145 research outputs found

    Design and Analysis of Opaque Signatures

    Get PDF
    Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents

    Short undeniable signatures:design, analysis, and applications

    Get PDF
    Digital signatures are one of the main achievements of public-key cryptography and constitute a fundamental tool to ensure data authentication. Although their universal verifiability has the advantage to facilitate their verification by the recipient, this property may have undesirable consequences when dealing with sensitive and private information. Motivated by such considerations, undeniable signatures, whose verification requires the cooperation of the signer in an interactive way, were invented. This thesis is mainly devoted to the design and analysis of short undeniable signatures. Exploiting their online property, we can achieve signatures with a fully scalable size depending on the security requirements. To this end, we develop a general framework based on the interpolation of group elements by a group homomorphism, leading to the design of a generic undeniable signature scheme. On the one hand, this paradigm allows to consider some previous undeniable signature schemes in a unified setting. On the other hand, by selecting group homomorphisms with a small group range, we obtain very short signatures. After providing theoretical results related to the interpolation of group homomorphisms, we develop some interactive proofs in which the prover convinces a verifier of the interpolation (resp. non-interpolation) of some given points by a group homomorphism which he keeps secret. Based on these protocols, we devise our new undeniable signature scheme and prove its security in a formal way. We theoretically analyze the special class of group characters on Z*n. After studying algorithmic aspects of the homomorphism evaluation, we compare the efficiency of different homomorphisms and show that the Legendre symbol leads to the fastest signature generation. We investigate potential applications based on the specific properties of our signature scheme. Finally, in a topic closely related to undeniable signatures, we revisit the designated confirmer signature of Chaum and formally prove the security of a generalized version

    Conditionally Verifiable Signatures

    Get PDF
    We introduce a new digital signature model, called conditionally verifiable signature (CVS), which allows a signer to specify and convince a recipient under what conditions his signature would become valid and verifiable; the resulting signature is not publicly verifiable immediately but can be converted back into an ordinary one (verifiable by anyone) after the recipient has obtained proofs, in the form of signatures/endorsements from a number of third party witnesses, that all the specified conditions have been fulfilled. A fairly wide set of conditions could be specified in CVS. The only job of the witnesses is to certify the fulfillment of a condition and none of them need to be actively involved in the actual signature conversion, thus protecting user privacy. It is guaranteed that the recipient cannot cheat as long as at least one of the specified witnesses does not collude. We formalize the concept of CVS and give a generic CVS construction based on any CPA-secure identity based encryption (IBE) scheme. Theoretically, we show that the existence of IBE with indistinguishability under a chosen plaintext attack (a weaker notion than the standard one) is necessary and sufficient for the construction of a secure CVS.\footnote{Due to page limit, some proofs are omitted here but could be found in the full version \cite{CB05ibecvs}.

    New Constructions of Convertible Undeniable Signature Schemes without Random Oracles

    Get PDF
    In Undeniable Signature, a signature\u27s validity can only be confirmed or disavowed with the help of an alleged signer via a confirmation or disavowal protocol. A Convertible undeniable signature further allows the signer to release some additional information which can make an undeniable signature become publicly verifiable. In this work we introduce a new kind of attacks, called \emph{claimability attacks}, in which a dishonest/malicious signer both disavows a signature via the disavowal protocol and confirms it via selective conversion. Conventional security requirement does not capture the claimability attacks. We show that some convertible undeniable signature schemes are vulnerable to this kind of attacks. We then propose a new efficient construction of fully functional convertible undeniable signature, which supports both selective conversion and universal conversion, and is immune to the claimability attacks. To the best of our knowledge, it is the most efficient convertible undeniable signature scheme with provable security in the standard model. A signature is comprised of three elements of a bilinear group. Both the selective converter of a signature and the universal converter consist of one group element only. Besides, the confirmation and disavowal protocols are also very simple and efficient. Furthermore, the scheme can be extended to support additional features which include the delegation of conversion and confirmation/disavowal, threshold conversion and etc. We also propose an alternative generic construction of convertible undeniable signature schemes. Unlike the conventional sign-then-encrypt paradigm, the signer encrypts its (standard) signature with an identity-based encryption instead of a public key encryption. It enjoys the advantage of short selective converter, which is simply an identity-based user private key, and security against claimability attacks

