Strong Accumulators from CollisionResistant Hashing


 Arron Lane
 1 years ago
 Views:
Transcription
1 Strong Accumulators from CollisionResistant Hashing ISC 2008 Taipei  Taiwan Philippe Camacho (University of Chile Alejandro Hevia (University of Chile Marcos Kiwi (University of Chile Roberto Opazo (CEO Acepta.com
2 Outline Notion of accumulator Motivation einvoice Factoring Our construction Conclusion
3 Notion of accumulator Problem A set X. Given an element x we wish to prove that this element belongs or not to X. Let X={x 1,x 2,,x n }: X will be represented by a short value Acc. Belongs(Acc,x,w = True x belongs to X. Witness
4 Notion of accumulator Accumulator Manager Computes setup values. Computes the accumulated value Acc. Computes the witness w x for a given x. Accumulator Users Check that an element belongs or not to the set, using Acc, w x and x.
5 Applications Timestamping [BeMa94] Certificate Revocation List [LLX07] Anonymous credentials [CamLys02] ECash [AWSM07] Broadcast Encryption [GeRa04]
6 Nothing to see with Number Theory! Factoring Industry in Chile Factoring Entity Provider (Milk seller Client (Supermarket
7 Nothing to see with Number Theory! Factoring Industry in Chile Factoring Entity Provider (Milk seller 1 I want (a lot of milk now *. Client (Supermarket (* but I do not want to pay yet.
8 Nothing to see with Number Theory! Factoring Industry in Chile Factoring Entity Provider (Milk seller 1 I want (a lot of milk now *. 2 Here is your milk. Client (Supermarket (* but I do not want to pay yet.
9 Nothing to see with Number Theory! Factoring Industry in Chile Factoring Entity 3 Please pay the invoice. Provider (Milk seller 1 I want (a lot of milk now *. 2 Here is your milk. Client (Supermarket (* but I do not want to pay yet.
10 Nothing to see with Number Theory! Factoring Industry in Chile Factoring Entity 3 Please pay the invoice. 4 Here is your money (**. Provider (Milk seller 1 I want (a lot of milk now *. 2 Here is your milk. Client (Supermarket (* but I do not want to pay yet. (** minus a fee.
11 Nothing to see with Number Theory! Factoring Industry in Chile Factoring Entity 3 Please pay the invoice. 4 Here is your money (**. 5 It s time to pay. Provider (Milk seller 1 I want (a lot of milk now *. 2 Here is your milk. Client (Supermarket (* but I do not want to pay yet. (** minus a fee.
12 Nothing to see with Number Theory! Factoring Industry in Chile Factoring Entity 3 Please pay the invoice. 4 Here is your money (**. 5 It s time to pay. 6 Here is the money. Provider (Milk seller 1 I want (a lot of milk now *. 2 Here is your milk. Client (Supermarket (* but I do not want to pay yet. (** minus a fee.
13 The Problem A malicious provider could send the same invoice to various Factoring Entities. Then he leaves to a far away country with all the money. Later, several Factoring Entities will try to charge the invoice to the same client. Losts must be shared
14 Solution with Factoring Authority Factoring Authority (4 Is there the invoice? (5 YES / NO FE 1 FE 2 FE i FE n (3 Invoice, Ack Provider (1 Invoice (2 Ack Client
15 Caveat This solution is quite simple. However Trusted Factoring Authority is needed. Can we remove this requirement?
16 Properties Dynamic Allows insertion/deletion of elements. Universal Allows proofs of membership and nonmembership. Strong No need to trust in the Accumulator Manager.
17 Prior work Dynamic Strong Universal Security Efficiency (witness size Note [BeMa94] RSA + RO O(1 First definition [BarPfi97] Strong RSA O(1  [CamLys02] Strong RSA O(1 First dynamic accumulator [LLX07] Strong RSA O(1 First universal accumultor [AWSM07] Pairings O(1 Ecash [WWP08] estrong RSA Paillier O(1 Batch Update
18 Prior work Dynamic Strong Universal Security Efficiency (witness size Note [BeMa94] RSA + RO O(1 First definition [BarPfi97] Strong RSA O(1  [CamLys02] Strong RSA O(1 First dynamic accumulator [LLX07] Strong RSA O(1 First universal accumultor [AWSM07] Pairings O(1 Ecash [WWP08] estrong RSA Paillier O(1 Batch Update [CHKO08] CollisionResistant Hashing O(ln(n Our work
19 Notation H: {0,1}* {0,1} k randomly chosen function from a family of collisionresistant hash functions. x 1,x 2,x 3, є {0,1} k x 1 < x 2 < x 3 < where < is the lexicographic order on binary strings. , Special values such that For all x є {0,1} k :  < x < denotes the concatenation operator.
