Bogdan Warinschi scite author profile

Abstract. This paper provides theoretical foundations for the group signature primitive. We introduce strong, formal definitions for the core requirements of anonymity and traceability. We then show that these imply the large set of sometimes ambiguous existing informal requirements in the literature, thereby unifying and simplifying the requirements for this primitive. Finally we prove the existence of a construct meeting our definitions based only on the sole assumption that trapdoor permutations exist.

show abstract

Secure Proxy Signature Schemes for Delegation of Signing Rights

Boldyreva

2010

View full text Add to dashboard Cite

A proxy signature scheme permits an entity to delegate its signing rights to another. These schemes have been suggested for use in numerous applications, particularly in distributed computing. Before our work (Boldyreva et al. in Cryptology ePrint Archive, Report 2003/096, 2003) appeared, no precise definitions or provensecure schemes had been provided. In this paper, we formalize a notion of security for proxy signature schemes and present provably-secure schemes. We analyze the security of the well-known delegation-by-certificate scheme and show that after some slight but important modifications, the resulting scheme is secure, assuming the underlying standard signature scheme is secure. We then show that employment of aggregate signature schemes permits bandwidth savings. Finally, we analyze the proxy signature scheme of Kim, Park and Won, which offers important performance benefits. We propose modifications to this scheme which preserve its efficiency and yield a proxy signature scheme that is provably secure in the random-oracle model, under the discrete-logarithm assumption.

show abstract

How Not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios

2012

View full text Add to dashboard Cite

Abstract. The Fiat-Shamir transformation is the most efficient construction of non-interactive zero-knowledge proofs. This paper is concerned with two variants of the transformation that appear but have not been clearly delineated in existing literature. Both variants start with the prover making a commitment. The strong variant then hashes both the commitment and the statement to be proved, whereas the weak variant hashes only the commitment. This minor change yields dramatically different security guarantees: in situations where malicious provers can select their statements adaptively, the weak Fiat-Shamir transformation yields unsound/unextractable proofs. Yet such settings naturally occur in systems when zero-knowledge proofs are used to enforce honest behavior. We illustrate this point by showing that the use of the weak Fiat-Shamir transformation in the Helios cryptographic voting system leads to several possible security breaches: for some standard types of elections, under plausible circumstances, malicious parties can cause the tallying procedure to run indefinitely and even tamper with the result of the election. On the positive side, we define a form of adaptive security for zeroknowledge proofs in the random oracle model (essentially simulationsound extractability), and show that a variant which we call strong FiatShamir yields secure non-interactive proofs. This level of security was assumed in previous works on Helios and our results are then necessary for these analyses to be valid. Additionally, we show that strong proofs in Helios achieve non-malleable encryption and satisfy ballot privacy, improving on previous results that required CCA security.

show abstract

SoK: A Comprehensive Analysis of Game-Based Ballot Privacy Definitions

et al. 2015

View full text Add to dashboard Cite

Abstract-We critically survey game-based security definitions for the privacy of voting schemes. In addition to known limitations, we unveil several previously unnoticed shortcomings. Surprisingly, the conclusion of our study is that none of the existing definitions is satisfactory: they either provide only weak guarantees, or can be applied only to a limited class of schemes, or both.Based on our findings, we propose a new game-based definition of privacy which we call BPRIV. We also identify a new property which we call strong consistency, needed to express that tallying does not leak sensitive information. We validate our security notions by showing that BPRIV, strong consistency (and an additional simple property called strong correctness) for a voting scheme imply its security in a simulation-based sense. This result also yields a proof technique for proving entropy-based notions of privacy which offer the strongest security guarantees but are hard to prove directly: first prove your scheme BPRIV, strongly consistent (and correct), then study the entropy-based privacy of the result function of the election, which is a much easier task.

show abstract

Soundness of Formal Encryption in the Presence of Active Adversaries

2004

View full text Add to dashboard Cite

Abstract. We present a general method to prove security properties of cryptographic protocols against active adversaries, when the messages exchanged by the honest parties are arbitrary expressions built using encryption and concatenation operations. The method allows to express security properties and carry out proofs using a simple logic based language, where messages are represented by syntactic expressions, and does not require dealing with probability distributions or asymptotic notation explicitly. Still, we show that the method is sound, meaning that logic statements can be naturally interpreted in the computational setting in such a way that if a statement holds true for any abstract (symbolic) execution of the protocol in the presence of a Dolev-Yao adversary, then its computational interpretation is also correct in the standard computational model where the adversary is an arbitrary probabilistic polynomial time program. This is the first paper providing a simple framework for translating security proofs from the logic setting to the standard computational setting for the case of powerful active adversaries that have total control of the communication network.

show abstract

Composability of bellare-rogaway key exchange protocols

Brzuska

Fischlin

Warinschi

et al. 2011

View full text Add to dashboard Cite

In this paper we examine composability properties for the fundamental task of key exchange. Roughly speaking, we show that key exchange protocols secure in the prevalent model of Bellare and Rogaway can be composed with arbitrary protocols that require symmetrically distributed keys. This composition theorem holds if the key exchange protocol satisfies an additional technical requirement that our analysis brings to light: it should be possible to determine which sessions derive equal keys given only the publicly available information. What distinguishes our results from virtually all existing work is that we do not rely, neither directly nor indirectly, on the simulation paradigm. Instead, our security notions and composition theorems exclusively use a game-based formalism. We thus avoid several undesirable consequences of simulation-based security notions and support applicability to a broader class of protocols. In particular, we offer an abstract formalization of game-based security that should be of independent interest in other investigations using gamebased formalisms.

show abstract

Completeness theorems for the Abadi–Rogaway language of encrypted expressions1

Micciancio¹,

Warinschi

2004

JCS

View full text Add to dashboard Cite

Computationally Sound, Automated Proofs for Security Protocols

Cortier

Warinschi

2005

View full text Add to dashboard Cite

Abstract. Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. This approach captures a strong notion of security, guaranteed against all probabilistic polynomial-time attacks. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are treated as black boxes. Since the seminal work of Dolev and Yao, it has been realized that this latter approach enables significantly simpler and often automated proofs. However, the guarantees that it offers have been quite unclear.In this paper, we show that it is possible to obtain the best of both worlds: fully automated proofs and strong, clear security guarantees. Specifically, for the case of protocols that use signatures and asymmetric encryption, we establish that symbolic integrity and secrecy proofs are sound with respect to the computational model. The main new challenges concern secrecy properties for which we obtain the first soundness result for the case of active adversaries. Our proofs are carried out using Casrul, a fully automated tool.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.