delegatable functional signatures
play

Delegatable Functional Signatures Michael Backes, Sebastian Meiser , - PowerPoint PPT Presentation

Oct 23, 2022 •127 likes •442 views

Delegatable Functional Signatures Michael Backes, Sebastian Meiser , Dominique Schrder Public Key Cryptography, March 7, 2016, Taipei What is a malleable Signature? Alice (original signer) Alice signed this message! We introduce del

  1. Delegatable Functional Signatures Michael Backes, Sebastian Meiser , Dominique Schröder Public Key Cryptography, March 7, 2016, Taipei

  2. What is a malleable Signature? Alice (original signer) Alice signed this message! We introduce del egatable functi onal signatures We introduce del egatable functi onal signatures (DFS) which support the delegation of signing (DFS) which support the delegation of signing capabilities capabilities to to another another party, party, called called the the evaluator, with respect to a functionali ty F. In a evaluator, with respect to a functionali ty F. In a DFS, the signer of a message can choose an DFS, the signer of a message can choose an evaluator, specify how the evaluator can modify evaluator, specify how the evaluator can modify the signature without voiding its validity, allow the signature without voiding its validity, allow additional input, and decide how the evaluator additional input, and decide how the evaluator can can further further delegate delegate its its capabilities. capabilities. Technicall y, DFS unify several seemingl y Technicall y, DFS unify several seemingl y different different signature signature pri miti ves, pri miti ves, i ncluding i ncluding functional functional signatures signatures and and poli cy-based poli cy-based signatures (PKC '14), sanitizable signatures, signatures (PKC '14), sanitizable signatures, identity based signatures, and blind signatures. identity based signatures, and blind signatures. We characterize the instantiabil ity of DFS with We characterize the instantiabil ity of DFS with respect to the cor responding security noti ons of respect to the cor responding security noti ons of unforgeability and pri vacy. On the positi ve side unforgeability and pri vacy. On the positi ve side we show that pri vacy-fr ee D FS can be we show that pri vacy-fr ee D FS can be constructed constructed from from one- way one- way functions. functions. Further more, we show that unforgeable and Further more, we show that unforgeable and pri vate DFS can be constructed from doubl y- pri vate DFS can be constructed from doubl y- enhanced enhanced tr apdoor tr apdoor per mutations. per mutations. On On the the negative si de we show that the previ ous result negative si de we show that the previ ous result is opti mal regarding its underl ying assumptions is opti mal regarding its underl ying assumptions presenting presenting an an i mpossibility i mpossibility result result for for unforgeable unforgeable pri vate pri vate DFS DFS from from one- way one- way permutations. permutations.  Alice signs a message with her secret key.  Public verifiability means: a) Alice signed the message, or b) Alice signed the message and the message has been modified, s.t. … - … the resulting message still is in some relation to the signed message. - … all operations performed on the message were “valid”. Delegatable Functional Signatures – PKC 2016 – Sebastian Meiser 1

  3. What is a malleable Signature? Alice (original signer) Alice signed… some related message..?! We introduce del egatable functi onal signatures (DFS) which support the delegation of signing capabilities to another party, called the evaluator, with respect to a functionali ty F. In a DFS, the signer of a message can choose an evaluator, specify how the evaluator can modify the signature without voiding its validity, allow additional input, and decide how the evaluator can further delegate its capabilities. Technicall y, DFS unify several seemingl y different signature pri miti ves, i ncluding functional signatures and poli cy-based signatures (PKC '14), sanitizable signatures, identity based signatures, and blind signatures. We characterize the instantiabil ity of DFS with respect to the cor responding security noti ons of unforgeability and pri vacy. On the positi ve side we show that pri vacy-fr ee D FS can be constructed from one- way functions.  Alice signs a message with her secret key. Further more, we show that unforgeable and pri vate DFS can be constructed from doubl y- enhanced tr apdoor per mutations. On the negative si de we show that the previ ous result is opti mal regarding its underl ying assumptions presenting an i mpossibility result for unforgeable pri vate DFS from one- way permutations.  Public verifiability means: a) Alice signed the message, or b) Alice signed the message and the message has been modified, s.t. … - … the resulting message still is in some relation to the signed message. - … all operations performed on the message were “valid”. Delegatable Functional Signatures – PKC 2016 – Sebastian Meiser 2

