Ensuring Integrity in Cloud Computing via Homomorphic Digital Signatures: new tools and results

Similar documents
Verifiable Delegation of Computation over Large Datasets

Introduction. Digital Signature

MTAT Cryptology II. Digital Signatures. Sven Laur University of Tartu

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

Ch.9 Cryptography. The Graduate Center, CUNY.! CSc Theoretical Computer Science Konstantinos Vamvourellis

1 Signatures vs. MACs

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks

DIGITAL SIGNATURES 1/1

Signature Schemes. CSG 252 Fall Riccardo Pucella

Lecture 15 - Digital Signatures

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Cryptographic Hash Functions Message Authentication Digital Signatures

Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Secure Deduplication of Encrypted Data without Additional Independent Servers

CryptoVerif Tutorial

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Cryptography Lecture 8. Digital signatures, hash functions

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

Chosen-Ciphertext Security from Identity-Based Encryption

Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data

New Efficient Searchable Encryption Schemes from Bilinear Pairings

CSCE 465 Computer & Network Security

Kleptography: The unbearable lightness of being mistrustful

3-6 Toward Realizing Privacy-Preserving IP-Traceback

Introduction to Cryptography CS 355

CS155. Cryptography Overview

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Lecture 1: Introduction. CS 6903: Modern Cryptography Spring Nitesh Saxena Polytechnic University

HASH CODE BASED SECURITY IN CLOUD COMPUTING

Non-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak

Lecture 13: Message Authentication Codes

Comments on "public integrity auditing for dynamic data sharing with multi-user modification"

Universal Padding Schemes for RSA

Introduction to Cryptography

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Data Security in Unattended Wireless Sensor Network

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Fundamentals of Computer Security

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Hash Functions. Integrity checks

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract)

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

Forward Security. Adaptive Cryptography: Time Evolution. Gene Itkis. Computer Science Department Boston University

Digital Signatures. What are Signature Schemes?

Provable-Security Analysis of Authenticated Encryption in Kerberos

A Practical Authentication Scheme for In-Network Programming in Wireless Sensor Networks

Identity-Based Encryption from the Weil Pairing

1 Construction of CCA-secure encryption

Digital Signatures. Prof. Zeph Grunschlag

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

Efficient Unlinkable Secret Handshakes for Anonymous Communications

Client Server Registration Protocol

Enabling Public Auditing for Secured Data Storage in Cloud Computing

Cryptography: Authentication, Blind Signatures, and Digital Cash

Message Authentication Code

CS 758: Cryptography / Network Security

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

1 Message Authentication

MACs Message authentication and integrity. Table of contents

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Searchable encryption

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Symmetric Crypto MAC. Pierre-Alain Fouque

Improved Online/Offline Signature Schemes

Digital Signatures: A Panoramic View. Palash Sarkar

Computer Science A Cryptography and Data Security. Claude Crépeau

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Privacy-Providing Signatures and Their Applications. PhD Thesis. Author: Somayeh Heidarvand. Advisor: Jorge L. Villar

An Introduction to Cryptography as Applied to the Smart Grid

Lecture 9 - Message Authentication Codes

MAC. SKE in Practice. Lecture 5

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage

Certificate Authorities and Public Keys. How they work and 10+ ways to hack them.

Table of Contents. Bibliografische Informationen digitalisiert durch

Transcription:

Ensuring Integrity in Cloud Computing via Homomorphic Digital Signatures: new tools and results Dario Catalano Dario Fiore Luca Nizzardo University of Catania Italy IMDEA Software Institute Madrid, Spain IMDEA Software Institute Madrid, Spain CyberCamp 2015 Madrid

Classical Cryptography Solutions for secure communication A problem since very ancient time Setting: Communication of honest parties Adversary in the middle 2

New challenges not just a matter of protecting communication We need solutions to secure computation Our computing partner can become the adversary! There may be a malicious insider We share the same physical resources with other users (bad ones too!) information leaks through hardware Providers can be hacked (and that unfortunately happens) 3

Modern (advanced) cryptography We need solutions to secure computation Main security goals: Modern cryptography can provide solutions to these issues Privacy: outsourced data must remain hidden Integrity: outsourced data/computation must be correct This talk 4

Roadmap Ensuring integrity in cloud computing applications A solution via homomorphic signatures Homomorphic signatures: what they are New tool: Asymmetric Programmable Hash Functions New results: more efficient homomorphic signatures 5

Ensuring Integrity in Cloud Computing v 1,v 2,,v n v 1 v 2 y=f(v 1,v 2,,v n ) f y v n How can we ensure Bob that y is correct (and computed on Alice s data)? 6

An attempt using traditional crypto Can we use digital signatures? sk vk v 1,v 2,,v n v 1 v 2 y=f(v 1,v 2,,v n ) f y Sign(sk, v i ) v n v 1,v 2,,v n Check: y=f(v 1,v 2,,v n ) AND Ver(vk, vi, )=1 Integrity: the cloud cannot cheat anymore Efficiency: The cloud has to send the entire input data. The communication of this solution can become prohibitive 7

Using Homomorphic Digital Signatures sk vk v 1,v 2,,v n v 1 v 2 y=f(v 1,v 2,,v n ) f y Sign(sk, v i ) v n v 1,v 2,,v n Check Namely Ver(vk, f, y, )=1 Integrity: the cloud cannot cheat anymore Efficiency: Homomorphic signatures are succinct size of << size of n input values. 8

Roadmap Ensuring integrity in cloud computing applications A solution via homomorphic signatures Homomorphic signatures: what they are New tool: Asymmetric Programmable Hash Functions New results: more efficient homomorphic signatures 9

