law. On The Computational Power of DNA (2009)
Dan Boneh, Christopher Dunworth, Richard J. Lipton, Sgall Y
States Code) governs the making of photocopies or other reproductions of copyrighted materials. Under certain conditions specified in the law, libraries and archives are authorized to furnish a...
Signing a Linear Subspace: Signature Schemes for Network Coding (2009)
Dan Boneh, David Freeman, Jonathan Katz
Network coding offers increased throughput and improved robustness to random faults in completely decentralized networks. In contrast to traditional routing schemes, however, network coding requires...
Circular-Secure Encryption from Decision Diffie-Hellman (2009)
Dan Boneh, Shai Halevi, Mike Hamburg, Rafail Ostrovsky
Abstract. We describe a public-key encryption system that remains secure even encrypting messages that depend on the secret keys in use. In particular, it remains secure under a “key cycle ”...
Signing a Linear Subspace: Signature Schemes for Network Coding (2009)
Dan Boneh, David Freeman, Jonathan Katz, Brent Waters
Abstract. Network coding offers increased throughput and improved robustness to random faults in completely decentralized networks. In contrast to traditional routing schemes, however, network coding...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Abstract SANE: A Protection Architecture for Enterprise Networks (2009)
Martin Casado, Tal Garfinkel, Aditya Akella, Michael J. Freedman, Dan Boneh, Nick Mckeown, ...
Connectivity in today’s enterprise networks is regulated by a combination of complex routing and bridging policies, along with various interdiction mechanisms such as ACLs, packet filters, and...
The Design and Implementation of Protocol-Based Hidden Key Recovery (2008)
Eu-jin Goh, Dan Boneh, Benny Pinkas
Abstract. We show how to add key recovery to existing security protocols such as SSL/TLS and SSH without changing the protocol. Our key recovery designs possess the following novel features: (1) The...
Dan Boneh, Ben Lynn, Craig Gentry, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Short Signatures from the Weil Pairing (2008)
Dan Boneh, Ben Lynn, Hovav Shacham
We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. For standard security parameters, the signature length is...
Abstract Stronger Password Authentication Using Browser Extensions ∗ (2008)
We describe a browser extension, PwdHash, that transparently produces a different password for each site, improving web password security and defending against password phishing and other attacks....
Abstract Stronger Password Authentication Using Browser Extensions ∗ (2008)
We describe a browser extension, PwdHash, that transparently produces a different password for each site, improving web password security and defending against password phishing and other attacks....
Hovav Shacham, Eu-jin Goh, Nagendra Modadugu, Ben Pfaff, Dan Boneh
Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system...
We present a fully secure identity based encryption scheme whose proof of security does not rely on the random oracle heuristic. Security is based on the decisional bilinear Diffie-Hellman...
Abstract Remote Timing Attacks are Practical (2008)
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against...
Dan Boneh, Ben Lynn, Craig Gentry, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
AEGIS – Tamper Evident and Tamper Resistant Processing (2008)
G. Edward Suh, Dwaine Clarke, Marten Van Dijk, Srinivas Devadas, Tal Garfinkel, Ben Pfaff, ...
Trusted computing means that the computer will consistently behave in specific ways, and those behaviors will be enforced by hardware and software. Enlightened after reading the papers: Trusted...
Xiaoxin Chen, Tal Garfinkel, E. Christopher, Lewis Pratap, Subrahmanyam Carl, A. Waldspurger, ...
Commodity operating systems entrusted with securing sensitive data are remarkably large and complex, and consequently, frequently prone to compromise. To address this limitation, we introduce a...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Architectural Support for Copy and Tamper Resistant (2008)
David Lie Ch, Dan Boneh, John Mitchell, Mark Horowitz
Software
STANDARDS FOR EFFICIENT CRYPTOGRAPHY Review of SEC1: Elliptic Curve Cryptography (2008)
At the request of Certicom Research, I performed a review of the SEC standard for Elliptic Curve Cryptography. The attached review is based on a study of version 0.4 of the proposed standard dated...
Implementing the Halevi-Krawczyk Randomized Hashing Scheme (2008)
Shai Halevi, Weidong Shao, Hugo Krawczyk, Dan Boneh, Mike Mcintosh
The Halevi-Krawczyk randomized hashing scheme, also known as RMX, is designed to be used as a front-end to existing hash-then-sign signature schemes, such as RSA and DSS. RMX frees these signatures...
Dan Boneh, Ben Lynn, Craig Gentry, Hovav Shacham
We survey two recent signature constructions that support signature aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against...
Fast Variants of RSA Abstract (2008)
We survey three variants of RSA designed to speed up RSA decryption. These variants are backwards compatible in the sense that a system using one of these variants can interoperate with a system...
Group signatures have recently become important for enabling privacy-preserving attestation in projects such as Microsoft’s ngscb effort (formerly Palladium). Revocation is critical to the security...
Covert Channels in Privacy-Preserving Identification Systems (2008)
Daniel V. Bailey, Dan Boneh, Eu-jin Goh, Ari Juels
Abstract. We examine covert channels in privacy-enhanced mobile identification devices where the devices uniquely identify themselves to an authorized verifier. Such devices (e.g. RFID tags) are...
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption...
We present an algorithmic approach for speeding up SSL’s performance on a web server. Our approach improves the performance of SSL’s handshake protocol by up to a factor of 2.5 for 1024-bit RSA...
We show that many widely deployed email encryption systems reveal the identities of Blind-Carbon-Copy (BCC) recipients. For example, encrypted email sent using Microsoft Outlook completely exposes...
Reducing Shoulder-surfing by Using Gaze-based Password Entry (2008)
Manu Kumar, Tal Garfinkel, Dan Boneh, Terry Winograd
Shoulder-surfing – using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information – is a problem that has been...
Breaking RSA May Be Easier Than Factoring (Extended Abstract) (2008)
Dan Boneh, Ramarathnam Venkatesan
We provide evidence that breaking low-exponent rsa cannot be equivalent to factoring integers. We show that an algebraic reduction from factoring to breaking low-exponent rsa can be converted into an...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Group signatures have recently become important for enabling privacy-preserving attestation in projects such as Microsoft’s ngscb effort (formerly Palladium). Revocation is critical to the security...
