Compact E-Cash and Simulatable VRFs Revisited

Belenkiy, Mira; Chase, Melissa; Kohlweiss, Markulf; Lysyanskaya, Anna

doi:10.1007/978-3-642-03298-1_9

Cited by 61 publications

(99 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The weak Boneh-Boyen signature scheme [9] was used in [29,2] to construct Verifiable Random Functions (VRF) [43] for small message spaces under two variants of the DDHI assumption. The proof of pseudorandomness uses a technique similar to that for the unforgeability of weak Boneh-Boyen signatures in [9]: if the messages m 1 , .…”

Section: Experiment: Exp W-linkmentioning

confidence: 99%

“…We define our LIT as the VRF from [2] and use the first part of their proof of pseudorandomness of VRFs to prove weak f -indistinguishability w.r.t. f (sk) := [sk]P 1 .…”

Section: Litverify(pk(sk) M τ )mentioning

confidence: 99%

“…To construct a LIT which is not only weakly indistinguishable and which supports large domains, a natural approach would be to consider large-domain VRFs. There have been several such schemes in the recent literature including the cascade construction of Boneh et al [12] to increase the domain of the Dodis-Yampolskiy VRF [29], the BCKL construction [2] applied to the Dodis-Yampolskiy VRF [29] and the Hohenberger-Waters VRF [38]. Unfortunately, all of the abovementioned schemes violate the weak linkability requirement for LITs, as it is easy to find for example sk 0 = sk 1 and m such that LITTag(sk 0 , m) = LITTag(sk 1 , m).…”

Section: Litverify(pk(sk) M τ )mentioning

confidence: 99%

“…4.1) as partially weakly blind signatures, the VRF from [2] as LIT given in Fig. 7 (which has the form of weak Boneh-Boyen signatures [9]) and Waters signatures [46] implicitly for the signatures of knowledge, which are themselves Groth-Sahai proofs [36].…”

Section: A Generic Construction Of Pre-daa In the Standard Modelmentioning

confidence: 99%

See 3 more Smart Citations

Efficient Signatures of Knowledge and DAA in the Standard Model

Bernhard

Fuchsbauer

Ghadafi

2013

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. Direct Anonymous Attestation (DAA) is one of the most complex cryptographic protocols deployed in practice. It allows an embedded secure processor known as a Trusted Platform Module (TPM) to attest to the configuration of its host computer without violating the owner's privacy. DAA has been standardized by the Trusted Computing Group. The security of the DAA standard and all existing schemes is analyzed in the random oracle model. We provide the first constructions of DAA in the standard model, that is, without relying on random oracles. As a building block for our schemes, we construct the first efficient standard-model signatures of knowledge, which have many applications beyond DAA.

show abstract

Section: Experiment: Exp W-linkmentioning

confidence: 99%

“…We define our LIT as the VRF from [2] and use the first part of their proof of pseudorandomness of VRFs to prove weak f -indistinguishability w.r.t. f (sk) := [sk]P 1 .…”

Section: Litverify(pk(sk) M τ )mentioning

confidence: 99%

Section: Litverify(pk(sk) M τ )mentioning

confidence: 99%

Section: A Generic Construction Of Pre-daa In the Standard Modelmentioning

confidence: 99%

See 2 more Smart Citations

Efficient Signatures of Knowledge and DAA in the Standard Model

Bernhard

Fuchsbauer

Ghadafi

2013

Applied Cryptography and Network Security

View full text Add to dashboard Cite

show abstract

“…Following Chaum's paradigm many schemes were proposed [11,16,7,12,14]. The one due to Brands [11] is known for its efficiency during spending, however, a formal proof of security has never been given for it and it has been recently shown that it cannot be proven secure in the Random Oracle model using currently known techniques [5].…”

Section: Related Workmentioning

confidence: 99%

Efficient E-Cash in Practice: NFC-Based Payments for Public Transportation Systems

Hinterwälder

Zenger

Baldimtsi

et al. 2013

Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

Abstract. Near field communication (NFC) is a recent popular technology that will facilitate many aspects of payments with mobile tokens. In the domain of public transportation payment systems electronic payments have many benefits, including improved throughput, new capabilities (congestion-based pricing etc.) and user convenience. A common concern when using electronic payments is that a user's privacy is sacrificed. However, cryptographic e-cash schemes provide provable guarantees for both security and user privacy. Even though e-cash protocols have been proposed three decades ago, there are relatively few actual implementations, since their computation complexity makes an execution on lightweight devices rather difficult. This paper presents an efficient implementation of Brands [11] and ACL [4] e-cash schemes on an NFC smartphone: the BlackBerry Bold 9900. Due to their efficiency during the spending phase, when compared to other schemes, and the fact that payments can be verified offline, these schemes are especially suited for, but not limited to, use in public transport. Additionally, the encoding of validated attributes (e.g. a user's age range, zip code etc.) is possible in the coins being withdrawn, which allows for additional features such as variable pricing (e.g. reduced fare for senior customers) and privacy-preserving data collection. We present a subtle technique to make use of the ECDHKeyAgreement class that is available in the BlackBerry API (and in the API of other systems) and show how the schemes can be implemented efficiently to satisfy the tight timing imposed by the transportation setting.

show abstract

Hunting and Gathering – Verifiable Random Functions from Standard Assumptions with Short Proofs

Kohl

2019

Public-Key Cryptography – PKC 2019

View full text Add to dashboard Cite

Compact E-Cash and Simulatable VRFs Revisited

Cited by 61 publications

References 34 publications

Efficient Signatures of Knowledge and DAA in the Standard Model

Efficient Signatures of Knowledge and DAA in the Standard Model

Efficient E-Cash in Practice: NFC-Based Payments for Public Transportation Systems

Hunting and Gathering – Verifiable Random Functions from Standard Assumptions with Short Proofs

Contact Info

Product

Resources

About