New Paradigms for Password Security (abstract from the keynote lecture) (2009)
For the past several decades, cryptographers have consitently provided us with stronger and more capable primitives and protocols that have found many applications in security systems in everyday...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Distributed Public-Key Cryptography from Weak Secrets (2009)
Abdalla, Michel, Boyen, Xavier, Chevalier, Céline, Pointcheval, David
We introduce the notion of distributed password-based public-key cryptography, where a virtual high-entropy private key is implicitly defined as a concatenation of low-entropy passwords held in...
Distributed Public-Key Cryptography from Weak Secrets (2009)
Abdalla, Michel, Boyen, Xavier, Chevalier, Céline, Pointcheval, David
We introduce the notion of distributed password-based public-key cryptography, where a virtual high-entropy private key is implicitly defined as a concatenation of low-entropy passwords held in...
Short Group Signatures Dan Boneh * (2008)
Abstract We construct a short group signature scheme. Signatures in our scheme are approximatelythe size of a standard RSA signature with the same security. Security of our group signature
We present a fully secure identity based encryption scheme whose proof of security does not rely on the random oracle heuristic. Security is based on the decisional bilinear Diffie-Hellman...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
The BB1 Identity-Based Cryptosystem : A Standard for Encryption and Key Encapsulation (2008)
IEEE P1363.3 draft This note describes and discusses a couple of concrete instantiations of the “BB1 ” identity-based cryptosystem proposed at Eurocrypt 2004 by Boneh and Boyen. The emphasis is...
Inference is a key component in learning probabilistic models from partially observable data. When learning temporal models, each of the many inference phases requires a complete traversal over a...
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption...
Xavier Boyen, Hovav Shacham, Brent Waters, Emily Shen
In most forward-secure signature constructions, a program that updates a user’s private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption...
Short Group Signatures Dan Boneh * (2008)
Abstract We construct a short group signature scheme. Signatures in our scheme are approximatelythe size of a standard RSA signature with the same security. Security of our group signature
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
A tapestry of identity-based encryption: practical frameworks compared (2008)
This paper surveys the practical benefits and drawbacks of several identity-based encryption schemes based on bilinear pairings. After providing some background on identity-based cryptography, we...
A tapestry of identity-based encryption: practical frameworks compared (2008)
This paper surveys the practical benefits and drawbacks of several identity-based encryption schemes based on bilinear pairings. After providing some background on identity-based cryptography, we...
We present a fully secure identity based encryption scheme whose proof of security does not rely on the random oracle heuristic. Security is based on the decisional bilinear Diffie-Hellman...
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security...
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption...
Towards the Visualization of Overlapping Sets (2007)
Xavier Boyen, Nina Mishra, Liadan O'Callaghan
Introduction Visualization is a key tool needed to evaluate the quality of data mining results. In this abstract we define and explore the problem of visualizing overlapping sets. We encountered this...
We present a fully secure identity based encryption scheme whose proof of security does not rely on the random oracle heuristic. Security is based on the decisional bilinear Diffie-Hellman...
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security...
Full-domain subgroup hiding and constant-size group signatures (2007)
We give a short constant-size group signature scheme, which we prove fully secure under reasonable assumptions in bilinear groups, in the standard model. We achieve this result by using a new NIZK...
Full-domain subgroup hiding and constant-size group signatures (2007)
Abstract We give a short constant-size group signature scheme, which we prove fully secure underreasonable assumptions in bilinear groups, in the standard model. We achieve this result by using a new...
Miniature CCA2 PK Encryption : Tight Security Without Redundancy (2007)
We present a minimalist public-key cryptosystem, as compact as ElGamal, but with adaptive chosen-ciphertext security under the gap Diffie-Hellman assumption in the random oracle model. The novelty is...
Xavier Boyen, Hovav Shacham, Emily Shen, Brent Waters
In most forward-secure signature constructions, a program that updates a user’s private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with...
Full-domain subgroup hiding and constant-size group signatures (2007)
Abstract. We give a short constant-size group signature scheme, which we prove fully secure under reasonable assumptions in bilinear groups, in the standard model. We achieve this result by using a...
Mesh signatures: How to leak a secret with unwitting and unwilling participants (2007)
We introduce the mesh signature primitive as an anonymous signature that borrows from ring signatures, but with added modularity and a much richer language for expressing signer ambiguity. The...
Halting Password Puzzles: Hard-tobreak Encryption from Human-memorable Keys (2007)
Xavier Boyen, Voltage Security
We revisit the venerable question of “pure password”-based key derivation and encryption, and expose security weaknesses in current implementations that stem from structural flaws in Key...
The BF Identity-Based Encryption System (2006)
IEEE P1363.3 draft This note gives a brief description of the “FullIdent ” identity-based encryption system originally proposed by Boneh and Franklin in 2001, for standardization purposes. 1...
On the impossibility of efficiently combining collision resistant hash functions (2006)
Abstract. Let H1, H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant. Concatenating the output of H1...
We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model. Our construction works in groups equipped with...
