On the efficiency of revocation in RSA-based anonymous systems

© 2016 IEEEThe problem of revocation in anonymous authentication systems is subtle and has motivated a lot of work. One of the preferable solutions consists in maintaining either a whitelist L-W of non-revoked users or a blacklist L-B of revoked users, and then requiring users to additionally prove, when authenticating themselves, that they are in L-W (membership proof) or that they are not in L-B (non-membership proof). Of course, these additional proofs must not break the anonymity properties of the system, so they must be zero-knowledge proofs, revealing nothing about the identity of the users. In this paper, we focus on the RSA-based setting, and we consider the case of non-membership proofs to blacklists L = L-B. The existing solutions for this setting rely on the use of universal dynamic accumulators; the underlying zero-knowledge proofs are bit complicated, and thus their efficiency; although being independent from the size of the blacklist L, seems to be improvable. Peng and Bao already tried to propose simpler and more efficient zero-knowledge proofs for this setting, but we prove in this paper that their protocol is not secure. We fix the problem by designing a new protocol, and formally proving its security properties. We then compare the efficiency of the new zero-knowledge non-membership protocol with that of the protocol, when they are integrated with anonymous authentication systems based on RSA (notably, the IBM product Idemix for anonymous credentials). We discuss for which values of the size k of the blacklist L, one protocol is preferable to the other one, and we propose different ways to combine and implement the two protocols.Postprint (author's final draft

Sub-field normaliztion in the multiplicative case : high- and low- impact citation indicators

This paper uses high- and low-impact citation indicators for the evaluation of the citation performance of research units at different aggregate levels. To solve the problem of the assignment of individual articles to multiple sub-fields, it follows a multiplicative strategy according to which each paper is wholly counted as many times as necessary in the several categories to which it is assigned at each aggregation level. To control for wide differences in citation practices at the lowest level of aggregation, we apply a novel sub-field normalization procedure in the multiplicative case. The methodology is applied to a partition of the world into three geographical areas: the U.S., the European Union (EU), and the Rest of the World. The main findings are the following two. (i) Although normalization does not systematically bias the results against any area, it reduces the U.S./EU highimpact gap in the all-sciences case by a non-negligible 14.4%. (ii) The dominance of the U.S. over the EU in the basic and applied research published in the periodical literature is almost universal at all aggregation levels. From the high-impact perspective, for example, the U.S. is ahead of the EU in 77 out of 80 disciplines, and all of 20 fields. For all sciences as a whole, the U.S. high-impact indicator is 61% greater than that of the EU. The authors acknowledge financial support from the Santander Universities Global Division of Banco Santander. Ruiz-Castillo also acknowledges financial help from the Spanish MEC through grant SEJ2007- 67436. This paper is part of the SCIFI-GLOW Collaborative Project supported by the European Commission.s Seventh Research Framework Programme, Contract number SSH7-CT-2008-217436 European Community's Seventh Framework Program.

Sub-field normalization in the multiplicative case: average-based citation indicators

This paper investigates the citation impact of three large geographical areas –the U.S., the European Union (EU), and the rest of the world (RW)– at different aggregation levels. The difficulty is that 42% of the 3.6 million articles in our Thomson Scientific dataset are assigned to several sub-fields among a set of 219 Web of Science categories. We follow a multiplicative approach in which every article is wholly counted as many times as it appears at each aggregation level. We compute the crown indicator and the Mean Normalized Citation Score (MNCS) using for the first time sub-field normalization procedures for the multiplicative case. We also compute a third indicator that does not correct for differences in citation practices across sub-fields. It is found that: (1) No geographical area is systematically favored (or penalized) by any of the two normalized indicators. (2) According to the MNCS, only in six out of 80 disciplines –but in none of 20 fields– is the EU ahead of the U.S. In contrast, the normalized U.S./EU gap is greater than 20% in 44 disciplines, 13 fields, and for all sciences as a whole. The dominance of the EU over the RW is even greater. (3) The U.S. appears to devote relatively more –and the RW less– publication effort to subfields with a high mean citation rate, which explains why the U.S./EU and EU/RW gaps for all sciences as a whole increase by 4.5 and 5.6 percentage points in the un-normalized case.

