44 research outputs found

    How to Prove Statements Obliviously?

    Get PDF
    Cryptographic applications often require proving statements about hidden secrets satisfying certain circuit relations. Moreover, these proofs must often be generated obliviously, i.e., without knowledge of the secret. This work presents a new technique called --- FRI on hidden values --- for efficiently proving such statements. This technique enables a polynomial commitment scheme for values hidden inside linearly homomorphic primitives, such as linearly homomorphic encryption, linearly homomorphic commitment, group exponentiation, fully homomorphic encryption, etc. Building on this technique, we obtain the following results. 1. An efficient SNARK for proving the honest evaluation of FHE ciphertexts. This allows for an efficiently verifiable private delegation of computation, where the client only needs to perform logarithmic many FHE computations to verify the correctness of the computation. 2. An efficient approach for privately delegating the computation of zkSNARKs to a single untrusted server, without making any non-black-box use of cryptography. All prior works require multiple servers and the assumption that some subset of the servers are honest. 3. A weighted threshold signature scheme that does not require any setup. In particular, parties may sample their own keys independently, and no distributed key generation (DKG) protocol is needed. Furthermore, the efficiency of our scheme is completely independent of the weights. Prior to this work, there were no known black-box feasibility results for any of these applications. We also investigate the use of this approach in the context of public proof aggregation. These are only a few representative applications that we explore in this paper. We expect our techniques to be widely applicable in many other scenarios

    CaSCaDE: (Time-Based) Cryptography from Space Communications DElay

    Get PDF
    Time-based cryptographic primitives such as Time-Lock Puzzles (TLPs) and Verifiable Delay Functions (VDFs) have recently found many applications to the efficient design of secure protocols such as randomness beacons or multiparty computation with partial fairness. However, current TLP and VDF candidate constructions rely on the average hardness of sequential computational problems. Unfortunately, obtaining concrete parameters for these is notoriously hard, as there cannot be a large gap between the honest parties’ and the adversary’s runtime when solving the same problem. Moreover, even a constant improvement in algorithms for solving these problems can render parameter choices, and thus deployed systems, insecure - unless very conservative and therefore highly inefficient parameters are chosen. In this work, we investigate how to construct time-based cryptographic primitives from communication delay, which has a known lower bound given the physical distance between devices: the speed of light. In order to obtain high delays, we explore the sequential communication delay that arises when sending a message through a constellation of satellites. This has the advantage that distances between protocol participants are guaranteed as positions of satellites are observable, so delay lower bounds can be easily computed. At the same time, building cryptographic primitives for this setting is challenging due to the constrained resources of satellites and possible corruptions of parties within the constellation. We address these challenges by constructing efficient proofs of sequential communication delay to convince a verifier that a message has accrued delay by traversing a path among satellites. As part of this construction, we propose the first ordered multisignature scheme with security under a version of the the discrete logarithm assumption, which enjoys constant-size signatures and, modulo preprocessing, computational complexity independent of the number of signers. Building on our proofs of sequential communication delay, we show new constructions of Publicly Verifiable TLPs and VDFs whose delay guarantees are rooted on physical communication delay lower bounds. Our protocols as well as the ordered multisignature are analysed in the Universal Composability framework using novel models for sequential communication delays and (ordered) multisignatures. A direct application of our results is a randomness beacon that only accesses expensive communication resources in case of cheating

    From Reality Keys to Oraclize. A Deep Dive into the History of Bitcoin Oracles

    Get PDF
    Before the advent of alternative blockchains such as Ethereum, the future of decentralization was all in the hands of Bitcoin. Together with Nakamoto itself, early developers were trying to leverage Bitcoin potential to decentralize traditionally centralized applications. However, being Bitcoin a decentralized machine, available non-trustless oracles were considered unsuitable. Therefore, strategies had to be elaborated to solve the so-called oracle problem in the newborn scenario. By interviewing early developers and crawling early forums and repositories, this paper aims to retrace and reconstruct the chain of events and contributions that gave birth to oracles on Bitcoin. The evolution of early trust models and approaches to solving the oracle problem is also outlined. Analyzing technical and social barriers to building oracles on Bitcoin, the transition to Ethereum will also be discussed.Comment: Literature background and methodology are deliberately omitted at this stage (preprint). To improve readability for a broader audience, the content is presented more like a stor

