delegating a product of group exponentiations with
play

Delegating a Product of Group Exponentiations with Application to - PowerPoint PPT Presentation

Feb 22, 2023 •209 likes •548 views

Number-Theoretic Methods in Cryptology 2019 Delegating a Product of Group Exponentiations with Application to Signature Schemes Presenter: Giovanni Di Crescenzo Perspecta Labs Inc. (also doing business as Applied Communication Sciences)

  1. Number-Theoretic Methods in Cryptology 2019 Delegating a Product of Group Exponentiations with Application to Signature Schemes Presenter: Giovanni Di Crescenzo Perspecta Labs Inc. (also doing business as Applied Communication Sciences) (previously done business as Vencore Labs, Telcordia Applied Research, BellCoRe, Bell Labs) E-Mail: gdicrescenzo@perspectalabs.com Authors: Giovanni Di Crescenzo, Perspecta Labs Inc. Basking Ridge, NJ, USA. Matluba Khodjaeva, CUNY John Jay College of Criminal Justice. New York, NY, USA. Delaram Kahrobaei, University of York. Heslington, York, UK. Vladimir Shpilrain, City University of New York. New York, NY, USA. 06/26/2019 Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 1 / 24

  2. Introduction Introduction and Motivation Group exponentiation is a cornerstone operation in many public-key cryptographic protocols (e.g. RSA, DHKE, DSA, etc.) Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 2 / 24

  3. Introduction Introduction and Motivation Group exponentiation is a cornerstone operation in many public-key cryptographic protocols (e.g. RSA, DHKE, DSA, etc.) To expand the applicability of these solutions to computationally weaker devices (e.g., passive RFID tags), it was advocated that most expensive operations like group exponentiation are delegated from a computationally weaker client ( i.e., a wireless, RFID device) to a computationally stronger server (i.e., a cloud server). Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 2 / 24

  4. Introduction Introduction and Motivation Group exponentiation is a cornerstone operation in many public-key cryptographic protocols (e.g. RSA, DHKE, DSA, etc.) To expand the applicability of these solutions to computationally weaker devices (e.g., passive RFID tags), it was advocated that most expensive operations like group exponentiation are delegated from a computationally weaker client ( i.e., a wireless, RFID device) to a computationally stronger server (i.e., a cloud server). Preliminary solutions to this problem considered mostly honest servers or multiple servers of which at least one is honest. In the case of a single , possibly malicious server , this problem has remained open since a formal cryptographic model was introduced [HL’05]. In [DKKS’17] we solved this problem for a large class of cyclic groups. Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 2 / 24

  5. Introduction Introduction and Motivation Group exponentiation is a cornerstone operation in many public-key cryptographic protocols (e.g. RSA, DHKE, DSA, etc.) To expand the applicability of these solutions to computationally weaker devices (e.g., passive RFID tags), it was advocated that most expensive operations like group exponentiation are delegated from a computationally weaker client ( i.e., a wireless, RFID device) to a computationally stronger server (i.e., a cloud server). Preliminary solutions to this problem considered mostly honest servers or multiple servers of which at least one is honest. In the case of a single , possibly malicious server , this problem has remained open since a formal cryptographic model was introduced [HL’05]. In [DKKS’17] we solved this problem for a large class of cyclic groups. In this paper, we show how to delegate a product of (fixed-base) exponentiations, in a large class of cyclic groups. Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 2 / 24

  6. Related Work Problem History and Related Work The problem of outsourcing exponentiation to a single malicious server was formally defined and posed in [HL’05] (and studied even earlier), where they gave protocols in the case of 2 servers of which at most one was malicious, and to 1 server, who was honest on almost all inputs . Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 3 / 24

  7. Related Work Problem History and Related Work The problem of outsourcing exponentiation to a single malicious server was formally defined and posed in [HL’05] (and studied even earlier), where they gave protocols in the case of 2 servers of which at most one was malicious, and to 1 server, who was honest on almost all inputs . Several other solutions either only consider a semi-honest server , or 2 non-colluding servers , or do not target input privacy , or only achieve constant security probability Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 3 / 24

