Catálogo de publicaciones - libros


Advances in Cryptology: ASIACRYPT 2005: 11th International Conference on the Theory and Application of Cryptology and Information Security, Chennai, India, December 4-8, 2005, Proceedings

Bimal Roy (eds.)

En conferencia: 11º International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT) . Chennai, India . December 4, 2005 - December 8, 2005

Resumen/Descripción – provisto por la editorial

No disponible.

Palabras clave – provistas por la editorial

Coding and Information Theory; Data Encryption; Operating Systems; Algorithm Analysis and Problem Complexity; Management of Computing and Information Systems; Computer Communication Networks

Disponibilidad
Institución detectada Año de publicación Navegá Descargá Solicitá
No detectada 2005 SpringerLink

Información

Tipo de recurso:

libros

ISBN impreso

978-3-540-30684-9

ISBN electrónico

978-3-540-32267-2

Editor responsable

Springer Nature

País de edición

Reino Unido

Fecha de publicación

Información sobre derechos de publicación

© Springer-Verlag Berlin Heidelberg 2005

Tabla de contenidos

A Simple Threshold Authenticated Key Exchange from Short Secrets

Michel Abdalla; Olivier Chevassut; Pierre-Alain Fouque; David Pointcheval

This paper brings the password-based authenticated key exchange (PAKE) problem closer to practice. It takes into account the presence of firewalls when clients communicate with authentication servers. An authentication server can indeed be seen as two distinct entities, namely a gateway (which is the direct interlocutor of the client) and a back-end server (which is the only one able to check the identity of the client). The goal in this setting is to achieve both transparency and security for the client. And to achieve these goals, the most appropriate choices seem to be to keep the client’s password private even from the back-end server and use threshold-based cryptography. In this paper, we present the Threshold Password-based Authenticated Key Exchange ( GTPAKE ) system: GTPAKE uses a pair of public/private keys and, unlike traditional threshold-based constructions, shares only the private key among the servers. The system does no require any certification except during the registration and update of clients’ passwords since clients do not use the public-key to authenticate to the gateway. Clients only need to have their password in hand. In addition to client security, this paper also presents highly-desirable security properties such as server password protection against dishonest gateways and key privacy against curious authentication servers.

Palabras clave: Threshold Protocols; Password-based Authentication.

- Key Agreement | Pp. 566-584

Examining Indistinguishability-Based Proof Models for Key Establishment Protocols

Kim-Kwang Raymond Choo; Colin Boyd; Yvonne Hitchcock

We examine various indistinguishability-based proof models for key establishment protocols, namely the Bellare & Rogaway (1993, 1995), the Bellare, Pointcheval, & Rogaway (2000), and the Canetti & Krawczyk (2001) proof models. We then consider several variants of these proof models, identify several subtle differences between these variants and models, and compare the relative strengths of the notions of security between the models. For each of the pair of relations between the models (either an implication or a non-implication), we provide proofs or counter-examples to support the observed relations. We also reveal a drawback with the original formulation of the Bellare, Pointcheval, & Rogaway (2000) model, whereby the Corrupt query is not allowed.

- Key Agreement | Pp. 585-604

Server-Aided Verification: Theory and Practice

Marc Girault; David Lefranc

We introduce the server-aided verification (SAV) concept, which consists in speeding up the verification step of an authentication/signature scheme, by delegating a substantial part of computations to a powerful (but possibly untrusted) server. After giving some motivations for designing SAV protocols, we provide a simple but realistic model, which captures most situations one can meet in practice (note that this model is much more general than the one recently proposed by Hohenberger and Lysyanskaya, who require the server to be made of two softwares which do not communicate with each other [14]). Then, we analyze and prove in this model the security of two existing SAV protocols, namely the Lim-Lee [15] modification of Schnorr scheme [28] and the Girault-Quisquater variant [10] of GPS scheme [7,24]. Finally, we propose a generic method for designing SAV versions of schemes based on bilinear maps, which can be applied to the Boneh-Boyen signature schemes [3], the Zhang-Safavi-Naini-Susilo [32] signature scheme and the Shao-Lu-Cao identification scheme [30].

Palabras clave: identification protocol; digital signature; interactive proof; zero-knowledge; discrete logarithm; non-repudiation; bilinear map; pairing.

- Provable Security | Pp. 605-623

Errors in Computational Complexity Proofs for Protocols

Kim-Kwang Raymond Choo; Colin Boyd; Yvonne Hitchcock

Proofs are invaluable tools in assuring protocol implementers about the security properties of protocols. However, several instances of undetected flaws in the proofs of protocols (resulting in flawed protocols) undermine the credibility of provably-secure protocols. In this work, we examine several protocols with claimed proofs of security by Boyd & González Nieto (2003), Jakobsson & Pointcheval (2001), and Wong & Chan (2001), and an authenticator by Bellare, Canetti, & Krawczyk (1998). Using these protocols as case studies, we reveal previously unpublished flaws in these protocols and their proofs. We hope our analysis will enable similar mistakes to be avoided in the future.

