[PDF] Top 20 On the Security of Two-Round Multi-Signatures

... The only room left by Theorem 1 are for a number of alternative proof approaches, but none of them look particularly hopeful. First, the theorem becomes moot when the OMDL problem turns out to be easy but the DL problem ... See full document

... general multi- signature scheme in the plain public key model, but also presented a detailed discussion of the knowledge-of-secret-key (KOSK) ...the security proofs for schemes such as ours are dramatically ... See full document

... Ideal functionalities and ideal protocols. Security of protocols is defined via comparing the protocol execution to an ideal protocol for carrying out the task at hand. A key ingredient in the ideal protocol is ... See full document

... Semi-Malicious Security. Following [AJLA + 12], we will actually prove that the above proto- col satisfies something called “semi-malicious” security which is stronger than honest-but-curious. Intuitively, ... See full document

... of two parts: Computational flow of AES includes various steps to complete its ...Add Round Key, Sub Bytes, Shift Rows and Mix Columns. The Add Round Key means plaintext is updated with the result of ... See full document

... The round complexity of multi-party ...the round-complexity of secure protocols, where by a round of communication we mean a single message transmission from one party to ...secure ... See full document

... CCA2 security in the multi-challenge-multi-user setting is almost tightly related to the DLIN assump- ...of two in [46,48]) if it is accompanied with a NIZK proof of knowledge of the plaintext ... See full document

... adaptive security [3] made the assumption that honest parties can securely erase local data ...secure two-party computation is much easier with the assumption of secure erasure [26] than without ... See full document

... rounds. Two main techniques were carried out as comparative and cumulative and it was observed that at each time ...of security present in information transformation resulting in a byte pattern which is not ... See full document

... and security guarantees of ...Each round in Π, corresponds to 3 operations/rounds in Φ - one for decrypting private messages sent over a broadcast channel, the second one for computing the next message ... See full document

... a round optimal (partially) blind signature scheme (without relying on the random oracle heuristic) based on the decisional linear assumption in the common reference string model, which is of independent ...vs. ... See full document

... (i.e., two-round) security assumptions ...the security assumption may have arbitrarily many rounds, then it becomes trivial to base security on such an assumption ...the security ... See full document

... In 2012, L ́opez-Alt et al. first proposed the concept of MKFHE, and con- struct a MKFHE scheme [LTV12] based on a variant NTRU public key cryp- tosystem [15], which is a variant of the original NTRU scheme in [16]. Its ... See full document

... The privacy in Definition 2.7 only states that the relation between the signature and the secret keys is hidden. In particular, an adversary can not determine which signer issued a signature. Another way to describe ... See full document

... Our security definition for DSSs is based on the repositories introduced in Sect. 3. Intuitively, the honest parties execute a protocol to construct from an insecure repository, in which the attacker has full ... See full document

... While making the analysis of the particular mixture clusters (Fig. 5) it was observed that the biggest impact on the course of the process was that of two elements agglo- merated in one cluster (barley and wheat); ... See full document

... The routine activity theory (Cohen and Felson 1979) is based on classic concepts of human ecology, and at the centre of this theory are routine activities in everyday life. Cohen and Felson argue that the routine ... See full document

... The mechanical properties of the multi-walled carbon nanotube (MWCNT)/epoxy composites affected by carboxyl and amino functionalized MWCNT are investigated. Tensile tests of the specimens were carried out to ... See full document

... the multi-signature generated by the set S , and the message ...signature. Security should ensure that a set of signers S 0 6⊇ S cannot issue a signature that will be accepted as if it were generated by S ... See full document

... way security is perceived, e.g. the perception of threats, preferred security policy measures, potential directions of seeking allies or ways of elimi- nating threats (Jakubczak and Flis ... See full document