Most of the following papers are available online in gnuzipped Postscript, some also in PDF. There is also a complete list of all our publications sorted by language and subject.
Don't forget: some proceedings are published in a later year than the conference is held.
Abstract:
We present the first undeniable signature schemes where signers are
unconditionally secure. In the efficient variants, the security for the
recipients relies on a discrete logarithm assumption or on factoring; and in a
theoretical version, on claw-free permutation pairs.
Besides, on the one hand, the efficient variants are the first practical
cryptographically strong undeniable signature schemes at all. On the other
hand, in many cases they are more efficient than previous signature schemes
unconditionally secure for the signer.
Interesting new subprotocols are efficient collision-free hash functions based
on a discrete logarithm assumption, efficient perfectly hiding commitments for
elements Z_p (p prime), and fairly practical
perfect zero-knowledge proofs for arithmetic formulas
Z_p or Z_{2^\alpha}.
Abstract: On initiative of the Commission of the European Communities, the Information Technology Security Evaluation Criteria (ITSEC) are designed to provide a yardstick for the evaluation and certification of the security of IT systems. To improve the usefulness of resulting evaluations and certificates for procurers, users, and manufacturers the ITSEC are intended to undergo further extensive review. We discuss weaknesses, remaining questions, and possible improvements concerning the current version 1.2 of ITSEC. Our criticism focusses on the intended scope, the functionality aspects, the assessment of effectiveness and correctness, and problems arising after the evaluation of IT systems. Additionally, the ITSEC development and the accompanying discussion are criticized and improvements are proposed.
Abstract: Trotz des zunehmenden Einsatzes von Informations- und Kommunikationstechnik sind Sicherheitsprobleme und Schutzmöglichkeiten immer noch nur wenigen bewußt. Das vorliegende, für die universitäre Lehre konzipierte Praktikum möchte mithelfen, dies zumindest bezüglich der Informatik Studierenden zu ändern. Hierzu behandelt es kritisch die in den immer mehr an Bedeutung gewinnenden verteilten Systemen wichtigen Eigenschaften "Vertraulichkeit, Authentizität und Anonymität", Verfahren zur Herstellung der gewünschten teilnehmerüberprüfbaren Sicherheit und ihren Einsatz. Das didaktische Konzept des Praktikums und der Einzelversuche wird näher erläutert, um Anregungen für ähnliche Projekte zu geben oder zu solchen zu ermutigen. Eine größere Zielgruppe wäre die Folge und somit ein verbreitertes Bewußtsein für Probleme und Lösungen.
Abstract:
Data protection comprises availability and data integrity as well as data
confidentiality and privacy. We first consider security problems and their
causes, and then measures against them. Finally, we recommend actions which
should be taken independently of the construction of specific systems.
Our main subject is distributed systems and medical networks: At present, most
applications of informatics (computer science) in health care are stand-alone
ones, such as databases or 3-D imaging systems. In the future, however, there
will be more and more distributed systems. For example, for administrative
purposes, lots of PCs in a hospital could be interconnected by a local area
network, or PCs at private doctors could communicate with computers at
insurances via a public network. For direct medical purposes, there are
proposals to use video conferences to consult external experts during
operations, or to monitor patients in their homes. The use of chipcards as
carriers of emergency data is a distributed system, too.
For security, distributed systems bring about new dangers, but also new
possibilities for security measures. Dangers mainly result from the fact that
the new systems are more complex, there are more interdependences, and more
people have access to at least some part of the system than before.
Possibilities are offered, e.g., because more complicated security measures can
be performed by computers, and data can be put out of reach of someone or some
fault by suitable physical distribution.
Abstract:
On Crypto '88, an untraceable payment system with provable security against
abuse by individuals was presented by Damgård. We show how to break the
untraceability of that system completely.
Next, an improved version of the system is presented. We also augment the
system by security for the individuals against loss of money, and we introduce
the possibility of receipts for payments. Finally, whereas all this concerned
an on-line system, we present a similar construction for untraceable electronic
cash.
Abstract:
One of the main goals of cryptographic protocols is to combine fault tolerance
and privacy, under as few assumptions about possible opponents as possible.
Recently, there have been many interesting results about multi-party
computation protocols achieving these goals for general problem classes.
However, in this generality, one must necessarily make assumptions about the
number of attacking participants, and sometimes, there are computational
assumptions, such as "one-way functions exist", too.
It is therefore useful to consider what interesting special cases can be
realized under weaker assumptions. Two such cases, which both have been
considered before, are untraceable broadcast and secret ballot election.
Privacy, in these cases, means that it remains secret who sends which message,
or who casts which vote; fault tolerance means that honest participants have a
chance to send messages, and that honest voters' votes are counted and nobody
has more than one vote.
For both problems, we present the first protocols which tolerate any number of
attacking participants and are secure in an information-theoretic sense,
i.dfo1()e, they do not rely on a computational assumption.
Abstract:
We present the first Byzantine agreement protocol which tolerates any
number of maliciously faulty processors without relying on computational
assumptions (such as the unforgeability of digital signatures).
Our protocol needs reliable broadcast and secret channels in a precomputation
phase. For a security parameter [[sigma]], it achieves Byzantine
agreement with an error probability of at most 2-[[sigma]],
whereas all computations are polynomial in [[sigma]] and the number of
processors.
The protocol is based on an unconditionally secure authentication mechanism,
called pseudosignatures. Pseudosignatures are a generalization of a mechanism
by CHAUM and ROIJAKKERS and might be useful in other protocols, too.
Abstract:
On Crypto '88, an untraceable payment system with provable security
against abuse by individuals was presented by Damgård. We show how to
break the untraceability of that system completely.
Next, an improved version of the system is presented. We also augment the
system by security for the individuals against loss of money, and we introduce
the possibility of receipts for payments. Finally, whereas all this concerned
an on-line system, we present a similar construction for untraceable electronic
cash.
Back to SIRENE's Home or Pointers to the Outside World.