi: 10.1007/3-540-46035-7_6. Google Scholar

[16]

E. AndreevaA. LuykxB. Mennink and K. Yasuda, COBRA: A parallelizable authenticated online cipher without block cipher inverse, Fast Software Encryption - FSE 2014, 8540 (2014), 187-204. doi: 10.1007/978-3-662-46706-0_10. Google Scholar

[17]

M. Backes and D. Hofheinz, How to break and repair a universally composable signature functionality, Information Security - ISC 2004, LNCS, 3225 (2004), 61–72. doi: 10.1007/978-3-540-30144-8_6. Google Scholar

[18]

C. Bader, D. Hofheinz, T. Jager, E. Kiltz and Y. Li, Tightly-secure authenticated key exchange, Theory of Cryptography, 629–658, Lecture Notes in Comput. Sci., 9014, Springer, Heidelberg, 2015. doi: 10.1007/978-3-662-46494-6_26. Google Scholar

[19]

J. Baek and Y. Zheng, Zheng and Seberry's public key encryption scheme revisited, International Journal of Information Security, 2 (2003), 37-44. doi: 10.1007/s10207-003-0023-7. Google Scholar

[20]

A. Bagherzandi, J. Cheon and S. Jarecki, Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma, Proc. Fifteenth ACM Conference on Computer and Communications Security - CCS '08, 449–458.Google Scholar

[21]

S. Bai and S. Galbraith, An improved compression technique for signatures based on learning with errors, Topics in Cryptology - CT-RSA 2014, 28–47, Lecture Notes in Comput. Sci., 8366, Springer, Cham, 2014. doi: 10.1007/978-3-319-04852-9_2. Google Scholar

[22]

E. Bangerter, J. Camenisch and U. Maurer, Efficient proofs of knowledge of discrete logarithms and representations in groups with hidden order, Public Key Cryptography - PKC 2005, LNCS, 3386 (2005), 154–171. doi: 10.1007/978-3-540-30580-4_11. Google Scholar

[23]

G. Barthe, J. Crespo, B. Grégoire, C. Kunz, Y. Lakhnech, B. Schmidt and S. Zanella-Béguelin, Fully automated analysis of padding-based encryption in the computational model, Proc. 2013 ACM SIGSAC Conference on Computer and Communications Security - CCS '13, 2013, 1247–1260. doi: 10.1145/2508859.2516663. Google Scholar

[24]

G. Barthe, X. Fan, J. Gancher, B. Grégoire, C. Jacomme and E. Shi, Symbolic proofs for lattice-based cryptography, Proc. 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18, 2018, 538–555. doi: 10.1145/3243734.3243825. Google Scholar

[25]

M. Bellare, Practice-oriented provable-security, Proc. First International Workshop on Information Security - ISW 1997, LNCS, 1396 (1997), 221–231.Google Scholar

[26]

M. Bellare, New proofs for NMAC and HMAC: Security without collision-resistance, Advances in Cryptology - Crypto 2006, LNCS, 4117 (2006), 602–619. doi: 10.1007/11818175_36. Google Scholar

[27]

M. Bellare, Email to N. Koblitz, 24 February 2012.Google Scholar

[28]

M. Bellare, New proofs for NMAC and HMAC: Security without collision-resistance, J. Cryptology, 28 (2015), 844-878. doi: 10.1007/s00145-014-9185-x. Google Scholar

[29]

M. Bellare, D. Bernstein and S. Tessaro, Hash-function based PRFs: AMAC and its multi-user security, Advances in Cryptology - Eurocrypt 2016, LNCS, 9665 (2016), 566–595. doi: 10.1007/978-3-662-49890-3_22. Google Scholar

[30]

M. Bellare, A. Boldyreva and A. O'Neill, Deterministic and efficiently searchable encryption, Advances in Cryptology - Crypto 2007, LNCS, 4622 (2007), 535–552. doi: 10.1007/978-3-540-74143-5_30. Google Scholar

[31]

M. Bellare, A. Boldyreva and J. Staddon, Randomness re-use in multi-recipient encryption schemes, Public Key Cryptography - PKC 2003, LNCS, 2567 (2002), 85–99. doi: 10.1007/3-540-36288-6_7. Google Scholar

[32]

M. Bellare, R. Canetti and H. Krawczyk, Keying hash functions for message authentication, Advances in Cryptology - Crypto 1996, LNCS, 1109 (1996), 1–15. doi: 10.1007/3-540-68697-5_1. Google Scholar

[33]

M. Bellare, R. Canetti and H. Krawczyk, HMAC: Keyed-hashing for message authentication, Internet RFC 2104, 1997.Google Scholar

[34]

M. Bellare, R. Canetti and H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols, Proc. 30th Annual ACM Symposium on Theory of Computing - STOC 1998, 1998, 419–428.Google Scholar

[35]

M. Bellare and D. Cash, Pseudorandom functions and permutations provably secure against related-key attacks, Advances in Cryptology - Crypto 2010, LNCS, 6223 (2010), 666–684. doi: 10.1007/978-3-642-14623-7_36. Google Scholar

[36]

M. Bellare, J. Garay and T. Rabin, Fast batch verification for modular exponentiation and digital signatures, Advances in Cryptology - Eurocrypt 1998, LNCS, 1403 (1998), 236–250. doi: 10.1007/BFb0054130. Google Scholar

[37]

M. Bellare, J. Garay and T. Rabin, Fast batch verification for modular exponentiation and digital signatures, available at http://eprint.iacr.org/1998/007.Google Scholar

[38]

M. Bellare, O. Goldreich and A. Mityagin, The power of verification queries in message authentication and authenticated encryption, http://eprint.iacr.org/2004/309.Google Scholar

[39]

M. BellareD. Hofheinz and E. Kiltz, Subtleties in the definition of IND-CCA: When and how should challenge decryption be disallowed?, J. Cryptology, 28 (2015), 29-48. doi: 10.1007/s00145-013-9167-4. Google Scholar

[40]

M. Bellare, C. Nanprempre and G. Neven, Unrestricted aggregate signatures, Automata, Languages, and Programming - ICALP 2007, LNCS, 4596 (2007), 411–422. doi: 10.1007/978-3-540-73420-8_37. Google Scholar

[41]

M. BellareC. NamprempreD. Pointcheval and M. Semanko, The one-more-RSA inversion problems and the security of Chaum's blind signature scheme, J. Cryptology, 16 (2003), 185-215. doi: 10.1007/s00145-002-0120-1. Google Scholar

[42]

M. Bellare and A. Palacio, GQ and Schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks, Advances in Cryptology - Crypto 2002, LNCS, 2442 (2002), 162–177. doi: 10.1007/3-540-45708-9_11. Google Scholar

[43]

M. Bellare, K. Paterson and P. Rogaway, Security of symmetric encryption against mass surveillance, Advances in Cryptology - Crypto 2014, LNCS, 8616 (2014), 1–19. doi: 10.1007/978-3-662-44371-2_1. Google Scholar

[44]

M. Bellare, K. Pietrzak and P. Rogaway, Improved security analyses for CBC MACs, Advances in Cryptology - Crypto 2005, LNCS, 3621 (2005), 527–545. doi: 10.1007/11535218_32. Google Scholar

[45]

M. Bellare and P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, Proc. First ACM Conference on Computer and Communications Security - CCS '93, 1993, 62–73. doi: 10.1145/168588.168596. Google Scholar

[46]

M. Bellare and P. Rogaway, Optimal asymmetric encryption, Advances in Cryptology - Eurocrypt 1994, LNCS, 950 (1995), 92–111. doi: 10.1007/BFb0053428. Google Scholar

[47]

M. Bellare and P. Rogaway, The security of triple encryption and a framework for code-based gameplaying proofs, Advances in Cryptology - Eurocrypt 2006, LNCS, 4004 (2006), 409–426. doi: 10.1007/11761679_25. Google Scholar

[48]

C. Berbain, H. Gilbert and J. Patarin, QUAD: A practical stream cipher with provable security, Advances in Cryptology - Eurocrypt 2006, LNCS, 4004 (2004), 109–128. doi: 10.1007/11761679_8. Google Scholar

[49]

C. BerbainH. Gilbert and J. Patarin, QUAD: A multivariate stream cipher with provable security, Journal of Symbolic Computation, 44 (2009), 1703-1723. doi: 10.1016/j.jsc.2008.10.004. Google Scholar

[50]

D. BernhardG. FuchsbauerE. GhadafiN. Smart and B. Warinschi, Anonymous attestation with user-controlled linkability, International Journal of Information Security, 12 (2013), 219-249. doi: 10.1007/s10207-013-0191-z. Google Scholar

[51]

D. Bernstein, email to hash-forum@nist.gov, 2 March 2007.Google Scholar

[52]

D. Bernstein, Proving tight security for Rabin-Williams signatures, Advances in Cryptology - Eurocrypt 2008, LNCS, 4965 (2008), 70–87. doi: 10.1007/978-3-540-78967-3_5. Google Scholar

[53]

D. Bernstein, Multi-user Schnorr, revisited, available at http://eprint.iacr.org/2015/996.Google Scholar

[54]

D. Bernstein et al., SPHINCS+: Submission to the NIST post-quantum project, 30 November 2017, available at http://sphincs.org/data/sphincs+-specification.pdf.Google Scholar

[55]

D. Bernstein and T. Lange, Never trust a bunny, Radio Frequency Identification: Security and Privacy Issues - RFIDSec 2012, LNCS, 7739 (2012), 137–148. doi: 10.1007/978-3-642-36140-1_10. Google Scholar

[56]

D. Bernstein and E. Persichetti, Towards KEM unification, available at http://eprint.iacr.org/2018/526.Google Scholar

[57]

K. Bhargavan, B. Blanchet and N. Kobeissi, Verified models and reference implementations for the TLS 1.3 standard candidate, Proc. 2017 IEEE Symposium on Security and Privacy, 2017, 483–502. doi: 10.1109/SP.2017.26. Google Scholar

[58]

K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti and P. Strub, Implementing TLS with verified cryptographic security, Proc. 2013 IEEE Symposium on Security and Privacy, 2013, 445–459. doi: 10.1109/SP.2013.37. Google Scholar

[59]

S. Blake-Wilson and A. Menezes, Unknown key-share attacks on the station-to-station (STS) protocol, Public Key Cryptography - PKC 1999, LNCS, 1560 (1999), 156–170. doi: 10.1007/3-540-49162-7_12. Google Scholar

[60]

B. Blanchet and D. Pointcheval, Automated security proofs with sequences of games, Advances in Cryptology - Crypto 2006, LNCS, 4117 (2006), 537–554. doi: 10.1007/11818175_32. Google Scholar

[61]

L. BlumM. Blum and M. Shub, A simple unpredictable pseudo-random number generator, SIAM J. Computing, 15 (1986), 364-383. doi: 10.1137/0215025. Google Scholar

[62]

J. BohliM. Vasco and R. Steinwandt, Secure group key establishment revisited, International Journal of Information Security, 6 (2007), 243-254. doi: 10.1007/s10207-007-0018-x. Google Scholar

[63]

A. Boldyreva, Efficient threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme, Public Key Cryptography - PKC 2003, LNCS, 2567 (2002), 31–46. doi: 10.1007/3-540-36288-6_3. Google Scholar

[64]

A. Boldyreva, N. Chenette, Y. Lee and A. O'Neill, Order-preserving symmetric encryption, Advances in Cryptology - Eurocrypt 2009, LNCS, 5479 (2009), 224–241. doi: 10.1007/978-3-642-01001-9_13. Google Scholar

[65]

A. Boldyreva, C. Gentry, A. O'Neill and D. H. Yum, Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing, Proc. 14th ACM Conference on Computer and Communications Security - CCS '07, 2007, 276–285; full version available at http://eprint.iacr.org/2007/438. doi: 10.1145/1315245.1315280. Google Scholar

[66]

A. Boldyreva, V. Goyal and V. Kumar, Identity-based encryption with efficient revocation, Proc. Fifteenth ACM Conference on Computer and Communications Security - CCS '08, 2008, 417–426. doi: 10.1145/1455770.1455823. Google Scholar

[67]

D. Boneh and X. Boyen, Short signatures without random oracles, Advances in Cryptology - Eurocrypt 2004, LNCS, 3027 (2004), 56–73. doi: 10.1007/978-3-540-24676-3_4. Google Scholar

[68]

D. Boneh, G. Di Crescenzo, R. Ostrovsky and G. Persiano, Public key encryption with keyword search, Advances in Cryptology - Eurocrypt 2004, LNCS, 3027 (2004), 506–522. doi: 10.1007/978-3-540-24676-3_30. Google Scholar

[69]

D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, SIAM J. Computing, 32 (2003), 586-615. doi: 10.1137/S0097539701398521. Google Scholar

[70]

R. Bost and O. Sanders, Trick or tweak: On the (in)security of OTR's tweaks, Advances in Cryptology - Asiacrypt 2016, LNCS, 10031 (2016), 333–353. doi: 10.1007/978-3-662-53887-6_12. Google Scholar

[71]

M. Boyarsky, Public-key cryptography and password protocols: The multi-user case, Proc. 6th ACM Conference on Computer and Communications Security - CCS '99, 1999, 63–72. doi: 10.1145/319709.319719. Google Scholar

[72]

C. Boyd and J. Nieto, Round-optimal contributory conference key agreement, Public Key Cryptography - PKC 2003, LNCS, 2567 (2003), 161–174. doi: 10.1007/3-540-36288-6_12. Google Scholar

[73]

C. Boyd and C. Pavlovski, Attacking and repairing batch verification schemes, Advances in Cryptology - Asiacrypt 2000, LNCS, 1976 (2000), 58–71. doi: 10.1007/3-540-44448-3_5. Google Scholar

[74]

E. Bresson, O. Chevassut and D. Pointcheval, Provably authenticated group Diffie-Hellman key exchange - the dynamic case, Advances in Cryptology - Asiacrypt 2001, LNCS, 2248 (2001), 290–309. doi: 10.1007/3-540-45682-1_18. Google Scholar

[75]

E. Bresson, O. Chevassut, D. Pointcheval and J. Quisquater, Provably authenticated group Diffie-Hellman key exchange, Proc. 8th ACM Conference on Computer and Communications Security - CCS '01, 2001, 255–264. doi: 10.1145/501983.502018. Google Scholar

[76]

E. Brickell, J. Camenisch and L. Chen, Direct anonymous attestation, Proc. 11th ACM Conference on Computer and Communications Security - CCS '04, 2004, 132–145. doi: 10.1145/1030083.1030103. Google Scholar

[77]

E. BrickellL. Chen and J. Li, Simplified security notions for direct anonymous attestation and a concrete scheme from pairings, International Journal of Information Security, 8 (2009), 315-330. doi: 10.1007/s10207-009-0076-3. Google Scholar

[78]

E. Brickell and J. Li, A pairing-based DAA scheme further reducing TPM resources, Trust and Trustworthy Computing - Trust 2010, LNCS, 6101 (2010), 181–195. doi: 10.1007/978-3-642-13869-0_12. Google Scholar

[79]

J. Bringer and H. Chabanne, Trusted-HB: A low-cost version of HB+ secure against man-in-the-middle attacks, IEEE Transactions on Information Theory, 54 (2008), 4339-4342. doi: 10.1109/TIT.2008.928290. Google Scholar

[80]

J. BuchmannE. DahmenS. ErethA. Hülsing and M. Rückert, On the security of the Winternitz one-time signature scheme, International Journal of Applied Cryptography, 3 (2013), 84-96. doi: 10.1504/IJACT.2013.053435. Google Scholar

[81]

J. Camenisch, M. Drijvers and A. Lehmann, Anonymous attestation using the strong Diffie-Hellman assumption revisited, Trust and Trustworthy Computing - Trust 2016, LNCS, 9824 (2016), 1–20. doi: 10.1007/978-3-319-45572-3_1. Google Scholar

[82]

J. Camenisch, M. Drijvers and A. Lehmann, Universally composable direct anonymous attestation, Public Key Cryptography - PKC 2016, LNCS, 9615 (2016), 234–264. doi: 10.1007/978-3-662-49387-8_10. Google Scholar

[83]

J. Camenisch and M. Michels, Confirmer signature schemes secure against adaptive adversaries, Advances in Cryptology - Eurocrypt 2000, LNCS, 1807 (2000), 243–258. doi: 10.1007/3-540-45539-6_17. Google Scholar

[84]

R. CanettiO. Goldreich and S. Halevi, The random oracle methodology, revisited, Journal of the ACM, 51 (2004), 557-594. doi: 10.1145/1008731.1008734. Google Scholar

[85]

R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels, Advances in Cryptology - Eurocrypt 2001, LNCS, 2045 (2001), 453–474. doi: 10.1007/3-540-44987-6_28. Google Scholar

[86]

R. Canetti and H. Krawczyk, Universally composable notions of key exchange and secure channels, Advances in Cryptology - Eurocrypt 2002, LNCS, 2332 (2002), 337–351. doi: 10.1007/3-540-46035-7_22. Google Scholar

[87]

R. Canetti and H. Krawczyk, Security analysis of IKE's signature-based key-exchange protocol, Advances in Cryptology - Crypto 2002, LNCS, 2442 (2002), 143–161. doi: 10.1007/3-540-45708-9_10. Google Scholar

[88]

R. Canetti and T. Rabin, Universal composition with joint state, Advances in Cryptology - Ceypto 2003, LNCS, 2729 (2003), 265–281; extended version 20020419: 032235 available at http://eprint.iacr.org/2002/047. doi: 10.1007/978-3-540-45146-4_16. Google Scholar

[89]

B. Canvel, A. Hiltgen, S. Vaudenay and M. Vuagnoux, Password interception in a SSL/TLS channel, Advances in Cryptology - Crypto 2003, LNCS, 2729 (2003), 583–599. doi: 10.1007/978-3-540-45146-4_34. Google Scholar

[90]