    Towards Applying Cryptographic Security Models to Real-World Systems

    Get PDF
    The cryptographic methodology of formal security analysis usually works in three steps: choosing a security model, describing a system and its intended security properties, and creating a formal proof of security. For basic cryptographic primitives and simple protocols this is a well understood process and is performed regularly. For more complex systems, as they are in use in real-world settings it is rarely applied, however. In practice, this often leads to missing or incomplete descriptions of the security properties and requirements of such systems, which in turn can lead to insecure implementations and consequent security breaches. One of the main reasons for the lack of application of formal models in practice is that they are particularly difficult to use and to adapt to new use cases. With this work, we therefore aim to investigate how cryptographic security models can be used to argue about the security of real-world systems. To this end, we perform case studies of three important types of real-world systems: data outsourcing, computer networks and electronic payment. First, we give a unified framework to express and analyze the security of data outsourcing schemes. Within this framework, we define three privacy objectives: \emph{data privacy}, \emph{query privacy}, and \emph{result privacy}. We show that data privacy and query privacy are independent concepts, while result privacy is consequential to them. We then extend our framework to allow the modeling of \emph{integrity} for the specific use case of file systems. To validate our model, we show that existing security notions can be expressed within our framework and we prove the security of CryFS---a cryptographic cloud file system. Second, we introduce a model, based on the Universal Composability (UC) framework, in which computer networks and their security properties can be described We extend it to incorporate time, which cannot be expressed in the basic UC framework, and give formal tools to facilitate its application. For validation, we use this model to argue about the security of architectures of multiple firewalls in the presence of an active adversary. We show that a parallel composition of firewalls exhibits strictly better security properties than other variants. Finally, we introduce a formal model for the security of electronic payment protocols within the UC framework. Using this model, we prove a set of necessary requirements for secure electronic payment. Based on these findings, we discuss the security of current payment protocols and find that most are insecure. We then give a simple payment protocol inspired by chipTAN and photoTAN and prove its security within our model. We conclude that cryptographic security models can indeed be used to describe the security of real-world systems. They are, however, difficult to apply and always need to be adapted to the specific use case