Palabras clave: Signature Scheme; Oracle Query; Malicious Adversary; Corrupt Query; CK2001 Model.

- Provable Security | Pp. 624-643

Universal Designated Verifier Signature Proof (or How to Efficiently Prove Knowledge of a Signature)

Joonsang Baek; Reihaneh Safavi-Naini; Willy Susilo

Proving knowledge of a signature has many interesting applications. As one of them, the Universal Designated Verifier Signature (UDVS), introduced by Steinfeld et al. in Asiacrypt 2003 aims to protect a signature holder’s privacy by allowing him to convince a verifier that he holds a valid signature from the signer without revealing the signature itself. The essence of the UDVS is a transformation from a publicly verifiable signature to a designated verifier signature, which is performed by the signature holder who does not have access to the signer’s secret key. However, one significant inconvenience of all the previous UDVS schemes considered in the literature is that they require the designated verifier to create a public key using the signer’s public key parameter and have it certified to ensure the resulting public key is compatible with the setting that the signer provided. This restriction is unrealistic in several situations where the verifier is not willing to go through such setup process. In this paper, we resolve this problem by introducing a new type of UDVS. Different from previous approach to UDVS, our new UDVS solution, which we call “Universal Designated Verifier Signature Proof (UDVSP)”, employs an interactive protocol between the signature holder and the verifier while maintaining high level of efficiency . We provide a formal model and security notions for UDVSP and give two constructions based on the bilinear pairings. We prove that the first construction is secure in the random oracle model and so is the second one in the standard model.

Palabras clave: Signature Scheme; Random Oracle; Bilinear Pairing; Valid Signature; Random Oracle Model.

- Signatures | Pp. 644-661

Efficient Designated Confirmer Signatures Without Random Oracles or General Zero-Knowledge Proofs

Craig Gentry; David Molnar; Zulfikar Ramzan

Most prior designated confirmer signature schemes either prove security in the random oracle model (ROM) or use general zero-knowledge proofs for NP statements (making them impractical). By slightly modifying the definition of designated confirmer signatures, Goldwasser and Waisbard presented an approach in which the Confirm and ConfirmedSign protocols could be implemented without appealing to general zero-knowledge proofs for NP statements (their “Disavow” protocol still requires them). The Goldwasser-Waisbard approach could be instantiated using Cramer-Shoup, GMR, or Gennaro-Halevi-Rabin signatures. In this paper, we provide an alternate generic transformation to convert any signature scheme into a designated confirmer signature scheme, without adding random oracles. Our key technique involves the use of a signature on a commitment and a separate encryption of the random string used for commitment. By adding this “layer of indirection,” the underlying protocols in our schemes admit efficient instantiations (i.e., we can avoid appealing to general zero-knowledge proofs for NP statements) and furthermore the performance of these protocols is not tied to the choice of underlying signature scheme. We illustrate this using the Camenisch-Shoup variation on Paillier’s cryptosystem and Pedersen commitments. The confirm protocol in our resulting scheme requires 10 modular exponentiations (compared to 320 for Goldwasser-Waisbard) and our disavow protocol requires 41 modular exponentiations (compared to using a general zero-knowledge proof for Goldwasser-Waisbard). Previous schemes use the “encryption of a signature” paradigm, and thus run into problems when trying to implement the “confirm” and “disavow” protocols efficiently.

Palabras clave: Encryption Scheme; Signature Scheme; Random Oracle; Discrete Logarithm; Commitment Scheme.

- Signatures | Pp. 662-681

Universally Convertible Directed Signatures

Fabien Laguillaumie; Pascal Paillier; Damien Vergnaud

Many variants of Chaum and van Antwerpen’s undeniable signatures have been proposed to achieve specific properties desired in real-world applications of cryptography. Among them, directed signatures were introduced by Lim and Lee in 1993. Directed signatures differ from the well-known confirmer signatures in that the signer has the simultaneous abilities to confirm, deny and individually convert a signature. The universal conversion of these signatures has remained an open problem since their introduction in 1993. This paper provides a positive answer to this quest by showing a very efficient design for universally convertible directed signatures (UCDS) both in terms of computational complexity and signature size. Our construction relies on the so-called xyz -trick applicable to bilinear map groups. We define proper security notions for UCDS schemes and show that our construction is secure in the random oracle model, under computational assumptions close to the CDH and DDH assumptions. Finally, we introduce and realize traceable universally convertible directed signatures where a master tracing key allows to link signatures to their direction.

Palabras clave: Signature Scheme; Random Oracle; Directed Signature; Random Oracle Model; Public Parameter.

- Signatures | Pp. 682-701