D. ChakrabortyV. Hernández-Jiménez and P. Sarkar, Another look at XCB, Cryptography and Communications, 7 (2015), 439-468. doi: 10.1007/s12095-015-0127-8. Google Scholar

[91]

D. Chakraborty and M. Nandi, ttacks on the authenticated encryption mode of operation PAE, IEEE Transactions on Information Theory, 61 (2015), 5636-5624. doi: 10.1109/TIT.2015.2461532. Google Scholar

[92]

D. Chakraborty and P. Sarkar, On modes of operations of a block cipher for authentication and authenticated encryption, Cryptography and Communications, 8 (2016), 455-511. doi: 10.1007/s12095-015-0153-6. Google Scholar

[93]

H. Chan, A. Perrig and D. Song, Secure hierarchical in-network aggregation in sensor networks, Proc. 13th ACM Conference on Computer and Communications Security - CCS '06, 2006, 278–287. doi: 10.1145/1180405.1180440. Google Scholar

[94]

D. Chang, M. Nandi and M. Yung, On the security of hash functions employing blockcipher postprocessing, Fast Software Encryption - FSE 2011, LNCS, 6733 (2011), 146–166. doi: 10.1007/978-3-642-21702-9_9. Google Scholar

[95]

S. Chatterjee and M. Das, Property preserving symmetric encryption revisited, Advances in Cryptology - Asiacrypt 2015, LNCS, 9453 (2015), 658–682. doi: 10.1007/978-3-662-48800-3_27. Google Scholar

[96]

S. Chatterjee, C. Kamath and V. Kumar, Galindo-Garcia identity-based signature revisited, Information Security and Cryptology - ISC 2012, LNCS, 7839 (2012), 456–471. doi: 10.1007/978-3-642-37682-5_32. Google Scholar

[97]

S. ChatterjeeK. Karabina and A. Menezes, Fault attacks on pairing-based protocols revisited, IEEE Transactions on Computers, 64 (2015), 1707-1714. Google Scholar

[98]

S. Chatterjee, N. Koblitz, A. Menezes and P. Sarkar, Another look at tightness Ⅱ: Practical issues in cryptography, Paradigms in Cryptology - Mycrypt 2016, LNCS, 10311 (2016), 21–55. doi: 10.1007/978-3-319-61273-7_3. Google Scholar

[99]

S. Chatterjee, A. Menezes and P. Sarkar, Another look at tightness, Selected Areas in Cryptography - SAC 2011, LNCS, 7118 (2012), 293–319. doi: 10.1007/978-3-642-28496-0_18. Google Scholar

[100]

L. Chen, A DAA scheme requiring less TPM resources, Information Security and Cryptology - Inscrypt 2009, LNCS, 6151 (2009), 350–365. doi: 10.1007/978-3-642-16342-5_26. Google Scholar

[101]

Y. Chen, M. Charlemagne, Z. Guan, J. Hu and Z. Chen, Identity-based encryption based on DHIES, Proc. 5th ACM Symposium on Information, Computer and Communications Security - ASIA CCS 2010, 2010, 82–88. doi: 10.1145/1755688.1755699. Google Scholar

[102]

L. ChenZ. Cheng and N. Smart, Identity-based key agreement protocols from pairings, International Journal of Information Security, 6 (2007), 213-241. doi: 10.1007/s10207-006-0011-9. Google Scholar

[103]

L. Chen and C. Kudla, Identity based authenticated key agreement protocols from pairings, Proc. 16th IEEE Computer Security Foundations Workshop, 2003, 219–233. doi: 10.1109/CSFW.2003.1212715. Google Scholar

[104]

L. Chen and J. Li, A note on the Chen-Morrissey-Smart DAA scheme, Information Processing Letters, 110 (2010), 485-488. doi: 10.1016/j.ipl.2010.04.017. Google Scholar

[105]

L. Chen and J. Li, Flexible and scalable digital signatures in TPM 2.0, Proc. 2013 ACM SIGSAC Conference on Computer and Communications Security - CCS '13, 2013, 37–48. doi: 10.1145/2508859.2516729. Google Scholar

[106]

L. Chen, P. Morrissey and N. Smart, Pairings in trusted computing, Pairing-Based Cryptography - Pairing 2008, LNCS, 5209 (2008), 1–17. doi: 10.1007/978-3-540-85538-5_1. Google Scholar

[107]

L. Chen, P. Morrissey and N. Smart, On proofs of security for DAA schemes, International Conference on Provable Security - ProvSec 2008, LNCS, 5324 (2008), 156–175. doi: 10.1007/978-3-540-88733-1_11. Google Scholar

[108]

L. Chen, D. Page and N. Smart, On the design and implementation of an efficient DAA scheme, Smart Card Research and Advanced Applications - CARDIS 2010, LNCS, 6035 (2010), 223–237. doi: 10.1007/978-3-642-12510-2_16. Google Scholar

[109]

J. Cheon, P. Fouque, C. Lee, B. Minaud and H. Ryu, Cryptanalysis of the new CLT multilinear map over the integers, Advances in Cryptology - Eurocrypt 2016, LNCS, 9665 (2016), 509–536. doi: 10.1007/978-3-662-49890-3_20. Google Scholar

[110]

J. Cheon, K. Han, C. Lee, H. Ryu and D. Stehlé, Cryptanalysis of the multilinear map over the integers, Advances in Cryptology - Eurocrypt 2015, LNCS, 9056 (2015), 3–12. doi: 10.1007/978-3-662-46800-5_1. Google Scholar

[111]

J. Cheon, H. Lee and J. Seo, A new additive homomorphic encryption based on the co-ACD problem, Proc. 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14, (2014), 287–298. doi: 10.1145/2660267.2660335. Google Scholar

[112]

K. Choo, C. Boyd and Y. Hitchcock, Errors in computational complexity proofs for protocols, Advances in Cryptology - Asiacrypt 2005, LNCS, 3788 (2005), 624–643. doi: 10.1007/11593447_34. Google Scholar

[113]

S. Chow, J. Weng, Y. Yang and R. Deng, Efficient unidirectional proxy re-encryption, Progress in Cryptology - Africacrypt 2010, LNCS, 6055 (2010), 316–332. doi: 10.1007/978-3-642-12678-9_19. Google Scholar

[114]

S. Coretti, Y. Dodis, S. Guo and J. Steinberger, Random oracles and non-uniformity, Advances in Cryptology - Eurocrypt 2018, LNCS, 10820 (2018), 227–258. Google Scholar

[115]

J.-S. Coron, On the exact security of full domain hash, Advances in Cryptology - Crypto 2000, LNCS, 1880 (2000), 229–235. doi: 10.1007/3-540-44598-6_14. Google Scholar

[116]

J.-S. Coron, Optimal security proofs for PSS and other signature schemes, Advances in Cryptology - Eurocrypt 2002, LNCS, 2332 (2002), 272–287. doi: 10.1007/3-540-46035-7_18. Google Scholar

[117]

J.-S. Coron, Y. Dodis, C. Malinaud and P. Puniya, Merkle-Damgård revisited: How to construct a hash function, Advances in Cryptology - Crypto 2005, LNCS, 3621 (2005), 430–448. doi: 10.1007/11535218_26. Google Scholar

[118]

J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval and C. Tymen, GEM: A generic chosen-ciphertext secure encryption method, Topics in Cryptology - CT-RSA 2002, LNCS, 2271 (2002), 263–276. doi: 10.1007/3-540-45760-7_18. Google Scholar

[119]

J.-S. CoronT. HolensteinR. KünzlerJ. PatarinY. Seurin and S. Tessaro, How to build an ideal cipher: The indifferentiability of the Feistel construction, J. Cryptology, 29 (2016), 61-114. doi: 10.1007/s00145-014-9189-6. Google Scholar

[120]

J.-S. Coron, A. Joux, A. Mandal, D. Naccache and M. Tibouchi, Cryptanalysis of the RSA subgroup assumption from TCC 2005, Public Key Cryptography - PKC 2011, LNCS, 6571 (2011), 147–155. doi: 10.1007/978-3-642-19379-8_9. Google Scholar

[121]

J.-S. Coron, M. Lee, T. Lepoint and M. Tibouchi, Cryptanalysis of GGH15 multilinear maps, Advances in Cryptology - Crypto 2016, LNCS, 9815 (2016), 607–628. doi: 10.1007/978-3-662-53008-5_21. Google Scholar

[122]

J.-S. Coron, T. Lepoint and M. Tibouchi, Practical multilinear maps over the integers, Advances in Cryptology - Crypto 2013, LNCS, 8042 (2013), 476–493. doi: 10.1007/978-3-642-40041-4_26. Google Scholar

[123]

J.-S. Coron, T. Lepoint and M. Tibouchi, New multilinear maps over the integers, Advances in Cryptology - Crypto 2015, LNCS, 9215 (2015), 267–286. doi: 10.1007/978-3-662-47989-6_13. Google Scholar

[124]

J.-S. Coron and D. Naccache, On the security of RSA screening, Public Key Cryptography - PKC 1999, LNCS, 1560 (1999), 197–203. doi: 10.1007/3-540-49162-7_15. Google Scholar

[125]

J.-S. Coron, J. Patarin and Y. Seurin, The random oracle model and the ideal cipher model are equivalent, Advances in Cryptology - Crypto 2008, LNCS, 5157 (2008), 1–20. doi: 10.1007/978-3-540-85174-5_1. Google Scholar

[126]

C. Cremers, M. Horvat, J. Hoyland, S. Scott and T. van der Merwe, A comprehensive symbolic analysis of TLS 1.3, Proc. 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17, 2017, 1773–1788.Google Scholar

[127]

R. De MilloR. Lipton and A. Perlis, Social processes and proofs of theorems and programs, Program Verification, 14 (1993), 297-319. doi: 10.1007/978-94-011-1793-7_14. Google Scholar

[128]

J. Degabriele, P. Farshim and B. Poettering, A more cautious approach to security against mass surveillance, Fast Software Encryption - FSE 2015, LNCS, 9054 (2015), 579–598. doi: 10.1007/978-3-662-48116-5_28. Google Scholar

[129]

J. DegabrieleK. Paterson and G. Watson, Provable security in the real world, IEEE Security & Privacy, 9 (2011), 33-41. doi: 10.1109/MSP.2010.200. Google Scholar

[130]

Y. Dodis, T. Ristenpart, and T. Shrimpton, Salvaging Merkle-Damgård for practical applications, Advanced in Cryptology - Eurocrypt 2009, LNCS, 5479 (2009), 371–388. doi: 10.1007/978-3-642-01001-9_22. Google Scholar

[131]

D. DolevC. Dwork and M. Naor, Non-malleable cryptography, SIAM J. Computing, 30 (2000), 391-437. doi: 10.1137/S0097539795291562. Google Scholar

[132]

M. Drijvers, K. Edalatnejad, B. Ford, E. Kiltz, J. Loss, G. Neven and I. Stepanovs, On the security of two-round multi-signatures, available at http://eprint.iacr.org/2018/417.Google Scholar

[133]

N. Drucker and S. Gueron, Selfie: Reflections on TLS 1.3 with PSK, available at http://eprint.iacr.org/2019/347.Google Scholar

[134]

T. Duong and J. Rizzo, BEAST: A surprising crypto attack against https, 2012, available at http://antoanthongtin.vn/Portals/0/TempUpload/pProceedings/2014/9/26/tetcon2012_juliano_beast.pdf.Google Scholar

[135]

D. Eastlake, S. Crocker and J. Schiller, RFC 1750 - Randomness Recommendations for Security, available at http://www.ietf.org/rfc/rfc1750.txt.Google Scholar

[136]

O. Eikemeier et al., History-free aggregate message authentication codes, Security and Cryptography for Networks - SCN 2010, LNCS, 6280 (2010), 309–328.Google Scholar

[137]

J. Fan, X. Guo, E. De Mulder, P. Schaumont, B. Preneel and I. Verbauwhede, State-of-the-art of secure ECC implementations: A survey of known side-channel attacks and countermeasures, IEEE International Symposium on Hardware-Oriented Security and Trust - HOST 2010, 2010, 76–87. doi: 10.1109/HST.2010.5513110. Google Scholar

[138]

P. Farshim, B. Libert, K. Paterson and E. Quaglia, Robust encryption, revisited, Public Key Cryptography - PKC 2013, LNCS, 7788 (2013), 352–368. doi: 10.1007/978-3-642-36362-7_22. Google Scholar

[139]

S. Fehr, D. Hofheinz, E. Kiltz and H. Wee, Encryption schemes secure against chosen-ciphertext selective opening attacks, Advances in Cryptology - Eurocrypt 2010, LNCS, 6110 (2010), 381–402. doi: 10.1007/978-3-642-13190-5_20. Google Scholar

[140]

M. Fischlin and F. Günther, Replay attacks on zero round-trip time: The case of TLS 1.3 handshake candidates, Proc. 2017 IEEE European Symposium on Security and Privacy, 2017, 60–75. doi: 10.1109/EuroSP.2017.18. Google Scholar

[141]

C. Forler, E. List, S. Lucks and J. Wenzel, POEx: A beyond-birthday-bound-secure on-line cipher, Cryptogr. Commun., 10 (2018), 177–193, available at http://www.researchgate.net/publication/299565944. doi: 10.1007/s12095-017-0250-9. Google Scholar

[142]

P. Fouque, M. Lee, T. Lepoint and M. Tibouchi, Cryptanalysis of the co-ACD assumption, Advances in Cryptology - Crypto 2015, LNCS, 9215 (2015), 561–580. doi: 10.1007/978-3-662-47989-6_27. Google Scholar

[143]

D. Freedman, Lies, damned lies, and medical science, The Atlantic, 306 (2010), 76-84. Google Scholar

[144]

D. Frumkin and A. Shamir, Un-trusted-HB: Security vulnerabilities of trusted-HB, available at http://eprint.iacr.org/2009/044.Google Scholar

[145]

G. Fuchsbauer, Breaking existential unforgeability of a signature scheme from Asiacrypt 2014, available at http://eprint.iacr.org/2014/892.Google Scholar

[146]

G. Fuchsbauer, C. Hanser, C. Kamath and D. Slamanig, Practical round-optimal blind signatures in the standard model from weaker assumptions, Security and Cryptography for Networks - SCN 2016, LNCS, 9841 (2016), 391–408. doi: 10.1007/978-3-319-44618-9_21. Google Scholar

[147]

G. Fuchsbauer, C. Hanser and D. Slamanig, Practical round-optimal blind signatures in the standard model, Advances in Cryptology - Crypto 2015, LNCS, 9216 (2015), 233–253. doi: 10.1007/978-3-662-48000-7_12. Google Scholar

[148]

G. FuchsbauerC. Hanser and D. Slamanig, Structure-preserving signatures on equivalence classes and constant-size anonymous credentials, J. Cryptology, 32 (2019), 498-546. doi: 10.1007/s00145-018-9281-4. Google Scholar

[149]

J. Furukawa and H. Imai, An efficient group signature scheme from bilinear maps, Australasian Conference on Information Security and Privacy, 3574 (2005), 455-467. doi: 10.1007/11506157_38. Google Scholar

[150]

S. GalbraithJ. Malone-Lee and N. Smart, Public key signatures in the multi-user setting, Information Processing Letters, 83 (2002), 263-266. doi: 10.1016/S0020-0190(01)00338-6. Google Scholar

[151]

D. Galindo, Boneh-Franklin identity-based encryption revisited, Automata, Languages and Programming - ICALP 2005, LNCS, 3580 (2005), 791–802. doi: 10.1007/11523468_64. Google Scholar

[152]

D. Galindo and F. García, A Schnorr-like lightweight identity-based signature scheme, Progress in Cryptology - Africacrypt 2009, LNCS, 5580 (2009), 135–148. doi: 10.1007/978-3-642-02384-2_9. Google Scholar

[153]

S. Garg, C. Gentry and S. Halevi, Candidate multilinear maps from ideal lattices, Advances in Cryptology - Eurocrypt 2013, LNCS, 7881 (2013), 1–17. doi: 10.1007/978-3-642-38348-9_1. Google Scholar

[154]

S. Garg and D. Gupta, Efficient round optimal blind signatures, Advances in Cryptology - Eurocrypt 2014, LNCS, 8441 (2014), 477–495. doi: 10.1007/978-3-642-55220-5_27. Google Scholar

[155]

P. Gaži and U. Maurer, Cascade encryption revisited, Advances in Cryptology - Asiacrypt 2009, LNCS, 5912 (2009), 37–51. doi: 10.1007/978-3-642-10366-7_3. Google Scholar

[156]

R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle, Advances in Cryptology –– Eurocrypt 1999, LNCS, 1592 (1999), 123–139. doi: 10.1007/3-540-48910-X_9. Google Scholar

[157]

C. Gentry, S. Gorbunov and S. Halevi, Graph-induced multilinear maps from lattices, Theory of Cryptography Conference - TCC 2015, LNCS, 9015 (2015), 498–527. doi: 10.1007/978-3-662-46497-7_20. Google Scholar

[158]

C. Gentry, D. Molnar and Z. Ramzan, Efficient designated confirmer signatures without random oracles or general zero-knowledge proofs, Advances in Cryptology - Asiacrypt 2005, LNCS, 3788 (2005), 662–681. doi: 10.1007/11593447_36. Google Scholar

[159]

F. Giacon, E. Kiltz and B. Poettering, Hybrid encryption in a multi-user setting, revisited, Public Key Cryptography - PKC 2018, LNCS, 10769 (2018), 159–189. Google Scholar

[160]

H. GilbertM. Robshaw and H. Sibert, Active attack against HB+: A provably secure lightweight authentication protocol, Electronics Letters, 41 (2005), 1169-1170. doi: 10.1049/el:20052622. Google Scholar

[161]

O. Goldreich, On post-modern cryptography, available at http://eprint.iacr.org/2006/461.Google Scholar

[162]

S. Goldwasser and M. Bellare, Lecture Notes on Cryptography, , July 2008, available at http://cseweb.ucsd.edu/mihir/papers/gb.pdf.Google Scholar

[163]