    hinTS: Threshold Signatures with Silent Setup

    Get PDF
    We propose hinTS --- a new threshold signature scheme built on top of the widely used BLS signatures. Our scheme enjoys the following attractive features: \begin{itemize} \item A {\em silent setup} process where the joint public key of the parties is computed as a deterministic function of their locally computed public keys. \item Support for {\em dynamic} choice of thresholds and signers, after the silent setup, without further interaction. \item Support for {\em general} access policies; in particular, native support for {\em weighted} thresholds with zero additional overhead over standard threshold setting. \item Strong security guarantees, including proactive security and forward security. \end{itemize}We prove the security of our scheme in the algebraic group model and provide implementation and extensive evaluation. Our scheme outperforms all prior proposals that aim to avoid distributed key generation in terms of aggregation time, signature size, and verification time. As an example, the aggregation time for 1000 signers is under 0.5 seconds, while both signing and verification are constant time algorithms, taking roundly 1 ms and 17.5 ms respectively. The key technical contribution of our work involves the design of special-purpose succinct proofs to {\em efficiently} prove the well-formedness of aggregated public keys. Our solution uses public ``hints\u27\u27 released by the signers as part of their public keys (hence the name hinTS)

    Locally Verifiable Signature and Key Aggregation

    Get PDF
    Aggregate signatures (Boneh, Gentry, Lynn, Shacham, Eurocrypt 2003) enable compressing a set of NN signatures on NN different messages into a short aggregate signature. This reduces the space complexity of storing the signatures from linear in NN to a fixed constant (that depends only on the security parameter). However, verifying the aggregate signature requires access to all NN messages, resulting in the complexity of verification being at least Ω(N)\Omega(N). In this work, we introduce the notion of locally verifiable aggregate signatures that enable efficient verification: given a short aggregate signature σ\sigma (corresponding to a set M\mathcal{M} of NN messages), the verifier can check whether a particular message mm is in the set, in time independent of NN. Verification does not require knowledge of the entire set M\mathcal{M}. We demonstrate many natural applications of locally verifiable aggregate signature schemes: in the context of certificate transparency logs; in blockchains; and for redacting signatures, even when all the original signatures are produced by a single user. We provide two constructions of single-signer locally verifiable aggregate signatures, the first based on the RSA assumption and the second on the bilinear Diffie-Hellman inversion assumption, both in the random oracle model. As an additional contribution, we introduce the notion of compressing cryptographic keys in identity-based encryption (IBE) schemes, show applications of this notion, and construct an IBE scheme where the secret keys for NN identities can be compressed into a single aggregate key, which can then be used to decrypt ciphertexts sent to any of the NN identities

    Secure Information Sharing with Distributed Ledgers

    Get PDF
    In 2009, blockchain technology was first introduced as the supporting database technology for digital currencies. Since then, more advanced derivations of the technology have been developed under the broader term Distributed Ledgers, with improved scalability and support for general-purpose application logic. As a distributed database, they are able to support interorganizational information sharing while assuring desirable information security attributes like non-repudiation, auditability and transparency. Based on these characteristics, researchers and practitioners alike have begun to identify a plethora of disruptive use cases for Distributed Ledgers in existing application domains. While these use cases are promising significant efficiency improvements and cost reductions, practical adoption has been slow in the past years. This dissertation focuses on improving three aspects contributing to slow adoption. First, it attempts to identify application areas and substantiated use cases where Distributed Ledgers can considerably advance the security of information sharing. Second, it considers the security aspects of the technology itself, identifying threats to practical applications and detection approaches for these threats. And third, it investigates success factors for successful interorganizational collaborations using Distributed Ledgers

