efficient unlinkable sanitizable signatures from
play

Efficient Unlinkable Sanitizable Signatures from Signatures with - PowerPoint PPT Presentation

Oct 11, 2022 •101 likes •577 views

Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils Fleischhacker Johannes Krupp Giulio Malavolta Jonas Schneider Dominique Schr oder Mark Simkin March 7, 2016 Sanitizable Signatures

  1. Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils Fleischhacker Johannes Krupp Giulio Malavolta Jonas Schneider Dominique Schr¨ oder Mark Simkin March 7, 2016

  2. ✦ ✪ Sanitizable Signatures [ACdMT05] Bob E.D. $ 800

  3. ✪ Sanitizable Signatures [ACdMT05] Bob $ 800 ✦ E.D.

  4. ✦ Sanitizable Signatures [ACdMT05] Bob censored E.D. ✪ $ 800

  5. ✦ Sanitizable Signatures [ACdMT05] Bob censored E.D. ✪ $ 800 Nurse

  6. ✪ Sanitizable Signatures [ACdMT05] Bob censored E.D. ✦ $ 800 Nurse

  7. ✪ Sanitizable Signatures [ACdMT05] Bob Bob $ 800 ✦ Influenza E.D. $ 800 Nurse

  8. Security of Sanitizable Signatures ◮ Formalized by Brzuska et al. [BFFLPSSV09] ◮ Immutability ◮ Sanitizer Accountability ◮ Signer Accountability ◮ Transparency ◮ Unforgeability ◮ Privacy ◮ Missing property identified by Brzuska et al. [BFLS10] ◮ Unlinkability

  9. Security of Sanitizable Signatures ◮ Formalized by Brzuska et al. [BFFLPSSV09] ◮ Immutability ◮ Sanitizer Accountability ◮ Signer Accountability ◮ Transparency ◮ Unforgeability ◮ Privacy ◮ Missing property identified by Brzuska et al. [BFLS10] ◮ Unlinkability

  10. Security of Sanitizable Signatures ◮ Formalized by Brzuska et al. [BFFLPSSV09] ◮ Immutability ◮ Sanitizer Accountability ◮ Signer Accountability ◮ Transparency ◮ Unforgeability ◮ Privacy ◮ Missing property identified by Brzuska et al. [BFLS10] ◮ Unlinkability

  11. Immutability [ACdMT05][BFFLPSSV09] Bob Charlie E.D. E.D. $ 800 ✪ $ 800 Nurse

  12. Sanitizer-Accountability [ACdMT05][BFFLPSSV09] Bob Influenza $ 800 Nurse Π

  13. Sanitizer-Accountability [ACdMT05][BFFLPSSV09] Bob Influenza $ 800 Nurse Π Yes! This message was sanitized.

  14. Signer-Accountability [ACdMT05][BFFLPSSV09] Bob Stupid $ 800 Π

  15. Signer-Accountability [ACdMT05][BFFLPSSV09] Bob Stupid $ 800 Π Nope! This message was not sanitized.

  16. Transparency [ACdMT05][BFFLPSSV09] Bob Bob ? Influenza Influenza $ 800 $ 800 ???

  17. Unlinkability [BFLS10] Bob Acne $ 800 ? Bob E.D. Nurse $ 800 ??? Bob Influenza $ 800

  18. The General Idea sk sig σ Fix Sign m 1 m 2 m 3 m 4 m 5 sk san

  19. The General Idea sk sig σ Fix Sign m 1 m 2 m 3 m 4 m 5 sk san ? Sign σ ′ σ

  20. The General Idea sk sig σ Fix Sign m 1 m 2 m 3 m 4 m 5 sk san Sign σ ′ σ

  21. Signatures with Re-Randomizable Keys sk κ Gen pk

  22. Signatures with Re-Randomizable Keys Sign sk κ m σ Gen pk

  23. Signatures with Re-Randomizable Keys Sign sk κ m σ Gen pk Verify b

  24. Signatures with Re-Randomizable Keys RandSK Sign sk ρ κ m σ Gen pk Verify RandPK b

  25. Unforgeability under Re-Randomized Keys pk ( sk , pk ) ← Gen (1 κ ) ( m ∗ , σ ∗ )

  26. Unforgeability under Re-Randomized Keys pk ( sk , pk ) ← Gen (1 κ ) m σ ← Sign ( sk , m ) σ ( m ∗ , σ ∗ ) The attacker wins if Verify ( pk , m ∗ , σ ∗ ) = 1 and m � = m ∗

