Non-conventional digital signatures and their implementations – A review

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-19713-5_36The current technological scenario determines a profileration of trust domains, which are usually defined by validating the digital identity linked to each user. This validation entails critical assumptions about the way users’ privacy is handled, and this calls for new methods to construct and treat digital identities. Considering cryptography, identity management has been constructed and managed through conventional digital signatures. Nowadays, new types of digital signatures are required, and this transition should be guided by rigorous evaluation of the theoretical basis, but also by the selection of properly verified software means. This latter point is the core of this paper. We analyse the main non-conventional digital signatures that could endorse an adequate tradeoff betweeen security and privacy. This discussion is focused on practical software solutions that are already implemented and available online. The goal is to help security system designers to discern identity management functionalities through standard cryptographic software libraries.This work was supported by Comunidad de Madrid (Spain) under the project S2013/ICE-3095-CM (CIBERDINE) and the Spanish Government project TIN2010-19607

Hang With Your Buddies to Resist Intersection Attacks

Some anonymity schemes might in principle protect users from pervasive network surveillance - but only if all messages are independent and unlinkable. Users in practice often need pseudonymity - sending messages intentionally linkable to each other but not to the sender - but pseudonymity in dynamic networks exposes users to intersection attacks. We present Buddies, the first systematic design for intersection attack resistance in practical anonymity systems. Buddies groups users dynamically into buddy sets, controlling message transmission to make buddies within a set behaviorally indistinguishable under traffic analysis. To manage the inevitable tradeoffs between anonymity guarantees and communication responsiveness, Buddies enables users to select independent attack mitigation policies for each pseudonym. Using trace-based simulations and a working prototype, we find that Buddies can guarantee non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure

PRIVACY PRESERVATION FOR TRANSACTION INITIATORS: STRONGER KEY IMAGE RING SIGNATURE AND SMART CONTRACT-BASED FRAMEWORK

Recently, blockchain technology has garnered support. However, an attenuating factor to its global adoption in certain use cases is privacy-preservation owing to its inherent transparency. A widely explored cryptographic option to address this challenge has been ring signature which aside its privacy guarantee must be double spending resistant. In this paper, we identify and prove a catastrophic flaw for double-spending attack in a Lightweight Ring Signature scheme and proceed to construct a new, fortified commitment scheme using the signer’s entire private key. Subsequently, we compute a stronger key image to yield a double-spending-resistant signature scheme solidly backed by formal proof. Inherent in our solution is a novel, zero-knowledge-based, secured and cost-effective smart contract for public key aggregation. We test our solution on a private blockchain as well as Kovan testnet along with performance analysis attesting to efficiency and usability and make the code publicly available on GitHub

Cryptography in privacy-preserving applications.

