Research papers in cryptography

• M. Bellare and P. Rogaway.
  Robust computational secret sharing and a unified account of classical secret-sharing goals.
  Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), ACM, 2007.

• M. Bellare, A. Boldyreva and A. O'Neill.
  Deterministic and efficiently searchable encryption.
  Advances in Cryptology - Crypto 2007 Proceedings, Lecture Notes in Computer Science Vol. 4622, A. Menezes ed, Springer-Verlag, 2007.

• M. Bellare and G. Neven.
  Identity-Based Multi-signatures from RSA.
  Topics in Cryptology - CT-RSA 2007 Proceedings, Lecture Notes in Computer Science Vol. 4377, M. Abe ed, Springer-Verlag, 2007.

• M. Bellare and T. Ristenpart.
  Hash Functions in the Dedicated-Key Setting: Design Choices and MPP Transforms.
  Automata, Languages and Programming, 34th International Colloquium, ICALP 2007 Proceedings, Lecture Notes in Computer Science Vol. 4596, C. Cachin ed, Springer-Verlag, 2007.

• M. Bellare, C. Namprempre and G. Neven.
  Unrestricted Aggregate Signatures.
  Automata, Languages and Programming, 34th International Colloquium, ICALP 2007 Proceedings, Lecture Notes in Computer Science Vol. 4596, C. Cachin ed, Springer-Verlag, 2007.

• M. Bellare and S. Shoup.
  Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir without Random Oracles.
  Public Key Cryptography - PKC 2007, Proceedings, Lecture Notes in Computer Science Vol. 4450, T. Okamoto, X. Wang eds, Springer-Verlag, 2007.

• M. Bellare and T. Ristenpart.
  Multi-Property-Preserving Hash Domain Extension and the EMD Transform.
  Advances in Cryptology - Asiacrypt 2006 Proceedings, Lecture Notes in Computer Science Vol. 4284, X. Lai and K. Chen eds, Springer-Verlag, 2006.

• M. Bellare, T. Kohno and V. Shoup.
  Stateful Public-Key Cryptosystems: How to Encrypt with One 160-bit Exponentiation.
  Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), ACM, 2006.

• M. Bellare and G. Neven.
  Multisignatures in the Plain Public-Key Model and a General Forking Lemma.
  Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), ACM, 2006.

• M. Bellare.
  New Proofs for NMAC and HMAC: Security without Collision-Resistance.
  Advances in Cryptology - Crypto 2006 Proceedings, Lecture Notes in Computer Science Vol. 4117, C. Dwork ed, Springer-Verlag, 2006.

• M. Bellare and P. Rogaway.
  Code-Based Game-Playing Proofs and the Security of Triple Encryption.
  Advances in Cryptology - Eurocrypt 2006 Proceedings, Lecture Notes in Computer Science Vol. 4004, S. Vaudenay ed, Springer-Verlag, 2006.

• M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. Malone-Lee, G. Neven, P. Paillier and H. Shi.
  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions.
  Advances in Cryptology - Crypto 2005 Proceedings, Lecture Notes in Computer Science Vol. 3621, V. Shoup ed, Springer-Verlag, 2005.

• M. Bellare, K. Pietrzak and P. Rogaway.
  Improved Security Analyses for CBC MACs.
  Advances in Cryptology - Crypto 2005 Proceedings, Lecture Notes in Computer Science Vol. 3621, V. Shoup ed, Springer-Verlag, 2005.

• M. Bellare, H. Shi and C. Zhang.
  Foundations of Group Signatures: The Case of Dynamic Groups.
  Topics in Cryptology - CT-RSA 2005 Proceedings, Lecture Notes in Computer Science Vol. 3376, A. Menezes ed, Springer-Verlag, 2005.

• M. Bellare and A. Palacio.
  Towards Plaintext-Aware Public-Key Encryption without Random Oracles.
  Advances in Cryptology - Asiacrypt 2004 Proceedings, Lecture Notes in Computer Science Vol. 3329, P. J. Lee ed, Springer-Verlag, 2004.

• M. Bellare and A. Palacio.
  The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols.
  Advances in Cryptology - Crypto 2004 Proceedings, Lecture Notes in Computer Science Vol. 3152, M. Franklin ed, Springer-Verlag, 2004.

