The Security of the FDH Variant of Chaum’s Undeniable Signature Scheme

In this paper, a new kind of adversarial goal called forge-and-impersonate in undeniable signature schemes is introduced. Note that forgeability does not necessarily imply impersonation ability. The security of the full-domain hash (FDH) variant of Chaum's undeniable signature scheme is then classified according to three dimensions, the goal of adversaries, the attacks, and the zero-knowledg (ZK) level of confirmation and disavowal protocols. Each security is then related to some well-known computational problem. In particular, the security of the FDH variant of Chaum's scheme with noninteractive zero-knowledge (NIZK) protocol confirmation and disavowal protocols is proven to be equivalent to the computational Diffie-Hellman (CDH) problem, as opposed to the gap Diffie-Hellman (GDH) problem as claimed by Okamoto and Pointcheval

Mental Card Gaming Protocols Supportive Of Gameplay Versatility, Robustness And Efficiency

Pennainan kad mental merupakan protokol kriptografi yang membolehkan pennainan yang ~ disahkan adil di kalangan parti-parti jauh yang penyangsi dan berpotensi menipu. Pennainan kad ini setidak-tidaknya patut menyokong-tanpa memperkenal~an parti ketiga yang dipercayai (TTP)--rahsia kad, pengesanan penipuan dan keselamatan bersyarat ke atas pakatan pemain. Tambahan kepada keperJuan asas ini, kami meninjau isu-isu pennainan kad mental yang berkaitan dengan fungsian permainan, keteguhan operasional dan kecekapan implementasi. Pengkajian kami diberangsang oleh potensi pennainan berasaskan komputer dan rangkaian yang melewati batas kemampuan kad fizikal, terutamanya pembongkaran maklumat terperinci kad (seperti warna, darjat, simbol atau kebangsawanan) sambil merahsiakan nilai keseluruhan kad tersebut. ~. Mental card games are cryptographic protocols which permit verifiably fair gameplay among a l< ~. priori distrustful and potentially untrustworthy remote parties and should minimally providewithout the introduction of a trusted third party (TTP)---for card confidentiality, fraud detection and conditional security against collusion. In addition to these basic requirements, we explore into gameplay functionality, operational robustness and implementation efficiency issues of mental card gaming. Our research is incited by the potential of computer-based and networkmediated gameplay beyond the capability of physical cards, particularly fine-grained information disclosure (such as colour, rank, symbol or courtliness) with preservation of card secrecy. On the other hand, being network connected renders the protocol susceptible to (accidental or intentional) disconnection attack, as well as other malicious behaviours

Design and Analysis of Opaque Signatures

Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents

Provably Secure Convertible Undeniable Signatures with Unambiguity

This paper shows some efficient and provably-secure convertible undeniable signature schemes (with both selective conversion and all conversion), in the standard model and discrete logarithm setting. They further satisfy unambiguity, which is traditionally required for anonymous signatures. Briefly, unambiguity means that it is hard to generate a (message, signature) pair which is valid for two {\em different} public-keys. In other words, our schemes can be viewed as anonymous signature schemes as well as convertible undeniable signature schemes. Besides other applications, we show that such schemes are very suitable for anonymous auction

Witness Hiding Proofs and Applications

Witness hiding is a basic requirement for most cryptology protocols. The concept was proposed by Feige and Shamir several years ago. This thesis concentrates on witness hiding protocols and its applications.The possibility to divert a witness hiding protocol parallelly had been an open problem for some time. The parallel divertibility is not only of theoretical significance but also a crucial point for the security of some applications, for example, electronic cash, digital signatures, etc. It is proved, in this thesis, that with limited computational power, it is impossible to divert a witness hiding protocol parallelly to two independent verifiers with large probability.The thesis explores the applications of witness hiding protocols in anonymous credentials, election schemes, and group signatures. In an anonymous credential system, one user may have many pseudonyms. The credentials issued on one of a user's pseudonyms can be transferred to other pseudonyms by the user without revealing the links between pseudonyms. Election, as a practical model, is formally defined. Two election schemes are proposed and discussed. Especially the voting scheme is parallelized with electronic cash system so that some new tool can be introduced. Group signature is a kind of digital signature for a group of people such that only members of the group can sign messages on behalf of the group and without revealing which member has signed. But the signer can be identified by either an authority or a certain number of group members who hold some kind of auxiliary information. The new group signature schemes, based on witness hiding proofs, have several advantages, compared with the original scheme proposed by Chaum and Heijst. The most important improvement is that the signers can be identified by a majority of group members, which had been a open problem in the literature. In this thesis, some theoretical results about bounds of secret keys and auxiliary information have been proved

