New approaches to privacy preserving signatures

In this thesis we advance the theory and practice of privacy preserving digital signatures. Privacy preserving signatures such as group and ring signatures enable signers to hide in groups of potential signers. We design a cryptographic primitive called signatures with flexible public keys, which allows for modular construction of privacy preserving signatures. Its core is an equivalence relation between verification keys, such that key representatives can be transformed in their class to obscures their origin. The resulting constructions are more efficient than the state of the art, under the same or weaker assumptions. We show an extension of the security model of fully dynamic group signatures, which are those where members may join and leave the group over time. Our contribution here, which is facilitated by the new primitive, is the treatment of membership status as potentially sensitive information. In the theory of ring signatures, we show a construction of ring signatures which is the first in the literature with logarithmic signature size in the size of the ring without any trusted setup or reliance on non-standard assumptions. We show how to extend our techniques to the derived setting of linkable ring signatures, where different signatures of the same origin may be publicly linked. Here, we further revisit the notion of linkable anonymity, offering a significant strengthening compared to previous definitions.Diese Arbeit treibt die Theorie und Praxis der privatsphärewahrenden digitalen Signa- turen voran. Privatsphärewahrende Signaturen, wie Gruppen- oder Ringsignaturen erlauben es Zeichnern sich in einer Gruppe potenzieller Zeichner zu verstecken. Wir entwerfen mit Signatures with Flexible Public Keys einen kryptografischen Baustein zur modularen Konstruktion von privatsphärewahrenden Signaturen. Dessen Kern ist eine Äquivalenzrelation zwischen den Schlüsseln, sodass ein Schlüsselvertreter in seiner Klasse bewegt werden kann, um seinen Ursprung zu verschleiern. Darauf auf- bauende Konstruktionen sind effizienter als der Stand der Technik, unter gleichen oder schwächeren Annahmen. Wir erweitern das Sicherheitsmodell vollständig dynami- scher Gruppensignaturen, die es Mitgliedern erlauben der Gruppe beizutreten oder sie zu verlassen: Durch das neue Primitiv, wird die Behandlung der Mitgliedschaft als potenziell sensibel ermöglicht. In der Theorie der Ringsignaturen geben wir die erste Konstruktion, welche über eine logarithmische Signaturgröße verfügt, ohne auf eine Vorkonfiguration oder unübliche Annahmen vertrauen zu müssen. Wir übertragen unsere Ergebnisse auf das Feld der verknüpfbaren Ringsignaturen, die eine öffentliche Verknüpfung von zeichnergleichen Signaturen ermöglichen. Unsere Neubetrachtung des Begriffs der verknüpfbaren Anonymität führt zu einer signifikanten Stärkung im Vergleich zu früheren Definitionen

Hang With Your Buddies to Resist Intersection Attacks

Some anonymity schemes might in principle protect users from pervasive network surveillance - but only if all messages are independent and unlinkable. Users in practice often need pseudonymity - sending messages intentionally linkable to each other but not to the sender - but pseudonymity in dynamic networks exposes users to intersection attacks. We present Buddies, the first systematic design for intersection attack resistance in practical anonymity systems. Buddies groups users dynamically into buddy sets, controlling message transmission to make buddies within a set behaviorally indistinguishable under traffic analysis. To manage the inevitable tradeoffs between anonymity guarantees and communication responsiveness, Buddies enables users to select independent attack mitigation policies for each pseudonym. Using trace-based simulations and a working prototype, we find that Buddies can guarantee non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure

A Survey on Exotic Signatures for Post-quantum Blockchain: Challenges and Research Directions

Blockchain technology provides efficient and secure solutions to various online activities by utilizing a wide range of cryptographic tools. In this article, we survey the existing literature on post-quantum secure digital signatures that possess exotic advanced features and that are crucial cryptographic tools used in the blockchain ecosystem for (1) account management, (2) consensus efficiency, (3) empowering scriptless blockchain, and (4) privacy. The exotic signatures that we particularly focus on in this work are the following: multi-/aggregate, threshold, adaptor, blind, and ring signatures. Herein the term "exotic"refers to signatures with properties that are not just beyond the norm for signatures, e.g., unforgeability, but also imbue new forms of functionalities. Our treatment of such exotic signatures includes discussions on existing challenges and future research directions in the post-quantum space. We hope that this article will help to foster further research to make post-quantum cryptography more accessible so that blockchain systems can be made ready in advance of the approaching quantum threats

Cryptography in privacy-preserving applications.