    Secret texts and cipherballots: secret suffrage and remote electronic voting

    Get PDF
    Una de les principals preocupacions sobre el vot telemàtic és com preservar el sufragi secret. La llista d’estudis que afirmen que el vot per Internet és incompatible amb el secret del vot és força extensa. Si bé estudis posteriors sobre experiències reals han tingut resultats més matisats, les preocupacions sobre el sufragi secret i el vot telemàtic es mantenen. Abordar aquestes preocupacions esdevé una obligació ineludible. En aquest context, la nostra recerca és novadora. En primer lloc, el nostre punt de partida no es basa en definicions legals preexistents que s'accepten com a donades. Partint de l'enfocament universalista del dret constitucional comparat, hem entès que el principi del sufragi secret transcendeix les opinions i convencions lligades a comunitats polítiques concretes. Aquesta concepció comú i bàsica s'ha traduït en tres estàndards: individualitat, confidencialitat i anonimat. Aquests estàndards s’han de satisfer en qualsevol canal de votació. En segon lloc, hem adoptat un enfocament més ampli en l’aplicació d’aquest principi al vot telemàtic. Hem demostrat que el sufragi secret es pot garantir mitjançant la llei, el codi informàtic, les normes i fins i tot el mercat. La normativa actual tendeix a ser limitada perquè recorre a analogies amb els canals de votació en paper i no reconeix les especificitats del vot telemàtic. Per contra, aquí hem examinat el paper que exerceixen (i les limitacions pròpies) del xifrat asimètric, l'anonimització basada en mix-nets o el recompte homomòrfic, i el vot múltiple.Una de las principales preocupaciones sobre el voto telemático es cómo garantizar el secreto del voto. La lista de autores que afirman que el voto por Internet es incompatible con el sufragio secreto es considerable. Aunque las conclusiones de estudios posteriores sobre experiencias reales hayan sido más matizadas, las preocupaciones sobre el sufragio secreto y el voto telemático se mantienen. Abordar estas preocupaciones constituye en una obligación ineludible. En este contexto, nuestra investigación es novedosa. En primer lugar, nuestro punto de partida no se basa en definiciones legales preexistentes que se aceptan como dadas. Partiendo del enfoque universalista del derecho constitucional comparado, hemos entendido que el principio del sufragio secreto trasciende las opiniones y convenciones ligadas a la cultura de comunidades políticas concretas. Esta concepción se ha traducido en tres normas: individualidad, confidencialidad y anonimato. Estas normas deberían aplicarse a cualquier canal de votación. En segundo lugar, hemos adoptado un enfoque más amplio sobre la aplicación de este principio. Hemos demostrado que el sufragio secreto puede garantizarse mediante la ley, el código, las normas e incluso el mercado. La normativa actual tiende a ser limitada porque recurre a analogías con los canales de votación en papel y no reconoce las especificidades del voto telemático.One of the key concerns about remote electronic voting is how to preserve secret suffrage. The list of authors who claim that Internet voting is incompatible with the secrecy of the vote is actually quite long. Even if later studies that analysed the actual implementation of remote electronic voting in public political elections had more nuanced findings, concerns about secret suffrage and remote electronic voting remain. Addressing these concerns becomes an inescapable obligation. In this context, our research is quite novel. First and foremost, our starting point is not based on pre-existing legal definitions that are accepted as given. Drawing from the universalist approach to comparative constitutional law, we have understood that the principle of secret suffrage exists in such a way that it transcends the culture bound opinions and conventions of particular political communities. This core understanding has been translated into three standards: individuality, confidentiality, and anonymity. These standards should apply to any voting channel. Second, we have taken a wider approach at the enforcement of this principle. We have showed that secret suffrage may be enforced through law, code, norms, and even the market. Current regulations tend to be constrained because they resort to analogies with paper-based voting channels and fail to acknowledge the specificities of remote electronic voting. In contrast, we have examined the role played by (and the limitations of) asymmetric encryption, anonymization based on mix-nets or homomorphic tallying, and of multiple voting to enforce secret suffrage