Models and algorithms for the empty container repositioning and its integration with routing problems

The introduction of containers has fostered intermodal freight transportation. A definition of intermodality was provided by the European Commission as “a characteristic of a transport system whereby at least two different modes are used in an integrated manner in order to complete a door-to-door transport sequence”. The intermodal container transportation leads to several benefits, such as higher productivity during handling phases and advantages in terms of security, losses and damages. However, the distribution of containers comes with a drawback: due to directional imbalances in freight flows, some areas tend to accumulate unnecessary empty containers, while others face container shortages. Several planning models were developed for carriers in order to manage both loaded and empty containers profitably. However, they were built to operate under normal circumstances, neglecting the fact that networks are increasingly affected by both uncertainty and vulnerability, which may result in disruptions. The thesis aims to survey whether the impact of uncertainty can be mitigated by a stochastic programming approach, in which disruptions and normal operations are both foreseen as possible futures or scenarios. This approach is carried out by a multi-scenario optimization model in which scenarios are linked by non-anticipativity conditions. The empty container repositioning becomes even more challenging and difficult when integrated with routing problems. In fact, carriers often face problems in which they must determine simultaneously how many empty containers are carried by a fleet of vehicles and which routes must be followed by these vehicles. These problems typically arise in inland networks, in which one must plan the distribution by trucks of loaded and empty containers to customers. The thesis addresses this type of vehicle routing problems, which are motivated by a real case study occurred during the collaboration with a carrier that operates in the Mediterranean Sea in door-to-door modality. The carrier manages a fleet of trucks based at the port. Trucks and containers are used to service two types of transportation requests, the delivery of container loads from the port to import customers, and the shipment of container loads from export customers to the port. The thesis addresses two problems which differ in the composition of the fleet of trucks. The first problem involves a heterogeneous fleet of trucks that can carry one or two containers. We present a Vehicle Routing Problem with backhauls, load splits into multiple visits, and the impossibility to separate trucks and containers during customer service. Then, we formalize the problem by an Integer Linear Programming formulation and propose an efficient meta-heuristic algorithm able to solve it. The meta-heuristic determines the initial solution by a variant of the Clarkeand-Wright algorithm, and improves it by several local search phases, in which both node movements and truck swaps are implemented. The second problem involves a homogeneous fleet of trucks that can carry more than a container. As a consequence, the identification of routes can be more difficult. We present and formalize the associated Vehicle Routing Problem by an Integer Linear Programming formulation. Then we propose an efficient adaptive guidance meta-heuristic algorithm able to solve it. The meta-heuristic determines an initial feasible solution by a Tabu Search step, and next improves this solution by appropriate adaptive guidance mechanisms

Models and algorithms for the empty container repositioning and its integration with routing problems

The introduction of containers has fostered intermodal freight transportation. A definition of intermodality was provided by the European Commission as “a characteristic of a transport system whereby at least two different modes are used in an integrated manner in order to complete a door-to-door transport sequence”. The intermodal container transportation leads to several benefits, such as higher productivity during handling phases and advantages in terms of security, losses and damages. However, the distribution of containers comes with a drawback: due to directional imbalances in freight flows, some areas tend to accumulate unnecessary empty containers, while others face container shortages. Several planning models were developed for carriers in order to manage both loaded and empty containers profitably. However, they were built to operate under normal circumstances, neglecting the fact that networks are increasingly affected by both uncertainty and vulnerability, which may result in disruptions. The thesis aims to survey whether the impact of uncertainty can be mitigated by a stochastic programming approach, in which disruptions and normal operations are both foreseen as possible futures or scenarios. This approach is carried out by a multi-scenario optimization model in which scenarios are linked by non-anticipativity conditions. The empty container repositioning becomes even more challenging and difficult when integrated with routing problems. In fact, carriers often face problems in which they must determine simultaneously how many empty containers are carried by a fleet of vehicles and which routes must be followed by these vehicles. These problems typically arise in inland networks, in which one must plan the distribution by trucks of loaded and empty containers to customers. The thesis addresses this type of vehicle routing problems, which are motivated by a real case study occurred during the collaboration with a carrier that operates in the Mediterranean Sea in door-to-door modality. The carrier manages a fleet of trucks based at the port. Trucks and containers are used to service two types of transportation requests, the delivery of container loads from the port to import customers, and the shipment of container loads from export customers to the port. The thesis addresses two problems which differ in the composition of the fleet of trucks. The first problem involves a heterogeneous fleet of trucks that can carry one or two containers. We present a Vehicle Routing Problem with backhauls, load splits into multiple visits, and the impossibility to separate trucks and containers during customer service. Then, we formalize the problem by an Integer Linear Programming formulation and propose an efficient meta-heuristic algorithm able to solve it. The meta-heuristic determines the initial solution by a variant of the Clarkeand-Wright algorithm, and improves it by several local search phases, in which both node movements and truck swaps are implemented. The second problem involves a homogeneous fleet of trucks that can carry more than a container. As a consequence, the identification of routes can be more difficult. We present and formalize the associated Vehicle Routing Problem by an Integer Linear Programming formulation. Then we propose an efficient adaptive guidance meta-heuristic algorithm able to solve it. The meta-heuristic determines an initial feasible solution by a Tabu Search step, and next improves this solution by appropriate adaptive guidance mechanisms