Tsang Pak Kong.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 95-107).Abstracts in English and Chinese.Abstract --- p.iiAcknowledgement --- p.ivChapter 1 --- Introduction --- p.1Chapter 1.1 --- Privacy --- p.1Chapter 1.2 --- Cryptography --- p.5Chapter 1.2.1 --- History of Cryptography --- p.5Chapter 1.2.2 --- Cryptography Today --- p.6Chapter 1.2.3 --- Cryptography For Privacy --- p.7Chapter 1.3 --- Thesis Organization --- p.8Chapter 2 --- Background --- p.10Chapter 2.1 --- Notations --- p.10Chapter 2.2 --- Complexity Theory --- p.11Chapter 2.2.1 --- Order Notation --- p.11Chapter 2.2.2 --- Algorithms and Protocols --- p.11Chapter 2.2.3 --- Relations and Languages --- p.13Chapter 2.3 --- Algebra and Number Theory --- p.14Chapter 2.3.1 --- Groups --- p.14Chapter 2.3.2 --- Intractable Problems --- p.16Chapter 2.4 --- Cryptographic Primitives --- p.18Chapter 2.4.1 --- Public-Key Encryption --- p.18Chapter 2.4.2 --- Identification Protocols --- p.21Chapter 2.4.3 --- Digital Signatures --- p.22Chapter 2.4.4 --- Hash Functions --- p.24Chapter 2.4.5 --- Zero-Knowledge Proof of Knowledge --- p.26Chapter 2.4.6 --- Accumulators --- p.32Chapter 2.4.7 --- Public Key Infrastructure --- p.34Chapter 2.5 --- Zero Knowledge Proof of Knowledge Protocols in Groups of Unknown Order --- p.36Chapter 2.5.1 --- The Algebraic Setting --- p.36Chapter 2.5.2 --- Proving the Knowledge of Several Discrete Logarithms . --- p.37Chapter 2.5.3 --- Proving the Knowledge of a Representation --- p.38Chapter 2.5.4 --- Proving the Knowledge of d Out of n Equalities of Discrete Logarithms --- p.39Chapter 2.6 --- Conclusion --- p.42Chapter 3 --- Related Works --- p.43Chapter 3.1 --- Introduction --- p.43Chapter 3.2 --- Group-Oriented Signatures without Spontaneity and/or Anonymity --- p.44Chapter 3.3 --- SAG Signatures --- p.46Chapter 3.4 --- Conclusion --- p.49Chapter 4 --- Linkable Ring Signatures --- p.50Chapter 4.1 --- Introduction --- p.50Chapter 4.2 --- New Notions --- p.52Chapter 4.2.1 --- Accusatory Linking --- p.52Chapter 4.2.2 --- Non-slanderability --- p.53Chapter 4.2.3 --- Linkability in Threshold Ring Signatures --- p.54Chapter 4.2.4 --- Event-Oriented Linking --- p.55Chapter 4.3 --- Security Model --- p.56Chapter 4.3.1 --- Syntax --- p.56Chapter 4.3.2 --- Notions of Security --- p.58Chapter 4.4 --- Conclusion --- p.63Chapter 5 --- Short Linkable Ring Signatures --- p.64Chapter 5.1 --- Introduction --- p.64Chapter 5.2 --- The Construction --- p.65Chapter 5.3 --- Security Analysis --- p.68Chapter 5.3.1 --- Security Theorems --- p.68Chapter 5.3.2 --- Proofs --- p.68Chapter 5.4 --- Discussion --- p.70Chapter 5.5 --- Conclusion --- p.71Chapter 6 --- Separable Linkable Threshold Ring Signatures --- p.72Chapter 6.1 --- Introduction --- p.72Chapter 6.2 --- The Construction --- p.74Chapter 6.3 --- Security Analysis --- p.76Chapter 6.3.1 --- Security Theorems --- p.76Chapter 6.3.2 --- Proofs --- p.77Chapter 6.4 --- Discussion --- p.79Chapter 6.5 --- Conclusion --- p.80Chapter 7 --- Applications --- p.82Chapter 7.1 --- Offline Anonymous Electronic Cash --- p.83Chapter 7.1.1 --- Introduction --- p.83Chapter 7.1.2 --- Construction --- p.84Chapter 7.2 --- Electronic Voting --- p.85Chapter 7.2.1 --- Introduction --- p.85Chapter 7.2.2 --- Construction . --- p.87Chapter 7.2.3 --- Discussions --- p.88Chapter 7.3 --- Anonymous Attestation --- p.89Chapter 7.3.1 --- Introduction --- p.89Chapter 7.3.2 --- Construction --- p.90Chapter 7.4 --- Conclusion --- p.91Chapter 8 --- Conclusion --- p.92A Paper Derivation --- p.94Bibliography --- p.9