  8. Related Work Problem History and Related Work The problem of outsourcing exponentiation to a single malicious server was formally defined and posed in [HL’05] (and studied even earlier), where they gave protocols in the case of 2 servers of which at most one was malicious, and to 1 server, who was honest on almost all inputs . Several other solutions either only consider a semi-honest server , or 2 non-colluding servers , or do not target input privacy , or only achieve constant security probability Several other solutions consider delegation of general functions , or delegation of linear algebra functions . Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 3 / 24

  9. Related Work Problem History and Related Work The problem of outsourcing exponentiation to a single malicious server was formally defined and posed in [HL’05] (and studied even earlier), where they gave protocols in the case of 2 servers of which at most one was malicious, and to 1 server, who was honest on almost all inputs . Several other solutions either only consider a semi-honest server , or 2 non-colluding servers , or do not target input privacy , or only achieve constant security probability Several other solutions consider delegation of general functions , or delegation of linear algebra functions . Closest result is our previous [DKKS’17] paper where we solve the above open problem for the delegation of a single fixed-base exponentiation in a large class of cyclic groups. Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 3 / 24

  10. Our Contribution Our Contribution Consider natural question, motivated by [HL’05] and encryption/signature literature, of whether we can efficiently delegate the product of multiple exponentiations . Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 4 / 24

  11. Our Contribution Our Contribution Consider natural question, motivated by [HL’05] and encryption/signature literature, of whether we can efficiently delegate the product of multiple exponentiations . We show a protocol for the delegation to a single (malicious) server of a product of fixed-base exponentiations in a large class of cyclic groups This improves the client’s number of group multiplications by a factor of about σ with respect to non-delegated computation and a factor of about m with respect to direct use of [DKKS’17]. Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 4 / 24

  12. Our Contribution Our Contribution Consider natural question, motivated by [HL’05] and encryption/signature literature, of whether we can efficiently delegate the product of multiple exponentiations . We show a protocol for the delegation to a single (malicious) server of a product of fixed-base exponentiations in a large class of cyclic groups This improves the client’s number of group multiplications by a factor of about σ with respect to non-delegated computation and a factor of about m with respect to direct use of [DKKS’17]. We use this result to delegate the first cryptographic schemes : the well-known digital signature schemes by El-Gamal, Schnorr and Okamoto. Previously, only primitive operations were delegated. Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 4 / 24

  13. Our Contribution Our Contribution Consider natural question, motivated by [HL’05] and encryption/signature literature, of whether we can efficiently delegate the product of multiple exponentiations . We show a protocol for the delegation to a single (malicious) server of a product of fixed-base exponentiations in a large class of cyclic groups This improves the client’s number of group multiplications by a factor of about σ with respect to non-delegated computation and a factor of about m with respect to direct use of [DKKS’17]. We use this result to delegate the first cryptographic schemes : the well-known digital signature schemes by El-Gamal, Schnorr and Okamoto. Previously, only primitive operations were delegated. In the process, we formally define delegation of digital signature schemes and prove a conversion theorem showing that a non-delegated to delegated signature scheme conversion using a suitable delegation protocol for a desired primitive operation Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 4 / 24

  14. Delegation Model Delegation Protocols: Participant and Interaction Model Giovanni Di Crescenzo (Perspecta Labs) Secure Delegation of Signatures 06/26/2019 5 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Delegating Network Security with More Information with More Information {Stanford: [ Jad

Delegating Network Security with More Information with More Information {Stanford: [ Jad

Delegating Network Security with More Information with More Information {Stanford: [ Jad Naous , Ryan Stutsman, David Mazires, Nick McKeown,], MIT CSAIL: [Nickolai Zeldovich]} Context Roberto Alicia

542 views • 33 slides
Some possible exponentiations over the enveloping algebras universal enveloping algebra of sl 2 (

Some possible exponentiations over the enveloping algebras universal enveloping algebra of sl 2 (

Possible Exponentia- tions over Some possible exponentiations over the enveloping algebras universal enveloping algebra of sl 2 ( C ) Sonia LInnocente Sonia LInnocente Department of Mathematics Institute of Mathematics University of

817 views • 56 slides
WAYS TO A Rare NMD ERN Networks criteria and capacities (From the Delegating and Implementing

WAYS TO A Rare NMD ERN Networks criteria and capacities (From the Delegating and Implementing

WAYS TO A Rare NMD ERN Networks criteria and capacities (From the Delegating and Implementing acts): Knowledge and expertise to diagnose, follow up and manage patients Evidence of good outcomes Multi-disciplinary approach Capacity

