246,156 research outputs found
On the efficiency of revocation in RSA-based anonymous systems
© 2016 IEEEThe problem of revocation in anonymous authentication systems is subtle and has motivated a lot of work. One of the preferable solutions consists in maintaining either a whitelist L-W of non-revoked users or a blacklist L-B of revoked users, and then requiring users to additionally prove, when authenticating themselves, that they are in L-W (membership proof) or that they are not in L-B (non-membership proof). Of course, these additional proofs must not break the anonymity properties of the system, so they must be zero-knowledge proofs, revealing nothing about the identity of the users. In this paper, we focus on the RSA-based setting, and we consider the case of non-membership proofs to blacklists L = L-B. The existing solutions for this setting rely on the use of universal dynamic accumulators; the underlying zero-knowledge proofs are bit complicated, and thus their efficiency; although being independent from the size of the blacklist L, seems to be improvable. Peng and Bao already tried to propose simpler and more efficient zero-knowledge proofs for this setting, but we prove in this paper that their protocol is not secure. We fix the problem by designing a new protocol, and formally proving its security properties. We then compare the efficiency of the new zero-knowledge non-membership protocol with that of the protocol, when they are integrated with anonymous authentication systems based on RSA (notably, the IBM product Idemix for anonymous credentials). We discuss for which values of the size k of the blacklist L, one protocol is preferable to the other one, and we propose different ways to combine and implement the two protocols.Postprint (author's final draft
Redactable Signature Schemes and Zero-knowledge Proofs: A comparative examination for applications in Decentralized Digital Identity Systems
Redactable Signature Schemes and Zero-Knowledge Proofs are two radically
different approaches to enable privacy. This paper analyses their merits and
drawbacks when applied to decentralized identity system. Redactable Signatures,
though competitively quick and compact, are not as expressive as zero-knowledge
proofs and do not provide the same level of privacy. On the other hand,
zero-knowledge proofs can be much faster but some protocols require a trusted
set-up. We conclude that given the benefits and drawbacks, redactable
signatures are more appropriate at an earlier stage and zero-knowledge proofs
are more appropriate at a later stage for decentralized identity systemsComment: 9 Pages, Trustworthy digital identity international conference 202
Certified Impossibility Results for Byzantine-Tolerant Mobile Robots
We propose a framework to build formal developments for robot networks using
the COQ proof assistant, to state and to prove formally various properties. We
focus in this paper on impossibility proofs, as it is natural to take advantage
of the COQ higher order calculus to reason about algorithms as abstract
objects. We present in particular formal proofs of two impossibility results
forconvergence of oblivious mobile robots if respectively more than one half
and more than one third of the robots exhibit Byzantine failures, starting from
the original theorems by Bouzid et al.. Thanks to our formalization, the
corresponding COQ developments are quite compact. To our knowledge, these are
the first certified (in the sense of formally proved) impossibility results for
robot networks
Synthesizing Certified Code
Code certification is a lightweight approach for formally demonstrating software quality. Its basic idea is to require code producers to provide formal proofs that their code satisfies certain quality properties. These proofs serve as certificates that can be checked independently. Since code certification uses the same underlying technology as program verification, it requires detailed annotations (e.g., loop invariants) to make the proofs possible. However, manually adding annotations to the code is time-consuming and error-prone. We address this problem by combining code certification with automatic program synthesis. Given a high-level specification, our approach simultaneously generates code and all annotations required to certify the generated code. We describe a certification extension of AutoBayes, a synthesis tool for automatically generating data analysis programs. Based on built-in domain knowledge, proof annotations are added and used to generate proof obligations that are discharged by the automated theorem prover E-SETHEO. We demonstrate our approach by certifying operator- and memory-safety on a data-classification program. For this program, our approach was faster and more precise than PolySpace, a commercial static analysis tool
Isogenies of Elliptic Curves: A Computational Approach
Isogenies, the mappings of elliptic curves, have become a useful tool in
cryptology. These mathematical objects have been proposed for use in computing
pairings, constructing hash functions and random number generators, and
analyzing the reducibility of the elliptic curve discrete logarithm problem.
With such diverse uses, understanding these objects is important for anyone
interested in the field of elliptic curve cryptography. This paper, targeted at
an audience with a knowledge of the basic theory of elliptic curves, provides
an introduction to the necessary theoretical background for understanding what
isogenies are and their basic properties. This theoretical background is used
to explain some of the basic computational tasks associated with isogenies.
Herein, algorithms for computing isogenies are collected and presented with
proofs of correctness and complexity analyses. As opposed to the complex
analytic approach provided in most texts on the subject, the proofs in this
paper are primarily algebraic in nature. This provides alternate explanations
that some with a more concrete or computational bias may find more clear.Comment: Submitted as a Masters Thesis in the Mathematics department of the
University of Washingto
Concise Justifications Versus Detailed Proofs for Description Logic Entailments
We discuss explanations in Description Logics (DLs), a family of logics used for knowledge representation. Initial work on explaining consequences for DLs had focused on justifications, which are minimal subsets of axioms that entail the consequence. More recently, it was proposed that proofs can provide more detailed information about why a consequence follows. Moreover, several measures have been proposed to estimate the comprehensibility of justifications and proofs, for example, their size or the complexity of logical expressions. In this paper, we analyze the connection between these measures, e.g. whether small justifications necessarily give rise to small proofs. We use a dataset of DL proofs that was constructed last year based on the ontologies of the OWL Reasoner Evaluation 2015. We find that, in general, less complex justifications indeed correspond to less complex proofs, and discuss some exceptions to this rule
- …