    POLITICAL PARTIES IN THE EUROPEAN CONSTITUTIONAL DIMENSION

    Get PDF
    La tesi si propone di indagare il ruolo dei partiti politici nella dimensione costituzionale europea, con particolare riguardo alle funzioni dei c.d. partiti politici europei. Essa si suddivide in due macro-sezioni (dedicate rispettivamente alla \u201cstatica\u201d e alla \u201cdinamica\u201d degli Europartiti), a loro volta composte da due capitoli ciascuna, per un totale di quattro capitoli. Le domande di ricerca principali cui si \ue8 tentato di dare risposta sono le seguenti: sono i partiti europei comparabili ai partiti politici tradizionalmente intesi, ovvero le forze politiche presenti a livello nazionale, oppure le competenze di cui i primi sono titolari sono a tal punto differenti da non rendere possibile alcun raffronto? Nell\u2019eventualit\ue0 in cui tali entit\ue0 operanti a livello europeo dovessero rivelarsi profondamente distanti dai loro omologhi nazionali, sarebbe comunque possibile classificarle quali \u201cpartiti\u201d? La presente ricerca si serve del modello dello \u201cEuropean network party\u201d elaborato in sede dottrinale, in base al quale la dimensione partitica europea sarebbe composta da tre \u201cfacce\u201d: il partito \u201cdi base\u201d, rappresentato dalle forze politiche nazionali; il partito \u201cnell\u2019organizzazione centrale\u201d, rappresentato dagli Europartiti; infine, il partito \u201cnelle istituzioni\u201d, rappresentato, in questo caso, dai gruppi politici presenti nel Parlamento europeo. Proprio dal ruolo di questi ultimi prende le mosse l\u2019indagine: infatti, i partiti politici europei hanno un\u2019origine \u201cintraparlamentare\u201d, essendo sorti, quali \u201cfederazioni\u201d (rectius: confederazioni) di partiti nazionali, su impulso dei gruppi, all\u2019alba della prima elezione diretta del Parlamento europeo. Tale origine \u201cinfraistituzionale\u201d rappresenta il \u201cpeccato originale\u201d degli Europartiti: nati all\u2019interno delle istituzioni \u2013 a differenza della maggior parte dei partiti tradizionali, sorti invece per volere delle masse \u2013 essi non sono stati mai capaci di effettuare il \u201csalto di qualit\ue0\u201d che avrebbe loro permesso di stabilire un contatto con la societ\ue0. Contatto che lo stesso art. 138A introdotto dal Trattato di Maastricht (oggi art. 10.4 TUE) pone quale presupposto per il completamento della \u201cmissione costituzionale\u201d assegnata agli Europartiti, ovvero quella di contribuire a formare una coscienza politica europea e ad esprimere la volont\ue0 dei cittadini dell\u2019Unione. La seconda parte dell\u2019indagine prende ad esame l\u2019attuale regolamentazione degli Europartiti, contenuta nel Regolamento n. 1141/2014, il quale ha subito limitate modifiche nel 2018. L\u2019analisi delle prescrizioni che regolano il funzionamento dei partiti europei restituisce un quadro non del tutto soddisfacente, specialmente sotto il profilo del rispetto del principio di democrazia (e dello Stato di diritto): le disposizioni in materia di \u201cgovernance\u201d sembrano ispirarsi al criterio di una sempre maggiore trasparenza, ma non paiono disciplinare la democrazia interna dei partiti. Quanto al rispetto dei valori su cui si fonda l\u2019UE, la procedura volta a verificare e sanzionare eventuali violazioni rimane politicamente connotata, potendo Consiglio e Parlamento bloccare la stessa anche in seguito ad una decisione di segno contrario adottata dall\u2019Autorit\ue0 per i partiti politici europei e le fondazioni politiche europee. La terza parte dell\u2019indagine, prodromica a quella finale, \ue8 dedicata alla forma di Stato e (specialmente) alla forma di governo dell\u2019Unione. Quest\u2019ultima, in definitiva, pare fondarsi sul principio di leale cooperazione e sull\u2019equilibrio istituzionale: essendo l\u2019esecutivo europeo \u201cframmentato\u201d e contribuendo all\u2019agenda setting numerose Istituzioni, il regolare funzionamento delle dinamiche istituzionali non pu\uf2 che essere affidato alla reciproca collaborazione, che si traduce principalmente, in termini giuridici, nella conclusione di accordi interistituzionali. Infine, la quarta parte dell\u2019indagine \ue8 dedicata al ruolo svolto dai partiti europei nel contesto della forma di governo dell\u2019Unione. A tal fine, si \ue8 proceduto ad indagare il rapporto intercorrente tra Europartiti e corrispondenti gruppi parlamentari nel Parlamento europeo, concentrando l\u2019attenzione sulla c.d. policy formulation. Per comprendere ove risieda l\u2019effettivo potere decisionale di dettare la linea da seguire in Assemblea e di stabilire quali punti debbano essere posti all\u2019ordine del giorno del Parlamento, si \ue8 proceduto ad un\u2019analisi approfondita degli statuti e dei regolamenti delle \u201cfacce\u201d sovranazionali delle due pi\uf9 importanti famiglie politiche europee: socialisti (PES/S&D) e conservatori (EPP). Si \ue8 poi rivolta l\u2019attenzione ai rapporti intercorrenti tra Europartiti e Commissione Europea, nonch\ue9 tra i primi e le Istituzioni intergovernative dell\u2019Unione (ossia Consiglio e Consiglio europeo): \ue8 emersa una debole tendenza alla formazione di coalizioni partitiche sovranazionali in seno alle predette sedi istituzionali; tendenza che potrebbe essere \u201ccavalcata\u201d dai partiti europei, oggi rafforzati dalla previsione del meccanismo c.d. degli Spitzenkandidaten, per il tramite di un parziale ripensamento dei summit che precedono le riunioni delle Istituzioni intergovernative, i quali si limitano a facilitare i processi di coalition building, senza mai, tuttavia, garantirne la stabilit\ue0. In conclusione, i partiti europei soffrono tuttora del \u201cpeccato originale\u201d che ne impedisce un contatto diretto con la societ\ue0: per questo appaiono (e sono) estremamente distanti dalla declinazione nazionale del fenomeno partitico. Allo stesso tempo, la loro struttura confederale, che ne impedirebbe la sicura sussunzione nella tradizionale nozione di \u201cpartito\u201d, pare essere in linea con l\u2019attuale stadio del processo di integrazione europea: cos\uec come gli Stati membri, anche i partiti nazionali sono \u201cgelosi\u201d delle loro prerogative (potrebbe dirsi: della loro \u201csovranit\ue0\u201d) e non sembrano intenzionati a cedere il passo ai loro omologhi operanti a livello unionale. Per questo motivo, il tanto atteso \u201csalto di qualit\ue0\u201d degli Europartiti potr\ue0 aversi solo in seguito ad una \u2013 oggi improbabile \u2013 accelerazione (rectius: conclusione) del federalizing process europeo