Felipe Saint-jean, Aaron Johnson, Joan Feigenbaum, Dan Boneh
Web search is currently a source of growing concern about personal privacy. It is an essential and central part of most users ’ activity online and therefore one through which a significant amount...
Improving SSL Handshake Performance via (2008)
Abstract. We present an algorithmic approach for speeding up SSL’s performance on a web server. Our approach improves the performance of SSL’s handshake protocol by up to a factor of 2.5 for...
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption...
Public Key Encryption with keyword (2008)
Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky
We study the problem of searching on data that is encrypted using a public key system. Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email gateway wants to...
Contemporary Mathematics Applications of Multilinear Forms to Cryptography (2008)
This paper is dedicated to the memory of Ruth I. Michler Abstract. We study the problem of finding efficiently computable non-degenerate multilinear maps from G n 1 to G2, where G1 and G2 are groups...
SiRiUS: Securing Remote Untrusted Storage Eu-Jin (2008)
Hovav Shacham, Nagendra Modadugu, Dan Boneh
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
We present a fully secure identity based encryption scheme whose proof of security does not rely on the random oracle heuristic. Security is based on the decisional bilinear Diffie-Hellman...
Abstract SANE: A Protection Architecture for Enterprise Networks (2008)
Martin Casado, Tal Garfinkel, Aditya Akella, Michael J. Freedman, Dan Boneh, Nick Mckeown, ...
Connectivity in today’s enterprise networks is regulated by a combination of complex routing and bridging policies, along with various interdiction mechanisms such as ACLs, packet filters, and...
Hovav Shacham, Eu-jin Goh, Nagendra Modadugu, Ben Pfaff, Dan Boneh
Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system...
Reducing Shoulder-surfing by Using Gaze-based Password Entry (2008)
Manu Kumar, Tal Garfinkel, Dan Boneh, Terry Winograd
Shoulder-surfing – using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information – is a problem that has been...
Dan Boneh, Ben Lynn, Craig Gentry, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Traitor Tracing with Constant Size Ciphertext (2008)
A traitor tracing system enables a publisher to trace a pirate decryption box to one of the secret keys used to create the box. We present the first traitor tracing system where ciphertext size is...
Circular-Secure Encryption from Decision Diffie-Hellman (2008)
Dan Boneh, Shai Halevi, Mike Hamburg, Rafail Ostrovsky
Let E be a public-key encryption system and let (pk i, ski) be public/private key pairs for E for i = 0,..., n. A natural question is whether E remains secure once an adversary obtains an encryption...
Traitor Tracing with Constant Size Ciphertext (2008)
A traitor tracing system enables a publisher to trace a pirate decryption box to one of the secret keys used to create the box. We present a traitor tracing system where ciphertext size is...
07381 Executive Summary - Cryptography (2008)
Blömer, Johannes, Boneh, Dan, Cramer, Ronald, Maurer, Ueli
The topics covered in the seminar spanned most areas of cryptography, in one way or another, both in terms of the types of schemes (public-key cryptography, symmetric cryptography, hash functions and...
07381 Abstracts Collection -- Cryptography (2008)
Blömer, Johannes, Boneh, Dan, Cramer, Ronald, Maurer, Ueli
From 16.09.2007 to 21.09.2007 the Dagstuhl Seminar 07381 ``Cryptography'' was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several...
Breaking RSA May Be Easier Than Factoring (Extended Abstract) (2007)
Dan Boneh, Ramarathnam Venkatesan
) Dan Boneh Ramarathnam Venkatesan dabo@cs.stanford.edu venkie@microsoft.com Stanford University Microsoft Research Abstract We provide evidence that breaking low-exponent rsa cannot be equivalent to...
We show that for low public exponent rsa, given a quarter of the bits of the private key an adversary can recover the entire private key. Similar results (though not as strong) are obtained for...
Experimenting with Shared Generation of RSA keys Abstract (2007)
Michael Malkin, Thomas Wu, Dan Boneh
We describe an implementation of a distributed algorithm to generate a shared RSA key. At the end of the computation, an RSA modulus N = pq is publicly known. All servers involved in the computation...
Efficient Generation of Shared RSA keys (Extended Abstract) (2007)
We describe efficient techniques for three (or more) parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the...
Amplification of Weak Learning under . . . (2007)
Dan Boneh, Richard Lipton, Endre Szemerédi
We give a new simple proof of the XOR Theorem from [Yao82]. In addition, we show an application of the Theorem to learning theory. Let F be a class of boolean functions, such as AC 0 or NC 1 . We...
Effect of Operators on Straight Line Complexity (Extended Abstract) (2007)
We show that certain explicit operators must vastly increase the straight line complexity of certain polynomials.
Breaking DES Using a Molecular Computer (Extended Abstract) (2007)
Dan Boneh, Christopher Dunworth, Richard Lipton
Recently Adleman has shown that a small traveling salesman problem can be solved by molecular operations. In this paper we show how the same principles can be applied to breaking the Data Encryption...
Breaking RSA May Be Easier Than Factoring (2007)
Extend Ed, Dan Boneh, Ramarathnam Venkatesan
) Dan Boneh Ramarathnam Venkatesan dabo@cs.stanford.edu venkie@microsoft.com Stanford University Microsoft Research Abstract We provide evidence that breaking low-exponent rsa cannot be equivalent to...
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security...
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption...
ABSTRACT Almost Entirely Correct Mixing With Applications to Voting (2007)
In order to design an exceptionally efficient mix network, both asymptotically and in real terms, we develop the notion of almost entirely correct mixing, and propose a new mix network that is almost...
Aggregate and Veriably Encrypted Signatures from Bilinear Maps (2007)
Dan Boneh, Craig Gentry, Ben Lynn, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Dan Boneh, Shai Halevi, Nick Howgrave-graham
Abstract. We study a class of problems called Modular Inverse Hidden Number Problems (MIHNPs). The basic problem in this class is the following: Given many pairs x i; msbk ( + x i) 1
Improving SSL Handshake Performance via (2007)
Abstract. We present an algorithmic approach for speeding up SSL's performance on a web server. Our approach improves the performance of SSL's handshake protocol by up to a factor of 2.5...
