33,672 research outputs found
Post-Quantum Single Secret Leader Election (SSLE) from Publicly Re-Randomizable Commitments
A Single Secret Leader Election (SSLE) enables a group of parties to randomly choose exactly one leader from the group with the restriction that the identity of the leader will be known to the chosen leader and nobody else. At a later time, the elected leader should be able to publicly reveal her identity and prove that she is the elected leader. The election process itself should work properly even if many registered users are passive and do not send any messages. SSLE is used to strengthen the security of proof-of-stake consensus protocols by ensuring that the identity of the block proposer remains unknown until the proposer publishes a block. Boneh, Eskandarian, Hanzlik, and Greco (AFT'20) defined the concept of an SSLE and gave several constructions. Their most efficient construction is based on the difficulty of the Decision Diffie-Hellman problem in a cyclic group.
In this work we construct the first efficient SSLE protocols based on the standard Learning With Errors (LWE) problem on integer lattices, as well as the Ring-LWE problem. Both are believed to be post-quantum secure. Our constructions generalize the paradigm of Boneh et al. by introducing the concept of a re-randomizable commitment (RRC). We then construct several post-quantum RRC schemes from lattice assumptions and prove the security of the derived SSLE protocols. Constructing a lattice-based RRC scheme is non-trivial, and may be of independent interest
Vector Commitments with Efficient Updates
Dynamic vector commitments that enable local updates of opening proofs have applications ranging from verifiable databases with membership changes to stateless clients on blockchains. In these applications, each user maintains a relevant subset of the committed messages and the corresponding opening proofs with the goal of ensuring a succinct global state. When the messages are updated, users are given some global update information and update their opening proofs to match the new vector commitment. We investigate the relation between the size of the update information and the runtime complexity needed to update an individual opening proof. Existing vector commitment schemes require that either the information size or the runtime scale linearly in the number k of updated state elements. We construct a vector commitment scheme that asymptotically achieves both length and runtime that is sublinear in k, namely k^ν and k^{1-ν} for any ν ∈ (0,1). We prove an information-theoretic lower bound on the relation between the update information size and runtime complexity that shows the asymptotic optimality of our scheme. While in practice, the construction is not yet competitive with Verkle commitments, our approach may point the way towards more performant vector commitments
Revisiting the Nova Proof System on a Cycle of Curves
Nova is an efficient recursive proof system built from an elegant folding scheme for (relaxed) R1CS statements. The original Nova paper (CRYPTO'22) presented Nova using a single elliptic curve group of order p. However, for improved efficiency, the implementation of Nova alters the scheme to use a 2-cycle of elliptic curves. This altered scheme is only described in the code and has not been proven secure. In this work, we point out a soundness vulnerability in the original implementation of the 2-cycle Nova system. To demonstrate this vulnerability, we construct a convincing Nova proof for the correct evaluation of 2^{75} rounds of the Minroot VDF in only 116 milliseconds. We then present a modification of the 2-cycle Nova system and formally prove its security. The modified system also happens to be more efficient than the original implementation. In particular, the modification eliminates an R1CS instance-witness pair from the recursive proof. The implementation of Nova has now been updated to use our optimized and secure system. In addition, we show that the folding mechanism at the core of Nova is malleable: given a proof for some statement z, an adversary can construct a proof for a related statement z', at the same depth as z, without knowledge of the witness for z'
ANALISIS DAN IMPLEMENTASI IDENTITY BASED ENCRYPTION BONEH FRANKLIN
ABSTRAKSI: Identity-Based Encryption memberikan kemudahan pada kriptografi dengan menggunakan sembarang string sebagai kunci publik. Pada kriptografi kunci publik, biasanya enkripsi menggunakan kunci publik yang rumit dan sulit diingat. Identity-Based Encryption menggunakan kunci yang lebih mudah di ingat. Kunci publik pada Identity-Based Encryption ini dapat berupa alamat email, nomor telepon, ataupun suatu kata. Dengan menggunakan metode ini, enkripsi dapat dilakukan sebelum mengetahui kunci privat dari pasangan kunci publik yang sesuai. Pada saat penerima menerima suatu pesan yang terenkripsi tersebut, penerima akan menghubungi Private Key Generator untuk mendapatkan kunci privat dari kunci publik yang digunakan dan mendekripsi pesan yang telah terenkripsi tersebut dengan menggunakan kunci privat yang didapat tersebut. Identity Based Encryption yang dilakukan pada Tugas Akhir ini berdasar pada konsep yang dikenalkan oleh Boneh dan Franklin. Tugas Akhir ini berisi perancangan dan implementasi dari Identity Based Encryption Boneh Franklin dan perhitungan waktu terhadap fungsi-fungsi hasil implementasi dengan menggunakan perhitungan waktu pada sistem operasi.Kata Kunci : Identity-Based Encryption, kunci publik, kunci privat, Private Key Generator.ABSTRACT: Identity Based Encryption facilitate is an easy way to cryptography by using arbitrary string as a public key. In the common public key cryptography, the encryption using a complicated public key and hard to remember. In the Identity Based Encryption, the public key can be email address, phone number or an arbitrary word. Using this method, the encryption can be done before pairing the public key and the private key. When the recipient recieve an encrypted message, the recipient have to contact the Private Key Generator to obtain his/ her private key and decrypt the encryped message using his/ her private key. The Identity Based Encryption in this project is based on Boneh and Franklin method. An overview of the Identity Based Encryption Boneh Franklin implementation is given in this project and the duration measurement of this implementation using operating system high precision timer.Keyword: Identity-Based Encryption, Public Key, Private Key, Private Key Generator
