J. Alex Halderman, Hovav Shacham, Eric Rescorla, David Wagner
In light of the systemic vulnerabilities uncovered by recent reviews of deployed e-voting systems, the surest way to secure the voting process would be to scrap the existing systems and design new...
When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC ABSTRACT (2009)
Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage
This paper reconsiders the threat posed by Shacham’s “return-oriented programming ” — a technique by which W⊕X-style hardware protections are evaded via carefully crafted stack frames that...
Compact Proofs of Retrievability (2009)
In a proof-of-retrievability system, a data storage center must prove to a verifier that he is actually storing all of a client’s data. The central challenge is to build systems that are both...
J. Alex Halderman, Hovav Shacham
In light of the systemic vulnerabilities uncovered by recent reviews of deployed e-voting systems, the surest way to secure the voting process would be to scrap the existing systems and design new...
Improved RSA Private Key Reconstruction for Cold Boot Attacks (2009)
We give an algorithm that reconstructs an RSA private key given a 27 % fraction of its bits at random. We make new observations about the structure of RSA keys that allow our algorithm to make use of...
When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC ABSTRACT (2009)
Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage
This paper reconsiders the threat posed by Shacham’s “return-oriented programming ” — a technique by which W⊕X-style hardware protections are evaded via carefully crafted stack frames that...
J. Alex Halderman, Hovav Shacham
In light of the systemic vulnerabilities uncovered by recent reviews of deployed e-voting systems, the surest way to secure the voting process would be to scrap the existing systems and design new...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Dan Boneh, Ben Lynn, Craig Gentry, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Short Signatures from the Weil Pairing (2008)
Dan Boneh, Ben Lynn, Hovav Shacham
We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. For standard security parameters, the signature length is...
Hovav Shacham, Eu-jin Goh, Nagendra Modadugu, Ben Pfaff, Dan Boneh
Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system...
Dan Boneh, Ben Lynn, Craig Gentry, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Dan Boneh, Ben Lynn, Craig Gentry, Hovav Shacham
We survey two recent signature constructions that support signature aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Fast Variants of RSA Abstract (2008)
We survey three variants of RSA designed to speed up RSA decryption. These variants are backwards compatible in the sense that a system using one of these variants can interoperate with a system...
Group signatures have recently become important for enabling privacy-preserving attestation in projects such as Microsoft’s ngscb effort (formerly Palladium). Revocation is critical to the security...
We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. For standard security parameters, the signature length is...
We present an algorithmic approach for speeding up SSL’s performance on a web server. Our approach improves the performance of SSL’s handshake protocol by up to a factor of 2.5 for 1024-bit RSA...
Xavier Boyen, Hovav Shacham, Brent Waters, Emily Shen
In most forward-secure signature constructions, a program that updates a user’s private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Group signatures have recently become important for enabling privacy-preserving attestation in projects such as Microsoft’s ngscb effort (formerly Palladium). Revocation is critical to the security...
Improving SSL Handshake Performance via (2008)
Abstract. We present an algorithmic approach for speeding up SSL’s performance on a web server. Our approach improves the performance of SSL’s handshake protocol by up to a factor of 2.5 for...
The BBG HIBE Has Limited Delegation (2008)
At Eurocrypt 2005, Boneh, Boyen, and Goh presented a hierarchical IBE for which they claimed a novel property, called limited delegation: it is possible to give an entity a private key that restricts...
Short Signatures from the Weil Pairing * Dan Boneh # (2008)
Abstract We introduce a short signature scheme based on the Computational Diffie-Hellman assump-tion on certain elliptic and hyper-elliptic curves. For standard security parameters, the signature...
SiRiUS: Securing Remote Untrusted Storage Eu-Jin (2008)
Hovav Shacham, Nagendra Modadugu, Dan Boneh
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network...
We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. For standard security parameters, the signature length is...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Hovav Shacham, Eu-jin Goh, Nagendra Modadugu, Ben Pfaff, Dan Boneh
Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system...
Dan Boneh, Ben Lynn, Craig Gentry, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Compact Proofs of Retrievability (2008)
In a proof-of-retrievability system, a data storage center must prove to a verifier that he is actually storing all of a client’s data. The central challenge is to build systems that are both...
Aggregate and Veriably Encrypted Signatures from Bilinear Maps (2007)
Dan Boneh, Craig Gentry, Ben Lynn, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Improving SSL Handshake Performance via (2007)
Abstract. We present an algorithmic approach for speeding up SSL's performance on a web server. Our approach improves the performance of SSL's handshake protocol by up to a factor of 2.5...
Aggregate and Veriably Encrypted Signatures from Bilinear Maps (2007)
Dan Boneh, Craig Gentry, Ben Lynn, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Dan Boneh, Ben Lynn, Craig Gentry, Hovav Shacham
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Eu-jin Goh, Hovav Shacham, Nagendra Modadugu, Dan Boneh
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network...
We describe a CCA-secure public-key encryption scheme, in the Cramer-Shoup paradigm, based on the Linear assumption of Boneh, Boyen, and Shacham. Through a comparison to the Kiltz tag-encryption...
