972 research outputs found
Quantum-secure message authentication via blind-unforgeability
Formulating and designing unforgeable authentication of classical messages in
the presence of quantum adversaries has been a challenge, as the familiar
classical notions of unforgeability do not directly translate into meaningful
notions in the quantum setting. A particular difficulty is how to fairly
capture the notion of "predicting an unqueried value" when the adversary can
query in quantum superposition. In this work, we uncover serious shortcomings
in existing approaches, and propose a new definition. We then support its
viability by a number of constructions and characterizations. Specifically, we
demonstrate a function which is secure according to the existing definition by
Boneh and Zhandry, but is clearly vulnerable to a quantum forgery attack,
whereby a query supported only on inputs that start with 0 divulges the value
of the function on an input that starts with 1. We then propose a new
definition, which we call "blind-unforgeability" (or BU.) This notion matches
"intuitive unpredictability" in all examples studied thus far. It defines a
function to be predictable if there exists an adversary which can use
"partially blinded" oracle access to predict values in the blinded region. Our
definition (BU) coincides with standard unpredictability (EUF-CMA) in the
classical-query setting. We show that quantum-secure pseudorandom functions are
BU-secure MACs. In addition, we show that BU satisfies a composition property
(Hash-and-MAC) using "Bernoulli-preserving" hash functions, a new notion which
may be of independent interest. Finally, we show that BU is amenable to
security reductions by giving a precise bound on the extent to which quantum
algorithms can deviate from their usual behavior due to the blinding in the BU
security experiment.Comment: 23+9 pages, v3: published version, with one theorem statement in the
summary of results correcte
Short structure-preserving signatures
© Springer International Publishing Switzerland 2016. We construct a new structure-preserving signature scheme in the efficient Type-III asymmetric bilinear group setting with signatures shorter than all existing schemes. Our signatures consist of 3 group elements from the first source group and therefore they are shorter than those of existing schemes as existing ones have at least one component in the second source group whose elements bit size is at least double that of their first group counterparts. Besides enjoying short signatures, our scheme is fully re-randomizable which is a useful property for many applications. Our result also consti- tutes a proof that the impossibility of unilateral structure-preserving signatures in the Type-III setting result of Abe et al. (Crypto 2011) does not apply to constructions in which the message space is dual in both source groups. Besides checking the well-formedness of the message, verifying a signature in our scheme requires checking 2 Pairing Product Equations (PPE) and require the evaluation of only 5 pairings in total which matches the best existing scheme and outperforms many other existing ones. We give some examples of how using our scheme instead of existing ones improves the efficiency of some existing cryptographic pro- tocols such as direct anonymous attestation and group signature related constructions
Lattice-based Blind Signatures
Motivated by the need to have secure blind signatures even in the presence of quantum computers, we present two efficient blind signature schemes based on hard worst-case lattice problems. Both schemes are provably secure in the random oracle model and unconditionally blind. The first scheme is based on preimage samplable functions that were introduced at STOC 2008 by Gentry, Peikert, and Vaikuntanathan. The scheme is stateful and runs in 3 moves. The second scheme builds upon the PKC 2008 identification scheme of Lyubashevsky. It is stateless, has 4 moves, and its security is based on the hardness of worst-case problems in ideal lattices
Formalizing group blind signatures and practical constructions without random oracles
Group blind signatures combine anonymity properties of both group signatures and blind signatures and offer privacy for both the message to be signed and the signer. The primitive has been introduced with only informal definitions for its required security properties. In this paper, we offer two main contributions: first, we provide foundations for the primitive and present formal security definitions. In the process, we identify and address some subtle issues which were not considered by previous constructions and (informal) security definitions. Our second main contribution is a generic construction that yields practical schemes with a round-optimal signing protocol and constant-size signatures. Our constructions permit dynamic and concurrent enrollment of new members and satisfy strong security requirements. To the best of our knowledge, our schemes are the first provably secure constructions in the standard model. In addition, we introduce some new building blocks which may be of independent interest. © 2013 Springer-Verlag
Pisces: Private and Compliable Cryptocurrency Exchange
Cryptocurrency exchange platforms such as Coinbase, Binance, enable users to
purchase and sell cryptocurrencies conveniently just like trading
stocks/commodities. However, because of the nature of blockchain, when a user
withdraws coins (i.e., transfers coins to an external on-chain account), all
future transactions can be learned by the platform. This is in sharp contrast
to conventional stock exchange where all external activities of users are
always hidden from the platform. Since the platform knows highly sensitive user
private information such as passport number, bank information etc, linking all
(on-chain) transactions raises a serious privacy concern about the potential
disastrous data breach in those cryptocurrency exchange platforms.