Aggregate and Veriably Encrypted Signatures from Bilinear Maps (2007)
Dan Boneh, Craig Gentry, Ben Lynn, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Dan Boneh, Ben Lynn, Craig Gentry, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Eu-jin Goh, Hovav Shacham, Nagendra Modadugu, Dan Boneh
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network...
Contemporary Mathematics Applications of Multilinear Forms to Cryptography (2007)
This paper is dedicated to the memory of Ruth I. Michler Abstract. We study the problem of finding efficiently computable non-degenerate multilinear maps from G n 1 to G2, where G1 and G2 are groups...
Dan Boneh, Igor E. Shparlinski
Let E=F p be an elliptic curve, and G 2 E=F p. Dene the Die{Hellman function on E=F p as DH E;G (aG; bG) = abG. We show that if there is an ecient algorithm for predicting the LSB of the x or y...
Simpli ed OAEP for the Rabin and RSA Functions (2007)
Optimal Asymmetric Encryption Padding (OAEP) is a technique for converting the RSA trapdoor permutation into a chosen ciphertext secure system in the random oracle model. OAEP padding can be viewed...
Neil Daswani Dan, Dan Boneh, Hector Garcia-molina, Andreas Paepcke
In this paper, we introduce the novel concept of a secure interface definition compiler (a "security " compiler, for short). We show how interface designers can declare an...
Public Key Encryption with keyword (2007)
Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky
We study the problem of searching on data that is encrypted using a public key system. Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email gateway wants to...
Generalized Diffie-Hellman Modulo a Composite is not (2007)
Weaker Than Factoring, Eli Biham, Dan Boneh, Omer Reingold
The Diffie-Hellman key-exchange protocol may naturally be extended to k ? 2 parties. This gives rise to the generalized Diffie-Hellman assumption (GDH-Assumption). Naor and Reingold have recently...
We present a fully secure identity based encryption scheme whose proof of security does not rely on the random oracle heuristic. Security is based on the decisional bilinear Diffie-Hellman...
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security...
Conjunctive, subset, and range queries on encrypted data (2007)
We construct public-key systems that support comparison queries (x ≥ a) on encrypted data as well as more general queries such as subset queries (x ∈ S). These systems support arbitrary...
Space-efficient identity based encryption without pairings (2007)
Dan Boneh, Craig Gentry, Michael Hamburg
Identity Based Encryption (IBE) systems are often constructed using bilinear maps (a.k.a. pairings) on elliptic curves. One exception is an elegant system due to Cocks which builds an IBE based on...
Space-efficient identity based encryption without pairings (2007)
Dan Boneh, Craig Gentry, Michael Hamburg
Identity Based Encryption (IBE) systems are often constructed using bilinear maps (a.k.a. pairings) on elliptic curves. One exception is an elegant system due to Cocks which builds an IBE based on...
On the impossibility of efficiently combining collision resistant hash functions (2006)
Abstract. Let H1, H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant. Concatenating the output of H1...
We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model. Our construction works in groups equipped with...
To appear in Journal of Cryptology, Springer-Verlag, 2007. (2006)
Abstract We describe a short signature scheme that is strongly existentially unforgeable under anadaptive chosen message attack in the standard security model. Our construction works in groups...
On the impossibility of efficiently combining collision resistant hash functions (2006)
Abstract. Let H1, H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant. Concatenating the output of H1...
Chosen ciphertext secure public key threshold encryption without random oracles (2006)
Dan Boneh, Xavier Boyen, Shai Halevi
Abstract. We present a non-interactive chosen ciphertext secure threshold encryption system. The proof of security is set in the standard model and does not use random oracles. Our construction uses...
Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys (2006)
Dan Boneh, Amit Sahai, Brent Waters
We construct a fully collusion resistant tracing traitors system with sublinear size ciphertexts and constant size private keys. More precisely, let N be the total number of users. Our system...
Privacy in Encrypted Content Distribution Using Private Broadcast Encryption (2006)
Adam Barth, Dan Boneh, Brent Waters
In many content distribution systems it is important to both restrict access of content to authorized users and to protect the identities of these users. We discover that current systems for...
Conjunctive, Subset, and Range Queries on Encrypted Data (2006)
We construct public-key systems that support comparison queries (x a) on encrypted data as well as more general queries such as subset queries (x S). These systems also support arbitrary conjunctive...
A Fully Collusion Resistant Broadcast, Trace, and Revoke System (2006)
We introduce a simple primitive called Augmented Broadcast Encryption (ABE) that is sufficient for constructing broadcast encryption, traitor-tracing, and trace-and-revoke systems. These ABE-
Chosen ciphertext secure public key threshold encryption without random oracles (2006)
Dan Boneh, Xavier Boyen, Shai Halevi
Abstract. We present a non-interactive chosen ciphertext secure threshold encryption system. The proof of security is set in the standard model and does not use random oracles. Our construction uses...
Dan Boneh, Eu-jin Goh, Kobbi Nissim
Let ψ be a 2-DNF formula on boolean variables x1,..., xn ∈ {0, 1}. We present a homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the...
Strongly unforgeable signatures based on computational Diffie-Hellman (2006)
Dan Boneh, Emily Shen, Brent Waters
Abstract. A signature system is said to be strongly unforgeable if the signature is existentially unforgeable and, given signatures on some message m the adversary cannot produce a new signature on...
Public-key encryption that allows PIR queries. Unpublished Manuscript (2006)
Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky William, E. Skeith Iii
Consider the following problem: Alice wishes to maintain her email using a storage-provider Bob (such as a Yahoo! or hotmail e-mail account). This storage-provider should provide for Alice the...
On the impossibility of efficiently combining collision resistant hash functions (2006)
Abstract. Let H1, H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant. Concatenating the output of H1...
Protecting browser state from web privacy attacks (2006)
Through a variety of means, including a range of browser cache methods and inspecting the color of a visited hyperlink, client-side browser state can be exploited to track users against their wishes....
