Constructing Verifiable Random Functions with Large Input Spaces

Hohenberger, Susan; Waters, Brent

doi:10.1007/978-3-642-13190-5_33

Cited by 53 publications

(66 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A signature scheme is called unique if for every possible public key vk and every message m, there is at most one signature σ such that Vrfy vk (m, σ) = 1. Various constructions of such schemes based on number-theoretic assumptions are known [46,19,1,35,33].…”

Section: Background and Cryptographic Primitivesmentioning

confidence: 99%

(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens

et al. 2018

View full text Add to dashboard Cite

We continue the line of work initiated by Katz (Eurocrypt 2007) on using tamper-proof hardware tokens for universally composable secure computation. As our main result, we show an oblivious-transfer (OT) protocol in which two parties each create and transfer a single, stateless token and can then run an unbounded number of OTs. We also show a more efficient protocol, based only on standard symmetric-key primitives (block ciphers and collision-resistant hash functions), that can be used if a bounded number of OTs suffice.Motivated by this result, we investigate the number of stateless tokens needed for universally composable OT. We prove that our protocol is optimal in this regard for constructions making black-box use of the tokens (in a sense we define). We also show that nonblack-box techniques can be used to obtain a construction using only a single stateless token.

show abstract

Section: Background and Cryptographic Primitivesmentioning

confidence: 99%

(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens

et al. 2018

View full text Add to dashboard Cite

show abstract

“…This result, coupling with our zero-knowledge protocols for generalized DDH and non-DDH, then yields several efficient SCUS schemes. We give in Sect.4.2 two concrete deterministic SCUS schemes denoted as SCUS DY and SCUS HW , respectively based on the VRFs of Dodis, Yampolskiy [9] and Hohenberger, Waters [13]. We note that SCUS DY requires small signing space, while SCUS HW does not.…”

Section: Scus Schemesmentioning

confidence: 99%

“…SCUS from the VRF of Hohenberger and Waters [13] The VRF also works on a pairing group PG = (G, G T , g, q, e), and is pseudo-random under the q-DDHE assumption. The secret key is sk = (ũ, u 0 , .…”

Section: Confirmmentioning

confidence: 99%

Relation between Verifiable Random Functions and Convertible Undeniable Signatures, and New Constructions

Kurosawa

Nojima²,

Phong³

2014

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

Abstract. Verifiable random functions (VRF) and selectively-convertible undeniable signature (SCUS) schemes were proposed independently in the literature. In this paper, we observe that they are tightly related. This directly yields several deterministic SCUS schemes based on existing VRF constructions. In addition, we create a new probabilistic SCUS scheme, which is very compact. The confirmation and disavowal protocols of these SCUS are efficient, and can be run either sequentially, concurrently, or arbitrarily. These protocols are based on what we call zero-knowledge protocols for generalized DDH and non-DDH, which are of independent interest.

show abstract

“…To construct a LIT which is not only weakly indistinguishable and which supports large domains, a natural approach would be to consider large-domain VRFs. There have been several such schemes in the recent literature including the cascade construction of Boneh et al [12] to increase the domain of the Dodis-Yampolskiy VRF [29], the BCKL construction [2] applied to the Dodis-Yampolskiy VRF [29] and the Hohenberger-Waters VRF [38]. Unfortunately, all of the abovementioned schemes violate the weak linkability requirement for LITs, as it is easy to find for example sk 0 = sk 1 and m such that LITTag(sk 0 , m) = LITTag(sk 1 , m).…”

Section: Litverify(pk(sk) M τ )mentioning

confidence: 99%

Efficient Signatures of Knowledge and DAA in the Standard Model

Bernhard

Fuchsbauer

Ghadafi

2013

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. Direct Anonymous Attestation (DAA) is one of the most complex cryptographic protocols deployed in practice. It allows an embedded secure processor known as a Trusted Platform Module (TPM) to attest to the configuration of its host computer without violating the owner's privacy. DAA has been standardized by the Trusted Computing Group. The security of the DAA standard and all existing schemes is analyzed in the random oracle model. We provide the first constructions of DAA in the standard model, that is, without relying on random oracles. As a building block for our schemes, we construct the first efficient standard-model signatures of knowledge, which have many applications beyond DAA.

show abstract

Constructing Verifiable Random Functions with Large Input Spaces

Cited by 53 publications

References 33 publications

(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens

(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens

Relation between Verifiable Random Functions and Convertible Undeniable Signatures, and New Constructions

Efficient Signatures of Knowledge and DAA in the Standard Model

Contact Info

Product

Resources

About