Xavier Boyen, Hovav Shacham, Emily Shen, Brent Waters
In most forward-secure signature constructions, a program that updates a user’s private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with...
Srinivas Inguva, Eric Rescorla, Hovav Shacham, Dan S. Wallach
2 All author affiliations are for identification only.
We describe a CCA-secure public-key encryption scheme, in the Cramer-Shoup paradigm, based on the Linear assumption of Boneh, Boyen, and Shacham. Through a comparison to the Kiltz tag-encryption...
We present new techniques that allow a return-into-libc attack to be mounted on x86 executables that calls no functions at all. Our attack combines a large number of short instruction sequences to...
Abstract. We describe the first efficient ring signature scheme secure, without random oracles, based on standard assumptions. Our ring signatures are based in bilinear groups. For l members of a...
Xavier Boyen, Hovav Shacham, Emily Shen, Brent Waters
In most forward-secure signature constructions, a program that updates a user’s private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with...
Steve Lu, Hovav Shacham, Rafail Ostrovsky, Amit Sahai, Brent Waters
We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel...
Sequential aggregate signatures and multisignatures without random oracles (2006)
Steve Lu, Rafail Ostrovsky, Hovav Shacham
Abstract We present the first aggregate signature, the first multisignature, and the first verifiablyencrypted signature provably secure without random oracles. Our constructions derive from a novel...
Sequential Aggregate Signatures and Multisignatures without Random Oracles (2006)
Steve Lu, Rafail Ostrovsky, Amit Sahai, Hovav Shacham, Brent Waters
We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel...
Efficient Ring Signatures without Random Oracles (2006)
We describe the first e#cient ring signature scheme secure, without random oracles, based on standard assumptions. Our ring signatures are based in bilinear groups. For l members of a ring our...
Forward-Secure Signatures with Untrusted Update (2006)
Xavier Boyen, Hovav Shacham, Emily Shen, Brent Waters
In most forward-secure signature constructions, a program that updates a user's private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with...
Sequential Aggregate Signatures and Multisignatures without Random Oracles (2006)
Steve Lu, Hovav Shacham, Rafail Ostrovsky, Amit Sahai, Brent Waters
We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel...
We describe the first efficient ring signature scheme secure, without random oracles, based on standard assumptions. Our ring signatures are based in bilinear groups. For l members of a ring our...
Steve Lu, Hovav Shacham, Rafail Ostrovsky, Amit Sahai, Brent Waters
We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel...
Sequential aggregate signatures and multisignatures without random oracles (2006)
Steve Lu, Rafail Ostrovsky, Amit Sahai, Hovav Shacham, Brent Waters
Abstract. We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a...
We describe the first efficient ring signature scheme secure, without random oracles, based on standard assumptions. Our ring signatures are based in bilinear groups. For l members of a ring our...
New paradigms in signature schemes / (2005)
Shacham, Hovav., Boneh, Dan Advisor
Submitted to the Department of Computer Science.
Lecture 6: Expander Codes (2005)
Lecturer Prahladh, Harsha Scribe, Hovav Shacham
In today’s lecture, we will discuss the application of expander graphs to error-correcting codes. More specifically, we will describe the construction of linear-time decodable expander codes due to...
New Paradigms in Signature Schemes (2005)
Digital signatures provide authenticity and nonrepudiation. They are a standard cryptographic primitive with many applications in higher-level protocols. Groups featuring a computable bilinear map...
Sequential aggregate signatures from trapdoor permutations (2004)
Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, Hovav Shacham
An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and Shacham) is a method for combining n signatures from n different signers on n different messages into one signature of...
Sequential aggregate signatures from trapdoor permutations (2004)
Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, Hovav Shacham
Abstract An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and Shacham)is a method for combining n signatures from n different signers on n different messages intoone signature...
On the effectiveness of address-space randomization (2004)
Hovav Shacham, Eu-jin Goh, Nagendra Modadugu, Ben Pfaff, Dan Boneh
Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system...
Dan Boneh, Xavier Boyen, Hovav Shacham
Abstract. We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based...
Sequential aggregate signatures from trapdoor permutations (2004)
Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, Hovav Shacham
An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn and Shacham) is a method for combining n signatures from n different signers on n different messages into one signature of unit...
On the effectiveness of address-space randomization (2004)
Hovav Shacham, Eu-jin Goh, Nagendra Modadugu, Ben Pfaff, Dan Boneh
Categories and Subject Descriptors
Sequential aggregate signatures from trapdoor permutations (2004)
Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, Hovav Shacham
Abstract. An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and Shacham) is a method for combining n signatures from n different signers on n different messages into one...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Sequential aggregate signatures from trapdoor permutations (2004)
Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, Hovav Shacham
An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and Shacham) is a method for combining n signatures from n different signers on n different messages into one signature of...
Sequential aggregate signatures from trapdoor permutations (2004)
Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, Hovav Shacham
An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and Shacham) is a method for combining n signatures from n different signers on n different messages into one signature of...
