192 research outputs found
On Security Notions for Verifiable Encrypted Signature
First we revisit three - BGLS, MBGLS and GZZ verifiably encrypted
signature schemes[2,3,6].We find that they are all
not strong unforgeable.We remark that the notion of existential
unforgeable is not sufficient for fair exchange protocols in most
circumstances.So we propose three new - NBGLS, MBGLS and NGZZ
verifiably encrypted signature schemes which are strong unforgeable.
Also we reconsider other two - ZSS and CA verifiably encrypted
signature schemes[4,8], we find that they both cannot
resist replacing public key attack. So we strongly suggest that
strong unforgeable for verifiably encrypted signature maybe a better
notion than existential unforgeable and checking adjudicator knowing
its private key is a necessary step for secure verifiably encrypted
signature scheme
Introducing Accountability to Anonymity Networks
Many anonymous communication (AC) networks rely on routing traffic through
proxy nodes to obfuscate the originator of the traffic. Without an
accountability mechanism, exit proxy nodes risk sanctions by law enforcement if
users commit illegal actions through the AC network. We present BackRef, a
generic mechanism for AC networks that provides practical repudiation for the
proxy nodes by tracing back the selected outbound traffic to the predecessor
node (but not in the forward direction) through a cryptographically verifiable
chain. It also provides an option for full (or partial) traceability back to
the entry node or even to the corresponding user when all intermediate nodes
are cooperating. Moreover, to maintain a good balance between anonymity and
accountability, the protocol incorporates whitelist directories at exit proxy
nodes. BackRef offers improved deployability over the related work, and
introduces a novel concept of pseudonymous signatures that may be of
independent interest.
We exemplify the utility of BackRef by integrating it into the onion routing
(OR) protocol, and examine its deployability by considering several
system-level aspects. We also present the security definitions for the BackRef
system (namely, anonymity, backward traceability, no forward traceability, and
no false accusation) and conduct a formal security analysis of the OR protocol
with BackRef using ProVerif, an automated cryptographic protocol verifier,
establishing the aforementioned security properties against a strong
adversarial model
Verifiably Encrypted Signatures with Short Keys based on the Decisional Linear Problem and Obfuscation for Encrypted VES
Verifiably encrypted signatures (VES) are signatures encrypted by a public key of a trusted third party and we can verify their validity without decryption. This paper proposes a new VES scheme which is secure under the decisional linear (DLIN) assumption in the standard model. We also propose new obfuscators for encrypted signatures (ES) and encrypted VES (EVES) which are secure under the DLIN assumption.
All previous efficient VES schemes in the standard model are either secure under standard assumptions (such as the computational Diffie-Hellman assumption) with large verification (or secret) keys or secure under \emph{(non-standard) dynamic -type assumptions} (such as the -strong Diffie-Hellman extraction assumption) with short verification keys. Our construction is the first efficient VES scheme with short verification (and secret) keys secure under \emph{a standard assumption (DLIN)}.
As by-products of our VES scheme, we construct new obfuscators for ES/EVES based on our new VES scheme. They are more efficient than previous obfuscators with respect to the public key size. Previous obfuscators for EVES are secure under non-standard assumption and use zero-knowledge (ZK) proof systems and Fiat-Shamir heuristics to obtain non-interactive ZK, i.e., its security is considered in the random oracle model. Thus, our construction also has an advantage with respect to assumptions and security models. Our new obfuscator for ES is obtained from our new obfuscator for EVES
On Structure-Preserving Cryptography and Lattices
The Groth-Sahai proof system is a highly efficient pairing-based proof system for a specific class of group-based languages. Cryptographic primitives that are compatible with these languages (such that we can express, e.g., that a ciphertext contains a valid signature for a given message) are called structure-preserving . The combination of structure-preserving primitives with Groth-Sahai proofs allows to prove complex statements that involve encryptions and signatures, and has proved useful in a variety of applications. However, so far, the concept of structure-preserving cryptography has been confined to the pairing setting.
In this work, we propose the first framework for structure-preserving cryptography in the lattice setting. Concretely, we
- define structure-preserving sets as an abstraction of (typically noisy) lattice-based languages,
- formalize a notion of generalized structure-preserving encryption and signature schemes capturing a number of existing lattice-based encryption and signature schemes),
- construct a compatible zero-knowledge argument system that allows to argue about lattice-based structure-preserving primitives,
- offer a lattice-based construction of verifiably encrypted signatures in our framework. Along the way, we also discover a new and efficient strongly secure lattice-based signature scheme. This scheme combines Rückert\u27s lattice-based signature scheme with the lattice delegation strategy of Agrawal et al., which yields more compact and efficient signatures.