S. Goldwasser and Y. Kalai, Cryptographic assumptions: A position paper, Theory of Cryptography Conference, 9562 (2016), 505–522, available at http://eprint.iacr.org/2015/907. doi: 10.1007/978-3-662-49096-9_21. Google Scholar

[164]

S. Goldwasser, S. Micali and R. Rivest, A "paradoxical" solution to the signature problem, Proc. 25th Annual IEEE Symposium on the Foundations of Computer Science - FOCS 1984, 1984, 441–448. doi: 10.1109/SFCS.1984.715946. Google Scholar

[165]

S. Goldwasser and E. Waisbard, Transformation of digital signature schemes into designated confirmer signature schemes, Theory of Cryptography Conference - TCC 2004, LNCS, 2951 (2004), 77–100. doi: 10.1007/978-3-540-24638-1_5. Google Scholar

[166]

B. Gong and Y. Zhao, Cryptanalysis of RLWE-based one-pass authenticated key exchange, Post-Quantum Cryptography - PQCrypto 2017, LNCS, 10346 (2017), 163–183. Google Scholar

[167]

R. Granger, On the static Diffie-Hellman problem on elliptic curves over extension fields, Advances in Cryptology - Asiacrypt 2010, LNCS, 6477 (2010), 283–302. doi: 10.1007/978-3-642-17373-8_17. Google Scholar

[168]

J. Groth, Cryptography in subgroups of $Z_n^*$, Theory of Cryptography Conference - TCC 2005, LNCS, 3378 (2006), 50–65. doi: 10.1007/978-3-540-30576-7_4. Google Scholar

[169]

P. Grubbs, R. McPherson, M. Naveed, T. Ristenpart and V. Shmatikov, Breaking web applications built on top of encrypted data, Proc. 2016 ACM SIGSAC Conference on Computer and Communications Security -CCS '16, 2016, 1353–1364. doi: 10.1145/2976749.2978351. Google Scholar

[170]

P. Grubbs, T. Ristenpart and V. Shmatikov, Why your encrypted database is not secure, Proc. 16th Workshop on Hot Topics in Operating Systems - HotOS 2017, ACM, 2017, 162–168. doi: 10.1145/3102980.3103007. Google Scholar

[171]

S. Halevi, An observation regarding Jutla's modes of operation, available at http://eprint.iacr.org/2001/015.Google Scholar

[172]

S. Halevi, A plausible approach to computer-aided cryptographic proofs, available at http://eprint.iacr.org/2005/181.Google Scholar

[173]

S. Halevi and H. Krawczyk, Public-key cryptography and password protocols, Proc. 5th ACM Conference on Computer and Communications Security - CCS '98, 1998, 122–131. doi: 10.1145/288090.288118. Google Scholar

[174]

S. Halevi and P. Rogaway, A parallelizable enciphering mode, Topics in Cryptology - CT-RSA 2004, LNCS, 2964 (2004), 292–304. doi: 10.1007/978-3-540-24660-2_23. Google Scholar

[175]

C. Hanser and D. Slamanig, Structure-preserving signatures on equivalence classes and their application to anonymous credentials, Advances in Cryptology - Asiacrypt 2014, LNCS, 8873 (2014), 491–511. doi: 10.1007/978-3-662-45611-8_26. Google Scholar

[176]

C. Herley and P. van Oorschot, SoK: Science, security and the elusive goal of security as a scientific pursuit, Proc. 2017 IEEE Symposium on Security and Privacy, 2017, 99–120. doi: 10.1109/SP.2017.38. Google Scholar

[177]

G. Herold, Polly cracker, revisited, revisited, Public Key Cryptography - PKC 2012, LNCS, 7293 (2012), 17–33. doi: 10.1007/978-3-642-30057-8_2. Google Scholar

[178]

S. Heyse, E. Kiltz, V. Lyubashevsky, C. Paar and K. Pietrzak, Lapin: An efficient authentication protocol based on ring-LPN, Fast Software Encryption - FSE 2012, LNCS, 7549 (2012), 346–365. doi: 10.1007/978-3-642-34047-5_20. Google Scholar

[179]

D. Hofheinz, K. Hövelmanns and E. Kiltz, A modular analysis of the Fujisaki-Okamoto transformation, Theory of Cryptography Conference - TCC 2017, LNCS, 10677 (2017), 341–371. Google Scholar

[180]

D. Hofheinz, K. Hövelmanns and E. Kiltz, A modular analysis of the Fujisaki-Okamoto transformation, Theory of Cryptography Conference, 10677 (2017), 341–371, available at http://eprint.iacr.org/2017/604. doi: 10.1007/978-3-319-70500-2_12. Google Scholar

[181]

T. Holenstein, R. Künzler and S. Tessaro, The equivalence of the random oracle model and the ideal cipher model, revisited, Proc. 43rd Annual ACM Symposium on Theory of Computing - STOC 2011, 2011, 89–98. doi: 10.1145/1993636.1993650. Google Scholar

[182]

Y. Hu and H. Jia, Cryptanalysis of GGH map, Advances in Cryptology - Eurocrypt 2016, LNCS, 9665 (2016), 537–565. doi: 10.1007/978-3-662-49890-3_21. Google Scholar

[183]

Y. Huang, F. Liu and B. Yang, Public-key cryptography from new multivariate quadratic assumptions, Public Key Cryptography - PKC 2012, LNCS, 7293 (2012), 190–205. doi: 10.1007/978-3-642-30057-8_12. Google Scholar

[184]

Z. Huang, S. Liu and B. Qin, Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited, Public Key Cryptography - PKC 2013, LNCS, 7778 (2013), 369–385. doi: 10.1007/978-3-642-36362-7_23. Google Scholar

[185]

D. Huff, How to Lie with Statistics, W. W. Norton, 1954.Google Scholar

[186]

E. Hufschmitt and J. Traoré, Fair blind signatures revisited, Pairing-Based Cryptography - Pairing 2007, LNCS, 4575 (2007), 268–292. doi: 10.1007/978-3-540-73489-5_14. Google Scholar

[187]

A. Hülsing, J. Rijnveld and F. Song, Mitigating multi-target attacks in hash-based signatures, Public Key Cryptography - PKC 2016, LNCS, 9614 (2016), 387–416. doi: 10.1007/978-3-662-49384-7_15. Google Scholar

[188]

J. Hwang, D. Lee and M. Yung, Universal forgery of the identity-based sequential aggregate signature scheme, Proc. 4th International Symposium on Information, Computer and Communications Security - ASIA CCS 2009, ACM, 2009, 157–160.Google Scholar

[189]

Y. Hwang and P. Lee, Public key encryption with conjunctive keyword search and its extension to a multi-user system, Pairing-Based Cryptography - Pairing 2007, LNCS, 4575 (2007), 2–22. doi: 10.1007/978-3-540-73489-5_2. Google Scholar

[190]

A. Inoue, T. Iwata, K. Minematsu and B. Poettering, Cryptanalysis of OCB2: Attacks on authenticity and confidentiality, available at http://eprint.iacr.org/2017/604.Google Scholar

[191]

A. Ishida, Y. Sakai, K. Emura, G. Hanaoka and K. Tanaka, Proper usage of the group signature scheme in ISO/IEC 20008-2, available at http://eprint.iacr.org/2019/284.Google Scholar

[192]

ISO/IEC 19772: 2009, Information Technology - Security Techniques - Authenticated Encryption, 2009.Google Scholar

[193]

T. Iwata, K. Ohashi and K. Minematsu, Breaking and repairing GCM security proofs, Advances in Cryptology - Crypto 2012, LNCS, 7417 (2012), 31–49. doi: 10.1007/978-3-642-32009-5_3. Google Scholar

[194]

M. Jakobsson and D. Pointcheval, Mutual authentication for low-power mobile devices, Financial Cryptography - FC 2001, LNCS, 2339 (2001), 178–195. doi: 10.1007/3-540-46088-8_17. Google Scholar

[195]

A. Jha and M. Nandi, Revisiting structure graphs: Applications to CBC-MAC and EMAC, J. Math. Cryptology, 10 (2016), 157-180. doi: 10.1515/jmc-2016-0030. Google Scholar

[196]

A. Jha and M. Nandi, On rate-1 and beyond-the-birthday bound secure online ciphers using tweakable block ciphers, Cryptography and Communications, 10 (2018), 731-753. doi: 10.1007/s12095-017-0275-0. Google Scholar

[197]

A. Joux, G. Martinet and F. Valette, Block-adaptive attackers: Revisiting the (in)security of some provably secure encryption modes: CBC, GEM, 1ACBC, Advances in Cryptology - Crypto 2002, LNCS, 2442 (2002), 17–30. doi: 10.1007/3-540-45708-9_2. Google Scholar

[198]

A. Juels and S. Weis, Authenticating pervasive devices with human protocols, Advances in Cryptology - Crypto 2005, LNCS, 3621 (2005), 293–308. doi: 10.1007/11535218_18. Google Scholar

[199]

S. Kakvi and E. Kiltz, Optimal security proofs for full domain hash, revisited, Advances in Cryptology - Eurocrypt 2012, LNCS, 7237 (2012), 537–553. doi: 10.1007/978-3-642-29011-4_22. Google Scholar

[200]

J. Katz, Letter to the editor, Notices of the Amer. Math. Soc., 54 (2007), 1454-1455. Google Scholar

[201]

J. Katz and Y. Lindell, Introduction to Modern Cryptography, 2nd edition, Chapman and Hall/CRC, 2015. Google Scholar

[202]

J. Katz and Y. Lindell, Aggregate message authentication codes, Topics in Cryptology - CT-RSA 2008, LNCS, 4964 (2008), 155–169. doi: 10.1007/978-3-540-79263-5_10. Google Scholar

[203]

E. Kiltz, D. Masny and J. Pan, Optimal security proofs for signatures from identification schemes, Advances in Cryptology - Crypto 2016, LNCS, 9815 (2016), 33–61. doi: 10.1007/978-3-662-53008-5_2. Google Scholar

[204]

A. H. KoblitzN. Koblitz and A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm shift, J. Number Theory, 131 (2011), 781-814. doi: 10.1016/j.jnt.2009.01.006. Google Scholar

[205]

N. Koblitz, The uneasy relationship between mathematics and cryptography, Notices of the Amer. Math. Soc., 54 (2007), 972-979. Google Scholar

[206]

N. Koblitz, Another look at automated theorem-proving, J. Math. Cryptology, 1 (2007), 385-403. doi: 10.1515/jmc.2007.020. Google Scholar

[207]

N. Koblitz, Another look at automated theorem-proving. Ⅱ, J. Math. Cryptology, 5 (2012), 205-224. doi: 10.1515/jmc-2011-0014. Google Scholar

[208]

N. Koblitz and A. Menezes, Another look at rovable security. Ⅱ, Progress in Cryptology - Indocrypt 2006, LNCS, 4329 (2006), 148–175. doi: 10.1007/11941378_12. Google Scholar

[209]

N. Koblitz and A. Menezes, Another look at rovable security, J. Cryptology, 20 (2007), 3-37. doi: 10.1007/s00145-005-0432-z. Google Scholar

[210]

N. Koblitz and A. Menezes, Another look at generic groups, Advances in Math. Communications, 1 (2007), 13-28. doi: 10.3934/amc.2007.1.13. Google Scholar

[211]

N. Koblitz and A. Menezes, Another look at non-standard discrete log and Diffie-Hellman problems, J. Math. Cryptology, 2 (2008), 311-326. doi: 10.1515/JMC.2008.014. Google Scholar

[212]

N. Koblitz and A. Menezes, The brave new world of bodacious assumptions in cryptography, Notices of the Amer. Math. Soc., 57 (2010), 357-365. Google Scholar

[213]

N. Koblitz and A. Menezes, Intractible problems in cryptography, Finite Fields: Theory and Applications, Contemporary Mathematics, 518 (2010), 279-300. doi: 10.1090/conm/518/10212. Google Scholar

[214]

N. Koblitz and A. Menezes, Another look at HMAC, J. Math. Cryptology, 7 (2013), 225-251. doi: 10.1515/jmc-2013-5004. Google Scholar

[215]

N. Koblitz and A. Menezes, Another look at non-uniformity, Groups Complexity Cryptology, 5 (2013), 117-139. doi: 10.1515/gcc-2013-0008. Google Scholar

[216]

N. Koblitz and A. Menezes, Another look at security definitions, Advances in Math. Communications, 7 (2013), 1-38. doi: 10.3934/amc.2013.7.1. Google Scholar

[217]

N. Koblitz and A. Menezes, Another look at security theorems for 1-key nested MACs, in Ç. Koç, ed., Open Problems in Mathematics and Computational Science, Springer-Verlag, 2014, 69–89. Google Scholar

[218]

N. Koblitz and A. Menezes, The random oracle model: A twenty-year retrospective, Designs, Codes and Cryptography, 77 (2015), 587-610. doi: 10.1007/s10623-015-0094-2. Google Scholar

[219]

H. Krawczyk, The order of encryption and authentication for protecting communications (or: How secure is SSL?), Advances in Cryptology - Crypto 2001, LNCS, 2139 (2001), 310–331. doi: 10.1007/3-540-44647-8_19. Google Scholar

[220]

H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol, Advances in Cryptology - Crypto 2005, LNCS, 3621 (2005), 546–566. doi: 10.1007/11535218_33. Google Scholar

[221]

S. Kunz-Jacques, G. Martinet, G. Poupard and J. Stern, Cryptanalysis of an efficient proof of knowledge of discrete logarithm, Public Key Cryptography - PKC 2006, LNCS, 3958 (2006), 27–43. doi: 10.1007/11745853_3. Google Scholar

[222]

K. Kurosawa and W. Ogata, Efficient Rabin-type digital signature scheme, Designs, Codes and Cryptography, 16 (1999), 53-64. doi: 10.1023/A:1008374325369. Google Scholar

[223]

M. Lacharité, Security of BLS and BGLS signatures in a multi-user setting, Cryptography and Communications, 10 (2018), 41-58. doi: 10.1007/s12095-017-0253-6. Google Scholar

[224]

P. Lafrance and A. Menezes, On the security of the WOTS-PRF signature scheme, Advances in Math. Communications, 13 (2019), 185-193. doi: 10.3934/amc.2019012. Google Scholar

[225]

L. LawA. MenezesM. QuJ. Solinas and S. Vanstone, An efficient protocol for authenticated key agreement, Designs, Codes and Cryptography, 28 (2003), 119-134. doi: 10.1023/A:1022595222606. Google Scholar

[226]

G. Leurent, M. Nandi and F. Sibleyras, Generic attacks against beyond-birthday-bound MACs, Advances in Cryptology - Crypto 2018, LNCS, 10991 (2018), 306–336. Google Scholar

[227]

B. Libert and J. Quisquater, Efficient signcryption with key privacy from gap Diffie-Hellman groups, Public Key Cryptography - PKC 2004, LNCS, 2947 (2004), 187–200. doi: 10.1007/978-3-540-24632-9_14. Google Scholar

[228]

B. Libert and J. Quisquater, Improved signcryption from $q$-Diffie-Hellman problems, Security in Communication Networks - SCN 2004, LNCS, 3352 (2004), 220–234. doi: 10.1007/978-3-540-30598-9_16. Google Scholar

[229]

E. List and M. Nandi, Revisiting full-prf-secure PMAC and using it for beyond-birthday authenticated encryption, Topics in Cryptology - CT-RSA 2017, LNCS, 10159 (2017), 258–274. Google Scholar

[230]

A. Luykx, B. Mennink and K. Paterson, Analyzing multi-key security degradation, Advances in Cryptology - Asiacrypt 2017, LNCS, 10625 (2017), 575–605. Google Scholar

[231]

C. Ma, Efficient short signcryption scheme with public verifiability, Information Security and Cryptology - Inscrypt 2006, LNCS, 4318 (2006), 118–129. doi: 10.1007/11937807_10. Google Scholar

[232]

C. MaJ. WengY. Li and R. Deng, Efficient discrete logarithm based multi-signature scheme in the plain public key model, Designs, Codes and Cryptography, 54 (2010), 121-133. doi: 10.1007/s10623-009-9313-z. Google Scholar

[233]

J. Manger, A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1 v2.0, Advances in Cryptology - Crypto 2001, LNCS, 2139 (2001), 230–238. doi: 10.1007/3-540-44647-8_14. Google Scholar

[234]

D. McGrew and S. Fluhrer, The security of the extended codebook (XCB) mode of operation, Selected Areas in Cryptography - SAC 2007, LNCS, 4876 (2007), 311–327. doi: 10.1007/978-3-540-77360-3_20. Google Scholar

[235]

D. McGrew and J. Viega, The security and performance of the Galois/Counter Mode (GCM) of operation, Progress in Cryptology - Indocrypt 2004, LNCS, 3348 (2004), 343–355. doi: 10.1007/978-3-540-30556-9_27. Google Scholar

[236]

A. Menezes, Another look at HMQV, J. Math. Cryptology, 1 (2007), 47-64. doi: 10.1515/JMC.2007.004. Google Scholar

[237]

A. Menezes, Another look at provable security, Invited talk at Eurocrypt 2012, available at http://www.cs.bris.ac.uk/eurocrypt2012/Program/Weds/Menezes.pdf.Google Scholar

[238]

A. Menezes and N. Smart, Security of signature schemes in a multi-user setting, Designs, Codes and Cryptography, 33 (2004), 261-274. doi: 10.1023/B:DESI.0000036250.18062.3f. Google Scholar

[239]

A. Menezes and B. Ustaoglu, On the importance of public-key validation in the MQV and HMQV key agreement protocols, Progress in Cryptology - Indocrypt 2006, LNCS, 4329 (2006), 133–147. doi: 10.1007/11941378_11. Google Scholar

[240]

K. Minematsu, Parallelizable rate-1 authenticated encryption from pseudorandom functions, Advances in Cryptology - Eurocrypt 2014, LNCS, 8441 (2014), 275–292. doi: 10.1007/978-3-642-55220-5_16. Google Scholar

[241]

