GRUP RSA MERUPAKAN GRUP PSEUDO-FREE DI BAWAH ASUMSI RSA KUAT

Di   bawah   asumsi   RSA   kuat,   dibuktikan bahwa  grup  perkalian  modulo hasil  kali  dua  prima selamat  merupakan  grup  pseudo-free.  Dengan  kata lain,   jika   permasalahan   RSA   kuat   sulit   secara asimtotik  berkenaan  dengan  distribusi  ensembel atas hasil kali dua bilangan prima selamat berbeda, maka  keluarga  grup  komputasional  ℤ∗                    (   =          , dengan          dan         bilangan  prima  selamat  berbeda, dengan   operasi   perkalian   modulo   dan   prosedur sampling        seragam       atas      QR   )     merupakan         grup pseudo-free  berkenaan  dengan  ensembel  distribusi yang sama. Keywords:  asumsi  RSA  kuat,  grup  RSA,  residu kuadratik, pseudo-free, prima selamat

GRUP RSA MERUPAKAN GRUP PSEUDO-FREE DI BAWAH ASUMSI RSA KUAT

Di   bawah   asumsi   RSA   kuat,   dibuktikan bahwa  grup  perkalian  modulo hasil  kali  dua  prima selamat  merupakan  grup  pseudo-free.  Dengan  kata lain,   jika   permasalahan   RSA   kuat   sulit   secara asimtotik  berkenaan  dengan  distribusi  ensembel atas hasil kali dua bilangan prima selamat berbeda, maka  keluarga  grup  komputasional  ℤ∗                    (   =          , dengan          dan         bilangan  prima  selamat  berbeda, dengan   operasi   perkalian   modulo   dan   prosedur sampling        seragam       atas      QR   )     merupakan         grup pseudo-free  berkenaan  dengan  ensembel  distribusi yang sama. Keywords:  asumsi  RSA  kuat,  grup  RSA,  residu kuadratik, pseudo-free, prima selamat

Obfuscating Branching Programs Using Black-Box Pseudo-Free Groups

We show that the class of polynomial-size branching programs can be obfuscated according to a virtual black-box notion akin to that of Barak et al. [Crypto 01], in an idealized black-box group model over pseudo-free groups. This class is known to lie between $NC^1$ and $P$ and includes most interesting cryptographic algorithms. The construction is rather simple and is based on Kilian\u27s randomization technique for Barrington\u27s branching programs. The black-box group model over pseudo-free groups is a strong idealization. In particular, in a pseudo-free group, the group operation can be efficiently performed, while finding surprising relations between group elements is intractable. %inverses or linking between different representations of the same group element are infeasible. A black-box representation of the group provides an ideal interface which permits prescribed group operations, and nothing else. Still, the algebraic structure and security requirements appear natural and potentially realizable. They are also unrelated to the specific function to be obfuscated. Our modeling should be compared with the recent breakthrough obfuscation scheme of Garg et al. [FOCS 2013]: While the high level structure is similar, some important details differ. It should be stressed however that, unlike Garg et al., we do not provide a candidate concrete instantiation of our abstract structure

Secure Mobile Subscription of Sensor-encrypted Data

Singapore A*Sta

Bicorn: An optimistically efficient distributed randomness beacon

We introduce Bicorn, an optimistically efficient distributed randomness protocol with strong robustness under a dishonest majority. Bicorn is a commit-reveal-recover protocol. Each participant commits to a random value, which are combined to produce a random output. If any participants fail to open their commitment, recovery is possible via a single time-lock puzzle which can be solved by any party. In the optimistic case, Bicorn is a simple and efficient two-round protocol with no time-lock puzzle. In either case, Bicorn supports open, flexible participation, requires only a public bulletin board and no group-specific setup or PKI, and is guaranteed to produce random output assuming any single participant is honest. All communication and computation costs are (at most) linear in the number of participants with low concrete overhead

