USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18 - PowerPoint PPT Presentation

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS E FFICIENT T WO -M OVE B LIND S IGNATURES IN THE C OMMON R EFERENCE S TRING M ODEL E. Ghadafi N.P. Smart Department of Computer Science, University of Bristol Information Security Conference – ISC 2012 E FFICIENT T WO -M OVE B LIND S IGNATURES . . .

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS O UTLINE B LIND S IGNATURES 1 S ECURITY M ODEL 2 R ELATED W ORK 3 O UR C ONSTRUCTION 4 E FFICIENCY C OMPARISON 5 O PEN P ROBLEMS 6 E FFICIENT T WO -M OVE B LIND S IGNATURES . . .

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS (T WO -M OVE ) B LIND S IGNATURES pk sk USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS (T WO -M OVE ) B LIND S IGNATURES pk sk Sig USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS A PPLICATIONS OF B LIND S IGNATURES Example applications: ◮ E-Cash: A bank signs a coin without learning its serial number (provides unlinkability between withdrawal and spend transactions). ◮ E-Voting: Authority certifies a ballot without learning its content. The client cannot vote for more than one candidate. ◮ Many other applications where anonymity/privacy or unlinkability are required (Anonymous Access Control, ... etc. ). E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 2 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS A LGORITHMS OF A B LIND S IGNATURE ◮ Setup − Setup BS ( 1 λ ) crs BS ← ◮ Key Generation ( sk BS , pk BS ) ← − KeyGen BS ( crs BS ) ◮ Signing ( ⊥ , σ ) ← − � Request BS ( pk BS , m ) , Issue BS ( sk BS ) � ◮ Verification 1 / 0 ← − Verify BS ( pk BS , m , σ ) E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 3 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS S ECURITY OF B LIND S IGNATURES ◮ Blindness [JLO97,PS00]: The Signer does not learn what message he is signing nor can he link a signature to its sign request. m 0 ,m 1 pk BS ,sk BS b {0,1} σ b Request BS ( pk BS ,m b ) Request BS ( pk BS ,m b ) σ 1-b Request BS ( pk BS ,m 1-b ) Request BS ( pk BS ,m 1-b ) (σ 0 ,σ 1 ) or ( , ) ⟂ ⟂ b * The adversary wins if b ∗ = b . • Malicious Keys [Oka06]: The adversary generates the keys. E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 4 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS S ECURITY OF B LIND S IGNATURES ◮ (Weak) Unforgeability [JLO97,PS00]: The User cannot output more signatures than the number of interactions with the signer. pk BS Issue BS (sk BS ) Issue BS (sk BS ) (n times) (m 1 ,σ 1 ),…,(m n+1 ,σ n+1 ) The adversary wins if all σ i verify and the messages are distinct. E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 5 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS R ELATED W ORK Some previous two-move constructions: ◮ Chaum 1983: using RSA signatures (ROM). ◮ Boldyreva 2003: using BLS signatures (ROM). ◮ Fischlin 2006: generic construction (CRS). ◮ Fuchsbauer 2009: special case instantiation of Fischlin 2006 (CRS). ◮ AHO 2010: efficient instantiation of Fischlin 2006 (CRS). ◮ MSF 2010: using Waters signatures in composite-order groups (CRS). ◮ Garg et al. 2011: generic construction (Standard Model). E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 6 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS O UR A PPROACH We follow the Blind-Unblind paradigm ... pk sk m m' m'←Blind(m,r) σ'← Sign(sk,m') USER SIGNER σ←Unblind(σ',r) However, we dispense with the need for random oracles by requiring a common reference string. E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 7 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS (P RIME -O RDER ) B ILINEAR G ROUPS G 1 , G 2 , G T are finite cyclic groups of prime order q , where G 1 = < P 1 > and G 2 = < P 2 > . Pairing ( e : G 1 × G 2 − → G T ) : The function e must have the following properties: ◮ Bilinearity: ∀ Q 1 ∈ G 1 , Q 2 ∈ G 2 x , y ∈ Z , we have e ([ x ] Q 1 , [ y ] Q 2 ) = e ( Q 1 , Q 2 ) xy . ◮ Non-Degeneracy: The value e ( P 1 , P 2 ) � = 1 generates G T . ◮ The function e is efficiently computable. Type-3 [GPS08]: G 1 � = G 2 and no efficiently computable isomorphism between G 1 and G 2 . E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 8 / 18

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS I NTRACTABILITY A SSUMPTIONS D EFINITION (LRSW A SSUMPTION [LRSW99]) Given ( X ← [ x ] P 2 , Y ← [ y ] P 2 ) and access to an oracle O X , Y ( · ) that, on input f i ∈ Z q outputs ( A i , B i , C i ) ← ( A i , [ y ] A i , [ x + f i · x · y ] A i ) , for some random A i ∈ G 1 , it is hard to output ( f ∗ , A ∗ , B ∗ , C ∗ ) where f ∗ / ∈ { f i } ∪ { 0 } . D EFINITION (B-LRSW A SSUMPTION [CMS09]) Given ( X ← [ x ] P 2 , Y ← [ y ] P 2 ) and access to an oracle O B X , Y ( · ) that, on input F i = [ f i ] P 1 ∈ G 1 outputs ( A i , B i , C i ) ← ( A i , [ y ] A i , [ x + f i · x · y ] A i ) , for some random A i ∈ G 1 , it is hard to output ( f ∗ , A ∗ , B ∗ , C ∗ ) where [ f ∗ ] P 1 / ∈ { F i } ∪ { 0 G 1 } . E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 9 / 18

USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18 - PowerPoint PPT Presentation

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS E FFICIENT T WO -M OVE B LIND S IGNATURES IN THE C OMMON R EFERENCE S TRING M ODEL E. Ghadafi N.P. Smart Department of Computer Science,

Simulating Space Use of Animals from RSF and SSF Johannes Signer ( signer_j) Wildlife

Towards Set and Forget DNSSEC The beginning of the end of key management? (The Poor Mans HSM

AFRINIC (r)DNSSEC Infrastructure ...and how we (silently) migrated a signer Amreesh Phokeer

Proficiency and Depiction entity or event (the signer uses space, articulators, face, body...)

2015 Group on Student Affairs Regional Meetings Mona M. Signer President and CEO April 2015

NRMP Update NRMP Update Mona M. Signer President and CEO AAMC Annual Meeting November 5, 2017

Is it difficult to create Intuitive user interfaces? Straight forward to do? user

UX/UI What is UX and UI? UX Process User Research User Research Creating User

DNSSEC Signer Switchover experience Alain Patrick AINA Former: AFRINIC NOW: WACREN

User Pays User Committee User Pays User Committee 8 th August 2011 1 2 Agenda

Assignment 5 groups of 3-4 students Purpose: learning to evaluate orga ganised nised

voice Kate Howland End-user programming? End-user programming? End-user programming?

user support user support Issues different types of support at different tim es im

-: U ser M an ual :- 1. First the office user after receiving their user id and password from

MinoTauro User Guide U http://www.bsc.es/user-support/mt.php Remember to include the necessary

Index How to design UI ? 1 User Interface Design II: Process User research 2 J.Serrat Paper

MOTIVATIONAL ELEMENTS IN USER INSTRUCTIONS Joyce Karreman User instructions Goal of user

3 User Interface Principles From Code to Product gidgreen.com/course User Interface The

SUMMARY Why d y does NM h have an n Oil & & Gas Commission a and nd R Rul ules?

MAST ONLINE USER GROUP 24 JUNE 2020 USER GROUP WILL BEGIN AT 2PM AGENDA What does MAST

User-Centered Design Why User-Centered Design is important Ways to involve the user in the

User-Centered Design Why User-Centered Design is important Ways to involve the user in the

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR

Dont guess your user needs: start with what we know Hi! Richard Smith Lead User Researcher

USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18 - PowerPoint PPT Presentation

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS E FFICIENT T WO -M OVE B LIND S IGNATURES IN THE C OMMON R EFERENCE S TRING M ODEL E. Ghadafi N.P. Smart Department of Computer Science,

Simulating Space Use of Animals from RSF and SSF Johannes Signer ( signer_j) Wildlife

Towards Set and Forget DNSSEC The beginning of the end of key management? (The Poor Mans HSM

AFRINIC (r)DNSSEC Infrastructure ...and how we (silently) migrated a signer Amreesh Phokeer

Proficiency and Depiction entity or event (the signer uses space, articulators, face, body...)

2015 Group on Student Affairs Regional Meetings Mona M. Signer President and CEO April 2015

NRMP Update NRMP Update Mona M. Signer President and CEO AAMC Annual Meeting November 5, 2017

Is it difficult to create Intuitive user interfaces? Straight forward to do? user

UX/UI What is UX and UI? UX Process User Research User Research Creating User

DNSSEC Signer Switchover experience Alain Patrick AINA Former: AFRINIC NOW: WACREN

User Pays User Committee User Pays User Committee 8 th August 2011 1 2 Agenda

Assignment 5 groups of 3-4 students Purpose: learning to evaluate orga ganised nised

voice Kate Howland End-user programming? End-user programming? End-user programming?

user support user support Issues different types of support at different tim es im

-: U ser M an ual :- 1. First the office user after receiving their user id and password from

MinoTauro User Guide U http://www.bsc.es/user-support/mt.php Remember to include the necessary

Index How to design UI ? 1 User Interface Design II: Process User research 2 J.Serrat Paper

MOTIVATIONAL ELEMENTS IN USER INSTRUCTIONS Joyce Karreman User instructions Goal of user

3 User Interface Principles From Code to Product gidgreen.com/course User Interface The

SUMMARY Why d y does NM h have an n Oil &amp; &amp; Gas Commission a and nd R Rul ules?

MAST ONLINE USER GROUP 24 JUNE 2020 USER GROUP WILL BEGIN AT 2PM AGENDA What does MAST

User-Centered Design Why User-Centered Design is important Ways to involve the user in the

User-Centered Design Why User-Centered Design is important Ways to involve the user in the

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR

Dont guess your user needs: start with what we know Hi! Richard Smith Lead User Researcher

SUMMARY Why d y does NM h have an n Oil & & Gas Commission a and nd R Rul ules?