477 research outputs found
Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model
Strongly unforgeable signature schemes provide a more stringent security
guarantee than the standard existential unforgeability. It requires that not
only forging a signature on a new message is hard, it is infeasible as well to
produce a new signature on a message for which the adversary has seen valid
signatures before. Strongly unforgeable signatures are useful both in practice
and as a building block in many cryptographic constructions.
This work investigates a generic transformation that compiles any
existential-unforgeable scheme into a strongly unforgeable one, which was
proposed by Teranishi et al. and was proven in the classical random-oracle
model. Our main contribution is showing that the transformation also works
against quantum adversaries in the quantum random-oracle model. We develop
proof techniques such as adaptively programming a quantum random-oracle in a
new setting, which could be of independent interest. Applying the
transformation to an existential-unforgeable signature scheme due to Cash et
al., which can be shown to be quantum-secure assuming certain lattice problems
are hard for quantum computers, we get an efficient quantum-secure strongly
unforgeable signature scheme in the quantum random-oracle model.Comment: 15 pages, to appear in Proceedings TQC 201
Improving the exact security of digital signature schemes
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1999.Includes bibliographical references (p. 28-30).by Leonid Reyzin.S.M
Group Signatures: Provable Security, Efficient Constructions and Anonymity from Trapdoor-Holders
To date, a group signature construction which is efficient,
scalable, allows dynamic adversarial joins, and proven secure in a
formal model has not been suggested. In this work we give the first
such construction in the random oracle model.
The demonstration of an efficient construction proven secure in
a formal model that captures all intuitive security properties of a certain
primitive is a basic goal in cryptographic design.
To this end we adapt a formal model for group signatures
capturing all the basic requirements that have been identified as desirable
in the area and we construct an efficient scheme and prove its security.
Our construction is based on the Strong-RSA assumption
(as in the work of Ateniese et al.). In our system, due to
the requirements of provable security in a formal model, we
give novel constructions as well as innovative extensions of
the underlying mathematical requirements and properties.
Our task, in fact, requires the investigation of
some basic number-theoretic techniques for arguing
security over the group of quadratic residues modulo a composite
when its factorization is known. Along the way we
discover that in the basic construction, anonymity
does not depend on factoring-based assumptions, which, in turn, allows
the natural separation of user join management and anonymity
revocation authorities. Anonymity can, in turn, be shown even against
an adversary controlling the join manager
A Survey on Homomorphic Encryption Schemes: Theory and Implementation
Legacy encryption systems depend on sharing a key (public or private) among
the peers involved in exchanging an encrypted message. However, this approach
poses privacy concerns. Especially with popular cloud services, the control
over the privacy of the sensitive data is lost. Even when the keys are not
shared, the encrypted material is shared with a third party that does not
necessarily need to access the content. Moreover, untrusted servers, providers,
and cloud operators can keep identifying elements of users long after users end
the relationship with the services. Indeed, Homomorphic Encryption (HE), a
special kind of encryption scheme, can address these concerns as it allows any
third party to operate on the encrypted data without decrypting it in advance.
Although this extremely useful feature of the HE scheme has been known for over
30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE)
scheme, which allows any computable function to perform on the encrypted data,
was introduced by Craig Gentry in 2009. Even though this was a major
achievement, different implementations so far demonstrated that FHE still needs
to be improved significantly to be practical on every platform. First, we
present the basics of HE and the details of the well-known Partially
Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which
are important pillars of achieving FHE. Then, the main FHE families, which have
become the base for the other follow-up FHE schemes are presented. Furthermore,
the implementations and recent improvements in Gentry-type FHE schemes are also
surveyed. Finally, further research directions are discussed. This survey is
intended to give a clear knowledge and foundation to researchers and
practitioners interested in knowing, applying, as well as extending the state
of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the
survey that is being submitted to ACM CSUR and has been uploaded to arXiv for
feedback from stakeholder
Doświadczenia międzynarodowe w zakresie systemu elektronicznej identyfikacji
