100 research outputs found
PROPYLA: Privacy Preserving Long-Term Secure Storage
An increasing amount of sensitive information today is stored electronically
and a substantial part of this information (e.g., health records, tax data,
legal documents) must be retained over long time periods (e.g., several decades
or even centuries). When sensitive data is stored, then integrity and
confidentiality must be protected to ensure reliability and privacy. Commonly
used cryptographic schemes, however, are not designed for protecting data over
such long time periods. Recently, the first storage architecture combining
long-term integrity with long-term confidentiality protection was proposed
(AsiaCCS'17). However, the architecture only deals with a simplified storage
scenario where parts of the stored data cannot be accessed and verified
individually. If this is allowed, however, not only the data content itself,
but also the access pattern to the data (i.e., the information which data items
are accessed at which times) may be sensitive information. Here we present the
first long-term secure storage architecture that provides long-term access
pattern hiding security in addition to long-term integrity and long-term
confidentiality protection. To achieve this, we combine information-theoretic
secret sharing, renewable timestamps, and renewable commitments with an
information-theoretic oblivious random access machine. Our performance analysis
of the proposed architecture shows that achieving long-term integrity,
confidentiality, and access pattern hiding security is feasible.Comment: Few changes have been made compared to proceedings versio
Verified Security of BLT Signature Scheme
The majority of real-world applications of digital signatures use timestamping to ensure non-repudiation in face of possible key revocations. This observation led Buldas, Laanoja, and Truu to a server-assisted digital signature scheme built around cryptographic timestamping.
In this paper, we report on the machine-checked proofs of existential unforgeability under the chosen-message attack (EUF-CMA) of some variations of BLT digital signature scheme. The proofs are developed and verified using the EasyCrypt framework, which provides interactive theorem proving supported by the state-of-the-art SMT solvers
Tax benefits for individuals and extent of their use in Estonia during 2007-2009
In this paper an overview of tax benefits granted by Estonian legal acts is given, and
extent of tax benefits use by resident natural persons using the data from databases
of Estonian Tax and Customs Board (ETCB) is analyzed. Also the possibility of tax
benefits classification is considered and to whom and on which purposes stated tax
benefits are addressed is analyzed. Research based on three years data shows that in
Estonia tax benefits for individuals are widely used. On average uncollected
amounts of tax due to tax benefits approximately equal 9% of the state budget
revenues. Large amount of tax benefits is not a negative indicator per se but they aid
distributed incomes to reach people who really need those benefits. In opposite case
tax benefits are not reasoned but they rather create additional administrative
workload. Talking about Estonian tax system roughly half of tax benefits is
addresses to people who belong to low income stratum, at the same time remarkable
proportion of benefits may be directed to middle-class and wealthy people
Simulating Auxiliary Inputs, Revisited
For any pair of correlated random variables we can think of as a
randomized function of . Provided that is short, one can make this
function computationally efficient by allowing it to be only approximately
correct. In folklore this problem is known as \emph{simulating auxiliary
inputs}. This idea of simulating auxiliary information turns out to be a
powerful tool in computer science, finding applications in complexity theory,
cryptography, pseudorandomness and zero-knowledge. In this paper we revisit
this problem, achieving the following results:
\begin{enumerate}[(a)] We discuss and compare efficiency of known results,
finding the flaw in the best known bound claimed in the TCC'14 paper "How to
Fake Auxiliary Inputs". We present a novel boosting algorithm for constructing
the simulator. Our technique essentially fixes the flaw. This boosting proof is
of independent interest, as it shows how to handle "negative mass" issues when
constructing probability measures in descent algorithms. Our bounds are much
better than bounds known so far. To make the simulator
-indistinguishable we need the complexity in time/circuit size, which is better by a
factor compared to previous bounds. In particular, with our
technique we (finally) get meaningful provable security for the EUROCRYPT'09
leakage-resilient stream cipher instantiated with a standard 256-bit block
cipher, like .Comment: Some typos present in the previous version have been correcte
A Blockchain-Assisted Hash-Based Signature Scheme
We present a server-supported, hash-based digital signature scheme. To achieve greater efficiency than current state of the art, we relax the security model somewhat. We postulate a set of design requirements, discuss some approaches and their practicality, and finally reach a forward-secure scheme with only modest trust assumptions, achieved by employing the concepts of authenticated data structures and blockchains. The concepts of blockchain authenticated data structures and the presented blockchain design could have independent value and are worth further research
Efficient Implementation of Keyless Signatures with Hash Sequence Authentication
We present new ideas for decreasing the size of secure memory needed for hardware implementations of
hash-sequence based signatures proposed recently by Buldas, Laanoja and Truu (in the following referred to as BLT).