Tsang Pak Kong.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 95-107).Abstracts in English and Chinese.Abstract --- p.iiAcknowledgement --- p.ivChapter 1 --- Introduction --- p.1Chapter 1.1 --- Privacy --- p.1Chapter 1.2 --- Cryptography --- p.5Chapter 1.2.1 --- History of Cryptography --- p.5Chapter 1.2.2 --- Cryptography Today --- p.6Chapter 1.2.3 --- Cryptography For Privacy --- p.7Chapter 1.3 --- Thesis Organization --- p.8Chapter 2 --- Background --- p.10Chapter 2.1 --- Notations --- p.10Chapter 2.2 --- Complexity Theory --- p.11Chapter 2.2.1 --- Order Notation --- p.11Chapter 2.2.2 --- Algorithms and Protocols --- p.11Chapter 2.2.3 --- Relations and Languages --- p.13Chapter 2.3 --- Algebra and Number Theory --- p.14Chapter 2.3.1 --- Groups --- p.14Chapter 2.3.2 --- Intractable Problems --- p.16Chapter 2.4 --- Cryptographic Primitives --- p.18Chapter 2.4.1 --- Public-Key Encryption --- p.18Chapter 2.4.2 --- Identification Protocols --- p.21Chapter 2.4.3 --- Digital Signatures --- p.22Chapter 2.4.4 --- Hash Functions --- p.24Chapter 2.4.5 --- Zero-Knowledge Proof of Knowledge --- p.26Chapter 2.4.6 --- Accumulators --- p.32Chapter 2.4.7 --- Public Key Infrastructure --- p.34Chapter 2.5 --- Zero Knowledge Proof of Knowledge Protocols in Groups of Unknown Order --- p.36Chapter 2.5.1 --- The Algebraic Setting --- p.36Chapter 2.5.2 --- Proving the Knowledge of Several Discrete Logarithms . --- p.37Chapter 2.5.3 --- Proving the Knowledge of a Representation --- p.38Chapter 2.5.4 --- Proving the Knowledge of d Out of n Equalities of Discrete Logarithms --- p.39Chapter 2.6 --- Conclusion --- p.42Chapter 3 --- Related Works --- p.43Chapter 3.1 --- Introduction --- p.43Chapter 3.2 --- Group-Oriented Signatures without Spontaneity and/or Anonymity --- p.44Chapter 3.3 --- SAG Signatures --- p.46Chapter 3.4 --- Conclusion --- p.49Chapter 4 --- Linkable Ring Signatures --- p.50Chapter 4.1 --- Introduction --- p.50Chapter 4.2 --- New Notions --- p.52Chapter 4.2.1 --- Accusatory Linking --- p.52Chapter 4.2.2 --- Non-slanderability --- p.53Chapter 4.2.3 --- Linkability in Threshold Ring Signatures --- p.54Chapter 4.2.4 --- Event-Oriented Linking --- p.55Chapter 4.3 --- Security Model --- p.56Chapter 4.3.1 --- Syntax --- p.56Chapter 4.3.2 --- Notions of Security --- p.58Chapter 4.4 --- Conclusion --- p.63Chapter 5 --- Short Linkable Ring Signatures --- p.64Chapter 5.1 --- Introduction --- p.64Chapter 5.2 --- The Construction --- p.65Chapter 5.3 --- Security Analysis --- p.68Chapter 5.3.1 --- Security Theorems --- p.68Chapter 5.3.2 --- Proofs --- p.68Chapter 5.4 --- Discussion --- p.70Chapter 5.5 --- Conclusion --- p.71Chapter 6 --- Separable Linkable Threshold Ring Signatures --- p.72Chapter 6.1 --- Introduction --- p.72Chapter 6.2 --- The Construction --- p.74Chapter 6.3 --- Security Analysis --- p.76Chapter 6.3.1 --- Security Theorems --- p.76Chapter 6.3.2 --- Proofs --- p.77Chapter 6.4 --- Discussion --- p.79Chapter 6.5 --- Conclusion --- p.80Chapter 7 --- Applications --- p.82Chapter 7.1 --- Offline Anonymous Electronic Cash --- p.83Chapter 7.1.1 --- Introduction --- p.83Chapter 7.1.2 --- Construction --- p.84Chapter 7.2 --- Electronic Voting --- p.85Chapter 7.2.1 --- Introduction --- p.85Chapter 7.2.2 --- Construction . --- p.87Chapter 7.2.3 --- Discussions --- p.88Chapter 7.3 --- Anonymous Attestation --- p.89Chapter 7.3.1 --- Introduction --- p.89Chapter 7.3.2 --- Construction --- p.90Chapter 7.4 --- Conclusion --- p.91Chapter 8 --- Conclusion --- p.92A Paper Derivation --- p.94Bibliography --- p.9