  27. Unforgeability under Re-Randomized Keys pk ( sk , pk ) ← Gen (1 κ ) m σ ← Sign ( sk , m ) σ m, ρ sk ′ ← RandSK ( sk , ρ ) σ ← Sign ( sk ′ , m ) σ ( m ∗ , σ ∗ , ρ ∗ ) The attacker wins if Verify ( pk , m ∗ , σ ∗ ) = 1 and m � = m ∗ or Verify ( pk ′ , m ∗ , σ ∗ ) = 1 and m � = m ∗ with pk ′ ← RandPK ( pk , ρ ∗ )

  28. Unforgeability under Re-Randomized Keys ◮ Nontrivial Property ◮ Does not follow from standard unforgeability. ◮ Many schemes with re-randomizable keys not unforgeable under re-randomized keys ◮ e.g. Boneh-Boyen, Camenisch-Lysyanskaya ◮ Instantiations in ROM and Standard Model ◮ Schnorr ◮ Hofheinz-Kiltz

  29. Unforgeability under Re-Randomized Keys ◮ Nontrivial Property ◮ Does not follow from standard unforgeability. ◮ Many schemes with re-randomizable keys not unforgeable under re-randomized keys ◮ e.g. Boneh-Boyen, Camenisch-Lysyanskaya ◮ Instantiations in ROM and Standard Model ◮ Schnorr ◮ Hofheinz-Kiltz

  30. Our Construction σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 pk sig pk san

  31. Our Construction σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 RandSK sk ′ pk ′ RandPK pk sig pk san

  32. Our Construction σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 Sign RandSK sk ′ σ ′ pk ′ RandPK pk sig pk san

  33. Our Construction σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 Sign RandSK sk ′ σ ′ pk ′ RandPK pk sig pk san P PoK τ

  34. Our Construction σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 Sign RandSK sk ′ σ ′ pk ′ RandPK pk sig c Enc pk san P PoK τ

  35. Our Construction σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 Sign RandSK sk ′ σ ′ pk ′ RandPK pk sig c Enc pk san P PoK τ σ

  36. Our Construction Immutability σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 Sign RandSK sk ′ σ ′ pk ′ RandPK pk sig c Enc pk san P PoK τ σ

  37. Our Construction Sanitizer-Accountability σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 Sign RandSK sk ′ σ ′ pk ′ RandPK pk sig c Enc pk san P PoK τ σ

  38. Our Construction Signer-Accountability σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 Sign RandSK sk ′ σ ′ pk ′ RandPK pk sig c Enc pk san P PoK τ σ

  39. Our Construction Transparency σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 Sign RandSK sk ′ σ ′ pk ′ RandPK pk sig c Enc pk san P PoK τ σ

  40. Our Construction Unlinkability σ Fix sk sig Sign m 1 m 2 m 3 m 4 m 5 Sign RandSK sk ′ σ ′ pk ′ RandPK pk sig c Enc pk san P PoK τ σ

  41. Comparison Computation BFLS10 using This Paper 1 Groth07 FY04 KGen sig 7 E 1 E 1 E KGen san 1 E 1 E 4 E Sign 15 E 194 E+ 2 P 2831 E Sanit 14 E 186 E+ 1 P 2814 E Verify 17 E 207 E + 62 P 2011 E Proof 23 E 14 E+ 1 P 18 E Judge 6 E 1 E+ 2 P 2 E E=modular exponentiation,P= pairing evaluation 1 Instantiated with Schnorr signatures, Cramer-Shoup Encryption, and Fiat-Shamir transformed Σ -protocols.

  42. Comparison Computation BFLS10 using This Paper 1 Groth07 FY04 KGen sig 7 E 1 E 1 E KGen san 1 E 1 E 4 E Sign 15 E 194 E+ 2 P 2831 E Sanit 14 E 186 E+ 1 P 2814 E Verify 17 E 207 E + 62 P 2011 E Proof 23 E 14 E+ 1 P 18 E Judge 6 E 1 E+ 2 P 2 E E=modular exponentiation,P= pairing evaluation 1 Instantiated with Schnorr signatures, Cramer-Shoup Encryption, and Fiat-Shamir transformed Σ -protocols.

  43. Comparison Storage BFLS10 using This Paper 2 Groth07 FY04 pk sig 7 1 1 sk sig 14 1 1 pk san 1 1 5 sk san 1 1 1 14 69 1620 σ π 4 1 3 measured in group elements 2 Instantiated with Schnorr signatures, Cramer-Shoup Encryption, and Fiat-Shamir transformed Σ -protocols.

  44. Comparison Storage BFLS10 using This Paper 2 Groth07 FY04 pk sig 7 1 1 sk sig 14 1 1 pk san 1 1 5 sk san 1 1 1 14 69 1620 σ π 4 1 3 measured in group elements 2 Instantiated with Schnorr signatures, Cramer-Shoup Encryption, and Fiat-Shamir transformed Σ -protocols.

