blind signatures with flying colors
play

Blind Signatures with flying colors Olivier Blazy XLim, Universit - PowerPoint PPT Presentation

Dec 10, 2023 •338 likes •1.24k views

Blind Signatures with flying colors Olivier Blazy XLim, Universit de Limoges Feb 2014 O. Blazy (XLim) Blind Sig Feb 2014 1 / 50 General Remarks 1 Building blocks 2 Non-Interactive Proofs of Knowledge 3 Interactive Implicit Proofs 4

  1. Blind Signatures with flying colors Olivier Blazy XLim, Université de Limoges Feb 2014 O. Blazy (XLim) Blind Sig Feb 2014 1 / 50

  2. General Remarks 1 Building blocks 2 Non-Interactive Proofs of Knowledge 3 Interactive Implicit Proofs 4 Can we do better? 5 O. Blazy (XLim) Blind Sig Feb 2014 2 / 50

  3. General Remarks 1 Building blocks 2 Non-Interactive Proofs of Knowledge 3 Interactive Implicit Proofs 4 Can we do better? 5 O. Blazy (XLim) Blind Sig Feb 2014 2 / 50

  4. General Remarks 1 Building blocks 2 Non-Interactive Proofs of Knowledge 3 Interactive Implicit Proofs 4 Can we do better? 5 O. Blazy (XLim) Blind Sig Feb 2014 2 / 50

  5. General Remarks 1 Building blocks 2 Non-Interactive Proofs of Knowledge 3 Interactive Implicit Proofs 4 Can we do better? 5 O. Blazy (XLim) Blind Sig Feb 2014 2 / 50

  6. General Remarks 1 Building blocks 2 Non-Interactive Proofs of Knowledge 3 Interactive Implicit Proofs 4 Can we do better? 5 O. Blazy (XLim) Blind Sig Feb 2014 2 / 50

  7. Electronic Voting For dessert, we let people vote � Chocolate Cake � Cheese Cake � Fruit Salad � Brussels Sprout After collection, we count the number of ballots: Chocolate Cake 123 Cheese Cake 79 Fruit Salad 42 Brussels sprout 1 O. Blazy (XLim) Blind Sig Feb 2014 3 / 50

  8. Authentication Only people authorized to vote should be able to vote People should be able to vote only once Anonymity Votes and voters should be anonymous △ Receipt freeness O. Blazy (XLim) Blind Sig Feb 2014 4 / 50

  9. Homomorphic Encryption and Signature approach The voter generates his vote v . The voter encrypts v to the server as c . The voter signs c and outputs σ . ( c , σ ) is a ballot unique per voter, and anonymous. Counting: granted homomorphic encryption C = � c . The server decrypts C . O. Blazy (XLim) Blind Sig Feb 2014 5 / 50

  10. Electronic Cash I d e n t i f y W i t t i h s o d p r e a D w Spend e z i R m a o n d d n o a m R i z e O. Blazy (XLim) Blind Sig Feb 2014 6 / 50

  11. Protocol Withdrawal: A user get a coin c from the bank Spending: A user pays a shop with the coin c Deposit: The shop gives the coin c back to the bank Electronic Coins Chaum 81 Expected properties � Unforgeability � Coins are signed by the bank � No Double-Spending � Each coin is unique � Anonymity � Blind Signature Definition (Blind Signature) A blind signature allows a user to get a message m signed by an authority into σ so that the authority even powerful cannot recognize later the pair ( m , σ ) . O. Blazy (XLim) Blind Sig Feb 2014 7 / 50

  12. RSA-Based Blind Signature The easiest way for blind signatures, is to blind the message: To get an FDH-RSA signature on m under RSA public key ( n , e ) , The user computes a blind version of the hash value: M = H ( m ) and M ′ = M · r e mod n The signer signs M ′ into σ ′ = M ′ d The user recovers σ = σ ′ / r → Proven under the One-More RSA Assumption in 2001 → Perfectly Blind Signature O. Blazy (XLim) Blind Sig Feb 2014 8 / 50

