step out ring signatures
play

Step-out Ring Signatures Marek Klonowski, ukasz Krzywiecki, Mirosaw - PowerPoint PPT Presentation

Mar 24, 2024 •339 likes •691 views

Introduction Construction Step-out Ring Signatures Marek Klonowski, ukasz Krzywiecki, Mirosaw Kutyowski and Anna Lauks Institute of Mathematics and Computer Science Wrocaw University of Technology MFCS 2008 25-29 August 2008, Toru

  1. Introduction Construction Step-out Ring Signatures Marek Klonowski, Łukasz Krzywiecki, Mirosław Kutyłowski and Anna Lauks Institute of Mathematics and Computer Science Wrocław University of Technology MFCS 2008 25-29 August 2008, Toru´ n, Poland Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  2. Introduction Construction Introduction 1 Digital signatures Step-out Signatures Construction 2 Preliminaries Signature Creation Confession Procedure Step-out Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  3. Introduction Digital signatures Construction Step-out Signatures Digital Signatures Procedures : key setup: private key - for creating a signature public key - for verifying a signature creating a signature signature verification Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  4. Introduction Digital signatures Construction Step-out Signatures Digital Signatures Procedures : key setup: private key - for creating a signature public key - for verifying a signature creating a signature signature verification Signing M : Alice takes her private key k Alice and computes s := sign ( M , k Alice ) Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  5. Introduction Digital signatures Construction Step-out Signatures Digital Signatures Procedures : key setup: private key - for creating a signature public key - for verifying a signature creating a signature signature verification Signing M : Alice takes her private key k Alice and computes s := sign ( M , k Alice ) Verifying signature s of M : Bob takes the public key p Alice and checks if test ( s , M , p Alice ) = true Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  6. Introduction Digital signatures Construction Step-out Signatures Digital Signatures Properties: verification outcome is positive, if k Alice used for signature 1 creation and p Alice for verification, Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  7. Introduction Digital signatures Construction Step-out Signatures Digital Signatures Properties: verification outcome is positive, if k Alice used for signature 1 creation and p Alice for verification, test ( s , M , p Alice ) = false , if M has been changed after 2 creating signature s , Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  8. Introduction Digital signatures Construction Step-out Signatures Digital Signatures Properties: verification outcome is positive, if k Alice used for signature 1 creation and p Alice for verification, test ( s , M , p Alice ) = false , if M has been changed after 2 creating signature s , without the private key k Alice , it is infeasible to produce a 3 signature of Alice that is verified positively. Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  9. Introduction Digital signatures Construction Step-out Signatures Digital Signatures Properties: verification outcome is positive, if k Alice used for signature 1 creation and p Alice for verification, test ( s , M , p Alice ) = false , if M has been changed after 2 creating signature s , without the private key k Alice , it is infeasible to produce a 3 signature of Alice that is verified positively. So if test ( s , M , p Alice ) = true , then only the holder of k Alice (i.e. Alice) could produce s for message M . Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  10. Introduction Digital signatures Construction Step-out Signatures Ring Signatures Properties: the signer is within the group of potential signers called a 1 ring, Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  11. Introduction Digital signatures Construction Step-out Signatures Ring Signatures Properties: the signer is within the group of potential signers called a 1 ring, the signer uses his own private key and the public keys of 2 the other ring members to create a signature, Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  12. Introduction Digital signatures Construction Step-out Signatures Ring Signatures Properties: the signer is within the group of potential signers called a 1 ring, the signer uses his own private key and the public keys of 2 the other ring members to create a signature, for verification the public keys of the ring members are 3 used, Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  13. Introduction Digital signatures Construction Step-out Signatures Ring Signatures Properties: the signer is within the group of potential signers called a 1 ring, the signer uses his own private key and the public keys of 2 the other ring members to create a signature, for verification the public keys of the ring members are 3 used, it is infeasible to detect which ring member created a 4 signature. Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  14. Introduction Digital signatures Construction Step-out Signatures Ring Signatures Properties: the signer is within the group of potential signers called a 1 ring, the signer uses his own private key and the public keys of 2 the other ring members to create a signature, for verification the public keys of the ring members are 3 used, it is infeasible to detect which ring member created a 4 signature. the signer is perfectly hidden in the ring. 5 one cannot prevent being a member of a ring. 6 Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  15. Introduction Digital signatures Construction Step-out Signatures Malicious Application of Ring Signatures Leaking information A member of a group (i.e. a parliament commission) can leak a secret information to the press. The message is authenticated with a ring signature - with the commission members as the ring. Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  16. Introduction Digital signatures Construction Step-out Signatures Malicious Application of Ring Signatures Leaking information A member of a group (i.e. a parliament commission) can leak a secret information to the press. The message is authenticated with a ring signature - with the commission members as the ring. Properties one can easily check that some commission member has 1 signed it, and so the information is authentic, no investigation can reveal the information source. 2 Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  17. Introduction Digital signatures Construction Step-out Signatures Malicious Application of Ring Signatures Leaking information A member of a group (i.e. a parliament commission) can leak a secret information to the press. The message is authenticated with a ring signature - with the commission members as the ring. Properties one can easily check that some commission member has 1 signed it, and so the information is authentic, no investigation can reveal the information source. 2 As soon as public keys (e.g. RSA keys) of the commission members are published, nothing can prevent this scenario! Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  18. Introduction Digital signatures Construction Step-out Signatures Step-out Signatures – Target Applications Electronic auction Requirements: strong authentication and anonymity of the bids (also 1 against the auction manager), possibility of immediate withdrawal of the deposit 2 immediately after leaving the auction. Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  19. Introduction Digital signatures Construction Step-out Signatures Step-out Signatures – Target Applications Electronic auction Requirements: strong authentication and anonymity of the bids (also 1 against the auction manager), possibility of immediate withdrawal of the deposit 2 immediately after leaving the auction. Ring signatures? a ring signature authentication and anonymity, 1 however, there is no way to force the winner to reveal 2 himself! a useless solution ... Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  20. Introduction Digital signatures Construction Step-out Signatures Step-out Signatures Properties Anonymity: ring type signature: identity of the signer(s) is hidden among identities of non-signers in a ring. Confession procedure: the real signer can prove that he has participated in signature creation. Step-out procedure: a non-signer can prove that he has not participated in signature creation. Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  21. Introduction Digital signatures Construction Step-out Signatures Step-out Signatures Properties for auction protocol Strong anonymity: necessary for fairness of e-auctions. Confession procedure: the real signer of the winning bid can reveal himself against the auction. Step-out procedure: a non-signer of the highest bid can step out during the auction and withdraw the deposit. Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

