Non-Slanderability of Linkable Spontaneous Anonymous Group Signature (LSAG)

In this paper, we formally prove the non-slanderability property of the first linkable ring signature paper in ACISP 2004 (in which the notion was called linkable spontaneous anonymous group signature (LSAG)). The rigorous security analysis will give confidence to any future construction of Ring Confidential Transaction (RingCT) protocol for blockchain systems which may use this signature scheme as the basis

Private Re-Randomization for Module LWE and Applications to Quasi-Optimal ZK-SNARKs

We introduce the first candidate lattice-based Designated Verifier (DV) ZK-SNARK protocol with \emph{quasi-optimal proof length} (quasi-linear in the security/privacy parameter), avoiding the use of the exponential smudging technique. Our ZK-SNARK also achieves significant improvements in proof length in practice, with proofs length below $6$ KB for 128-bit security/privacy level. Our main technical result is a new regularity theorem for `private\u27 re-randomization of Module LWE (MLWE) samples using discrete Gaussian randomization vectors, also known as a lattice-based leftover hash lemma with leakage, which applies with a discrete Gaussian re-randomization parameter that is polynomial in the statistical privacy parameter. To obtain this result, we obtain bounds on the smoothing parameter of an intersection of a random $q$-ary SIS module lattice, Gadget SIS module lattice, and Gaussian orthogonal module lattice over standard power of 2 cyclotomic rings, and a bound on the minimum of module gadget lattices. We then introduce a new candidate \emph{linear-only} homomorphic encryption scheme called Module Half-GSW (HGSW), which is a variant of the GSW somewhat homomorphic encryption scheme over modules, and apply our regularity theorem to provide smudging-free circuit-private homomorphic linear operations for Module HGSW

A New Look at Blockchain Leader Election: Simple, Efficient, Sustainable and Post-Quantum

In this work, we study the blockchain leader election problem. The purpose of such protocols is to elect a leader who decides on the next block to be appended to the blockchain, for each block proposal round. Solutions to this problem are vital for the security of blockchain systems. We introduce an efficient blockchain leader election method with security based solely on standard assumptions for cryptographic hash functions (rather than public-key cryptographic assumptions) and that does not involve a racing condition as in Proof-of-Work based approaches. Thanks to the former feature, our solution provides the highest confidence in security, even in the post-quantum era. A particularly scalable application of our solution is in the Proof-of-Stake setting, and we investigate our solution in the Algorand blockchain system. We believe our leader election approach can be easily adapted to a range of other blockchain settings. At the core of Algorand\u27s leader election is a verifiable random function (VRF). Our approach is based on introducing a simpler primitive which still suffices for the blockchain leader election problem. In particular, we analyze the concrete requirements in an Algorand-like blockchain setting to accomplish leader election, which leads to the introduction of indexed VRF (iVRF). An iVRF satisfies modified uniqueness and pseudorandomness properties (versus a full-fledged VRF) that enable an efficient instantiation based on a hash function without requiring any complicated zero-knowledge proofs of correct PRF evaluation. We further extend iVRF to an authenticated iVRF with forward-security, which meets all the requirements to establish an Algorand-like consensus. Our solution is simple, flexible and incurs only a 32-byte additional overhead when combined with the current best solution to constructing a forward-secure signature (in the post-quantum setting). We implemented our (authenticated) iVRF proposal in C language on a standard computer and show that it significantly outperforms other quantum-safe VRF proposals in almost all metrics. Particularly, iVRF evaluation and verification can be executed in 0.02 ms, which is even faster than ECVRF used in Algorand

A Survey on Exotic Signatures for Post-Quantum Blockchain: Challenges & Research Directions

Blockchain technology provides efficient and secure solutions to various online activities by utilizing a wide range of cryptographic tools. In this paper, we survey the existing literature on post-quantum secure digital signatures that possess exotic advanced features and which are crucial cryptographic tools used in the blockchain ecosystem for (i) account management, (ii) consensus efficiency, (iii) empowering scriptless blockchain, and (iv) privacy. The exotic signatures that we particularly focus on in this work are the following: multi-/aggregate, threshold, adaptor, blind and ring signatures. Herein the term exotic refers to signatures with properties which are not just beyond the norm for signatures e.g. unforgeability, but also imbue new forms of functionalities. Our treatment of such exotic signatures includes discussions on existing challenges and future research directions in the post-quantum space. We hope that this article will help to foster further research to make post-quantum cryptography more accessible so that blockchain systems can be made ready in advance of the approaching quantum threats

Distributed protocols for digital signatures and public key encryption.

