Compact E-Cash and Simulatable VRFs Revisited

Abstract. Efficient non-interactive zero-knowledge proofs are a powerful tool for solving many cryptographic problems. We apply the recent Groth-Sahai (GS) proof system for pairing product equations (Eurocrypt 2008) to two related cryptographic problems: compact e-cash (Eurocrypt 2005) and simulatable verifiable random functions (CRYPTO 2007). We present the first efficient compact e-cash scheme that does not rely on a random oracle. To this end we construct efficient GS proofs for signature possession, pseudo randomness and set membership. The GS proofs for pseudorandom functions give rise to a much cleaner and substantially faster construction of simulatable verifiable random functions (sVRF) under a weaker number theoretic assumption. We obtain the first efficient fully simulatable sVRF with a polynomial sized output domain (in the security parameter).

Efficient Round-Optimal Blind Signatures in the Standard Model

Blind signatures are at the core of e-cash systems and have numerous other applications. In this work we construct efficient blind and partially blind signature schemes over bilinear groups in the standard model. Our schemes yield short signatures consisting of only a couple of elements from the shorter source group and have very short communication overhead consisting of $1$ group element on the user side and $3$ group elements on the signer side. At $80$-bit security, our schemes yield signatures consisting of only $40$ bytes which is $67\%$ shorter than the most efficient existing scheme with the same security in the standard model. Verification in our schemes requires only a couple of pairings. Our schemes compare favorably in every efficiency measure to all existing counterparts offering the same security in the standard model. In fact, the efficiency of our signing protocol as well as the signature size compare favorably even to many existing schemes in the random oracle model. For instance, our signatures are shorter than those of Brands\u27 scheme which is at the heart of the U-Prove anonymous credential system used in practice. The unforgeability of our schemes is based on new intractability assumptions of a ``one-more\u27\u27 type which we show are intractable in the generic group model, whereas their blindness holds w.r.t.~malicious signing keys in the information-theoretic sense. We also give variants of our schemes for a vector of messages

Internet privacy protection

Anonymní autentizace slouží k autentizaci uživatelů bez odhalení jejich vlastních identifikačních údajů či osobních dat. Technologie Anonymních Autentizačních Systémů (AAS) poskytuje ochranu soukromí uživatelů a zároveň zajišťuje bezpečnost systému. Tato práce představuje základní kryptografická primitiva, kterými se anonymní autentizace může zajišťovat. Mezi tato primitiva patří některé asymetrické kryptosystémy, avšak nezbytnou součástí tvoří například protokoly na bázi nulové znalosti, slepá podpisová schémata, prahová skupinová schémata, atd., která jsou představena v kapitole 1. Obecně mají autentizační anonymní systémy uplatnění v aplikacích, jako jsou elektronické mince, elektronické hotovosti, skupinové elektronické podpisy, anonymní přístupové systémy, elektronické volby, atd., které jsou postupně analyzovány a představeny v kapitolách 2 a 3. V praktické části práce, která je popsána v kapitole 4, je představena implementace (v prostředí .NET v jazyce C#) systému AAS, který je vyvíjen na FEKT VUTBR.Anonymous authentication is a mean of authorizing a user without leakage of user personal information. The technology of Anonymous Authentication Systems (AAS) provides privacy of the user and yet preserves the security of the system. This thesis presents the basic cryptographic primitives, which can provide anonymous authentication. Among these primitives there are usually some asymmetric cryptosystems, but an essential part of anonymous authentication is based on zero knowledge protocols, blind signature schemes, threshold group schemes, etc., that are presented in Chapter 1. Generally, Anonymous Authentication Systems have application as electronic coin, electronic cash, group signatures, anonymous access systems, electronic vote, etc., which are analyzed and presented in Chapters 2 and 3. In the practical section, the implementation (in the environment .NET in C#) of the AAS system is presented and described in Chapter 4, which is being developed at the FEEC BUT.

Efficient blind signatures without random oracles

Abstract. The only known blind signature scheme that is secure in the standard model [20] is based on general results about multi-party computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We develop our construction as follows. In the first step, which is a significant result on its own, we devise and prove the security of a new variant for the Cramer-Shoup-Fischlin signature scheme. We are able to show that for generating signatures, instead of using randomly chosen prime exponents one can securely use randomly chosen odd integer exponents which significantly simplifies the signature generating process. We obtain our blind signing function as a secure and efficient two-party computation that cleverly exploits its algebraic properties and those of the Paillier encryption scheme. The security of the resulting signing protocol relies on the Strong RSA assumption and the hardness of decisional composite residuosity; we stress that it does not rely on the existence of random oracles.

Entwicklung und Betrieb eines Anonymisierungsdienstes für das WWW

Die Dissertation erläutert, wie ein Anonymisierungsdienst zu gestalten ist, so daß er für den durchschnittlichen Internetnutzer benutzbar ist. Ein Schwerpunkt dabei war die Berücksichtigung einer möglichst holistischen Sichtweise auf das Gesamtsystem "Anonymisierungsdienst". Es geht daher um die ingenieurmäßige Berücksichtigung der vielschichtigen Anforderungen der einzelnen Interessengruppen. Einige dieser Anforderungen ergeben sich aus einem der zentralen Widersprüche: auf der einen Seite die Notwendigkeit von Datenschutz und Privatheit für den Einzelnen, auf der anderen Seite die ebenso notwendige Überwachbarkeit und Zurechenbarkeit, etwa für die Strafverfolgung. Die Dissertation beschäftigt sich mit dem Aufzeigen und Entwickeln von technischen Möglichkeiten, die zur Lösung dieses Widerspruches herangezogen werden können