Strongly unforgeable signatures based on computational Diffie-Hellman (2006)
Dan Boneh, Emily Shen, Brent Waters
Abstract. A signature system is said to be strongly unforgeable if the signature is existentially unforgeable and, given signatures on some message m, the adversary cannot produce a new signature on...
Public-key encryption that allows PIR queries. Unpublished Manuscript (2006)
Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky, Packard Foundation
Consider the following problem: Alice wishes to maintain her email using a storageprovider Bob (such as a Yahoo! or hotmail e-mail account). This storage-provider should provide for Alice the ability...
B.: Privacy in encrypted content distribution using private broadcast encryption (2006)
Adam Barth, Dan Boneh, Brent Waters
Abstract. In many content distribution systems it is important both to restrict access to content to authorized users and to protect the identities of these users. We discover that current systems...
Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys (2005)
Dan Boneh, Craig Gentry, Brent Waters
We describe two new public key broadcast encryption systems for stateless receivers. Both systems are fully secure against any number of colluders. In our first construction both ciphertexts and...
Hierarchical Identity Based Encryption with Constant Size Ciphertext (2005)
Dan Boneh, Xavier Boyen, Eu-jin Goh
We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, independent of...
Collusion resistant broadcast encryption with short ciphertexts and private keys (2005)
Dan Boneh, Craig Gentry, Brent Waters
We describe two new public key broadcast encryption systems for stateless receivers. Both systems are fully secure against any number of colluders. In our first construction both ciphertexts and...
Improved efficiency for cca-secure cryptosystems built using identity-based encryption (2005)
Recently, Canetti, Halevi, and Katz showed a general method for constructing CCA-secure encryption schemes from identity-based encryption schemes in the standard model. We improve the efficiency of...
Improved efficiency for cca-secure cryptosystems built using identity-based encryption (2005)
Abstract. Recently, Canetti, Halevi, and Katz showed a general method for constructing CCA-secure encryption schemes from identity-based encryption schemes in the standard model. We improve the...
Dan Boneh, Xavier Boyen, Eu-jin Goh
We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of...
Dan Boneh, Xavier Boyen, Eu-jin Goh
We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of...
Hierarchical identity based encryption with constant size ciphertext (2005)
Dan Boneh, Xavier Boyen, Eu-jin Goh
Abstract. We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations,...
Short Signatures without Random Oracles (2004)
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption...
Fine-Grained Control of Security Capabilities (2004)
Dan Boneh, Xuhua Ding, Gene Tsudik
We present a new approach for fine-grained control over users ’ security privileges (fast revocation of credentials) centered around the concept of an on-line semi-trusted mediator (SEM). The use...
On the effectiveness of address-space randomization (2004)
Hovav Shacham, Eu-jin Goh, Nagendra Modadugu, Ben Pfaff, Dan Boneh
Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system...
Dan Boneh, Xavier Boyen, Hovav Shacham
Abstract. We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based...
On the effectiveness of address-space randomization (2004)
Hovav Shacham, Eu-jin Goh, Nagendra Modadugu, Ben Pfaff, Dan Boneh
Categories and Subject Descriptors
Efficient selective-id secure identity based encryption without random oracles (2004)
We construct two ecient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption (2004)
Recently, Canetti, Halevi, and Katz showed a general method for constructing CCA-secure encryption schemes from identity-based encryption schemes in the standard model. We improve the efficiency of...
Short Signatures without Random Oracles (2004)
We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model. Our construction works in groups equipped with...
Chosen-ciphertext security from identity-based encryption (2004)
Dan Boneh, Ran Canetti, Shai Halevi, Jonathan Katz
We propose simple and efficient CCA-secure public-key encryption schemes (i.e., schemes secure against adaptive chosen-ciphertext attacks) based on any identity-based encryption (IBE) scheme. Our...
Group signatures with verifier-local revocation (2004)
Abstract Group signatures have recently become important for enabling privacy-preserving attestationin projects such as Microsoft's
Chosen-ciphertext security from identity-based encryption (2004)
Dan Boneh, Ran Canetti, Shai Halevi, Jonathan Katz
We propose simple and efficient CCA-secure public-key encryption schemes (i.e., schemes secure against adaptive chosen-ciphertext attacks) based on any identity-based encryption (IBE) scheme. Our...
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model in groups equipped with a bilinear map. Selective identity secure...
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model in groups equipped with a bilinear map. Selective identity secure...
APPLICATIONS OF CAYLEY GRAPHS, BILINEARITY, AND HIGHER-ORDER RESIDUES TO CRYPTOLOGY (2004)
Dan Boneh, Ramarathnam Venkatesan
ii
On the effectiveness of address-space randomization (2004)
Hovav Shacham, Ben Pfaff, Dan Boneh
Abstract Address-space randomization is a technique used to fortify systems against buffer overflowattacks. The idea is to introduce artificial diversity by randomizing the memory location of certain...
Client-Side Defense Against Web-Based Identity Theft (2004)
Neil Chou, Robert Ledesma, Yuka Teraguchi, Dan Boneh, John C. Mitchell
Web spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. We discuss some aspects of common attacks and propose...
Fine-Grained Control of Security Capabilities (2004)
Dan Boneh, Xuhua Ding, Gene Tsudik
We present a new approach for fine-grained control over users ’ security privileges (fast revocation of credentials) centered around the concept of an on-line semi-trusted mediator (SEM). The use...
On the effectiveness of address-space randomization (2004)
Hovav Shacham, Eu-jin Goh, Nagendra Modadugu, Ben Pfaff, Dan Boneh
Categories and Subject Descriptors
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model in groups equipped with a bilinear map. Selective identity secure...
Short Signatures without Random Oracles (2004)
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption...
A survey of two signature aggregation techniques (2003)
Dan Boneh, Craig Gentry, Ben Lynn, Hovav Shacham
We survey two recent signature constructions that support signature aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Sirius: Securing remote untrusted storage (2003)
Eu-jin Goh, Hovav Shacham, Nagendra Modadugu, Dan Boneh
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network...
Flexible os support and applications for trusted computing (2003)
Tal Garfinkel, Mendel Rosenblum, Dan Boneh
Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright...
Terra: a virtual machine-based platform for trusted computing (2003)
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh
We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. Applications...