Distributed protocols allow a cryptographic scheme to distribute its operation among a group of participants (servers). This new concept of cryptosystems was introduced by Desmedt [56]. We consider two different flavours of distributed protocols. One of them considers a distributed model with n parties where all of these parties are honest. The other allows up to t − 1 parties to be faulty. Such cryptosystems are called threshold cryptosystems. The distribution of cryptographic process is based on secret sharing techniques and is usually applicable to public-key cryptosystems. In this thesis we consider distributed protocols for digital signatures and public key encryption schemes. First we consider two flavours of digital signatures - aggregate signatures and multisignatures - and explore the uniqueness property of these constructions. We show that it gives rise to generic constructions of distributed verifiable unpredictable functions (DVUF), whose outputs can be made pseudorandom in the shared random string model using the techniques from [120]. This gives us the first generic construction of distributed verifiable random functions (DVRF) that do not impose assumptions on trusted generation of secret keys and whose outputs remain pseudorandom even in a presence of up to n − 1 corrupted servers. We provide a DVRF construction which follows immediately from the proof of uniqueness for the multisignature scheme [26]. Then we consider blind signatures as another flavour of digital signatures, and propose the first standard-model construction of (re-randomizable) threshold blind signatures (TBS), where signatures can be obtained in a blind way through interaction with n signers of which t are required to provide their signature shares. The stronger security notions for TBS schemes formalized in our work extend the definitions from [144] to the threshold setting. We further show how our TBS construction can be used to realize a distributed e-voting protocol following the template from [158] that guarantees privacy, anonymity, democracy, conjectured soundness and individual verifiability in the presence of distributed voting authorities. The important applications of distributed digital signatures - threshold e-voting and distributed e-cash - motivated us to consider the nowadays meaningful and crucial cloud data storage techniques. We realize the idea of distributed cloud data storage, which becomes possible as an application of threshold public key encryption with keyword search. First, we model the concept of Threshold Public Key Encryption with Keyword Search (TPEKS) and define its security properties - indistinguishability and consistency under chosen-ciphertext attacks. Our definition of indistinguishability includes protection against keyword guessing attacks, to which all single-server-based PEKS constructions were shown to be vulnerable. We provide a transformation for obtaining secure TPEKS constructions from an anonymous Identity-Based Threshold Decryption (IBTD) scheme, following the conceptual idea behind the transformation from [2] for building PEKS from anonymous IBE. A concrete instantiation of a secure TPEKS scheme can be obtained from our direct anonymous IBTD construction, based on the classical Boneh-Franklin IBE [31], for which we prove the security under the BDH assumption in the random oracle model. Finally we highlight the use of TPEKS schemes for better privacy and availability in distributed cloud storage and provide a comparison with the dual-server PEKS (DS-PEKS)[50] regarding the functionalities of the both schemes, PEKS and DS-PEKS

Distributed protocols for digital signatures and public key encryption.

