多人数署名の証明可能安全性に関する研究

筑波大学 (University of Tsukuba)201

A Genuine Random Sequential Multi-signature Scheme

The usual sequential multi-signature scheme allows the multi-signers to sign the document with their own information and sequence, and the signature is not real random and secure. The paper analyzes the reasons for the insecurity of the previous multi-signature scheme, and puts forward a Genuine Random Sequential Multi-signature Scheme based on The Waters signature scheme, and the experiment proves that this scheme is a good scheme suitable for the practical application with high computing efficiency

A Genuine Random Sequential Multi-signature Scheme

The usual sequential multi-signature scheme allows the multi-signers to sign the document with their own information and sequence, and the signature is not real random and secure. The paper analyzes the reasons for the insecurity of the previous multi-signature scheme, and puts forward a Genuine Random Sequential Multi-signature Scheme based on The Waters signature scheme, and the experiment proves that this scheme is a good scheme suitable for the practical application with high computing efficiency

EFFICIENT AND SCALABLE NETWORK SECURITY PROTOCOLS BASED ON LFSR SEQUENCES

The gap between abstract, mathematics-oriented research in cryptography and the engineering approach of designing practical, network security protocols is widening. Network researchers experiment with well-known cryptographic protocols suitable for different network models. On the other hand, researchers inclined toward theory often design cryptographic schemes without considering the practical network constraints. The goal of this dissertation is to address problems in these two challenging areas: building bridges between practical network security protocols and theoretical cryptography. This dissertation presents techniques for building performance sensitive security protocols, using primitives from linear feedback register sequences (LFSR) sequences, for a variety of challenging networking applications. The significant contributions of this thesis are: 1. A common problem faced by large-scale multicast applications, like real-time news feeds, is collecting authenticated feedback from the intended recipients. We design an efficient, scalable, and fault-tolerant technique for combining multiple signed acknowledgments into a single compact one and observe that most signatures (based on the discrete logarithm problem) used in previous protocols do not result in a scalable solution to the problem. 2. We propose a technique to authenticate on-demand source routing protocols in resource-constrained wireless mobile ad-hoc networks. We develop a single-round multisignature that requires no prior cooperation among nodes to construct the multisignature and supports authentication of cached routes. 3. We propose an efficient and scalable aggregate signature, tailored for applications like building efficient certificate chains, authenticating distributed and adaptive content management systems and securing path-vector routing protocols. 4. We observe that blind signatures could form critical building blocks of privacypreserving accountability systems, where an authority needs to vouch for the legitimacy of a message but the ownership of the message should be kept secret from the authority. We propose an efficient blind signature that can serve as a protocol building block for performance sensitive, accountability systems. All special forms digital signatures—aggregate, multi-, and blind signatures—proposed in this dissertation are the first to be constructed using LFSR sequences. Our detailed cost analysis shows that for a desired level of security, the proposed signatures outperformed existing protocols in computation cost, number of communication rounds and storage overhead

Compact Multi-Signatures for Smaller Blockchains

We construct new multi-signature schemes that provide new functionality. Our schemes are designed to reduce the size of the Bitcoin blockchain, but are useful in many other settings where multi-signatures are needed. All our constructions support both signature compression and public-key aggregation. Hence, to verify that a number of parties signed a common message m, the verifier only needs a short multi-signature, a short aggregation of their public keys, and the message m. We give new constructions that are derived from Schnorr signatures and from BLS signatures. Our constructions are in the plain public key model, meaning that users do not need to prove knowledge or possession of their secret key. In addition, we construct the first short accountable-subgroup multi-signature (ASM) scheme. An ASM scheme enables any subset S of a set of n parties to sign a message m so that a valid signature discloses which subset generated the signature (hence the subset S is accountable for signing m). We construct the first ASM scheme where signature size is only O(k) bits over the description of S, where k is the security parameter. Similarly, the aggregate public key is only O(k) bits, independent of n. The signing process is non-interactive. Our ASM scheme is very practical and well suited for compressing the data needed to spend funds from a t-of-n Multisig Bitcoin address, for any (polynomial size) t and n

CaSCaDE: (Time-Based) Cryptography from Space Communications DElay

Time-based cryptographic primitives such as Time-Lock Puzzles (TLPs) and Verifiable Delay Functions (VDFs) have recently found many applications to the efficient design of secure protocols such as randomness beacons or multiparty computation with partial fairness. However, current TLP and VDF candidate constructions rely on the average hardness of sequential computational problems. Unfortunately, obtaining concrete parameters for these is notoriously hard, as there cannot be a large gap between the honest parties’ and the adversary’s runtime when solving the same problem. Moreover, even a constant improvement in algorithms for solving these problems can render parameter choices, and thus deployed systems, insecure - unless very conservative and therefore highly inefficient parameters are chosen. In this work, we investigate how to construct time-based cryptographic primitives from communication delay, which has a known lower bound given the physical distance between devices: the speed of light. In order to obtain high delays, we explore the sequential communication delay that arises when sending a message through a constellation of satellites. This has the advantage that distances between protocol participants are guaranteed as positions of satellites are observable, so delay lower bounds can be easily computed. At the same time, building cryptographic primitives for this setting is challenging due to the constrained resources of satellites and possible corruptions of parties within the constellation. We address these challenges by constructing efficient proofs of sequential communication delay to convince a verifier that a message has accrued delay by traversing a path among satellites. As part of this construction, we propose the first ordered multisignature scheme with security under a version of the the discrete logarithm assumption, which enjoys constant-size signatures and, modulo preprocessing, computational complexity independent of the number of signers. Building on our proofs of sequential communication delay, we show new constructions of Publicly Verifiable TLPs and VDFs whose delay guarantees are rooted on physical communication delay lower bounds. Our protocols as well as the ordered multisignature are analysed in the Universal Composability framework using novel models for sequential communication delays and (ordered) multisignatures. A direct application of our results is a randomness beacon that only accesses expensive communication resources in case of cheating