• M. Bellare and T. Kohno.
  Hash function balance and its impact on birthday attacks.
  Advances in Cryptology - Eurocrypt 2004 Proceedings, Lecture Notes in Computer Science Vol. 3027, C. Cachin and J. Camenisch eds, Springer-Verlag, 2004.

• M. Bellare, C. Namprempre and G. Neven.
  Security Proofs for Identity-Based Identification and Signature Schemes
  Advances in Cryptology - Eurocrypt 2004 Proceedings, Lecture Notes in Computer Science Vol. 3027, C. Cachin and J. Camenisch eds, Springer-Verlag, 2004.

• M. Bellare, A. Boldyreva and A. Palacio.
  An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem.
  Advances in Cryptology - Eurocrypt 2004 Proceedings, Lecture Notes in Computer Science Vol. 3027, C. Cachin and J. Camenisch eds, Springer-Verlag, 2004.

• M. Bellare, P. Rogaway and D. Wagner.
  The EAX Mode of Operation.
  Proceedings of the 11th Workshop on Fast Software Encryption (FSE 2004), Lecture Notes in Computer Science Vol. 3017, R. Bimal and W. Meier eds, Springer-Verlag, 2004.

• M. Bellare, D. Micciancio and B. Warinschi.
  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions.
  Advances in Cryptology - Eurocrypt 2003 Proceedings, Lecture Notes in Computer Science Vol. 2656, E. Biham ed, Springer-Verlag, 2003.

• M. Bellare and T. Kohno.
  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications.
  Advances in Cryptology - Eurocrypt 2003 Proceedings, Lecture Notes in Computer Science Vol. 2656, E. Biham ed, Springer-Verlag, 2003.

• M. Bellare, A. Boldyreva and J. Staddon.
  Multi-Recipient Encryption Schemes: Security Notions and Randomness Re-Use.
  The preliminary version of this paper was entitled Randomness reuse in multi-recipient encryption schemes , and appeared in the proceedings of Public Key Cryptography -- PKC 2003, Lecture Notes in Computer Science Vol. 2567, Y. Desmedt ed, Springer-Verlag, 2003.

• M. Bellare and B. Yee.
  Forward-Security in Private-Key Cryptography.
  Topics in Cryptology - CT-RSA 03, Lecture Notes in Computer Science Vol. 2612, M. Joye ed, Springer-Verlag, 2003.

• M. Bellare, T. Kohno and C. Namprempre.
  Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm.
  ACM Transactions on Information and System Security (TISSEC), Vol. 7, Iss. 2, May 2004, pp. 206--241.
  The preliminary version of this paper was entitled Authenticated Encryption in SSH: Provably Fixing the SSH Binary Packet Protocol, and appeared in the Proceedings of the 9th ACM conference on Computer and Communications Security (CCS), ACM, 2002.

• M. Bellare and G. Neven.
  Transitive Signatures: New Schemes and Proofs.
  IEEE Transactions on Information Theory, Vol. 51, No. 6, June 2005, pp. 2133-2151.
  The preliminary version of this paper was entitled Transitive Signatures based on Factoring and RSA and appeared in Advances in Cryptology - Asiacrypt 2002 Proceedings, Lecture Notes in Computer Science Vol. 2501, Y. Zheng ed, Springer-Verlag, 2002.

• M. Bellare and A. Palacio.
  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks.
  Advances in Cryptology - Crypto 2002 Proceedings, Lecture Notes in Computer Science Vol. 2442, M. Yung ed, Springer-Verlag, 2002.

• M. Abdalla, J. An, M. Bellare and C. Namprempre.
  From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security.
  Advances in Cryptology - Eurocrypt 2002 Proceedings, Lecture Notes in Computer Science Vol. 2332 , L. Knudsen ed, Springer-Verlag, 2002.

• M. Bellare, A. Boldyreva, A. Desai and D. Pointcheval.
  Key-privacy in public-key encryption.
  Advances in Cryptology - Asiacrypt 2001 Proceedings, Lecture Notes in Computer Science Vol. 2248, C. Boyd ed, Springer-Verlag, 2001.

• P. Rogaway, M. Bellare, J. Black and T. Krovetz.
  OCB: A block-cipher mode of operation for efficient authenticated encryption.
  Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS), ACM, 2001.