On Privacy Preserving Blockchains and zk-SNARKs

Viimastel aastatel on krüptoraha ja plokiahela tehnoloogia leidnud suurt tähelepanu nii kaubanduslikust kui ka teaduslikust vaatenurgast. Krüptoraha kujutab endast digitaalseid münte, mis kasutades krüptograafilisi vahendeid võimaldab turvalisi tehinguid võrdvõrkudes. Bitcoin on kõige tuntum krüptoraha, mis võimaldab otsetehinguid kasutajate pseudonüümide vahel ilma, et oleks vaja kolmandaid osapooli. Paraku kui kasutaja pseudonüüm on seotud tema identiteediga, on kõik tema tehingud jälgitavad ning kaob privaatsus.Selle lahendamiseks on välja pakutud erinevaid privaatsust säilitavaid krüptorahasi, mis kasutavad anonüümsete tehingute saavutamiseks krüptograafilisi tööriistu. Zerocash on üks populaarseimatest privaatsetest krüptorahadest, mis kasutab iga tehingu allika, sihtkoha ja väärtuse varjamiseks nullteadmustõestust.Antud töö koosneb kahest peamisest osast.Esimeses osas kirjeldame, pärast lühikest ülevaadet mõnest privaatsest krüptorahast (Bitcoin, Monero ja Zerocoin), Zerocashi konstruktsiooni ja anname intuitsiivse seletuse selle tööpõhimõttele. Me tutvustame kasutuselevõetud primitiive ja arutleme iga primitiivi rolli üle mündi konstruktsioonis. Erilist tähelepanu pöörame kompaktsetele nullteadmustõestusetele (zk-SNARKidele), millel on peamine roll Zerocashis.Kuna nullteadmustõestus on niivõrd olulisel kohal Zerocashis (ja teistes privaatsetes rakendustes) siis töö teises osas pakume välja uue variatsiooni Grothi 2016. aasta zk-SNARKile, mis on seni kõige tõhusam.Erinevalt Grothi konstruktsioonist, meie variatsioonis ei ole võimalik tõestusi modifitseerida.Muudatused mõjutavad nullteadmustõestuse tõhusust vaid minimaalselt ning meie konstruktsioon on kiirem kui Grothi ja Malleri 2017. nullteadmustõestus, mis samuti välistab muudetavuse.During last few years, along with blockchain technology, cryptocurrencies have found huge attention from both commercial and scientific perspectives. Cryptocurrencies are digital coins which use cryptographic tools to allow secure peer-to-peer monetary transactions. Bitcoin is the most well-known cryptocurrency that allows direct payments between pseudonyms without any third party. If a user's pseudonym is linked to her identity, all her transactions will be traceable, which will violate her privacy. To address this, various privacy-preserving cryptocurrencies have been proposed that use different cryptographic tools to achieve anonymous transactions. Zerocash is one of the most popular ones that uses zero-knowledge proofs to hide the source, destination and value of each transaction. This thesis consists of two main parts. In the first part, after a short overview of some cryptocurrencies (precisely Bitcoin, Monero and Zerocoin), we will explain the construction of Zerocash cryptocurrency and discuss the intuition behind the construction. More precisely, we will introduce the deployed primitives and will discuss the role of each primitive in the construction of the coin. In particular, we explain zero-knowledge Succinct Non-Interactive Arguments of Knowledge (a.k.a. zk-SNARKs) that play the main role in achieving strong privacy in Zerocash. Due to the importance of zk-SNARKs in privacy-preserving applications, in the second part of the thesis, we will present a new variation of Groth's 2016 zk-SNARK that currently is the most efficient pairing-based scheme. The main difference between the proposed variation and the original one is that unlike the original version, new variation guarantees non-malleability of generated proofs. Our analysis shows that the proposed changes have minimal effects on the efficiency of the original scheme and particularly it outperforms Groth and Maller's 2017 zk-SNARK that also guarantees non-malleability of proofs

