Bidirectional Asynchronous Ratcheted Key Agreement with Linear Complexity
Graph Chatbot
Chat with Graph Search
Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.
DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.
The security and efficiency of communication are two of the main concerns for networks of today and the future. Our understanding of how to efficiently send information over various channels and networks has significantly increased in the past decade (see ...
Information-theoretic secrecy is combined with cryptographic secrecy to create a secret-key exchange protocol for wireless networks. A network of transmitters, which already have cryptographically secured channels between them, cooperate to exchange a secr ...
From contactless payments to remote car unlocking, many applications are vulnerable to relay attacks. Distance bounding protocols are the main practical countermeasure against these attacks. In this paper, we present a formal analysis of SKI, which recentl ...
A definition of online authenticated-encryption (OAE), call it OAE1, was given by Fleischmann, Forler, and Lucks (2012). It has become a popular definitional target because, despite allowing encryption to be online, security is supposed to be maintained ev ...
In traditional cryptography, an attacker tries to infer a mathematical relationship between the inputs and outputs of a cryptosystem to recover secret information. With the advances in the theoretical basis of the cryptographic algorithms, this task became ...
UC security realized with setup devices imposes that single instances of these setups are used. In most cases, UC-realization relies further on other properties of the setups devices, like tamper-resistance. But what happens in stronger versions of the UC ...
Distance bounding protocols become important since wireless technologies become more and more common. Therefore, the security of the distance bounding protocol should be carefully analyzed. However, most of the protocols are not secure or their security is ...
We provide a security analysis for full-state keyed Sponge and full-state Duplex constructions. Our results can be used for making a large class of Sponge-based authenticated encryption schemes more efficient by concurrent absorption of associated data and ...
A recent trend in cryptography is to construct cryptosystems that are secure against physical attacks. Such attacks are usually divided into two classes: the \emph{leakage} attacks in which the adversary obtains some information about the internal state of ...
We present two variants of OMD which are robust against nonce misuse. Security of OMD---a CAESAR candidate---relies on the assumption that implementations always ensure correct use of nonce (a.k.a. message number); namely that, the nonce never gets repeate ...