  13. Round-Optimal Blind Signature Fischlin 06 The user encrypts his message m in c . The signer then signs c in σ . The user verifies σ . He then encrypts σ and c into C σ and C and generates a proof π . π : C σ is an encryption of a signature over the ciphertext c encrypted in C , and this c is indeed an encryption of m . Anyone can then use C , C σ , π to check the validity of the signature. O. Blazy (XLim) Blind Sig Feb 2014 9 / 50

  14. Vote A user should be able to encrypt a ballot. He should be able to sign this encryption. Receiving this vote, one should be able to randomize for Receipt-Freeness . E-Cash A user should be able to encrypt a token The bank should be able to sign it providing Unforgeability This signature should now be able to be randomized to provide Anonymity Our Solution Same underlying requirements; Advance security notions in both schemes requires to extract some kind of signature on the associated plaintext; General Framework for Signature on Randomizable Ciphertexts; � Revisited Waters, Commutative encryption / signature. O. Blazy (XLim) Blind Sig Feb 2014 10 / 50

  15. General Remarks 1 Building blocks 2 Bilinear groups aka Pairing-friendly environments Commitment / Encryption Signatures Security hypotheses Non-Interactive Proofs of Knowledge 3 Interactive Implicit Proofs 4 Can we do better? 5 O. Blazy (XLim) Blind Sig Feb 2014 11 / 50

  16. Asymmetric bilinear structure ( p , G 1 , G 2 , G T , e , g 1 , g 2 ) bilinear structure: G 1 , G 2 , G T multiplicative groups of order p p = prime integer � g ∗ � = G ∗ e : G × G → G T � e ( g 1 , g 2 ) � = G T e ( g a 1 , g b 2 ) = e ( g 1 , g 2 ) ab , a , b ∈ Z  deciding group membership,   group operations, efficiently computable.  bilinear map  O. Blazy (XLim) Blind Sig Feb 2014 12 / 50

  17. Definition (Encryption Scheme) E = ( Setup , EKeyGen , Encrypt , Decrypt ) : Setup ( 1 K ) : param; EKeyGen ( param ) : public encryption key pk, private decryption key dk; Encrypt ( pk , m ; r ) : ciphertext c on m ∈ M and pk; Decrypt ( dk , c ) : decrypts c under dk. Random E Encrypt SE pk , r r ′ F ( M ) r C dk Decrypt E Indistinguishability : Given M 0 , M 1 , it should be hard to guess which one is encrypted in C . O. Blazy (XLim) Blind Sig Feb 2014 13 / 50

  18. Definition (ElGamal Encryption) (84) Setup ( 1 K ) : Generates a multiplicative group ( p , G , g ) . $ ← Z p , and pk = ( X 1 = g µ ) . EKeyGen E ( param ) : dk = µ $ Encrypt ( pk = X 1 , M ; α ) : For M , and random α ← Z p , 1 , c 2 = g α · M � c 1 = X α � C = . Decrypt ( dk = ( µ ) , C = ( c 1 , c 2 )) : Computes M = c 2 / ( c 1 /µ ) . 1 Randomization Random ( pk , C ; r ) : C ′ = , g α + r · M X α + r � c 1 X r 1 , c 2 g r � � � = 1 O. Blazy (XLim) Blind Sig Feb 2014 14 / 50

  19. Definition (Commitment Scheme) E = ( Setup , Commit , Decommit ) : Setup ( 1 K ) : param , ck; $ Commit ( ck , m ; r ) : c on the input message m ∈ M using r ← R ; Decommit ( c , m ; w ) opens c and reveals m , together with w that proves the correct opening. Commit ck , r M C r Decommit O. Blazy (XLim) Blind Sig Feb 2014 15 / 50

  20. F ( M ) Definition (Signature Scheme) S = ( Setup , SKeyGen , Sign , Verif ) : Setup ( 1 K ) : param; Sign S sk ; s SKeyGen ( param ) : public verification key vk, private signing key sk; Sign ( sk , m ; s ) : signature σ on m , under sk; Verif ( vk , m , σ ) : checks whether σ is valid on m . s ′ σ ( F ) Random S Unforgeability : Given q pairs ( m i , σ i ) , it should be hard to output a valid σ on a fresh m . O. Blazy (XLim) Blind Sig Feb 2014 16 / 50

