[PDF] Top 20 La evolución de la poítica de cooperación internacional al desarrollo de España.

... The random oracle model is a powerful tool introduced by Bellare and Rogaway in [8] in order to make it possible to give rigorous “proofs of se- curity” for certain basic cryptographic protocols, ... See full document

... the random-oracle model (RO), where a hash function is treated as a truly random function and all users evaluate the hash function by querying the random ...quantum ... See full document

... the Random Oracle Model (ROM) and the standard ...standard model). In 2011, Boneh et al. defined the notion of the Quantum Random Oracle Model (QROM), where queries to the ... See full document

... random oracle. This is remarkable, as their security proofs in the local random-oracle model involve techniques that are not available to an EUC simula- tor: signature schemes typically ... See full document

... Abstract. This paper studies indistinguishability against quantum chosen-ciphertext attacks (IND-qCCA se- curity) of key-encapsulation mechanisms (KEMs) in quantum random oracle model (QROM). We show ... See full document

... In addition to explicit applications of unique signatures for authenticity, in- tegrity and non-repudiation of a message, there is a natural transformation from unique signatures to VRFs by an early work of Goldreich and ... See full document

... This syntax naturally lends to four attack vectors, which we formulate as generic problems called A State Recovery (ASR), B State Recovery (BSR), Noisy Key Search (NKS), and Noisy Key Distinguishing (NKD), mirroring the ... See full document

... We now give a brief history of work reducing the data needed to transmit a garbled gate, summarized in Table 1. In the point-and-permute optimization, introduced by Beaver, Micali and Rogaway [3], a select bit is ... See full document

... EPID signatures are used extensively in real-world systems for hardware enclave attestation. As such, there is a strong interest in making these schemes post-quantum secure. In this paper we initiate the study of EPID ... See full document

... the random oracle model or standard model ...standard model. However, their security model is not enough complete for identity-based group signature, some notions are ...the ... See full document

... To capture these security properties, Luo et al. pre- sented a formal security model for CB-AKA protocols in [35]. However, Lu et al. [33] show that Luo et al.’s CB-AKA protocol is insecure against the PKR ... See full document

... In our paper, we just give QROM security reductions for the transformations with implicit rejection. It is not obvious how to extend our QROM security proofs for the transformations with explicit rejection, since the ... See full document

... Best performance is attained for a larger budget on the ICSI corpus (450 vs. 350 words), which can be explained by the fact that the ICSI human sum- maries tend to be larger than the AMI ones (390 vs 300 words, on ... See full document

... a random strings (rather than from encryption of random ...RO model) can be modified to also hold for the case the base scheme is only assumed to be KIAE and KDAE (rather than $-KIAE and ... See full document

... Our next contribution is to provide such a construction. The high-level strategy is to replace the (2-round) ZKPoK in the above construction of PVW OT with a non-interactive witness hiding (or witness indistinguishable) ... See full document

... In the regular soundness and simulation extractability definitions of a NILP, the adversary must choose his matrices and the resultant output as a function only of the public input x. We give a definition of a more ... See full document

... Insured MPC. The topic of MPC with financial penalties has attracted increasing attention recently [2,6,27,7,4]. The main idea is to combine MPC techniques with cryptocurrencies in order to provide monetary incentives ... See full document

... first random oracle query (in which case there is a reduction which succeeds by running the forger only ...of random oracle queries q h , one can choose the distribution of the ... See full document

... classical random oracle arguments to the quantum random oracle ...a random oracle by a quantum ...the random oracle HIBE schemes of Cash et ... See full document

... Privately-incremental schemes. In various scenarios it may be natural to provide the update algorithm with access not to the plaintext m but rather to the secret key sk (and thus indirect access to the plaintext which ... See full document