Server-Aided Verification : Theory and Practice Source: ASIACRYPT 2005, LNCS 3788, pp. 605-623 Author: Marc Girault and David Lefranc Presenter: Chun-Yen.

Slides:

Advertisements

Similar presentations

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.

Advertisements

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.

Efficient Signature Generation by Smart Cards Suk Ki Kim Sunyeong Kim.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

A Pairing-Based Blind Signature

Tamper-Evident Digital Signatures: Protecting Certification Authorities Against Malware Jong Youl Choi Computer Science Dept. Indiana University at Bloomington.

Cryptography and Network Security

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Complexity 26-1 Complexity Andrei Bulatov Interactive Proofs.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker ： LIN, KENG-CHU.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.

1 CIS 5371 Cryptography 9. Data Integrity Techniques.

PSPACE  IP Proshanto Mukherji CSC 486 April 23, 2001.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

8. Data Integrity Techniques

Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Multimedia Communication and Information Logistics for AFTER-SALES AND PRODUCT LIFE- CYCLE SUPPORT Click to edit Master title style

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall

Bob can sign a message using a digital signature generation algorithm

CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

An Efficient and Secure Event Signature (EASES) Protocol for Peer-to-Peer Massively Multiplayer Online Games Mo-Che Chan, Shun-Yun Hu and Jehn-Ruey Jiang.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

Topic 22: Digital Schemes (2)

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

Fall 2004/Lecture 201 Cryptography CS 555 Lecture 20-b Zero-Knowledge Proof.

Cryptography Lecture 9 Stefan Dziembowski

Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

ASYNCHRONOUS LARGE-SCALE CERTIFICATION BASED ON CERTIFICATE VERIFICATION TREES Josep Domingo-Ferrer, Marc Alba and Francesc Sebé Dept. of Computer Engineering.

1 Reasoning about Concrete Security in Protocol Proofs A. Datta, J.Y. Halpern, J.C. Mitchell, R. Pucella, A. Roy.

1 A survey of the server-aided verification models.

A Quick Tour of Cryptographic Primitives Anupam Datta CMU Fall A: Foundations of Security and Privacy.

Linkability of Some Blind Signature Schemes Swee-Huay Heng 1, Wun-She Yap 1 Khoongming Khoo 2 1 Multimedia University, 2 DSO National Laboratories.

1 一個新的代理簽章法 A New Proxy Signature Scheme 作者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡報告者 : 郭淑娟.

Interactive proof systems Section 10.4 Giorgi Japaridze Theory of Computability.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.

A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

A New Provably Secure Certificateless Signature Scheme Date： Reporter:Chien-Wen Huang 出處 :2008 IEEE International Conference on Communications.

MSN lab1 A novel deniable authentication protocol using generalized ElGamal signature scheme Source: Information Sciences, vol. 177, pp , 2007.

多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date： Reporter: Chien-Wen Huang 出處: Networked Digital Technologies,

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

Complexity 24-1 Complexity Andrei Bulatov Interactive Proofs.

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.

Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System Source: Pairing 2007, LNCS 4575, pp.2-22, 2007 Author: Yong.

Certificateless Threshold Ring Signature Source: Information Sciences 179(2009) Author: Shuang Chang, Duncan S. Wong, Yi Mu, Zhenfeng Zhang Presenter:

Source: The Journal of Systems and Software, Vol. 73, 2004, pp.507–514

Section 4.6: Digital Signatures

Efficient Public-Key Distance Bounding

Digital Signatures…!.

A New Provably Secure Certificateless Signature Scheme

Presentation transcript:

Server-Aided Verification : Theory and Practice Source: ASIACRYPT 2005, LNCS 3788, pp Author: Marc Girault and David Lefranc Presenter: Chun-Yen Lee

First SAV Protocols for Pairing-Based Schemes Zhang, Safavi-Naini and Susilo – ZSNS signature scheme Boneh-Boyen signature schemes

First SAV Protocols for Pairing-Based Schemes Verifier checks if f is a public function I : public parameters including the public key (r, sigma): signature

First SAV Protocols for Pairing-Based Schemes Verifier

Proof Auxiliary completeness. Auxiliary soundness. Computational gain. Auxiliary non-repudiation.

Application to the ZSNS Signature Scheme Auxiliary completeness – Auxiliary non-repudiation – SAV construction allow the misbehaving prover to send any value. – Then, during the computation of, transmit the right value to – I is finally.

Application to the ZSNS Signature Scheme Signer – public parameters – public key U – private key x – signature Verifier

Application to the ZSNS Signature Scheme π : ZSNS signature scheme π* : generic protocol : verification of the equation

Lemma 2. – Assuming – if communicating with q H : hash oracle; q S : signing oracle – I be with a probability – q-BCAA problem (q ≥ q H + q S − 1 ) Application to the ZSNS Signature Scheme

S1 – A – l H S2 – makes a hash query – A answers w i and adds the couple (m i,w i ) in l H Application to the ZSNS Signature Scheme

S3 – A S H – makes a signing query m i if has been queried to the hash oracle – there exists a unique couple (m i,w i ) in l H ; – if,then A fails, otherwise A answers if has not been queried to the hash oracle – A answers – (m i,h i ) in l H ; h i in S H Application to the ZSNS Signature Scheme

S4 After making all the queries to the oracles – outputs a couple ( ). If & ( )is such that A sends to the value Otherwise, A fails and then stops S5 Finally, answers a value – If – A the couple ( ) Application to the ZSNS Signature Scheme

A end if : 1. S3, the messages queried to the signing oracle are all different from which occurs with a probability equal to 2.S4, If & ( )is such that – 3.S5, answers a value – Application to the ZSNS Signature Scheme

Conclusion 1.We have formalized the concept of a server- aided verification protocol. 2.We have analyzed in new model. 3.We have presented a generic SAV protocol for pairing-based schemes.