Anonymous Anycast based on group signatures

Presentamos en este artículo un esquema criptográfico para la implementación de grupos Anycast dentro de un sistema de enrutamiento anónimo con n miembros, que ya cuente con una llave pública por cada uno de ellos y una llave simétrica compartida por cada pareja de los mismos. Nuestro esquema permite la comprobación de la recepción por cualquiera de los destinatarios legítimos de un mensaje y la emisión de recibos firmados digitalmente al emisor sin necesidad de generar llaves de firmado para cada uno de los 2^n posibles grupos Anycast en la red. En total se usarán n llaves asimétricas para firmas de los recibos y (n(n-1))/2 llaves simétricas para proteger las comunicaciones entre miembros. Dentro de las principales características de nuestro sistema se encuentran: i) El balanceo de cargas en redes anónimas, mientras se protege a los generadores de las peticiones de ataques de spoofing por parte de impostores. ii) Obligar a los usuarios a utilizar el sistema de balanceo de cargas, al estos no tener acceso a las direcciones de la red, pero si a las llaves de firmado, con lo cual un atacante debe realizar un ataque a escala global de la red para atacar a un grupo Anycast específico. Posibles aplicaciones del sistema incluyen tolerancia a fallas en servicios de nombres y replicación de datos.We present in this article a cryptographic scheme to implement anycastgroups in an nmember anonymous network where each participant owns a public key and there is a symmetric key for every pair of nodes. Our system allows the clients to receive a digitally signed receipt from any of the legitimate receivers of a message without ngenerating keys for each one of the 2 possible anycast groups within the network. In total we will use h assymetric keys to sign receipts and symmetric keys to protect communications between every two members. The main characteristics of our system are: i)Load balancing in anonymous networks along with spoofing protection to clients. ii)The load balancing system is mandatory and cannot be bypassed since clients do not have the network level addresses of a given anycast group, that is why in order to attack a particualr anycast group a network scale attack must be performed. Possible aplications for our system include fault tolerance, name services and data replication

Anycast anónimo basado en firmas de grupo

Presentamos en este artículo un esquema criptográfico para la implementación de grupos Anycast dentro de un sistema de enrutamiento anónimo con n miembros, que ya cuente con una llave pública por cada uno de ellos y una llave simétrica compartida por cada pareja de los mismos. Nuestro esquema permite la comprobación de la recepción por cualquiera de los destinatarios legítimos de un mensaje y la emisión de recibos firmados digitalmente al emisor sin necesidad de generar llaves de firmado para cada uno de los 2^n posibles grupos Anycast en la red. En total se usarán n llaves asimétricas para firmas de los recibos y (n(n-1))/2 llaves simétricas para proteger las comunicaciones entre miembros. Dentro de las principales características de nuestro sistema se encuentran: i) El balanceo de cargas en redes anónimas, mientras se protege a los generadores de las peticiones de ataques de spoofing por parte de impostores. ii) Obligar a los usuarios a utilizar el sistema de balanceo de cargas, al estos no tener acceso a las direcciones de la red, pero si a las llaves de firmado, con lo cual un atacante debe realizar un ataque a escala global de la red para atacar a un grupo Anycast específico. Posibles aplicaciones del sistema incluyen tolerancia a fallas en servicios de nombres y replicación de datos

Democratic Group Signatures with Threshold Traceability

Recently, democratic group signatures(DGSs) particularly catch our attention due to their great flexibilities, \emph{i.e}., \emph{no group manager}, \emph{anonymity}, and \emph{individual traceability}. In existing DGS schemes, individual traceability says that any member in the group can reveal the actual signer\u27s identity from a given signature. In this paper, we formally describe the definition of DGS, revisit its security notions by strengthening the requirement for the property of traceability, and present a concrete DGS construction with $(t, n)$-\emph{threshold traceability} which combines the concepts of group signatures and of threshold cryptography. The idea behind the $(t, n)$-threshold traceability is to distribute between $n$ group members the capability of tracing the actual signer such that any subset of not less than $t$ members can jointly reconstruct a secret and reveal the identity of the signer while preserving security even in the presence of an active adversary which can corrupt up to $t-1$ group members

