USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18 - PowerPoint PPT Presentation

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS E FFICIENT T WO -M OVE B LIND S IGNATURES IN THE C OMMON R EFERENCE S TRING M ODEL E. Ghadafi N.P. Smart Department of Computer Science, University of Bristol Information Security Conference – ISC 2012 E FFICIENT T WO -M OVE B LIND S IGNATURES . . .

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS O UTLINE B LIND S IGNATURES 1 S ECURITY M ODEL 2 R ELATED W ORK 3 O UR C ONSTRUCTION 4 E FFICIENCY C OMPARISON 5 O PEN P ROBLEMS 6 E FFICIENT T WO -M OVE B LIND S IGNATURES . . .

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS (T WO -M OVE ) B LIND S IGNATURES pk sk USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS (T WO -M OVE ) B LIND S IGNATURES pk sk Sig USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS A PPLICATIONS OF B LIND S IGNATURES Example applications: ◮ E-Cash: A bank signs a coin without learning its serial number (provides unlinkability between withdrawal and spend transactions). ◮ E-Voting: Authority certifies a ballot without learning its content. The client cannot vote for more than one candidate. ◮ Many other applications where anonymity/privacy or unlinkability are required (Anonymous Access Control, ... etc. ). E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 2 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS A LGORITHMS OF A B LIND S IGNATURE ◮ Setup − Setup BS ( 1 λ ) crs BS ← ◮ Key Generation ( sk BS , pk BS ) ← − KeyGen BS ( crs BS ) ◮ Signing ( ⊥ , σ ) ← − � Request BS ( pk BS , m ) , Issue BS ( sk BS ) � ◮ Verification 1 / 0 ← − Verify BS ( pk BS , m , σ ) E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 3 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS S ECURITY OF B LIND S IGNATURES ◮ Blindness [JLO97,PS00]: The Signer does not learn what message he is signing nor can he link a signature to its sign request. m 0 ,m 1 pk BS ,sk BS b {0,1} σ b Request BS ( pk BS ,m b ) Request BS ( pk BS ,m b ) σ 1-b Request BS ( pk BS ,m 1-b ) Request BS ( pk BS ,m 1-b ) (σ 0 ,σ 1 ) or ( , ) ⟂ ⟂ b * The adversary wins if b ∗ = b . • Malicious Keys [Oka06]: The adversary generates the keys. E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 4 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS S ECURITY OF B LIND S IGNATURES ◮ (Weak) Unforgeability [JLO97,PS00]: The User cannot output more signatures than the number of interactions with the signer. pk BS Issue BS (sk BS ) Issue BS (sk BS ) (n times) (m 1 ,σ 1 ),…,(m n+1 ,σ n+1 ) The adversary wins if all σ i verify and the messages are distinct. E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 5 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS R ELATED W ORK Some previous two-move constructions: ◮ Chaum 1983: using RSA signatures (ROM). ◮ Boldyreva 2003: using BLS signatures (ROM). ◮ Fischlin 2006: generic construction (CRS). ◮ Fuchsbauer 2009: special case instantiation of Fischlin 2006 (CRS). ◮ AHO 2010: efficient instantiation of Fischlin 2006 (CRS). ◮ MSF 2010: using Waters signatures in composite-order groups (CRS). ◮ Garg et al. 2011: generic construction (Standard Model). E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 6 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS O UR A PPROACH We follow the Blind-Unblind paradigm ... pk sk m m' m'←Blind(m,r) σ'← Sign(sk,m') USER SIGNER σ←Unblind(σ',r) However, we dispense with the need for random oracles by requiring a common reference string. E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 7 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS (P RIME -O RDER ) B ILINEAR G ROUPS G 1 , G 2 , G T are finite cyclic groups of prime order q , where G 1 = < P 1 > and G 2 = < P 2 > . Pairing ( e : G 1 × G 2 − → G T ) : The function e must have the following properties: ◮ Bilinearity: ∀ Q 1 ∈ G 1 , Q 2 ∈ G 2 x , y ∈ Z , we have e ([ x ] Q 1 , [ y ] Q 2 ) = e ( Q 1 , Q 2 ) xy . ◮ Non-Degeneracy: The value e ( P 1 , P 2 ) � = 1 generates G T . ◮ The function e is efficiently computable. Type-3 [GPS08]: G 1 � = G 2 and no efficiently computable isomorphism between G 1 and G 2 . E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 8 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS I NTRACTABILITY A SSUMPTIONS D EFINITION (LRSW A SSUMPTION [LRSW99]) Given ( X ← [ x ] P 2 , Y ← [ y ] P 2 ) and access to an oracle O X , Y ( · ) that, on input f i ∈ Z q outputs ( A i , B i , C i ) ← ( A i , [ y ] A i , [ x + f i · x · y ] A i ) , for some random A i ∈ G 1 , it is hard to output ( f ∗ , A ∗ , B ∗ , C ∗ ) where f ∗ / ∈ { f i } ∪ { 0 } . D EFINITION (B-LRSW A SSUMPTION [CMS09]) Given ( X ← [ x ] P 2 , Y ← [ y ] P 2 ) and access to an oracle O B X , Y ( · ) that, on input F i = [ f i ] P 1 ∈ G 1 outputs ( A i , B i , C i ) ← ( A i , [ y ] A i , [ x + f i · x · y ] A i ) , for some random A i ∈ G 1 , it is hard to output ( f ∗ , A ∗ , B ∗ , C ∗ ) where [ f ∗ ] P 1 / ∈ { F i } ∪ { 0 G 1 } . E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 9 / 18

USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18 - PowerPoint PPT Presentation

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS E FFICIENT T WO -M OVE B LIND S IGNATURES IN THE C OMMON R EFERENCE S TRING M ODEL E. Ghadafi N.P. Smart Department of Computer Science,

Simulating Space Use of Animals from RSF and SSF Johannes Signer ( signer_j) Wildlife

Towards Set and Forget DNSSEC The beginning of the end of key management? (The Poor Mans HSM

AFRINIC (r)DNSSEC Infrastructure ...and how we (silently) migrated a signer Amreesh Phokeer

Proficiency and Depiction entity or event (the signer uses space, articulators, face, body...)

2015 Group on Student Affairs Regional Meetings Mona M. Signer President and CEO April 2015

NRMP Update NRMP Update Mona M. Signer President and CEO AAMC Annual Meeting November 5, 2017

Is it difficult to create Intuitive user interfaces? Straight forward to do? user

UX/UI What is UX and UI? UX Process User Research User Research Creating User

DNSSEC Signer Switchover experience Alain Patrick AINA Former: AFRINIC NOW: WACREN

User Pays User Committee User Pays User Committee 8 th August 2011 1 2 Agenda

Assignment 5 groups of 3-4 students Purpose: learning to evaluate orga ganised nised

voice Kate Howland End-user programming? End-user programming? End-user programming?

user support user support Issues different types of support at different tim es im

-: U ser M an ual :- 1. First the office user after receiving their user id and password from

MinoTauro User Guide U http://www.bsc.es/user-support/mt.php Remember to include the necessary

Index How to design UI ? 1 User Interface Design II: Process User research 2 J.Serrat Paper

Pen- and Touch-Based Computing Agenda l Natural data types l Pen, Audio, Video l

Back to the Tablet Pen vs. mouse The Tablet PC: Designing The Tablet PC: Designing Pen- Pen

What is a good pen based application? The windows desktop and browser are HCI For Pen Based

ANNUAL GENERAL MEETING Row Nova Scotia February 15, 2017 AGENDA 1. CALL TO ORDER 2.

Identifying and inferring objects from textual descriptions of scenes from books Andrew

Scopen Capstone Project Presentation Byron Aguilar Boning Dong Cesar Gonzalez Team Leader

ProtoDUNE-DP Light Data Clara Cuesta on behalf of the CIEMAT team October, 31 st 2019 Photon

Modelling discontinuities in simulator output using Voronoi tessellations John Paul Gosling