Person

Atefeh Mashatan

This person is no longer with EPFL

Related publications (11)

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.

Revisiting Iterated Attacks in the Context of Decorrelation Theory

Serge Vaudenay, Atefeh Mashatan, Asli Bay

Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C* based on all bits. Vaudenay showed that a 2d-dec ...

2014

A dynamic universal accumulator is an accumulator that allows one to efficiently compute both membership and nonmembership witnesses in a dynamic way. It was first defined and instantiated by Li et al., based on the Strong RSA problem, building on the dyna ...

2013

Resistance against Adaptive Plaintext-Ciphertext Iterated Distinguishers

Serge Vaudenay, Atefeh Mashatan, Asli Bay

Decorrelation Theory deals with general adversaries who are mounting iterated attacks, i.e., attacks in which an adversary is allowed to make d queries in each iteration with the aim of distinguishing a random cipher C from the ideal random cipher C^*. A b ...

2012

, ,

Iterated attacks are comprised of iterating adversaries who can make

d

plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher

C

and the ideal random cipher

C^*

based on all bits. In EUROCRYPT '99, ...

Springer2012

Forgery-Resilience for Digital Signature Schemes

Khaled Ouafi, Atefeh Mashatan

We introduce the notion of forgery-resilience for digital signature schemes, a new paradigm for digital signature schemes exhibiting desirable legislative properties. It evolves around the idea that, for any message, there can only be a unique valid signat ...

2012

Efficient Fail-Stop Signatures from the Factoring Assumption

Khaled Ouafi, Atefeh Mashatan

In this paper, we revisit the construction of fail-stop signatures from the factoring assumption. These signatures were originally proposed to provide information-theoretic-based security against forgeries. In contrast to classical signature schemes, in wh ...

Springer2011

A Related-Key Attack against Multiple Encryption based on Fixed Points

Serge Vaudenay, Atefeh Mashatan, Asli Bay

In order to alleviate the burden of short keys, encrypting a multiple times has been proposed. In the multiple encryption mode, there may be encryptions under the same or different keys. There have been several attacks against this encryption mode. When tr ...

Springer2011

A Message Recognition Protocol Based on Standard Assumptions

Serge Vaudenay, Atefeh Mashatan

We look at the problem of designing Message Recognition Protocols (MRP) and note that all proposals available in the literature have relied on security proofs which hold in the random oracle model or are based on non-standard assumptions. Incorporating ran ...

Springer2010

Practical unconditionally secure two-channel message authentication

Atefeh Mashatan

We investigate unconditional security for message authentication protocols that are designed using two-channel cryptography. (Two-channel cryptography employs a broadband, insecure wireless channel and an authenticated, narrow-band manual channel at the sa ...

2010

, , , ,

A method for providing efficient management of certificate revocation may comprise storing a list of identifiers of digital certificates including a revocation list defining a list of revoked certificates in an accumulator, storing a witness value in assoc ...

2010

, ,

Iterated attacks are comprised of iterating adversaries who can make

d

plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher

C

and the ideal random cipher

C^*

based on all bits. In EUROCRYPT '99, ...

Springer2012