B. Möller, T. Duong and K. Kotowicz, The POODLE bites: Exploiting the SSL 3.0 fallback, 2014, available at http://www.openssl.org/~bodo/ssl-poodle.pdf.Google Scholar

[242]

Y. Naito, Full prf-secure message authentication code based on tweakable block cipher, International Conference on Provable Security - ProvSec 2015, LNCS, 9451 (2015), 167–182. doi: 10.1007/978-3-319-26059-4_9. Google Scholar

[243]

Y. Naito, Improved security bound of LightMAC_Plus and its single-key variant, Topics in Cryptology - CT-RSA 2018, LNCS, 10808 (2018), 300–318. Google Scholar

[244]

M. Nandi, Forging attacks on two authenticated encryption schemes COBRA and POET, Advances in Cryptology - Asiacrypt 2014, LNCS, 8873 (2014), 126–140. doi: 10.1007/978-3-662-45611-8_7. Google Scholar

[245]

M. Nandi, XLS is not a strong pseudorandom permutation, Advances in Cryptology - Asiacrypt 2014, LNCS, 8873 (2014), 478–490. doi: 10.1007/978-3-662-45611-8_25. Google Scholar

[246]

M. Nandi and T. Pandit, On the security of joint signature and encryption revisited, J. Math. Cryptology, 10 (2016), 181-221. doi: 10.1515/jmc-2015-0060. Google Scholar

[247]

T. Okamoto, E. Fujisaki and H. Morita, TSH-ESIGN: Efficient digital signature scheme using trisection hash, submission to IEEE P1363a, 1998.Google Scholar

[248]

C. O'Neil, Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy, Crown, 2016. Google Scholar

[249]

O. Pandey and Y. Rouselakis, Property preserving symmetric encryption, Advances in Cryptology - Eurocrypt 2012, LNCS, 7237 (2012), 375–391.Google Scholar

[250]

D. Park, K. Kim and P. Lee, Public-key encryption with conjunctive keyword search, WISA 2004, LNCS, 3325 (2004), 73–86. doi: 10.1007/978-3-540-31815-6_7. Google Scholar

[251]

K. Paterson, T. Ristenpart and T. Shrimpton, Tag size does matter: Attacks and proofs for the TLS record protocol, Advances in Cryptology - Asiacrypt 2011, LNCS, 7073 (2011), 372–389. doi: 10.1007/978-3-642-25385-0_20. Google Scholar

[252]

C. Peikert, 19 February 2015 blog posting, http://web.eecs.umich.edu/ ~cpeikert/soliloquy.html.Google Scholar

[253]

C. Peikert, 24 May 2018 pqc-forum, http://groups.google.com/a/list.nist.gov/forum/#!topic/pqc-forum/7H6wv-Xrp18.Google Scholar

[254]

K. Pietrzak, A tight bound for EMAC, Automata, Languages and Programming. Part II - ICALP 2006, LNCS, 4052 (2006), 168–179. doi: 10.1007/11787006_15. Google Scholar

[255]

A. Pinto, B. Poettering and J. Schuldt, Multi-recipient encryption, revisited, Proc. 9th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '14, 2014, 229–238. doi: 10.1145/2590296.2590329. Google Scholar

[256]

R. Poddar, T. Boelter and R. Popa, Arx: A strongly encrypted database system, available at http://eprint.iacr.org/2016/591.Google Scholar

[257]

D. Pointcheval and J. Stern, Security arguments for digital signatures and blind signatures, J. Cryptology, 13 (2000), 361-396. doi: 10.1007/s001450010003. Google Scholar

[258]

R. Popa and N. Zeldovich, Multi-key searchable encryption, available at http://eprint.iacr.org/2013/508.Google Scholar

[259]

O. Regev, On lattices, Learning with errors, random linear codes, and cryptography, Journal of the ACM, 56 (2009), Art. 34, 40 pp. doi: 10.1145/1568318.1568324. Google Scholar

[260]

T. Ristenpart and P. Rogaway, How to enrich the message space of a cipher, Fast Software Encryption - FSE 2007, LNCS, 4593 (2007), 101–118. doi: 10.1007/978-3-540-74619-5_7. Google Scholar

[261]

P. Rogaway, Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC, Advances in Cryptology - Asiacrypt 2004, LNCS, 3329 (2004), 16–31. doi: 10.1007/978-3-540-30539-2_2. Google Scholar

[262]

P. RogawayM. Bellare and J. Black, OCB: A block-cipher mode of operation for efficient authenticated encryption, ACM Transactions on Information and System Security, 6 (2003), 365-403. Google Scholar

[263]

P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem, Advances in Cryptology - Eurocrypt 2006, LNCS, 4004 (2006), 373–390. doi: 10.1007/11761679_23. Google Scholar

[264]

F. Salmon, Recipe for disaster: The formula that killed Wall Street, Wired Magazine, 17 (2009).Google Scholar

[265]

P. Sarkar, Pseudo-random functions and parallelizable modes of operations of a block cipher, IEEE Transactions on Information Theory, 56 (2010), 4025-4037. doi: 10.1109/TIT.2010.2050921. Google Scholar

[266]

C.-P. Schnorr, Efficient identification and signatures for smart cards, Advances in Cryptology - Crypto 1989, LNCS, 435 (1990), 239–252. doi: 10.1007/0-387-34805-0_22. Google Scholar

[267]

D. Schröder and D. Unruh, Security of blind signatures revisited, J. Cryptology, 30 (2017), 470-494. doi: 10.1007/s00145-015-9225-1. Google Scholar

[268]

W. Schroé, B. Mennink, E. Andreeva and B. Preneel, Forgery and subkey recovery on CAESAR candidate iFeed, Selected Areas in Cryptography - SAC 2015, LNCS, 9566 (2015), 197–204. doi: 10.1007/978-3-319-31301-6_11. Google Scholar

[269]

J. Seo and K. Emura, Revocable identity-based encryption revisited: Security model and construction, Public Key Cryptography - PKC 2013, LNCS, 7778 (2013), 216–234. doi: 10.1007/978-3-642-36362-7_14. Google Scholar

[270]

J. Shao and Z. Cao, CCA-secure proxy re-encryption without pairings, Public Key Cryptography - PKC 2009, LNCS, 5443 (2009), 357–376. doi: 10.1007/978-3-642-00468-1_20. Google Scholar

[271]

V. Shoup, Lower bounds for discrete logarithms and related problems, Advances in Cryptology - Eurocrypt 1997, LNCS, 1233 (1997), 256–266. doi: 10.1007/3-540-69053-0_18. Google Scholar

[272]

V. Shoup, Why chosen ciphertext security matters, IBM Research Report RZ 3076 (#93122), 23 November 1998.Google Scholar

[273]

V. Shoup, OAEP reconsidered, J. Cryptology, 15 (2002), 223-249. doi: 10.1007/s00145-002-0133-9. Google Scholar

[274]

V. Shoup, ISO/IEC 18033-2: 2006, Information Technology - Security Techniques - Encryption Algorithms - Part 2: Asymmetric Ciphers, 2006; final draft available at http://www.shoup.net/iso/std6.pdf.Google Scholar

[275]

A. Sidorenko and B. Schoenmakers, Concrete security of the Blum-Blum-Shub pseudorandom generator, Cryptography and Coding 2005, LNCS, 3796 (2005), 355–375. doi: 10.1007/11586821_24. Google Scholar

[276]

B. Snow, Telephone conversation with N. Koblitz, 7 May 2009.Google Scholar

[277]

A. Sokal, Transgressing the boundaries: Toward a transformative hermeneutics of quantum gravity, Social Text, 1996, 217–252. doi: 10.2307/466856. Google Scholar

[278]

D. Soldera, J. Seberry and C. Qu, The analysis of Zheng-Seberry scheme, ACISP 2002, LNCS, 2384 (2002), 159–168. doi: 10.1007/3-540-45450-0_13. Google Scholar

[279]

P. Soundararajan, Non-Constructivity in Security Proofs, Master's thesis, University of Waterloo, 2018.Google Scholar

[280]

J. Stern, D. Pointcheval, J. Malone-Lee and N. Smart, Flaws in applying proof methodologies to signature schemes, Advances in Cryptology - Crypto 2002, LNCS, 2442 (2002), 93–110. doi: 10.1007/3-540-45708-9_7. Google Scholar

[281]

J. Stillwell, Mathematics and Its History, 2nd ed., Springer-Verlag, 2002. doi: 10.1007/978-1-4684-9281-1. Google Scholar

[282]

C. Tan, On the security of signcryption scheme with key privacy, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E88-A (2005), 1093-1095. doi: 10.1016/j.ipl.2006.01.015. Google Scholar

[283]

C. Tan, Analysis of improved signcryption scheme with key privacy, Information Processing Letters, 99 (2006), 135-138. doi: 10.1016/j.ipl.2006.01.015. Google Scholar

[284]

C. Tan, Security analysis of signcryption scheme from $q$-Diffie-Hellman problems, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E89-A (2006), 206-208. doi: 10.1093/ietfec/e89-a.1.206. Google Scholar

[285]

C. Tan, Forgery of provable secure short signcryption scheme, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E90-A (2007), 1879-1880. doi: 10.1093/ietfec/e90-a.9.1879. Google Scholar

[286]

M. Tibouchi, Cryptographic multilinear maps: A status report, CRYPTREC-EX-2603-2016, January 2017, available at http://www.cryptrec.go.jp/estimation/cryptrec-ex-2603-2016.pdf.Google Scholar

[287]

S. Vaudenay, Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS, Advances in Cryptology - Eurocrypt 2002, LNCS, 2332 (2002), 534–545. doi: 10.1007/3-540-46035-7_35. Google Scholar

[288]

U. V. Vazirani and V. V. Vazirani, Efficient and secure pseudo-random number generation, Proc. 25th Annual IEEE Symposium on the Foundations of Computer Science - FOCS 1984, 1984, 458–463. doi: 10.1109/SFCS.1984.715948. Google Scholar

[289]

D. Wikström, Designated confirmer signatures revisited, Theory of Cryptography Conference - TCC 2007, LNCS, 4392 (2007), 342–361. doi: 10.1007/978-3-540-70936-7_19. Google Scholar

[290]

D. Wong and A. Chan, Efficient and mutually authenticated key exchange for low power computing devices, Advances in Cryptology - Asiacrypt 2001, LNCS, 2248 (2001), 272–289. doi: 10.1007/3-540-45682-1_17. Google Scholar

[291]

, Xbox 360 timing attack, http://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack.Google Scholar

[292]

L. Xi, K. Yang, Z. Zhang and D. Feng, DAA-related APIs in TPM 2.0 revisited, Trust and Trustworthy Computing - Trust 2014, LNCS, 8564 (2014), 1–18. doi: 10.1007/978-3-319-08593-7_1. Google Scholar

[293]

B. Yang, C. Chen, D. Bernstein and J. Chen, Analysis of QUAD, Fast Software Encryption - FSE 2007, LNCS, 4593 (2007), 290–308. doi: 10.1007/978-3-540-74619-5_19. Google Scholar

[294]

G. Yang, D. Wong and X. Deng, Analysis and improvement of a signcryption scheme with key privacy, Information Security - ISC 2005, LNCS, 3650 (2005), 218–232. doi: 10.1007/11556992_16. Google Scholar

[295]

A. Young and M. Yung, Malicious Cryptography: Exposing Cryptovirology, Wiley, 2004.Google Scholar

[296]

G. M. Zaverucha, Hybrid encryption in the multi-user setting, available at http://eprint.iacr.org/2012/159.Google Scholar

[297]

L. Zhang, W. Hu, H. Sui and P. Wang, iFeed[AES] v1, submission to CAESAR competition., Available at https://competitions.cr.yp.to/round1/ifeedaesv1.pdf.Google Scholar

[298]

J. Zhang, Z. Zhang, J. Ding, M. Snook and Ö. Dagdelen, Authenticated key exchange from ideal lattices, Advances in Cryptology - Eurocrypt 2015, LNCS, 9057 (2015), 719–751. doi: 10.1007/978-3-662-46803-6_24. Google Scholar

show all references

References:
[1]

M. Abdalla, et al., Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions, J. Cryptology, 21 (2008), 350-391. doi: 10.1007/s00145-007-9006-6. Google Scholar

[2]

M. Abdalla, M. Bellare and G. Neven, Robust encryption, Theory of Cryptography, 480–497, Lecture Notes in Comput. Sci., 5978, Springer, Berlin, 2010. doi: 10.1007/978-3-642-11799-2_28. Google Scholar

[3]

M. Abdalla, F. Benhamouda, A. Passelègue and K. Paterson, Related-key security for pseudorandom functions beyond the linear barrier, Advances in Cryptology–CRYPTO 2014. Part I, 77–94, Lecture Notes in Comput. Sci., 8616, Springer, Heidelberg, 2014. doi: 10.1007/978-3-662-44371-2_5. Google Scholar

[4]

M. Abe, A three-move blind signature scheme for polynomially many signatures, Advances in Cryptology - Eurocrypt 2001, 136–151, Lecture Notes in Comput. Sci., 2045, Springer, Berlin, 2001. doi: 10.1007/3-540-44987-6_9. Google Scholar

[5]

M. Abe and M. Ohkub, Provably secure fair blind signatures with tight revocation, Advances in Cryptology - Asiacrypt 2001, 583–601, Lecture Notes in Comput. Sci., 2248, Springer, Berlin, 2001. doi: 10.1007/3-540-45682-1_34. Google Scholar

[6]

M. Albrecht, P. Farshim, J. Faugère and L. Perret, Polly cracker, revisited, Advances in Cryptology - Asiacrypt 2011, 179–196, Lecture Notes in Comput. Sci., 7073, Springer, Heidelberg, 2011. doi: 10.1007/978-3-642-25385-0_10. Google Scholar

[7]

M. Albrecht, J. Faugère, R. Fitzpatrick, L. Perret, Y. Todo and K. Xagawa, Practical cryptanalysis of a public-key encryption scheme based on new multivariate quadratic assumptions, Public Key Cryptography - PKC 2014, 446–464, Lecture Notes in Comput. Sci., 8383, Springer, Heidelberg, 2014. doi: 10.1007/978-3-642-54631-0_26. Google Scholar

[8]

M. Albrecht and K. Paterson, Breaking an identity-based encryption scheme based on DHIES, Cryptography and Coding, 344–355, Lecture Notes in Comput. Sci., 7089, Springer, Heidelberg, 2011. doi: 10.1007/978-3-642-25516-8_21. Google Scholar

[9]

W. AlexiB. ChorO. Goldreich and C. P. Schnorr, RSA and Rabin functions: Certain parts are as hard as the whole, SIAM J. Computing, 17 (1988), 194-209. doi: 10.1137/0217013. Google Scholar

[10]

N. AlFardan and K. Paterson, Lucky thirteen: Breaking the TLS and DTLS record protocols, Proc. 2013 IEEE Symposium on Security and Privacy, 526–540.Google Scholar

[11]

E. Alkim, N. Bindel, J. Buchmann and Ö. Dagdelen, TESLA: Tightly-secure efficient signatures from standard lattices, version 20150730: 095248, available at http://eprint.iacr.org/2015/755.Google Scholar

[12]

E. Alkim, N. Bindel, J. Buchmann, Ö. Dagdelen, E. Eaton, G. Gutoski, J. Krämer and F. Pawlega, Revisiting TESLA in the quantum random oracle model, Post-Quantum Cryptography, 143–162, Lecture Notes in Comput. Sci., 10346, Springer, Cham, 2017. Google Scholar

[13]

M. Ambrona, G. Barthe, R. Gay and H. Wee, Attribute-based encryption in the generic group model: Automated proofs and new constructions, Proc. 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17, 2017, 647–664. doi: 10.1145/3133956.3134088. Google Scholar

[14]

M. Ambrona, G. Barthe and B. Schmidt, Automated unbounded analysis of cryptographic constructions in the generic group model, Advances in Cryptology–EUROCRYPT 2016. Part II, 822–851, Lecture Notes in Comput. Sci., 9666, Springer, Berlin, 2016. doi: 10.1007/978-3-662-49896-5_29. Google Scholar

[15]

J. An, Y. Dodis and T. Rabin, On the security of joint signature and encryption, Advances in Cryptology - Eurocrypt 2002, 83–107, Lecture Notes in Comput. Sci., 2332, Springer, Berlin, 2002. doi: 10.1007/3-540-46035-7_6. Google Scholar

[16]

E. AndreevaA. LuykxB. Mennink and K. Yasuda, COBRA: A parallelizable authenticated online cipher without block cipher inverse, Fast Software Encryption - FSE 2014, 8540 (2014), 187-204. doi: 10.1007/978-3-662-46706-0_10. Google Scholar

[17]

M. Backes and D. Hofheinz, How to break and repair a universally composable signature functionality, Information Security - ISC 2004, LNCS, 3225 (2004), 61–72. doi: 10.1007/978-3-540-30144-8_6. Google Scholar

[18]

C. Bader, D. Hofheinz, T. Jager, E. Kiltz and Y. Li, Tightly-secure authenticated key exchange, Theory of Cryptography, 629–658, Lecture Notes in Comput. Sci., 9014, Springer, Heidelberg, 2015. doi: 10.1007/978-3-662-46494-6_26. Google Scholar

[19]

J. Baek and Y. Zheng, Zheng and Seberry's public key encryption scheme revisited, International Journal of Information Security, 2 (2003), 37-44. doi: 10.1007/s10207-003-0023-7. Google Scholar

[20]

A. Bagherzandi, J. Cheon and S. Jarecki, Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma, Proc. Fifteenth ACM Conference on Computer and Communications Security - CCS '08, 449–458.Google Scholar

[21]

S. Bai and S. Galbraith, An improved compression technique for signatures based on learning with errors, Topics in Cryptology - CT-RSA 2014, 28–47, Lecture Notes in Comput. Sci., 8366, Springer, Cham, 2014. doi: 10.1007/978-3-319-04852-9_2. Google Scholar

[22]