Practical Group-Signatures with Privacy-Friendly Openings

Group signatures allow creating signatures on behalf of a group, while remaining anonymous. To prevent misuse, there exists a designated entity, named the opener, which can revoke anonymity by generating a proof which links a signature to its creator. Still, many intermediate cases have been discussed in the literature, where not the full power of the opener is required, or the users themselves require the power to claim (or deny) authorship of a signature and (un-)link signatures in a controlled way. However, these concepts were only considered in isolation. We unify these approaches, supporting all these possibilities simultaneously, providing fine-granular openings, even by members. Namely, a member can prove itself whether it has created a given signature (or not), and can create a proof which makes two created signatures linkable (or unlinkable resp.) in a controlled way. Likewise, the opener can show that a signature was not created by a specific member and can prove whether two signatures stem from the same signer (or not) without revealing anything else. Combined, these possibilities can make full openings irrelevant in many use-cases. This has the additional benefit that the requirements on the reachability of the opener are lessened. Moreover, even in the case of an involved opener, our framework is less privacy-invasive, as the opener no longer requires access to the signed message. Our provably secure black-box CCA-anonymous construction with dynamic joins requires only standard building blocks. We prove its practicality by providing a performance evaluation of a concrete instantiation, and show that our non-optimized implementation is competitive compared to other, less feature-rich, notions

Internet privacy protection

Anonymní autentizace slouží k autentizaci uživatelů bez odhalení jejich vlastních identifikačních údajů či osobních dat. Technologie Anonymních Autentizačních Systémů (AAS) poskytuje ochranu soukromí uživatelů a zároveň zajišťuje bezpečnost systému. Tato práce představuje základní kryptografická primitiva, kterými se anonymní autentizace může zajišťovat. Mezi tato primitiva patří některé asymetrické kryptosystémy, avšak nezbytnou součástí tvoří například protokoly na bázi nulové znalosti, slepá podpisová schémata, prahová skupinová schémata, atd., která jsou představena v kapitole 1. Obecně mají autentizační anonymní systémy uplatnění v aplikacích, jako jsou elektronické mince, elektronické hotovosti, skupinové elektronické podpisy, anonymní přístupové systémy, elektronické volby, atd., které jsou postupně analyzovány a představeny v kapitolách 2 a 3. V praktické části práce, která je popsána v kapitole 4, je představena implementace (v prostředí .NET v jazyce C#) systému AAS, který je vyvíjen na FEKT VUTBR.Anonymous authentication is a mean of authorizing a user without leakage of user personal information. The technology of Anonymous Authentication Systems (AAS) provides privacy of the user and yet preserves the security of the system. This thesis presents the basic cryptographic primitives, which can provide anonymous authentication. Among these primitives there are usually some asymmetric cryptosystems, but an essential part of anonymous authentication is based on zero knowledge protocols, blind signature schemes, threshold group schemes, etc., that are presented in Chapter 1. Generally, Anonymous Authentication Systems have application as electronic coin, electronic cash, group signatures, anonymous access systems, electronic vote, etc., which are analyzed and presented in Chapters 2 and 3. In the practical section, the implementation (in the environment .NET in C#) of the AAS system is presented and described in Chapter 4, which is being developed at the FEEC BUT.

Linkable Democratic Group Signatures

In a variety of group-oriented applications cryptographic primitives like group signatures or ring signatures are valuable methods to achieve anonymity of group members. However, in their classical form, these schemes cannot be deployed for applications that simultaneously require (i) to avoid centralized management authority like group manager and (ii) the signer to be anonymous only against nonmembers while group members have rights to trace and identify the signer