[PDF] Top 20 Verifiable Random Functions from Standard Assumptions

... a standard, constant-size assumption (like the decision-linear assumption, for example) is a long-standing open problem, posed for example in [28, ...Q-type assumptions, which means that a security proof ... See full document

... for all other x in the domain, F(k, x) should be indistinguishable from random. This way of partially delegating the PRF evaluation, results in interesting applications like broadcast encryption with ... See full document

... indistinguishable from a proper one) or using a NIZK ...a standard model NIZK, security would be impossible in our model as NIZK’s require a common reference string (CRS) and this is unavailable in the ... See full document

... drawn from previ- ous works, specifically, code-voting and double ballots from [7], and secret-sharing homomorphisms from [8], but also introduces a number of novel elements that enable us to prove ... See full document

... ` from the set Primes(2λ) instead of Primes(λ); otherwise there is a ˜ O(2 λ/2 ) time attack on the non-interactive succinct ...` from Primes(2λ) makes the attack time ˜ O(2 λ ), which is ...the ... See full document

... machine that is used in the response to the key generation query whose random integer τ is equal to τ ∗ . Due to the change introduced in Game 3, there is a unique key generation query that satisfies this. Because ... See full document

... q. From the theoretical stand-point, we currently have two main techniques for obtaining fully secure IBE from standard assumptions: random partitioning [28] and dual system encryption ... See full document

... Applications of EQS. The first application of EQS was to anonymous (attribute-based) credentials [CL03, CL04, BCKL08, BCC + 09, Fuc11], yielding the first construction for which the cost of showing a credential is ... See full document

... parameter from T to T /2 at the cost of having two instead just one statement to ...the random exponent r) if the original statement was wrong, no matter what µ the malicious prover did ... See full document

... there are plenty of noisy sources, which possess high entropy and provide similar but not identical reading at each enrollment. Such sources include biometrics like fingerprint, iris, face and voice [9,17,19,20], ... See full document

... starting from structure-preserving signatures is that we can obtain efficient protocols that are secure under standard cryptographic assumptions without the use of random ...the random ... See full document

... on random oracles (ROs); constructions in [CS06a, CS06b] with selective security and with- out ROs; constant-size ciphertext IBBE schemes selectively secure (with and without ROs) proposed by Delerablee [Del07]; ... See full document

... The security of HMAC is proven under the assumption that its compression function is a dual PRF, meaning a PRF when keyed by either of its two inputs. But, not only do we not know whether particular compression ... See full document

... be random, going beyond the Markovian framework and leading to the random upper and lower value ...the standard Lipschitz continuity assumptions on the coefficients, the upper and lower value ... See full document

... To pursue tight security reduction, the ` hybrid arguments have to be avoided. To this end, we enhance the IND-tCCCA security and consider the pseudorandomness for multiple pairs even when a constrained decryption oracle ... See full document

... ideal random invertible permutation model. Unfortunately, unlike for random oracles, there is no standard cryptographic object which could be used to directly instantiate random invertible ... See full document

... simple assumptions with only 11 group elements per ...extended random-message (XRMA) ...signs random groups elements of its choice, it is allowed to know their discrete ...tag from one to ... See full document

... a random coin used for generating a secret ...and random coins used in the key generation algorithm in the definition of RSO-CPA ...and random coins, it seems that we need key simulatability [9, 17] ... See full document

... non-interactive verifiable out- sourced computation based on FHE without using garble circuit, which eliminat- ed the large public key from Gennaro et ...several random inputs in the offline ... See full document

... the functions of public key encryption and digital ...novel verifiable authenticated encryp- tion (VAE) scheme with the functionality of recipient ...the random oracle proof ... See full document