  21. Definition (Waters Signature) (Wat05) Setup S ( 1 K ) : Generates ( p , G , G T , e , g ) , an extra h , and ( u i ) for the Waters i u m i function ( F ( m ) = u 0 � i ) . $ ← Z p and outputs sk = h x , and vk = g x ; SKeyGen S ( param ) : Picks x Sign ( sk , m ; s ) : Outputs σ ( m ) = ( sk F ( m ) s , g s ) ; ? Verif ( vk , m , σ ) : Checks the validity of σ : e ( g , σ 1 ) = e ( F ( m ) , σ 2 ) · e ( vk , h ) Randomization Random ( σ ; r ) : σ ′ = sk F ( m ) r + s , g r + s � � σ 1 F ( m ) r , σ 2 g r � � = O. Blazy (XLim) Blind Sig Feb 2014 17 / 50

  22. Definition (DL) Given g , h ∈ G 2 , it is hard to compute α such that h = g α . Definition (CDH) Given g , g a , h ∈ G 3 , it is hard to compute h a . O. Blazy (XLim) Blind Sig Feb 2014 18 / 50

  23. General Remarks 1 Building blocks 2 Non-Interactive Proofs of Knowledge 3 Groth Sahai methodology Signature on Ciphertexts Application to other protocols Waters Programmability Interactive Implicit Proofs 4 Can we do better? 5 O. Blazy (XLim) Blind Sig Feb 2014 19 / 50

  24. Groth-Sahai Proof System Pairing product equation (PPE): for variables X 1 , . . . , X m ∈ G 1 n m m n � � � � e ( X i , Y j ) γ i , j = t T ( E ) : e ( A j , Y J ) e ( X i , B i ) j = 1 i = 1 i = 1 j = 1 determined by A i ∈ G 1 , B i ∈ G 2 , γ i , j ∈ Z p and t T ∈ G T . Groth-Sahai � WI proofs that elements that were committed satisfy PPE Setup ( G ) : commitment key ck ; Com( ck , X ∈ G ; ρ ): commitment � c X to X ; Prove( ck , ( X i , ρ i ) i = 1 ,..., n , ( E ) ): proof φ ; Verify( ck , � c X i , ( E ) , φ ): checks whether φ is valid. O. Blazy (XLim) Blind Sig Feb 2014 20 / 50

  25. Groth-Sahai Proof System Pairing product equation (PPE): for variables X 1 , . . . , X m ∈ G 1 n m m n � � � � e ( X i , Y j ) γ i , j = t T ( E ) : e ( A j , Y J ) e ( X i , B i ) j = 1 i = 1 i = 1 j = 1 determined by A i ∈ G 1 , B i ∈ G 2 , γ i , j ∈ Z p and t T ∈ G T . Groth-Sahai � WI proofs that elements that were committed satisfy PPE Setup ( G ) : commitment key ck ; Com( ck , X ∈ G ; ρ ): commitment � c X to X ; Prove( ck , ( X i , ρ i ) i = 1 ,..., n , ( E ) ): proof φ ; Verify( ck , � c X i , ( E ) , φ ): checks whether φ is valid. O. Blazy (XLim) Blind Sig Feb 2014 20 / 50

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17,

Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17,

Blind Signatures Ecash Fair Exchange Blind Coinswaps Tokens Conclusion Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17, 2019 Blind Signatures in Scriptless Scripts Jonas Nick

607 views • 24 slides
Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4,

Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4,

Blind Signatures Ecash Fair Exchange Blind Coinswaps Tokens Conclusion Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4, 2018 Blind Signatures in Scriptless Scripts Jonas Nick

374 views • 22 slides
On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore,

On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore,

On The Security of Unique- Witness Blind Signature Schemes December 2013 ASIACRYPT, Bangalore, India Foteini Baldimtsi, Anna Lysyanskaya 2 Blind Signatures [Chaum'82] Blind signatures are a special type of digital signatures. Signer is

439 views • 33 slides
Outline Round-Optimal Waters Blind Signatures David Pointcheval 1 Introduction Joint work with

Outline Round-Optimal Waters Blind Signatures David Pointcheval 1 Introduction Joint work with

Introduction Cryptographic Tools Signatures on Ciphertexts Blind Signatures Introduction Cryptographic Tools Signatures on Ciphertexts Blind Signatures Outline Round-Optimal Waters Blind Signatures David Pointcheval 1 Introduction Joint

