Witness encryption is a cryptographic primitive which encrypts a message under an instance of an NP language and decrypts the ciphertext using a witness associated with that instance. In the current state of the art, most of the witness encryption construc ...
In the digital era, users share their personal data with service providers to obtain some utility, e.g., access to high-quality services. Yet, the induced information flows raise privacy and integrity concerns. Consequently, cautious users may want to prot ...
Time travel has always been a fascinating topic in literature and physics. In cryptography, one may wonder how to keep data confidential for some time. In this dissertation, we will study how to make private information travel to the future. This dissertat ...
The social demand for email end-to-end encryption is barely supported by mainstream service providers. Autocrypt is a new community -driven open specification for e-mail encryption that attempts to respond to this demand. In Autocrypt the encryption keys a ...
We present two variants of OMD which are robust against nonce misuse. Security of OMD---a CAESAR candidate---relies on the assumption that implementations always ensure correct use of nonce (a.k.a. message number); namely that, the nonce never gets repeate ...
We introduce the notion of forgery-resilience for digital signature schemes, a new paradigm for digital signature schemes exhibiting desirable legislative properties. It evolves around the idea that, for any message, there can only be a unique valid signat ...
In this paper, we revisit the construction of fail-stop signatures from the factoring assumption. These signatures were originally proposed to provide information-theoretic-based security against forgeries. In contrast to classical signature schemes, in wh ...
This paper is devoted to the design and analysis of short undeniable signatures based on a random oracle. Exploiting their online property, we can achieve signatures with a fully scalable size depending on the security level. To this end, we develop a gene ...
We analyze the security of a fingerprinting scheme proposed at IWDW 2005. We show two results, namely that this scheme (1) does not provide seller security: a dishonest buyer can repudiate the fact that he redistributed a content, and (2) does not provide ...
New trends in consumer electronics have created a strong demand for fast, reliable and user-friendly key agreement protocols. However, many key agreement protocols are secure only against passive attacks. Therefore, message authentication is often unavoida ...
Digital signatures are one of the main achievements of public-key cryptography and constitute a fundamental tool to ensure data authentication. Although their universal verifiability has the advantage to facilitate their verification by the recipient, this ...
