Stuart Haber

How to time-stamp a digital document

The prospect of a world in which all text, audio, picture, and video documents are in digital form on easily modifiable media raises the issue of how to certify when a document was created or last changed. The problem is to time-stamp the data, not the medium. We propose computationally practical procedures for digital time-stamping of such documents so that it is infeasible for a user either to back-date or to forward-date his document, even with the collusion of a time-stamping service. Our procedures maintain complete privacy of the documents themselves, and require no record-keeping by the time-stamping service.

How to Time-Stamp a Digital Document

The prospect of a world in which all text, audio, picture, and video documents are in digital form on easily modifiable media raises the issue of how to certify when a document was created or last changed. The problem is to time-stamp the data, not the medium. We propose computationally practical procedures for digital time-stamping of such documents so that it is infeasible for a user either to back-date or to forward-date his document, even with the collusion of a time-stamping service. Our procedures maintain complete privacy of the documents themselves, and require no record-keeping by the time-stamping service.

A private interactive test of a boolean predicate a minimum-knowledge public-key cryptosystems

These properties enable us to define a minimum-knowledge cryptosystem, in which each user receives exactly the knowledge he is supposed to receive and nothing more. In particular, the system is provably secure against both chosen-message and chosen-ciphertext attack. ~1oreover, extending the Diffie-Hellman mo<tel, it allows a user to encode messages to other users with his own public key. This enables a symmetrIc use of public-key encryption.

Joint encryption and message-efficient secure computation

This paper addresses the message complexity of secure computation in the (passive adversary) privacy setting. We show that O(nC) encrypted bits of communication suffice for n parties to evaluate any boolean circuit of size C privately, under a specific cryptographic assumption. This work establishes a connection between secure distributed computation and group-oriented cryptography, i.e., cryptographic methods in which subsets of individuals can act jointly as single agents. Our secure computation protocol relies on a new group-oriented probablistic public-key encryption scheme with useful algebraic properties.

Symmetric Public-Key Encryption

Public-key encryption would seem to be inherently assymmetrie, in that only messages sent to a user can be encrypted using his public key. We demonstrate that the use of interactive protocols for sending encrypted messages enables a symmetric use of public keys; we give cryptographic protocols for the following tasks: 1. Probabilistic encryption, using the same public key, both of messages that are sent to a particular user as well as of messages that the user sends to others, without compromising the key. We propose a public-key cryptosystem based on these protocols which has only one key, owned by a cryptographic server. 2. Authentication both of the sender and of the receiver of a probabilistically encrypted message. 3. Probabilistic encryption which is provably secure against both chosen-message and chosen-ciphertext attack.

Cryptographic Computation: Secure Fault-Tolerant Protocols and the Public-Key Model (Extended Abstract)

We give a general procedure for designing correct, secure, and fault-tolerant cryptographic protocols for many parties, thus enlarging the domain of tasks that can be performed efficiently by cryptographic means. We model the most general sort of feasible adversarial behavior, and describe fault-recovery procedures that can tolerate it. Our constructions minimize the use of cryptographic resources. By applying the complexity-theoretic approach to knowledge, we are able to measure and control the computational knowledge released to the various users, as well as its temporal availability.

A Secure Public-Key Authentication Scheme

We propose interactive probabilistic public-key encryption schemes so that: (1) the sender and the receiver of a message, as well as the message itself, can be authenticated; (2) the scheme is secure against any feasible attack by a participant, including chosen-ciphertext attack.