366 views • 12 slides
Strengthened Security for Blind Signatures David Pointcheval Laboratoire dInformatique

Strengthened Security for Blind Signatures David Pointcheval Laboratoire dInformatique

Strengthened Security for Blind Signatures David Pointcheval Laboratoire dInformatique Ecole Normale Suprieure David.Pointcheval@ens.fr http://www.dmi.ens.fr/pointche Strengthened Security for Blind Signatures Summary Blind

370 views • 9 slides
Welcome to Risk-Based Health Inspections: Pass with Flying Colors Jeannie Sneed, PhD, RD, CP-FS

Welcome to Risk-Based Health Inspections: Pass with Flying Colors Jeannie Sneed, PhD, RD, CP-FS

2/16/2016 Welcome to Risk-Based Health Inspections: Pass with Flying Colors Jeannie Sneed, PhD, RD, CP-FS Sneed Consulting We will begin shortly jeannie@ jeanniesneed.com www.foodhandler.com FBI in the News Road to Success Norovirus

345 views • 13 slides
Flying Colors How Teamwork and Technology Drove the Success of Hinghams Route 3A Road Diet

Flying Colors How Teamwork and Technology Drove the Success of Hinghams Route 3A Road Diet

Flying Colors How Teamwork and Technology Drove the Success of Hinghams Route 3A Road Diet Pilot Program Corey OConnor, PE, Traffic & Safety Engineer Pamela Haznar, PE, Project Development Engineer David Giangrande, PE President

567 views • 29 slides
Blind Signatures Sanjam Garg Vanishree Rao Amit Sahai UCLA Dominique Schroeder*

Blind Signatures Sanjam Garg Vanishree Rao Amit Sahai UCLA Dominique Schroeder*

Round Optimal Blind Signatures Sanjam Garg Vanishree Rao Amit Sahai UCLA Dominique Schroeder* Dominique Unruh University of Maryland University of Tartu (http://eprint.iacr.org/2011/264) *Postdoctoral Fellow of the DAAD Blind

1.15k views • 22 slides
Practical Round-Optimal Blind Signatures in the Standard Model from Weaker Assumptions G.

Practical Round-Optimal Blind Signatures in the Standard Model from Weaker Assumptions G.

Practical Round-Optimal Blind Signatures in the Standard Model from Weaker Assumptions G. Fuchsbauer , C. Hanser C. Kamath , and D. Slamanig Ecole Normale Sup erieure, Paris IAIK, Graz University of Technology,

391 views • 21 slides
New Blind Signatures Equivalent to Factorization David Pointcheval Jacques Stern

New Blind Signatures Equivalent to Factorization David Pointcheval Jacques Stern

New Blind Signatures Equivalent to Factorization David Pointcheval Jacques Stern David.Pointcheval@info.unicaen.fr Jacques.Stern@ens.fr Universit e de Caen Ecole Normale Sup erieure GREYC Laboratoire dInformatique F 14000

378 views • 10 slides
Colors & Color Mixing Colors Where do colors come from ? What are the 3 basic color

Colors & Color Mixing Colors Where do colors come from ? What are the 3 basic color

Colors & Color Mixing Colors Where do colors come from ? What are the 3 basic color groups? Colors come from. . . 2 substances found in nature Dyes & Pigments more about colors Dyes come from plants, animals and

844 views • 20 slides
Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties Signatures Signatures with various functionality/properties Constructions come in different flavors (well sample each flavor): Signatures

1.55k views • 131 slides
Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And Putting It All Together Lecture 12 Digital Signatures Digital Signatures Syntax: KeyGen, Sign SK and Verify VK . Security: Same experiment as MAC s,

1.72k views • 142 slides
Group Signatures [CH91] preserve the anonymity of the signer. Blind Signatures [Cha83] preserve the

Group Signatures [CH91] preserve the anonymity of the signer. Blind Signatures [Cha83] preserve the

F ORMALIZING G ROUP B LIND S IGNATURES AND P RACTICAL C ONSTRUCTIONS WITHOUT R ANDOM O RACLES Essam Ghadafi ghadafi@cs.bris.ac.uk University of Bristol ACISP 2013 F ORMALIZING G ROUP B LIND S IGNATURES . . . O UTLINE B ACKGROUND 1 S ECURITY M