• M. Bellare, A. Boldyreva, L. Knudsen and C. Namprempre.
  On-Line Ciphers and the Hash-CBC Constructions.
  Advances in Cryptology - Crypto 2001 Proceedings, Lecture Notes in Computer Science Vol. 2139 , J. Kilian ed, Springer-Verlag, 2001.

• M. Bellare and R. Sandhu.
  The security of practical two-party RSA signature schemes.

• J. An and M. Bellare.
  Does encryption with redundancy provide authenticity?
  Advances in Cryptology - Eurocrypt 2001 Proceedings, Lecture Notes in Computer Science Vol. 2045 , B. Pfitzmann ed, Springer-Verlag, 2001.

• M. Bellare, M. Fischlin, S. Goldwasser and S. Micali.
  Identification protocols secure against reset attacks.
  Advances in Cryptology - Eurocrypt 2001 Proceedings, Lecture Notes in Computer Science Vol. 2045, B. Pfitzmann ed, Springer-Verlag, 2001.

• M. Abdalla, M. Bellare and P. Rogaway.
  DHIES: An encryption scheme based on the Diffie-Hellman Problem
  Extended abstract, entitled The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES, was in Topics in Cryptology - CT-RSA 01, Lecture Notes in Computer Science Vol. 2020, D. Naccache ed, Springer-Verlag, 2001.

• M. Bellare, C. Namprempre, D. Pointcheval and M. Semanko.
  The One-More-RSA-Inversion Problems and the security of Chaum's Blind Signature Scheme.
  Journal of Cryptology, Vol. 16, No. 3, 2003, pp. 185-215.
  The preliminary version of this paper was entitled The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme and appeared in Financial Cryptography 01, Lecture Notes in Computer Science Vol. 2339, P. Syverson ed, Springer-Verlag, 2001.

• M. Abdalla and M. Bellare.
  Increasing the lifetime of a key: A comparitive analysis of the security of rekeying techniques.
  Advances in Cryptology - Asiacrypt 2000 Proceedings, Lecture Notes in Computer Science Vol. 1976, T. Okamoto ed, Springer-Verlag, 2000.

• M. Bellare and A. Boldyreva.
  The Security of Chaffing and Winnowing.
  Advances in Cryptology - Asiacrypt 2000 Proceedings, Lecture Notes in Computer Science Vol. 1976, T. Okamoto ed, Springer-Verlag, 2000.

• M. Bellare and C. Namprempre.
  Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm.
  Advances in Cryptology - Asiacrypt 2000 Proceedings, Lecture Notes in Computer Science Vol. 1976, T. Okamoto ed, Springer-Verlag, 2000.

• M. Bellare and P. Rogaway.
  Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography.
  Advances in Cryptology - Asiacrypt 2000 Proceedings, Lecture Notes in Computer Science Vol. 1976, T. Okamoto ed, Springer-Verlag, 2000.

• M. Bellare, D. Pointcheval and P. Rogaway.
  Authenticated Key Exchange Secure Against Dictionary Attacks.
  Advances in Cryptology - Eurocrypt 2000 Proceedings, Lecture Notes in Computer Science Vol. 1807, B. Preneel ed, Springer-Verlag, 2000.

• M. Bellare, A. Boldyreva and S. Micali.
  Public-key Encryption in a Multi-User Setting: Security Proofs and Improvements.
  Advances in Cryptology - Eurocrypt 2000 Proceedings, Lecture Notes in Computer Science Vol. 1807, B. Preneel ed, Springer-Verlag, 2000.

• M. Bellare and A. Sahai.
  Non-Malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization.
  Advances in Cryptology - Crypto 99 Proceedings, Lecture Notes in Computer Science Vol. 1666, M. Wiener ed, Springer-Verlag, 1999.

• M. Bellare and S. Miner.
  A forward-secure digital signature scheme.
  Advances in Cryptology - Crypto 99 Proceedings, Lecture Notes in Computer Science Vol. 1666, M. Wiener ed, Springer-Verlag, 1999.

• M. Bellare, O. Goldreich and H. Krawczyk.
  Stateless evaluation of pseudorandom functions: Security beyond the birthday barrier.
  Advances in Cryptology - Crypto 99 Proceedings, Lecture Notes in Computer Science Vol. 1666, M. Wiener ed, Springer-Verlag, 1999.