Coding and Signal Processing for Secure Wireless Communication

Wireless communication networks are widely deployed today and the networks are used in many applications which require that the data transmitted be secure. Due to the open nature of wireless systems, it is important to have a fundamental understanding of coding schemes that allow for simultaneously secure and reliable transmission. The information theoretic approach is able to give us this fundamental insight into the nature of the coding schemes required for security. The security issue is approached by focusing on the confidentiality of message transmission and reception at the physical layer. The goal is to design coding and signal processing schemes that provide security, in the information theoretic sense. In so doing, we are able to prove the simultaneously secure and reliable transmission rates for different network building blocks. The multi-receiver broadcast channel is an important network building block, where the rate region for the channel without security constraints is still unknown. In the thesis this channel is investigated with security constraints, and the secure and reliable rates are derived for the proposed coding scheme using a random coding argument. Cooperative relaying is next applied to the wiretap channel, the fundamental physical layer model for the communication security problem, and signal processing techniques are used to show that the secure rate can be improved in situations where the secure rate was small due to the eavesdropper enjoying a more favorable channel condition compared to the legitimate receiver. Finally, structured lattice codes are used in the wiretap channel instead of unstructured random codes, used in the vast majority of the work so far. We show that lattice coding and decoding can achieve the secrecy rate of the Gaussian wiretap channel; this is an important step towards realizing practical, explicit codes for the wiretap channel

Efficient threshold cryptosystems

Thesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001.Includes bibliographical references (p. 181-189).A threshold signature or decryption scheme is a distributed implementation of a cryptosystem, in which the secret key is secret-shared among a group of servers. These servers can then sign or decrypt messages by following a distributed protocol. The goal of a threshold scheme is to protect the secret key in a highly fault-tolerant way. Namely, the key remains secret, and correct signatures or decryptions are always computed, even if the adversary corrupts less than a fixed threshold of the participating servers. We show that threshold schemes can be constructed by putting together several simple distributed protocols that implement arithmetic operations, like multiplication or exponentiation, in a threshold setting. We exemplify this approach with two discrete-log based threshold schemes, a threshold DSS signature scheme and a threshold Cramer-Shoup cryptosystem. Our methodology leads to threshold schemes which are more efficient than those implied by general secure multi-party computation protocols. Our schemes take a constant number of communication rounds, and the computation cost per server grows by a factor linear in the number of the participating servers compared to the cost of the underlying secret-key operation. We consider three adversarial models of increasing strength. We first present distributed protocols for constructing threshold cryptosystems secure in the static adversarial model, where the players are corrupted before the protocol starts. Then, under the assumption that the servers can reliably erase their local data, we show how to modify these protocols to extend the security of threshold schemes to an adaptive adversarial model,(cont.) where the adversary is allowed to choose which servers to corrupt during the protocol execution. Finally we show how to remove the reliable erasure assumption. All our schemes withstand optimal thresholds of a minority of malicious faults in a realistic partially-synchronous insecure-channels communication model with broadcast. Our work introduces several techniques that can be of interest to other research on secure multi-party protocols, e.g. the inconsistent player simulation technique which we use to construct efficient schemes secure in the adaptive model, and the novel primitive of a simultaneously secure encryption which provides an efficient implementation of private channels in an adaptive and erasure-free model for a wide class of multi-party protocols. We include extensions of the above results to: (1) RSA-based threshold cryptosystems; and (2) stronger adversarial models than a threshold adversary, namely to proactive and creeping adversaries, who, under certain assumptions regarding the speed and detectability of corruptions, are allowed to compromise all or almost all of the participating servers.by StanisÅaw Jarecki.Ph.D

Thermal analyzer computer program for the solution of general heat transfer problems

Computer program for thermal analyses of complex transient heat transfer problem