E. Bangerter, J. Camenisch and U. Maurer, Efficient proofs of knowledge of discrete logarithms and representations in groups with hidden order, Public Key Cryptography - PKC 2005, LNCS, 3386 (2005), 154–171. doi: 10.1007/978-3-540-30580-4_11. Google Scholar

[23]

G. Barthe, J. Crespo, B. Grégoire, C. Kunz, Y. Lakhnech, B. Schmidt and S. Zanella-Béguelin, Fully automated analysis of padding-based encryption in the computational model, Proc. 2013 ACM SIGSAC Conference on Computer and Communications Security - CCS '13, 2013, 1247–1260. doi: 10.1145/2508859.2516663. Google Scholar

[24]

G. Barthe, X. Fan, J. Gancher, B. Grégoire, C. Jacomme and E. Shi, Symbolic proofs for lattice-based cryptography, Proc. 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18, 2018, 538–555. doi: 10.1145/3243734.3243825. Google Scholar

[25]

M. Bellare, Practice-oriented provable-security, Proc. First International Workshop on Information Security - ISW 1997, LNCS, 1396 (1997), 221–231.Google Scholar

[26]

M. Bellare, New proofs for NMAC and HMAC: Security without collision-resistance, Advances in Cryptology - Crypto 2006, LNCS, 4117 (2006), 602–619. doi: 10.1007/11818175_36. Google Scholar

[27]

M. Bellare, Email to N. Koblitz, 24 February 2012.Google Scholar

[28]

M. Bellare, New proofs for NMAC and HMAC: Security without collision-resistance, J. Cryptology, 28 (2015), 844-878. doi: 10.1007/s00145-014-9185-x. Google Scholar

[29]

M. Bellare, D. Bernstein and S. Tessaro, Hash-function based PRFs: AMAC and its multi-user security, Advances in Cryptology - Eurocrypt 2016, LNCS, 9665 (2016), 566–595. doi: 10.1007/978-3-662-49890-3_22. Google Scholar

[30]

M. Bellare, A. Boldyreva and A. O'Neill, Deterministic and efficiently searchable encryption, Advances in Cryptology - Crypto 2007, LNCS, 4622 (2007), 535–552. doi: 10.1007/978-3-540-74143-5_30. Google Scholar

[31]

M. Bellare, A. Boldyreva and J. Staddon, Randomness re-use in multi-recipient encryption schemes, Public Key Cryptography - PKC 2003, LNCS, 2567 (2002), 85–99. doi: 10.1007/3-540-36288-6_7. Google Scholar

[32]

M. Bellare, R. Canetti and H. Krawczyk, Keying hash functions for message authentication, Advances in Cryptology - Crypto 1996, LNCS, 1109 (1996), 1–15. doi: 10.1007/3-540-68697-5_1. Google Scholar

[33]

M. Bellare, R. Canetti and H. Krawczyk, HMAC: Keyed-hashing for message authentication, Internet RFC 2104, 1997.Google Scholar

[34]

M. Bellare, R. Canetti and H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols, Proc. 30th Annual ACM Symposium on Theory of Computing - STOC 1998, 1998, 419–428.Google Scholar

[35]

M. Bellare and D. Cash, Pseudorandom functions and permutations provably secure against related-key attacks, Advances in Cryptology - Crypto 2010, LNCS, 6223 (2010), 666–684. doi: 10.1007/978-3-642-14623-7_36. Google Scholar

[36]

M. Bellare, J. Garay and T. Rabin, Fast batch verification for modular exponentiation and digital signatures, Advances in Cryptology - Eurocrypt 1998, LNCS, 1403 (1998), 236–250. doi: 10.1007/BFb0054130. Google Scholar

[37]

M. Bellare, J. Garay and T. Rabin, Fast batch verification for modular exponentiation and digital signatures, available at http://eprint.iacr.org/1998/007.Google Scholar

[38]

M. Bellare, O. Goldreich and A. Mityagin, The power of verification queries in message authentication and authenticated encryption, http://eprint.iacr.org/2004/309.Google Scholar

[39]

M. BellareD. Hofheinz and E. Kiltz, Subtleties in the definition of IND-CCA: When and how should challenge decryption be disallowed?, J. Cryptology, 28 (2015), 29-48. doi: 10.1007/s00145-013-9167-4. Google Scholar

[40]

M. Bellare, C. Nanprempre and G. Neven, Unrestricted aggregate signatures, Automata, Languages, and Programming - ICALP 2007, LNCS, 4596 (2007), 411–422. doi: 10.1007/978-3-540-73420-8_37. Google Scholar

[41]

M. BellareC. NamprempreD. Pointcheval and M. Semanko, The one-more-RSA inversion problems and the security of Chaum's blind signature scheme, J. Cryptology, 16 (2003), 185-215. doi: 10.1007/s00145-002-0120-1. Google Scholar

[42]

M. Bellare and A. Palacio, GQ and Schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks, Advances in Cryptology - Crypto 2002, LNCS, 2442 (2002), 162–177. doi: 10.1007/3-540-45708-9_11. Google Scholar

[43]

M. Bellare, K. Paterson and P. Rogaway, Security of symmetric encryption against mass surveillance, Advances in Cryptology - Crypto 2014, LNCS, 8616 (2014), 1–19. doi: 10.1007/978-3-662-44371-2_1. Google Scholar

[44]

M. Bellare, K. Pietrzak and P. Rogaway, Improved security analyses for CBC MACs, Advances in Cryptology - Crypto 2005, LNCS, 3621 (2005), 527–545. doi: 10.1007/11535218_32. Google Scholar

[45]

M. Bellare and P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, Proc. First ACM Conference on Computer and Communications Security - CCS '93, 1993, 62–73. doi: 10.1145/168588.168596. Google Scholar

[46]

M. Bellare and P. Rogaway, Optimal asymmetric encryption, Advances in Cryptology - Eurocrypt 1994, LNCS, 950 (1995), 92–111. doi: 10.1007/BFb0053428. Google Scholar

[47]

M. Bellare and P. Rogaway, The security of triple encryption and a framework for code-based gameplaying proofs, Advances in Cryptology - Eurocrypt 2006, LNCS, 4004 (2006), 409–426. doi: 10.1007/11761679_25. Google Scholar

[48]

C. Berbain, H. Gilbert and J. Patarin, QUAD: A practical stream cipher with provable security, Advances in Cryptology - Eurocrypt 2006, LNCS, 4004 (2004), 109–128. doi: 10.1007/11761679_8. Google Scholar

[49]

C. BerbainH. Gilbert and J. Patarin, QUAD: A multivariate stream cipher with provable security, Journal of Symbolic Computation, 44 (2009), 1703-1723. doi: 10.1016/j.jsc.2008.10.004. Google Scholar

[50]

D. BernhardG. FuchsbauerE. GhadafiN. Smart and B. Warinschi, Anonymous attestation with user-controlled linkability, International Journal of Information Security, 12 (2013), 219-249. doi: 10.1007/s10207-013-0191-z. Google Scholar

[51]

D. Bernstein, email to hash-forum@nist.gov, 2 March 2007.Google Scholar

[52]

D. Bernstein, Proving tight security for Rabin-Williams signatures, Advances in Cryptology - Eurocrypt 2008, LNCS, 4965 (2008), 70–87. doi: 10.1007/978-3-540-78967-3_5. Google Scholar

[53]

D. Bernstein, Multi-user Schnorr, revisited, available at http://eprint.iacr.org/2015/996.Google Scholar

[54]

D. Bernstein et al., SPHINCS+: Submission to the NIST post-quantum project, 30 November 2017, available at http://sphincs.org/data/sphincs+-specification.pdf.Google Scholar

[55]

D. Bernstein and T. Lange, Never trust a bunny, Radio Frequency Identification: Security and Privacy Issues - RFIDSec 2012, LNCS, 7739 (2012), 137–148. doi: 10.1007/978-3-642-36140-1_10. Google Scholar

[56]

D. Bernstein and E. Persichetti, Towards KEM unification, available at http://eprint.iacr.org/2018/526.Google Scholar

[57]

K. Bhargavan, B. Blanchet and N. Kobeissi, Verified models and reference implementations for the TLS 1.3 standard candidate, Proc. 2017 IEEE Symposium on Security and Privacy, 2017, 483–502. doi: 10.1109/SP.2017.26. Google Scholar

[58]

K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti and P. Strub, Implementing TLS with verified cryptographic security, Proc. 2013 IEEE Symposium on Security and Privacy, 2013, 445–459. doi: 10.1109/SP.2013.37. Google Scholar

[59]

S. Blake-Wilson and A. Menezes, Unknown key-share attacks on the station-to-station (STS) protocol, Public Key Cryptography - PKC 1999, LNCS, 1560 (1999), 156–170. doi: 10.1007/3-540-49162-7_12. Google Scholar

[60]

B. Blanchet and D. Pointcheval, Automated security proofs with sequences of games, Advances in Cryptology - Crypto 2006, LNCS, 4117 (2006), 537–554. doi: 10.1007/11818175_32. Google Scholar

[61]

L. BlumM. Blum and M. Shub, A simple unpredictable pseudo-random number generator, SIAM J. Computing, 15 (1986), 364-383. doi: 10.1137/0215025. Google Scholar

[62]

J. BohliM. Vasco and R. Steinwandt, Secure group key establishment revisited, International Journal of Information Security, 6 (2007), 243-254. doi: 10.1007/s10207-007-0018-x. Google Scholar

[63]

A. Boldyreva, Efficient threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme, Public Key Cryptography - PKC 2003, LNCS, 2567 (2002), 31–46. doi: 10.1007/3-540-36288-6_3. Google Scholar

[64]

A. Boldyreva, N. Chenette, Y. Lee and A. O'Neill, Order-preserving symmetric encryption, Advances in Cryptology - Eurocrypt 2009, LNCS, 5479 (2009), 224–241. doi: 10.1007/978-3-642-01001-9_13. Google Scholar

[65]

A. Boldyreva, C. Gentry, A. O'Neill and D. H. Yum, Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing, Proc. 14th ACM Conference on Computer and Communications Security - CCS '07, 2007, 276–285; full version available at http://eprint.iacr.org/2007/438. doi: 10.1145/1315245.1315280. Google Scholar

[66]

A. Boldyreva, V. Goyal and V. Kumar, Identity-based encryption with efficient revocation, Proc. Fifteenth ACM Conference on Computer and Communications Security - CCS '08, 2008, 417–426. doi: 10.1145/1455770.1455823. Google Scholar

[67]

D. Boneh and X. Boyen, Short signatures without random oracles, Advances in Cryptology - Eurocrypt 2004, LNCS, 3027 (2004), 56–73. doi: 10.1007/978-3-540-24676-3_4. Google Scholar

[68]

D. Boneh, G. Di Crescenzo, R. Ostrovsky and G. Persiano, Public key encryption with keyword search, Advances in Cryptology - Eurocrypt 2004, LNCS, 3027 (2004), 506–522. doi: 10.1007/978-3-540-24676-3_30. Google Scholar

[69]

D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, SIAM J. Computing, 32 (2003), 586-615. doi: 10.1137/S0097539701398521. Google Scholar

[70]

R. Bost and O. Sanders, Trick or tweak: On the (in)security of OTR's tweaks, Advances in Cryptology - Asiacrypt 2016, LNCS, 10031 (2016), 333–353. doi: 10.1007/978-3-662-53887-6_12. Google Scholar

[71]

M. Boyarsky, Public-key cryptography and password protocols: The multi-user case, Proc. 6th ACM Conference on Computer and Communications Security - CCS '99, 1999, 63–72. doi: 10.1145/319709.319719. Google Scholar

[72]

C. Boyd and J. Nieto, Round-optimal contributory conference key agreement, Public Key Cryptography - PKC 2003, LNCS, 2567 (2003), 161–174. doi: 10.1007/3-540-36288-6_12. Google Scholar

[73]

C. Boyd and C. Pavlovski, Attacking and repairing batch verification schemes, Advances in Cryptology - Asiacrypt 2000, LNCS, 1976 (2000), 58–71. doi: 10.1007/3-540-44448-3_5. Google Scholar

[74]

E. Bresson, O. Chevassut and D. Pointcheval, Provably authenticated group Diffie-Hellman key exchange - the dynamic case, Advances in Cryptology - Asiacrypt 2001, LNCS, 2248 (2001), 290–309. doi: 10.1007/3-540-45682-1_18. Google Scholar

[75]

E. Bresson, O. Chevassut, D. Pointcheval and J. Quisquater, Provably authenticated group Diffie-Hellman key exchange, Proc. 8th ACM Conference on Computer and Communications Security - CCS '01, 2001, 255–264. doi: 10.1145/501983.502018. Google Scholar

[76]

E. Brickell, J. Camenisch and L. Chen, Direct anonymous attestation, Proc. 11th ACM Conference on Computer and Communications Security - CCS '04, 2004, 132–145. doi: 10.1145/1030083.1030103. Google Scholar

[77]

E. BrickellL. Chen and J. Li, Simplified security notions for direct anonymous attestation and a concrete scheme from pairings, International Journal of Information Security, 8 (2009), 315-330. doi: 10.1007/s10207-009-0076-3. Google Scholar

[78]

E. Brickell and J. Li, A pairing-based DAA scheme further reducing TPM resources, Trust and Trustworthy Computing - Trust 2010, LNCS, 6101 (2010), 181–195. doi: 10.1007/978-3-642-13869-0_12. Google Scholar

[79]

J. Bringer and H. Chabanne, Trusted-HB: A low-cost version of HB+ secure against man-in-the-middle attacks, IEEE Transactions on Information Theory, 54 (2008), 4339-4342. doi: 10.1109/TIT.2008.928290. Google Scholar

[80]

J. BuchmannE. DahmenS. ErethA. Hülsing and M. Rückert, On the security of the Winternitz one-time signature scheme, International Journal of Applied Cryptography, 3 (2013), 84-96. doi: 10.1504/IJACT.2013.053435. Google Scholar

[81]

J. Camenisch, M. Drijvers and A. Lehmann, Anonymous attestation using the strong Diffie-Hellman assumption revisited, Trust and Trustworthy Computing - Trust 2016, LNCS, 9824 (2016), 1–20. doi: 10.1007/978-3-319-45572-3_1. Google Scholar

[82]

J. Camenisch, M. Drijvers and A. Lehmann, Universally composable direct anonymous attestation, Public Key Cryptography - PKC 2016, LNCS, 9615 (2016), 234–264. doi: 10.1007/978-3-662-49387-8_10. Google Scholar

[83]

J. Camenisch and M. Michels, Confirmer signature schemes secure against adaptive adversaries, Advances in Cryptology - Eurocrypt 2000, LNCS, 1807 (2000), 243–258. doi: 10.1007/3-540-45539-6_17. Google Scholar

[84]

R. CanettiO. Goldreich and S. Halevi, The random oracle methodology, revisited, Journal of the ACM, 51 (2004), 557-594. doi: 10.1145/1008731.1008734. Google Scholar

[85]

R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels, Advances in Cryptology - Eurocrypt 2001, LNCS, 2045 (2001), 453–474. doi: 10.1007/3-540-44987-6_28. Google Scholar

[86]

R. Canetti and H. Krawczyk, Universally composable notions of key exchange and secure channels, Advances in Cryptology - Eurocrypt 2002, LNCS, 2332 (2002), 337–351. doi: 10.1007/3-540-46035-7_22. Google Scholar

[87]

R. Canetti and H. Krawczyk, Security analysis of IKE's signature-based key-exchange protocol, Advances in Cryptology - Crypto 2002, LNCS, 2442 (2002), 143–161. doi: 10.1007/3-540-45708-9_10. Google Scholar

[88]

R. Canetti and T. Rabin, Universal composition with joint state, Advances in Cryptology - Ceypto 2003, LNCS, 2729 (2003), 265–281; extended version 20020419: 032235 available at http://eprint.iacr.org/2002/047. doi: 10.1007/978-3-540-45146-4_16. Google Scholar

[89]

B. Canvel, A. Hiltgen, S. Vaudenay and M. Vuagnoux, Password interception in a SSL/TLS channel, Advances in Cryptology - Crypto 2003, LNCS, 2729 (2003), 583–599. doi: 10.1007/978-3-540-45146-4_34. Google Scholar

[90]

D. ChakrabortyV. Hernández-Jiménez and P. Sarkar, Another look at XCB, Cryptography and Communications, 7 (2015), 439-468. doi: 10.1007/s12095-015-0127-8. Google Scholar

[91]

D. Chakraborty and M. Nandi, ttacks on the authenticated encryption mode of operation PAE, IEEE Transactions on Information Theory, 61 (2015), 5636-5624. doi: 10.1109/TIT.2015.2461532. Google Scholar

[92]

D. Chakraborty and P. Sarkar, On modes of operations of a block cipher for authentication and authenticated encryption, Cryptography and Communications, 8 (2016), 455-511. doi: 10.1007/s12095-015-0153-6. Google Scholar

[93]

H. Chan, A. Perrig and D. Song, Secure hierarchical in-network aggregation in sensor networks, Proc. 13th ACM Conference on Computer and Communications Security - CCS '06, 2006, 278–287. doi: 10.1145/1180405.1180440. Google Scholar

[94]

D. Chang, M. Nandi and M. Yung, On the security of hash functions employing blockcipher postprocessing, Fast Software Encryption - FSE 2011, LNCS, 6733 (2011), 146–166. doi: 10.1007/978-3-642-21702-9_9. Google Scholar

[95]

S. Chatterjee and M. Das, Property preserving symmetric encryption revisited, Advances in Cryptology - Asiacrypt 2015, LNCS, 9453 (2015), 658–682. doi: 10.1007/978-3-662-48800-3_27. Google Scholar

[96]

S. Chatterjee, C. Kamath and V. Kumar, Galindo-Garcia identity-based signature revisited, Information Security and Cryptology - ISC 2012, LNCS, 7839 (2012), 456–471. doi: 10.1007/978-3-642-37682-5_32. Google Scholar

[97]