• J. An and M. Bellare .
  Constructing VIL-MACs from FIL-MACs: Message authentication under weakened assumptions.
  Advances in Cryptology - Crypto 99 Proceedings, Lecture Notes in Computer Science Vol. 1666, M. Wiener ed, Springer-Verlag, 1999.

• M. Bellare and P. Rogaway.
  On the construction of variable-input-length ciphers.
  Proceedings of the 6th Workshop on Fast Software Encryption, Lecture Notes in Computer Science Vol. 1636, Ed. L. Knudsen, Springer-Verlag, 1999.

• M. Bellare, J. Garay, C. Jutla and M. Yung.
  VarietyCash: A Multi-purpose Electronic Payment System.
  Proceedings of the 3rd Usenix Workshop on Electronic Commerce, Usenix, 1998.

• M. Bellare, S. Halevi, A. Sahai and S. Vadhan.
  Many-to-one trapdoor functions and their relation to public-key cryptosystems
  . Advances in Cryptology- Crypto 98 Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed, Springer-Verlag, 1998.

• M. Bellare, A. Desai, D. Pointcheval and P. Rogaway.
  Relations among notions of security for public-key encryption schemes.
  Advances in Cryptology- Crypto 98 Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed, Springer-Verlag, 1998.

• W. Aiello, M. Bellare, G. Di Crescenzo and R. Venkatesan.
  Security amplification by composition: The case of doubly-iterated, ideal ciphers.
  Advances in Cryptology- Crypto 98 Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed, Springer-Verlag, 1998.

• M. Bellare, R. Canetti, and H. Krawczyk.
  A modular approach to the design and analysis of authentication and key exchange protocols.
  Proceedings of 30th Annual Symposium on the Theory of Computing, ACM, 1998.

• M. Bellare, T. Krovetz and P. Rogaway.
  Luby-Rackoff backwards: Increasing security by making block ciphers non-invertible.
  Advances in Cryptology- Eurocrypt 98 Proceedings, Lecture Notes in Computer Science Vol. 1403, K. Nyberg ed, Springer-Verlag, 1998.

• M. Bellare, J. Garay and T. Rabin.
  Fast batch verification for modular exponentiation and digital signatures.
  Advances in Cryptology- Eurocrypt 98 Proceedings, Lecture Notes in Computer Science Vol. 1403, K. Nyberg ed, Springer-Verlag, 1998.

• M. Bellare, A. Desai, E. Jokipii and P. Rogaway.
  A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation.
  The preliminary version of this paper was entitled A Concrete Security Treatment of Symmetric Encryption and appeared in the Proceedings of 38th Annual Symposium on Foundations of Computer Science, IEEE, 1997.

• M. Bellare, R. Impagliazzo, and M. Naor.
  Does Parallel Repetition Lower the Error in Computationally Sound Protocols?
  Proceedings of 38th Annual Symposium on Foundations of Computer Science, IEEE, 1997.

• M. Bellare and P. Rogaway.
  Collision-Resistant Hashing: Towards Making UOWHFs Practical.
  Advances in Cryptology- Crypto 97 Proceedings, Lecture Notes in Computer Science Vol. 1294, B. Kaliski ed, Springer-Verlag, 1997.

• M. Bellare, S. Goldwasser and D. Micciancio.
  ``Pseudo-Random'' Number Generation within Cryptographic Algorithms: the DSS Case.
  Advances in Cryptology- Crypto 97 Proceedings, Lecture Notes in Computer Science Vol. 1294, B. Kaliski ed, Springer-Verlag, 1997.

• M. Bellare.
  A Note on Negligible Functions.
  Journal of Cryptology Vol. 15, No. 4, 2002, pp. 271--284.
  Earlier version: Technical Report CS97-529, Department of Computer Science and Engineering, UCSD, March 1997.

• M. Bellare and D. Micciancio.
  A New Paradigm for collision-free hashing: Incrementality at reduced cost.
  Advances in Cryptology- Eurocrypt 97 Proceedings, Lecture Notes in Computer Science Vol. 1233, W. Fumy ed, Springer-Verlag, 1997.

• M. Bellare, M. Jakobsson and M. Yung.
  Round-optimal zero-knowledge arguments based on any one-way function.
  Advances in Cryptology- Eurocrypt 97 Proceedings, Lecture Notes in Computer Science Vol. 1233, W. Fumy ed, Springer-Verlag, 1997.