  45. Conclusion We construct an unlinkable sanitizable signature scheme that can be instantiated at least one order of magnitude more efficiently than previously known schemes.

  46. Thank You! Nils Fleischhacker fleischhacker@cs.uni-saarland.de Full Version: ia.cr/2015/395

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-03-03 1 Outline Why assumptions? Efficient one-time signatures Digital Signatures 2020-03-03 2 Recap: Lamport EUF-1-CMA secure

1.14k views • 37 slides
More Efficient (Almost) Tightly Secure Structure-Preserving Signatures Romain Gay 1 Dennis

More Efficient (Almost) Tightly Secure Structure-Preserving Signatures Romain Gay 1 Dennis

More Efficient (Almost) Tightly Secure Structure-Preserving Signatures Romain Gay 1 Dennis Hofheinz 2 Lisa Kohl 2 Jiaxin Pan 2 1 ENS Paris, France 2 Karlsruhe Institute of Technology, Germany R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient

827 views • 45 slides
Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties Signatures Signatures with various functionality/properties Constructions come in different flavors (well sample each flavor): Signatures

1.55k views • 131 slides
Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And Putting It All Together Lecture 12 Digital Signatures Digital Signatures Syntax: KeyGen, Sign SK and Verify VK . Security: Same experiment as MAC s,

1.72k views • 142 slides
Geometry meets IoT: Efficient low-memory key exchange and signatures Benjamin Smith Team GRACE

Geometry meets IoT: Efficient low-memory key exchange and signatures Benjamin Smith Team GRACE

Geometry meets IoT: Efficient low-memory key exchange and signatures Benjamin Smith Team GRACE INRIA + Laboratoire dInformatique de l Ecole polytechnique (LIX) Summer school on real-world crypto and privacy Sibenik, Croatia, June 8

424 views • 41 slides
CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations Ward Beullens

CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations Ward Beullens

CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations Ward Beullens Thorsten Kleinjung Frederik Vercauteren imec - COSIC December 3, 2019 Introduction : CSIDH [Castryck et al.] 1/34 Take the supersingular elliptic

1.2k views • 86 slides
Efficient Quantum-Immune Keyless Signatures with Identity Risto Laanoja Tallinn University of

Efficient Quantum-Immune Keyless Signatures with Identity Risto Laanoja Tallinn University of

Efficient Quantum-Immune Keyless Signatures with Identity Risto Laanoja Tallinn University of Technology / Guardtime AS May 17, 2014 Estonian CS Theory days at Narva-J oesuu TL; DR Built a practical signature scheme without modular

585 views • 25 slides
Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions

Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions

Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions Benot Libert 1 , 2 San Ling 3 Fabrice Mouhartem 1 Khoa Nguyen 3 Huaxiong Wang 3 1 .N.S. de Lyon, France 2 CNRS, France 3 Nanyang Technological

1.33k views • 92 slides
Efficient Implementation of Hash-Sequence Signatures Ahto Truu, Guardtime AS / Tallinn University

Efficient Implementation of Hash-Sequence Signatures Ahto Truu, Guardtime AS / Tallinn University

Efficient Implementation of Hash-Sequence Signatures Ahto Truu, Guardtime AS / Tallinn University of Technology This is joint work with Ahto Buldas and Risto Laanoja The presenter has received the Skype and IT Academy PhD Students Scholarship

318 views • 15 slides
Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from

Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from

Motivation Research Question Results Conclusion Notes Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from Standard Signatures Siamak Shahandashti 1 Rei Safavi-Naini 2 1 SCSSE & CCISR, Uni

465 views • 46 slides
1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Digital Signatures have looked at message authentication but does not address issues of lack of trust Chapter 13 Digital Signatures digital signatures provide the ability to:

361 views • 3 slides
Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s

Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s

Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s users require only secretkeys users require n 2 secretkeys Privately verifiable and non-transferable Same signature

764 views • 53 slides
Leptophilic Higgs Leptophilic Higgs Signatures at the LHC Signatures at the LHC (And the

Leptophilic Higgs Leptophilic Higgs Signatures at the LHC Signatures at the LHC (And the

Leptophilic Higgs Leptophilic Higgs Signatures at the LHC Signatures at the LHC (And the Importance of Leptonic Decays for Higgs Discovery) Brooks Thomas (The University of Arizona) Shufang Su & BT [arXiv:0903.0667] What do we know about

375 views • 26 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-02-25 1 Outline Recap: security experiments Message space extension One-time signatures One-time signatures from one-way functions Digital