Xavier Boyen, Hovav Shacham, Emily Shen, Brent Waters
In most forward-secure signature constructions, a program that updates a user’s private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with...
Xavier Boyen, Qixiang Mei, Brent Waters
We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very efficient Identity-Based Encryption (IBE)...
To appear in Journal of Cryptology, Springer-Verlag, 2007. (2006)
Abstract We describe a short signature scheme that is strongly existentially unforgeable under anadaptive chosen message attack in the standard security model. Our construction works in groups...
Chosen ciphertext secure public key threshold encryption without random oracles (2006)
Dan Boneh, Xavier Boyen, Shai Halevi
Abstract. We present a non-interactive chosen ciphertext secure threshold encryption system. The proof of security is set in the standard model and does not use random oracles. Our construction uses...
Anonymous Hierarchical Identity-Based Encryption (without Random Oracles) (2006)
We present an identity-based cryptosystem that features fully anonymous ciphertexts and hierarchical key delegation. We give a proof of security in the standard model, based on the mild Decision...
Forward-Secure Signatures with Untrusted Update (2006)
Xavier Boyen, Hovav Shacham, Emily Shen, Brent Waters
In most forward-secure signature constructions, a program that updates a user's private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with...
Chosen ciphertext secure public key threshold encryption without random oracles (2006)
Dan Boneh, Xavier Boyen, Shai Halevi
Abstract. We present a non-interactive chosen ciphertext secure threshold encryption system. The proof of security is set in the standard model and does not use random oracles. Our construction uses...
On the impossibility of efficiently combining collision resistant hash functions (2006)
Abstract. Let H1, H2 be two hash functions. We wish to construct a new hash function H that is collision resistant if at least one of H1 or H2 is collision resistant. Concatenating the output of H1...
Anonymous hierarchical identity-based encryption (without random oracles (2006)
Abstract We present an identity-based cryptosystem that features fully anonymous ciphertexts andhierarchical key delegation. We give a proof of security in the standard model, based on the mild
Anonymous hierarchical identity-based encryption (without random oracles (2006)
We present an identity-based cryptosystem that features fully anonymous ciphertexts and hierarchical key delegation. We give a proof of security in the standard model, based on the mild Decision...
Secure remote authentication using biometric data (2005)
Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, Adam Smith
We show two efficient techniques enabling the use of biometric data to achieve mutual authentication or authenticated key exchange over a completely insecure (i.e., adversarially controlled) channel....
Secure remote authentication using biometric data (2005)
Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, Adam Smith
secret information that can be used incryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly distributed; and (2) they are not exactly reproducible. Recent...
Secure Remote Authentication Using Biometric Data (2005)
Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, Adam Smith
Biometric data o#er a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly...
Hierarchical Identity Based Encryption with Constant Size Ciphertext (2005)
Dan Boneh, Xavier Boyen, Eu-jin Goh
We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, independent of...
Compact Group Signatures without Random Oracles (2005)
We present the first e#cient group signature scheme that is provably secure without random oracles. We achieve this result by combining provably secure hierarchical signatures in bilinear groups with...
Direct Chosen Ciphertext Security from Identity-Based Techniques (2005)
Xavier Boyen, Qixiang Mei, Brent Waters
We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very e#cient Identity-Based Encryption (IBE)...
Secure Remote Authentication Using Biometric (2005)
Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, Adam Smith
Biometrics offer a potential source of high-entropy, secret information. Before such data can be used in cryptographic protocols, however, two issues must be addressed: biometric data (1) are not...
Secure remote authentication using biometric data (2005)
Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, Adam Smith
Abstract. Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not...
Dan Boneh, Xavier Boyen, Eu-jin Goh
We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of...
Dan Boneh, Xavier Boyen, Eu-jin Goh
We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of...
Direct chosen ciphertext security from identity-based techniques (2005)
Xavier Boyen, Qixiang Mei, Brent Waters
Abstract We describe a new encryption technique that is secure in the standard model against adaptivechosen ciphertext (CCA2) attacks. We base our method on two very efficient Identity-Based
Secure remote authentication using biometric data (2005)
Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, Adam Smith
Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly...
Hierarchical identity based encryption with constant size ciphertext (2005)
Dan Boneh, Xavier Boyen, Eu-jin Goh
Abstract. We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations,...
Secure remote authentication using biometric data (2005)
Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, Adam Smith
Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly...
Secure remote authentication using biometric data (2005)
Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, Adam Smith
Abstract. Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not...
Short Signatures without Random Oracles (2004)
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption...
Efficient implementation of pairing-based cryptosystems (2004)
Ben Lynn, John Mitchell, Xavier Boyen
ii
Reusable cryptographic fuzzy extractors (2004)
We show that a number of recent definitions and constructions of fuzzy extractors are not adequate for multiple uses of the same fuzzy secret—a major shortcoming in the case of biometric...
Dan Boneh, Xavier Boyen, Hovav Shacham
Abstract. We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based...
Efficient selective-id secure identity based encryption without random oracles (2004)
We construct two ecient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Dan Boneh, Xavier Boyen, Hovav Shacham
We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the...
