We present the first fully secure Identity-Based Encryption scheme (IBE) from the standard
assumptions where the security loss depends only on the security parameter and is …

Tight security is increasingly gaining importance in real-world cryptography, as it allows to
choose cryptographic parameters in a way that is supported by a security proof, without the …

We provide a formal treatment of security of digital signatures against subversion attacks
(SAs). Our model of subversion generalizes previous work in several directions, and is …

The existence of tight reductions in cryptographic security proofs is an important question,
motivated by the theoretical search for cryptosystems whose security guarantees are truly …

In this work, we explore building constructions with full domain hash structure, but with
standard model proofs that do not employ the random oracle heuristic. The launching point …

We present simpler and improved constructions of unbounded attribute-based encryption
(ABE) schemes with constant-size public parameters under static assumptions in bilinear …

In this paper we give nearly-tight reductions for modern implicitly authenticated Diffie-
Hellman protocols in the style of the Signal and Noise protocols, which are extremely simple …

We construct the first tightly secure signature schemes in the multi-user setting with adaptive
corruptions from lattices. In stark contrast to the previous tight constructions whose security is …

Equivalence class signatures (EQS), introduced by Hanser and Slamanig (AC'14, J.
Crypto'19), sign vectors of elements from a bilinear group. Their main feature is “adaptivity” …

We provide new results showing that ElGamal encryption cannot be proven CCA1-secure–a
long-standing open problem in cryptography. Our result follows from a very broad, meta …