20 Ideas Merkletrees P=H(Z 1 Z 2 Root value: Z 1 =H(Y 1 Y 2 Z 2 =H(Y 3 Y 4 Represents the set {x 1,,x 8 } Y 1 =H(x 4 x 1 Y 2 =H(x 5 x 6 Y 3 =H(x 2 x 8 Y 4 =H(x 7 x 3 x 4 x 1 x 5 x 6 x 2 x 8 x 7 x 3
21 Ideas Merkletrees P=H(Z 1 Z 2 Root value: Represents the set {x 1,,x 8 } Z 1 =H(Y 1 Y 2 Z 2 =H(Y 3 Y 4 Y 1 =H(x 4 x 1 Y 2 =H(x 5 x 6 Y 3 =H(x 2 x 8 Y 4 =H(x 7 x 3 O(ln(n x 4 x 1 x 5 x 6 x 2 x 8 x 7 x 3
22 Ideas How to prove nonmembership? Kocher s trick [Koch98]: store pair of consecutive values X={1,3,5,6,11} X ={(,1,(1,3,(3,5,(5,6,(6,11,(11, } y=3 belongs to X (1,3 or (,1 belongs to X. y=2 does not belong to X (1,3 belongs to X.
23 Public Data Structure Called Memory. Compute efficiently the accumulated value and the witnesses. In our construction the Memory will be a binary tree.
24 How to insert elements? (, X=Ø, next: x 1
25 How to insert elements? (,x 1 (x 1, X={x 1 }, next: x 2
26 How to insert elements? (,x 1 (x 1, x 2 (x 2, X={x 1,x 2 }, next: x 5
27 How to insert elements? (,x 1 (x 1, x 2 (x 2, x 5 (x 5, X={x 1,x 2,x 5 }, next: x 3
28 How to insert elements? (,x 1 (x 1, x 2 (x 2, x 3 (x 5, (x 3, x 5 X={x 1,x 2,x 3,x 5 }, next: x 4
29 How to insert elements? (,x 1 (x 1, x 2 (x 2, x 3 (x 5, (x 3, x 4 (x 4, x 5 X={x 1,x 2,x 3,x 4,x 5 }, next: x 6
30 How to insert elements? (,x 1 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, X={x 1,x 2,x 3,x 4,x 5,x 6 }
31 value? (,x 1 How to compute the accumulated (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, x 7 (x 9, (x 7, x 9 Proof N =H(Proof left Proof right value Proof Nil = Acc = Proof Root A pair (x i,x j
32 How to update the accumulated value? (Insertion (,x 1 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, x 7 (x 9, (x 7, x 9 Next element to be inserted: x 8 We will need to recompute proof node values.
33 How to update the accumulated value? (Insertion (,x 1 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, x 7 (x 9, (x 7, x 8 (x 8, x 9 New element: x 8. Proof N stored in each node. Dark nodes do not require recomputing Proof N. Only a logarithmic number of values needs recomputation.
34 Security Consistency Difficult to find witnesses that allow to prove inconsistent statements. X={1,2} Update Hard to compute a membership witness for 3. Hard to compute a nonmembership witness for 2. Guarantees that the accumulated value represents the set after insertion/deletion of x.