  4. (Malleable) Signature Primitives Homomorphic Signatures Classical Signatures Rerandomizable Signatures Redactable Signatures Proxy Signatures Identity-based Signatures Sanitizable Signatures Blind Signatures [BGI] Functional Digital Signatures PKC’15 Policy-based Signatures [BF] Goal: Generalization and simplification of primitives and notions Delegatable Functional Signatures – PKC 2016 – Sebastian Meiser 3

  5. Delegatable Functional Signatures Alice Bob Inc. Charlie Ltd. (original signer) (evaluator) (evaluator) Alice signed 𝑡𝑙 𝑡𝑙′ this message or allowed it! We introduce delegatable functional signatures We introduce delegatable functional signatures We introduce delegatable functional signatures 𝑛, 𝜏 (DFS) which support the delegation of signing (DFS) which support the delegation of signing (DFS) which support the delegation of signing capabilities to another party, called the evaluator, capabilities to another party, called the evaluator, capabilities to another party, called the evaluator, with respect to a functionality F. In a DFS, the with respect to a functionality F. In a DFS, the with respect to a functionality F. In a DFS, the signer of a message can choose an evaluator, signer of a message can choose an evaluator, signer of a message can choose an evaluator, specify how the evaluator can modify the specify how the evaluator can modify the specify how the evaluator can modify the signature without voiding its validity, allow signature without voiding its validity, allow signature without voiding its validity, allow additional input, and decide how the evaluator additional input, and decide how the evaluator additional input, and decide how the evaluator can further delegate its capabilities. Technically, can further delegate its capabilities. Technically, can further delegate its capabilities. Technically, DFS unify several seemingly different signature DFS unify several seemingly different signature DFS unify several seemingly different signature primitives, including functional signatures and primitives, including functional signatures and primitives, including functional signatures and policy-based signatures (PKC'14), sanitizable policy-based signatures (PKC'14), sanitizable policy-based signatures (PKC'14), sanitizable signatures, identity based signatures, and blind signatures, identity based signatures, and blind signatures, identity based signatures, and blind signatures. signatures. signatures. We characterize the instantiability of DFS with We characterize the instantiability of DFS with We characterize the instantiability of DFS with respect to the corresponding security notions of respect to the corresponding security notions of respect to the corresponding security notions of unforgeability and privacy. On the positive side unforgeability and privacy. On the positive side unforgeability and privacy. On the positive side we show that privacy-free DFS can be we show that privacy-free DFS can be we show that privacy-free DFS can be constructed constructed constructed from from from one-way one-way one-way functions. functions. functions. Furthermore, we show that unforgeable and Furthermore, we show that unforgeable and Furthermore, we show that unforgeable and private DFS can be constructed from doubly- private DFS can be constructed from doubly- private DFS can be constructed from doubly- enhanced enhanced enhanced trapdoor trapdoor trapdoor permutations. permutations. permutations. On On On the the the negative side we show that the previous result is negative side we show that the previous result is negative side we show that the previous result is optimal regarding its underlying assumptions optimal regarding its underlying assumptions optimal regarding its underlying assumptions presenting an impossibility result for unforgeable presenting an impossibility result for unforgeable presenting an impossibility result for unforgeable private DFS from one-way permutations. private DFS from one-way permutations. private DFS from one-way permutations. 𝒈′ 𝒈 𝑞𝑙 𝑞𝑙  Alice signs a message and chooses how the message can be modified by which evaluator (Bob) and decides what Bob can further delegate, if at all.  Bob modifies the message/signature pair, chooses how it can be further modified and by whom (Charlie). Delegatable Functional Signatures – PKC 2016 – Sebastian Meiser 4

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties Signatures Signatures with various functionality/properties Constructions come in different flavors (well sample each flavor): Signatures