Pseudo-Free Families of Finite Computational Elementary Abelian pp-Groups

Loosely speaking, a family of computational groups is a family $(G_d)_{d\in D}$ of groups (where $D$ is a set of bit strings) whose elements are represented by bit strings in such a way that equality testing, multiplication, inversion, computing the identity element, and sampling random elements in $G_d$ can be performed efficiently when $d$ is given. A family $(G_d)_{d\in D}$ of computational groups is called pseudo-free if, given a random index $d$ (for an arbitrary value of the security parameter) and random elements $g_1,\ldots,g_m\in G_d$, it is computationally hard to find a system of group equations $v_i(a_1,\ldots,a_m;x_1,\ldots,x_n)=w_i(a_1,\ldots,a_m;x_1,\ldots,x_n)$, $i=1,\ldots,s$, and elements $h_1,\ldots,h_n\in G_d$ such that this system of equations is unsatisfiable in the free group freely generated by $a_1,\ldots,a_m$ (over variables $x_1,\ldots,x_n$), but $v_i(g_1,\ldots,g_m;h_1,\ldots,h_n)=w_i(g_1,\ldots,g_m;h_1,\ldots,h_n)$ in $G_d$ for all $i\in\{1,\ldots,s\}$. If a family of computational groups satisfies this definition with the additional requirement that $n=0$, then this family is said to be weakly pseudo-free. The definition of a (weakly) pseudo-free family of computational groups can be easily generalized to the case when all groups in the family belong to a fixed variety of groups. In this paper, we initiate the study of (weakly) pseudo-free families of computational elementary abelian $p$-groups, where $p$ is an arbitrary fixed prime. We restrict ourselves to families $(G_d)_{d\in D}$ of computational elementary abelian $p$-groups such that for every index $d$, each element of $G_d$ is represented by a single bit string of length polynomial in the length of $d$. First, we prove that pseudo-freeness and weak pseudo-freeness for families of computational elementary abelian $p$-groups are equivalent. Second, we give some necessary and sufficient conditions for a family of computational elementary abelian $p$-groups to be pseudo-free (provided that at least one of two additional conditions holds). These necessary and sufficient conditions are formulated in terms of collision-intractability or one-wayness of certain homomorphic families of knapsack functions. Third, we establish some necessary and sufficient conditions for the existence of pseudo-free families of computational elementary abelian $p$-groups. With one exception, these conditions are the existence of certain homomorphic collision-intractable families of $p$-ary hash functions or certain homomorphic one-way families of functions. As an example, we construct a Diffie-Hellman-like key agreement protocol from an arbitrary family of computational elementary abelian $p$-groups. Unfortunately, we do not know whether this protocol is secure under reasonable assumptions

Design of Anonymous Endorsement System in Hyperledger Fabric

Permissioned Blockchain has become quite popular with enterprises forming consortium since it prioritizes trust over privacy. One of the popular platforms for distributed ledger solution, Hyperledger Fabric, requires a transaction to be endorsed or approved by a group of special members known as endorsers before undergoing validation. To endorse a transaction, an endorser mentions its identity along with the signature so that it can be verified later. However, for certain transactions, difference in opinion may exist among endorsers. Disclosing the identity of an endorser may lead to conflict within the consortium. In such cases, an endorsement policy which not only allows an endorser to support a transaction discreetly, but at the same time takes into account the decision of the majority is preferred. Thus we propose an Anonymous Endorsement System which uses a threshold endorsement policy in order to address the issue. To realize a t-out-of-n endorsement policy, using any of the existing threshold ring signature for our endorsement system would have violated the privacy of endorsers as either the identity or the secret key of the endorsers get revealed to the party who recombines the signature after collecting each signature share. All these factors motivated us to design a new ring signature scheme, called Fabric\u27s Constant-Sized Linkable Ring Signature (FCsLRS) with Transaction-Oriented linkability for hiding identity of the endorsers. We have implemented the signature scheme in Golang and analyzed its security and performance by varying the RSA (Rivest-Shamir-Adleman) modulus size. Feasibility of implementation is supported by experimental analysis. Signature and tag generation time is quite fast and remains constant irrespective of change in message length or endorsement set size for a given RSA modulus value, assuming all the endorsers generates their signature in parallel. Each verifier is required to count and check individual valid ring signature. If the aggregate is above the threshold value, stated by the endorsement policy, then it confirms that the transaction is valid. This increases the verification time depending on the threshold value, but has very little effect on the scalability since generally $t<<n$. Lastly, we also discuss the integration of the scheme on v1.2 Hyperledger Fabric