Privacy Enhancing Protocols using Pairing Based Cryptography

This thesis presents privacy enhanced cryptographic constructions, consisting of formal definitions, algorithms and motivating applications. The contributions are a step towards the development of cryptosystems which, from the design phase, incorporate privacy as a primary goal. Privacy offers a form of protection over personal and other sensitive data to individuals, and has been the subject of much study in recent years. Our constructions are based on a special type of algebraic group called bilinear groups. We present existing cryptographic constructions which use bilinear pairings, namely Identity-Based Encryption (IBE). We define a desirable property of digital signatures, blindness, and present new IBE constructions which incorporate this property. Blindness is a desirable feature from a privacy perspective as it allows an individual to obscure elements such as personal details in the data it presents to a third party. In IBE, blinding focuses on obscuring elements of the identity string which an individual presents to the key generation centre. This protects an individual's privacy in a direct manner by allowing her to blind sensitive elements of the identity string and also prevents a key generation centre from subsequently producing decryption keys using her full identity string. Using blinding techniques, the key generation centre does not learn the full identity string. In this thesis, we study selected provably-secure cryptographic constructions. Our contribution is to reconsider the design of such constructions with a view to incorporating privacy. We present the new, privacy-enhanced cryptographic protocols using these constructions as primitives. We refine useful existing security notions and present feasible security definitions and proofs for these constructions

A CDH-based ordered multisignature scheme provably secure without random oracles

Ordered multisignature scheme is a signature scheme to guarantee both validity of an electronic document and its signing order. Although the security of most of such schemes has been proven in the random oracle model, the difficulty of implementation of the random oracle implies that the security should be proven without random oracles, i.e., in the standard model. A straightforward way to construct such schemes in the standard model is to apply aggregate signature schemes. However, the existing schemes based on the CDH problem are inefficient in the sense that the number of computations of the bilinear maps and the length of public keys depend upon the length of (a hash value of) the message. Therefore, in this paper, we propose a CDH-based ordered multisignature scheme which is provably secure in the standard model under a moderate attack model. Its computational cost for the bilinear maps and the size of public key are independent of the length of (a hash value of) the message. More specifically, in comparison with the existing schemes, the public key length is reduced to three group elements from 512 group elements while the computational cost is reduced to 0.85 msec from 1.6 msec. © 2014 Information Processing Society of Japan

Themelio: a new blockchain paradigm

Public blockchains hold great promise in building protocols that uphold security properties like transparency and consistency based on internal, incentivized cryptoeconomic mechanisms rather than preexisting trust in participants. Yet user-facing blockchain applications beyond "internal" immediate derivatives of blockchain incentive models, like cryptocurrency and decentralized finance, have not achieved widespread development or adoption. We propose that this is not primarily due to "engineering" problems in aspects such as scaling, but due to an overall lack of transferable endogenous trust—the twofold ability to uphold strong, internally-generated security guarantees and to translate them into application-level security. Yet we argue that blockchains, due to their foundation on game-theoretic incentive models rather than trusted authorities, are uniquely suited for building transferable endogenous trust, despite their current deficiencies. We then engage in a survey of existing public blockchains and the difficulties and crises that they have faced, noting that in almost every case, problems such as governance disputes and ecosystem inflexibility stem from a lack of transferable endogenous trust. Next, we introduce Themelio, a decentralized, public blockchain designed to support a new blockchain paradigm focused on transferable endogenous trust. Here, the blockchain is used as a low-level, stable, and simple root of trust, capable of sharing this trust with applications through scalable light clients. This contrasts with current blockchains, which are either applications or application execution platforms. We present evidence that this new paradigm is crucial to achieving flexible deployment of blockchain-based trust. We then describe the Themelio blockchain in detail, focusing on three areas key to its overall theme of transferable, strong endogenous trust: a traditional yet enhanced UTXO model with features that allow powerful programmability and light-client composability, a novel proof-of-stake system with unique cryptoeconomic guarantees against collusion, and Themelio's unique cryptocurrency "mel", which achieves stablecoin-like low volatility without sacrificing decentralization and security. Finally, we explore the wide variety of novel, partly off-chain applications enabled by Themelio's decoupled blockchain paradigm. This includes Astrape, a privacy-protecting off-chain micropayment network, Bitforest, a blockchain-based PKI that combines blockchain-backed security guarantees with the performance and administration benefits of traditional systems, as well as sketches of further applications