threshold ring signatures new security definitions and
play

Threshold Ring Signatures: New Security Definitions and Post-Quantum - PowerPoint PPT Presentation

Sep 18, 2023 •125 likes •736 views

Problem Description Current State of the Art Our Contribution Our Scheme Summary References Threshold Ring Signatures: New Security Definitions and Post-Quantum Security Abida Haque , Alessandra Scafuro North Carolina State University May

  1. Problem Description Current State of the Art Our Contribution Our Scheme Summary References Threshold Ring Signatures: New Security Definitions and Post-Quantum Security Abida Haque , Alessandra Scafuro North Carolina State University May 25, 2020 1 / 51

  2. Problem Description Current State of the Art Our Contribution Threshold Ring Signature Our Scheme Summary References Problem Description 2 / 51

  3. Problem Description Current State of the Art Our Contribution Threshold Ring Signature Our Scheme Summary References Threshold Ring Signature Main Definitions Threshold ring signatures : t distinct parties anonymously sign on behalf of a ring of N public keys. The identity of the signers remains private (to any non-signers). 3 / 51

  4. Problem Description Current State of the Art Our Contribution Threshold Ring Signature Our Scheme Summary References Threshold Ring Signature Signature Signer Verifier msg , σ σ ← Sign sk ( msg ) unforgeability 4 / 51

  5. Problem Description Current State of the Art Our Contribution Threshold Ring Signature Our Scheme Summary References Threshold Ring Signature Ring Signature Signer Verifier Ring: Non-signers msg , σ, R σ ← Sign sk ( msg ; R ) unforgeability anonymity 5 / 51

  6. Problem Description Current State of the Art Our Contribution Threshold Ring Signature Our Scheme Summary References Threshold Ring Signature Ring Signature Signers Verifier Ring: Non-signers msg , σ, R σ ← Sign sk i ,sk j ( msg ; R ) unforgeability anonymity threshold 6 / 51

  7. Problem Description Current State of the Art Our Contribution Threshold Ring Signature Our Scheme Summary References Motivation Increased tolerance to misbehavior of users Suits decentralized settings Settings where you need a quorum. Fund A: Fund B: Fund B: 2-of-5 2-of-5 3-of-5 votes votes votes an ad-hoc "voting" mechanism for community projects posted on the blockchain Funds: $$$ 7 / 51

  8. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Current State of the Art 8 / 51

  9. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References State of the Art Passive Security Definitions Post-Quantum Insecure 1 Hardness Assumptions 2 Techniques 9 / 51

  10. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Threshold Ring Signature Setting Ad-hoc settings where the users can generate their keys independently, and join or leave the system at any time. Users could join the system with dishonestly generated keys. 10 / 51

  11. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Passive Adversaries Only passive adversaries. Adversaries can only obtain honestly generated keys. Sometimes cannot even choose to add more (honest) keys (e.g., Bettaieb and Schrek (2013); Petzoldt et al. (2013)), Adversaries cannot corrupt parties (e.g. Okamoto et al. (2018); Petzoldt et al. (2013); Bettaieb and Schrek (2013)). Bender et al. (2006) observe that the above doesn’t reflect the open settings of ring signatures. 11 / 51

  12. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References State of the Art Passive Security Definitions Post-Quantum Insecure 1 passive adversaries 1 Hardness 2 no corruption Assumptions 3 no adding of new honest keys 2 Techniques 12 / 51

  13. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Post-Quantum Hardness Assumptions Discrete log, factoring hardness assumptions are not secure against an attack from a quantum computer (Shor (1994)). Some constructions Melchor et al. (2011); Bettaieb and Schrek (2013); Cayrel et al. (2010); Petzoldt et al. (2013) use post-quantum secure hardness problems such as lattices or learning-with-errors. 13 / 51

  14. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References State of the Art Passive Security Definitions Post-Quantum Insecure 1 passive adversaries 1 Non-PQ secure 2 no corruption problems 3 no adding of new honest keys 2 Techniques 14 / 51

  15. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Proof Techniques in Post-Quantum Setting Transform from Fiat and Shamir (1986) common, but security may not hold in the quantum setting (Boneh et al. (2011); Ambainis et al. (2014)). Quantum rewinding is not trivial (Watrous (2009); Ambainis et al. (2014)). Fiat-Shamir is post-quantum secure in certain situations (Liu and Zhandry (2019); Don et al. (2019)) but may not hold in general. 15 / 51

  16. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Transformation Signer Signer Verifier Verifier Figure: Transform an interactive protocol into a non-interactive one. 16 / 51

  17. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Rewinding Figure: Prove scheme with Signer Verifier rewinding. But a quantum adversary may notice! 17 / 51

  18. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Quantum vs Classical Access Classical On a single query, can only get a single response. Query Response 18 / 51

  19. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Quantum vs Classical Access Quantum Can get a superposition of answers. |Query > |Response > Can define all possible outputs using only a single query. This is why we use Unruh. 19 / 51

  20. Problem Description Current State of the Art Weak Security Definitions Our Contribution Post-Quantum Security Our Scheme Summary References State of the Art Passive Security Definitions Post-Quantum Insecure 1 passive adversaries 1 Non-PQ secure 2 no corruption problems 3 no adding of new honest keys 2 Fiat-Shamir is not PQ-secure in general. 20 / 51

  21. Problem Description Current State of the Art Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Our Contribution 21 / 51

  22. Problem Description Current State of the Art Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Our Contribution 1 Definitions for unforgeability and anonymity with active adversaries. 2 Post-quantum secure proof for a threshold ring signature. 1 generalize previous approaches and provide a black-box construction from any (post-quantum) trapdoor commitment scheme. 2 Uses Unruh Transformation to guarantee post-quantum security. 22 / 51

  23. Problem Description Current State of the Art Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Definitions Make a security model by giving adversary access to oracles. Captures active adversaries. Two security notions: unforgeability and anonymity. 23 / 51

  24. Problem Description Current State of the Art Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Anonymity and Unforgeability Training: ask queries KGen Sign Corrupt Register Anonymity: A picks: Unforgeability: A produces message message S 0 , S 1 with respect to a ring R , signature where | S 0 | = | S 1 | = t . ring A receives a signature from S b Fewer than t corrupted members in ( b = 0 or 1 ) and guesses b . R ∗ . S 0 , S 1 uncorrupted. 24 / 51

  25. Problem Description Current State of the Art Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Anonymity and Unforgeability Training: ask queries KGen Sign Corrupt Register Anonymity: A picks: Unforgeability: A produces message message S 0 , S 1 with respect to a ring R , signature where | S 0 | = | S 1 | = t . ring A receives a signature from S b Fewer than t corrupted members in ( b = 0 or 1 ) and guesses b . R ∗ . S 0 , S 1 uncorrupted. 24 / 51

  26. Problem Description Current State of the Art Definitions Our Contribution Post-Quantum Security Our Scheme Summary References Anonymity and Unforgeability Training: ask queries KGen Sign Corrupt Register Anonymity: A picks: Unforgeability: A produces message message S 0 , S 1 with respect to a ring R , signature where | S 0 | = | S 1 | = t . ring A receives a signature from S b Fewer than t corrupted members in ( b = 0 or 1 ) and guesses b . R ∗ . S 0 , S 1 uncorrupted. 24 / 51

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from Symmetric-Key Primitives David Derler , Sebastian Ramacher , Daniel Slamanig PQC rypto 18, April 9, 2018 1 Ring Signatures P

612 views • 27 slides
How to Share a Lattice Trapdoor: Threshold Protocols for Signatures and (H)IBE Rikke Bendlin, Sara

How to Share a Lattice Trapdoor: Threshold Protocols for Signatures and (H)IBE Rikke Bendlin, Sara