  22. Preliminaries Introduction Signature Creation Construction Confession Procedure Step-out Discrete Logarithm DL hardness we use a cyclic group G such that computing g x is easy for each g , x given a random y , it is infeasible to find x such that y = g x . Secret keys Each user U has its private key x U selected at random the corresponding public key is y U = g x U , where g is a fixed generator of G . Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures

Recommend

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from Symmetric-Key Primitives David Derler , Sebastian Ramacher , Daniel Slamanig PQC rypto 18, April 9, 2018 1 Ring Signatures P

612 views • 27 slides
Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures without Trapdoors t Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 Beno 1 Ecole Normale Sup erieure de Lyon (France) 2

681 views • 33 slides
Threshold Ring Signatures: New Security Definitions and Post-Quantum Security Abida Haque ,

Threshold Ring Signatures: New Security Definitions and Post-Quantum Security Abida Haque ,

Problem Description Current State of the Art Our Contribution Our Scheme Summary References Threshold Ring Signatures: New Security Definitions and Post-Quantum Security Abida Haque , Alessandra Scafuro North Carolina State University May

736 views • 61 slides
Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties

Signatures Lecture 22 Signatures Signatures Signatures with various functionality/properties Signatures Signatures with various functionality/properties Constructions come in different flavors (well sample each flavor): Signatures

1.55k views • 131 slides
Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And

Digital Signatures Digital Signatures And Putting It All Together Digital Signatures And Putting It All Together Lecture 12 Digital Signatures Digital Signatures Syntax: KeyGen, Sign SK and Verify VK . Security: Same experiment as MAC s,

1.72k views • 142 slides
Identity Based Ring Signature Why, How, and What Next Sherman S.M. Chow Richard W.C. Lui Lucas

Identity Based Ring Signature Why, How, and What Next Sherman S.M. Chow Richard W.C. Lui Lucas

Identity Based Ring Signature Why, How, and What Next Sherman S.M. Chow Richard W.C. Lui Lucas C.K. Hui S.M. Yiu The University of Hong Kong Outline Introduction PKI vs ID-based Ring Signatures Technical Preliminaries

1.81k views • 29 slides
Ring Signatures Monero Oct. 14, 2019 Overview Privacy Hierarchy Monero Secretly

Ring Signatures Monero Oct. 14, 2019 Overview Privacy Hierarchy Monero Secretly

Ring Signatures Monero Oct. 14, 2019 Overview Privacy Hierarchy Monero Secretly signing a transaction Secretly receiving a transaction Privacy Hierarchy Everything open Bitcoin Pseudonymous, amount open Privacy Hierarchy

