29,244 research outputs found
Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model
Strongly unforgeable signature schemes provide a more stringent security
guarantee than the standard existential unforgeability. It requires that not
only forging a signature on a new message is hard, it is infeasible as well to
produce a new signature on a message for which the adversary has seen valid
signatures before. Strongly unforgeable signatures are useful both in practice
and as a building block in many cryptographic constructions.
This work investigates a generic transformation that compiles any
existential-unforgeable scheme into a strongly unforgeable one, which was
proposed by Teranishi et al. and was proven in the classical random-oracle
model. Our main contribution is showing that the transformation also works
against quantum adversaries in the quantum random-oracle model. We develop
proof techniques such as adaptively programming a quantum random-oracle in a
new setting, which could be of independent interest. Applying the
transformation to an existential-unforgeable signature scheme due to Cash et
al., which can be shown to be quantum-secure assuming certain lattice problems
are hard for quantum computers, we get an efficient quantum-secure strongly
unforgeable signature scheme in the quantum random-oracle model.Comment: 15 pages, to appear in Proceedings TQC 201
Signcryption schemes with threshold unsigncryption, and applications
The final publication is available at link.springer.comThe goal of a signcryption scheme is to achieve the same functionalities as encryption and signature together, but in a more efficient way than encrypting and signing separately. To increase security and reliability in some applications, the unsigncryption phase can be distributed among a group of users, through a (t, n)-threshold process. In this work we consider this task of threshold unsigncryption, which has received very few attention from the cryptographic literature up to now (maybe surprisingly, due to its potential applications). First we describe in detail the security requirements that a scheme for such a task should satisfy: existential unforgeability and indistinguishability, under insider chosen message/ciphertext attacks, in a multi-user setting. Then we show that generic constructions of signcryption schemes (by combining encryption and signature schemes) do not offer this level of security in the scenario of threshold unsigncryption. For this reason, we propose two new protocols for threshold unsigncryption, which we prove to be secure, one in the random oracle model and one in the standard model. The two proposed schemes enjoy an additional property that can be very useful. Namely, the unsigncryption protocol can be divided in two phases: a first one where the authenticity of the ciphertext is verified, maybe by a single party; and a second one where the ciphertext is decrypted by a subset of t receivers, without using the identity of the sender. As a consequence, the schemes can be used in applications requiring some level of anonymity, such as electronic auctions.Peer ReviewedPostprint (author's final draft
Introducing Accountability to Anonymity Networks
Many anonymous communication (AC) networks rely on routing traffic through
proxy nodes to obfuscate the originator of the traffic. Without an
accountability mechanism, exit proxy nodes risk sanctions by law enforcement if
users commit illegal actions through the AC network. We present BackRef, a
generic mechanism for AC networks that provides practical repudiation for the
proxy nodes by tracing back the selected outbound traffic to the predecessor
node (but not in the forward direction) through a cryptographically verifiable
chain. It also provides an option for full (or partial) traceability back to
the entry node or even to the corresponding user when all intermediate nodes
are cooperating. Moreover, to maintain a good balance between anonymity and
accountability, the protocol incorporates whitelist directories at exit proxy
nodes. BackRef offers improved deployability over the related work, and
introduces a novel concept of pseudonymous signatures that may be of
independent interest.
We exemplify the utility of BackRef by integrating it into the onion routing
(OR) protocol, and examine its deployability by considering several
system-level aspects. We also present the security definitions for the BackRef
system (namely, anonymity, backward traceability, no forward traceability, and
no false accusation) and conduct a formal security analysis of the OR protocol
with BackRef using ProVerif, an automated cryptographic protocol verifier,
establishing the aforementioned security properties against a strong
adversarial model
Discovery and Measurement of Sleptons, Binos, and Winos with a Z'
Extensions of the MSSM could significantly alter its phenomenology at the
LHC. We study the case in which the MSSM is extended by an additional U(1)
gauge symmetry, which is spontaneously broken at a few TeV. The production
cross-section of sleptons is enhanced over that of the MSSM by the process
, so the discovery potential for
sleptons is greatly increased. The flavor and charge information in the
resulting decay, , provides a useful handle on
the identity of the LSP. With the help of the additional kinematical constraint
of an on-shell Z', we implement a novel method to measure all of the
superpartner masses involved in this channel. For certain final states with two
invisible particles, one can construct kinematic observables bounded above by
parent particle masses. We demonstrate how output from one such observable,
m_T2, can become input to a second, increasing the number of measurements one
can make with a single decay chain. The method presented here represents a new
class of observables which could have a much wider range of applicability.Comment: 20 pages, 15 figures; v2 references added and minor change
Point symmetries in the Hartree-Fock approach: Symmetry-breaking schemes
We analyze breaking of symmetries that belong to the double point group
D2h(TD) (three mutually perpendicular symmetry axes of the second order,
inversion, and time reversal). Subgroup structure of the D2h(TD) group
indicates that there can be as much as 28 physically different, broken-symmetry
mean-field schemes --- starting with solutions obeying all the symmetries of
the D2h(TD) group, through 26 generic schemes in which only a non-trivial
subgroup of D2h(TD) is conserved, down to solutions that break all of the
D2h(TD) symmetries. Choices of single-particle bases and the corresponding
structures of single-particle hermitian operators are discussed for several
subgroups of D2h(TD).Comment: 10 RevTeX pages, companion paper in nucl-th/991207
- …