S. ChatterjeeK. Karabina and A. Menezes, Fault attacks on pairing-based protocols revisited, IEEE Transactions on Computers, 64 (2015), 1707-1714. Google Scholar

[98]

S. Chatterjee, N. Koblitz, A. Menezes and P. Sarkar, Another look at tightness Ⅱ: Practical issues in cryptography, Paradigms in Cryptology - Mycrypt 2016, LNCS, 10311 (2016), 21–55. doi: 10.1007/978-3-319-61273-7_3. Google Scholar

[99]

S. Chatterjee, A. Menezes and P. Sarkar, Another look at tightness, Selected Areas in Cryptography - SAC 2011, LNCS, 7118 (2012), 293–319. doi: 10.1007/978-3-642-28496-0_18. Google Scholar

[100]

L. Chen, A DAA scheme requiring less TPM resources, Information Security and Cryptology - Inscrypt 2009, LNCS, 6151 (2009), 350–365. doi: 10.1007/978-3-642-16342-5_26. Google Scholar

[101]

Y. Chen, M. Charlemagne, Z. Guan, J. Hu and Z. Chen, Identity-based encryption based on DHIES, Proc. 5th ACM Symposium on Information, Computer and Communications Security - ASIA CCS 2010, 2010, 82–88. doi: 10.1145/1755688.1755699. Google Scholar

[102]

L. ChenZ. Cheng and N. Smart, Identity-based key agreement protocols from pairings, International Journal of Information Security, 6 (2007), 213-241. doi: 10.1007/s10207-006-0011-9. Google Scholar

[103]

L. Chen and C. Kudla, Identity based authenticated key agreement protocols from pairings, Proc. 16th IEEE Computer Security Foundations Workshop, 2003, 219–233. doi: 10.1109/CSFW.2003.1212715. Google Scholar

[104]

L. Chen and J. Li, A note on the Chen-Morrissey-Smart DAA scheme, Information Processing Letters, 110 (2010), 485-488. doi: 10.1016/j.ipl.2010.04.017. Google Scholar

[105]

L. Chen and J. Li, Flexible and scalable digital signatures in TPM 2.0, Proc. 2013 ACM SIGSAC Conference on Computer and Communications Security - CCS '13, 2013, 37–48. doi: 10.1145/2508859.2516729. Google Scholar

[106]

L. Chen, P. Morrissey and N. Smart, Pairings in trusted computing, Pairing-Based Cryptography - Pairing 2008, LNCS, 5209 (2008), 1–17. doi: 10.1007/978-3-540-85538-5_1. Google Scholar

[107]

L. Chen, P. Morrissey and N. Smart, On proofs of security for DAA schemes, International Conference on Provable Security - ProvSec 2008, LNCS, 5324 (2008), 156–175. doi: 10.1007/978-3-540-88733-1_11. Google Scholar

[108]

L. Chen, D. Page and N. Smart, On the design and implementation of an efficient DAA scheme, Smart Card Research and Advanced Applications - CARDIS 2010, LNCS, 6035 (2010), 223–237. doi: 10.1007/978-3-642-12510-2_16. Google Scholar

[109]

J. Cheon, P. Fouque, C. Lee, B. Minaud and H. Ryu, Cryptanalysis of the new CLT multilinear map over the integers, Advances in Cryptology - Eurocrypt 2016, LNCS, 9665 (2016), 509–536. doi: 10.1007/978-3-662-49890-3_20. Google Scholar

[110]

J. Cheon, K. Han, C. Lee, H. Ryu and D. Stehlé, Cryptanalysis of the multilinear map over the integers, Advances in Cryptology - Eurocrypt 2015, LNCS, 9056 (2015), 3–12. doi: 10.1007/978-3-662-46800-5_1. Google Scholar

[111]

J. Cheon, H. Lee and J. Seo, A new additive homomorphic encryption based on the co-ACD problem, Proc. 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14, (2014), 287–298. doi: 10.1145/2660267.2660335. Google Scholar

[112]

K. Choo, C. Boyd and Y. Hitchcock, Errors in computational complexity proofs for protocols, Advances in Cryptology - Asiacrypt 2005, LNCS, 3788 (2005), 624–643. doi: 10.1007/11593447_34. Google Scholar

[113]

S. Chow, J. Weng, Y. Yang and R. Deng, Efficient unidirectional proxy re-encryption, Progress in Cryptology - Africacrypt 2010, LNCS, 6055 (2010), 316–332. doi: 10.1007/978-3-642-12678-9_19. Google Scholar

[114]

S. Coretti, Y. Dodis, S. Guo and J. Steinberger, Random oracles and non-uniformity, Advances in Cryptology - Eurocrypt 2018, LNCS, 10820 (2018), 227–258. Google Scholar

[115]

J.-S. Coron, On the exact security of full domain hash, Advances in Cryptology - Crypto 2000, LNCS, 1880 (2000), 229–235. doi: 10.1007/3-540-44598-6_14. Google Scholar

[116]

J.-S. Coron, Optimal security proofs for PSS and other signature schemes, Advances in Cryptology - Eurocrypt 2002, LNCS, 2332 (2002), 272–287. doi: 10.1007/3-540-46035-7_18. Google Scholar

[117]

J.-S. Coron, Y. Dodis, C. Malinaud and P. Puniya, Merkle-Damgård revisited: How to construct a hash function, Advances in Cryptology - Crypto 2005, LNCS, 3621 (2005), 430–448. doi: 10.1007/11535218_26. Google Scholar

[118]

J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval and C. Tymen, GEM: A generic chosen-ciphertext secure encryption method, Topics in Cryptology - CT-RSA 2002, LNCS, 2271 (2002), 263–276. doi: 10.1007/3-540-45760-7_18. Google Scholar

[119]

J.-S. CoronT. HolensteinR. KünzlerJ. PatarinY. Seurin and S. Tessaro, How to build an ideal cipher: The indifferentiability of the Feistel construction, J. Cryptology, 29 (2016), 61-114. doi: 10.1007/s00145-014-9189-6. Google Scholar

[120]

J.-S. Coron, A. Joux, A. Mandal, D. Naccache and M. Tibouchi, Cryptanalysis of the RSA subgroup assumption from TCC 2005, Public Key Cryptography - PKC 2011, LNCS, 6571 (2011), 147–155. doi: 10.1007/978-3-642-19379-8_9. Google Scholar

[121]

J.-S. Coron, M. Lee, T. Lepoint and M. Tibouchi, Cryptanalysis of GGH15 multilinear maps, Advances in Cryptology - Crypto 2016, LNCS, 9815 (2016), 607–628. doi: 10.1007/978-3-662-53008-5_21. Google Scholar

[122]

J.-S. Coron, T. Lepoint and M. Tibouchi, Practical multilinear maps over the integers, Advances in Cryptology - Crypto 2013, LNCS, 8042 (2013), 476–493. doi: 10.1007/978-3-642-40041-4_26. Google Scholar

[123]

J.-S. Coron, T. Lepoint and M. Tibouchi, New multilinear maps over the integers, Advances in Cryptology - Crypto 2015, LNCS, 9215 (2015), 267–286. doi: 10.1007/978-3-662-47989-6_13. Google Scholar

[124]

J.-S. Coron and D. Naccache, On the security of RSA screening, Public Key Cryptography - PKC 1999, LNCS, 1560 (1999), 197–203. doi: 10.1007/3-540-49162-7_15. Google Scholar

[125]

J.-S. Coron, J. Patarin and Y. Seurin, The random oracle model and the ideal cipher model are equivalent, Advances in Cryptology - Crypto 2008, LNCS, 5157 (2008), 1–20. doi: 10.1007/978-3-540-85174-5_1. Google Scholar

[126]

C. Cremers, M. Horvat, J. Hoyland, S. Scott and T. van der Merwe, A comprehensive symbolic analysis of TLS 1.3, Proc. 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17, 2017, 1773–1788.Google Scholar

[127]

R. De MilloR. Lipton and A. Perlis, Social processes and proofs of theorems and programs, Program Verification, 14 (1993), 297-319. doi: 10.1007/978-94-011-1793-7_14. Google Scholar

[128]

J. Degabriele, P. Farshim and B. Poettering, A more cautious approach to security against mass surveillance, Fast Software Encryption - FSE 2015, LNCS, 9054 (2015), 579–598. doi: 10.1007/978-3-662-48116-5_28. Google Scholar

[129]

J. DegabrieleK. Paterson and G. Watson, Provable security in the real world, IEEE Security & Privacy, 9 (2011), 33-41. doi: 10.1109/MSP.2010.200. Google Scholar

[130]

Y. Dodis, T. Ristenpart, and T. Shrimpton, Salvaging Merkle-Damgård for practical applications, Advanced in Cryptology - Eurocrypt 2009, LNCS, 5479 (2009), 371–388. doi: 10.1007/978-3-642-01001-9_22. Google Scholar

[131]

D. DolevC. Dwork and M. Naor, Non-malleable cryptography, SIAM J. Computing, 30 (2000), 391-437. doi: 10.1137/S0097539795291562. Google Scholar

[132]

M. Drijvers, K. Edalatnejad, B. Ford, E. Kiltz, J. Loss, G. Neven and I. Stepanovs, On the security of two-round multi-signatures, available at http://eprint.iacr.org/2018/417.Google Scholar

[133]

N. Drucker and S. Gueron, Selfie: Reflections on TLS 1.3 with PSK, available at http://eprint.iacr.org/2019/347.Google Scholar

[134]

T. Duong and J. Rizzo, BEAST: A surprising crypto attack against https, 2012, available at http://antoanthongtin.vn/Portals/0/TempUpload/pProceedings/2014/9/26/tetcon2012_juliano_beast.pdf.Google Scholar

[135]

D. Eastlake, S. Crocker and J. Schiller, RFC 1750 - Randomness Recommendations for Security, available at http://www.ietf.org/rfc/rfc1750.txt.Google Scholar

[136]

O. Eikemeier et al., History-free aggregate message authentication codes, Security and Cryptography for Networks - SCN 2010, LNCS, 6280 (2010), 309–328.Google Scholar

[137]

J. Fan, X. Guo, E. De Mulder, P. Schaumont, B. Preneel and I. Verbauwhede, State-of-the-art of secure ECC implementations: A survey of known side-channel attacks and countermeasures, IEEE International Symposium on Hardware-Oriented Security and Trust - HOST 2010, 2010, 76–87. doi: 10.1109/HST.2010.5513110. Google Scholar

[138]

P. Farshim, B. Libert, K. Paterson and E. Quaglia, Robust encryption, revisited, Public Key Cryptography - PKC 2013, LNCS, 7788 (2013), 352–368. doi: 10.1007/978-3-642-36362-7_22. Google Scholar

[139]

S. Fehr, D. Hofheinz, E. Kiltz and H. Wee, Encryption schemes secure against chosen-ciphertext selective opening attacks, Advances in Cryptology - Eurocrypt 2010, LNCS, 6110 (2010), 381–402. doi: 10.1007/978-3-642-13190-5_20. Google Scholar

[140]

M. Fischlin and F. Günther, Replay attacks on zero round-trip time: The case of TLS 1.3 handshake candidates, Proc. 2017 IEEE European Symposium on Security and Privacy, 2017, 60–75. doi: 10.1109/EuroSP.2017.18. Google Scholar

[141]

C. Forler, E. List, S. Lucks and J. Wenzel, POEx: A beyond-birthday-bound-secure on-line cipher, Cryptogr. Commun., 10 (2018), 177–193, available at http://www.researchgate.net/publication/299565944. doi: 10.1007/s12095-017-0250-9. Google Scholar

[142]

P. Fouque, M. Lee, T. Lepoint and M. Tibouchi, Cryptanalysis of the co-ACD assumption, Advances in Cryptology - Crypto 2015, LNCS, 9215 (2015), 561–580. doi: 10.1007/978-3-662-47989-6_27. Google Scholar

[143]

D. Freedman, Lies, damned lies, and medical science, The Atlantic, 306 (2010), 76-84. Google Scholar

[144]

D. Frumkin and A. Shamir, Un-trusted-HB: Security vulnerabilities of trusted-HB, available at http://eprint.iacr.org/2009/044.Google Scholar

[145]

G. Fuchsbauer, Breaking existential unforgeability of a signature scheme from Asiacrypt 2014, available at http://eprint.iacr.org/2014/892.Google Scholar

[146]

G. Fuchsbauer, C. Hanser, C. Kamath and D. Slamanig, Practical round-optimal blind signatures in the standard model from weaker assumptions, Security and Cryptography for Networks - SCN 2016, LNCS, 9841 (2016), 391–408. doi: 10.1007/978-3-319-44618-9_21. Google Scholar

[147]

G. Fuchsbauer, C. Hanser and D. Slamanig, Practical round-optimal blind signatures in the standard model, Advances in Cryptology - Crypto 2015, LNCS, 9216 (2015), 233–253. doi: 10.1007/978-3-662-48000-7_12. Google Scholar

[148]

G. FuchsbauerC. Hanser and D. Slamanig, Structure-preserving signatures on equivalence classes and constant-size anonymous credentials, J. Cryptology, 32 (2019), 498-546. doi: 10.1007/s00145-018-9281-4. Google Scholar

[149]

J. Furukawa and H. Imai, An efficient group signature scheme from bilinear maps, Australasian Conference on Information Security and Privacy, 3574 (2005), 455-467. doi: 10.1007/11506157_38. Google Scholar

[150]

S. GalbraithJ. Malone-Lee and N. Smart, Public key signatures in the multi-user setting, Information Processing Letters, 83 (2002), 263-266. doi: 10.1016/S0020-0190(01)00338-6. Google Scholar

[151]

D. Galindo, Boneh-Franklin identity-based encryption revisited, Automata, Languages and Programming - ICALP 2005, LNCS, 3580 (2005), 791–802. doi: 10.1007/11523468_64. Google Scholar

[152]

D. Galindo and F. García, A Schnorr-like lightweight identity-based signature scheme, Progress in Cryptology - Africacrypt 2009, LNCS, 5580 (2009), 135–148. doi: 10.1007/978-3-642-02384-2_9. Google Scholar

[153]

S. Garg, C. Gentry and S. Halevi, Candidate multilinear maps from ideal lattices, Advances in Cryptology - Eurocrypt 2013, LNCS, 7881 (2013), 1–17. doi: 10.1007/978-3-642-38348-9_1. Google Scholar

[154]

S. Garg and D. Gupta, Efficient round optimal blind signatures, Advances in Cryptology - Eurocrypt 2014, LNCS, 8441 (2014), 477–495. doi: 10.1007/978-3-642-55220-5_27. Google Scholar

[155]

P. Gaži and U. Maurer, Cascade encryption revisited, Advances in Cryptology - Asiacrypt 2009, LNCS, 5912 (2009), 37–51. doi: 10.1007/978-3-642-10366-7_3. Google Scholar

[156]

R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle, Advances in Cryptology –– Eurocrypt 1999, LNCS, 1592 (1999), 123–139. doi: 10.1007/3-540-48910-X_9. Google Scholar

[157]

C. Gentry, S. Gorbunov and S. Halevi, Graph-induced multilinear maps from lattices, Theory of Cryptography Conference - TCC 2015, LNCS, 9015 (2015), 498–527. doi: 10.1007/978-3-662-46497-7_20. Google Scholar

[158]

C. Gentry, D. Molnar and Z. Ramzan, Efficient designated confirmer signatures without random oracles or general zero-knowledge proofs, Advances in Cryptology - Asiacrypt 2005, LNCS, 3788 (2005), 662–681. doi: 10.1007/11593447_36. Google Scholar

[159]

F. Giacon, E. Kiltz and B. Poettering, Hybrid encryption in a multi-user setting, revisited, Public Key Cryptography - PKC 2018, LNCS, 10769 (2018), 159–189. Google Scholar

[160]

H. GilbertM. Robshaw and H. Sibert, Active attack against HB+: A provably secure lightweight authentication protocol, Electronics Letters, 41 (2005), 1169-1170. doi: 10.1049/el:20052622. Google Scholar

[161]

O. Goldreich, On post-modern cryptography, available at http://eprint.iacr.org/2006/461.Google Scholar

[162]

S. Goldwasser and M. Bellare, Lecture Notes on Cryptography, , July 2008, available at http://cseweb.ucsd.edu/mihir/papers/gb.pdf.Google Scholar

[163]

S. Goldwasser and Y. Kalai, Cryptographic assumptions: A position paper, Theory of Cryptography Conference, 9562 (2016), 505–522, available at http://eprint.iacr.org/2015/907. doi: 10.1007/978-3-662-49096-9_21. Google Scholar

[164]

S. Goldwasser, S. Micali and R. Rivest, A "paradoxical" solution to the signature problem, Proc. 25th Annual IEEE Symposium on the Foundations of Computer Science - FOCS 1984, 1984, 441–448. doi: 10.1109/SFCS.1984.715946. Google Scholar

[165]

S. Goldwasser and E. Waisbard, Transformation of digital signature schemes into designated confirmer signature schemes, Theory of Cryptography Conference - TCC 2004, LNCS, 2951 (2004), 77–100. doi: 10.1007/978-3-540-24638-1_5. Google Scholar

[166]

B. Gong and Y. Zhao, Cryptanalysis of RLWE-based one-pass authenticated key exchange, Post-Quantum Cryptography - PQCrypto 2017, LNCS, 10346 (2017), 163–183. Google Scholar

[167]

R. Granger, On the static Diffie-Hellman problem on elliptic curves over extension fields, Advances in Cryptology - Asiacrypt 2010, LNCS, 6477 (2010), 283–302. doi: 10.1007/978-3-642-17373-8_17. Google Scholar

[168]

J. Groth, Cryptography in subgroups of $Z_n^*$, Theory of Cryptography Conference - TCC 2005, LNCS, 3378 (2006), 50–65. doi: 10.1007/978-3-540-30576-7_4. Google Scholar

[169]