1.55k views • 131 slides
Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And Putting It All Together Lecture 12 Digital Signatures Digital Signatures Syntax: KeyGen, Sign SK and Verify VK . Security: Same experiment as MAC s,

1.72k views • 142 slides
Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from

Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from

Motivation Research Question Results Conclusion Notes Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from Standard Signatures Siamak Shahandashti 1 Rei Safavi-Naini 2 1 SCSSE & CCISR, Uni

465 views • 46 slides
1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Digital Signatures have looked at message authentication but does not address issues of lack of trust Chapter 13 Digital Signatures digital signatures provide the ability to:

361 views • 3 slides
Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils

Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils

Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils Fleischhacker Johannes Krupp Giulio Malavolta Jonas Schneider Dominique Schr oder Mark Simkin March 7, 2016 Sanitizable Signatures

577 views • 46 slides
Frames for sortal, relational, and functional concepts Wiebke Petersen

Frames for sortal, relational, and functional concepts Wiebke Petersen

Classification of concepts Frames Attributes and type signatures Frames for sortal, relational, and functional concepts Wiebke Petersen Heinrich-Heine-Universit at D usseldorf Research group on Functional Concepts and Frames

801 views • 61 slides
Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s

Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s

Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s users require only secretkeys users require n 2 secretkeys Privately verifiable and non-transferable Same signature

764 views • 53 slides
Leptophilic Higgs Leptophilic Higgs Signatures at the LHC Signatures at the LHC (And the

Leptophilic Higgs Leptophilic Higgs Signatures at the LHC Signatures at the LHC (And the

Leptophilic Higgs Leptophilic Higgs Signatures at the LHC Signatures at the LHC (And the Importance of Leptonic Decays for Higgs Discovery) Brooks Thomas (The University of Arizona) Shufang Su & BT [arXiv:0903.0667] What do we know about

375 views • 26 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-02-25 1 Outline Recap: security experiments Message space extension One-time signatures One-time signatures from one-way functions Digital

1.07k views • 48 slides
Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976

Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976

Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976 Diffie Hellman: Public-key signatures would allow verification by anyone, not just signer. Cool! Can we build a signature system? 1977 Rivest

743 views • 33 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-03-03 1 Outline Why assumptions? Efficient one-time signatures Digital Signatures 2020-03-03 2 Recap: Lamport EUF-1-CMA secure

1.14k views • 37 slides
The Petition 11 614 signatures so far, on-line and hard copy Raised in Parliament by Jacob

The Petition 11 614 signatures so far, on-line and hard copy Raised in Parliament by Jacob

The Petition 11 614 signatures so far, on-line and hard copy Raised in Parliament by Jacob Rees-Mogg Submitted to 10 Downing Street 21 March www.change.org Geographical spread of signatures Distribution of Signatures Bath East of

483 views • 13 slides
Mediated Signatures - Towards Advanced Undeniability of Digital Data in Technical Digital

Mediated Signatures - Towards Advanced Undeniability of Digital Data in Technical Digital

M. Kutyowski Mediated Signatures - Towards Advanced Undeniability of Digital Data in Technical Digital Signatures Qualified Signatures and Legal Framework Validity of the Signature Standard Implementation Risk Issues Reasons of

436 views • 42 slides
Lattice-based signatures Extra lecture for the Digital Signatures course 2020 Dennis

Lattice-based signatures Extra lecture for the Digital Signatures course 2020 Dennis

Lattice-based signatures Extra lecture for the Digital Signatures course 2020 Dennis Hofheinz ETH Zrich Quantum computers Grovers algorithm: speed up searches (N O(N)) Bigger problem for cryptography: Shors algorithm

468 views • 15 slides
Signatures and grammars Signatures and grammars Why manual disambiguation in SDF?

Signatures and grammars Signatures and grammars Why manual disambiguation in SDF?

