Anonymous probabilistic payment in payment hub

Privacy protection and scalability are significant issues with blockchain. We propose an anonymous probabilistic payment under the general functionality for solving them. We consider the situation that several payers pay several payees through a tumbler. We have mediated the tumbler of the payment channel hub between payers and payees. Unlinkability means that the link, which payer pays which payee via the tumbler, is broken. A cryptographic puzzle plays a role in controlling the intermediation and execution of transactions. Masking the puzzle enables the payer and the payee to unlink their payments. The overview of the proposed protocol is similar to TumbleBit (NDSS 2017). We confirm the protocol realizes the ideal functionalities discussed in TumbleBit. The functionality required for our proposal is the hashed time lock contract that various cryptocurrencies use. This request is general, not restricted to any particular cryptocurrency. Our proposal includes a probabilistic payment. In probabilistic payment, one pays an ordinary mount with a certain probability. One pays a small amount as an expected value. One can run fewer transactions than a deterministic payment. It contributes scalability. We introduce a novel fractional oblivious transfer for probabilistic payment. We call it the ring fractional oblivious transfer (RFOT). RFOT is based on the ring learning with errors (RLWE) encryption. Our trick is based on the fact that an element of the ring is indistinguishable from the circular shifted element. We confirm that RFOT holds the properties of fractional hiding and binding presented in the DAM scheme (Eurocrypt 2017)

A Generic Construction of an Anonymous Reputation System and Instantiations from Lattices

With an anonymous reputation system one can realize the process of rating sellers anonymously in an online shop. While raters can stay anonymous, sellers still have the guarantee that they can be only be reviewed by raters who bought their product.We present the first generic construction of a reputation system from basic building blocks, namely digital signatures, encryption schemes, non-interactive zero-knowledge proofs, and linking indistinguishable tags. We then show the security of the reputation system in a strong security model. Among others, we instantiate the generic construction with building blocks based on lattice problems, leading to the first module lattice-based reputation system

Efficient Set Membership Proofs using MPC-in-the-Head

Set membership proofs are an invaluable part of privacy preserving systems. These proofs allow a prover to demonstrate knowledge of a witness $w$ corresponding to a secret element $x$ of a public set, such that they jointly satisfy a given NP relation, {\em i.e.} $\mathcal{R}(w,x)=1$ and $x$ is a member of a public set $\{x_1, \ldots, x_\ell\}$. This allows the identity of the prover to remain hidden, eg. ring signatures and confidential transactions in cryptocurrencies. In this work, we develop a new technique for efficiently adding logarithmic-sized set membership proofs to any MPC-in-the-head based zero-knowledge protocol (Ishai et al. [STOC\u2707]). We integrate our technique into an open source implementation of the state-of-the-art, post quantum secure zero-knowledge protocol of Katz et al. [CCS\u2718]. We find that using our techniques to construct ring signatures results in signatures (based only on symmetric key primitives) that are between 5 and 10 times smaller than state-of-the-art techniques based on the same assumptions. We also show that our techniques can be used to efficiently construct post-quantum secure RingCT from only symmetric key primitives

Practical UC-Secure Zero-Knowledge Smart Contracts

Zero-knowledge defines that verifier(s) learns nothing but predefined statement(s); e.g., verifiers learn nothing except the program\u27s path for the respective transaction in a zero-knowledge contract program. Intra-Privacy or insiders\u27 zero-knowledge --- ability to maintain a secret in a multi-party computation --- is an essential security property for smart contracts of Confidential Transactions (CT). Otherwise, the users have to reveal their confidential coin amounts to each other even if it is not a condition of the contract, contradicting the idea of zero-knowledge. For example, in an escrow contract, the escrow should not learn buyers\u27 or sellers\u27 account balances if the escrow has to pay into their accounts. Current private computational platforms, including homomorphic encryption and (ZK-)SNARK, can not be used in CT\u27s smart contracts because homomorphic encryption requires secret key sharing, and (ZK-)SNARK requires a different setup for each computation which has to be stored on the blockchain. Existing private smart contracts are not intra-private even though they are inter-private --- participants can maintain secrets from verifiers but not from other participants, accordingly. To fill this research gap, we introduce the notion of ``Confidential Integer Processing\u27\u27 (CIP) with two intra-private single-setup zero-knowledge programming protocols, (1) ``CIP-DLP\u27\u27 from the Discrete Log Problem (DLP) targeting Ring/Aggregable CT like Monero and Mimblewimble, and (2) ``CIP-SIS\u27\u27 from Approximate (Ring-Modular-) Short Integer Solution Problem (Approx-SIS) aiming at lattice-based Ring/Aggregable CT. To the best of our knowledge, our CIP protocols are the first practical public zero-knowledge contract protocols that are also secure under the Universal Composability (UC) framework without any hardware magic or trusted offline computations