Distributed protocols allow a cryptographic scheme to distribute its operation among a group of participants (servers). This new concept of cryptosystems was introduced by Desmedt [56]. We consider two different flavours of distributed protocols. One of them considers a distributed model with n parties where all of these parties are honest. The other allows up to t − 1 parties to be faulty. Such cryptosystems are called threshold cryptosystems. The distribution of cryptographic process is based on secret sharing techniques and is usually applicable to public-key cryptosystems. In this thesis we consider distributed protocols for digital signatures and public key encryption schemes. First we consider two flavours of digital signatures - aggregate signatures and multisignatures - and explore the uniqueness property of these constructions. We show that it gives rise to generic constructions of distributed verifiable unpredictable functions (DVUF), whose outputs can be made pseudorandom in the shared random string model using the techniques from [120]. This gives us the first generic construction of distributed verifiable random functions (DVRF) that do not impose assumptions on trusted generation of secret keys and whose outputs remain pseudorandom even in a presence of up to n − 1 corrupted servers. We provide a DVRF construction which follows immediately from the proof of uniqueness for the multisignature scheme [26]. Then we consider blind signatures as another flavour of digital signatures, and propose the first standard-model construction of (re-randomizable) threshold blind signatures (TBS), where signatures can be obtained in a blind way through interaction with n signers of which t are required to provide their signature shares. The stronger security notions for TBS schemes formalized in our work extend the definitions from [144] to the threshold setting. We further show how our TBS construction can be used to realize a distributed e-voting protocol following the template from [158] that guarantees privacy, anonymity, democracy, conjectured soundness and individual verifiability in the presence of distributed voting authorities. The important applications of distributed digital signatures - threshold e-voting and distributed e-cash - motivated us to consider the nowadays meaningful and crucial cloud data storage techniques. We realize the idea of distributed cloud data storage, which becomes possible as an application of threshold public key encryption with keyword search. First, we model the concept of Threshold Public Key Encryption with Keyword Search (TPEKS) and define its security properties - indistinguishability and consistency under chosen-ciphertext attacks. Our definition of indistinguishability includes protection against keyword guessing attacks, to which all single-server-based PEKS constructions were shown to be vulnerable. We provide a transformation for obtaining secure TPEKS constructions from an anonymous Identity-Based Threshold Decryption (IBTD) scheme, following the conceptual idea behind the transformation from [2] for building PEKS from anonymous IBE. A concrete instantiation of a secure TPEKS scheme can be obtained from our direct anonymous IBTD construction, based on the classical Boneh-Franklin IBE [31], for which we prove the security under the BDH assumption in the random oracle model. Finally we highlight the use of TPEKS schemes for better privacy and availability in distributed cloud storage and provide a comparison with the dual-server PEKS (DS-PEKS)[50] regarding the functionalities of the both schemes, PEKS and DS-PEKS

Identity-based threshold encryption on lattices with application to searchable encryption

As more Internet users are getting interested in using cloud services for storing sensitive data, it motivates the user to encrypt the private data before uploading it to the cloud. There are services which allow an user to conduct searches without revealing anything about the encrypted data. This service is provided by public key encryption with keyword search. Our main contributions is the construction of a latticebased identity-based threshold decryption (IBTD) that is anonymous and indistinguishable against chosen ciphertext attacks. Furthermore, using the transformation technique from Abdalla et al. [CRYPTO’05] we present the application of our IBTD scheme which can be transformed to a distributed public key encryption with keyword search. The distributed setting allows to split the role of one server into multiple servers in order to distribute the single point of failure. Our construction uses the particularly efficient mathematical construct, called lattices that make our scheme resistant against quantum attacks. We give an efficient construction of a lattice-based IBTD scheme and prove it secure under the hardness of learning with errors (LWE) problem.SCOPUS: cp.kinfo:eu-repo/semantics/publishe

Public key encryption with distributed keyword search

Proceedings of Trusted Systems - 7th International Conference, INTRUST 2015, Beijing, China, December 7-8, 2015, Revised Selected Papersinfo:eu-repo/semantics/publishe

Rerandomizable threshold blind signatures

Best Paper AwardTrusted Systems - 6th International Conference, INTRUST 2014, Beijing, China, December 16-17, 2014, Revised Selected Papersinfo:eu-repo/semantics/publishe

A categorical approach in handling event-ordering in distributed systems

The issue of event-ordering in distributed systems is crucial an connected to threat management. In this paper, we investigate the use of modifications for handling event-ordering. We employ category theory to strike a balance between Lamport clocks, which enforce global order but lose information about causality, and Vector clocks, which have more precise causality information but do not scale well. We extend previous work on Godement calculus and cartesian closed comma categories for information security management. Finally, we propose a framework for implementing our approach in the detection of threats and attacks in communication systems.SCOPUS: cp.pinfo:eu-repo/semantics/publishe