Remote timing attacks are practical (2003)
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against...
A secure Signature Scheme from Bilinear Maps (2003)
Dan Boneh, Ilya Mironov, Victor Shoup
Abstract. We present a new class of signature schemes based on properties of certain bilinear algebraic maps. These signatures are secure against existential forgery under a chosen message attack in...
Terra: a virtual machine-based platform for trusted computing (2003)
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh
We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. Applications...
Sirius: Securing remote untrusted storage (2003)
Eu-jin Goh, Hovav Shacham, Nagendra Modadugu, Dan Boneh
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network...
Flexible os support and applications for trusted computing (2003)
Tal Garfinkel, Mendel Rosenblum, Dan Boneh
Trusted computing (e.g. TCPA and Microsoft's NextGeneration Secure Computing Base) has been one of the most talked about and least understood technologies in the computing community over the...
Remote timing attacks are practical (2003)
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against...
Oblivious Signature-Based Envelope (2003)
Ninghui Li, Wenliang Du, Dan Boneh
Exchange of digitally signed certificates is often used to establish mutual trust between strangers that wish to share resources or to conduct business transactions. Automated Trust Negotiation (ATN)...
Terra: a virtual machine-based platform for trusted computing (2003)
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh
We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. Applications...
Terra: a virtual machine-based platform for trusted computing (2003)
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh
We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. Applications...
Terra: A Virtual Machine-Based Platform for Trusted Computing (2003)
Tal Garfinkel Ben, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh
We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. Applications...
Oblivious Signature-Based Envelope (2003)
Ninghui Li, Wenliang Du, Dan Boneh
Exchange of digitally signed certificates is often used to establish mutual trust between strangers that wish to share resources or to conduct business transactions. Automated Trust Negotiation (ATN)...
A Survey of Two Signature Aggregation Techniques (2003)
Dan Boneh, Craig Gentry, Ben Lynn, Hovav Shacham
We survey two recent signature constructions that support signature aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Flexible OS Support and Applications for Trusted Computing (2003)
Tal Garfinkel Mendel, Mendel Rosenblum, Dan Boneh
Trusted computing (e.g. TCPA and Microsoft's NextGeneration Secure Computing Base) has been one of the most talked about and least understood technologies in the computing community over the...
Remote Timing Attacks are Practical (2003)
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against...
A secure Signature Scheme from Bilinear Maps (2003)
Dan Boneh, Ilya Mironov, Victor Shoup
Abstract. We present a new class of signature schemes based on properties of certain bilinear algebraic maps. These signatures are secure against existential forgery under a chosen message attack in...
Sirius: Securing remote untrusted storage (2003)
Eu-jin Goh, Hovav Shacham, Nagendra Modadugu, Dan Boneh
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network...
Terra: a virtual machine-based platform for trusted computing (2003)
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh
We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. Applications...
Aggregate and verifiably encrypted signatures from bilinear maps (2003)
Dan Boneh, Craig Gentry, Ben Lynn, Hovav Shacham
Abstract. An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these...
Almost entirely correct mixing with applications to voting (2002)
In order to design an exceptionally e#cient mix network, both asymptotically and in real terms, we develop the notion of almost entirely correct mixing, and propose a new mix network that is almost...
Client Side Caching for TLS (2002)
Hovav Shacham, Dan Boneh, Eric Rescorla
We propose two new mechanisms for caching handshake information on TLS clients. The “fast-track ” mechanism provides a client side cache of a server’s public parameters and negotiated...
Attacking an obfuscated cipher by injecting faults (2002)
Matthias Jacob, Dan Boneh, Edward Felten
We study the strength of certain obfuscation techniques used to protect software from reverse engineering and tampering. We show that some common obfuscation methods can be defeated using a fault...
We survey four variants of RSA designed to speed up RSA decryption and signing. We only consider variants that are backwards compatible in the sense that a system using one of these variants can...
We survey four variants of RSA designed to speed up RSA decryption and signing. We only consider variants that are backwards compatible in the sense that a system using one of these variants can...
Fast-Track Session Establishment for TLS (2002)
We propose a new, "fast-track " handshake mechanism for TLS. A fast-track client caches a server's public parameters and negotiated parameters in the course of an initial,...
Applications of multilinear forms to cryptography (2002)
We study the problem of nding eciently computable non-degenerate multilinear maps from G n 1 to G 2, where G 1 and G 2 are groups of the same prime order, and where computing discrete logarithms in G...
Optimistic mixing for exit-polls (2002)
Sheng Zhong, Dan Boneh, Markus Jakobsson, Ari Juels
Abstract. We propose a new mix network that is optimized to produce a correct output very fast when all mix servers execute the mixing protocol correctly (the usual case). Our mix network only...
Client Side Caching for TLS (2002)
Hovav Shacham, Dan Boneh, Eric Rescorla
We propose two new mechanisms for caching handshake information on TLS clients. The “fast-track ” mechanism provides a client side cache of a server’s public parameters and negotiated...
Cryptanalysis of RSA Using Algebraic and Lattice Methods (2002)
Glenn Durfee, Dan Boneh, Ramarathnam Venkatesan
We study the security of public key cryptosystems. In particular we study the RSA public key cryptosystem and several variants. We obtain our results using tools from the theory of integer lattices....
Optimistic Mixing for Exit-Polls (2002)
Philippe Golle Sheng, Sheng Zhong, Dan Boneh, Markus Jakobsson, Ari Juels
We propose a new mix network that is optimized to produce a correct output very fast when all mix servers execute the mixing protocol correctly (the usual case). Our mix network only produces an...
We survey four variants of RSA designed to speed up RSA decryption and signing. We only consider variants that are backwards compatible in the sense that a system using one of these variants can...
Client Side Caching for TLS (2002)
Hovav Shacham, Dan Boneh, Eric Rescorla
We propose two new mechanisms for caching handshake information on TLS clients. The “fast-track ” mechanism provides a client side cache of a server’s public parameters and negotiated...
Identity-based mediated RSA (2002)
Dan Boneh, Xuhua Ding, Gene Tsudik
Abstract. Identity-based encryption (IBE) [5] and digital signatures are important tools in modern secure communication. In general, identity-based cryptographic methods facilitate easy introduction...
