839 research outputs found
Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes
We present here a new family of trapdoor one-way Preimage Sampleable
Functions (PSF) based on codes, the Wave-PSF family. The trapdoor function is
one-way under two computational assumptions: the hardness of generic decoding
for high weights and the indistinguishability of generalized -codes.
Our proof follows the GPV strategy [GPV08]. By including rejection sampling, we
ensure the proper distribution for the trapdoor inverse output. The domain
sampling property of our family is ensured by using and proving a variant of
the left-over hash lemma. We instantiate the new Wave-PSF family with ternary
generalized -codes to design a "hash-and-sign" signature scheme which
achieves existential unforgeability under adaptive chosen message attacks
(EUF-CMA) in the random oracle model. For 128 bits of classical security,
signature sizes are in the order of 15 thousand bits, the public key size in
the order of 4 megabytes, and the rejection rate is limited to one rejection
every 10 to 12 signatures.Comment: arXiv admin note: text overlap with arXiv:1706.0806
CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS
In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows:
1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder.
2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agentâs capabilities.
3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information.
4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures.
Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption
Fiat-Shamir for highly sound protocols is instantiable
The FiatâShamir (FS) transformation (Fiat and Shamir, Crypto '86) is a popular paradigm for constructing very efficient non-interactive zero-knowledge (NIZK) arguments and signature schemes from a hash function and any three-move interactive protocol satisfying certain properties. Despite its wide-spread applicability both in theory and in practice, the known positive results for proving security of the FS paradigm are in the random oracle model only, i.e., they assume that the hash function is modeled as an external random function accessible to all parties. On the other hand, a sequence of negative results shows that for certain classes of interactive protocols, the FS transform cannot be instantiated in the standard model.
We initiate the study of complementary positive results, namely, studying classes of interactive protocols where the FS transform does have standard-model instantiations. In particular, we show that for a class of âhighly soundâ protocols that we define, instantiating the FS transform via a q-wise independent hash function yields NIZK arguments and secure signature schemes. In the case of NIZK, we obtain a weaker âq-boundedâ zero-knowledge flavor where the simulator works for all adversaries asking an a-priori bounded number of queries q; in the case of signatures, we obtain the weaker notion of random-message unforgeability against q-bounded random message attacks.
Our main idea is that when the protocol is highly sound, then instead of using random-oracle programming, one can use complexity leveraging. The question is whether such highly sound protocols exist and if so, which protocols lie in this class. We answer this question in the affirmative in the common reference string (CRS) model and under strong assumptions. Namely, assuming indistinguishability obfuscation and puncturable pseudorandom functions we construct a compiler that transforms any 3-move interactive protocol with instance-independent commitments and simulators (a property satisfied by the LapidotâShamir protocol, Crypto '90) into a compiled protocol in the CRS model that is highly sound. We also present a second compiler, in order to be able to start from a larger class of protocols, which only requires instance-independent commitments (a property for example satisfied by the classical protocol for quadratic residuosity due to Blum, Crypto '81). For the second compiler we require dual-mode commitments.
We hope that our work inspires more research on classes of (efficient) 3-move protocols where FiatâShamir is (efficiently) instantiable
Shared and searchable encrypted data for untrusted servers
Current security mechanisms are not suitable for organisations that outsource their data management to untrusted servers. Encrypting and decrypting sensitive data at the client side is the normal approach in this situation but has high communication and computation overheads if only a subset of the data is required, for example, selecting records in a database table based on a keyword search. New cryptographic schemes have been proposed that support encrypted queries over encrypted data. But they all depend on a single set of secret keys, which implies single user access or sharing keys among multiple users, with key revocation requiring costly data re-encryption. In this paper, we propose an encryption scheme where each authorised user in the system has his own keys to encrypt and decrypt data. The scheme supports keyword search which enables the server to return only the encrypted data that satisfies an encrypted query without decrypting it. We provide a concrete construction of the scheme and give formal proofs of its security. We also report on the results of our implementation
Publicly-Verifiable Deletion via Target-Collapsing Functions
We build quantum cryptosystems that support publicly-verifiable deletion from
standard cryptographic assumptions. We introduce target-collapsing as a
weakening of collapsing for hash functions, analogous to how second preimage
resistance weakens collision resistance; that is, target-collapsing requires
indistinguishability between superpositions and mixtures of preimages of an
honestly sampled image.
We show that target-collapsing hashes enable publicly-verifiable deletion
(PVD), proving conjectures from [Poremba, ITCS'23] and demonstrating that the
Dual-Regev encryption (and corresponding fully homomorphic encryption) schemes
support PVD under the LWE assumption. We further build on this framework to
obtain a variety of primitives supporting publicly-verifiable deletion from
weak cryptographic assumptions, including:
- Commitments with PVD assuming the existence of injective one-way functions,
or more generally, almost-regular one-way functions. Along the way, we
demonstrate that (variants of) target-collapsing hashes can be built from
almost-regular one-way functions.
- Public-key encryption with PVD assuming trapdoored variants of injective
(or almost-regular) one-way functions. We also demonstrate that the encryption
scheme of [Hhan, Morimae, and Yamakawa, Eurocrypt'23] based on pseudorandom
group actions has PVD.
- with PVD for attribute-based encryption, quantum
fully-homomorphic encryption, witness encryption, time-revocable
encryption, assuming and trapdoored variants of injective (or
almost-regular) one-way functions.Comment: 52 page
An Overview of Cryptographic Accumulators
This paper is a primer on cryptographic accumulators and how to apply them
practically. A cryptographic accumulator is a space- and time-efficient data
structure used for set-membership tests. Since it is possible to represent any
computational problem where the answer is yes or no as a set-membership
problem, cryptographic accumulators are invaluable data structures in computer
science and engineering. But, to the best of our knowledge, there is neither a
concise survey comparing and contrasting various types of accumulators nor a
guide for how to apply the most appropriate one for a given application.
Therefore, we address that gap by describing cryptographic accumulators while
presenting their fundamental and so-called optional properties. We discuss the
effects of each property on the given accumulator's performance in terms of
space and time complexity, as well as communication overhead.Comment: Note: This is an extended version of a paper published In Proceedings
of the 7th International Conference on Information Systems Security and
Privacy (ICISSP 2021), pages 661-66
- âŠ