1.07k views • 48 slides
Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976

Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976

Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976 Diffie Hellman: Public-key signatures would allow verification by anyone, not just signer. Cool! Can we build a signature system? 1977 Rivest

743 views • 33 slides
Outline Efficient Receipt-Freeness for e-Voting David Pointcheval 1 Introduction Joint work

Outline Efficient Receipt-Freeness for e-Voting David Pointcheval 1 Introduction Joint work

Introduction Cryptographic Tools State-of-the-Art Signatures on Ciphertexts Introduction Cryptographic Tools State-of-the-Art Signatures on Ciphertexts Outline Efficient Receipt-Freeness for e-Voting David Pointcheval 1 Introduction

444 views • 11 slides
CIS 781 What is a Shadow? Shadows From Websters dictionary: Shad-ow (noun): partial

CIS 781 What is a Shadow? Shadows From Websters dictionary: Shad-ow (noun): partial

CIS 781 What is a Shadow? Shadows From Websters dictionary: Shad-ow (noun): partial darkness or obscurity within a part of space from which rays from a source of light are cut off by an interposed opaque body Simplest Example :

634 views • 37 slides
10/29/12 The Role of Food Allergies and Intolerances in Chronic Conditions JENNIFER

10/29/12 The Role of Food Allergies and Intolerances in Chronic Conditions JENNIFER

10/29/12 The Role of Food Allergies and Intolerances in Chronic Conditions JENNIFER JEWELL-LARSEN, ND MEDICA MEDICAL DIRECT L DIRECTOR, OR, NA NATUR TUROP OPATH THIC F IC FAMIL MILY H Y HEA EALTH TH INFO@NF-HEAL INF

389 views • 9 slides
Outline Introduction Sharp shadows Soft shadows Conclusion Why are Shadows

Outline Introduction Sharp shadows Soft shadows Conclusion Why are Shadows

Shadow Algorithms Outline Introduction Sharp shadows Soft shadows Conclusion Why are Shadows Important? Depth cue Scene Lighting Realism Contact points Shadows as a Depth Cue / Spatial Relation For Intuition

527 views • 18 slides
UC San Diego 1 Many Web services today are free/open access Supported by advertising

UC San Diego 1 Many Web services today are free/open access Supported by advertising

Marti Motoyama, Damon McCoy, Kirill Levchenko, Stefan Savage, and Geoffrey M. Voelker UC San Diego 1 Many Web services today are free/open access Supported by advertising revenue Reaching critical mass requires low barrier to entry

443 views • 41 slides
14 Herbs With Historical Common Thyme Thymus vulgaris Medicinal Uses Basics PREFERRED GROWING

14 Herbs With Historical Common Thyme Thymus vulgaris Medicinal Uses Basics PREFERRED GROWING

6/8/2020 14 Herbs With Historical Common Thyme Thymus vulgaris Medicinal Uses Basics PREFERRED GROWING CONDITIONS Fragrant, pale lilac blooms 1 H x 1 W WATER Full Sun Part Sun Perennial (Zones 5-9) Moist Elderberry

68 views • 4 slides
Mortality Slide Series National Center for HIV/AIDS, Viral Hepatitis, STD, and TB Prevention

Mortality Slide Series National Center for HIV/AIDS, Viral Hepatitis, STD, and TB Prevention

Mortality Slide Series National Center for HIV/AIDS, Viral Hepatitis, STD, and TB Prevention Division of HIV/AIDS Prevention HIV Mortality Slides An analysis of trends in rates and distributions of deaths in the United States, focusing on

449 views • 27 slides
HIV/AIDS in the Rural US Prevalence and Service Availability Janice Probst, PhD Medha Iyer, PhD,

HIV/AIDS in the Rural US Prevalence and Service Availability Janice Probst, PhD Medha Iyer, PhD,

HIV/AIDS in the Rural US Prevalence and Service Availability Janice Probst, PhD Medha Iyer, PhD, MD Saundra Glover, PhD Deshia Leonhirth, MBA S outh C arolina Rural Health Research Center At the Heart of Public Health Policy HIV/AIDS Basics

302 views • 15 slides
!"#$% &"'( !"#$%&'()*+,'-% .,,+%$(%/0(1 Todays workshop is sponsored

!"#$% &"'( !"#$%&'()*+,'-% .,,+%$(%/0(1 Todays workshop is sponsored

!"#$% &"'( !"#$%&'()*+,'-% .,,+%$(%/0(1 Todays workshop is sponsored by BSAS The Bureau of Substance Addiction Services: Provides access to addictions services for the uninsured Funds and monitors prevention,

650 views • 53 slides

More recommend