Group signature revocable anonymity scheme for network monitoring

Subscriber’s Privacy is in a constant conflict with security and accountability providing controls employed for network monitoring activities of service providers and enterprises. This paper presents the results of the author’s research in the field of distributed network security monitoring architectures and the proposal of such a system that incorporates cryptographic protocols and a group signature scheme to deliver privacy protecting, network surveillance system architecture that provides subscriber’s accountability and controlled, revocable anonymity

Short Signatures from Diffie-Hellman, Revisited: Sublinear Public Key, CMA Security, and Tighter Reduction

Designing efficient signature scheme based on the standard assumption such as the Computational Diffie-Hellman (CDH) assumption is important both from a practical and a theoretical point of view. Currently, there are only three standard model CDH-based signature schemes with short signatures due to Waters (EUROCRYPT 2005), and Seo and Böhl et al. (the merged paper in EUROCRYPT 2013). The Waters signature scheme achieves the {\em Existentail UnForgeability against Chosen Message Attack (EUF-CMA)} with nearly optimal reduction. However, this scheme suffers from large public keys. To shorten public key size, Seo and Böhl et al. proposed new approaches, respectively, but each approach has a weak point rather than the Waters signature scheme; Seo\u27s approach could prove only a rather weak security, called the bounded CMA security, and Böhl et al.\u27s approach inherently accompanies a loose reduction. In this paper, we aim at stepping towards efficient CDH-based EUF-CMA secure signature scheme with tighter reduction. To this end, we revisit the Seo signature scheme and devise an alternative security proof. The resulting security proof leads \item {\em asymptotically} (almost) compact parameters; short signatures (two group elements and one exponent) and $\omega(1)$ public keys (e.g., $\log\log\lambda$), where $\lambda$ is the security parameter, and \item the standard EUF-CMA security with tighter reduction; $O(\lambda q)$ reduction loss, when ignoring negligible factors, which is less than $O(\sqrt{\frac{\lambda}{\log}}\lambda q)$ of the original security proof and almost the same as that of the Water signature scheme

Improving the Exact Security of Digital Signature Schemes

We provide two contributions to exact security analysis of digital signatures: We put forward a new method of constructing Fiat-Shamir-like signature schemes that yields better exact security than the original Fiat-Shamir method; and we extend exact security analysis to exact cost-security analysis by showing that digital signature schemes with loose security may be preferable for reasonable measures of cost

Tightly-Secure Signatures from Chameleon Hash Functions

We give a new framework for obtaining signatures with a tight security reduction from standard hardness assumptions. Concretely, we show that any Chameleon Hash function can be transformed into a (binary) tree-based signature scheme with tight security. The transformation is in the standard model, i.e., it does not make use of any random oracle. For specific assumptions (such as RSA, Diffie-Hellman and Short Integer Solution (SIS)) we further manage to obtain a more efficient flat-tree construction. Our framework explains and generalizes most of the existing schemes as well as providing a generic means for constructing tight signature schemes based on arbitrary assumptions, which improves the standard Merkle tree transformation. Moreover, we obtain the first tightly secure signature scheme from the SIS assumption and several schemes based on Diffie-Hellman in the standard model. Some of our signature schemes can (using known techniques) be combined with Groth-Sahai proof methodology to yield tightly secure and efficient simulation-sound NIZK proofs of knowledge and CCA-secure encryption in the multi-user/-challenge setting under classical assumptions

Rational secret sharing

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.Includes bibliographical references (p. 59-60).Recent work has attempted to bridge the fields of Cryptography and Game Theory in order to create more robust protocols that allow for a variety of player types. A keystone functionality used in cryptography is Secret Sharing. While there are several well known, efficient protocols that implement Secret Sharing in the Cryptographic model, designing a Rational Secret Sharing protocol which works in the Game Theoretic model has proved challenging. In this thesis, we contrast several recently proposed protocols for Rational Secret Sharing based on their channel models, utility tolerances, equilibrium types, and efficiencies. We also discuss two more general results bridging Cryptography and Game Theory that can be used to construct Rational Secret Sharing protocols. Finally, we highlight several issues of context that influence the ways in which Rational Secret Sharing protocols might be used.by Alissa Natanovna Reyzin.M.Eng

Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA

We consider a transform, called Derive-then-Derandomize, that hardens a given signature scheme against randomness failure and implementation error. We prove that it works. We then give a general lemma showing indifferentiability of Shrink-MD, a class of constructions that apply a shrinking output transform to an MD-style hash function. Armed with these tools, we give new proofs for the widely standardized and used EdDSA signature scheme, improving prior work in two ways: (1) we give proofs for the case that the hash function is an MD-style one, reflecting the use of SHA512 in the NIST standard, and (2) we improve the tightness of the reduction so that one has guarantees for group sizes in actual use

From Identification to Signatures, Tightly: A Framework and Generic Transforms

This paper provides a framework to treat the problem of building signature schemes from identification schemes in a unified and systematic way. The outcomes are (1) Alternatives to the Fiat-Shamir transform that, applied to trapdoor identification schemes, yield signature schemes with tight security reductions to standard assumptions (2) An understanding and characterization of existing transforms in the literature. One of our transforms has the added advantage of producing signatures shorter than produced by the Fiat-Shamir transform. Reduction tightness is important because it allows the implemented scheme to use small parameters (thereby being as efficient as possible) while retaining provable security

Universal Samplers with Fast Verification

Recently, Hofheinz, Jager, Khurana, Sahai, Waters and Zhandry proposed a new primitive called universal samplers that allows oblivious sampling from arbitrary distributions, and showed how to construct universal samplers using indistinguishability obfuscation (iO) in the ROM. One important limitation for applying universal samplers in practice is that the constructions are built upon indistinguishability obfuscation. The costs of using current iO constructions is prohibitively large. We ask is whether the cost of a (universal) sampling could be paid by one party and then shared (soundly) with all other users? We address this question by introducing the notion of universal samplers with verification. Our notion follows the general path of Hofheinz et al, but has additional semantics that allows for validation of a sample. In this work we define and give a construction for universal samplers with verification. Our verification procedure is simple and built upon one-time signatures, making verification of a sample much faster than computing it. Security is proved under the sub exponential hardness of indistinguishability obfuscation, puncturable pseudorandom functions, and one-time signatures