Our Protocol Sample Clauses

Our Protocol. Before going into details in subsequent sections, we present here a high-level overview of our protocol. We start with an authentication sub-protocol Auth presented in [RW03] that achieves the following: using the secret w that is common to ▇▇▇▇▇ and ▇▇▇, it allows ▇▇▇▇▇ to send to Bob an authentic (but nonse- cret) message M of length λM bit-by-bit in 2λM messages. ▇▇▇▇▇ and ▇▇▇ [RW03] can use this sub-protocol in order to agree on a key k as follows: they use Auth to get an extractor seed s from ▇▇▇▇▇ to Bob, and then extract k from w using s.1 We modify this protocol by using Auth to authenticate a MAC key instead of an extractor seed. The MAC key, in turn, is used to authenticate the extrac- tor seed s (which can be done very efficiently using simple information-theoretic MACs). This seems counterintuitive, because ▇▇▇▇ reveals what is being authen- ticated, while MAC keys need to remain secret. The insight is to use the MAC key before Auth begins.2 Our modification is beneficial for three reasons. First, MAC keys can be made shorter than extractor keys, so Auth is used on a shorter string, thus reducing the number of rounds and the entropy loss. Second, this modification allows us to use the same MAC key to authenticate not only the extractor seed s, but also the error-correction information (the so-called “secure sketch” of w [DORS08]) in the case Bob’s w′ is different from ▇▇▇▇▇’s w. Third, because there are MACs that are secure even against (limited) key modifica- tion [DKRS06, CDF+08], we can lower the security parameters in Auth, further increasing efficiency and reducing entropy loss. The rest of the paper is devoted to filling in the details of the above overview, including smaller improvements not discussed here, and proving the following theorem.
View Source
Our Protocol. In this section, we use the proposed VECS to present an efficient abuse-free contract signing protocol. We first give some notations. Let H be a key expo- sure free chameleon hash function. Denote by ▇▇▇(SKX, M ) the signature on message M with the secret key SKX of the party X ∈ {A, B, T }; Denote by OB(E, σA, PKT ) a verifiable encryption of A’s signature σA under T ’s public key PKT . Our abuse-free contract signing protocol has three sub-protocols: Ex- change, Abort, and Resolve. In the normal case, only the exchange protocol is executed. Suppose A and B have agreed on a message M = (m, rA, rB), where m is a common contract and (rA, rB) are two random integers. We do not describe this agreement in details here and it may require a number of rounds of com- munication between A and B through an authenticated channel. Moreover, this agreement should not achieve the non-repudiation property, i.e., neither party should generate any non-repudiation token on the agreed message. Exchange Protocol 1. A computes the chameleon hash value hA = H(m, rA, PKB) and the signa- ture σ∗ = Sig(SKA, hA||T ), where || denotes concatenation. A then com- ∗ putes the ciphertext C = OB(E, σA, PKT ) and sends it to B. 2. If C is invalid, B quits. Otherwise, B computes the signature σB= Sig(SKB, hB) on the chameleon hash value hB = H(m, rB, PKA) and then sends σB to A. 3. If σB is invalid, A runs the Abort protocol. Otherwise, A computes the signature σA = Sig(▇▇▇, hA) and sends it to B. If σA is not valid, B runs the Resolve protocol. Abort Protocol 1. A computes the signature Sig(SKA, abort||C) on message “abort||C” and then sends (C, Sig(SKA, abort||C)) to T . If the signature is valid and B has not resolved, T issues an abort-token AT = Sig(SKT , Sig(SKA, abort||C)) to A and stores it. The abort token is not a proof that the exchange has been aborted, but a guarantee by T that it has not and will not execute the Resolve protocol. 2. If B has resolved, T sends A the stored value σˆB in the Resolve protocol. Resolve Protocol 1. B firstly sends T the triple (C, hA, σˆB), where σˆB = Sig(SKB, resolve||A||hA) denotes the resolved signature of B. Generally, it is no difference with an or- dinary signature Sig(SKB, resolve||A||hA) of B on message “resolve||A||hA”. Additionally, it also denotes Sig(SKB, m) on condition that only A can pro- vide a pair (m, rA) which satisfies hA = H(m, rA, PKB). 2. If A has aborted, T then sends the abort-token AT to B. Else, if C is a valid T -verifi...
View Source
Our Protocol. The main idea of our protocol is to generate own (private, public) key pair using both sets of bases. Then each user matches them with the opposite parameters of the other user and computes two common values, which are then combined in a commutative manner. 1. Randomly select nA ∈ Z4eA and nB ∈ Z4eB . 2. Compute K = P + [n ]Q . B 3. Compute KB = PB + [nB]QB.
View Source
Our Protocol. The main idea of our protocol is to generate own (private, public) key pair using both sets of bases. Then each user matches them with the opposite parameters of the other user and computes two common values, which are then combined in a commutative manner. ∈ ∈` ` 1. Randomly select nA Z eA and nB Z eB . 2. Compute KA = PA + [nA]AQA. B 3. Compute KB = PB + [nB]QB. 4. Obtain EA using the kernel KA for the isogeny φA : E EA = E/ KA . 5. Obtain EB using the kernel KB for the isogeny φB : E EB = E/ KB . 6. Compute the images of the values PB and QB under φA, namely φA(PB) and φA(QB). 7. Compute the images of the values PA and QA under φB, namely φB(PA) and φB(QA). { } { } The private key is: nA, nB . The public key is: EA, EB, φA(PB), φA(QB), φB(PA), φB(QA) . The party either sends or publishes eathe public key. In practice, since we are in concentrating on the ephemeral version, we work in the context of sending public key.
View Source

Related to Our Protocol

  • Protocol The attached Protocol shall be an integral part of this Agreement.

  • Signaling protocol 4.1.3.1 SS7 Signaling is AT&T-21STATE’s preferred method for signaling. Where MF signaling is currently used, the Parties agree to use their best efforts to convert to SS7. If SS7 services are provided by AT&T-21STATE, they will be provided in accordance with the provisions of the applicable access tariffs. 4.1.3.2 Where MF signaling is currently used, the Parties agree to interconnect their networks using MF or dual tone MF (DTMF) signaling, subject to availability at the End Office Switch or Tandem Switch at which Interconnection occurs. The Parties acknowledge that the use of MF signaling may not be optimal. AT&T-21STATE will not be responsible for correcting any undesirable characteristics, service problems or performance problems that are associated with MF/SS7 inter-working or the signaling protocol required for Interconnection with CLEC employing MF signaling.

  • Review Protocol A narrative description of how the Claims Review was conducted and what was evaluated.

  • Protocols Each party hereby agrees that the inclusion of additional protocols may be required to make this Agreement specific. All such protocols shall be negotiated, determined and agreed upon by both parties hereto.

  • Information Technology Accessibility Standards Any information technology related products or services purchased, used or maintained through this Grant must be compatible with the principles and goals contained in the Electronic and Information Technology Accessibility Standards adopted by the Architectural and Transportation Barriers Compliance Board under Section 508 of the federal Rehabilitation Act of 1973 (29 U.S.C. §794d), as amended. The federal Electronic and Information Technology Accessibility Standards can be found at: ▇▇▇▇://▇▇▇.▇▇▇▇▇▇-▇▇▇▇▇.▇▇▇/508.htm.