P. Grubbs, R. McPherson, M. Naveed, T. Ristenpart and V. Shmatikov, Breaking web applications built on top of encrypted data, Proc. 2016 ACM SIGSAC Conference on Computer and Communications Security -CCS '16, 2016, 1353–1364. doi: 10.1145/2976749.2978351. Google Scholar

[170]

P. Grubbs, T. Ristenpart and V. Shmatikov, Why your encrypted database is not secure, Proc. 16th Workshop on Hot Topics in Operating Systems - HotOS 2017, ACM, 2017, 162–168. doi: 10.1145/3102980.3103007. Google Scholar

[171]

S. Halevi, An observation regarding Jutla's modes of operation, available at http://eprint.iacr.org/2001/015.Google Scholar

[172]

S. Halevi, A plausible approach to computer-aided cryptographic proofs, available at http://eprint.iacr.org/2005/181.Google Scholar

[173]

S. Halevi and H. Krawczyk, Public-key cryptography and password protocols, Proc. 5th ACM Conference on Computer and Communications Security - CCS '98, 1998, 122–131. doi: 10.1145/288090.288118. Google Scholar

[174]

S. Halevi and P. Rogaway, A parallelizable enciphering mode, Topics in Cryptology - CT-RSA 2004, LNCS, 2964 (2004), 292–304. doi: 10.1007/978-3-540-24660-2_23. Google Scholar

[175]

C. Hanser and D. Slamanig, Structure-preserving signatures on equivalence classes and their application to anonymous credentials, Advances in Cryptology - Asiacrypt 2014, LNCS, 8873 (2014), 491–511. doi: 10.1007/978-3-662-45611-8_26. Google Scholar

[176]

C. Herley and P. van Oorschot, SoK: Science, security and the elusive goal of security as a scientific pursuit, Proc. 2017 IEEE Symposium on Security and Privacy, 2017, 99–120. doi: 10.1109/SP.2017.38. Google Scholar

[177]

G. Herold, Polly cracker, revisited, revisited, Public Key Cryptography - PKC 2012, LNCS, 7293 (2012), 17–33. doi: 10.1007/978-3-642-30057-8_2. Google Scholar

[178]

S. Heyse, E. Kiltz, V. Lyubashevsky, C. Paar and K. Pietrzak, Lapin: An efficient authentication protocol based on ring-LPN, Fast Software Encryption - FSE 2012, LNCS, 7549 (2012), 346–365. doi: 10.1007/978-3-642-34047-5_20. Google Scholar

[179]

D. Hofheinz, K. Hövelmanns and E. Kiltz, A modular analysis of the Fujisaki-Okamoto transformation, Theory of Cryptography Conference - TCC 2017, LNCS, 10677 (2017), 341–371. Google Scholar

[180]

D. Hofheinz, K. Hövelmanns and E. Kiltz, A modular analysis of the Fujisaki-Okamoto transformation, Theory of Cryptography Conference, 10677 (2017), 341–371, available at http://eprint.iacr.org/2017/604. doi: 10.1007/978-3-319-70500-2_12. Google Scholar

[181]

T. Holenstein, R. Künzler and S. Tessaro, The equivalence of the random oracle model and the ideal cipher model, revisited, Proc. 43rd Annual ACM Symposium on Theory of Computing - STOC 2011, 2011, 89–98. doi: 10.1145/1993636.1993650. Google Scholar

[182]

Y. Hu and H. Jia, Cryptanalysis of GGH map, Advances in Cryptology - Eurocrypt 2016, LNCS, 9665 (2016), 537–565. doi: 10.1007/978-3-662-49890-3_21. Google Scholar

[183]

Y. Huang, F. Liu and B. Yang, Public-key cryptography from new multivariate quadratic assumptions, Public Key Cryptography - PKC 2012, LNCS, 7293 (2012), 190–205. doi: 10.1007/978-3-642-30057-8_12. Google Scholar

[184]

Z. Huang, S. Liu and B. Qin, Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited, Public Key Cryptography - PKC 2013, LNCS, 7778 (2013), 369–385. doi: 10.1007/978-3-642-36362-7_23. Google Scholar

[185]

D. Huff, How to Lie with Statistics, W. W. Norton, 1954.Google Scholar

[186]

E. Hufschmitt and J. Traoré, Fair blind signatures revisited, Pairing-Based Cryptography - Pairing 2007, LNCS, 4575 (2007), 268–292. doi: 10.1007/978-3-540-73489-5_14. Google Scholar

[187]

A. Hülsing, J. Rijnveld and F. Song, Mitigating multi-target attacks in hash-based signatures, Public Key Cryptography - PKC 2016, LNCS, 9614 (2016), 387–416. doi: 10.1007/978-3-662-49384-7_15. Google Scholar

[188]

J. Hwang, D. Lee and M. Yung, Universal forgery of the identity-based sequential aggregate signature scheme, Proc. 4th International Symposium on Information, Computer and Communications Security - ASIA CCS 2009, ACM, 2009, 157–160.Google Scholar

[189]

Y. Hwang and P. Lee, Public key encryption with conjunctive keyword search and its extension to a multi-user system, Pairing-Based Cryptography - Pairing 2007, LNCS, 4575 (2007), 2–22. doi: 10.1007/978-3-540-73489-5_2. Google Scholar

[190]

A. Inoue, T. Iwata, K. Minematsu and B. Poettering, Cryptanalysis of OCB2: Attacks on authenticity and confidentiality, available at http://eprint.iacr.org/2017/604.Google Scholar

[191]

A. Ishida, Y. Sakai, K. Emura, G. Hanaoka and K. Tanaka, Proper usage of the group signature scheme in ISO/IEC 20008-2, available at http://eprint.iacr.org/2019/284.Google Scholar

[192]

ISO/IEC 19772: 2009, Information Technology - Security Techniques - Authenticated Encryption, 2009.Google Scholar

[193]

T. Iwata, K. Ohashi and K. Minematsu, Breaking and repairing GCM security proofs, Advances in Cryptology - Crypto 2012, LNCS, 7417 (2012), 31–49. doi: 10.1007/978-3-642-32009-5_3. Google Scholar

[194]

M. Jakobsson and D. Pointcheval, Mutual authentication for low-power mobile devices, Financial Cryptography - FC 2001, LNCS, 2339 (2001), 178–195. doi: 10.1007/3-540-46088-8_17. Google Scholar

[195]

A. Jha and M. Nandi, Revisiting structure graphs: Applications to CBC-MAC and EMAC, J. Math. Cryptology, 10 (2016), 157-180. doi: 10.1515/jmc-2016-0030. Google Scholar

[196]

A. Jha and M. Nandi, On rate-1 and beyond-the-birthday bound secure online ciphers using tweakable block ciphers, Cryptography and Communications, 10 (2018), 731-753. doi: 10.1007/s12095-017-0275-0. Google Scholar

[197]

A. Joux, G. Martinet and F. Valette, Block-adaptive attackers: Revisiting the (in)security of some provably secure encryption modes: CBC, GEM, 1ACBC, Advances in Cryptology - Crypto 2002, LNCS, 2442 (2002), 17–30. doi: 10.1007/3-540-45708-9_2. Google Scholar

[198]

A. Juels and S. Weis, Authenticating pervasive devices with human protocols, Advances in Cryptology - Crypto 2005, LNCS, 3621 (2005), 293–308. doi: 10.1007/11535218_18. Google Scholar

[199]

S. Kakvi and E. Kiltz, Optimal security proofs for full domain hash, revisited, Advances in Cryptology - Eurocrypt 2012, LNCS, 7237 (2012), 537–553. doi: 10.1007/978-3-642-29011-4_22. Google Scholar

[200]

J. Katz, Letter to the editor, Notices of the Amer. Math. Soc., 54 (2007), 1454-1455. Google Scholar

[201]

J. Katz and Y. Lindell, Introduction to Modern Cryptography, 2nd edition, Chapman and Hall/CRC, 2015. Google Scholar

[202]

J. Katz and Y. Lindell, Aggregate message authentication codes, Topics in Cryptology - CT-RSA 2008, LNCS, 4964 (2008), 155–169. doi: 10.1007/978-3-540-79263-5_10. Google Scholar

[203]

E. Kiltz, D. Masny and J. Pan, Optimal security proofs for signatures from identification schemes, Advances in Cryptology - Crypto 2016, LNCS, 9815 (2016), 33–61. doi: 10.1007/978-3-662-53008-5_2. Google Scholar

[204]

A. H. KoblitzN. Koblitz and A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm shift, J. Number Theory, 131 (2011), 781-814. doi: 10.1016/j.jnt.2009.01.006. Google Scholar

[205]

N. Koblitz, The uneasy relationship between mathematics and cryptography, Notices of the Amer. Math. Soc., 54 (2007), 972-979. Google Scholar

[206]

N. Koblitz, Another look at automated theorem-proving, J. Math. Cryptology, 1 (2007), 385-403. doi: 10.1515/jmc.2007.020. Google Scholar

[207]

N. Koblitz, Another look at automated theorem-proving. Ⅱ, J. Math. Cryptology, 5 (2012), 205-224. doi: 10.1515/jmc-2011-0014. Google Scholar

[208]

N. Koblitz and A. Menezes, Another look at rovable security. Ⅱ, Progress in Cryptology - Indocrypt 2006, LNCS, 4329 (2006), 148–175. doi: 10.1007/11941378_12. Google Scholar

[209]

N. Koblitz and A. Menezes, Another look at rovable security, J. Cryptology, 20 (2007), 3-37. doi: 10.1007/s00145-005-0432-z. Google Scholar

[210]

N. Koblitz and A. Menezes, Another look at generic groups, Advances in Math. Communications, 1 (2007), 13-28. doi: 10.3934/amc.2007.1.13. Google Scholar

[211]

N. Koblitz and A. Menezes, Another look at non-standard discrete log and Diffie-Hellman problems, J. Math. Cryptology, 2 (2008), 311-326. doi: 10.1515/JMC.2008.014. Google Scholar

[212]

N. Koblitz and A. Menezes, The brave new world of bodacious assumptions in cryptography, Notices of the Amer. Math. Soc., 57 (2010), 357-365. Google Scholar

[213]

N. Koblitz and A. Menezes, Intractible problems in cryptography, Finite Fields: Theory and Applications, Contemporary Mathematics, 518 (2010), 279-300. doi: 10.1090/conm/518/10212. Google Scholar

[214]

N. Koblitz and A. Menezes, Another look at HMAC, J. Math. Cryptology, 7 (2013), 225-251. doi: 10.1515/jmc-2013-5004. Google Scholar

[215]

N. Koblitz and A. Menezes, Another look at non-uniformity, Groups Complexity Cryptology, 5 (2013), 117-139. doi: 10.1515/gcc-2013-0008. Google Scholar

[216]

N. Koblitz and A. Menezes, Another look at security definitions, Advances in Math. Communications, 7 (2013), 1-38. doi: 10.3934/amc.2013.7.1. Google Scholar

[217]

N. Koblitz and A. Menezes, Another look at security theorems for 1-key nested MACs, in Ç. Koç, ed., Open Problems in Mathematics and Computational Science, Springer-Verlag, 2014, 69–89. Google Scholar

[218]

N. Koblitz and A. Menezes, The random oracle model: A twenty-year retrospective, Designs, Codes and Cryptography, 77 (2015), 587-610. doi: 10.1007/s10623-015-0094-2. Google Scholar

[219]

H. Krawczyk, The order of encryption and authentication for protecting communications (or: How secure is SSL?), Advances in Cryptology - Crypto 2001, LNCS, 2139 (2001), 310–331. doi: 10.1007/3-540-44647-8_19. Google Scholar

[220]

H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol, Advances in Cryptology - Crypto 2005, LNCS, 3621 (2005), 546–566. doi: 10.1007/11535218_33. Google Scholar

[221]

S. Kunz-Jacques, G. Martinet, G. Poupard and J. Stern, Cryptanalysis of an efficient proof of knowledge of discrete logarithm, Public Key Cryptography - PKC 2006, LNCS, 3958 (2006), 27–43. doi: 10.1007/11745853_3. Google Scholar

[222]

K. Kurosawa and W. Ogata, Efficient Rabin-type digital signature scheme, Designs, Codes and Cryptography, 16 (1999), 53-64. doi: 10.1023/A:1008374325369. Google Scholar

[223]

M. Lacharité, Security of BLS and BGLS signatures in a multi-user setting, Cryptography and Communications, 10 (2018), 41-58. doi: 10.1007/s12095-017-0253-6. Google Scholar

[224]

P. Lafrance and A. Menezes, On the security of the WOTS-PRF signature scheme, Advances in Math. Communications, 13 (2019), 185-193. doi: 10.3934/amc.2019012. Google Scholar

[225]

L. LawA. MenezesM. QuJ. Solinas and S. Vanstone, An efficient protocol for authenticated key agreement, Designs, Codes and Cryptography, 28 (2003), 119-134. doi: 10.1023/A:1022595222606. Google Scholar

[226]

G. Leurent, M. Nandi and F. Sibleyras, Generic attacks against beyond-birthday-bound MACs, Advances in Cryptology - Crypto 2018, LNCS, 10991 (2018), 306–336. Google Scholar

[227]

B. Libert and J. Quisquater, Efficient signcryption with key privacy from gap Diffie-Hellman groups, Public Key Cryptography - PKC 2004, LNCS, 2947 (2004), 187–200. doi: 10.1007/978-3-540-24632-9_14. Google Scholar

[228]

B. Libert and J. Quisquater, Improved signcryption from $q$-Diffie-Hellman problems, Security in Communication Networks - SCN 2004, LNCS, 3352 (2004), 220–234. doi: 10.1007/978-3-540-30598-9_16. Google Scholar

[229]

E. List and M. Nandi, Revisiting full-prf-secure PMAC and using it for beyond-birthday authenticated encryption, Topics in Cryptology - CT-RSA 2017, LNCS, 10159 (2017), 258–274. Google Scholar

[230]

A. Luykx, B. Mennink and K. Paterson, Analyzing multi-key security degradation, Advances in Cryptology - Asiacrypt 2017, LNCS, 10625 (2017), 575–605. Google Scholar

[231]

C. Ma, Efficient short signcryption scheme with public verifiability, Information Security and Cryptology - Inscrypt 2006, LNCS, 4318 (2006), 118–129. doi: 10.1007/11937807_10. Google Scholar

[232]

C. MaJ. WengY. Li and R. Deng, Efficient discrete logarithm based multi-signature scheme in the plain public key model, Designs, Codes and Cryptography, 54 (2010), 121-133. doi: 10.1007/s10623-009-9313-z. Google Scholar

[233]

J. Manger, A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1 v2.0, Advances in Cryptology - Crypto 2001, LNCS, 2139 (2001), 230–238. doi: 10.1007/3-540-44647-8_14. Google Scholar

[234]

D. McGrew and S. Fluhrer, The security of the extended codebook (XCB) mode of operation, Selected Areas in Cryptography - SAC 2007, LNCS, 4876 (2007), 311–327. doi: 10.1007/978-3-540-77360-3_20. Google Scholar

[235]

D. McGrew and J. Viega, The security and performance of the Galois/Counter Mode (GCM) of operation, Progress in Cryptology - Indocrypt 2004, LNCS, 3348 (2004), 343–355. doi: 10.1007/978-3-540-30556-9_27. Google Scholar

[236]

A. Menezes, Another look at HMQV, J. Math. Cryptology, 1 (2007), 47-64. doi: 10.1515/JMC.2007.004. Google Scholar

[237]

A. Menezes, Another look at provable security, Invited talk at Eurocrypt 2012, available at http://www.cs.bris.ac.uk/eurocrypt2012/Program/Weds/Menezes.pdf.Google Scholar

[238]

A. Menezes and N. Smart, Security of signature schemes in a multi-user setting, Designs, Codes and Cryptography, 33 (2004), 261-274. doi: 10.1023/B:DESI.0000036250.18062.3f. Google Scholar

[239]

A. Menezes and B. Ustaoglu, On the importance of public-key validation in the MQV and HMQV key agreement protocols, Progress in Cryptology - Indocrypt 2006, LNCS, 4329 (2006), 133–147. doi: 10.1007/11941378_11. Google Scholar

[240]

K. Minematsu, Parallelizable rate-1 authenticated encryption from pseudorandom functions, Advances in Cryptology - Eurocrypt 2014, LNCS, 8441 (2014), 275–292. doi: 10.1007/978-3-642-55220-5_16. Google Scholar

[241]

B. Möller, T. Duong and K. Kotowicz, The POODLE bites: Exploiting the SSL 3.0 fallback, 2014, available at http://www.openssl.org/~bodo/ssl-poodle.pdf.Google Scholar

[242]

Y. Naito, Full prf-secure message authentication code based on tweakable block cipher, International Conference on Provable Security - ProvSec 2015, LNCS, 9451 (2015), 167–182. doi: 10.1007/978-3-319-26059-4_9. Google Scholar

[243]

Y. Naito, Improved security bound of LightMAC_Plus and its single-key variant, Topics in Cryptology - CT-RSA 2018, LNCS, 10808 (2018), 300–318. Google Scholar

[244]

M. Nandi, Forging attacks on two authenticated encryption schemes COBRA and POET, Advances in Cryptology - Asiacrypt 2014, LNCS, 8873 (2014), 126–140. doi: 10.1007/978-3-662-45611-8_7. Google Scholar

[245]

M. Nandi, XLS is not a strong pseudorandom permutation, Advances in Cryptology - Asiacrypt 2014, LNCS, 8873 (2014), 478–490. doi: 10.1007/978-3-662-45611-8_25. Google Scholar

[246]

M. Nandi and T. Pandit, On the security of joint signature and encryption revisited, J. Math. Cryptology, 10 (2016), 181-221. doi: 10.1515/jmc-2015-0060. Google Scholar

[247]

T. Okamoto, E. Fujisaki and H. Morita, TSH-ESIGN: Efficient digital signature scheme using trisection hash, submission to IEEE P1363a, 1998.Google Scholar

[248]

C. O'Neil, Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy, Crown, 2016. Google Scholar

[249]