In this paper, we propose a cryptocurrency exchange that restores user
anonymity for the first time. To our surprise, the seemingly well-studied
privacy/anonymity problem has several new challenges in this setting. Since the
public blockchain and internal transaction activities naturally provide many
non-trivial leakages to the platform, internal privacy is not only useful in
the usual sense but also becomes necessary for regaining the basic anonymity of
user transactions. We also ensure that the user cannot double spend, and the
user has to properly report accumulated profit for tax purposes, even in the
private setting. We give a careful modeling and efficient construction of the
system that achieves constant computation and communication overhead (with only
simple cryptographic tools and rigorous security analysis); we also implement
our system and evaluate its practical performance.Comment: 27 pages, 8 figures, 2 tables. To be published in NDSS'24. This is
the full version of the conference pape
Rai-Choo! Evolving Blind Signatures to the Next Level
Blind signatures are a fundamental tool for privacy-preserving applications.
Known constructions of concurrently secure blind signature schemes either are prohibitively inefficient or rely on non-standard assumptions, even in the random oracle model.
A recent line of work (ASIACRYPT `21, CRYPTO `22) initiated the study of concretely efficient schemes based on well-understood assumptions in the random oracle model.
However, these schemes still have several major drawbacks:
1) The signer is required to keep state; 2) The computation grows linearly with the number of signing interactions, making the schemes impractical; 3) The schemes require at least five moves of interaction.
In this paper, we introduce a blind signature scheme that eliminates all of the above drawbacks at the same time.
Namely, we show a round-optimal, concretely efficient, concurrently secure, and stateless blind signature scheme in which communication and computation are independent of the number of signing interactions. Our construction also naturally generalizes to the partially blind signature setting.
Our scheme is based on the CDH assumption in the asymmetric pairing setting and can be instantiated using a standard BLS curve. We obtain signature and communication sizes of 9KB and 36KB, respectively.
To further improve the efficiency of our scheme, we show how to obtain a scheme with better amortized communication efficiency. Our approach batches the issuing of signatures for multiple messages
Rai-Choo! Evolving Blind Signatures to the Next Level
Blind signatures are a fundamental tool for privacy-preserving applications.
Known constructions of concurrently secure blind signature schemes either are prohibitively inefficient or rely on non-standard assumptions, even in the random oracle model.
A recent line of work (ASIACRYPT `21, CRYPTO `22) initiated the study of concretely efficient schemes based on well-understood assumptions in the random oracle model.
However, these schemes still have several major drawbacks:
1) The signer is required to keep state; 2) The computation grows linearly with the number of signing interactions, making the schemes impractical; 3) The schemes require at least five moves of interaction.
In this paper, we introduce a blind signature scheme that eliminates all of the above drawbacks at the same time.
Namely, we show a round-optimal, concretely efficient, concurrently secure, and stateless blind signature scheme in which communication and computation are independent of the number of signing interactions. Our construction also naturally generalizes to the partially blind signature setting.
Our scheme is based on the CDH assumption in the asymmetric pairing setting and can be instantiated using a standard BLS curve. We obtain signature and communication sizes of 9KB and 36KB, respectively.
To further improve the efficiency of our scheme, we show how to obtain a scheme with better amortized communication efficiency. Our approach batches the issuing of signatures for multiple messages
Privacy Enhancing Protocols using Pairing Based Cryptography
This thesis presents privacy enhanced cryptographic constructions,
consisting of formal definitions, algorithms and motivating
applications. The contributions are a step towards the development of
cryptosystems which, from the design phase, incorporate privacy as a
primary goal. Privacy offers a form of protection over personal and
other sensitive data to individuals, and has been the subject of much
study in recent years.
Our constructions are based on a special type of algebraic group called
bilinear groups. We present existing cryptographic constructions which
use bilinear pairings, namely Identity-Based Encryption (IBE). We define
a desirable property of digital signatures, blindness, and present new
IBE constructions which incorporate this property.
Blindness is a desirable feature from a privacy perspective as it allows
an individual to obscure elements such as personal details in the data
it presents to a third party. In IBE, blinding focuses on obscuring
elements of the identity string which an individual presents to the key
generation centre. This protects an individual's privacy in a direct
manner by allowing her to blind sensitive elements of the identity
string and also prevents a key generation centre from subsequently
producing decryption keys using her full identity string. Using blinding
techniques, the key generation centre does not learn the full identity
string.
In this thesis, we study selected provably-secure cryptographic
constructions. Our contribution is to reconsider the design of such
constructions with a view to incorporating privacy. We present the new,
privacy-enhanced cryptographic protocols using these constructions as
primitives. We refine useful existing security notions and present
feasible security definitions and proofs for these constructions
Transferable Constant-Size Fair E-Cash
International audienceWe propose a new blind certification protocol that provides interesting properties while remaining efficient. It falls in the Groth-Sahai framework for witness-indistinguishable proofs, thus extended to a certified signature it immediately yields non-frameable group signatures. We then use it to build an efficient (offline) e-cash system that guarantees user anonymity and transferability of coins without increasing their size. As required for fair e-cash, in case of fraud, anonymity can be revoked by an authority, which is also crucial to deter from double spending
- âŠ