Type 2 Structure-Preserving Signature Schemes Revisited

Abstract. Abe, Groth, Ohkubo and Tibouchi recently presented structure-preserving signature schemes using Type 2 pairings. The schemes are claimed to enjoy the fastest signature verification. By properly accounting for subgroup membership testing of group elements in signatures, we show that the schemes are not as efficient as claimed. We presen

One-step synthesis of PbSe-ZnSe composite thin film

This study investigates the preparation of PbSe-ZnSe composite thin films by simultaneous hot-wall deposition (HWD) from multiple resources. The XRD result reveals that the solubility limit of Pb in ZnSe is quite narrow, less than 1 mol%, with obvious phase-separation in the composite thin films. A nanoscale elemental mapping of the film containing 5 mol% PbSe indicates that isolated PbSe nanocrystals are dispersed in the ZnSe matrix. The optical absorption edge of the composite thin films shifts toward the low-photon-energy region as the PbSe content increases. The use of a phase-separating PbSe-ZnSe system and HWD techniques enables simple production of the composite package

Lower Bounds on Structure-Preserving Signatures for Bilateral Messages

Lower bounds for structure-preserving signature (SPS) schemes based on non-interactive assumptions have only been established in the case of unilateral messages, i.e. schemes signing tuples of group elements all from the same source group. In this paper, we consider the case of bilateral messages, consisting of elements from both source groups. We show that, for Type-III bilinear groups, SPS’s must consist of at least 6 group elements: many more than the 4 elements needed in the unilateral case, and optimal, as it matches a known upper bound from the literature. We also obtain the first non-trivial lower bounds for SPS’s in Type-II groups: a minimum of 4 group elements, whereas constructions with 3 group elements are known from interactive assumptions

Studies of the action of ceramide-like substances ( d - and l -PDMP) on sphingolipid glycosyltransferases and purified lactosylceramide synthase

We have studied the effects of D -threo-1-phenyl-2-decanoylamino-3-morpholino-1-propanol ( D -PDMP) and its L -enantiomer on glycosphingolipids in cultured normal human kidney proximal tubular cells. We found that D -PDMP exerted a concentration-dependent reduction in the metabolic labelling and cellular levels of glucosylceramide (GlcCer), lactosylceramide (LacCer), and the globo-series glycosphingolipids, GbOse 3 Cer and GbOse 4 Cer. It also directly inhibited the activity of UDP-glucose:ceramide β1 → 4-glucosyltransferase (GlcT-1) and UDP-galactose: GlcCer β1 → 4 galactosyltransferase (GalT-2). In contrast, L -PDMP had opposite effects on the metabolic labelling of GlcCer, LacCer, and GbOse 3 Cer. The levels of GlcCer and LacCer were increased, while the labelling and level of GbOse 4 Cer were strongly reduced. Purified GalT-2 from human kidney was inhibited by D -PDMP and stimulated by L -PDMP. It appears likely that the different glycosphingolipid glycosyltransferases possess similar binding sites for the ceramide moiety, which are blocked by binding to D -PDMP and, in the case of GbOse 4 Cer synthase, by L -PDMP as well. The stimulatory effects of L -PDMP on GlcCer and LacCer synthases may be the result of binding to a modulatory site on the glycosyltransferases; in intact cells, the enzyme-analog complex may afford protection against the normal catabolic inactivation of the enzymes.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/45706/1/10719_2004_Article_BF00731481.pd

Flaring Behavior of the Quasar 3C~454.3 across the Electromagnetic Spectrum

We analyze the behavior of the parsec-scale jet of the quasar 3C~454.3 during pronounced flaring activity in 2005-2008. Three major disturbances propagated down the jet along different trajectories with Lorentz factors $\Gamma>$10. The disturbances show a clear connection with millimeter-wave outbursts, in 2005 May/June, 2007 July, and 2007 December. High-amplitude optical events in the $R$-band light curve precede peaks of the millimeter-wave outbursts by 15-50 days. Each optical outburst is accompanied by an increase in X-ray activity. We associate the optical outbursts with propagation of the superluminal knots and derive the location of sites of energy dissipation in the form of radiation. The most prominent and long-lasting of these, in 2005 May, occurred closer to the black hole, while the outbursts with a shorter duration in 2005 Autumn and in 2007 might be connected with the passage of a disturbance through the millimeter-wave core of the jet. The optical outbursts, which coincide with the passage of superluminal radio knots through the core, are accompanied by systematic rotation of the position angle of optical linear polarization. Such rotation appears to be a common feature during the early stages of flares in blazars. We find correlations between optical variations and those at X-ray and $\gamma$-ray energies. We conclude that the emergence of a superluminal knot from the core yields a series of optical and high-energy outbursts, and that the mm-wave core lies at the end of the jet's acceleration and collimation zone.Comment: 57 pages, 23 figures, 8 tables (submitted to ApJ

More Efficient Structure-Preserving Signatures - Or: Bypassing the Type-III Lower Bounds