O. Pandey and Y. Rouselakis, Property preserving symmetric encryption, Advances in Cryptology - Eurocrypt 2012, LNCS, 7237 (2012), 375–391.Google Scholar

[250]

D. Park, K. Kim and P. Lee, Public-key encryption with conjunctive keyword search, WISA 2004, LNCS, 3325 (2004), 73–86. doi: 10.1007/978-3-540-31815-6_7. Google Scholar

[251]

K. Paterson, T. Ristenpart and T. Shrimpton, Tag size does matter: Attacks and proofs for the TLS record protocol, Advances in Cryptology - Asiacrypt 2011, LNCS, 7073 (2011), 372–389. doi: 10.1007/978-3-642-25385-0_20. Google Scholar

[252]

C. Peikert, 19 February 2015 blog posting, http://web.eecs.umich.edu/ ~cpeikert/soliloquy.html.Google Scholar

[253]

C. Peikert, 24 May 2018 pqc-forum, http://groups.google.com/a/list.nist.gov/forum/#!topic/pqc-forum/7H6wv-Xrp18.Google Scholar

[254]

K. Pietrzak, A tight bound for EMAC, Automata, Languages and Programming. Part II - ICALP 2006, LNCS, 4052 (2006), 168–179. doi: 10.1007/11787006_15. Google Scholar

[255]

A. Pinto, B. Poettering and J. Schuldt, Multi-recipient encryption, revisited, Proc. 9th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '14, 2014, 229–238. doi: 10.1145/2590296.2590329. Google Scholar

[256]

R. Poddar, T. Boelter and R. Popa, Arx: A strongly encrypted database system, available at http://eprint.iacr.org/2016/591.Google Scholar

[257]

D. Pointcheval and J. Stern, Security arguments for digital signatures and blind signatures, J. Cryptology, 13 (2000), 361-396. doi: 10.1007/s001450010003. Google Scholar

[258]

R. Popa and N. Zeldovich, Multi-key searchable encryption, available at http://eprint.iacr.org/2013/508.Google Scholar

[259]

O. Regev, On lattices, Learning with errors, random linear codes, and cryptography, Journal of the ACM, 56 (2009), Art. 34, 40 pp. doi: 10.1145/1568318.1568324. Google Scholar

[260]

T. Ristenpart and P. Rogaway, How to enrich the message space of a cipher, Fast Software Encryption - FSE 2007, LNCS, 4593 (2007), 101–118. doi: 10.1007/978-3-540-74619-5_7. Google Scholar

[261]

P. Rogaway, Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC, Advances in Cryptology - Asiacrypt 2004, LNCS, 3329 (2004), 16–31. doi: 10.1007/978-3-540-30539-2_2. Google Scholar

[262]

P. RogawayM. Bellare and J. Black, OCB: A block-cipher mode of operation for efficient authenticated encryption, ACM Transactions on Information and System Security, 6 (2003), 365-403. Google Scholar

[263]

P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem, Advances in Cryptology - Eurocrypt 2006, LNCS, 4004 (2006), 373–390. doi: 10.1007/11761679_23. Google Scholar

[264]

F. Salmon, Recipe for disaster: The formula that killed Wall Street, Wired Magazine, 17 (2009).Google Scholar

[265]

P. Sarkar, Pseudo-random functions and parallelizable modes of operations of a block cipher, IEEE Transactions on Information Theory, 56 (2010), 4025-4037. doi: 10.1109/TIT.2010.2050921. Google Scholar

[266]

C.-P. Schnorr, Efficient identification and signatures for smart cards, Advances in Cryptology - Crypto 1989, LNCS, 435 (1990), 239–252. doi: 10.1007/0-387-34805-0_22. Google Scholar

[267]

D. Schröder and D. Unruh, Security of blind signatures revisited, J. Cryptology, 30 (2017), 470-494. doi: 10.1007/s00145-015-9225-1. Google Scholar

[268]

W. Schroé, B. Mennink, E. Andreeva and B. Preneel, Forgery and subkey recovery on CAESAR candidate iFeed, Selected Areas in Cryptography - SAC 2015, LNCS, 9566 (2015), 197–204. doi: 10.1007/978-3-319-31301-6_11. Google Scholar

[269]

J. Seo and K. Emura, Revocable identity-based encryption revisited: Security model and construction, Public Key Cryptography - PKC 2013, LNCS, 7778 (2013), 216–234. doi: 10.1007/978-3-642-36362-7_14. Google Scholar

[270]

J. Shao and Z. Cao, CCA-secure proxy re-encryption without pairings, Public Key Cryptography - PKC 2009, LNCS, 5443 (2009), 357–376. doi: 10.1007/978-3-642-00468-1_20. Google Scholar

[271]

V. Shoup, Lower bounds for discrete logarithms and related problems, Advances in Cryptology - Eurocrypt 1997, LNCS, 1233 (1997), 256–266. doi: 10.1007/3-540-69053-0_18. Google Scholar

[272]

V. Shoup, Why chosen ciphertext security matters, IBM Research Report RZ 3076 (#93122), 23 November 1998.Google Scholar

[273]

V. Shoup, OAEP reconsidered, J. Cryptology, 15 (2002), 223-249. doi: 10.1007/s00145-002-0133-9. Google Scholar

[274]

V. Shoup, ISO/IEC 18033-2: 2006, Information Technology - Security Techniques - Encryption Algorithms - Part 2: Asymmetric Ciphers, 2006; final draft available at http://www.shoup.net/iso/std6.pdf.Google Scholar

[275]

A. Sidorenko and B. Schoenmakers, Concrete security of the Blum-Blum-Shub pseudorandom generator, Cryptography and Coding 2005, LNCS, 3796 (2005), 355–375. doi: 10.1007/11586821_24. Google Scholar

[276]

B. Snow, Telephone conversation with N. Koblitz, 7 May 2009.Google Scholar

[277]

A. Sokal, Transgressing the boundaries: Toward a transformative hermeneutics of quantum gravity, Social Text, 1996, 217–252. doi: 10.2307/466856. Google Scholar

[278]

D. Soldera, J. Seberry and C. Qu, The analysis of Zheng-Seberry scheme, ACISP 2002, LNCS, 2384 (2002), 159–168. doi: 10.1007/3-540-45450-0_13. Google Scholar

[279]

P. Soundararajan, Non-Constructivity in Security Proofs, Master's thesis, University of Waterloo, 2018.Google Scholar

[280]

J. Stern, D. Pointcheval, J. Malone-Lee and N. Smart, Flaws in applying proof methodologies to signature schemes, Advances in Cryptology - Crypto 2002, LNCS, 2442 (2002), 93–110. doi: 10.1007/3-540-45708-9_7. Google Scholar

[281]

J. Stillwell, Mathematics and Its History, 2nd ed., Springer-Verlag, 2002. doi: 10.1007/978-1-4684-9281-1. Google Scholar

[282]

C. Tan, On the security of signcryption scheme with key privacy, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E88-A (2005), 1093-1095. doi: 10.1016/j.ipl.2006.01.015. Google Scholar

[283]

C. Tan, Analysis of improved signcryption scheme with key privacy, Information Processing Letters, 99 (2006), 135-138. doi: 10.1016/j.ipl.2006.01.015. Google Scholar

[284]

C. Tan, Security analysis of signcryption scheme from $q$-Diffie-Hellman problems, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E89-A (2006), 206-208. doi: 10.1093/ietfec/e89-a.1.206. Google Scholar

[285]

C. Tan, Forgery of provable secure short signcryption scheme, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E90-A (2007), 1879-1880. doi: 10.1093/ietfec/e90-a.9.1879. Google Scholar

[286]

M. Tibouchi, Cryptographic multilinear maps: A status report, CRYPTREC-EX-2603-2016, January 2017, available at http://www.cryptrec.go.jp/estimation/cryptrec-ex-2603-2016.pdf.Google Scholar

[287]

S. Vaudenay, Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS, Advances in Cryptology - Eurocrypt 2002, LNCS, 2332 (2002), 534–545. doi: 10.1007/3-540-46035-7_35. Google Scholar

[288]

U. V. Vazirani and V. V. Vazirani, Efficient and secure pseudo-random number generation, Proc. 25th Annual IEEE Symposium on the Foundations of Computer Science - FOCS 1984, 1984, 458–463. doi: 10.1109/SFCS.1984.715948. Google Scholar

[289]

D. Wikström, Designated confirmer signatures revisited, Theory of Cryptography Conference - TCC 2007, LNCS, 4392 (2007), 342–361. doi: 10.1007/978-3-540-70936-7_19. Google Scholar

[290]

D. Wong and A. Chan, Efficient and mutually authenticated key exchange for low power computing devices, Advances in Cryptology - Asiacrypt 2001, LNCS, 2248 (2001), 272–289. doi: 10.1007/3-540-45682-1_17. Google Scholar

[291]

, Xbox 360 timing attack, http://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack.Google Scholar

[292]

L. Xi, K. Yang, Z. Zhang and D. Feng, DAA-related APIs in TPM 2.0 revisited, Trust and Trustworthy Computing - Trust 2014, LNCS, 8564 (2014), 1–18. doi: 10.1007/978-3-319-08593-7_1. Google Scholar

[293]

B. Yang, C. Chen, D. Bernstein and J. Chen, Analysis of QUAD, Fast Software Encryption - FSE 2007, LNCS, 4593 (2007), 290–308. doi: 10.1007/978-3-540-74619-5_19. Google Scholar

[294]

G. Yang, D. Wong and X. Deng, Analysis and improvement of a signcryption scheme with key privacy, Information Security - ISC 2005, LNCS, 3650 (2005), 218–232. doi: 10.1007/11556992_16. Google Scholar

[295]

A. Young and M. Yung, Malicious Cryptography: Exposing Cryptovirology, Wiley, 2004.Google Scholar

[296]

G. M. Zaverucha, Hybrid encryption in the multi-user setting, available at http://eprint.iacr.org/2012/159.Google Scholar

[297]

L. Zhang, W. Hu, H. Sui and P. Wang, iFeed[AES] v1, submission to CAESAR competition., Available at https://competitions.cr.yp.to/round1/ifeedaesv1.pdf.Google Scholar

[298]

J. Zhang, Z. Zhang, J. Ding, M. Snook and Ö. Dagdelen, Authenticated key exchange from ideal lattices, Advances in Cryptology - Eurocrypt 2015, LNCS, 9057 (2015), 719–751. doi: 10.1007/978-3-662-46803-6_24. Google Scholar

Table 1.  Major provable security claims found to have fallacies in the proofs
Type of protocol Paper with purported proof Paper explaining fallacy
1) Public key encryption padding (OAEP) Bellare-Rogaway Eurocrypt 1994 [46] Shoup 2002 [273]
2) Signature schemes Coron Eurocrypt 2002 [116] Kakvi-Kiltz 2012 [199]
3) Identity-based encryption Boneh-Franklin SIAM J. Comp. 2003 [69] Galindo 2005 [151]
4) Authenticated encryption (GCM) McGrew-Viega Indocrypt 2004 [235] Iwata-Ohashi-Minematsu 2012 [193]
5) Key agreement (HMQV) Krawczyk Crypto 2005 [220] Menezes 2007 [236]
6) Message authentication codes (CBC-MAC and EMAC) Bellare-Pietrzak-Rogaway Crypto 2005 [44] and Pietrzak ICALP 2006 [254] Jha-Nandi 2016 [195]
7) Triple encryption Bellare-Rogaway Eurocrypt 2006 [47] Gaži-Maurer 2009 [155]
8) Symmetric encryption (XLS) Ristenpart-Rogaway FSE 2007 [260] Nandi 2014 [245]
9) Tweakable encryption McGrew-Fluhrer SAC 2007 [234] Chakraborty–Hernández-Jiménez–Sarkar 2015 [90]
10) Random oracles and Ideal ciphers Coron-Patarin-Seurin Crypto 2008 [125] Holenstein-Künzler-Tessaro 2011 [181]
Type of protocol Paper with purported proof Paper explaining fallacy
1) Public key encryption padding (OAEP) Bellare-Rogaway Eurocrypt 1994 [46] Shoup 2002 [273]
2) Signature schemes Coron Eurocrypt 2002 [116] Kakvi-Kiltz 2012 [199]
3) Identity-based encryption Boneh-Franklin SIAM J. Comp. 2003 [69] Galindo 2005 [151]
4) Authenticated encryption (GCM) McGrew-Viega Indocrypt 2004 [235] Iwata-Ohashi-Minematsu 2012 [193]
5) Key agreement (HMQV) Krawczyk Crypto 2005 [220] Menezes 2007 [236]
6) Message authentication codes (CBC-MAC and EMAC) Bellare-Pietrzak-Rogaway Crypto 2005 [44] and Pietrzak ICALP 2006 [254] Jha-Nandi 2016 [195]
7) Triple encryption Bellare-Rogaway Eurocrypt 2006 [47] Gaži-Maurer 2009 [155]
8) Symmetric encryption (XLS) Ristenpart-Rogaway FSE 2007 [260] Nandi 2014 [245]
9) Tweakable encryption McGrew-Fluhrer SAC 2007 [234] Chakraborty–Hernández-Jiménez–Sarkar 2015 [90]
10) Random oracles and Ideal ciphers Coron-Patarin-Seurin Crypto 2008 [125] Holenstein-Künzler-Tessaro 2011 [181]
[1]

Neal Koblitz, Alfred Menezes. Another look at security definitions. Advances in Mathematics of Communications, 2013, 7 (1) : 1-38. doi: 10.3934/amc.2013.7.1

[2]

Isabelle Déchène. On the security of generalized Jacobian cryptosystems. Advances in Mathematics of Communications, 2007, 1 (4) : 413-426. doi: 10.3934/amc.2007.1.413

[3]

Florian Luca, Igor E. Shparlinski. On finite fields for pairing based cryptography. Advances in Mathematics of Communications, 2007, 1 (3) : 281-286. doi: 10.3934/amc.2007.1.281

[4]

Diego F. Aranha, Ricardo Dahab, Julio López, Leonardo B. Oliveira. Efficient implementation of elliptic curve cryptography in wireless sensors. Advances in Mathematics of Communications, 2010, 4 (2) : 169-187. doi: 10.3934/amc.2010.4.169

[5]

Andreas Klein. How to say yes, no and maybe with visual cryptography. Advances in Mathematics of Communications, 2008, 2 (3) : 249-259. doi: 10.3934/amc.2008.2.249

[6]

Gerhard Frey. Relations between arithmetic geometry and public key cryptography. Advances in Mathematics of Communications, 2010, 4 (2) : 281-305. doi: 10.3934/amc.2010.4.281

[7]

Gérard Maze, Chris Monico, Joachim Rosenthal. Public key cryptography based on semigroup actions. Advances in Mathematics of Communications, 2007, 1 (4) : 489-507. doi: 10.3934/amc.2007.1.489

[8]

Jintai Ding, Sihem Mesnager, Lih-Chung Wang. Letters for post-quantum cryptography standard evaluation. Advances in Mathematics of Communications, 2020, 14 (1) : i-i. doi: 10.3934/amc.2020012

[9]

Archana Prashanth Joshi, Meng Han, Yan Wang. A survey on security and privacy issues of blockchain technology. Mathematical Foundations of Computing, 2018, 1 (2) : 121-147. doi: 10.3934/mfc.2018007

[10]

Philip Lafrance, Alfred Menezes. On the security of the WOTS-PRF signature scheme. Advances in Mathematics of Communications, 2019, 13 (1) : 185-193. doi: 10.3934/amc.2019012

[11]

Riccardo Aragona, Alessio Meneghetti. Type-preserving matrices and security of block ciphers. Advances in Mathematics of Communications, 2019, 13 (2) : 235-251. doi: 10.3934/amc.2019016

[12]

Lidong Chen, Dustin Moody. New mission and opportunity for mathematics researchers: cryptography in the quantum era. Advances in Mathematics of Communications, 2020, 14 (1) : 161-169. doi: 10.3934/amc.2020013

[13]

Jian Mao, Qixiao Lin, Jingdong Bian. Application of learning algorithms in smart home IoT system security. Mathematical Foundations of Computing, 2018, 1 (1) : 63-76. doi: 10.3934/mfc.2018004

[14]

Liqun Qi, Zheng yan, Hongxia Yin. Semismooth reformulation and Newton's method for the security region problem of power systems. Journal of Industrial & Management Optimization, 2008, 4 (1) : 143-153. doi: 10.3934/jimo.2008.4.143

[15]

Meenakshi Kansal, Ratna Dutta, Sourav Mukhopadhyay. Group signature from lattices preserving forward security in dynamic setting. Advances in Mathematics of Communications, 2019, 0 (0) : 0-0. doi: 10.3934/amc.2020027

[16]

Zongmin Li, Jiuping Xu, Wenjing Shen, Benjamin Lev, Xiao Lei. Bilevel multi-objective construction site security planning with twofold random phenomenon. Journal of Industrial & Management Optimization, 2015, 11 (2) : 595-617. doi: 10.3934/jimo.2015.11.595

[17]

Jose-Luis Roca-Gonzalez. Designing dynamical systems for security and defence network knowledge management. A case of study: Airport bird control falconers organizations. Discrete & Continuous Dynamical Systems - S, 2015, 8 (6) : 1311-1329. doi: 10.3934/dcdss.2015.8.1311

[18]

Shuai Ren, Tao Zhang, Fangxia Shi, Zongzong Lou. The application of improved-DAA for the vehicle network node security in single- and multi-trusted domain. Discrete & Continuous Dynamical Systems - S, 2015, 8 (6) : 1301-1309. doi: 10.3934/dcdss.2015.8.1301

[19]

Yang Lu, Jiguo Li. Forward-secure identity-based encryption with direct chosen-ciphertext security in the standard model. Advances in Mathematics of Communications, 2017, 11 (1) : 161-177. doi: 10.3934/amc.2017010

2018 Impact Factor: 0.879

Metrics

  • PDF downloads (144)
  • HTML views (396)
  • Cited by (0)

Other articles
by authors

[Back to Top]