Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model

Strongly unforgeable signature schemes provide a more stringent security guarantee than the standard existential unforgeability. It requires that not only forging a signature on a new message is hard, it is infeasible as well to produce a new signature on a message for which the adversary has seen valid signatures before. Strongly unforgeable signatures are useful both in practice and as a building block in many cryptographic constructions. This work investigates a generic transformation that compiles any existential-unforgeable scheme into a strongly unforgeable one, which was proposed by Teranishi et al. and was proven in the classical random-oracle model. Our main contribution is showing that the transformation also works against quantum adversaries in the quantum random-oracle model. We develop proof techniques such as adaptively programming a quantum random-oracle in a new setting, which could be of independent interest. Applying the transformation to an existential-unforgeable signature scheme due to Cash et al., which can be shown to be quantum-secure assuming certain lattice problems are hard for quantum computers, we get an efficient quantum-secure strongly unforgeable signature scheme in the quantum random-oracle model.Comment: 15 pages, to appear in Proceedings TQC 201

CDEdit: A Highly Applicable Redactable Blockchain with Controllable Editing Privilege and Diversified Editing Types

Redactable blockchains allow modifiers or voting committees with modification privileges to edit the data on the chain. Trapdoor holders in chameleon-based hash redactable blockchains can quickly compute hash collisions for arbitrary data, and without breaking the link of the hash-chain. However, chameleon-based hash redactable blockchain schemes have difficulty solving the problem of multi-level editing requests and competing for modification privileges. In this paper, we propose CDEdit, a highly applicable redactable blockchain with controllable editing privilege and diversified editing types. The proposed scheme increases the cost of invalid or malicious requests by paying the deposit on each edit request. At the same time, the editing privilege is subdivided into request, modification, and verification privileges, and the modification privilege token is distributed efficiently to prevent the abuse of the modification privilege and collusion attacks. We use chameleon hashes with ephemeral trapdoor (CHET) and ciphertext policy attribute-based encryption (CP-ABE) to implement two editing types of transaction-level and block-level, and present a practical instantiation and security analysis. Finally, the implementation and evaluation show that our scheme only costs low-performance overhead and is suitable for multi-level editing requests and modification privilege competition scenarios.Comment: 11 pages, 6 figure

Adaptive Oblivious Transfer and Generalization

International audienceOblivious Transfer (OT) protocols were introduced in the seminal paper of Rabin, and allow a user to retrieve a given number of lines (usually one) in a database, without revealing which ones to the server. The server is ensured that only this given number of lines can be accessed per interaction, and so the others are protected; while the user is ensured that the server does not learn the numbers of the lines required. This primitive has a huge interest in practice, for example in secure multi-party computation, and directly echoes to Symmetrically Private Information Retrieval (SPIR). Recent Oblivious Transfer instantiations secure in the UC framework suf- fer from a drastic fallback. After the first query, there is no improvement on the global scheme complexity and so subsequent queries each have a global complexity of O(|DB|) meaning that there is no gain compared to running completely independent queries. In this paper, we propose a new protocol solving this issue, and allowing to have subsequent queries with a complexity of O(log(|DB|)), and prove the protocol security in the UC framework with adaptive corruptions and reliable erasures. As a second contribution, we show that the techniques we use for Obliv- ious Transfer can be generalized to a new framework we call Oblivi- ous Language-Based Envelope (OLBE). It is of practical interest since it seems more and more unrealistic to consider a database with uncontrolled access in access control scenarii. Our approach generalizes Oblivious Signature-Based Envelope, to handle more expressive credentials and requests from the user. Naturally, OLBE encompasses both OT and OSBE, but it also allows to achieve Oblivious Transfer with fine grain access over each line. For example, a user can access a line if and only if he possesses a certificate granting him access to such line. We show how to generically and efficiently instantiate such primitive, and prove them secure in the Universal Composability framework, with adaptive corruptions assuming reliable erasures. We provide the new UC ideal functionalities when needed, or we show that the existing ones fit in our new framework. The security of such designs allows to preserve both the secrecy of the database values and the user credentials. This symmetry allows to view our new approach as a generalization of the notion of Symmetrically PIR

LiS: Lightweight Signature Schemes for continuous message authentication in cyber-physical systems

Agency for Science, Technology and Research (A*STAR) RIE 202

Still Wrong Use of Pairings in Cryptography

Several pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too inefficient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/efficiency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page

The coexistence between Blockchain and GDPR

The constant evolution of technology sometimes cannot avoid conflict with the parallel evolution of surrounding regulations and legislation. This dissertation highlights the Blockchain architectural design and its inherent and apparent incompatibility with the standing European directives concerning General Data Protection Regulation (GDPR) thanks to one of its most prominent features - immutability. As Blockchain-based solutions emerge and their adoption increases, the concerns about current regulation regarding storage of personal data and the conciliation with the Blockchain’s model arises. As a consequence, this research aims to find out a practical way of making Blockchains compatible with GDPR and providing a solution, with the elaboration of a Proof of Concept, along with interviews to experts of Blockchain and GDPR’s fields with the purpose of obtaining results and drawing conclusions.A constante evolução que categoriza a tecnologia não pode, por vezes, evitar conflitos com a evolução paralela de regulamentos e de legislações envolventes. Esta dissertação destaca a discrepância entre a arquitetura inerente dos sistemas de Blockchain e a sua incompatibilidade aparente e inerente às diretrizes europeias assentes sobre o Regulamento Geral de Proteção de Dados, graças a uma das suas características mais importantes – imutabilidade. À medida que as soluções baseadas em Blockchain surgem e a sua adopção aumenta, surgem preocupações sobre a regulamentação atual em relação ao armazenamento de dados pessoais e a conciliação com o modelo da Blockchain. Consequentemente, esta pesquisa tem como objectivo descobrir uma maneira prática de tornar a tecnologia Blockchain compatível com o Regulamento Geral de Proteção de Dados e fornecer uma solução através da elaboração de uma Prova de Conceito, além de entrevistas com especialistas das áreas de Blockchain e Regulamento Geral de Proteção de Dados com o objetivo de obter resultados e tirar conclusões

CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows: 1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder. 2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agent’s capabilities. 3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information. 4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures. Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption