22 research outputs found
Group signature revocable anonymity scheme for network monitoring
Subscriber’s Privacy is in a constant conflict with security and accountability providing controls
employed for network monitoring activities of service providers and enterprises. This
paper presents the results of the author’s research in the field of distributed network security
monitoring architectures and the proposal of such a system that incorporates cryptographic
protocols and a group signature scheme to deliver privacy protecting, network surveillance
system architecture that provides subscriber’s accountability and controlled, revocable
anonymity
Short Signatures from Diffie-Hellman, Revisited: Sublinear Public Key, CMA Security, and Tighter Reduction
Designing efficient signature scheme based on the standard assumption such as the Computational Diffie-Hellman (CDH) assumption is important both from a practical and a theoretical point of view. Currently, there are only three standard model CDH-based signature schemes with short signatures due to Waters (EUROCRYPT 2005), and Seo and Böhl et al. (the merged paper in EUROCRYPT 2013). The Waters signature scheme achieves the {\em Existentail UnForgeability against Chosen Message Attack (EUF-CMA)} with nearly optimal reduction. However, this scheme suffers from large public keys. To shorten public key size, Seo and Böhl et al. proposed new approaches, respectively, but each approach has a weak point rather than the Waters signature scheme; Seo\u27s approach could prove only a rather weak security, called the bounded CMA security, and Böhl et al.\u27s approach inherently accompanies a loose reduction.
In this paper, we aim at stepping towards efficient CDH-based EUF-CMA secure signature scheme with tighter reduction. To this end, we revisit the Seo signature scheme and devise an alternative security proof. The resulting security proof leads
\item {\em asymptotically} (almost) compact parameters; short signatures (two group elements and one exponent) and public keys (e.g., ), where is the security parameter, and
\item the standard EUF-CMA security with tighter reduction; reduction loss, when ignoring negligible factors, which is less than of the original security proof and almost the same as that of the Water signature scheme
Improving the Exact Security of Digital Signature Schemes
We provide two contributions to exact security analysis of
digital signatures:
We put forward a new method of constructing Fiat-Shamir-like
signature schemes that yields better exact security than the original
Fiat-Shamir method; and
we extend exact security analysis to exact cost-security analysis by
showing that digital signature schemes with loose security may be
preferable for reasonable measures of cost
Tightly-Secure Signatures from Chameleon Hash Functions
We give a new framework for obtaining signatures with a tight security reduction from standard hardness assumptions. Concretely, we show that any Chameleon Hash function can be transformed into a (binary) tree-based signature scheme with tight security. The transformation is in the standard model, i.e., it does not make use of any random oracle. For specific assumptions (such as RSA, Diffie-Hellman and Short Integer Solution (SIS)) we further manage to obtain a more efficient flat-tree construction. Our framework explains and generalizes most of the existing schemes as well as providing a generic means for constructing tight signature schemes based on arbitrary assumptions, which improves the standard Merkle tree transformation. Moreover, we obtain the first tightly secure signature scheme from the SIS assumption and several schemes based on Diffie-Hellman in the standard model.
Some of our signature schemes can (using known techniques) be combined with Groth-Sahai proof methodology to yield tightly secure and efficient simulation-sound NIZK proofs of knowledge and CCA-secure encryption in the multi-user/-challenge setting under classical assumptions
Rational secret sharing
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.Includes bibliographical references (p. 59-60).Recent work has attempted to bridge the fields of Cryptography and Game Theory in order to create more robust protocols that allow for a variety of player types. A keystone functionality used in cryptography is Secret Sharing. While there are several well known, efficient protocols that implement Secret Sharing in the Cryptographic model, designing a Rational Secret Sharing protocol which works in the Game Theoretic model has proved challenging. In this thesis, we contrast several recently proposed protocols for Rational Secret Sharing based on their channel models, utility tolerances, equilibrium types, and efficiencies. We also discuss two more general results bridging Cryptography and Game Theory that can be used to construct Rational Secret Sharing protocols. Finally, we highlight several issues of context that influence the ways in which Rational Secret Sharing protocols might be used.by Alissa Natanovna Reyzin.M.Eng
Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA
We consider a transform, called Derive-then-Derandomize, that hardens a given signature scheme against randomness failure and implementation error. We prove that it works. We then give a general lemma showing indifferentiability of Shrink-MD, a class of constructions that apply a shrinking output transform to an MD-style hash function. Armed with these tools, we give new proofs for the widely standardized and used EdDSA signature scheme, improving prior work in two ways: (1) we give proofs for the case that the hash function is an MD-style one, reflecting the use of SHA512 in the NIST standard, and (2) we improve the tightness of the reduction so that one has guarantees for group sizes in actual use
From Identification to Signatures, Tightly: A Framework and Generic Transforms
This paper provides a framework to treat the problem of building signature schemes from identification schemes in a unified and systematic way. The outcomes are (1) Alternatives to the Fiat-Shamir transform that, applied to trapdoor identification schemes, yield signature schemes with tight security reductions to standard assumptions (2) An understanding and characterization of existing transforms in the literature. One of our transforms has the added advantage of producing signatures shorter than produced by the Fiat-Shamir transform. Reduction tightness is important because it allows the implemented scheme to use small parameters (thereby being as efficient as possible) while retaining provable security
Universal Samplers with Fast Verification
Recently, Hofheinz, Jager, Khurana, Sahai, Waters and Zhandry proposed a new primitive called universal samplers that allows oblivious sampling from arbitrary distributions, and showed how to construct universal samplers using indistinguishability obfuscation (iO) in the ROM.
One important limitation for applying universal samplers in practice is that the constructions are built upon indistinguishability obfuscation. The costs of using current iO constructions is prohibitively large. We ask is whether the cost of a (universal) sampling could be paid by one party and then shared (soundly) with all other users? We address this question by introducing the notion of universal samplers with verification. Our notion follows the general path of Hofheinz et al, but has additional semantics that allows for validation of a sample.
In this work we define and give a construction for universal samplers with verification. Our verification procedure is simple and built upon one-time signatures, making verification of a sample much faster than computing it. Security is proved under the sub exponential hardness of indistinguishability obfuscation, puncturable pseudorandom functions, and one-time signatures