k times full traceable ring signature
play

k -times Full Traceable Ring Signature Xavier Bultel Pascal - PowerPoint PPT Presentation

Nov 02, 2022 •233 likes •671 views

k -times Full Traceable Ring Signature Xavier Bultel Pascal Lafourcade 31 August 2016, P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 1 / 26 Signature P . Lafourcade (Univ Clermont Auvergne) k

  1. k -times Full Traceable Ring Signature Xavier Bultel Pascal Lafourcade 31 August 2016, P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 1 / 26

  2. Signature P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 2 / 26

  3. Signature Signature Verification Clef privée Clef publique Secrete key Public key 1977, RSA: m d mod n P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 2 / 26

  4. Ring Signature (Rivest et al. , 2001) Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) Observer σ 1 , σ 2 , σ 3 , σ 4 , σ 5 , σ 6 and σ 7 come from Alice or Bob or Carol or David → Anonymous signatures P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 3 / 26

  5. Linkable Signature (Liu et al. , 2004) Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) Observer σ 1 , σ 2 and σ 3 come from the same user σ 5 and σ 6 come from the same user No information about σ 4 and σ 7 signer → Anonymous but Linkable P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 4 / 26

  6. 1-time Traceable Sig. (Canard et al. , 2006) Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) σ 1 , σ 2 and σ 3 comes from Alice Observer σ 5 and σ 6 comes from Carol σ 4 and σ 7 are anonymous → Only 1 anonymous signature per group member P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 5 / 26

  7. 2-times Traceable Sig. (Au et al. , 2006) Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) Observer σ 1 and σ 3 comes from Alice σ 2 , σ 4 , σ 5 , σ 6 and σ 7 are anonymous → Only 2 anonymous signature P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 6 / 26

  8. 2-times Traceable Sig. (Au et al. , 2006) Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) Observer σ 1 and σ 3 comes from Alice σ 2 , σ 4 , σ 5 , σ 6 and σ 7 are anonymous → Only 2 anonymous signature σ 2 is anonymous → not full traceable P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 6 / 26

  9. Our contribution: k-times Full Traceable Sig. Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) Observer σ 1 , σ 2 and σ 3 comes from Alice σ 4 , σ 5 , σ 6 and σ 7 are anonymous P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 7 / 26

  10. Our contribution: k-times Full Traceable Sig. Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) Observer σ 1 , σ 2 and σ 3 comes from Alice σ 4 , σ 5 , σ 6 and σ 7 are anonymous → k anonymous signature per users → Trace all cheater’s signatures P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 7 / 26

  11. Our contributions k-times Full Traceable Signature Generalize traceable signatures Ring signature (ad-hoc group) Event oriented Fine-grained k Anonymous (less than k ) Full public linkability (more than k ) Full public traceability (more than k ) Applications: proxy voting 1 k-times veto 2 P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 8 / 26

  12. Application in k-times Veto for CARS’16 Alice Bob Carol David Conference on Anonymous Ring Signatures List of candidates for the Program Commitee (PC): Albert, Bernard, Cedric, Donald, Edward, Fabien, Gaston, Hercul, Ivan, Jim, Karl Each member of Steering Commitee (SC) can exclude k names of the list Vetos are anonymous Members who exceed this limitation are excluded and their vetos are discarded P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 9 / 26

  13. Application: k-times Veto PC= Albert, Bernard, Cedric, Donald, Edward, Fabien, Gaston, Hercul, Ivan, Jim, Karl Veto using 2-times traceable signature: Alice Bob ( Donald , σ ( Donald )) ( Jim , σ ( Jim )) ( Edward , σ ( Edward )) ( Edward , σ ( Edward )) Carol David ( Albert , σ ( Albert )) ( Gaston , σ ( Gaston )) ( Gaston , σ ( Gaston )) P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 10 / 26

  14. Application: k-times Veto PC= Albert, Bernard, Cedric, Donald, Edward, Fabien, Gaston, Hercul, Ivan, Jim, Karl Veto using 2-times traceable signature: Alice Bob ( Donald , σ ( Donald )) ( Jim , σ ( Jim )) ( Edward , σ ( Edward )) ( Edward , σ ( Edward )) Carol David ( Albert , σ ( Albert )) ( Gaston , σ ( Gaston )) ( Gaston , σ ( Gaston )) P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 10 / 26

  15. Application: k-times Veto PC= Albert, Bernard, Cedric, Donald, Edward, Fabien, Gaston, Hercul, Ivan, Jim, Karl Veto using 2-times full traceable signature: Alice Bob ( Donald , σ ( Donald )) ( Jim , σ ( Jim )) ( Edward , σ ( Edward )) ( Edward , σ ( Edward )) Carol David ( Albert , σ ( Albert )) ( Gaston , σ ( Gaston )) ( Gaston , σ ( Gaston )) P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 10 / 26

  16. Outline Introduction 1 Definitions 2 k -FTRS Security Notions Our Scheme 3 Conclusion 4 P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 11 / 26

  17. Outline Introduction 1 Definitions 2 k -FTRS Security Notions Our Scheme 3 Conclusion 4 P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 12 / 26

  18. Formal Definition L , L 1 and L 2 are sets of public keys (identities) of users’ ring Definition ( k -FTRS) Init ( 1 t ) : output init Gen ( init , k ) : output a signing key pair ( ssk , svk ) Sig E ( ssk , m , L , j ) : output a signature σ Ver E ( L , σ, m ) : check that σ is valid Link E ( L 1 , L 2 , σ 1 , σ 2 , m 1 , m 2 ) : test link between σ 1 and σ 2 Match E ( L 1 , L 2 , σ 1 , σ 2 , m 1 , m 2 ) : output svk u and a tracer ω ( E , u ) Trace E ( L , σ, m , ω ( E , u ) ) : check whether σ comes from the user u . P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 13 / 26

  19. Example (2-times) Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) Observer P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 14 / 26

  20. Example (2-times) Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) Observer Detect cheaters: link on all pairs ( σ i , σ j ) → Link σ 1 and σ 3 P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 14 / 26

  21. Example (2-times) Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) Detect cheaters: link on all pairs ( σ i , σ j ) Observer → Link σ 1 and σ 3 Identify cheater: match on σ 1 and σ 3 → svk alice and tracer ω P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 14 / 26

  22. Example (2-times) Alice Bob ( m 1 , σ 1 ) ( m 2 , σ 2 ) ( m 4 , σ 4 ) ( m 3 , σ 3 ) Carol David ( m 5 , σ 5 ) ( m 7 , σ 7 ) ( m 6 , σ 6 ) Detect cheaters: link on all pairs ( σ i , σ j ) Observer → Link σ 1 and σ 3 Identify cheater: match on σ 1 and σ 3 → svk alice and tracer ω Remove signature: trace using ω on all σ → Trace and remove σ 2 P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 14 / 26

  23. Security Definition (Unforgeability) It is infeasible to forge a signature without the key Signature oracle P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 15 / 26

  24. Security Definition (Unforgeability) It is infeasible to forge a signature without the key Signature oracle Definition (Anonymity) It is infeasible to guess the identity of a signer from less than k signatures Signature oracle (with inherent restrictions) P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 15 / 26

  25. Security Definition (Unforgeability) It is infeasible to forge a signature without the key Signature oracle Definition (Anonymity) It is infeasible to guess the identity of a signer from less than k signatures Signature oracle (with inherent restrictions) Definition (Traceability) More than k signatures are always traceable Signature oracle P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 15 / 26

  26. Outline Introduction 1 Definitions 2 k -FTRS Security Notions Our Scheme 3 Conclusion 4 P . Lafourcade (Univ Clermont Auvergne) k -times Full Traceable Ring Signature 31/08/2016 16 / 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford

Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford

Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford DEcentralized and DIstributed Systems Goal Anonymity Accountability Usability 2 Ring Signature Anonymous Spontaneous 3 Linkable Ring

372 views • 24 slides
Identity Based Ring Signature Why, How, and What Next Sherman S.M. Chow Richard W.C. Lui Lucas

Identity Based Ring Signature Why, How, and What Next Sherman S.M. Chow Richard W.C. Lui Lucas

Identity Based Ring Signature Why, How, and What Next Sherman S.M. Chow Richard W.C. Lui Lucas C.K. Hui S.M. Yiu The University of Hong Kong Outline Introduction PKI vs ID-based Ring Signatures Technical Preliminaries

1.81k views • 29 slides
Practical Implementation of Ring-SIS/LWE based Signature and IBE Pauline Bert, Pierre-Alain

Practical Implementation of Ring-SIS/LWE based Signature and IBE Pauline Bert, Pierre-Alain

Practical Implementation of Ring-SIS/LWE based Signature and IBE Pauline Bert, Pierre-Alain Fouque, Adeline Roux-Langlois, and Mohamed Sabt PQCrypto 2018, April 11 Univ Rennes, CNRS, IRISA 1 Identity Based Encryption Private Key Generator E