The modular inversion hidden number problem (2001)
Dan Boneh, Shai Halevi, Nick Howgrave-graham
Abstract. We study a class of problems called Modular Inverse Hidden Number Problems (MIHNPs). The basic problem in this class is the following: Given many pairs � � � � −1 xi, msbk (α +...
Lower bounds for multicast message authentication (2001)
Dan Boneh, Glenn Durfee, Matt Franklin
Abstract. Message integrity from one sender to one receiver is typically achieved by having the two parties share a secret key to compute a Message Authentication Code (MAC). We consider the...
Privacy-enabled Management, Customer Data, Günter Karjoth, Matthias Schunter, Michael Waidner, Dan Boneh, ...
is published quarterly and is distributed to all TC members. Its scope includes the design, implementation, modelling, theory and application of database systems and their technology. Letters,...
Short signatures from the Weil pairing (2001)
Dan Boneh, Ben Lynn, Hovav Shacham
Abstract. We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. The signature length is half the size of a DSA...
Identity-based encryption from the Weil pairing (2001)
Abstract. We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the...
Identity-based encryption from the Weil pairing (2001)
Abstract. We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the...
On the unpredictability of bits of the elliptic curve Diffie–Hellman scheme (2001)
Dan Boneh, Igor E. Shparlinski
Abstract. Let E/Fp be an elliptic curve, and G ∈ E/Fp. Define the Diffie–Hellman function as DHE,G(aG, bG) = abG. We show that if there is an efficient algorithm for predicting the LSB of the x...
Identity-based encryption from the Weil pairing (2001)
We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational...
Short signatures from the Weil pairing (2001)
Dan Boneh, Ben Lynn, Hovav Shacham
Abstract. We introduce a short signature scheme based on the Computational Die-Hellman assumption on certain elliptic and hyper-elliptic curves. The signature length is half the size of a DSA...
Lower bounds for multicast message authentication (2001)
Abstract. Message integrity from one sender to one receiver is typically achieved by having the two parties share a secret key to compute a Message Authentication Code (MAC). We consider the...
Identity-based encryption from the Weil pairing (2001)
We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational...
Lower bounds for multicast message authentication (2001)
Dan Boneh, Glenn Durfee, Matthew Franklin
Message integrity between two parties is typically achieved by having them share a secret key to compute a Message Authentication Code (MAC). Unfortunately, this does not generalize well to the...
Improving SSL Handshake Performance via Batching (2001)
We present an algorithmic approach for speeding up SSL's performance on a web server. Our approach improves the performance of SSL's handshake protocol by up to a factor of 2.5 for 1024-bit...
On the Importance of Eliminating Errors in Cryptographic Computations (2001)
Dan Boneh, Richard A. Demillo, Richard J. Lipton
We present a model for attacking various cryptographic schemes by taking advantage of random hardware faults. The model consists of a black-box containing some cryptographic secret. The box interacts...
Identity-based encryption from the Weil pairing (2001)
We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming a variant of the computational Diffie-Hellman...
Short Signatures from the Weil Pairing (2001)
Dan Boneh, Ben Lynn, Hovav Shacham
We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. For standard security parameters, the signature length is...
Short Signatures from the Weil Pairing (2001)
Dan Boneh, Ben Lynn, Hovav Shacham
We introduce a short signature scheme based on the Computational Die-Hellman assumption on certain elliptic and hyper-elliptic curves.
The modular inversion hidden number problem (2001)
Dan Boneh, Shai Halevi, Nick Howgrave-graham
Abstract. We study a class of problems called Modular Inverse Hidden Number Problems (MIHNPs). The basic problem in this class is the following: Given many pairs � � � � −1 xi, msbk (α +...
Timed commitments (extended abstract (2000)
Abstract. We introduce and construct timed commitment schemes, an extension to the standard notion of commitments in which a potential forced opening phase permits the receiver to recover (with...
Finding smooth integers in short intervals using CRT decoding (2000)
We present a new algorithm for CRT list decoding. An instance of the CRT list decoding problem consists of integers B; hp1; : : : ; pni and hr1; : : : ; rni, where p1 p2 pn is a sequence of...
Architectural support for copy and tamper resistant software (2000)
David Lie, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, ...
Why Textbook ElGamal and RSA Encryption are Insecure (Extended Abstract) (2000)
Extended Abstract, Dan Boneh, Antoine Joux, Phong Nguyen
We present an attack on plain ElGamal and plain RSA encryption. The attack shows that without proper preprocessing of the plaintexts, both ElGamal and RSA encryption are fundamentally insecure....
Why Textbook ElGamal and RSA Encryption are Insecure (Extended Abstract) (2000)
Dan Boneh, Antoine Joux, Phong Nguyen
We present an attack on plain ElGamal and plain RSA encryption. The attack shows that without proper preprocessing of the plaintexts, both ElGamal and RSA encryption are fundamentally insecure....
Twenty years of attacks on the RSA cryptosystem (1999)
Dan Boneh, The Rsa Cryptosystem, Invented Ron Rivest, Adi Shamir, Len Adleman, Was Rst
publicized in the August 1977 issue of Scienti c American. The cryptosystem is most commonly
Breaking generalized Diffie-Hellman modulo a composite is no easier than factoring (1999)
Eli Biham, Dan Boneh, Omer Reingold
The Diffie-Hellman key-exchange protocol may naturally be extended to k? 2 parties. This gives rise to the generalized Diffie-Hellman assumption (GDH-Assumption). Naor and Reingold have recently...
Dan Boneh, Glenn Durfee, Nick Howgrave-graham
We present an algorithm for factoring integers of the form N = p r q for large r. Such integers were previously proposed for various cryptographic applications. When r log p our algorithm runs in...
Cryptanalysis of RSA with private key d less than N 0.292 (1999)
We show that if the private exponent d used in the RSA public-key cryptosystem is less than N
Building Intrusion Tolerant Applications (1999)
Thomas Wu, Michael Malkin, Dan Boneh
The ITTC project (Intrusion Tolerance via Threshold Cryptography) provides tools and an infrastructure for building intrusion tolerant applications. Rather than prevent intrusions or detect them...