We hope that our framework provides a first step towards a modular and versatile treatment of cryptographic primitives in the lattice setting
AuxChannel: Enabling Efficient Bi-Directional Channel for Scriptless Blockchains
Payment channels have been a promising solution to blockchain scalability. While payment channels for script-empowered blockchains (such as Bitcoin and Ethereum) have been well studied, developing payment channels for scriptless blockchains (such as Monero) is considered challenging. In particular, enabling bidirectional payment on scriptless blockchains remains an open challenge.
This work closes this gap by providing AuxChannel, the first bi-directional payment channel protocol for scriptless blockchains, meaning that building payment channels only requires the support of verifiably encrypted signature (aka adaptor signature) on the underlying blockchain. AuxChannel leverages verifiably encrypted signature to create a commitment for each off-chain payment and deploys a verifiable decentralised key escrow service to resolve dispute. To enable efficient construction of AuxChannel, we introduce a new cryptographic primitive, named Consecutive Verifiably Encrypted Signature (CVES), as a core building block and it can also be of independent interest for other applications. We provide and implement a provably secure instantiation on Schnorr-based CVES. We also provide a formal security analysis on the security of the proposed AuxChannel
Commuting Signatures and Verifiable Encryption and an Application to Non-Interactively Delegatable Credentials
Verifiable encryption allows to encrypt a signature and prove that the plaintext is valid. We introduce a new primitive called commuting signature that extends verifiable encryption in multiple ways: a signer can encrypt both signature and message and prove validity; more importantly, given a ciphertext, a signer can create a verifiably encrypted signature on the encrypted message; thus signing and encrypting commute. We instantiate commuting signatures using the proof system by Groth and Sahai (EUROCRYPT \u2708) and the automorphic signatures by Fuchsbauer (ePrint report 2009/320). As an application, we give an instantiation of delegatable anonymous credentials, a powerful primitive introduced by Belenkiy et al. (CRYPTO \u2709). Our instantiation is arguably simpler than theirs and it is the first to provide non-interactive issuing and delegation, which is a standard requirement for non-anonymous credentials. Moreover, the size of our credentials and the cost of verification are less than half of those of the only previous construction, and efficiency of issuing and delegation is increased even more significantly. All our constructions are proved secure in the standard model
Towards secure end-to-end data aggregation in AMI through delayed-integrity-verification
The integrity and authenticity of the energy usage data in Advanced Metering Infrastructure (AMI) is crucial to ensure the correct energy load to facilitate generation, distribution and customer billing. Any malicious tampering to the data must be detected immediately. This paper introduces secure end-to-end data aggregation for AMI, a security protocol that allows the concentrators to securely aggregate the data collected from the smart meters, while enabling the utility back-end that receives the aggregated data to verify the integrity and data originality. Compromise of concentrators can be detected. The aggregated data is protected using Chameleon Signatures and then forwarded to the utility back-end for verification, accounting, and analysis. Using the Trapdoor Chameleon Hash Function, the smart meters can periodically send an evidence to the utility back-end, by computing an alternative message and a random value (m', r) such that m' consists of all previous energy usage measurements of the smart meter in a specified period of time.
By verifying that the Chameleon Hash Value of (m', r) and that the energy usage matches those aggregated by the concentrators, the utility back-end is convinced of the integrity and authenticity of the data from the smart meters. Any data anomaly between smart meters and concentrators can be detected, thus indicating potential compromise of concentrators
Report and Trace Ring Signatures
We introduce report and trace ring signature schemes, balancing the desire for signer anonymity with the ability to report malicious behaviour and subsequently revoke anonymity. We contribute a formal security model for report and trace ring signatures that incorporates established properties of anonymity, unforgeability and traceability, and captures a new notion of reporter anonymity. We present a construction of a report and trace ring signature scheme, proving its security and analysing its efficiency, comparing with the state of the art in the accountable ring signatures literature. Our analysis demonstrates that our report and trace scheme is efficient, particularly for the choice of cryptographic primitives that we use to instantiate our construction. We contextualise our new primitive with respect to related work, and highlight, in particular, that report and trace ring signature schemes protect the identity of the reporter even after tracing is complete
- …