Abstract: We define a p-party ping-pong protocol and its security problem, along the lines of Dolev and Yao's definition for twoparty ping-pong protocol. In the case of two parties, it was assumed, with no loss of generality, that there exists a single saboteur in the net and the protocol was defined to be secure iff it was secure against the active interventions of one saboteur. We show that for more than 2 parties this assumption can no longer be made and that for p parties 3(p-2) + 1 is a lower bound on the number of saboteurs which should be considered for the security problem. On the other hand we establish a 3(p-2) + 2 upper bound on the number of saboteurs which should be considered. We conclude that for a fixed p, p-party ping-pong protocols can be tested for security in 0(n3) time and 0(n2) space, when n is the length of the protocol. We show that if p, the number of participants in the protocol, is part of the input then the security problem becomes NP-Hard. Relaxing the definition of a ping-pong protocol so that operators can operate on half words (thus introducing commutativity of the operators) causes the security problem to become undecidable.

Abstract: We present a cryptographic protocol allowing two mutually distrusting parties, A and B, each having a secret bit, to "simultaneously" exchange the values of those bits. It is assumed that initially each party presents a correct encryption of his secret bit to the other party. We develop a new tool to implement our protocol: a slightly biased symmetric coin. The key property of this coin is that from each flip A receives a piece of probabilistic information about B's secret bit which is symmetric to the piece of information B receives about A's secret bit.

Abstract: The distribution of cryptographic keys in a computer network is discussed. The need for current authentication of communicants to prevent playback attacks is demonstrated, and an earlier protocol is found to be subject to such attacks. A protocol which employs a simple means of obtaining current authentication of communicants and does not require communicants to maintain an absolute sense of time is presented. The protocol is expanded to accommodate key distribution between multiple security communities, where each community is administered by a different authentication server. Another form of the protocol which is appropriate for datagram applications is developed. CR

Abstract: The design of cryptographic protocols using trapdoor and one-way functions has received considerable attention in the past few years [1–8]. More recently, attention has been paid to provide rigorous correctness proofs based on simple mathematical assumptions, for example, in coin flipping (Blum [1]), mental poker (Goldwasser and Micali [4]). It is perhaps reasonable to speculate at this time that all cryptographic protocols can eventually be designed to be provably secure under simple assumptions, such as factoring large numbers or inverting RSA functions are computationally intractable in the appropriate sense.

Abstract: Security of protocols for network communication has received considerable attention in recent years. We concentrate on ensuring the security of cryptographic protocols in distributed systems.

Abstract: A scheme based on cryptography is proposed for enforcing multilevel security in a system where hierarchy is represented by a partially ordered set (or poset) Straightforward implementation of the scheme requires users highly placed in the hierarchy to store a large number of cryptographic keys A time-versus-storage trade-off is then described for addressing this key management problem

Abstract: We define the class of trapdoor pseudo-random number generators, and introduce a new technique for using these in cryptography. As an application for this technique, we present a provably secure protocol for One-Bit Disclosures i.e. for giving a one-bit message in exchange for receipt.