35 Security Lemma: Given a tree T with accumulated value Acc T, finding a tree T, T T such that Acc T = Acc T is difficult. Proof (Sketch: Proof N = H(Proof left Proof right value (,x 1 (x 1, x 2 (x 2, x 3 (,x 1 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, x 7 (x 5, x 6 (x 3, x 4 (x 4, x 7 (x 6, x 7
36 Security Lemma: Given a tree T with accumulated value Acc T, finding a tree T, T T such that Acc T = Acc T is difficult. Proof (Sketch: Proof N = H(Proof left Proof right value Collision for H (,x 1 (x 1, x 2 (x 2, x 3 (,x 1 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, x 7 (x 5, x 6 (x 3, x 4 (x 4, x 7 (x 6, x 7
37 Security Lemma: Given a tree T with accumulated value Acc T, finding a tree T, T T such that Acc T = Acc T is difficult. Proof (Sketch: Proof N = H(Proof left Proof right value Collision for H (,x 1 (x 1, x 2 (x 2, x 3 (,x 1 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, x 7 (x 5, x 6 (x 3, x 4 (x 4, x 7 (x 6, x 7
38 Security Lemma: Given a tree T with accumulated value Acc T, finding a tree T, T T such that Acc T = Acc T is difficult. Proof (Sketch: Proof N = H(Proof left Proof right value Collision for H (,x 1 (x 1, x 2 (x 2, x 3 (,x 1 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, x 7 (x 5, x 6 (x 3, x 4 (x 4, x 7 (x 6, x 7
39 Security (Consistency (,x 1 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, x 7 (x 9, (x 7, x 9 Witness: blue nodes and the (x 3,x 4 pair, size in O(ln(n Checking that x belongs (or not to X: 1 compute recursively the proof P and verify that P=Acc 2 check that: x=x 3 or x=x 4 (membership x 3 < x < x 4 (nonmembership
40 Security (Update Before After (,x 1 (,x 1 Acc before Acc after (x 1, x 2 (x 2, x 3 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, x 7 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, x 7 (x 9, (x 7, x 9 (x 9, (x 7, x 8 (x 8, x 9 Insertion of x 8
41 Conclusion & Open Problem First dynamic, universal, strong accumulator. Simple. Security Existence of collisionresistant hash functions. Solves the einvoice Factoring Problem. Less efficient than other constructions Size of witness in O(ln(n. Open Problem Is it possible to build a strong,dynamic and universal accumulator with witness size lower than O(ln(n?
42 Thank you!
43 Invoice Factoring using accumulator We need a secure broadcast channel If a message m is published, every participant sees the same m. Depending on the security level required Trusted http of ftp server Bulletin Board [CGS97]
44 Invoice Factoring using accumulator Factoring Authority (4 Is there the invoice? (5 YES / NO We need to see in detail this step FE 1 FE 2 FE i FE n (3 Invoice, Ack Provider (1 Invoice (2 Ack Client
45 Invoice Factoring using accumulator Step 5 (Details FE Factoring Authority Have you got invoice x? YES/NO, w x w x = Witness(m before,x Check(Acc before,w x,x If NO, insert x Acc new,w up,id FE Acc new,w up = Update Add (m before,x CheckUpdate(Acc before,acc after,w x All tests pass => I can buy x.
46 Distributed solutions? Complex to implement Hard to make them robust High bandwith communication Need to be online synchronization problems That s why we focus on a centralized solution.
47 Checking for (nonmembership User Accumulator Manager Does x belong to X? Memory w x = Witness(m,x w x Belongs(Acc,w x = True x є X If w x is not valid Belongs returns.
48 Update of the accumulated value User Accumulator Manager Insert or Delete x m after, Acc after, w up = Update Add/Del (m before,x Acc after, w up CheckUpdate(Acc before,acc after,w up
49 How to delete elements? (,x 1 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6, X={x 1,x 2,x 3,x 4,x 5,x 6 } element to be deleted: x 2
50 How to delete elements? (x 1,x 3 (,x 1 (x 1, x 2 (x 2, x 3 (x 5, x 6 (x 3, x 4 (x 4, x 5 (x 6,
51 How to delete elements? (,x 1 (x 1, x 3 (x 6, (x 5, x 6 (x 3, x 4 (x 4, x 5
52 Bibliography [BeMa92] Efficient Broadcast TimeStamping Josh Benaloh and Michael de Mare 1992 [BeMa94] Oneway Accumulators: A decentralized Alternative to Digital Signatures Josh Benaloh and Michael de Mare, 1994 [BarPfi97] CollisionFree Accumulators and FailStop Signature Schemes Without Trees Niko Barić and Birgit Pfitzmann 1997 [CGS97] A secure and optimally efficient multiauthority election scheme R. Cramer, R. Gennaro, and B. Schoenmakers 1997 [Koch98] On certificate revocation and validation P.C. Kocher 1998 [CGH98] The random oracle methodoly revisited R. Canetti, O. Goldreich and S. Halevi 1998 [Sand99] Efficient Accumulators Without Trapdoor Tomas Sanders 1999 [GoTa01] An efficient and Distributed Cryptographic Accumulator Michael T. Goodrich and Roberto Tamassia 2001 [CamLys02] Dynamic Accumulators And Application to Efficient Revocation of Anonymous Credentials Jan Camenisch Anna Lysyanskaya 2002 [GeRa04] RSA Accumulator Based Broadcast Encryption Craig Gentry and Zulfikar Ramzan 2004 [LLX07] Universal Accumulators with Efficient Nonmembership Proofs Jiangtao Li, Ninghui Li and Rui Xue 2007 [AWSM07] Compact ECash from Bounded Accumulator Man Ho Au, Qianhong Wu, Willy Susilo and Yi Mu 2007 [WWP08] A new Dynamic Accumulator for Batch Updates Peishun Wang, Huaxiong Wang and Josef Pieprzyk 2008 [CKHO08] Strong Accumulators from CollisionResistant Hashing Philippe Camacho, Alejandro Hevia, Marcos Kiwi, and Roberto Opazo 2008
Protocols for Secure Cloud Computing
IBM Research Zurich Christian Cachin 28 September 2010 Protocols for Secure Cloud Computing 2009 IBM Corporation Where is my data? 1985 2010 Who runs my computation? 1985 2010 IBM Research  Zurich Overview
More informationProof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory.