899 views • 26 slides
ARBITRATION AGREEMENTS ARE YOU UNINTENTIONALLY DELEGATING CLASS ARBITRABILITY TO THE

ARBITRATION AGREEMENTS ARE YOU UNINTENTIONALLY DELEGATING CLASS ARBITRABILITY TO THE

ARBITRATION AGREEMENTS ARE YOU UNINTENTIONALLY DELEGATING CLASS ARBITRABILITY TO THE ARBITRATOR? Martin E. Burke Partner (Tampa and Birmingham) October 17, 2019 Prefatory Remarks Who decides whether to allow arbitration of class

176 views • 13 slides
A tale of two exponentiations in N = 8 supergravity Paolo Di Vecchia Niels Bohr Institute,

A tale of two exponentiations in N = 8 supergravity Paolo Di Vecchia Niels Bohr Institute,

A tale of two exponentiations in N = 8 supergravity Paolo Di Vecchia Niels Bohr Institute, Copenhagen and Nordita, Stockholm UCLA, December 11th, 2019 Paolo Di Vecchia (NBI+NO) N=8 supergravity UCLA, 2019 1 / 31 This talk is based on two

543 views • 31 slides
Delegating to private operators the counseling of young graduates jobseekers : Lessons from a

Delegating to private operators the counseling of young graduates jobseekers : Lessons from a

Delegating to private operators the counseling of young graduates jobseekers : Lessons from a French randomized experiment Batrice Sdillot, French Ministry of Labor - Dares Bruno Crpon, Crest and Poverty Action Lab Summary 1. The context 2.

727 views • 34 slides
Exponentiations vs. Single Trace Analysis COSADE Workshop - Paris, 7 March 2013. Christophe

Exponentiations vs. Single Trace Analysis COSADE Workshop - Paris, 7 March 2013. Christophe

Updated Recommendations for Blinded Exponentiations vs. Single Trace Analysis COSADE Workshop - Paris, 7 March 2013. Christophe Clavier XLIM-CNRS Limoges University, France Benoit Feix UL Security Lab, UK XLIM, Limoges University, France

462 views • 24 slides
Callcentre rollout strategy Presented by: Myprotector Group MYPROTECTOR PRODUCTS product set-up

Callcentre rollout strategy Presented by: Myprotector Group MYPROTECTOR PRODUCTS product set-up

Callcentre rollout strategy Presented by: Myprotector Group MYPROTECTOR PRODUCTS product set-up & communication guides Product 1 Join Welcome letter Start by following the Product 2 db Product 3 Get Product product 4 user

828 views • 6 slides
PRODUCT STRATEGY & E-MOBILITY AT BMW GROUP DANIEL BTTGER BMW GROUP - HEAD OF PRODUCT

PRODUCT STRATEGY & E-MOBILITY AT BMW GROUP DANIEL BTTGER BMW GROUP - HEAD OF PRODUCT

PRODUCT STRATEGY & E-MOBILITY AT BMW GROUP DANIEL BTTGER BMW GROUP - HEAD OF PRODUCT STRATEGY London I June 2017 BMW i E-MOBILITY PIONEER. World Green Car of the Year Green Car of the Year Fleet Hero Award World Car Design of the

806 views • 16 slides
Product Ads Sitelink Extensions xo group; Jam & Toast, Feb 2012 1 xo group; Jam &

Product Ads Sitelink Extensions xo group; Jam & Toast, Feb 2012 1 xo group; Jam &

Sitelink Extensions Product Ads Location Extensions Call Extensions Product Ads Sitelink Extensions xo group; Jam & Toast, Feb 2012 1 xo group; Jam & Toast, Feb 2012. PRNewswire.com, The Knot 2014 Real Weddings Study, March 2015.

629 views • 51 slides
Gulzar Singh Rism (Product Group Manager) CSA GROUP-Irvine IEEE PSES San Diego Chapter - Nov.

Gulzar Singh Rism (Product Group Manager) CSA GROUP-Irvine IEEE PSES San Diego Chapter - Nov.