Analisis dan Implementasi Identity Based Encryption Boneh Franklin
Identity-Based Encryption memberikan memberikan kemudahan pada kriptografi dengan menggunakan sembarang string sebagai kunci publik. Pada kriptografi kunci publik, biasanya enkripsi menggunakan kunci publik yang rumit dan sulit diingat. Identity-Based Encryption menggunakan kunci publik yang lebih mudah diingat. Kunci publik pada Identity-Based Encryption ini dapat berupa alamat email, nomor telepon, ataupun suatu kata. Dengan menggunakan metode ini, enkripsi dapat dilakukan sebelum mengetahui kunci privat dari pasangan kunci publik yang sesuai. Pada saat penerima menerima suatu pesan yang terenkripsi tersebut, penerima akan menghubungi Privat Key Generator untuk mendapatkan kunci privat dari kunci publik yang digunakan dan mendeteksi kunci privat dari kunci publik yang digunakan dan mendekripsi pesan yang telah terenkripsi tersebut dengan menggunakan kunci privat yang didapat tersebut.Identity Based Encryption yang dilakukan ini berdasarkan konsep yang dikenalkan oleh Boneh dan Franklin. Paper ini berisi perancangan dan implementasi Identity Based Encryption Boneh Franklin dan perhitungan waktu terhadap fungsi-fungsi hasil implementasi dengan menggunakan perhitungan waktu pada sistem operasi.Kata kunci: Identity Based Encryption, Kunci Publik, Kunci privat, Private Key Generato
09141 Abstracts Collection – Web Application Security
From 29th March to 3rd April 2009 the Dagstuhl Seminar
09141 Web Application Security was held in Schloss Dagstuhl – Leibniz
Center for Informatics. During the seminar, several participants presented
their current research, and ongoing work and open problems were
discussed. Abstracts of the presentations given during the seminar are
put together in this paper. Links to full papers (if available) are provided
in the corresponding seminar summary document
07381 Executive Summary - Cryptography
The topics covered in the seminar spanned most areas of cryptography,
in one way or another, both in terms of the types of schemes
(public-key cryptography, symmetric cryptography, hash functions and
other cryptographic functions, multi-party protocols, etc.) and in terms of the
mathematical methods and techniques used (algebra, number theory,
elliptic curves, probability theory, information theory,
combinatorics, quantum theory, etc.). The range of applications
addressed in the various talks was broad, ranging from secure
communication, key management, authentication, digital signatures and
payment systems to e-voting and Internet security.
While the initial plan had been to focus more exclusively on public-key
cryptography, it turned out that this sub-topic branches out into
many other areas of cryptography and therefore the organizers
decided to expand the scope, emphasizing quality rather than
close adherence to public-key cryptography. This decision turned
out to be a wise one.
What was common to almost all the talks is that rigorous mathematical
proofs for the security of the presented schemes were given. In fact,
a central topic of many of the talks were proof methodologies for
various contexts
09141 Executive Summary – Web Application Security
Web applications are ubiquitous nowadays. Consequently,
the field of Web application security is of ever rising significance. This
Dagstuhl seminar was conducted to assemble researchers active in the
domain to gain a first comprehensive overview of this young discipline in
security research. From a content perspective, the topic was explored in a
great variety of directions, including for instance Web browser-based security
measures, language-based techniques, software engineering centric
methods, run-time enforcement, static analysis, or formal approaches
Efficient selective identity-based encryption without random oracles
We construct two efficient Identity-Based Encryption (IBE) systems that admit selective-identity security reductions without random oracles in groups equipped with a bilinear map. Selective-identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to the identity that it intends to attack, whereas in an adaptive-identity attack the adversary is allowed to choose this identity adaptively. Our first system—BB1—is based on the well studied decisional bilinear Diffie–Hellman assumption, and extends naturally to systems with hierarchical identities, or HIBE. Our second system—BB2—is based on a stronger assumption which we call the Bilinear Diffie–Hellman Inversion assumption and provides another approach to building IBE systems.\ud
\ud
Our first system, BB1, is very versatile and well suited for practical applications: the basic hierarchical construction can be efficiently secured against chosen-ciphertext attacks, and further extended to support efficient non-interactive threshold decryption, among others, all without using random oracles. Both systems, BB1 and BB2, can be modified generically to provide “full” IBE security (i.e., against adaptive-identity attacks), either using random oracles, or in the standard model at the expense of a non-polynomial but easy-to-compensate security reduction
07381 Abstracts Collection – Cryptography
From 16.09.2007 to 21.09.2007 the Dagstuhl Seminar 07381 ``Cryptography'' was held
in the International Conference and Research Center (IBFI), Schloss Dagstuhl.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
- …
