Affiliation-Hiding Authentication with Minimal Bandwidth Consumption

Part 3: Lightweight AuthenticationInternational audienceAffiliation-Hiding Authentication (AHA) protocols have the seemingly contradictory property of enabling users to authenticate each other as members of certain groups, without revealing their affiliation to group outsiders. Of particular interest in practice is the group-discovering variant, which handles multiple group memberships per user. Corresponding solutions were only recently introduced, and have two major drawbacks: high bandwidth consumption (typically several kilobits per user and affiliation), and only moderate performance in scenarios of practical application.While prior protocols have O(n2) time complexity, where n denotes the number of affiliations per user, we introduce a new AHA protocol running in O(nlogn) time. In addition, the bandwidth consumed is considerably reduced. We consider these advances a major step towards deployment of privacy-preserving methods in constraint devices, like mobile phones, to which the economization of these resources is priceless

On the Relations Between Non-Interactive Key Distribution, Identity-Based Encryption and Trapdoor Discrete Log Groups

We investigate the relationships between identity-based non-interactive key distribution and identity-based encryption. We provide constructions for these schemes that make use of general trapdoor discrete log groups. We then investigate the schemes that result in two concrete settings, obtaining new, provably secure, near-practical identity-based encryption schemes

Non-Interactive Key Exchange

Non-interactive key exchange (NIKE) is a fundamental but much-overlooked cryptographic primitive. It appears as a major contribution in the ground-breaking paper of Diffie and Hellman, but NIKE has remained largely unstudied since then. In this paper, we provide different security models for this primitive and explore the relationships between them. We then give constructions for secure NIKE in the Random Oracle Model based on the hardness of factoring and in the standard model based on the hardness of a variant of the decisional Bilinear Diffie Hellman Problem for asymmetric pairings. We also study the relationship between NIKE and public key encryption (PKE), showing that a secure NIKE scheme can be generically converted into an IND-CCA secure PKE scheme. This conversion also illustrates the fundamental nature of NIKE in public key cryptography

Provably Secure Non-Interactive Key Distribution Based on Pairings

We define a security notion for non-interactive key distribution protocols. We identify an apparently hard computational problem related to pairings, the Bilinear Diffie--Hellman problem (BDH). After extending Sakai, Ohgishi, and Kasahara's pairing based protocol to a slightly more general setting, we show that breaking the system is polynomially equivalent to solving BDH in the random oracle model and thus establish a security proof

Software implementation of pairing based cryptography for sensor networks using the MSP430 microcontroller

Orientador: Julio César López HernándezDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Redes de sensores sem fio têm se tornado populares recentemente e possuem inúmeras aplicações. Contudo, elas apresentam o desafio de como proteger suas comunicações utilizando esquemas criptográficos, visto que são compostas por dispositivos de capacidade extremamente limitada. Neste trabalho é descrita uma implementação eficiente em software, para redes de sensores sem fio, de duas tecnologias de criptografia pública: a Criptografia Baseada em Emparelhamentos (CBE) e a Criptografia de Curvas Elípticas (CCE). Nossa implementação foca a família de microcontroladores MSP430 de 16 bits, utilizada em sensores como o Tmote Sky e TelosB. Em particular, para a CBE, foram implementados algoritmos para o cálculo de emparelhamentos nas curvas MNT e BN sobre corpos primos; para a CCE, foi implementado o esquema de assinatura ECDSA sobre corpos primos para os níveis de segurança de 80 e 128 bits. As principais contribuições deste trabalho são um estudo aprofundado dos algoritmos de emparelhamentos bilineares e novas otimizações na aritmética de corpos primos para a MSP430, que consequentemente melhoram o desempenho dos criptossistemas de CBE e CCE em tal plataformaAbstract: Wireless sensor networks have become popular recently and provide many applications. However, the deployment of cryptography in sensor networks is a challenging task, given their limited computational power and resource-constrained nature. This work presents an efficient software implementation, for wireless sensor networks, of two public-key systems: Pairing-Based Cryptography (PBC) and Elliptic Curve Cryptography (ECC). Our implementation targets the MSP430 microcontroller, which is used in some sensors including the Tmote Sky and TelosB. For the PBC, we have implemented algorithms for pairing computation on MNT and BN curves over prime fields; for the ECC, the signature scheme ECDSA over prime fields for the 80-bit and 128-bit security levels. The main contributions of this work are an in-depth study of bilinear pairings algorithms and new optimizations for the prime field arithmetic in the MSP430, which improves the running times of the PBC and ECC cryptosystems on the platformMestradoTeoria da ComputaçãoMestre em Ciência da Computaçã

Distributed Key Generation and Its Applications

Numerous cryptographic applications require a trusted authority to hold a secret. With a plethora of malicious attacks over the Internet, however, it is difficult to establish and maintain such an authority in online systems. Secret-sharing schemes attempt to solve this problem by distributing the required trust to hold and use the secret over multiple servers; however, they still require a trusted {\em dealer} to choose and share the secret, and have problems related to single points of failure and key escrow. A distributed key generation (DKG) scheme overcomes these hurdles by removing the requirement of a dealer in secret sharing. A (threshold) DKG scheme achieves this using a complete distribution of the trust among a number of servers such that any subset of servers of size greater than a given threshold can reveal or use the shared secret, while any smaller subset cannot. In this thesis, we make contributions to DKG in the computational security setting and describe three applications of it. We first define a constant-size commitment scheme for univariate polynomials over finite fields and use it to reduce the size of broadcasts required for DKG protocols in the synchronous communication model by a linear factor. Further, we observe that the existing (synchronous) DKG protocols do not provide a liveness guarantee over the Internet and design the first DKG protocol for use over the Internet. Observing the necessity of long-term stability, we then present proactive security and group modification protocols for our DKG system. We also demonstrate the practicality of our DKG protocol over the Internet by testing our implementation over PlanetLab. For the applications, we use our DKG protocol to define IND-ID-CCA secure distributed private-key generators (PKGs) for three important identity-based encryption (IBE) schemes: Boneh and Franklin's BF-IBE, Sakai and Kasahara's SK-IBE, and Boneh and Boyen's BB1-IBE. These IBE schemes cover all three important IBE frameworks: full-domain-hash IBEs, exponent-inversion IBEs and commutative-blinding IBEs respectively, and our distributed PKG constructions can easily be modified for other IBE schemes in these frameworks. As the second application, we use our distributed PKG for BF-IBE to define an onion routing circuit construction mechanism in the identity-based setting, which solves the scalability problem in single-pass onion routing circuit construction without hampering forward secrecy. As the final application, we use our DKG implementation to design a threshold signature architecture for quorum-based distributed hash tables and use it to define two robust communication protocols in these peer-to-peer systems