New approaches to privacy preserving signatures

In this thesis we advance the theory and practice of privacy preserving digital signatures. Privacy preserving signatures such as group and ring signatures enable signers to hide in groups of potential signers. We design a cryptographic primitive called signatures with flexible public keys, which allows for modular construction of privacy preserving signatures. Its core is an equivalence relation between verification keys, such that key representatives can be transformed in their class to obscures their origin. The resulting constructions are more efficient than the state of the art, under the same or weaker assumptions. We show an extension of the security model of fully dynamic group signatures, which are those where members may join and leave the group over time. Our contribution here, which is facilitated by the new primitive, is the treatment of membership status as potentially sensitive information. In the theory of ring signatures, we show a construction of ring signatures which is the first in the literature with logarithmic signature size in the size of the ring without any trusted setup or reliance on non-standard assumptions. We show how to extend our techniques to the derived setting of linkable ring signatures, where different signatures of the same origin may be publicly linked. Here, we further revisit the notion of linkable anonymity, offering a significant strengthening compared to previous definitions.Diese Arbeit treibt die Theorie und Praxis der privatsphärewahrenden digitalen Signa- turen voran. Privatsphärewahrende Signaturen, wie Gruppen- oder Ringsignaturen erlauben es Zeichnern sich in einer Gruppe potenzieller Zeichner zu verstecken. Wir entwerfen mit Signatures with Flexible Public Keys einen kryptografischen Baustein zur modularen Konstruktion von privatsphärewahrenden Signaturen. Dessen Kern ist eine Äquivalenzrelation zwischen den Schlüsseln, sodass ein Schlüsselvertreter in seiner Klasse bewegt werden kann, um seinen Ursprung zu verschleiern. Darauf auf- bauende Konstruktionen sind effizienter als der Stand der Technik, unter gleichen oder schwächeren Annahmen. Wir erweitern das Sicherheitsmodell vollständig dynami- scher Gruppensignaturen, die es Mitgliedern erlauben der Gruppe beizutreten oder sie zu verlassen: Durch das neue Primitiv, wird die Behandlung der Mitgliedschaft als potenziell sensibel ermöglicht. In der Theorie der Ringsignaturen geben wir die erste Konstruktion, welche über eine logarithmische Signaturgröße verfügt, ohne auf eine Vorkonfiguration oder unübliche Annahmen vertrauen zu müssen. Wir übertragen unsere Ergebnisse auf das Feld der verknüpfbaren Ringsignaturen, die eine öffentliche Verknüpfung von zeichnergleichen Signaturen ermöglichen. Unsere Neubetrachtung des Begriffs der verknüpfbaren Anonymität führt zu einer signifikanten Stärkung im Vergleich zu früheren Definitionen

A Practical Forward-Secure DualRing

Ring signature allows a signer to generate a signature on behalf of a set of public keys, while a verifier can verify the signature without identifying who the actual signer is. In Crypto 2021, Yuen et al. proposed a new type of ring signature scheme called DualRing. However, it lacks forward security. The security of DualRing cannot be guaranteed if the signer\u27s secret key is compromised. In this work, we introduce forward-secure DualRing. The singer can periodically update his secret key using our proposed ``split-and-combine method to mitigate the security risks caused by the leakage of secret keys. We present a practical scheme based on the discrete logarithm assumption. We show a detailed evaluation to validate its practicality

Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation

Abstract-Despite advances in security engineering, authentication in applications such as email and the Web still primarily relies on the X.509 public key infrastructure introduced in 1988. This PKI has many issues but is nearly impossible to replace. Leveraging recent progress in verifiable computation, we propose a novel use of existing X.509 certificates and infrastructure. Instead of receiving & validating chains of certificates, our applications receive & verify proofs of their knowledge, their validity, and their compliance with application policies. This yields smaller messages (by omitting certificates), stronger privacy (by hiding certificate contents), and stronger integrity (by embedding additional checks, e.g. for revocation). X.509 certificate validation is famously complex and errorprone, as it involves parsing ASN.1 data structures and interpreting them against diverse application policies. To manage this diversity, we propose a new format for writing application policies by composing X.509 templates, and we provide a template compiler that generates C code for validating certificates within a given policy. We then use the Geppetto cryptographic compiler to produce a zero-knowledge verifiable computation scheme for that policy. To optimize the resulting scheme, we develop new C libraries for RSA-PKCS#1 signatures and ASN.1 parsing, carefully tailored for cryptographic verifiability. We evaluate our approach by providing two real-world applications of verifiable computation: a drop-in replacement for certificates within TLS; and access control for the Helios voting protocol. For TLS, we support fine-grained validation policies, with revocation checking and selective disclosure of certificate contents, effectively turning X.509 certificates into anonymous credentials. For Helios, we obtain additional privacy and verifiability guarantees for voters equipped with X.509 certificates, such as those readily available from some national ID cards