Proof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory. Marten van Dijk, Luis F. G. Sarmenta, Charles W. O Donnell, and Srinivas Devadas MIT Computer
More informationLecture 15  Digital Signatures
Lecture 15  Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations  easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationCertificate Based Signature Schemes without Pairings or Random Oracles
Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying
More informationGroup Blind Digital Signatures: Theory and Applications by Zulækar Amin Ramzan Submitted to the Department of Electrical Engineering and Computer Science in partial fulællment of the requirements for the
More informationNew Online/Offline Signature Schemes Without Random Oracles
New Online/Offline Signature Schemes Without Random Oracles Kaoru Kurosawa 1 and Katja SchmidtSamoa 2 1 Department of Computer and Information Sciences, Ibaraki University, Japan 2 Fachbereich Informatik,
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationDecentralized Anonymous Credentials
Decentralized Anonymous Credentials Christina Garman, Matthew Green, Ian Miers The Johns Hopkins University Department of Computer Science, Baltimore, USA {cgarman, mgreen, imiers}@cs.jhu.edu October 15,
More informationMerkle Hash Trees for Distributed Audit Logs
Merkle Hash Trees for Distributed Audit Logs Subject proposed by Karthikeyan Bhargavan Karthikeyan.Bhargavan@inria.fr April 7, 2015 Modern distributed systems spread their databases across a large number
More informationAuthenticated Index Structures for Outsourced Databases
Authenticated Index Structures for Outsourced Databases Feifei Li 1, Marios Hadjileftheriou 2, George Kollios 1, and Leonid Reyzin 1 1 Computer Science Department Boston University 2 AT&T Labs Inc. Abstract.
More informationA New and Efficient Signature on Commitment Values
International Journal of Network Security, Vol.7, No., PP.0 06, July 2008 0 A New and Efficient Signature on Commitment Values Fangguo Zhang,3, Xiaofeng Chen 2,3, Yi Mu 4, and Willy Susilo 4 (Corresponding
More informationCertificate Revocation and Certificate Update
The following paper was originally published in the Proceedings of the 7th USENIX Security Symposium San Antonio, Texas, January 2629, 1998 Certificate Revocation and Certificate Update Moni Naor and
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationComments on "public integrity auditing for dynamic data sharing with multiuser modification"
University of Wollongong Research Online Faculty of Engineering and Information Sciences  Papers Faculty of Engineering and Information Sciences 2016 Comments on "public integrity auditing for dynamic
More informationOn Electronic Payment Systems
On Electronic Payment Systems Ronald Cramer, Ivan Damgård and Jesper Buus Nielsen CPT 2009 April 22, 2009 Abstract This note is an introduction to the area of electronic cash (ecash) schemes. The note
More informationBitmessage: A Peer to Peer Message Authentication and Delivery System
Bitmessage: A Peer to Peer Message Authentication and Delivery System Jonathan Warren jonathan@bitmessage.org www.bitmessage.org November 27, 2012 Abstract. We propose a system that allows users to securely
More informationAn Anonymous Endorsement System
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 18, 107114 (2002) Short Paper An Anonymous Endorsement System Department of Electrical Engineering National Taiwan University Taipei, 106 Taiwan Email:
More informationDistillation Codes and Applications to DoS Resistant Multicast Authentication
Proceedings of the Network and Distributed System Security Conference (NDSS 2004), February 2004, pp. 3756 Distillation Codes and Applications to DoS Resistant Multicast Authentication Chris Karlof UC
More informationVerifiable Delegation of Computation over Large Datasets
Verifiable Delegation of Computation over Large Datasets Siavosh Benabbas University of Toronto Rosario Gennaro IBM Research Yevgeniy Vahlis AT&T Cloud Computing Data D Code F Y F(D) Cloud could be malicious
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationA Method for Making PasswordBased Key Exchange Resilient to Server Compromise
