50,271 research outputs found
Anonymous Credentials Light
We define and propose an efficient and provably secure construction of blind signatures with attributes. Prior notions of blind signatures did not yield themselves to the construction of anonymous credential systems, not even if we drop the unlinkability requirement of
anonymous credentials. Our new notion in contrast is a convenient building block for anonymous
credential systems. The construction we propose is efficient: it requires just a few exponentiations in a prime-order group in which the decisional Diffie-Hellman problem is hard. Thus, for
the first time, we give a provably secure construction of anonymous credentials that can work in
the elliptic group setting without bilinear pairings. In contrast, prior provably secure constructions were based on the RSA group or on groups with pairings, which made them prohibitively
inefficient for mobile devices, RFIDs and smartcards. The only prior efficient construction that
could work in such elliptic curve groups, due to Brands, does not have a proof of security
Concurrent Security of Anonymous Credentials Light, Revisited
We revisit the concurrent security guarantees of the well-known Anonymous Credentials Light (ACL) scheme (Baldimtsi and Lysyanskaya, CCS\u2713). This scheme was originally proven secure when executed sequentially, and its concurrent security was left as an open problem.
A later work of Benhamouda et al. (EUROCRYPT\u2721) gave an efficient attack on ACL when executed concurrently, seemingly resolving this question once and for all.
In this work, we point out a subtle flaw in the attack of Benhamouda et al. on ACL and show, in spite of popular opinion, that it can be proven concurrently secure.
Our modular proof in the algebraic group model uses an ID scheme as an intermediate step and leads to a major simplification of the complex security argument for Abe\u27s Blind Signature scheme by Kastner et al. (PKC\u2722)
On the (in)security of ROS
We present an algorithm solving the ROS (Random inhomogeneities in a Overdetermined Solvable system of linear equations) problem in polynomial time for l > log p dimensions. Our algorithm can be combined with Wagner’s attack, and leads to a sub-exponential solution for any dimension l with best complexity known so far.
When concurrent executions are allowed, our algorithm leads to practical attacks against unforgeability of blind signature schemes such as Schnorr and Okamoto--Schnorr blind signatures, threshold signatures such as GJKR and the original version of FROST, multisignatures such as CoSI and the two-round version of MuSig, partially blind signatures such as Abe-Okamoto, and conditional blind signatures such as ZGP17. Schemes for e-cash (such as Brands\u27 signature) and anonymous credentials (such as Anonymous Credentials Light) inspired from the above are also affected
I2PA, U-prove, and Idemix: An Evaluation of Memory Usage and Computing Time Efficiency in an IoT Context
The Internet of Things (IoT), in spite of its innumerable advantages, brings
many challenges namely issues about users' privacy preservation and constraints
about lightweight cryptography. Lightweight cryptography is of capital
importance since IoT devices are qualified to be resource-constrained. To
address these challenges, several Attribute-Based Credentials (ABC) schemes
have been designed including I2PA, U-prove, and Idemix. Even though these
schemes have very strong cryptographic bases, their performance in
resource-constrained devices is a question that deserves special attention.
This paper aims to conduct a performance evaluation of these schemes on
issuance and verification protocols regarding memory usage and computing time.
Recorded results show that both I2PA and U-prove present very interesting
results regarding memory usage and computing time while Idemix presents very
low performance with regard to computing time
On the Possibility of Knowledge through Unsafe Testimony
If knowledge requires safety, then one might think that when the epistemic source of knowledge is testimony, that testimony must itself be safe. Otherwise, will not the lack of safety transfer from testimony to hearer, such that hearer will lack knowledge? Resisting this natural line of reasoning, Goldberg (2005; 2007) argues that testimonial knowledge through unsafe testimony is possible on the basis of two cases. Lackey (2008) and Pelling (2013) criticize Goldberg’s examples. But Pelling goes on to provide his own example that attempts to show that Goldberg’s thesis is true: one can gain safe testimonial belief from unsafe testimony. If any of these counterexamples were correct, they would undermine the main reason to think that knowledge based on unsafe testimony is impossible. My aim in this paper is to critically assess these arguments, and to consider the possibility of knowledge through unsafe testimony. Drawing a general moral from the analysis of these cases, I shall contend that it is impossible to acquire safe belief solely on the basis of unsafe testimony. If so, then testimonial knowledge based solely on unsafe testimony is impossible
Privacy-Preserving Electronic Ticket Scheme with Attribute-based Credentials
Electronic tickets (e-tickets) are electronic versions of paper tickets,
which enable users to access intended services and improve services'
efficiency. However, privacy may be a concern of e-ticket users. In this paper,
a privacy-preserving electronic ticket scheme with attribute-based credentials
is proposed to protect users' privacy and facilitate ticketing based on a
user's attributes. Our proposed scheme makes the following contributions: (1)
users can buy different tickets from ticket sellers without releasing their
exact attributes; (2) two tickets of the same user cannot be linked; (3) a
ticket cannot be transferred to another user; (4) a ticket cannot be double
spent; (5) the security of the proposed scheme is formally proven and reduced
to well known (q-strong Diffie-Hellman) complexity assumption; (6) the scheme
has been implemented and its performance empirically evaluated. To the best of
our knowledge, our privacy-preserving attribute-based e-ticket scheme is the
first one providing these five features. Application areas of our scheme
include event or transport tickets where users must convince ticket sellers
that their attributes (e.g. age, profession, location) satisfy the ticket price
policies to buy discounted tickets. More generally, our scheme can be used in
any system where access to services is only dependent on a user's attributes
(or entitlements) but not their identities.Comment: 18pages, 6 figures, 2 table
All Your Cards Are Belong To Us: Understanding Online Carding Forums
Underground online forums are platforms that enable trades of illicit
services and stolen goods. Carding forums, in particular, are known for being
focused on trading financial information. However, little evidence exists about
the sellers that are present on carding forums, the precise types of products
they advertise, and the prices buyers pay. Existing literature mainly focuses
on the organisation and structure of the forums. Furthermore, studies on
carding forums are usually based on literature review, expert interviews, or
data from forums that have already been shut down. This paper provides
first-of-its-kind empirical evidence on active forums where stolen financial
data is traded. We monitored 5 out of 25 discovered forums, collected posts
from the forums over a three-month period, and analysed them quantitatively and
qualitatively. We focused our analyses on products, prices, seller prolificacy,
seller specialisation, and seller reputation
- …