A discrete-logarithm algorithm is called generic if it does not exploit the specific representation of the cyclic group for which it is supposed to compute discrete logarithms. Su...
The notion of concurrent signatures was recently introduced by Chen, Kudla and Paterson. In concurrent signature schemes, two entities can produce two signatures that are not bindi...
Abstract. Formal methods have been extensively applied to the certification of cryptographic protocols. However, most of these works make the perfect cryptography assumption, i.e....
—In this paper, we propose a formal analysis of domain extenders for hash functions in the indifferentiability framework. We define a general model for domain extenders and prov...
Marion Daubignard, Pierre-Alain Fouque, Yassine La...
Chosen-ciphertext security is by now a standard security property for asymmetric encryption. Many generic constructions for building secure cryptosystems from primitives with lower...