A Method for Making PasswordBased Key Exchange Resilient to Server Compromise Craig Gentry 1, Philip MacKenzie 2, and Zulfikar Ramzan 3 1 Stanford University, Palo Alto, CA, USA, cgentry@cs.stanford.edu
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationEnergy Efficiency in Secure and Dynamic Cloud Storage
Energy Efficiency in Secure and Dynamic Cloud Storage Adilet Kachkeev Ertem Esiner Alptekin Küpçü Öznur Özkasap Koç University Department of Computer Science and Engineering, İstanbul, Turkey {akachkeev,eesiner,akupcu,oozkasap}@ku.edu.tr
More informationTwin Signatures: an Alternative to the HashandSign Paradigm
Proceedings of the 8th ACM Conference on Computer and Communications Security. Pages 20 27. (november 5 8, 2001, Philadelphia, Pennsylvania, USA) Twin Signatures: an Alternative to the HashandSign Paradigm
More informationCSC/ECE 774 Advanced Network Security. Overview. BiBa Signature Scheme. BiBa stands for Bins and Balls
CSC/ECE 774 Advanced Network Security Topic 3.2 BiBa Dr. Peng Ning CSC/ECE 774  Adv. Net. Security 1 Overview BiBa stands for Bins and Balls Use oneway functions without trapdoors (e.g., hash functions)
More informationBuilding Secure File Systems out of Byzantine Storage
Building Secure File Systems out of Byzantine Storage David Mazières joint work with Jinyuan Li (implementation) and Dennis Shasha NYU Department of Computer Science Motivation Many people have access
More informationNonInteractive Timestamping in the Bounded Storage Model
NonInteractive Timestamping in the Bounded Storage Model Tal Moran 1, Ronen Shaltiel 2, and Amnon TaShma 1 1 Department of Computer Science, TelAviv University, TelAviv, Israel 2 Department of Computer
More informationPublic Key Cryptography. c Eli Biham  March 30, 2011 258 Public Key Cryptography
Public Key Cryptography c Eli Biham  March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known apriori to all the users, before they can encrypt
More informationCryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones
Cryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones Gwenaëlle Martinet 1, Guillaume Poupard 1, and Philippe Sola 2 1 DCSSI Crypto Lab, 51 boulevard de La TourMaubourg
More informationDigital Identity Management
Digital Identity Management Techniques and Policies E. Bertino CS Department and ECE School CERIAS Purdue University bertino@cs.purdue.edu Digital Identity Management What is DI? Digital identity (DI)
More informationCertificate Authorities and Public Keys. How they work and 10+ ways to hack them.
Certificate Authorities and Public Keys How they work and 10+ ways to hack them.  FoxGuard Solutions Www.FoxGuardSolutions.com melkins@foxguardsolutions.com Version.05 9/2012 1 Certificate Use Overview
More informationA Secure RFID Ticket System For Public Transport
A Secure RFID Ticket System For Public Transport Kun Peng and Feng Bao Institute for Infocomm Research, Singapore Abstract. A secure RFID ticket system for public transport is proposed in this paper. It
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationOnetime Signature Protocols for Signing Routing Messages
Onetime Signature Protocols for Signing Routing Messages Kan Zhang Cambridge University kz200@cl.cam.ac.uk Attacks on Routing Protocols Replay of old routing messages Inserting bogus routing messages
More informationElectronic Payments. EITN40  Advanced Web Security
Electronic Payments EITN40  Advanced Web Security 1 Card transactions CardPresent Smart Cards CardNotPresent SET 3D Secure Untraceable ECash Micropayments Payword Electronic Lottery Tickets Peppercoin
More informationEfficient Implementation of Keyless Signatures with Hash Sequence Authentication
Efficient Implementation of Keyless Signatures with Hash Sequence Authentication Ahto Buldas, Risto Laanoja, and Ahto Truu GuardTime AS, Tammsaare tee 60, 11316 Tallinn, Estonia. Abstract. We present new
More informationPrivacyProviding Signatures and Their Applications. PhD Thesis. Author: Somayeh Heidarvand. Advisor: Jorge L. Villar
PrivacyProviding Signatures and Their Applications PhD Thesis Author: Somayeh Heidarvand Advisor: Jorge L. Villar PrivacyProviding Signatures and Their Applications by Somayeh Heidarvand In fulfillment