Factoring N = p r q for large r (1999)
Dan Boneh, Glenn Durfee, Nick Howgrave-graham
We present an algorithm for factoring integers of the form N = p r q for large r. Such integers were previously proposed for various cryptographic applications. When r log p our algorithm runs in...
Cryptanalysis of RSA with private key d less than N 0.292 (1999)
We show that if the private exponent d used in the RSA public-key cryptosystem is less than N
Extend Ed, Dan Boneh, Glenn Durfee, Nick Howgrave-graham
) Dan Boneh Glenn Durfee y Nick Howgrave-Graham dabo@cs.stanford.edu gdurf@cs.stanford.edu nahg@maths.bath.ac.uk Abstract We present an algorithm for factoring integers of the form N = p r q for...
An Efficient Public Key Traitor Tracing Scheme (Extended Abstract) (1999)
We construct a public key encryption scheme in which there is one public encryption key, but many private decryption keys. If some digital content (e.g., a music clip) is encrypted using the public...
Experimenting with Shared Generation of RSA keys (1999)
Michael Malkin, Thomas Wu, Dan Boneh
We describe an implementation of a distributed algorithm to generate a shared RSA key. At the end of the computation, an RSA modulus N = pq is publicly known. All servers involved in the computation...
Twenty Years of Attacks on the RSA Cryptosystem (1999)
this article. For completeness we note that the current fastest factoring algorithm is the General Number Field Sieve. Its running time on n-bit integers is exp
Anonymous Authentication With Subset Queries (Extended Abstract) (1999)
) Dan Boneh Matt Franklin dabo@cs.stanford.edu franklin@parc.xerox.com Abstract We develop new schemes for anonymous authentication that support identity escrow. Our protocols also allow a prover to...
An Efficient Public Key Traitor Tracing Scheme (Extended Abstract) (1999)
We construct a public key encryption scheme in which there is one public encryption key, but many private decryption keys. If some digital content (e.g., a music clip) is encrypted using the public...
An Efficient Public Key Traitor Tracing Scheme (1999)
We construct a public key encryption scheme in which there is one public encryption key, but many private decryption keys. If some digital content (e.g., a music clip) is encrypted using the public...
Cryptanalysis of RSA with Private Key d Less Than N^0.292 (Extended Abstract) (1999)
) Dan Boneh Glenn Durfee y dabo@cs.stanford.edu gdurf@cs.stanford.edu Abstract We show that if the private exponent d used in the RSA public-key cryptosystem is less than N 0:292 then the system is...
Building Intrusion Tolerant Applications (1999)
Thomas Wu, Michael Malkin, Dan Boneh
The ITTC project provides tools and an infrastructure for building intrusion tolerant applications. Rather than prevent intrusions or detect them after the fact, the ITTC system ensures that the...
Building Intrusion Tolerant Applications (1998)
Wu, Thomas, Malkin, Michael, Boneh, Dan
The ITTC project (Intrusion Tolerance via Threshold Cryptography) developed tools and an infrastructure for building intrusion tolerant applications. Rather than prevent intrusions or detect them...
Architectural Support for Copy and Tamper Resistant Software (1998)
Lie, David, Thekkath, Chandramohan, Mitchell, Mark, Lincoln, Patrick, Boneh, Dan
Although there have been attempts to develop code transformations that yield tamper-resistant software, no reliable software-only methods are known. This paper studies the hardware implementation of...
Survivability Using Controlled Security Services (1998)
Neuman, B. C., Bannister, Joseph, Boneh, Dan, Tsudik, Gene
This document represents the final report on the SUCSES project funded by DARPA/ITO under the "Dynamic Coalitions" (DC) program. SUCSES' period of performance spanned roughly four years between...
Generating a Product of Three Primes with an Unknown Factorization (1998)
We describe protocols for three or more parties to jointly generate a composite N = pqr which is the product of three primes. After our protocols terminate N is publicly known, but neither party...
Exposing an RSA Private Key Given a Small Fraction of its Bits (1998)
Dan Boneh, Glenn Durfee, Yair Frankel
We show that for low public exponent RSA, given a quarter of the bits of the private key an adversary can recover the entire private key. Similar results (though not as strong) are obtained for...
Collusion-Secure Fingerprinting for Digital Data (1998)
This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data, e.g., software, documents, music, and video. Fingerprinting consists of uniquely marking and...
Experimenting with Electronic Commerce on the PalmPilot (1998)
. This paper describes our experience with implementing an electronic payment system for the PalmPilot. Although Palm OS lacks support for many desired security features, we are able to build a...
The Decision Diffie-Hellman Problem (1998)
The Decision Diffie-Hellman assumption (ddh) is a gold mine. It enables one to construct efficient cryptographic systems with strong security properties. In this paper we survey the recent...
SWAPEROO: A Simple Wallet Architecture for Payments, Exchanges, Refunds, and Other Operations (1998)
Neil Daswani Dan, Dan Boneh, Hector Garcia-molina, Steven Ketchpel, Andreas Paepcke
Most existing digital wallet implementations support a single or a limited set of proprietary financial instruments and protocols for electronic commerce transactions, preventing a user from having...
Generating a Product of Three Primes with an Unknown Factorization (1998)
. We describe protocols for three or more parties to jointly generate a composite N = pqr which is the product of three primes. After our protocols terminate N is publicly known, but neither party...
Exposing an RSA Private Key Given a Small Fraction of Its Bits (1998)
We show that for low public exponent rsa, given a quarter of the bits of the private key an adversary can recover the entire private key. Similar results (though not as strong) are obtained for...
Generating a Product of Three Primes with an Unknown Factorization (1998)
. We describe protocols for three or more parties to jointly generate a composite N = pqr which is the product of three primes. After our protocols terminate N is publicly known, but neither party...
SWAPEROO: A Simple Wallet Architecture for Payments, Exchanges, Refunds, and Other Operations (1998)
Neil Daswani, Dan Boneh, Hector Garcia-molina, Steven Ketchpel, Andreas Paepcke
Most existing digital wallet implementations support a single or a limited set of proprietary financial instruments and protocols for electronic commerce transactions, preventing a user from having...