On Lattice-Based Signatures with Advanced Functionalities

Lattice-based cryptography is a prominent class of cryptographic systems that has been emerged as one of the main candidates replacing classical cryptography in future computing environments such as quantum computing. Quantum computers exploit quantum mechanical phenomena to solve computational problems, on which the security of currently deployed (classical) cryptographic systems is based. While these computational problems, e.g., factoring integers and computing discrete logarithms, are intractable for conventional (classical) computers, it is meanwhile known that they can be easily solved on quantum computers (Shor 1997). However, lattice problems, such as finding short non-zero vectors, seem to withstand attacks having quantum computing power. In the last two decades we have seen many cryptographic proposals based on lattices. In particular, lattice-based (ordinary) signature schemes were greatly improved with respect to efficiency and security. This can be observed from the post-quantum standardization process initiated by the National Institute of Standards and Technology (NIST). In fact, from the five signature schemes that have been submitted to this process, there are currently three finalists, where two of them are lattice-based submissions. In this thesis, we are specifically interested in lattice-based signature schemes with advanced functionalities. In addition to the basic security goals that an ordinary signature scheme ensures, i.e., authentication, non-repudiation, and integrity, these schemes provide features that are application-specific. While ordinary signature schemes based on lattices are ready to be deployed in practice, this statement cannot be made for lattice-based signature schemes with advanced functionalities. This thesis makes a significant progress towards deploying the aforementioned type of signature schemes in practice. With focus on privacy-preserving applications in future computing environments, we particularly facilitate the protection of secret keys in cryptocurrencies such as Bitcoin and Ethereum. We provide practical solutions to anonymous e-cash, anonymous credentials, smart contracts, and e-voting. We believe that our techniques can be used to develop further advanced signature schemes to be deployed in other application scenarios. For instance, in information security systems that perform critical operations such as distributed key generation, anonymization of medical data, and updating reliable routing information

Oblivious Homomorphic Encryption

In this paper, we introduce Oblivious Homomorphic Encryption (OHE) which provably separates the computation spaces of multiple clients of a fully homomorphic encryption (FHE) service while keeping the evaluator blind about whom a result belongs. We justify the importance of this strict isolation property of OHE by showing an attack on a recently proposed key-private cryptocurrency scheme. Our two OHE constructions are based on a puncturing function where the evaluator can effectively mask ciphertexts from rogue and potentially colluding clients. In the first construction OHE1, we show that this can be im- plemented via an FHE scheme (with key privacy and weak wrong-key decryption properties) plus an anonymous commitment scheme. The second construction OHE2, for flexibility of primitive choice, achieves this via a combination of a standard FHE scheme, an encryption scheme with key privacy and weak wrong-key decryption, and an anonymous commitment scheme. OHE can be used to provide provable anonymity to cloud applications, single server implementations of anonymous messaging as well as account-based cryptocurrencies

Actas de las VI Jornadas Nacionales (JNIC2021 LIVE)

Estas jornadas se han convertido en un foro de encuentro de los actores más relevantes en el ámbito de la ciberseguridad en España. En ellas, no sólo se presentan algunos de los trabajos científicos punteros en las diversas áreas de ciberseguridad, sino que se presta especial atención a la formación e innovación educativa en materia de ciberseguridad, y también a la conexión con la industria, a través de propuestas de transferencia de tecnología. Tanto es así que, este año se presentan en el Programa de Transferencia algunas modificaciones sobre su funcionamiento y desarrollo que han sido diseñadas con la intención de mejorarlo y hacerlo más valioso para toda la comunidad investigadora en ciberseguridad