754 views • 23 slides
W HEN DO WE MOVE TO FULL RING , SELF - CONSISTENT SIMULATIONS ? JR Cary 20180509 1 SIMULATIONS

W HEN DO WE MOVE TO FULL RING , SELF - CONSISTENT SIMULATIONS ? JR Cary 20180509 1 SIMULATIONS

Optical Society of Americas Image of the week, 20180409 W HEN DO WE MOVE TO FULL RING , SELF - CONSISTENT SIMULATIONS ? JR Cary 20180509 1 SIMULATIONS EMPOWERING YOUR INNOVATIONS Self-consistent, full-ring simulations What do know about

347 views • 18 slides
Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature

Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature

Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature 1 Signature 2 Signature 2 http://comm ons.wikime dia.org/wiki/ File:Piasnic a- Signature 3 Signature 3 wodowskaz -0.jpg Ida Westerberg 1,2

388 views • 19 slides
ratification and signature Signature vs ratification Signature formal expression of intent to

ratification and signature Signature vs ratification Signature formal expression of intent to

Steps and technical modalities to follow for the deposit of the instrument of ratification and signature Signature vs ratification Signature formal expression of intent to be bound, but no legal obligation yet: however, a State is

585 views • 10 slides
Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital

Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital

Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital Signature Digital Signature And Hash Function Biometric Signature Electronic Signature Act ROC, 2002/04/01,

299 views • 13 slides
FY20 Full Ye a r Re sults Pre se nta tio n 21 Aug ust 2020 De live ring inno va tive

FY20 Full Ye a r Re sults Pre se nta tio n 21 Aug ust 2020 De live ring inno va tive

FY20 Full Ye a r Re sults Pre se nta tio n 21 Aug ust 2020 De live ring inno va tive industrial so lutio ns a nd se rvic e s ASX: CYG T ra ding upda te ASX: CYG E xe c utive summa ry T he he a lth, sa fe ty a nd we llb e ing o f o

696 views • 25 slides
Digital Signature Schemes 1 What is digital signature? Properties Who signed what is

Digital Signature Schemes 1 What is digital signature? Properties Who signed what is

Digital Signature Schemes 1 What is digital signature? Properties Who signed what is publicly verifiable Unforgeable 2 A Digital Signature Scheme Key generation algorithm G (probabilistic) ( pk, sk ) G (1 ) security

602 views • 22 slides
FY19 Full Ye a r Re sults Pre se nta tio n Aug ust 2019 De live ring inno va tive industrial

FY19 Full Ye a r Re sults Pre se nta tio n Aug ust 2019 De live ring inno va tive industrial

FY19 Full Ye a r Re sults Pre se nta tio n Aug ust 2019 De live ring inno va tive industrial so lutio ns a nd se rvic e s ASX: CYG Co rpo ra te Sna psho t Aug ust 2019 Ke y Ma rke t Me tric s SHARE PRIC E SHARES ON MARKET NET DEBT

238 views • 22 slides
1-out-of-2 Signature Jun Shao 2 Whats 1-out-of-2 Signature Mirosaw Kutyowski 1 and Jun

1-out-of-2 Signature Jun Shao 2 Whats 1-out-of-2 Signature Mirosaw Kutyowski 1 and Jun

1-out-of-2 Signature Mirosaw Kutyowski 1 and 1-out-of-2 Signature Jun Shao 2 Whats 1-out-of-2 Signature Mirosaw Kutyowski 1 and Jun Shao 2 Definitions of 1-out-of-2 signature 1 Institute of Mathematics and Computer Science Our

489 views • 34 slides
Full-speed ahead all-electric proton EDM ring Richard Talman Laboratory for Elementary-Particle

Full-speed ahead all-electric proton EDM ring Richard Talman Laboratory for Elementary-Particle

1 Full-speed ahead all-electric proton EDM ring Richard Talman Laboratory for Elementary-Particle Physics Cornell University 15 January, 2018, Juelich 2 Outline Extending historical force field symmetry studies Experiments that could not

854 views • 39 slides
BALL BEAR RING SOFT CLOSE SLIDES ES Soft close fu full extension ball beari aring slide Side

BALL BEAR RING SOFT CLOSE SLIDES ES Soft close fu full extension ball beari aring slide Side

TECHNICAL DATA SHEET 6 August 2016 AJC Revised 16 A Phone: 08 9446 6333 Fax: 08 9446 8865 65 Email: hardware@galvinhw.com.au Web: ga galvinhw.com.au BALL BEAR RING SOFT CLOSE SLIDES ES Soft close fu full

454 views • 4 slides
EducationLiving in unequal times The facts We live in a world full of broken-ness, one

EducationLiving in unequal times The facts We live in a world full of broken-ness, one

EducationLiving in unequal times The facts We live in a world full of broken-ness, one which lacks generosity All human beings are entitled to equal respect Equality of opportunity is an entitlement that derives from our

830 views • 49 slides
TIMES TABLES HOW WE TEACH TIMES TABLES AND HOW YOU CAN HELP WHY ARE TIMES TABLES IMPORTANT?