    An intent-based blockchain-agnostic interaction environment

    Full text link

    Decentralizing Trust with Resilient Group Signatures in Blockchains

    Get PDF
    Blockchains have the goal of promoting the decentralization of transactions in a P2Pbased internetworking model that does not depend on centralized trust parties. Along with research on better scalability, performance, consistency control, and security guarantees in their service planes, other challenges aimed at better trust decentralization and fairness models on the research community’s agenda today. Asymmetric cryptography and digital signatures are key components of blockchain systems. As a common flaw in different blockchains, public keys and verification of single-signed transactions are handled under the principle of trust centralization. In this dissertation, we propose a better fairness and trust decentralization model by proposing a service plane for blockchains that provides support for collective digital signatures and allowing transactions to be collaboratively authenticated and verified with groupbased witnessed guarantees. The proposed solution is achieved by using resilient group signatures from randomly and dynamically assigned groups. In our approach we use Threshold-Byzantine Fault Tolerant Digital Signatures to improve the resilience and robustness of blockchain systems while preserving their decentralization nature. We have designed and implemented a modular and portable cryptographic provider that supports operations expressed by smart contracts. Our system is designed to be a service plane agnostic and adaptable to the base service planes of different blockchains. Therefore, we envision our solution as a portable, adaptable and reusable plugin service plane for blockchains, as a way to provide authenticated group-signed transactions with decentralized auditing, fairness, and long-term security guarantees and to leverage a better decentralized trust model. We conducted our experimental evaluations in a cloudbased testbench with at least sixteen blockchain nodes distributed across four different data centers, using two different blockchains and observing the proposed benefits.As blockchains tem principal objetivo de promover a descentralização das transações numa rede P2P, baseada num modelo não dependente de uma autoridade centralizada. Em conjunto com maior escalabilidade, performance, controlos de consistência e garantias de segurança nos planos de serviço, outros desafios como a melhoria do modelo de descentralização e na equidade estão na agenda da comunidade científica. Criptografia assimétrica e as assinaturas digitais são a componente chave dos sistemas de blockchains. Porém, as blockchains, chaves públicas e verificações de transações assinadas estão sobre o princípio de confiança centralizada. Nesta dissertação, vamos propor uma solução que inclui melhores condições de equidade e descentralização de confiança, modelado por um plano de serviços para a blockchain que fornece suporte para assinaturas coletivas e permite que as transações sejam autenticadas colaborativamente e verificadas com garantias das testemunhadas. Isto será conseguido usando assinaturas resilientes para grupos formados de forma aleatória e dinamicamente. A nossa solução para melhorar a resiliência das blockchains e preservar a sua natureza descentralizada, irá ser baseada em assinaturas threshold à prova de falhas Bizantinas. Com esta finalidade, iremos desenhar e implementar um provedor criptográfico modelar e portável para suportar operações criptográficas que podem ser expressas por smart-contracts. O nosso sistema será desenhado de uma forma agnóstica e adaptável a diferentes planos de serviços. Assim, imaginamos a nossa solução como um plugin portável e adaptável para as blockchains, que oferece suporte para auditoria descentralizada, justiça, e garantias de longo termo para criar modelo melhor da descentralização da base de confiança. Iremos efetuar as avaliações experimentais na cloud, correndo o nosso plano de serviço com duas implementações de blockchain e pelo menos dezasseis nós distribuídos em quatro data centres, observando os benefícios da solução proposta

