Secure communications over insecure channels based on short authenticated strings

We propose a way to establish peer-to-peer authenticated communications over an insecure channel by using an extra channel which can authenticate very short strings, e.g. 15 bits. We call this SAS-based authentication as for authentication based on short authenticated strings. The extra channel uses a weak notion of authentication in which strings cannot be forged nor modified, but whose delivery can be maliciously stalled, canceled, or replayed. Our protocol is optimal and relies on an extractable or equivocable commitment scheme. This approach offers an alternative (or complement) to public-key infrastructures, since we no longer need any central authority, and to password-based authenticated key exchange, since we no longer need to establish a confidential password. It can be used to establish secure associations in ad-hoc networks. Applications could be the authentication of a public key (e.g. for SSH or PGP) by users over the telephone, the user-aided pairing of wireless (e.g. BIuetooth) devices, or the restore of secure associations in a disaster case, namely when one remote peer had his long-term keys corrupte

Improving Practical UC-Secure Commitments based on the DDH Assumption

At Eurocrypt 2011, Lindell presented practical static and adaptively UC-secure commitment schemes based on the DDH assumption. Later, Blazy {\etal} (at ACNS 2013) improved the efficiency of the Lindell\u27s commitment schemes. In this paper, we present static and adaptively UC-secure commitment schemes based on the same assumption and further improve the communication and computational complexity, as well as the size of the common reference string

GUC-Secure Set-Intersection Computation

Secure set-intersection computation is one of important problems in the field of secure multiparty computation with valuable applications. We propose a very gerneral construction for 2-party set-intersection computation based-on anonymous IBE scheme and its user private-keys blind generation techniques. Compared with recently-proposed protocols, e.g., those of Freedman-Nissim-Pinkas, Kissner-Song and Hazay-Lindell, this construction is provabley GUC-secure in standard model with acceptable efficiency. For this goal a new notion of non-malleable zero-knowledge proofs of knowledge and its efficient general construction is presented. In addition, we present an efficient instantiation of this general construction via anonymous Boyen-Waters IBE scheme

GUC-Secure Join Operator in Distributed Relational Database

Secure Join-operator computation in distributed relational databases is one of important problems in the field of secure multiparty computation with valuable applications. We propose a gerneral construction for 2-party Join computation based-on anonymous IBE scheme and its user private-keys blind generation techniques. The construction is GUC(Generalized Universally Composable) secure in standard model. For this goal a new notion of non-malleable zero-knowledge proofs of knowledge and its efficient general construction is also presented

Anonymous Lottery in the Proof-of-Stake Setting

When Proof-of-Stake (PoS) underlies a consensus protocol, parties who are eligible to participate in the protocol are selected via a public selection function that depends on the stake they own. Identity and stake of the selected parties must then be disclosed in order to allow verification of their eligibility, and this can raise privacy concerns. In this paper, we present a modular approach for addressing the identity leaks of selection functions, decoupling the problem of implementing an anonymous selection of the participants, from the problem of implementing others task, e.g. consensus. We present an ideal functionality for anonymous selection that can be more easily composed with other protocols. We then show an instantiation of our anonymous selection functionality based on the selection function of Algorand

UC Commitments for Modular Protocol Design and Applications to Revocation and Attribute Tokens

Complex cryptographic protocols are often designed from simple cryptographic primitives, such as signature schemes, encryption schemes, verifiable random functions, and zero-knowledge proofs, by bridging between them with commitments to some of their inputs and outputs. Unfortunately, the known universally composable (UC) functionalities for commitments and the cryptographic primitives mentioned above do not allow such constructions of higher-level protocols as hybrid protocols. Therefore, protocol designers typically resort to primitives with property-based definitions, often resulting in complex monolithic security proofs that are prone to mistakes and hard to verify. We address this gap by presenting a UC functionality for non-interactive commitments that enables modular constructions of complex protocols within the UC framework. We also show how the new functionality can be used to construct hybrid protocols that combine different UC functionalities and use commitments to ensure that the same inputs are provided to different functionalities. We further provide UC functionalities for attribute tokens and revocation that can be used as building blocks together with our UC commitments. As an example of building a complex system from these new UC building blocks, we provide a construction (a hybrid protocol) of anonymous attribute tokens with revocation. Unlike existing accumulator-based schemes, our scheme allows one to accumulate several revocation lists into a single commitment value and to hide the revocation status of a user from other users and verifiers

One Round Threshold ECDSA with Identifiable Abort

Threshold ECDSA signatures have received much attention in recent years due to the widespread use of ECDSA in cryptocurrencies. While various protocols now exist that admit efficient distributed key generation and signing, these protocols have two main drawbacks. Firstly, if a player misbehaves, the protocol will abort, but all current protocols give no way to detect which player is responsible for the abort. In distributed settings, this can be catastrophic as any player can cause the protocol to fail without any consequence. General techniques to realize dishonest-majority MPC with identifiable abort add a prohibitive overhead, but we show how to build a tailored protocol for threshold ECDSA with minimal overhead. Secondly, current threshold ECDSA protocols (that do not rely on generic MPC) have numerous rounds of interaction. We present a highly efficient protocol with a non-interactive online phase allowing for players to asynchronously participate in the protocol without the need to be online simultaneously. We benchmark our protocols and find that our protocol simultaneously reduces the rounds and computations of current protocols, while adding significant functionality: identifiable abort and noninteractivity