How to Share a Lattice Trapdoor: Threshold Protocols for Signatures and (H)IBE Rikke Bendlin, Sara Krehbiel , Chris Peikert Georgia Institute of Technology June 26, 2013 ACNS 2013, Banff, Alberta, Canada 1/11 Threshold Cryptography Setting: A

678 views • 39 slides
Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures without Trapdoors t Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 Beno 1 Ecole Normale Sup erieure de Lyon (France) 2

681 views • 33 slides
Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And Putting It All Together Lecture 12 Digital Signatures Digital Signatures Syntax: KeyGen, Sign SK and Verify VK . Security: Same experiment as MAC s,

1.72k views • 142 slides
Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976

Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976

Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976 Diffie Hellman: Public-key signatures would allow verification by anyone, not just signer. Cool! Can we build a signature system? 1977 Rivest

743 views • 33 slides
1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Digital Signatures have looked at message authentication but does not address issues of lack of trust Chapter 13 Digital Signatures digital signatures provide the ability to:

361 views • 3 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-03-10 1 Outline Recap: one-time signatures From EUF-naCMA security to EUF-CMA security Interlude: proof strategies Security proof

336 views • 20 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-02-18 1 Outline Logistics Overview Introduction Definition Security Security experiments Formal security definition Relations among

743 views • 58 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-02-18 1 Outline Logistics Overview Introduction Definition Security Security experiments Formal security definition Relations among

686 views • 64 slides
Step-out Ring Signatures Marek Klonowski, ukasz Krzywiecki, Mirosaw Kutyowski and Anna

Step-out Ring Signatures Marek Klonowski, ukasz Krzywiecki, Mirosaw Kutyowski and Anna

Introduction Construction Step-out Ring Signatures Marek Klonowski, ukasz Krzywiecki, Mirosaw Kutyowski and Anna Lauks Institute of Mathematics and Computer Science Wrocaw University of Technology MFCS 2008 25-29 August 2008, Toru

691 views • 34 slides
Designated Verifier Signatures: Attacks, New Definitions and Constructions Helger Lipmaa

Designated Verifier Signatures: Attacks, New Definitions and Constructions Helger Lipmaa

Estonian Theory Days, Koke, Estonia Designated Verifier Signatures: Attacks, New Definitions and Constructions Helger Lipmaa Helsinki University of Technology, Finland Guilin Wang and Feng Bao Institute of Infocomm Research, Singapore Koke,

732 views • 37 slides
Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties Signatures Signatures with various functionality/properties Constructions come in different flavors (well sample each flavor): Signatures

1.55k views • 131 slides
Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at rest and communication channels Security of Computation on Sensitive Inputs Secure multiparty computation (MPC) Differential privacy methods

595 views • 43 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-02-25 1 Outline Recap: security experiments Message space extension One-time signatures One-time signatures from one-way functions Digital

1.07k views • 48 slides
On the Security of Two-Round Multi-Signatures Manu Drijvers 1 , Kasra Edalatnejad 2 , Bryan Ford 2

On the Security of Two-Round Multi-Signatures Manu Drijvers 1 , Kasra Edalatnejad 2 , Bryan Ford 2

On the Security of Two-Round Multi-Signatures Manu Drijvers 1 , Kasra Edalatnejad 2 , Bryan Ford 2 , Eike Kiltz 3 , Julian Loss 3 , Gregory Neven 1 , Igors Stepanovs 4 1 DFINITY, 2 EPFL , 3 Ruhr-University Bochum, 4 UCSD Multi-signatures (pk 1 ,sk

635 views • 27 slides
Mariana Raykova Yale, Google Data Security: Encryption and Digital Signatures Beyond security

Mariana Raykova Yale, Google Data Security: Encryption and Digital Signatures Beyond security

Mariana Raykova Yale, Google Data Security: Encryption and Digital Signatures Beyond security of data at rest and communication channels Security of Computation on Sensitive Inputs Secure multiparty computation (MPC) Differential

848 views • 26 slides
Building Java Programs Chapter 5 Lecture 5-1: while Loops, Fencepost Loops, and Sentinel Loops