Reusable Cryptographic Fuzzy Extractors (2004)
We show that a number of recent definitions and constructions of fuzzy extractors are not adequate for multiple uses of the same fuzzy secret---a major shortcoming in the case of biometric...
Reusable cryptographic fuzzy extractors (2004)
We show that a number of recent definitions and constructions of fuzzy extractors are not adequate for multiple uses of the same fuzzy secret—a major shortcoming in the case of biometric...
Short Signatures without Random Oracles (2004)
We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model. Our construction works in groups equipped with...
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model in groups equipped with a bilinear map. Selective identity secure...
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model in groups equipped with a bilinear map. Selective identity secure...
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model in groups equipped with a bilinear map. Selective identity secure...
Short Signatures without Random Oracles (2004)
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption...
Multipurpose identity-based signcryption: A swiss army knife for identity-based cryptography (2003)
Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certicates for their public...
Multipurpose identity-based signcryption: A swiss army knife for identity-based cryptography (2003)
Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certicates for their public...
Multipurpose identity-based signcryption: A swiss army knife for identity-based cryptography (2003)
Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certificates for their public...
Multipurpose identity-based signcryption: A swiss army knife for identity-based cryptography (2003)
Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certificates for their public...
Multipurpose identity-based signcryption: A swiss army knife for identity-based cryptography (2003)
Abstract. Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certificates for their public...
Multipurpose identity-based signcryption: A swiss army knife for identity-based cryptography (2003)
Abstract. Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certificates for their public...
Inference and learning in complex stochastic processes / (2002)
Boyen, Xavier., Koller, Daphne Advisor
Submitted to the Department of Computer Science.
Exploiting the architecture of dynamic systems (1999)
Consider the problem of monitoring the state of a complex dynamic system, and predicting its future evolution. Exact algorithms for this task typically maintain a belief state, or distribution over...
Discovering the hidden structure of complex dynamic systems (1999)
Xavier Boyen, Nir Friedman, Daphne Koller
Dynamic Bayesian networks provide a compact and natural representation for complex dynamic systems. However, in many cases, there is no expert available from whom a model can be elicited. Learning...
Exploiting the architecture of dynamic systems (1999)
Abstract--- Consider the problem of monitoring the state of a complex dynamic system, and predicting its future evolution. Exact algorithms for this task typically maintain a belief state, or...
Exploiting the architecture of dynamic systems (1999)
Consider the problem of monitoring the state of a complex dynamic system, and predicting its future evolution. Exact algorithms for this task typically maintain a belief state, or distribution over...
Discovering the Hidden Structure of Complex Dynamic Systems (1999)
Xavier Boyen Computer, Xavier Boyen, Nir Friedman, Daphne Koller
Dynamic Bayesian networks provide a compact and natural representation for complex dynamic systems. However, in many cases, there is no expert available from whom a model can be elicited. Learning...
Discovering the Hidden Structure of Complex Dynamic Systems (1999)
Xavier Boyen, Nir Friedman, Daphne Koller
Dynamic Bayesian networks provide a compact and natural representation for complex dynamic systems. However, in many cases, there is no expert available from whom a model can be elicited. Learning...
In Proceedings of the Sixteenth National Conference on Artificial Intelligence (AAAI-99), (1999)
Pages Orlando Florida, Xavier Boyen, Daphne Koller
Consider the problem of monitoring the state of a complex dynamic system, and predicting its future evolution. Exact algorithms for this task typically maintain a belief state, or distribution over...
Tractable inference for complex stochastic processes (1998)
The monitoring and control of any dynamic system depends crucially on the ability to reason about its current status and its future trajectory. In the case of a stochastic system, these tasks...
Tractable inference for complex stochastic processes (1998)
The monitoring and control of any dynamic system depends crucially on the ability to reason about its current status and its future trajectory. In the case of a stochastic system, these tasks...
Approximate learning of dynamic models (1998)
Inference is a key component in learning probabilistic models from partially observable data. When learning temporal models, each of the many inference phases requires a complete traversal over a...
Tractable Inference for Complex Stochastic Processes (1998)
The monitoring and control of any dynamic system depends crucially on the ability to reason about its current status and its future trajectory. In the case of a stochastic system, these tasks...
Tractable Inference for Complex Stochastic Processes (1998)
The monitoring and control of any dynamic system depends crucially on the ability to reason about its current status and its future trajectory. In the case of a stochastic system, these tasks...
Tractable Inference for Complex Stochastic Processes (1998)
The monitoring and control of any dynamic system depends crucially on the ability to reason about its current status and its future trajectory. In the case of a stochastic system, these tasks...
Approximate Learning of Dynamic Models (1998)
Inference is a key component in learning probabilistic models from partially observable data. When learning temporal models, each of the many inference phases requires a complete traversal over a...
Approximate Learning of Dynamic Models (1998)
Inference is a key component in learning probabilistic models from partially observable data. When learning temporal models, each of the many inference phases requires a traversal over an entire long...
Tractable inference for complex stochastic processes (1998)
The monitoring and control of any dynamic system depends crucially on the ability to reason about its current status and its future trajectory. In the case of a stochastic system, these tasks...