TIMES TABLES HOW WE TEACH TIMES TABLES AND HOW YOU CAN HELP WHY ARE TIMES TABLES IMPORTANT?

TIMES TABLES HOW WE TEACH TIMES TABLES AND HOW YOU CAN HELP WHY ARE TIMES TABLES IMPORTANT? New from 2019: all children in year 4 will sit an online times table test. Times Tables knowledge and recall underpin so many different areas of

526 views • 25 slides
Non-Hamiltonian and Non-Traceable Regular 3-Connected Planar Graphs Nico Van Cleemput Carol T.

Non-Hamiltonian and Non-Traceable Regular 3-Connected Planar Graphs Nico Van Cleemput Carol T.

Introduction Quartic Quintic Conclusion Non-Hamiltonian and Non-Traceable Regular 3-Connected Planar Graphs Nico Van Cleemput Carol T. Zamfirescu Combinatorial Algorithms and Algorithmic Graph Theory Department of Applied Mathematics,

673 views • 40 slides
9.520 Math Camp Probability Theory Say we have some training data S ( n ) , consisting of n

9.520 Math Camp Probability Theory Say we have some training data S ( n ) , consisting of n

9.520 Math Camp Probability Theory Say we have some training data S ( n ) , consisting of n input points { x i } n i =1 and the corresponding labels { y i } n i =1 : S ( n ) = { ( x 1 , y 1 ) , . . . , ( x n , y n ) } We also have a learning

494 views • 3 slides
Access to community mental health services How COVID19 is shaping our approach Steve Appleton

Access to community mental health services How COVID19 is shaping our approach Steve Appleton

Access to community mental health services How COVID19 is shaping our approach Steve Appleton European Lead International Intitiative for Mental Health Leadership steve.appleton@contactconsulting.co.uk 30 th April 2020 About IIMHL Now in

220 views • 10 slides
Infrastucture and IT support for the MAGIX collaboration Stefano Caiazza Mainz, February 17 2017

Infrastucture and IT support for the MAGIX collaboration Stefano Caiazza Mainz, February 17 2017

Infrastucture and IT support for the MAGIX collaboration Stefano Caiazza Mainz, February 17 2017 The group is quickly developing I started in 2013: we were 4 2014: 6/7 people By the end of 2015 we were about 10 and needed a second

225 views • 18 slides
The many faces of leadership. A founders guide to contextually appropriate leadership. Today

The many faces of leadership. A founders guide to contextually appropriate leadership. Today

The many faces of leadership. A founders guide to contextually appropriate leadership. Today Our leadership journeys Contextually Appropriate Leadership theory Theory into practice 2 About Us (The Exec Summary) 3 Gendry

577 views • 20 slides
Short Division of Long Integers (joint work with David Harvey) Paul Zimmermann October 6, 2011

Short Division of Long Integers (joint work with David Harvey) Paul Zimmermann October 6, 2011

Short Division of Long Integers (joint work with David Harvey) Paul Zimmermann October 6, 2011 The problem to be solved Divide efficiently a p -bit floating-point number by another p -bit f-p number in the 100-10000 digit range Paul

561 views • 30 slides
All Ireland Schwartz Rounds and QI Conference People Make Change Happen | #QIreland

All Ireland Schwartz Rounds and QI Conference People Make Change Happen | #QIreland

All Ireland Schwartz Rounds and QI Conference People Make Change Happen | #QIreland #SchwartzRounds | Dublin Castle | 2020 @NationalQI

428 views • 18 slides
Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata Return to

Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata Return to

Slide 1 / 75 Slide 2 / 75 6 th Grade PSI Earth's Materials and Systems Part I : The History of Planet Earth www.njctl.org Slide 3 / 75 Slide 4 / 75 Table of Contents: The History of Planet Earth Click on the topic to go to that section

281 views • 13 slides
Dante Firefighters are our heroes. Lets make them our super heroes. OCTOBER 5TH 2017 | RED B

Dante Firefighters are our heroes. Lets make them our super heroes. OCTOBER 5TH 2017 | RED B

Dante Firefighters are our heroes. Lets make them our super heroes. OCTOBER 5TH 2017 | RED B Problem RED B . ...we be become ve very at attac ached to to ou our fi firefi figh ghter he helmets. Th They ar are a a ma

364 views • 15 slides

More recommend