566 views • 42 slides
Lesson One: The uplift draft from each goose when flying in V formation increases flying

Lesson One: The uplift draft from each goose when flying in V formation increases flying

Four Lessons from Geese Lesson One: The uplift draft from each goose when flying in V formation increases flying range by 71% Lesson for teamwork: By significant co-ordination and working together the productivity rate is increased

466 views • 4 slides
N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind men called to Jesus using the Messianic title Son of David . Matthew implied that these blind men saw more than the Pharisees and other national leaders

639 views • 27 slides
New Figure Schemes for Stata: blindschemes The Schemes plotplain & plottig Adaptation

New Figure Schemes for Stata: blindschemes The Schemes plotplain & plottig Adaptation

The Issue Solutions New Figure Schemes for Stata: blindschemes The Schemes plotplain & plottig Adaptation Conclusion Daniel Bischof 1 1 University of Zurich November 17, 2016 1/17 The Default Stata Figure Schemes 6 The Issue

207 views • 20 slides
Visual Shoreline Detection for Blind and Partially Sighted People Daniel Koester, Tobias

Visual Shoreline Detection for Blind and Partially Sighted People Daniel Koester, Tobias

Visual Shoreline Detection for Blind and Partially Sighted People Daniel Koester, Tobias Allgeyer, Rainer Stiefelhagen INSTITUTE FOR ANTHROPOMATICS AND ROBOTICS COMPUTER VISION FOR HUMAN COMPUTER INTERACTION ! 1 Daniel Koester, Tobias

509 views • 33 slides
Disclosures Educational grant support: Medtronic Inc., Merz, Inc., Allergan, Inc. Clinical trial

Disclosures Educational grant support: Medtronic Inc., Merz, Inc., Allergan, Inc. Clinical trial

2/13/2015 Disclosures Educational grant support: Medtronic Inc., Merz, Inc., Allergan, Inc. Clinical trial support: Ceregene Inc., MRI Interventions Inc., St. Jude Medical Recent Advances in Neurology Inc.; Boston Scientific Inc. Case

261 views • 8 slides
HUMAN GRASPING Can robots grasp as well? DATA-DRIVEN GRASPING OF UNKNOWN OBJECTS Arsalan

HUMAN GRASPING Can robots grasp as well? DATA-DRIVEN GRASPING OF UNKNOWN OBJECTS Arsalan

HUMAN GRASPING Can robots grasp as well? DATA-DRIVEN GRASPING OF UNKNOWN OBJECTS Arsalan Mousavian CSE-571 Robotics, June 2020 1 Video credits: Iowa State Grocery Bagging Contest! 2 2 MODEL-BASED GRASPING SUPERVISED PLANAR GRASPING

222 views • 11 slides
Slides for Staff Meetings & CAC Meetings Name Title Use 44 Point Font Use 36 point font

Slides for Staff Meetings & CAC Meetings Name Title Use 44 Point Font Use 36 point font

Slides for Staff Meetings & CAC Meetings Name Title Use 44 Point Font Use 36 point font Atl Text How would you describe this object and its context to someone who is blind or has low vision? Be mindful of contrast with

255 views • 4 slides
Algorithms for Matching and Clustering Using only Ordinal Information Elliot Anshelevich

Algorithms for Matching and Clustering Using only Ordinal Information Elliot Anshelevich

Blind, Greedy, and Random: Algorithms for Matching and Clustering Using only Ordinal Information Elliot Anshelevich (together with Shreyas Sekar) Rensselaer Polytechnic Institute (RPI), Troy, NY Maximum Utility Matching Edges have

953 views • 35 slides
Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski,

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski,

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski, Alex Lombardi, Gil Segev, and Vinod Vaikuntanathan Identity-Based Encryption [Sha84, BF03, Coc01] Identity-Based Encryption [Sha84, BF03, Coc01]

1.01k views • 64 slides
Its 2050: What am I reading? Kim Marrio7 Monash University

Its 2050: What am I reading? Kim Marrio7 Monash University

Its 2050: What am I reading? Kim Marrio7 Monash University Magical Books The Future eBooks should not be digital copies of print books--we

288 views • 6 slides

More recommend