Design and Analysis of Opaque Signatures

Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents

Security Proofs for Identity-Based Identification and Signature Schemes

This paper provides either security proofs or attacks for a large number of identity-based identification and signature schemes defined either explicitly or implicitly in existing literature. Underlying these is a framework that on the one hand helps explain how these schemes are derived, and on the other hand enables modular security analyses, thereby helping to understand, simplify and unify previous work. We also analyze a generic folklore construction that in particular yields identity-based identification and signature schemes without random oracles

Conditionally Verifiable Signatures

We introduce a new digital signature model, called conditionally verifiable signature (CVS), which allows a signer to specify and convince a recipient under what conditions his signature would become valid and verifiable; the resulting signature is not publicly verifiable immediately but can be converted back into an ordinary one (verifiable by anyone) after the recipient has obtained proofs, in the form of signatures/endorsements from a number of third party witnesses, that all the specified conditions have been fulfilled. A fairly wide set of conditions could be specified in CVS. The only job of the witnesses is to certify the fulfillment of a condition and none of them need to be actively involved in the actual signature conversion, thus protecting user privacy. It is guaranteed that the recipient cannot cheat as long as at least one of the specified witnesses does not collude. We formalize the concept of CVS and give a generic CVS construction based on any CPA-secure identity based encryption (IBE) scheme. Theoretically, we show that the existence of IBE with indistinguishability under a chosen plaintext attack (a weaker notion than the standard one) is necessary and sufficient for the construction of a secure CVS.\footnote{Due to page limit, some proofs are omitted here but could be found in the full version \cite{CB05ibecvs}.

The Security of the FDH Variant of Chaum’s Undeniable Signature Scheme

In this paper, a new kind of adversarial goal called forge-and-impersonate in undeniable signature schemes is introduced. Note that forgeability does not necessarily imply impersonation ability. The security of the full-domain hash (FDH) variant of Chaum's undeniable signature scheme is then classified according to three dimensions, the goal of adversaries, the attacks, and the zero-knowledg (ZK) level of confirmation and disavowal protocols. Each security is then related to some well-known computational problem. In particular, the security of the FDH variant of Chaum's scheme with noninteractive zero-knowledge (NIZK) protocol confirmation and disavowal protocols is proven to be equivalent to the computational Diffie-Hellman (CDH) problem, as opposed to the gap Diffie-Hellman (GDH) problem as claimed by Okamoto and Pointcheval

Efficient Deniable Authentication for Signatures, Application to Machine-Readable Travel Document

Releasing a classical digital signature faces to privacy issues. Indeed, there are cases where the prover needs to authenticate some data without making it possible for any malicious verifier to transfer the proof to anyone else. It is for instance the case for e-passports where the signature from the national authority authenticates personal data. To solve this problem, we can prove knowledge of a valid signature without revealing it. This proof should be non-transferable. We first study deniability for signature verification. Deniability is essentially a weaker form of non-transferability. It holds as soon as the protocol is finished (it is often called offline non-transferability). We introduce Offline Non-Transferable Authentication Protocol (ON-TAP) and we show that it can be built by using a classical signature scheme and a deniable zero-knowledge proof of knowledge. For that reason, we use a generic transform for Σ-protocols. Finally, we give examples to upgrade signature standards based on RSA or ElGamal into an ONTAP. Our examples are well-suited for implementation in e-passports

A study on supervision over foreign banks in China

JEL Classification: E44 G18The five-year transitional period after China’s entry into WTO has expired. To fulfil her promise of opening up the financial service market, China has cancelled all the restrictions on the scope of business and regional access for foreign-funded banks. Although the State Council has enacted the recently revised «Regulation of the People’s Republic of China on the Administration of Foreign-funded Banks» and the «Rules for Implementing the Regulations of the People’s Republic of China on Administration of Foreign-funded Banks» as the main legal document on regulating foreign-funded banks, and, as obvious, flaw is unavoidable. And we must improve the supervisory legal system of foreign-funded banks in China to dissolve the risk arising by the entry of foreign-funded banks. This research work analyses and discuss the practical impact of the current legislation for supervision of foreign-capital banks, supervision of market access of foreign-capital banks, the supervision on RMB business management in foreign capital banks and the legal system for internal control of foreign banks. In the end of the dissertation, the improvement towards the perfection supervision of the foreign banks in PRC will be emphasized with respect to the new opening situation.O período de transição concedido à República Popular da China (RPC) na sua admissão na Organização Mundial do Comércio (OMC) já caducara. Segundo os compromissos de admissão na OMC, o sector financeiro da China passou a estar completamente aberto no final de 2006, e são abolidas todas as restrições para os bancos de capital estrangeiro no que respeita ao tipo de operações bancárias e no que respeita à extensão geográfica de operação. O Conselho de Estado promulgou a lei denominada de “Os Estatutos de Administração dos Bancos de Capital Estrangeiro” e ainda o decreto-lei de “Regulamentação para a implementação dos Estatutos de Administração de Bancos de Capital Estrangeiro” e estes constituem os principais documentos jurídicos que servem de base para uma efectiva administração e supervisão dos bancos de capital estrangeiro. Subsistem, no entanto, muitos aspectos por melhorar, sobretudo no que respeita aos limites e abertura do sistema. O presente trabalho cinge ao estudo e análise de como melhorar a supervisão dos bancos de capital estrangeiro, através da análise de vários discursos de dirigentes do Estado, da análise do estado actual da legislação de administração e supervisão dos bancos de capital estrangeiro, do sistema de leis de administração e supervisão no acesso ao mercado financeiro, de operação de RMB e do sistema legal de supervisão e controle interno das empresas. Discutiremos no final do trabalho as ineficiências do sistema legal de administração e supervisão dos bancos de capital estrangeiro da China, com base na realidade de que os bancos de capital estrangeiro entraram na China para explorar o mercado financeiro nacional. Proporemos sugestões e recomendações com vista a melhoria do sistema legal de administração e supervisão dos bancos de capital estrangeiro na China

Special Signature Schemes and Key Agreement Protocols

This thesis is divided into two distinct parts. The first part of the thesis explores various deniable signature schemes and their applications. Such schemes do not bind a unique public key to a message, but rather specify a set of entities that could have created the signature, so each entity involved in the signature can deny having generated it. The main deniable signature schemes we examine are ring signature schemes. Ring signatures can be used to construct designated verifier signature schemes, which are closely related to designated verifier proof systems. We provide previously lacking formal definitions and security models for designated verifier proofs and signatures and examine their relationship to undeniable signature schemes. Ring signature schemes also have applications in the context of fair exchange of signatures. We introduce the notion of concurrent signatures, which can be constructed using ring signatures, and which provide a "near solution" to the problem of fair exchange. Concurrent signatures are more efficient than traditional solutions for fair exchange at the cost of some of the security guaranteed by traditional solutions. The second part of the thesis is concerned with the security of two-party key agreement protocols. It has traditionally been difficult to prove that a key agreement protocol satisfies a formal definition of security. A modular approach to constructing provably secure key agreement protocols was proposed, but the approach generally results in less efficient protocols. We examine the relationships between various well-known models of security and introduce a modular approach to the construction of proofs of security for key agreement protocols in such security models. Our approach simplifies the proof process, enabling us to provide proofs of security for several efficient key agreement protocols in the literature that were previously unproven