In their scheme, a message is signed by time-stamping a concatenation of the message and the one-time
pseudo-random password intended to sign messages at a particular time .
The signature is valid only if the time-stamp points to the same time . Hence, the one time passwords cannot be abused after their use.
To efficiently and securely implement such a scheme at the client side, dedicated hardware is needed and thereby, the solutions that save the (secure) memory and computational time are important. For such schemes, the memory consumption directly depends on the efficiency of the \emph{hash sequence reversal algorithms}.
The best known reversal algorithm for the BLT scheme uses memory.
This means that for a signing key that is valid for one year (i.e. with one-second time resolution), the device needs to store about hash
values which for SHA-256 hashing algorithm means about K bytes of secure memory.
Another problem with hash sequence reversal algorithms is that they mostly assume that the signature device is always
connected to the computer or has an independent power supply. This is a serious limitation for smart-card implementations of the scheme.
We show first that a mini Public Key Infrastructure in the signature device can be used to lower the memory consumption about twice.
There is a master key (i.e. a hash sequence) that is used to certify short term (about five minutes) signing keys
so that a signature consists of a short term certificate which is a hash chain in the master hash tree (used to authenticate the master hash sequence), and a hash chain that is used to authenticate a particular hash value in the sequence.
We also discuss how to implement hash sequence signatures in devices that have no power supply and are not regularly connected to
computers, such as smart-cards which are often used as personal digital signature devices. General-purpose cryptographic smart-cards also have many
restrictions that limit the use of hash sequence signatures. For example, their hashing speed is relatively low: up to 500 hashing steps per second;
their secure memory is of limited size, etc. This all combined with irregular usage patterns makes the use of hash sequence signatures questionable.
We show why the hash sequence signature (in its original form) cannot be used as the CA signature in the mini PKI solution.
Finally, we propose a new type of hash sequence signature that is more suitable for smart-card implementations
A Server-Assisted Hash-Based Signature Scheme
We present a practical digital signature scheme built from a cryptographic hash function and a hash-then-publish digital time-
stamping scheme. We also provide a simple proof of existential unforgeability against adaptive chosen-message attack (EUF-ACM) in the random oracle (RO) model
Security Proofs for the BLT Signature Scheme
We present security proofs for the BLT signature scheme in the model, where hash functions are built from ideal components (random oracles, ideal ciphers, etc.). We show that certain strengthening of the Pre-image Awareness (PrA) conditions like boundedness of the extractor, and certain natural properties (balancedness and the so-called output one-wayness) of the hash function are sufficient for existential unforgeability of the BLT signature scheme
Tree-formed Verification Data for Trusted Platforms
The establishment of trust relationships to a computing platform relies on
validation processes. Validation allows an external entity to build trust in
the expected behaviour of the platform based on provided evidence of the
platform's configuration. In a process like remote attestation, the 'trusted'
platform submits verification data created during a start up process. These
data consist of hardware-protected values of platform configuration registers,
containing nested measurement values, e.g., hash values, of loaded or started
components. Commonly, the register values are created in linear order by a
hardware-secured operation. Fine-grained diagnosis of components, based on the
linear order of verification data and associated measurement logs, is not
optimal. We propose a method to use tree-formed verification data to validate a
platform. Component measurement values represent leaves, and protected
registers represent roots of a hash tree. We describe the basic mechanism of
validating a platform using tree-formed measurement logs and root registers and
show an logarithmic speed-up for the search of faults. Secure creation of a
tree is possible using a limited number of hardware-protected registers and a
single protected operation. In this way, the security of tree-formed
verification data is maintained.Comment: 15 pages, 11 figures, v3: Reference added, v4: Revised, accepted for
publication in Computers and Securit
A New Approach to Constructing Digital Signature Schemes (Extended Paper)
A new hash-based, server-supported digital signature scheme was proposed recently. We decompose the concept into forward-resistant tags and a generic cryptographic time-stamping service. Based on the decomposition, we propose more tag constructions which allow efficient digital signature schemes with interesting properties to be built. In particular, the new schemes are more suitable for use in personal signing devices, such as smart cards, which are used infrequently. We define the forward-resistant tags formally and prove that (1) the discussed constructs are indeed tags and (2) combining such tags with time-stamping services gives us signature schemes
- …