• M. Bellare and S. Goldwasser.
  Encapsulated key escrow.
  Early version was MIT Laboratory for Computer Science Technical Report 688, April 1996.

• M. Bellare and S. Goldwasser.
  Verifiable partial key escrow.
  Proceedings 4th ACM Conference on Computer and Communications Security, April 1997. Earlier version was Technical Report CS95-447, Department of Computer Science and Engineering, UCSD, October 1995.

• M. Bellare, R. Canetti, and H. Krawczyk.
  Pseudorandom functions revisited: The cascade construction and its concrete security.
  Proceedings 37th Annual Symposium on the Foundations of Computer Science, IEEE, 1996.

• M. Bellare, R. Canetti, and H. Krawczyk.
  Keying hash functions for message authentication.
  Advances in Cryptology - Crypto 96 Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed, Springer-Verlag, 1996.

• M. Bellare and P. Rogaway.
  The exact security of digital signatures: How to sign with RSA and Rabin.
  Advances in Cryptology - Eurocrypt 96 Proceedings, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed, Springer-Verlag, 1996.

• M. Bellare and R. Rivest.
  Translucent cryptography -- An alternative to key escrow, and its implementation via fractional oblivious transfer.
  Journal of Cryptology, Vol. 12, No. 2, 1999, pp. 117--140. Early version was MIT Laboratory for Computer Science Technical Memo No. 683, February 1996.

• M. Bellare, R. Guerin and P. Rogaway.
  XOR MACs: New methods for message authentication using finite pseudorandom functions.
  Advances in Cryptology - Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed, Springer-Verlag, 1995.

• M. Bellare, J. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, E. Van Herreveghen and M. Waidner.
  Design, implementation, and deployment of the iKP secure electronic payment system.
  IEEE Journal on Selected Areas in Communications, 2000, Vol. 18, No. 4, pp. 611-627.

• M. Bellare and P. Rogaway.
  Provably secure session key distribution: the three party case.
  Proceedings 27th Annual Symposium on the Theory of Computing, ACM, 1995.

• M. Bellare, O. Goldreich and S. Goldwasser.
  Incremental cryptography with application to virus protection.
  Proceedings 27th Annual Symposium on the Theory of Computing, ACM, 1995.

• M. Bellare, J. Kilian and P. Rogaway.
  The security of the cipher block chaining message authentication code.
  Journal of Computer and System Sciences, Vol. 61, No. 3, Dec 2000, pp. 362--399. Earlier version in Advances in Cryptology - Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed, Springer-Verlag, 1994.

• M. Bellare, O. Goldreich and S. Goldwasser.
  Incremental cryptography: the case of hashing and signing.
  Advances in Cryptology - Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed, Springer-Verlag, 1994.

• E. Basturk, M. Bellare, C. S. Chow, and R. Guerin.
  Secure transport protocols for high-speed networks.
  IBM Research Report 19981, March, 1994.

• M. Bellare and P. Rogaway.
  Optimal asymmetric encryption -- How to encrypt with RSA.
  Advances in Cryptology - Eurocrypt 94 Proceedings, Lecture Notes in Computer Science Vol. 950, A. De Santis ed, Springer-Verlag, 1995.

• M. Bellare and P. Rogaway.
  Random oracles are practical: A paradigm for designing efficient protocols.
  Proceedings First Annual Conference on Computer and Communications Security, ACM, 1993.

• M. Bellare and P. Rogaway.
  Entity Authentication and key distribution
  Advances in Cryptology - Crypto 93 Proceedings, Lecture Notes in Computer Science Vol. 773, D. Stinson ed, Springer-Verlag, 1994.

• M. Bellare and O. Goldreich.
  On defining proofs of knowledge.
  Advances in Cryptology - Crypto 92 Proceedings, Lecture Notes in Computer Science Vol. 740, E. Brickell ed, Springer-Verlag, 1993.

• M. Bellare and O. Goldreich.
  Proving computational ability.
  Manuscript, August 1992.

• M. Bellare and M. Yung.
  Certifying permutations: Non-interactive zero-knowledge based on any trapdoor permutation.
  Journal of Cryptology Vol. 9, No. 1, pp. 149--166, 1996.

• M. Bellare and S. Micali.
  How to sign given any trapdoor permutation.
  Journal of the ACM, Vol. 39, No. 1, January 1992, pp. 214--233.