    GPU-based Parallel Computing Models and Implementations for Two-party Privacy-preserving Protocols

    Get PDF
    In (two-party) privacy-preserving-based applications, two users use encrypted inputs to compute a function without giving out plaintext of their input values. Privacy-preserving computing algorithms have to utilize a large amount of computing resources to handle the encryption-decryption operations. In this dissertation, we study optimal utilization of computing resources on the graphic processor unit (GPU) architecture for privacy-preserving protocols based on secure function evaluation (SFE) and the Elliptic Curve Cryptographic (ECC) and related algorithms. A number of privacy-preserving protocols are implemented, including private set intersection (PSI), secret handshaking (SH), secure Edit distance (ED) and Smith-Waterman (SW) problems. PSI is chosen to represent ECC point multiplication related computations, SH for bilinear pairing, and the last two for SFE-based dynamic programming (DP) problems. They represent different types of computations, so that in-depth understanding of the benefits and limitations of the GPU architecture for privacy preserving protocols is gained. For SFE-based ED and SW problems, a wavefront parallel computing model on the CPU-GPU architecture under the semi-honest security model is proposed. Low level parallelization techniques for GPU-based gate (de-)garbler, synchronized parallel memory access, pipelining, and general GPU resource mapping policies are developed. This dissertation shows that the GPU architecture can be fully utilized to speed up SFE-based ED and SW algorithms, which are constructed with billions of garbled gates, on a contemporary GPU card GTX-680, with very little waste of processing cycles or memory space. For PSI and SH protocols and underlying ECC algorithms, the analysis in this research shows that the conventional Montgomery-based number system is more friendly to the GPU architecture than the Residue Number System (RNS) is. Analysis on experiment results further shows that the lazy reduction in higher extension fields can have performance benefits only when the GPU architecture has enough fast memory. The resulting Elliptic curve Arithmetic GPU Library (EAGL) can run 3350.9 R-ate (bilinear) pairing/sec, and 47000 point multiplication/sec at the 128-bit security level, on one GTX-680 card. The primary performance bottleneck is found to be lacking of advanced memory management functions in the contemporary GPU architecture for bilinear pairing operations. Substantial performance gain can be expected when the on-chip memory size and/or more advanced memory prefetching mechanisms are supported in future generations of GPUs
    • …
    corecore