Sequential aggregate signatures from trapdoor permutations (2004)
Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, Hovav Shacham
Abstract An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and Shacham)is a method for combining n signatures from n different signers on n different messages intoone signature...
Group signatures with verifier-local revocation (2004)
Abstract Group signatures have recently become important for enabling privacy-preserving attestationin projects such as Microsoft's
On the effectiveness of address-space randomization (2004)
Hovav Shacham, Ben Pfaff, Dan Boneh
Abstract Address-space randomization is a technique used to fortify systems against buffer overflowattacks. The idea is to introduce artificial diversity by randomizing the memory location of certain...
On the effectiveness of address-space randomization (2004)
Hovav Shacham, Eu-jin Goh, Nagendra Modadugu, Ben Pfaff, Dan Boneh
Categories and Subject Descriptors
Sequential aggregate signatures from trapdoor permutations (2004)
Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, Hovav Shacham
An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and Shacham) is a method for combining n signatures from n different signers on n different messages into one signature of...
A survey of two signature aggregation techniques (2003)
Dan Boneh, Craig Gentry, Ben Lynn, Hovav Shacham
We survey two recent signature constructions that support signature aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Sirius: Securing remote untrusted storage (2003)
Eu-jin Goh, Hovav Shacham, Nagendra Modadugu, Dan Boneh
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network...
Sirius: Securing remote untrusted storage (2003)
Eu-jin Goh, Hovav Shacham, Nagendra Modadugu, Dan Boneh
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network...
A sequential aggregate signature scheme is a digital signature that supports aggregation: A single sequential aggregate, the same length as an ordinary signature, along with the n original messages,...
A sequential aggregate signature scheme is a digital signature that supports aggregation: A single sequential aggregate, along with the n original messages, convinces a verier that the n users did...
A Survey of Two Signature Aggregation Techniques (2003)
Dan Boneh, Craig Gentry, Ben Lynn, Hovav Shacham
We survey two recent signature constructions that support signature aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into...
Sirius: Securing remote untrusted storage (2003)
Eu-jin Goh, Hovav Shacham, Nagendra Modadugu, Dan Boneh
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network...
Aggregate and verifiably encrypted signatures from bilinear maps (2003)
Dan Boneh, Craig Gentry, Ben Lynn, Hovav Shacham
Abstract. An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these...
Client Side Caching for TLS (2002)
Hovav Shacham, Dan Boneh, Eric Rescorla
We propose two new mechanisms for caching handshake information on TLS clients. The “fast-track ” mechanism provides a client side cache of a server’s public parameters and negotiated...
We survey four variants of RSA designed to speed up RSA decryption and signing. We only consider variants that are backwards compatible in the sense that a system using one of these variants can...
We survey four variants of RSA designed to speed up RSA decryption and signing. We only consider variants that are backwards compatible in the sense that a system using one of these variants can...
Fast-Track Session Establishment for TLS (2002)
We propose a new, "fast-track " handshake mechanism for TLS. A fast-track client caches a server's public parameters and negotiated parameters in the course of an initial,...
Client Side Caching for TLS (2002)
Hovav Shacham, Dan Boneh, Eric Rescorla
We propose two new mechanisms for caching handshake information on TLS clients. The “fast-track ” mechanism provides a client side cache of a server’s public parameters and negotiated...
We survey four variants of RSA designed to speed up RSA decryption and signing. We only consider variants that are backwards compatible in the sense that a system using one of these variants can...
Client Side Caching for TLS (2002)
Hovav Shacham, Dan Boneh, Eric Rescorla
We propose two new mechanisms for caching handshake information on TLS clients. The “fast-track ” mechanism provides a client side cache of a server’s public parameters and negotiated...
Short signatures from the Weil pairing (2001)
Dan Boneh, Ben Lynn, Hovav Shacham
Abstract. We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. The signature length is half the size of a DSA...
Short signatures from the Weil pairing (2001)
Dan Boneh, Ben Lynn, Hovav Shacham
Abstract. We introduce a short signature scheme based on the Computational Die-Hellman assumption on certain elliptic and hyper-elliptic curves. The signature length is half the size of a DSA...
Improving SSL Handshake Performance via Batching (2001)
We present an algorithmic approach for speeding up SSL's performance on a web server. Our approach improves the performance of SSL's handshake protocol by up to a factor of 2.5 for 1024-bit...
Short Signatures from the Weil Pairing (2001)
Dan Boneh, Ben Lynn, Hovav Shacham
We introduce a short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyper-elliptic curves. For standard security parameters, the signature length is...
Short Signatures from the Weil Pairing (2001)
Dan Boneh, Ben Lynn, Hovav Shacham
We introduce a short signature scheme based on the Computational Die-Hellman assumption on certain elliptic and hyper-elliptic curves.
Improving SSL Handshake Performance via Batching
We present an algorithmic approach for speeding up SSL's performance on a web server. Our approach improves the performance of SSL's handshake protocol by up to a factor of 2.5 for 1024-bit...