Gulzar Singh Rism (Product Group Manager) CSA GROUP-Irvine IEEE PSES San Diego Chapter - Nov. 10, 2015 Outline General CEC/NEC END product Standards Related Component standards Harmonization Overview of Product Standards

372 views • 19 slides
DHCP Relay Agent Assignment Notification Option IETF-64 Bernie Volz PD Route Injection

DHCP Relay Agent Assignment Notification Option IETF-64 Bernie Volz PD Route Injection

DHCP Relay Agent Assignment Notification Option IETF-64 Bernie Volz PD Route Injection Simple Cases 1. Delegating router is on same link as requesting router delegating router can manage the routing information 2. DHCP server

571 views • 7 slides
product liability update A PUBLICATION OF VENABLE'S PRODUCT LIABILITY AND TOXIC TORTS GROUP JANUARY

product liability update A PUBLICATION OF VENABLE'S PRODUCT LIABILITY AND TOXIC TORTS GROUP JANUARY

product liability update A PUBLICATION OF VENABLE'S PRODUCT LIABILITY AND TOXIC TORTS GROUP JANUARY 2008 FDA Subcommittee Finds That FDA Cannot AUTHORS Perform Its Mission Bruce R. Parker In December

58 views • 5 slides
esap Re-use & Recycling Working Group 4 February 2015 Product Lifecycle 5 esap themes

esap Re-use & Recycling Working Group 4 February 2015 Product Lifecycle 5 esap themes

esap Re-use & Recycling Working Group 4 February 2015 Product Lifecycle 5 esap themes Design 1. Extending product durability Make 2. Minimising product returns Sell Returns Use 3. Understanding and influencing consumer behaviour on

527 views • 36 slides
Indoor Switches Air insulated switch-disconnectors EPMV Product Group Apparatus Agenda Scope

Indoor Switches Air insulated switch-disconnectors EPMV Product Group Apparatus Agenda Scope

PRODUCT AND APPLICATION PRESENTATION, 2017 Indoor Switches Air insulated switch-disconnectors EPMV Product Group Apparatus Agenda Scope Introduction Portfolio NAL/C4 design principles Accessories and product configurations Fuse-switch

715 views • 27 slides
Page 1, 18-Sep-07 Product Integration Product Integration Technical Product Product

Page 1, 18-Sep-07 Product Integration Product Integration Technical Product Product

Key Elements of the Product Integration Process Thesis proposal Stig Larsson Page 1, 18-Sep-07 Product Integration Product Integration Technical Product Product Customer Solution Integration Reports Reports Verification

299 views • 29 slides
Chapter 2: Classical Encryption Techniques Dr. Loai Tawalbeh Computer Engineering Department

Chapter 2: Classical Encryption Techniques Dr. Loai Tawalbeh Computer Engineering Department

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 2: Classical Encryption Techniques Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh Fall 2005 Introduction

474 views • 16 slides
Objectives Importance of Probability Computational Security Binomial Distribution

Objectives Importance of Probability Computational Security Binomial Distribution

Probability and Information Theory Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Importance of Probability Computational

557 views • 18 slides
Shannons Theory Debdeep Mukhopadhyay IIT Kharagpur Objectives Understand the definition

Shannons Theory Debdeep Mukhopadhyay IIT Kharagpur Objectives Understand the definition

Shannons Theory Debdeep Mukhopadhyay IIT Kharagpur Objectives Understand the definition of Perfect Secrecy Prove that a given crypto-sytem is perfectly secured One Time Pad Entropy and its computation Ideal Ciphers

657 views • 23 slides
Physical Layer Security ennur Uluku ECE / ISR University of Maryland FOR UMD USE ONLY

Physical Layer Security ennur Uluku ECE / ISR University of Maryland FOR UMD USE ONLY

Physical Layer Security ennur Uluku ECE / ISR University of Maryland FOR UMD USE ONLY Security in Wireless Systems Inherent openness in the wireless communications channel: eavesdropping and jamming attacks B A E FOR UMD USE ONLY

1.21k views • 26 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 7: Introduction to Public-Key Cryptography Objectives of this Lecture 1.

678 views • 21 slides
CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security

CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security

Cryptography is very old and very new Crypto is an ancient discipline Recall Julius Caesar, Enigma,... CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security exciting history Most of it

638 views • 4 slides
from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing

from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing

Strong Key Derivation from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing Technologies for Biometrics, Haifa January 15, 2015 Based on three works: Computational Fuzzy Extractors [FullerMengReyzin13]

1.44k views • 55 slides

More recommend