911 views • 45 slides
Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from

Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from

Motivation Research Question Results Conclusion Notes Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from Standard Signatures Siamak Shahandashti 1 Rei Safavi-Naini 2 1 SCSSE & CCISR, Uni

465 views • 46 slides
An Exploration of Group and Ring Signatures Sarah Meiklejohn ! ! ! ! UC San Diego Research

An Exploration of Group and Ring Signatures Sarah Meiklejohn ! ! ! ! UC San Diego Research

An Exploration of Group and Ring Signatures Sarah Meiklejohn ! ! ! ! UC San Diego Research Exam 4 February 2011 1 A real-world problem 2 A real-world problem 2 A real-world problem I need to tell the others! 2 A real-world problem

1.62k views • 158 slides
1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Digital Signatures have looked at message authentication but does not address issues of lack of trust Chapter 13 Digital Signatures digital signatures provide the ability to:

361 views • 3 slides
Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils

Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils

Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys Nils Fleischhacker Johannes Krupp Giulio Malavolta Jonas Schneider Dominique Schr oder Mark Simkin March 7, 2016 Sanitizable Signatures

577 views • 46 slides
min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A

min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A

a i a j a i , a j a j , a i min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A parallel compare-exchange operation. Processes P i and P j send their elements to each other. Process P i keeps min { a i ,

372 views • 22 slides
Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s

Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s

Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s users require only secretkeys users require n 2 secretkeys Privately verifiable and non-transferable Same signature

764 views • 53 slides
Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all

Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all

Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all customary information forms to Preparation and adoption of Convening and submission Submission of Application Ste land owned by ILG obtain

1.23k views • 4 slides
Leptophilic Higgs Leptophilic Higgs Signatures at the LHC Signatures at the LHC (And the

Leptophilic Higgs Leptophilic Higgs Signatures at the LHC Signatures at the LHC (And the

Leptophilic Higgs Leptophilic Higgs Signatures at the LHC Signatures at the LHC (And the Importance of Leptonic Decays for Higgs Discovery) Brooks Thomas (The University of Arizona) Shufang Su & BT [arXiv:0903.0667] What do we know about

375 views • 26 slides
Using RtI for SLD eligibility: Using RtI for SLD eligibility: Step by step procedures Step by

Using RtI for SLD eligibility: Using RtI for SLD eligibility: Step by step procedures Step by

Using RtI for SLD eligibility: Using RtI for SLD eligibility: Step by step procedures Step by step procedures Webster Groves School District 2009 Response to Intervention (RtI) is a comprehensive early detection and prevention strategy

688 views • 23 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-02-25 1 Outline Recap: security experiments Message space extension One-time signatures One-time signatures from one-way functions Digital

1.07k views • 48 slides
Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976

Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976

Proving tight security for Rabin-Williams signatures D. J. Bernstein Public-key signatures 1976 Diffie Hellman: Public-key signatures would allow verification by anyone, not just signer. Cool! Can we build a signature system? 1977 Rivest

743 views • 33 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-03-03 1 Outline Why assumptions? Efficient one-time signatures Digital Signatures 2020-03-03 2 Recap: Lamport EUF-1-CMA secure

1.14k views • 37 slides
Virtual ring routing Virtual ring routing Some slides from http://

Virtual ring routing Virtual ring routing Some slides from http://

Virtual ring routing Virtual ring routing Some slides from http:// research.microsoft.com/en-us/um/people/antr/vrr- sigcomm06.ppt 123 VRR: the virtual ring VRR: the virtual ring topology-independent 0 FFF node identifiers, e.g., MAC

694 views • 18 slides
o o o o Step 1:

o o o o Step 1:

o o o o Step 1: Bachelor of Laws (Western Sydney School of Law) Step 2: Professional Legal Training (College of Law et ors) Step 3: Admission to the Supreme

366 views • 14 slides
Ring A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring Study: Background Study Design:

Ring A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring Study: Background Study Design:

A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring Study: Background Study Design: Ring Background : Randomized, double-blind, phase 3, placebo-controlled trial of a

341 views • 6 slides
Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD.,

Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD.,

Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD., DTM&H., MCTM. Surveillance and Investigation Section Bureau of Epidemiology, Department of Disease Control Ministry of Public Health, Thailand

1.27k views • 83 slides
The Petition 11 614 signatures so far, on-line and hard copy Raised in Parliament by Jacob

The Petition 11 614 signatures so far, on-line and hard copy Raised in Parliament by Jacob

The Petition 11 614 signatures so far, on-line and hard copy Raised in Parliament by Jacob Rees-Mogg Submitted to 10 Downing Street 21 March www.change.org Geographical spread of signatures Distribution of Signatures Bath East of

483 views • 13 slides

More recommend