Homomorphic Signatures Given signatures on inputs, one can publicly compute signature on function s output KeyGen(1 λ,n) (sk, vk) // N=#messages in a dataset Sign(sk, Δ, i, m) σ Eval(f, σ 1,,σ n ) σ Ver(vk, Δ, f, m, σ) 0/1 Correctness (f linear functions): If σ 1, σ 2 valid for m 1, m 2, then for f(x 1,x 2 )=x 1 +x 2 and σ=eval(f, σ 1,σ 2 ) it holds: Ver(vk, Δ, f, m 1 +m 2, σ)=1 Security (informal): without sk, one cannot generate signatures on false results y f(m 1,,m n ) 10

Previous Work on Homomorphic Signatures Homomorphic signatures first proposed in [JMSW02] Linear functions: (initially motivated by Network Coding) [BFKW09, GKKR10, CFW11, AL11, BF11, CFW12, Freeman12, ALP12, CFGV13, ALP13, LPJY13, ] Beyond linear functions: [BF11,CFW14,GVW15] Random Oracle vs. Standard Model Security Computational efficiency is about the same, but Random oracle schemes: vk =O(1) Standard Model schemes: vk =O(N) where N= dataset A vk of size O(N) is not quite desirable (think of the outsourcing app.) 11

Efficiency of prior std-model Homomorphic Sig. Size of vk in prior work sk v 1,v 2,,v n v 1 v 1,v 2,,v n v 2 v n y=f(v 1,v 2,,v n ) v 1 v 2 v n f y vk Size of vk size of one dataset Bob stores less than the cloud, but still needs a lot of space 12

Understanding the limitations of prior schemes A common design pattern vk = h1 h2 hn for random hi Simulating the signature on index i requires specific randomness ri: hi is used to hide such randomness, e.g., hi=g ri h si In random oracle schemes, vk=h( ) and hi=h(i), and rely on programmability of random oracle H to embed ri on the fly. Our key idea: a new (standard-model) tool to replace/ mimic the random oracle H 13

This Work Introduce Asymmetric Programmable Hash Functions (APHFs) Similar to Programmable Hash Functions [HK08] APHFs Applications (generically built) Short standard-model signatures from bilinear maps (shorter PK) Linearly-Homomorphic Signatures (first scheme with sub-linear PK) APHFs Realizations 14

Efficiency of our std-model Homomorphic Sig. Prior work Ours sk v 1,v 2,,v n v 1 v 1,v 2,,v n v 2 v n y=f(v 1,v 2,,v n ) v 1 v 2 v n f y vk Size of vk Prior work: size of one dataset Our work: square root of size of one dataset 15

Roadmap Ensuring integrity in cloud computing applications A solution via homomorphic signatures Homomorphic signatures: what they are New tool: Asymmetric Programmable Hash Functions New results: more efficient homomorphic signatures 16

Hash Functions H: {0,1}* {0,1} n Important tool in cryptography Digital signatures, MACs, integrity, Provable Security (several security notions) Collision-resistance Single/Second Preimage resistance, one-wayness, etc. Random Oracle 17

Random Oracles [BR93] H behaves like an oracle Main properties Programmability: one can program H(x*)=y* H Random function: H(x) is random Great object! Tons of applications: signatures, NIZK, CCA encryption Heuristic assumption: random oracles do not exist in practice Can we get something close to a R.O.? as much useful in applications weak enough to have standard model realizations 18

Programmable Hash Functions [HK08] H k : X G, G a cyclic group KG() k; H k (x) G TrapGen(g,h) (k,td) k k TrapEval(td, x) (a x,b x ): H k (x)=g a x h b x (m,n)-programmability: x 1,,x m z 1,,z n Pr[ i a xi =0 AND j a zj 0]=1/poly x h b x g a x h b x Very useful abstraction, especially for partitioning proofs: CRHF, short standard-model signatures, IBE, 19

Towards random oracles Random oracles Programmability Random function PHF [HK08] Programmability?? While programmability is very powerful, certain proofs rely on the random property in several ways (e.g., they need entropy during the proof) 20

Our new tool: Asymmetric PHFs (APHFs) Similar to PHFs except that Secretly computable but publicly verifiable Programmable: there are trapdoor algorithms such that Pr[aX=0] is noticeable or programmable with pseudo-randomness: there are trapdoor algorithms such that g a x g r Note: these properties are mutually exclusive Yet different trapdoor modes are indistinguishable! 21

A step closer to random oracles Random oracles Programmability Random function APHF (this work) Programmability Pseudo-random albeit only secretly computable 22

Roadmap Ensuring integrity in cloud computing applications A solution via homomorphic signatures Homomorphic signatures: what they are New tool: Asymmetric Programmable Hash Functions New results: more efficient homomorphic signatures 23

Our main results 1. Generic construction APHFs w/pseudorandmness + Groups with bilinear maps Linearly-Homomorphic Signatures Hsqrt New homomorphic signature 2. An APHF realization called H sqrt By using H sqrt in the generic construction we obtain the first stdmodel homomorphic signature with a public key sub-linear in the maximum data set size: in all previous schemes vk =O(N)~32MB (for N=10 6 ) our solution allows for vk = O(N 1/2 ) ~100KB 24

Conclusion Homomorphic digital signatures can solve integrity in cloud computing scenarios Main contribution New tool: Asymmetric Programmable Hash Functions Definition Realizations New results: first homomorphic signature with sub-linear public key 25

Thanks!? D. Catalano, D. Fiore, L. Nizzardo. Programmable Hash Functions go Private: Constructions and Applications to (Homomorphic) Signatures with Shorter Public Keys. CRYPTO 2015 Full version available at http://eprint.iacr.org/2015/826

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information