641 research outputs found
Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model
Strongly unforgeable signature schemes provide a more stringent security
guarantee than the standard existential unforgeability. It requires that not
only forging a signature on a new message is hard, it is infeasible as well to
produce a new signature on a message for which the adversary has seen valid
signatures before. Strongly unforgeable signatures are useful both in practice
and as a building block in many cryptographic constructions.
This work investigates a generic transformation that compiles any
existential-unforgeable scheme into a strongly unforgeable one, which was
proposed by Teranishi et al. and was proven in the classical random-oracle
model. Our main contribution is showing that the transformation also works
against quantum adversaries in the quantum random-oracle model. We develop
proof techniques such as adaptively programming a quantum random-oracle in a
new setting, which could be of independent interest. Applying the
transformation to an existential-unforgeable signature scheme due to Cash et
al., which can be shown to be quantum-secure assuming certain lattice problems
are hard for quantum computers, we get an efficient quantum-secure strongly
unforgeable signature scheme in the quantum random-oracle model.Comment: 15 pages, to appear in Proceedings TQC 201
The Random Oracle Methodology, Revisited
We take a critical look at the relationship between the security of
cryptographic schemes in the Random Oracle Model, and the security of the
schemes that result from implementing the random oracle by so called
"cryptographic hash functions". The main result of this paper is a negative
one: There exist signature and encryption schemes that are secure in the Random
Oracle Model, but for which any implementation of the random oracle results in
insecure schemes.
In the process of devising the above schemes, we consider possible
definitions for the notion of a "good implementation" of a random oracle,
pointing out limitations and challenges.Comment: 31 page
Functional signatures
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.Includes bibliographical references (p. 41-42).In this thesis, we introduce the notion of functional signatures. In a functional signature scheme, in addition to a master signing key that can be used to sign any message, there are signing keys for a function f, which allow one to sign any message in the range of f. An immediate application of functional signature scheme is the delegation by a master authority to a third party of the ability to sign a restricted set of messages. We also show applications of functional signature in constructing succinct non-interactive arguments and delegation schemes. We give several constructions for this primitive, and describe the trade-offs between them in terms of the assumptions they require and the size of the signatures.by Ioana Ivan.S.M
Security Analysis of the Unrestricted Identity-Based Aggregate Signature Scheme
Aggregate signatures allow anyone to combine different signatures signed by
different signers on different messages into a single short signature. An ideal
aggregate signature scheme is an identity-based aggregate signature (IBAS)
scheme that supports full aggregation since it can reduce the total transmitted
data by using an identity string as a public key and anyone can freely
aggregate different signatures. Constructing a secure IBAS scheme that supports
full aggregation in bilinear maps is an important open problem. Recently, Yuan
{\it et al.} proposed an IBAS scheme with full aggregation in bilinear maps and
claimed its security in the random oracle model under the computational
Diffie-Hellman assumption. In this paper, we show that there exists an
efficient forgery attacker on their IBAS scheme and their security proof has a
serious flaw.Comment: 9 page
A CCA2 Secure Variant of the McEliece Cryptosystem
The McEliece public-key encryption scheme has become an interesting
alternative to cryptosystems based on number-theoretical problems. Differently
from RSA and ElGa- mal, McEliece PKC is not known to be broken by a quantum
computer. Moreover, even tough McEliece PKC has a relatively big key size,
encryption and decryption operations are rather efficient. In spite of all the
recent results in coding theory based cryptosystems, to the date, there are no
constructions secure against chosen ciphertext attacks in the standard model -
the de facto security notion for public-key cryptosystems. In this work, we
show the first construction of a McEliece based public-key cryptosystem secure
against chosen ciphertext attacks in the standard model. Our construction is
inspired by a recently proposed technique by Rosen and Segev
The random oracle methodology, revisited
We take a critical look at the relationship between the security of cryptographic schemes in the Random Oracle Model, and the security of the schemes that result from implementing the random oracle by so called “cryptographic hash functions”. The main result of this paper is a negative one: There exist signature and encryption schemes that are secure in the Random Oracle Model, but for which any implementation of the random oracle results in insecure schemes. In the process of devising the above schemes, we consider possible definitions for the notion of a “good implementation” of a random oracle, pointing out limitations and challengesAccepted manuscrip
- …