More informationNotarized Federated Identity Management for Web Services
Notarized Federated Identity Management for Web Services Michael T. Goodrich 1, Roberto Tamassia 2, and Danfeng Yao 2 1 Department of Computer Science, University of California Irvine, CA 92697 USA goodrich@acm.org
More informationEnhancing Data Security in Cloud Storage Auditing With Key Abstraction
Enhancing Data Security in Cloud Storage Auditing With Key Abstraction 1 Priyadharshni.A, 2 Geo Jenefer.G 1 Master of engineering in computer science, Ponjesly College of Engineering 2 Assistant Professor,
More informationFlexList: Optimized Skip List for Secure Cloud Storage
FlexList: Optimized Skip List for Secure Cloud Storage Ertem Esiner Koç University Adilet Kachkeev Koç University Alptekin Küpçü Koç University Öznur Özkasap Koç University Abstract With the increase in
More informationSecure Authentication and Session. State Management for Web Services
Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationNotarized Federated Identity Management for Web Services
Notarized Federated Identity Management for Web Services Michael T. Goodrich 1, Roberto Tamassia 2, and Danfeng Yao 2 1 Department of Computer Science, University of California Irvine, CA 92697 USA goodrich@acm.org
More informationCS 361S  Network Security and Privacy Spring 2014. Homework #1
CS 361S  Network Security and Privacy Spring 2014 Homework #1 Due: 11am CST (in class), February 11, 2014 YOUR NAME: Collaboration policy No collaboration is permitted on this assignment. Any cheating
More informationSecure Computation Martin Beck
Institute of Systems Architecture, Chair of Privacy and Data Security Secure Computation Martin Beck Dresden, 05.02.2015 Index Homomorphic Encryption The Cloud problem (overview & example) System properties
More informationData Privacy in Remote Data Integrity Checking for Secure Cloud Storage
Data Privacy in Remote Data Integrity Checking for Secure Cloud Storage Yong Yu Centre for Computer and Information Security University of Wollongong Australia 1 Yong Yu, Man Ho Au, Yi Mu, Willy Susilo
More informationUniversal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure PublicKey Encryption
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure PublicKey Encryption Ronald Cramer Victor Shoup December 12, 2001 Abstract We present several new and fairly practical publickey
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture  PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 091 Overview Key exchange Session vs. interchange
More informationImproved Online/Offline Signature Schemes
Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationAnalysis of Algorithms I: Binary Search Trees
Analysis of Algorithms I: Binary Search Trees Xi Chen Columbia University Hash table: A data structure that maintains a subset of keys from a universe set U = {0, 1,..., p 1} and supports all three dictionary
More informationISSN 22783091. Index Terms Cloud computing, outsourcing data, cloud storage security, public auditability
Outsourcing and Discovering Storage Inconsistencies in Cloud Through TPA Sumathi Karanam 1, GL Varaprasad 2 Student, Department of CSE, QIS College of Engineering and Technology, Ongole, AndhraPradesh,India
More informationVolume 2, Issue 1, 2008. A New Security Architecture for SIP Based P2P Computer Networks
Volume 2, Issue 1, 2008 A New Security Architecture for SIP Based P2P Computer Networks Huang Yongfeng, Professor, Tsinghua University, yfhuang@tsinghua.edu.cn Shanyu Tang, Dr & Senior Lecturer, London
More informationLecture 2: Complexity Theory Review and Interactive Proofs
600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography
More informationPublicly Verifiable Conjunctive Keyword Search in Outsourced Databases
Publicly Verifiable Conjunctive Keyword Search in Outsourced Databases Monir Azraoui, Kaoutar Elkhiyaoui, Melek Önen, Refik Molva EURECOM, Sophia Antipolis, France {azraoui, elkhiyao, onen, molva}@eurecom.fr
More informationLecture 5  CPA security, Pseudorandom functions
Lecture 5  CPA security, Pseudorandom functions Boaz Barak October 2, 2007 Reading Pages 82 93 and 221 225 of KL (sections 3.5, 3.6.1, 3.6.2 and 6.5). See also Goldreich (Vol I) for proof of PRF construction.
