We show that the signer can abuse the disavowal protocol in the Jakobsson-Sako-Impagliazzo designated-verifier signature scheme. In addition, we identify a new security property—non-delegatability—that is essential for designated-verifier signatures, and show that several previously proposed designated-verifier schemes are delegatable. We give a rigorous formalisation of the security for design...

Ring signature was proposed to keep signer’s anonymity when it signs messages on behalf of a “ring” of possible signers. In this paper, we propose a novel notion of ring signature which is called attributebased ring signature. In this kind of signature, it allows the signer to sign message with its attributes from attribute center. All users that possess of these attributes form a ring. The ide...

We study the problem of interactively learning a binary classifier using noisylabeling and pairwise comparison oracles, where the comparison oracle answerswhich one in the given two instances is more likely to be positive. Learning fromsuch oracles has multiple applications where obtaining direct labels is harder butpairwise comparisons are easier, and the algorithm can leverage...

We study the problem of circuit obfuscation, i.e., transforming the circuit in a way that hides everything except its input-output behavior. Barak et al. showed that a universal obfuscator that obfuscates every circuit class cannot exist, leaving open the possibility of special-purpose obfuscators. Known positive results for obfuscation are limited to point functions (boolean functions that ret...

Even and Mansour [EM97] proposed a block cipher construction that takes a publicly computable random permutation oracle P and XORs different keys prior to and after applying P : C = k2 ⊕P (M ⊕ k1). They did not, however, describe how one could instantiate such a permutation securely. It is a fundamental open problem whether their construction could be proved secure outside the random permutatio...

The notion of circular security of pseudorandom functions (PRF) was introduced in Distance Bounding Protocols. So far, only a construction based on a random oracle model was proposed. Circular security stands between two new notions which we call Key Dependent Feedback (KDF) security and Leak security. So far, only a construction based on a random oracle was proposed. We give an algebraic const...

Encrypted key exchange protocol’s goal is to establish a high secure key used for further encryption and authentication through a low secure password. Most existing encrypted key exchange protocols either lack security proofs or rely on the Random Oracle model. Compared with those protocols based on the Random Oracle model, provable secure EKE (encrypted key exchange) protocols have heavier com...

We revisit the security of cryptographic primitives in the random-oracle model against attackers having a bounded amount of auxiliary information about the random oracle. This situation arises most naturally when an attacker carries out offline preprocessing to generate state (namely, auxiliary information) that is later used as part of an on-line attack, with perhaps the best-known example bei...

We present a new signature scheme which is existentially unforgeable under chosen message attacks, assuming some variant of the RSA conjecture. This scheme is not based on “signature trees”, and instead it uses the so called “hash-and-sign” paradigm. It is unique in that the assumptions made on the cryptographic hash function in use are well defined and reasonable (although non-standard). In pa...