Autorzy mówili modele systemów identyfikacji elektronicznej stosowane w krajach europejskich i USA. W wielu krajach państwo w ramach zapewnienia bezpieczeństwa i interoperacyjności określiło jedynie podstawowe standardy funkcjonowania dla zaangażowanych instytucji. Scharakteryzowano rynek usług zaufania w Europie, podkreślając jego duże zróżnicowanie. Najczęstszą usługą zaufania oferowaną przed przedsiębiorców, instytucji prywatnych i publicznych jest wyda-wanie kwalifikowanych certyfikatów. Natomiast najrzadziej, prawdopodobnie ze względu na poziom skomplikowania przedsięwzięcia dostawcy usług zaufania podejmują się stworzenia kwalifikowanych usług, rejestrowanych elektronicznych doręczeń. Omówiono także kwestie bezpieczeństwa w elektronicznej identyfikacji podejmowane w państwa EU.The authors have discussed the models of electronic identification systems used in the European countries and the USA. In many countries, the state has defined only the basic standards of functioning for the engaged institutions as part of safety and interoperability guarantee. The trust services market in Europe has been defined, while putting an emphasis on its diversity. The most common trust service offered by entrepreneurs or private and public institutions is the issuance of qualified certificates. On the other hand, the trust services providers very rarely undertake to create qualified electronically registered services, probably due to the complexity of the enterprise. Also the issues of electronic identification security undertaken by the EU states
Cryptographic Hash Functions in Groups and Provable Properties
We consider several "provably secure" hash functions that compute simple sums in a well chosen group (G,*). Security properties of such functions provably translate in a natural way to computational problems in G that are simple to define and possibly also hard to solve. Given k disjoint lists Li of group elements, the k-sum problem asks for gi ∊ Li such that g1 * g2 *...* gk = 1G. Hardness of the problem in the respective groups follows from some "standard" assumptions used in public-key cryptology such as hardness of integer factoring, discrete logarithms, lattice reduction and syndrome decoding. We point out evidence that the k-sum problem may even be harder than the above problems. Two hash functions based on the group k-sum problem, SWIFFTX and FSB, were submitted to NIST as candidates for the future SHA-3 standard. Both submissions were supported by some sort of a security proof. We show that the assessment of security levels provided in the proposals is not related to the proofs included. The main claims on security are supported exclusively by considerations about available attacks. By introducing "second-order" bounds on bounds on security, we expose the limits of such an approach to provable security. A problem with the way security is quantified does not necessarily mean a problem with security itself. Although FSB does have a history of failures, recent versions of the two above functions have resisted cryptanalytic efforts well. This evidence, as well as the several connections to more standard problems, suggests that the k-sum problem in some groups may be considered hard on its own, and possibly lead to provable bounds on security. Complexity of the non-trivial tree algorithm is becoming a standard tool for measuring the associated hardness. We propose modifications to the multiplicative Very Smooth Hash and derive security from multiplicative k-sums in contrast to the original reductions that related to factoring or discrete logarithms. Although the original reductions remain valid, we measure security in a new, more aggressive way. This allows us to relax the parameters and hash faster. We obtain a function that is only three times slower compared to SHA-256 and is estimated to offer at least equivalent collision resistance. The speed can be doubled by the use of a special modulus, such a modified function is supported exclusively by the hardness of multiplicative k-sums modulo a power of two. Our efforts culminate in a new multiplicative k-sum function in finite fields that further generalizes the design of Very Smooth Hash. In contrast to the previous variants, the memory requirements of the new function are negligible. The fastest instance of the function expected to offer 128-bit collision resistance runs at 24 cycles per byte on an Intel Core i7 processor and approaches the 17.4 figure of SHA-256. The new functions proposed in this thesis do not provably achieve a usual security property such as preimage or collision resistance from a well-established assumption. They do however enjoy unconditional provable separation of inputs that collide. Changes in input that are small with respect to a well defined measure never lead to identical output in the compression function
Can NSEC5 be practical for DNSSEC deployments?
NSEC5 is proposed modification to DNSSEC that simultaneously guarantees two security properties: (1) privacy against offline zone enumeration, and (2) integrity of zone contents, even if an adversary compromises the authoritative nameserver responsible for responding to DNS queries for the zone. This paper redesigns NSEC5 to make it both practical and performant. Our NSEC5 redesign features a new fast verifiable random function (VRF) based on elliptic curve cryptography (ECC), along with a cryptographic proof of its security. This VRF is also of independent interest, as it is being standardized by the IETF and being used by several other projects. We show how to integrate NSEC5 using our ECC-based VRF into the DNSSEC protocol, leveraging precomputation to improve performance and DNS protocol-level optimizations to shorten responses. Next, we present the first full-fledged implementation of NSEC5—extending widely-used DNS software to present a nameserver and recursive resolver that support NSEC5—and evaluate their performance under aggressive DNS query loads. Our performance results
indicate that our redesigned NSEC5 can be viable even for high-throughput scenarioshttps://eprint.iacr.org/2017/099.pdfFirst author draf
- …