    Enhancing The Anonymity Of Electronic Transactions

    Get PDF
    Πολλοί διαφορετικοί τύποι διαδικτυακών πληρωμών έχουν αναπτυχτεί τις περασμένες δεκαετίες. Μέσα από αυτά τα συστήματα δίνεται η δυνατότητα στις συναλλαγές να πραγματοποιούνται αποτελεσματικότερα από τις παραδοσιακές συναλλαγές. Επίσης, οι συναλλαγές ολοκληρώνονται χωρίς να απαιτείται η χρήση φυσικού χρήματος. Παρόλα αυτά, όλα τα διαδικτυακά συστήματα πληρωμών χρησιμοποιούν υποχρεωτικά μια κεντρική οντότητα, η οποία έχει την δυνατότητα να αντιστοιχίσει μια συναλλαγή στους χρήστες που συμμετέχουν σε αυτή. Από το 2009, ένα νέο και καινοτόμο είδος διαδικτυακών πληρωμών σχεδιάστηκε, γνωστό ως κρυπτονόμισμα. Το συγκεκριμένο μοντέλο επέτρεπε στους πελάτες να πραγματοποιούν συναλλαγές με άλλους χρηστές χωρίς να απαιτείται η παρουσία και η χρήση της κεντρικής οντότητας. Αντίθετα με τα πρότερα συστήματα, στα κρυπτονομίσματα οι συναλλαγές υπογράφονται με κρυπτογραφικές τεχνικές και επιβεβαιώνονται από τα υπόλοιπα άτομα του δικτύου. Εξαιτίας του γεγονότος ότι οι συναλλαγές επιβεβαιώνονται από τους χρηστές του δικτύου και όχι από μια κεντρική οντότητα, κάθε συναλλαγή αποθηκεύεται σε ένα δημόσιο πίνακα. Σε αυτόν τον πίνακα έχουν πρόσβαση όλοι οι χρήστες που αποτελούν μέρος του δικτύου. Για να μπορέσουν τα κρυπτονομίσματα να προσφέρουν μια κάποια μορφή ανωνυμίας, τα σχετικά πρωτόκολλα έχουν σχεδιαστεί με τέτοιο τρόπο ώστε οι χρηστές να αντιπροσωπεύονται από ψευδώνυμα. Όμως η τεχνική αυτή εγγυάται μόνο ότι όταν ένας χρηστής εκκινήσει μια συναλλαγή δεν θα είναι δυνατόν να χάσει την ανωνυμία του, από έναν επιτιθέμενο που παρατηρεί αποκλειστικά αυτή τη συναλλαγή. Σε θεωρητικό επίπεδο, από τη στιγμή που όλες οι συναλλαγές αποθηκεύονται στο δημόσιο πίνακα, οι επιτιθέμενοι μπορούν να παραβιάσουν την ανωνυμία τους εκμεταλλευόμενοι τις υπόλοιπες πληροφορίες που τους παρέχει το δίκτυο. Η εργασία αυτή αναλύει σε βάθος τρόπους για να ενισχύσουμε την ανωνυμία των χρηστών στα δίκτυα των κρυπτονομισμάτων, έτσι ώστε οι επιτιθέμενοι να μην μπορούν να αντιστοιχίσουν συναλλαγές με χρήστες. Η κύρια τεχνική που εξετάζουμε είναι τα mixing services.Many kinds of online payment systems have been invented during the last decades that allow transactions to be implemented in a more efficient way than the traditional purchases. Also, the online payments do not require physical money. Nevertheless, all such systems utilize a central authority that has the ability to link transactions back to payees and payers. Since 2009, a new type of independent online monetary system known as cryptocurrency has emerged, permitting clients and recipients to create transactions that are not controlled by a central entity. Such transactions are cryptographically signed transfers of money from client to recipient confirmed by other peers in a global payment network. Due to the fact that confirmation is offered by peers in the network, rather than a central entity, every transaction has to be recorded on a public ledger. This ledger is accessible from every peer inside the network. To offer some form of anonymity to users in the network, cryptocurrencies like Bitcoin and Ethereum have created their protocols to be pseudo-anonymous. However, this technique only guarantees that a user that generates a transaction cannot be deanonymized if the attacker is observing only one transaction. From a theoretical point of view, since all transactions are visible by peers, attackers can expose the real identities of peers by utilizing other information that is revealed by the network. In this thesis we perform an in depth analysis of ways to enhance anonymity in cryptocurrencies, and make the de-anonymization of the peers participating in the corresponding network impossible or at least very hard. The main way to achieve this is through mixing services
    corecore