4 research outputs found
Concurrent Knowledge-Extraction in the Public-Key Model
Knowledge extraction is a fundamental notion, modelling machine possession of
values (witnesses) in a computational complexity sense. The notion provides an
essential tool for cryptographic protocol design and analysis, enabling one to
argue about the internal state of protocol players without ever looking at this
supposedly secret state. However, when transactions are concurrent (e.g., over
the Internet) with players possessing public-keys (as is common in
cryptography), assuring that entities ``know'' what they claim to know, where
adversaries may be well coordinated across different transactions, turns out to
be much more subtle and in need of re-examination. Here, we investigate how to
formally treat knowledge possession by parties (with registered public-keys)
interacting over the Internet. Stated more technically, we look into the
relative power of the notion of ``concurrent knowledge-extraction'' (CKE) in
the concurrent zero-knowledge (CZK) bare public-key (BPK) model.Comment: 38 pages, 4 figure
Concurrent/Resettable Zero-Knowledge With Concurrent Soundness in the Bare Public-Key Model and Its Applications
In this work, we investigate concurrent knowledge-extraction (CKE)
and concurrent non-malleability (CNM) for concurrent (and stronger,
resettable) ZK protocols in the bare public-key model.
We formulate, driven by concrete attacks, and achieve CKE for
constant-round concurrent/resettable arguments in the BPK model
under standard polynomial assumptions. We get both generic and
practical implementations. Here, CKE is a new concurrent verifier
security that is strictly stronger than concurrent soundness in
public-key model.
We investigate, driven by concrete attacks, and clarify the
subtleties in formulating CNM in the public-key model. We then give
a new (augmented) CNM formulation in the public-key model and a
construction of CNMZK in the public-key model satisfying the new
CNM formulation
Secure computation under network and physical attacks
2011 - 2012This thesis proposes several protocols for achieving secure com-
putation under concurrent and physical attacks. Secure computation
allows many parties to compute a joint function of their inputs, while
keeping the privacy of their input preserved. It is required that the pri-
vacy one party's input is preserved even if other parties participating
in the protocol collude or deviate from the protocol.
In this thesis we focus on concurrent and physical attacks, where
adversarial parties try to break the privacy of honest parties by ex-
ploiting the network connection or physical weaknesses of the honest
parties' machine.
In the rst part of the thesis we discuss how to construct proto-
cols that are Universally Composable (UC for short) based on physical
setup assumptions. We explore the use of Physically Uncloneable Func-
tions (PUFs) as setup assumption for achieving UC-secure computa-
tions. PUF are physical noisy source of randomness. The use of PUFs
in the UC-framework has been proposed already in [14]. However, this
work assumes that all PUFs in the system are trusted. This means
that, each party has to trust the PUFs generated by the other parties.
In this thesis we focus on reducing the trust involved in the use of such
PUFs and we introduce the Malicious PUFs model in which only PUFs
generated by honest parties are assumed to be trusted. Thus the secu-
rity of each party relies on its own PUF only and holds regardless of the
goodness of the PUFs generated/used by the adversary. We are able to
show that, under this more realistic assumption, one can achieve UC-
secure computation, under computational assumptions. Moreover, we
show how to achieve unconditional UC-secure commitments with (ma-
licious) PUFs and with stateless tamper-proof hardware tokens. We
discuss our contribution on this matter in Part I. These results are
contained in papers [80] and [28].
In the second part of the thesis we focus on the concurrent setting,
and we investigate on protocols achieving round optimality and black-
box access to a cryptographic primitive. We study two fundamental
functionalities: commitment scheme and zero knowledge, and we focus
on some of the round-optimal constructions and lower bounds con-
cerning both functionalities. We nd that such constructions present
subtle issues. Hence, we provide new protocols that actually achieve
the security guarantee promised by previous results.
Concerning physical attacks, we consider adversaries able to re-
set the machine of the honest party. In a reset attack a machine is
forced to run a protocol several times using the same randomness. In
this thesis we provide the rst construction of a witness indistinguish-
able argument system that is simultaneous resettable and argument of
knowledge. We discuss about this contribution in Part III, which is the
content of the paper. [edited by author]XI n.s