Compartición de secretos en criptografía

Peer Reviewe

Universally Convertible Directed Signatures

Many variants of Chaum and van Antwerpen's undeniable signatures have been proposed to achieve specific properties desired in real-world applications of cryptography. Among them, directed signatures were introduced by Lim and Lee in 1993. Directed signatures differ from the well-known confirmer signatures in that the signer has the simultaneous abilities to confirm, deny and individually convert a signature. The universal conversion of these signatures has remained an open problem since their introduction in 1993. This paper provides a positive answer to this quest by showing a very efficient design for universally convertible directed signatures (UCDS) both in terms of computational complexity and signature size. Our construction relies on the so-called xyz-trick applicable to bilinear map groups. We define proper security notions for UCDS schemes and show that our construction is secure, in the random oracle model, under computational assumptions close to the CDH and DDH assumptions. Finally, we introduce and realize traceable universally convertible directed signatures where a master tracing key allows to link signatures to their direction

An Efficient Asynchronous Peer to Peer Auction using Yao Oblivious Transfer

Distributed electronic auctions are increasingly preferred over centralized electronic auctions today. The success of peer-to-peer file sharing networks has made distributed electronic auctions a possibility. Due to trust and conflict of interest issues with centralized auctioneer systems, multiple auctioneers in distributed roles are preferred. However, there is a possibility of auctioneer node collusion [16] and auctioneer-bidder collusion and auctioneer-seller collusion in such mechanisms. To overcome these problems, a new peer-to-peer auction protocol [17] with auctioneers forming auctioneer groups has been proposed. This protocol keeps the auctioneers honest by ensuring that no single auctioneer in the group has absolute control over the auction process. But, it leads to multiple bid comparisons and thus increases redundancy. It also fails to enforce a secure bid comparison method and hence fails to provide privacy of bids. This thesis presents a modified version of this protocol where the oblivious transfer method [14] is used to solve the Yao millionaires\u27 problem [22] that arises between two auctioneer groups when they have to compare bids. Additionally, a 2nd price mechanism in which only the second highest bid is known to all the auctioneer groups except for the auctioneer group which holds the highest bid, ensures that no unnecessary bid comparisons are made between auctioneer groups. Hence, the result is an efficient auction protocol which is iterative, asynchronous, 2nd price and based on a peer to peer mechanism

Secure Sealed-Bid Online Auctions Using Discreet Cryptographic Proofs

Abstract This work describes the design and implementation of an auction system using secure multiparty computation techniques. Our aim is to produce a system that is practical under actual field constraints on computation, memory, and communication. The underlying protocol is privacy-preserving, that is, the winning bid is determined without information about the losing bids leaking to either the auctioneer or other bidders. Practical implementation of the protocol is feasible using circuit-based cryptographic proofs along with additively homomorphic bit commitment. Moreover, we propose the development of a Proof Certificate standard. These certificates convey sufficient information to recreate the cryptographic proofs and verify them offline

Faster Secure Arithmetic Computation Using Switchable Homomorphic Encryption

Secure computation on encrypted data stored on untrusted clouds is an important goal. Existing secure arithmetic computation techniques, such as fully homomorphic encryption (FHE) and somewhat homomorphic encryption (SWH), have prohibitive performance and/or storage costs for the majority of practical applications. In this work, we investigate a new secure arithmetic computation primitive called switchable homomorphic encryption (SHE) that securely switches between existing inexpensive partially homomorphic encryption techniques to evaluate arbitrary arithmetic circuits over integers. SHE is suited for use in a two-cloud model that is practical, but which makes stronger assumptions than the standard single-cloud server model. The security of our SHE solution relies on two non-colluding parties, in which security holds as long as one of them is honest. We benchmark SHE directly against existing secure arithmetic computation techniques---FHE and SWH---on real clouds (Amazon and Rackspace) using microbenchmarks involving fundamental operations utilized in many privacy-preserving computation applications. Experimentally, we find that SHE offers a new design point for computing on large data---it has reasonable ciphertext and key sizes, and is consistently faster by several (2--3) orders of magnitude compared to FHE and SWH on circuits involving long chain of multiplications. SHE exhibits slower performance only in certain cases, when batch (or parallel) homomorphic evaluation is possible, only against SWH schemes (which have limited expressiveness and potentially high ciphertext and key storage costs)

Differentially secure multicasting

In this age of information, the efficient use of electronic communications is essential. As technology advances and becomes more complex, it is imperative that groups be able to discuss ideas and disseminate information among members effectively. Multicast groups are established to facilitate these information transactions. Since the members of these groups may be spread across the globe, the communications must be secure as well as efficient. Secure multicasting is an active area of research today. Though the areas of secure multicast group architecture, key distribution, and sender authentication are under scrutiny, one topic that has not been explored is how to integrate these with multilevel security. Multilevel security is the ability to distinguish subjects according to classification levels, which determines to what degree they can access confidential objects. In the case of groups, this means that some members can exchange messages at a higher sensitivity level than others. The Bell-La Padula model outlines the rules of these multilevel accesses. In multicast groups that employ multilevel security, some of these rules are not desirable so a modified set of rules was developed and is termed differential security. This thesis proposes three possible methods in which to set up a differenti0y secure multicast group: a naive approach, a multiple tree differential security (DiffSec) approach, and a single DiffSec tree approach. In order to evaluate the performances (in terms of the number of links used per packet transmitted) of these approaches, extensive simulation experiments were conducted by varying the network connectivity and group size for both uniform and nonuniform membership distribution across security levels. Our studies show that the multiple tree and single DiffSec tree approaches perform much better than the naive situation. While the multiple tree approach could be implemented using current technology, this scheme consumes many times more addresses and network resources than the single DiffSec tree approach. From our studies, we conclude that the single DiffSec tree is a viable option for supporting multilevel security as it maximizes the resource utilization and is also scalable

Conditionally Verifiable Signatures

We introduce a new digital signature model, called conditionally verifiable signature (CVS), which allows a signer to specify and convince a recipient under what conditions his signature would become valid and verifiable; the resulting signature is not publicly verifiable immediately but can be converted back into an ordinary one (verifiable by anyone) after the recipient has obtained proofs, in the form of signatures/endorsements from a number of third party witnesses, that all the specified conditions have been fulfilled. A fairly wide set of conditions could be specified in CVS. The only job of the witnesses is to certify the fulfillment of a condition and none of them need to be actively involved in the actual signature conversion, thus protecting user privacy. It is guaranteed that the recipient cannot cheat as long as at least one of the specified witnesses does not collude. We formalize the concept of CVS and give a generic CVS construction based on any CPA-secure identity based encryption (IBE) scheme. Theoretically, we show that the existence of IBE with indistinguishability under a chosen plaintext attack (a weaker notion than the standard one) is necessary and sufficient for the construction of a secure CVS.\footnote{Due to page limit, some proofs are omitted here but could be found in the full version \cite{CB05ibecvs}.