Structure-preserving signatures are an important cryptographic primitive that is useful for the design of modular cryptographic protocols. It has been proven that structure-preserving signatures (in the most efficient Type-III bilinear group setting) have a lower bound of 3 group elements in the signature (which must include elements from both source groups) and require at least 2 pairing-product equations for verification. In this paper, we show that such lower bounds can be circumvented. In particular, we define the notion of Unilateral Structure-Preserving Signatures on Diffie-Hellman pairs (USPSDH) which are structure-preserving signatures in the efficient Type-III bilinear group setting with the message space being the set of Diffie-Hellman pairs, in the terminology of Abe et al. (Crypto 2010). The signatures in these schemes are elements of one of the source groups, i.e. unilateral, whereas the verification key elements\u27 are from the other source group. We construct a number of new structure-preserving signature schemes which bypass the Type-III lower bounds and hence they are much more efficient than all existing structure-preserving signature schemes. We also prove optimality of our constructions by proving lower bounds and giving some impossibility results. Our contribution can be summarized as follows: \begin{itemize} \item We construct two optimal randomizable CMA-secure schemes with signatures consisting of only 2 group elements from the first short source group and therefore our signatures are at least half the size of the best existing structure-preserving scheme for unilateral messages in the (most efficient) Type-III setting. Verifying signatures in our schemes requires, besides checking the well-formedness of the message, the evaluation of a single Pairing-Product Equation (PPE) and requires a fewer pairing evaluations than all existing structure-preserving signature schemes in the Type-III setting. Our first scheme has a feature that permits controlled randomizability (combined unforgeability) where the signer can restrict some messages such that signatures on those cannot be re-randomized which might be useful for some applications. \item We construct optimal strongly unforgeable CMA-secure one-time schemes with signatures consisting of 1 group element, and which can also sign a vector of messages while maintaining the same signature size. \item We give a one-time strongly unforgeable CMA-secure structure-preserving scheme that signs unilateral messages, i.e. messages in one of the source groups, whose efficiency matches the best existing optimal one-time scheme in every respect. \item We investigate some lower bounds and prove some impossibility results regarding this variant of structure-preserving signatures. \item We give an optimal (with signatures consisting of 2 group elements and verification requiring 1 pairing-product equation) fully randomizable CMA-secure partially structure-preserving scheme that simultaneously signs a Diffie-Hellman pair and a vector in $\Z^k_p$. \item As an example application of one of our schemes, we obtain efficient instantiations of randomizable weakly blind signatures which do not rely on random oracles. The latter is a building block that is used, for instance, in constructing Direct Anonymous Attestation (DAA) protocols, which are protocols deployed in practice. \end{itemize} Our results offer value along two fronts: On the practical side, our constructions are more efficient than existing ones and thus could lead to more efficient instantiations of many cryptographic protocols. On the theoretical side, our results serve as a proof that many of the lower bounds for the Type-III setting can be circumvented

Automated Unbounded Analysis of Cryptographic Constructions in the Generic Group Model

We develop a new method to automatically prove security statements in the Generic Group Model as they occur in actual papers. We start by defining (i) a general language to describe security definitions, (ii) a class of logical formulas that characterize how an adversary can win, and (iii) a translation from security definitions to such formulas. We prove a Master Theorem that relates the security of the construction to the existence of a solution for the associated logical formulas. Moreover, we define a constraint solving algorithm that proves the security of a construction by proving the absence of solutions. We implement our approach in a fully automated tool, the $gga^{\infty}$ tool, and use it to verify different examples from the literature. The results improve on the tool by Barthe et al. (CRYPTO\u2714, PKC\u2715): for many constructions, $gga^{\infty}$ succeeds in proving standard (unbounded) security, whereas Barthe\u27s tool is only able to prove security for a small number of oracle queries

Further Lower Bounds for Structure-Preserving Signatures in Asymmetric Bilinear Groups

Structure-Preserving Signatures (SPSs) are a useful tool for the design of modular cryptographic protocols. Recent series of works have shown that by limiting the message space of those schemes to the set of Diffie-Hellman (DH) pairs, it is possible to circumvent the known lower bounds in the Type-3 bilinear group setting thus obtaining the shortest signatures consisting of only 2 elements from the shorter source group. It has been shown that such a variant yields efficiency gains for some cryptographic constructions, including attribute-based signatures and direct anonymous attestation. Only the cases of signing a single DH pair or a DH pair and a vector from $\Z_p$ have been considered. Signing a vector of group elements is required for various applications of SPSs, especially if the aim is to forgo relying on heuristic assumptions. An open question is whether such an improved lower bound also applies to signing a vector of $\ell > 1$ messages. We answer this question negatively for schemes existentially unforgeable under an adaptive chosen-message attack (EUF-CMA) whereas we answer it positively for schemes existentially unforgeable under a random-message attack (EUF-RMA) and those which are existentially unforgeable under a combined chosen-random-message attack (EUF-CMA-RMA). The latter notion is a leeway between the two former notions where it allows the adversary to adaptively choose part of the message to be signed whereas the remaining part of the message is chosen uniformly at random by the signer. Another open question is whether strongly existentially unforgeable under an adaptive chosen-message attack (sEUF-CMA) schemes with 2-element signatures exist. We answer this question negatively, proving it is impossible to construct sEUF-CMA schemes with 2-element signatures even if the signature consists of elements from both source groups. On the other hand, we prove that sEUF-RMA and sEUF-CMA-RMA schemes with 2-element (unilateral) signatures are possible by giving constructions for those notions. Among other things, our findings show a gap between random-message/combined chosen-random-message security and chosen-message security in this setting