More informationEfficient File Sharing in Electronic Health Records
Efficient File Sharing in Electronic Health Records Clémentine Gritti, Willy Susilo and Thomas Plantard University of Wollongong, Australia 27/02/2015 1/20 Outline for Section 1 1 Introduction 2 Solution
More informationCryptography: Authentication, Blind Signatures, and Digital Cash
Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,
More informationApplication of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card
Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card C. Koner, Member, IACSIT, C. T. Bhunia, Sr. Member, IEEE and U. Maulik, Sr. Member, IEEE
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationTwo Factor Zero Knowledge Proof Authentication System
Two Factor Zero Knowledge Proof Authentication System Quan Nguyen Mikhail Rudoy Arjun Srinivasan 6.857 Spring 2014 Project Abstract It is often necessary to log onto a website or other system from an untrusted
More information9 Digital Signatures: Definition and First Constructions. Hashing.
Leo Reyzin. Notes for BU CAS CS 538. 1 9 Digital Signatures: Definition and First Constructions. Hashing. 9.1 Definition First note that encryption provides no guarantee that a message is authentic. For
More informationTopologybased network security
Topologybased network security Tiit Pikma Supervised by Vitaly Skachek Research Seminar in Cryptography University of Tartu, Spring 2013 1 Introduction In both wired and wireless networks, there is the
More informationA Novel Approach for Signing Multiple Messages: Hash Based Signature
International Journal of Information & Computation Technology. ISSN 09742239 Volume 4, Number 15 (2014), pp. International Research Publications House http://www. irphouse.com A Novel Approach for Signing
More informationA SECURE DATA TRANSMISSION FOR CLUSTER BASED WIRELESS SENSOR NETWORKS IS INTRODUCED
A SECURE DATA TRANSMISSION FOR CLUSTER BASED WIRELESS SENSOR NETWORKS IS INTRODUCED J Karunamayi 1, Annapurna V K 2 1 Student, Computer Network and Engineering,The National Institute of Engineering, Mysuru,
More informationIdentityBased Encryption from the Weil Pairing
Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages
More informationLecture 2 February 12, 2003
6.897: Advanced Data Structures Spring 003 Prof. Erik Demaine Lecture February, 003 Scribe: Jeff Lindy Overview In the last lecture we considered the successor problem for a bounded universe of size u.
More informationAn Internet Based Anonymous Electronic Cash System
Research Paper American Journal of Engineering Research (AJER) eissn: 23200847 pissn : 23200936 Volume4, Issue4, pp148152 www.ajer.org Open Access An Internet Based Anonymous Electronic Cash System
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationEvaluation of Data Integrity Methods in Storage: Oracle Database
Thesis no: MECS201515 Evaluation of Data Integrity Methods in Storage: Oracle Database Ognjen Tomanović Oliver Posse Dept. Computer Science & Engineering Blekinge Institute of Technology SE 371 79 Karlskrona,
More informationAn Anonymous and Secure Continuous Double Auction Scheme
An Anonymous and Secure Continuous Double Auction Scheme Jarrod Trevathan School of Mathematical and Physical Sciences James Cook University Email: jarrod.trevathan@jcu.edu.au Hossien Ghodosi School of
More informationUniversal hashing. In other words, the probability of a collision for two different keys x and y given a hash function randomly chosen from H is 1/m.
Universal hashing No matter how we choose our hash function, it is always possible to devise a set of keys that will hash to the same slot, making the hash scheme perform poorly. To circumvent this, we
More informationA New ForwardSecure Digital Signature Scheme
The extended abstract of this work appears Advances in Cryptology Asiacrypt 2000, Tatsuaki Okamoto, editor, Lecture Notes in Computer Science vol. 1976, SpringerVerlag, 2000. c IACR A New ForwardSecure
More informationSecure Mediation of Join Queries by Processing Ciphertexts
Secure Mediation of Join Queries by Processing Ciphertexts Joachim Biskup, Christian Tsatedem and Lena Wiese Germany SECOBAP 07 Marmara Hotel, Istanbul April 20, 2007 1/23 Overview Introduction and Problem
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationElectronic Contract Signing without Using Trusted Third Party
Electronic Contract Signing without Using Trusted Third Party Zhiguo Wan 1, Robert H. Deng 2 and David Lee 1 Sim Kim Boon Institute for Financial Economics 1, School of Information Science 2, Singapore
More informationDigital Signatures. What are Signature Schemes?