SoK: Privacy-Preserving Signatures

Modern security systems depend fundamentally on the ability of users to authenticate their communications to other parties in a network. Unfortunately, cryptographic authentication can substantially undermine the privacy of users. One possible solution to this problem is to use privacy-preserving cryptographic authentication. These protocols allow users to authenticate their communications without revealing their identity to the verifier. In the non-interactive setting, the most common protocols include blind, ring, and group signatures, each of which has been the subject of enormous research in the security and cryptography literature. These primitives are now being deployed at scale in major applications, including Intel\u27s SGX software attestation framework. The depth of the research literature and the prospect of large-scale deployment motivate us to systematize our understanding of the research in this area. This work provides an overview of these techniques, focusing on applications and efficiency

DualDory: Logarithmic-Verifier Linkable Ring Signatures through Preprocessing

A linkable ring signature allows a user to sign anonymously on behalf of a group while ensuring that multiple signatures from the same user are detected. Applications such as privacy-preserving e-voting and e-cash can leverage linkable ring signatures to significantly improve privacy and anonymity guarantees. To scale to systems involving large numbers of users, short signatures with fast verification are a must. Concretely efficient ring signatures currently rely on a trusted authority maintaining a master secret, or follow an accumulator-based approach that requires a trusted setup. In this work, we construct the first linkable ring signature with both logarithmic signature size and verification that does not require any trusted mechanism. Our scheme, which relies on discrete-log type assumptions and bilinear maps, improves upon a recent concise ring signature called DualRing by integrating improved preprocessing arguments to reduce the verification time from linear to logarithmic in the size of the ring. Our ring signature allows signatures to be linked based on what message is signed, ranging from linking signatures on any message to only signatures on the same message. We provide benchmarks for our scheme and prove its security under standard assumptions. The proposed linkable ring signature is particularly relevant to use cases that require privacy-preserving enforcement of threshold policies in a fully decentralized context, and e-voting

Designated-Verifier Linkable Ring Signatures

We introduce Designated-Verifier Linkable Ring Signatures (DVLRS), a novel cryptographic primitive which combines designated-verifier and linkable ring signatures. Our goal is to guarantee signer ambiguity and provide the capability to the designated verifier to add ‘noise’ using simulated signatures that are publicly verifiable. This increases the privacy of the participants, as it does not allow an adversary to bypass the anonymity provided by ring signatures by using the content of a message to identify the signer. We model unforgeability, anonymity, linkability and non-transferability for DVLRS and provide a secure construction in the Random Oracle model. Finally, we explore some first applications for our primitive, which revolve around the use case of an anonymous assessment system that also protects the subject of the evaluation, even if the private key is compromised