1 Efficient Ring Signatures Without Random Oracles Hovav Shacham and Brent Waters.

Slides:

Advertisements

Similar presentations

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.

Advertisements

Perfect Non-interactive Zero-Knowledge for NP

Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.

Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.

New Results on PA/CCA Encryption Carmine Ventre and Ivan Visconti Università di Salerno.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.

Secret Handshakes from CA-Oblivious Encryption Asiacrypt 2004, Jeju-do, Korea Claude Castelluccia, Stanisław Jarecki, Gene Tsudik UC Irvine.

Non-interactive Zaps and New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Ring Signatures of Sub- linear Size without Random Oracles Nishanth Chandran Jens Groth Amit Sahai University of California Los Angeles TexPoint fonts.

Identity Based Encryption

A Designer’s Guide to KEMs Alex Dent

1 Queries on Encrypted Data Dan Boneh Brent Waters Stanford UniversitySRI.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Dan Boneh Brent Waters Stanford University SRI International.

Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Key Distribution CS 470 Introduction to Applied Cryptography

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.

1 Lecture 18: Security issues specific to security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.

Realizing Hash and Sign Signatures under Standard Assumptions Realizing Hash and Sign Signatures under Standard Assumptions Susan Hohenberger Johns Hopkins.

ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.

Fine-Tuning Groth-Sahai Proofs Alex Escala Scytl Secure Electronic Voting Jens Groth University College London.

Public-Key Encryption with Lazy Parties Kenji Yasunaga Institute of Systems, Information Technologies and Nanotechnologies (ISIT), Japan Presented at SCN.

(Multimedia University) Ji-Jian Chin Swee-Huay Heng Bok-Min Goi

Presented by Mike Scott

1 Hierarchical Identity-Based Encryption with Constant Size Ciphertext Dan Boneh, Xavier Boyen and Eu-Jin Goh Eurocrypt 2005 投影片製作：張淑慧.

Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup

Unified, Minimal and Selectively Randomizable Structure-Preserving Signatures Masayaki Abe, NTT Jens Groth, University College London Miyako Ohkubo, NICT.

The Generic Transformation from Standard Signatures to Identity-Based Aggregate Signatures Bei Liang, Hongda Li, Jinyong Chang.

1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.

Threshold PKC Shafi Goldwasser and Ran Canetti. Public Key Encryption [DH] A PKC consists of 3 PPT algorithms (G,E,D) - G(1 k ) outputs public key e,

Computer Science CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu.

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

Controlled Algebras and GII’s Ronald L. Rivest MIT CSAIL IPAM Workshop October 9, 2006.

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Digital Signatures, Message Digest and Authentication Week-9.

Delegation and Proxy Services in Digital Credential Environments Carlisle Adams School of Information Technology and Engineering University of Ottawa.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Privacy and Anonymity Using Mix Networks* Slides borrowed from Philippe Golle, Markus Jacobson.

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle Jessica Staddon Palo Alto Research Center Brent Waters Princeton University.

New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.

Polynomially Homomorphic Signatures Dan Boneh Stanford University Joint work with David Freeman.

A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F

Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

A Brief Introduction to Mix Networks Ari Juels RSA Laboratories © 2001, RSA Security Inc.

Almost Entirely Correct Mixing With Applications to Voting Philippe Golle Dan Boneh Stanford University.

1 Efficient Selective-ID IBE Without Random Oracle Dan Boneh Stanford University Xavier Boyen Voltage Security.

1/28 Chosen-Ciphertext Security from Identity- Based Encryption Jonathan Katz U. Maryland Ran Canetti, Shai Halevi IBM.

1 Compact Group Signatures Without Random Oracles Xavier Boyen and Brent Waters.

Pairing-Based Non-interactive Zero-Knowledge Proofs Jens Groth University College London Based on joint work with Amit Sahai.

ICICS2002, Singapore 1 A Group Signature Scheme Committing the Group Toru Nakanishi, Masayuki Tao, and Yuji Sugiyama Dept. of Communication Network Engineering.

Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

Perfect Non-interactive Zero-Knowledge for NP

Rishab Goyal Venkata Koppula Brent Waters

Short Pairing-based Non-interactive Zero-Knowledge Arguments

The power of Pairings towards standard model security

Cryptography Lecture 26.

How to Use Charm Crypto Lib

Presentation transcript:

1 Efficient Ring Signatures Without Random Oracles Hovav Shacham and Brent Waters

2 Alice’s Dilemma United Chemical Corporation

3 Option 1: Come Forward United Chemical Corporation

4 Option 1: Come Forward United Chemical Corporation Alice gets fired!

5 Option 2: Anonymous Letter United Chemical Corporation Lack of Credibility

6 Ring Signatures [RST’01]  Alice chooses a set of S public keys (that includes her own)  Signs a message M, on behalf of the “ring” of users  Integrity: Signed by some user in the set  Anonymity: Can’t tell which user signed

7 Ring Signature Solution United Chemical Corporation

8 Prior Work  Random Oracle Constructions RST (Introduced) DKNS (Constant Size  Generic [BKM’05] Formalized definitions  Open – Efficient Construction w/o Random Oracles

9 This work Waters’ Signatures GOS ’06 Style NIZK Techniques Efficient Group Signatures w/o ROs

10 Our Approach 1)GOS encrypt one of a set of public keys 2) Sign and GOS encrypt message 3) Prove encrypted signature under encrypted key

11 Bilinear groups of order N=pq [BGN’05]  G : group of order N=pq. (p,q) – secret. bilinear map: e: G  G  G T

12 BGN encryption, GOS NIZK [GOS’06]  Subgroup assumption: G  p G p  E(m) : r  Z N, C  g m (g p ) r  G  GOS NIZK: Statement: C  G Claim: “ C = E(0) or C = E(1) ’’ Proof:   G idea: IF: C = g  (g p ) r or C = (g p ) r THEN : e(C, Cg -1 ) = e(g p,g p ) r  (G T ) q

13 Upshot of GOS proofs  Prove well-formed in one subgroup  “Hidden” by the other subgroup

14 Waters’ Signature Scheme (Modified)  Global Setup: g, u’,u 1,…,u lg(n), 2 G, A=g a 2 G  Key-gen: Choose g b = PK, g ab = PrivKey  Sign (M): (s 1,s 2 ) = g ab (u’  k i =1 u M i ) r, g -r  Verify: e(s 1,g) e( s 2, u’  k i =1 u M i ) = e(A,g b )

15 Our Approach gb1gb1 gb2gb2 gb3gb3 gb3gb3  Alice encrypts her Waters PK  Alice encrypt signature  Prove signature verifies for encrypted key g ab (u’  ki=1 u Mi )r, g -r

16 A note on setup assumptions  Common reference string from N=pq for GOS proofs  Common Random String Linear Assumption -- GOS Crypto ’06 Upcoming work by Boyen ‘07  Open: Efficient Ring Signatures w/o setup assumptions

17 Conclusion  First efficient Ring Signatures w/o random oracles  Combined Waters’ signatures and GOS NIZKs Encrypted one of several PK’s  Open: Removing setup assumptions

18 THE END