Criptografía Basada en Atributos

Con el progreso constante de las tecnologías digitales, se produce un rápido incremento de la información confidencial que debe gestionarse de manera correcta. La criptografía ofrece herramientas seguras y eficientes para asegurar autenticidad, integridad y confidencialidad en el mundo de la información digital. Sin embargo, la criptografía habitual considera un escenario concreto de comunicación entre dos usuarios, un emisor y un receptor. Este escenario no cubre algunas de las situaciones prácticas que pueden aparecer en aplicaciones reales. Por eso, se están desarrollando nuevas técnicas criptográficas para hacer frente a estos nuevos escenarios. Un ejemplo es la criptografía basada en atributos, que fue introducida en 2005. En este trabajo hablaremos sobre este nuevo concepto: qué es, qué aplicaciones tiene, qué protocolos concretos se han propuesto, qué resultados hemos obtenido en la UPC, qué puntos quedan por resolver, etc.Peer Reviewe

Signcryption schemes with threshold unsigncryption, and applications

The final publication is available at link.springer.comThe goal of a signcryption scheme is to achieve the same functionalities as encryption and signature together, but in a more efficient way than encrypting and signing separately. To increase security and reliability in some applications, the unsigncryption phase can be distributed among a group of users, through a (t, n)-threshold process. In this work we consider this task of threshold unsigncryption, which has received very few attention from the cryptographic literature up to now (maybe surprisingly, due to its potential applications). First we describe in detail the security requirements that a scheme for such a task should satisfy: existential unforgeability and indistinguishability, under insider chosen message/ciphertext attacks, in a multi-user setting. Then we show that generic constructions of signcryption schemes (by combining encryption and signature schemes) do not offer this level of security in the scenario of threshold unsigncryption. For this reason, we propose two new protocols for threshold unsigncryption, which we prove to be secure, one in the random oracle model and one in the standard model. The two proposed schemes enjoy an additional property that can be very useful. Namely, the unsigncryption protocol can be divided in two phases: a first one where the authenticity of the ciphertext is verified, maybe by a single party; and a second one where the ciphertext is decrypted by a subset of t receivers, without using the identity of the sender. As a consequence, the schemes can be used in applications requiring some level of anonymity, such as electronic auctions.Peer ReviewedPostprint (author's final draft

Attribute-based encryption implies identity-based encryption

In this study, the author formally proves that designing attribute-based encryption schemes cannot be easier than designing identity-based encryption schemes. In more detail, they show how an attribute-based encryption scheme which admits, at least, and policies can be combined with a collision-resistant hash function to obtain an identity-based encryption scheme. Even if this result may seem natural, not surprising at all, it has not been explicitly written anywhere, as far as they know. Furthermore, it may be an unknown result for some people: Odelu et al. in 2016 and 2017 have proposed both an attribute-based encryption scheme in the discrete logarithm setting, without bilinear pairings, and an attribute-based encryption scheme in the RSA setting, both admitting and policies. If these schemes were secure, then by using the implication proved in this study, one would obtain secure identity-based encryption schemes in both the RSA and the discrete logarithm settings, without bilinear pairings, which would be a breakthrough in the area. Unfortunately, the author presents here complete attacks of the two schemes proposed by Odelu et al.Postprint (updated version

An algorithm to reduce the occupational space in gender segregation studies.

This paper presents an algorithm based on the bootstrap to select an admissible aggregation level, that is, the minimum number of occupational categories that yield a gender segregation value not significantly smaller than that obtained from the large number of occupational categories usually available in any data set. The approach is illustrated using labour force survey data for Spain for the comparison of gender segregation in 1977 and 1992, as well as 1994 and 2000. To measure gender segregation, an additively decomposable segregation index based on the entropy concept is used. Despite a substantial simplification in the size of the occupation space, the decrease in the segregation index is very small and not significant, regardless of the year. Consequently, intertemporal changes in gender segregation can be studied using a greatly reduced classification of occupations that permits an easier interpretation of results.

Ideal homogeneous access structures constructed from graphs

Starting from a new relation between graphs and secret sharing schemes introduced by Xiao, Liu and Zhang, we show a method to construct more general ideal homogeneous access structures. The method has some advantages: it efficiently gives an ideal homogeneous access structure for the desired rank, and some conditions can be imposed (such as forbidden or necessary subsets of players), even if the exact composition of the resulting access structure cannot be fully controlled. The number of homogeneous access structures that can be constructed in this way is quite limited; for example, we show that (t, l)-threshold access structures can be constructed from a graph only when t = 1, t = l - 1 or t = l.Peer ReviewedPostprint (published version