Signatures and grammars Signatures and grammars Why manual disambiguation in SDF? Associativity of binary operators y g y y Fully declarative definition of syntax Priorities between binary operators Implicit disambiguation

281 views • 6 slides
Why attribute-based signatures? The kind of authentication required in an attribute-based system

Why attribute-based signatures? The kind of authentication required in an attribute-based system

Attribute-Based Signatures Hemanta K. Maji Manoj Prabhakaran Mike Rosulek November 22, 2010 Abstract We introduce Attribute-Based Signatures (ABS) , a versatile primitive that allows a party to sign a message with fine-grained

864 views • 35 slides
Computer Security: Public Key Crypto B. Jacobs Institute for Computing and Information Sciences

Computer Security: Public Key Crypto B. Jacobs Institute for Computing and Information Sciences

Public key crypto RSA Essentials Public Key Crypto in Java Radboud University Nijmegen Public key protocols Diffie-Hellman and El Gamal Computer Security: Public Key Crypto B. Jacobs Institute for Computing and Information Sciences

1.23k views • 100 slides
Identity Stefan Thomas, CTO Agenda Goals Terminology What can decentralized

Identity Stefan Thomas, CTO Agenda Goals Terminology What can decentralized

Identity Stefan Thomas, CTO Agenda Goals Terminology What can decentralized networks contribute? Better Identity Provider Public attestation Stefan Thomas, CTO Goals What are we trying to solve? Authentication

520 views • 19 slides
C.c) DSA and Diffie-Hellman W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 C.73 DSA

C.c) DSA and Diffie-Hellman W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 C.73 DSA

1 C.c) DSA and Diffie-Hellman W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 C.73 DSA (Digital Signature Algorithm) standardized by NIST A) Generation of a key pair Select a prime q with 2 159 < q < 2 160 Select a

348 views • 11 slides
Practical Round-Optimal Blind Signatures in the Standard Model from Weaker Assumptions G.

Practical Round-Optimal Blind Signatures in the Standard Model from Weaker Assumptions G.

Practical Round-Optimal Blind Signatures in the Standard Model from Weaker Assumptions G. Fuchsbauer , C. Hanser C. Kamath , and D. Slamanig Ecole Normale Sup erieure, Paris IAIK, Graz University of Technology,

391 views • 21 slides
NAME-ES 20 novembre 2002 Yves Leroux, David Ankri, Fabrice Scemama SISGEM Agenda Why NAME

NAME-ES 20 novembre 2002 Yves Leroux, David Ankri, Fabrice Scemama SISGEM Agenda Why NAME

STORCK 2002 conference IST project :Smart IS Accompanying Measure NAME-ES 20 novembre 2002 Yves Leroux, David Ankri, Fabrice Scemama SISGEM Agenda Why NAME and NAME-ES ? Different perspectives about signature Cryptographic

471 views • 9 slides
Privacy-preserving electronic civic infrastructure Andrew J. Blumberg

Privacy-preserving electronic civic infrastructure Andrew J. Blumberg

Privacy-preserving electronic civic infrastructure Andrew J. Blumberg (blumberg@math.utexas.edu) Andrew J. Blumberg (blumberg@math.utexas.edu) Privacy-preserving electronic civic infrastructure Objective: design potentially invasive

532 views • 24 slides
Multi-Signatures for Blockchains Yannick Seurin Agence nationale de la scurit des systmes

Multi-Signatures for Blockchains Yannick Seurin Agence nationale de la scurit des systmes

Multi-Signatures for Blockchains Yannick Seurin Agence nationale de la scurit des systmes dinformation June 12, 2019 LINCS Blockchain Day Y. Seurin (ANSSI) Multi-Signatures for Blockchains 12/06/2019 1 / 17 Uses of cryptography

921 views • 68 slides
Union, Intersection, and Refinement Types and Reasoning about Type Disjointness for Security

Union, Intersection, and Refinement Types and Reasoning about Type Disjointness for Security

Union, Intersection, and Refinement Types and Reasoning about Type Disjointness for Security Protocol Analysis C t lin Hri cu Prof. Dr. Holger Hermanns (UdS) Dean of Math and CS Faculty Prof. Dr. Gert Smolka (UdS) Chair of Examination

1.39k views • 107 slides

More recommend