Digital Signatures Debdeep Mukhopadhyay IIT Kharagpur What are Signature Schemes? Provides message integrity in the public key setting Counterparts of the message authentication schemes in the public
More informationAuthenticated InNetwork Programming for Wireless Sensor Networks
Authenticated InNetwork Programming for Wireless Sensor Networks Ioannis Krontiris and Tassos Dimitriou Athens Information Technology, P.O.Box 68, 19.5 km Markopoulo Ave., GR 19002, Peania, Athens, Greece
More informationDATA STRUCTURES USING C
DATA STRUCTURES USING C QUESTION BANK UNIT I 1. Define data. 2. Define Entity. 3. Define information. 4. Define Array. 5. Define data structure. 6. Give any two applications of data structures. 7. Give
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationVoteID 2011 Internet Voting System with Cast as Intended Verification
VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could
More informationA Practical Authentication Scheme for InNetwork Programming in Wireless Sensor Networks
A Practical Authentication Scheme for InNetwork Programming in Wireless Sensor Networks Ioannis Krontiris Athens Information Technology P.O.Box 68, 19.5 km Markopoulo Ave. GR 19002, Peania, Athens, Greece
More informationEfficient FailStop Signatures from the Factoring Assumption
Efficient FailStop Signatures from the Factoring Assumption Atefeh Mashatan and Khaled Ouafi Ecole Polytechnique Fédérale de Lausanne (EPFL), CH1015 Lausanne, Switzerland Atefeh.Mashatan@epfl.ch, Khaled.Ouafi@epfl.ch
More informationSecure Computation Without Authentication
Secure Computation Without Authentication Boaz Barak 1, Ran Canetti 2, Yehuda Lindell 3, Rafael Pass 4, and Tal Rabin 2 1 IAS. E:mail: boaz@ias.edu 2 IBM Research. Email: {canetti,talr}@watson.ibm.com
More informationNotarized Federated Identity Management for Web Services
Notarized Federated Identity Management for Web Services Michael T. Goodrich 1, Roberto Tamassia 2, and Danfeng Yao 2 1 Department of Computer Science, University of California Irvine, CA 92697 USA goodrich@acm.org
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationSecure Cloud Storage Hits Distributed String Equality Checking: More Efficient, Conceptually Simpler, and Provably Secure
Secure Cloud Storage Hits Distributed String Equality Checking: More Efficient, Conceptually Simpler, and Provably Secure Fei Chen, Tao Xiang, Yuanyuan Yang, Cong Wang, Shengyu Zhang Department of Computer
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationLatticeBased ThresholdChangeability for Standard Shamir SecretSharing Schemes
LatticeBased ThresholdChangeability for Standard Shamir SecretSharing Schemes Ron Steinfeld (Macquarie University, Australia) (email: rons@ics.mq.edu.au) Joint work with: Huaxiong Wang (Macquarie University)
More informationSECURITY ANALYSIS OF A SINGLE SIGNON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS
SECURITY ANALYSIS OF A SINGLE SIGNON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single signon (SSO) is a new authentication mechanism that enables a legal user with a single credential
More informationEnabling Nonrepudiable Data Possession Verification in Cloud Storage Systems
Enabling Nonrepudiable Data Possession Verification in Cloud Storage Systems Zhen Mo, Yian Zhou, Shigang Chen Department of Computer & Information Science & Engineering University of Florida, Gainesville,
More informationDistributed Public Key Infrastructure via the Blockchain. Sean Pearl smp1697@cs.rit.edu April 28, 2015
Distributed Public Key Infrastructure via the Blockchain Sean Pearl smp1697@cs.rit.edu April 28, 2015 Overview Motivation: Electronic Money Example TTP: PayPal Bitcoin (BTC) Background Structure Other
More informationOn Provably Secure TimeStamping Schemes
On Provably Secure TimeStamping Schemes Ahto Buldas 1,2,3, and Märt Saarepera 4 1 University of Tartu, Liivi 2, 50409 Tartu, Estonia. Ahto.Buldas@ut.ee 2 Cybernetica, Akadeemia tee 21, 12618 Tallinn,
More informationAuthentication Applications
Authentication Applications will consider authentication functions developed to support applicationlevel authentication & digital signatures will consider Kerberos a privatekey authentication service
More informationOneWay Encryption and Message Authentication
OneWay Encryption and Message Authentication Cryptographic Hash Functions Johannes Mittmann mittmann@in.tum.de Zentrum Mathematik Technische Universität München (TUM) 3 rd Joint Advanced Student School
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy wellknown in network security world Bob, Alice (lovers!) want to communicate
More informationImplementation and Comparison of Various Digital Signature Algorithms. Nazia Sarang Boise State University
Implementation and Comparison of Various Digital Signature Algorithms Nazia Sarang Boise State University What is a Digital Signature? A digital signature is used as a tool to authenticate the information
More information