SWAPEROO: A Simple Wallet Architecture for Payments, Exchanges, Refunds, and Other Operations (1998)
Neil Daswani, Neil Daswani, Dan Boneh, Dan Boneh, Hector Garcia-molina, Hector Garcia-molina, ...
Most existing digital wallet implementations support a single or a limited set of proprietary financial instruments and protocols for electronic commerce transactions, preventing a user from having...
Efficient generation of shared RSA keys (1997)
We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization...
Efficient generation of shared RSA keys (1997)
We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization...
New Results on the Cryptanalysis of Low Exponent RSA (Extend Abstract, Preprint) (1997)
) Dan Boneh Glenn Durfee y dabo@cs.stanford.edu gdurf@cs.stanford.edu Abstract We show that if the private exponent d used in the RSA system is less than N 0:292 then the system is insecure. This is...
Rounding in Lattices and Its Cryptographic Applications (1997)
Dan Boneh, Ramarathnam Venkatesan
We analyze a lattice rounding technique using a natural matrix norm. We present its application to proving in a non-uniform model the hardness of computing 2 log log p bits of the secret keys of...
On the Importance of Checking Cryptographic Protocols for Faults (1997)
Dan Boneh, Richard A. Demillo, Richard J. Lipton
We present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults. We show how to attack certain implementations of RSA and Rabin signatures. An...
On the computational power of dna (1996)
Dan Boneh, Christopher Dunworth, Jill Sgallt, Richard J. Lipton
We show how DNA based computers can be used to solve the satisfiability problem for boolean circuits. Furthermore, we show how DNA computers can solve optimization problems directly without first...
Dan Boneh, Richard A. Demillo, Richard J. Lipton
We present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults. We show how to attack certain implementations of RSA and Rabin signatures. We...
On the Importance of Checking Computations (Extended abstract) (1996)
Dan Boneh, Richard A. Demillo, Richard J. Lipton
We present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults. We show how to attack certain implementations of RSA and Rabin signatures. We...
Running dynamic programming algorithms on a DNA computer (1996)
In this paper we show that DNA computers are especially useful for running algorithms which are based on dynamic programming. This class of algorithms takes advantage of the large memory capacity of...
Searching for Elements in Black Box Fields and Applications (1996)
We introduce the notion of a black box field and discuss the problem of explicitly exposing field elements given in a black box form. We present several sub-exponential algorithms for this problem...
Hardness Computing Bits of Secret Keys in Diffie-Hellman and Related Schemes (1996)
Dan Boneh, Ramarathnam Venkatesan
We show that computing the most significant bits of the secret key in a Diffie-Hellman keyexchange protocol from the public keys of the participants is as hard as computing the secret key itself....
Running dynamic programming algorithms on a DNA computer (1996)
In this paper we show that DNA computers are especially useful for running algorithms which are based on dynamic programming. This class of algorithms takes advantage of the large memory capacity of...
Breaking DES Using a Molecular Computer (1995)
Dan Boneh, Christopher Dunworth, Richard J. Lipton
Recently Adleman [1] has shown that a small traveling salesman problem can be solved by molecular operations. In this paper we show how the same principles can be applied to breaking the Data...
Making DNA computers error resistant (1995)
Dan Boneh, Christopher Dunworth, Richard J. Lipton
We describe methods for making volume decreasing algorithms more resistant to certain types of errors. Such error recovery techniques are crucial if DNA computers ever become practical. Our first...
Making DNA Computers Error Resistant (1995)
this paper. All DNA algorithms use strands of DNA to encode many parallel computations. They naturally fall into three classes: Algorithms are Decreasing Volume if the number of strands decreases as...
Where Genetic Algorithms Excel (1995)
Eric B. Baum, Dan Boneh, Charles Garrett
We analyze the performance of a Genetic Algorithm (GA) we call Culling and a variety of other algorithms on a problem we refer to as Additive Search Problem (ASP). ASP is closely related to several...
On The Computational Power of DNA (1995)
Dan Boneh, Christopher Dunworth, Richard J. Lipton, Jiri Sgall
We show how DNA based computers can be used to solve the satisfiability problem for boolean circuits. Furthermore, we show how DNA computers can solve optimization problems directly without first...
Making DNA Computers Error Resistant (1995)
Dan Boneh, Christopher Dunworth, Richard J. Lipton, Jiri Sgall
We describe methods for making volume decreasing algorithms more resistant to certain types of errors. Such error recovery techniques are crucial if DNA computers ever become practical. Our first...
Th Usenix Security, David Brumley, Dan Boneh
Timingattacks areusb)VG usb to attack weak computing devices ses as ssjbIVN5G Wes5 w that timing attacks apply to generalsner areseb5MjN Specifically, we devis a timing attack agains OpenSSL. Our...
"UMI: 8318220."
Thesis (Ph. D.)--Brandeis University, 1983.
Improving SSL Handshake Performance via Batching
We present an algorithmic approach for speeding up SSL's performance on a web server. Our approach improves the performance of SSL's handshake protocol by up to a factor of 2.5 for 1024-bit...
Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring
Eli Biham, Dan Boneh, Omer Reingold
The Diffie-Hellman key-exchange protocol may naturally be extended to k ? 2 parties. This gives rise to the generalized Diffie-Hellman assumption (GDH-Assumption). Naor and Reingold have recently...
Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring
Eli Biham, Dan Boneh, Omer Reingold
The Diffie-Hellman key-exchange protocol may naturally be extended to k ? 2 parties. This gives rise to the generalized Diffie-Hellman assumption (GDH-Assumption). Naor and Reingold have recently...
On the Computational Power of DNA
Dan Boneh, Christopher Dunworth, Richard J. Lipton, Jiri Sgall
We show how DNA based computers can be used to solve the satisfiability problem for boolean circuits. Furthermore, we show how DNA computers can solve optimization problems directly without first...
On The Computational Power of DNA
Dan Boneh, Christopher Dunworth, Richard J. Lipton
We show how DNA based computers can be used to solve the satisfiability problem for boolean circuits. Furthermore, we show how DNA computers can solve optimization problems directly without first...