Building Java Programs Chapter 5 Lecture 5-1: while Loops, Fencepost Loops, and Sentinel Loops

Building Java Programs Chapter 5 Lecture 5-1: while Loops, Fencepost Loops, and Sentinel Loops reading: 5.1 5.2 1 2 A deceptive problem... Write a method printLetters that prints each letter from a word separated by commas. For

545 views • 20 slides
Implementation of a fluid model for the non-linear interaction between runaway electrons and

Implementation of a fluid model for the non-linear interaction between runaway electrons and

Summary Implementation of a fluid model for the non-linear interaction between runaway electrons and background plasma V. Bandaru 1 , M. Hoelzl 1 , G. Papp 1 , P. Aleynikov 2 , G. Huijsmans 3 1 Max-Planck-Institute for Plasma Physics, Garching,

555 views • 16 slides
Enhanced Robot Audition Based on Microphone Array Source Separation with Post-Filter Jean-Marc

Enhanced Robot Audition Based on Microphone Array Source Separation with Post-Filter Jean-Marc

Enhanced Robot Audition Based on Microphone Array Source Separation with Post-Filter Jean-Marc Valin , Jean Rouat, Franois Michaud Department of Electrical Engineering and Computer Engineering Universit de Sherbrooke, Qubec, Canada

417 views • 14 slides
Post-Quantum Authentication in TLS 1.3: A Performance Study Di Dimitr trios Sikeridis 1, 1,2 ,

Post-Quantum Authentication in TLS 1.3: A Performance Study Di Dimitr trios Sikeridis 1, 1,2 ,

NDSS 2020, February 26, 2020 Post-Quantum Authentication in TLS 1.3: A Performance Study Di Dimitr trios Sikeridis 1, 1,2 , Panos Kampanakis 2 , Michael Devetsikiotis 1 1 Dept. of Electrical and Computer Engineering, The University of New

795 views • 23 slides
Efficient Synthesis with Probabilistic Constraints Samuel Drews, Aws Albarghouthi, Loris

Efficient Synthesis with Probabilistic Constraints Samuel Drews, Aws Albarghouthi, Loris

Efficient Synthesis with Probabilistic Constraints Samuel Drews, Aws Albarghouthi, Loris DAntoni Probabilistic Correctness Properties x ~ Uniform([0, 1]) post := Pr[ P ( x ) = 1] > 0 1 P ( x ) := 0 x 0.2 ] 0 0.2 1 P (

469 views • 28 slides
Lead Generation Repeat and Referral from My Sphere of Influence Patrick Tuttle RE/MAX Real

Lead Generation Repeat and Referral from My Sphere of Influence Patrick Tuttle RE/MAX Real

Lead Generation Repeat and Referral from My Sphere of Influence Patrick Tuttle RE/MAX Real Estate Group El Paso, Texas 915-231-9994 www.PatrickTuttle.com Patrick@PatrickTuttle.com The Team Two licensed agents and one referral partner

224 views • 19 slides
Congratulations! You won a grant proposal ...now what? Post Doc

Congratulations! You won a grant proposal ...now what? Post Doc

Congratulations! You won a grant proposal ...now what? Post Doc Workshop April 19, 2017 Agenda Introduction Understanding the Environment Government Agency Award

747 views • 37 slides
INSTITUTIONAL EXEMPLARS: DIGITAL LEARNING IMPLEMENTATION STRATEGIES TO IMPROVE STUDENT SUCCESS

INSTITUTIONAL EXEMPLARS: DIGITAL LEARNING IMPLEMENTATION STRATEGIES TO IMPROVE STUDENT SUCCESS

INSTITUTIONAL EXEMPLARS: DIGITAL LEARNING IMPLEMENTATION STRATEGIES TO IMPROVE STUDENT SUCCESS The Personalized Learning Consortium at the Association of Public and Land-grant Universities Panelists: Fred Corey, Vice Provost for

349 views • 14 slides

More recommend