Randomized Verification in Signature Schemes and Identity-Based Encryption

signature schemes with randomized verification n.w
1 / 20
Embed
Share

Explore the world of signature schemes, randomized verification, public key signatures, and identity-based encryption with key insights on security, attacker challenges, and Naor's transformation. Unveil the significance of weakening EUFCMA, the Naor transformation theorem, and the amplification of weak security to standard.

  • Signature Schemes
  • Encryption
  • Identity-Based
  • Security
  • Naors Transformation
rayaanacharya
clog Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Signature Schemes with Randomized Verification Cody Freitag, Rishab Goyal, Susan Hohenberger, Venkata Koppula, Eysa Lee, Tatsuaki Okamoto and Brent Waters

  2. Public Key Signatures Basic building blocks Could be randomized!

  3. Identity-Based Encryption [Shamir84 ...] Authority MSK PP SKBob m m

  4. Identity-Based Encryption [Shamir84 ...]

  5. Naors Transformation: IBE Signatures Interpreted as identity . For IBE encryption.

  6. EUFCMA Security Attacker Challenger vk m1 m1 mQ mQ m*, ?* Adv = | | Pr[Verify(vk, m*, ?*) = = 1] | |

  7. Naors Transformation: Proving Security Reduction Attacker on Signatures IBE Challenger PP m skm Chooses d0, d1 randomly m*, ?* (d0, d1), m* ct* Decrypts ct* using ?* Guess

  8. Weakening EUFCMA Successful Verification Probability (?-????) Measures fraction of random coins that accept signature ? on ? with key ?? Formally, # of accepting coins Total # of random coins

  9. ?-EUFCMA Security Attacker Challenger vk m1 m1 mQ mQ m*, ?* EUFCMA Adv = | | Pr[Verify(vk, m*, ?*) = = 1] | | ?-EUFCMA Adv = | | Pr[V-Prob(vk, m*, ?*) > > ? + negl] | |

  10. Rest of the talk: Outline Naor s transformation gives weak security Amplifying soundness (weak to standard) Derandomizing in the ROM Derandomizing in standard model

  11. Naors Transformation Naor s transformation gives weak security Theorem. If IBE scheme with message space is secure, then the Naor transformed scheme is ?-EUFCMA secure with ? = 1 .

  12. Naors Transformation: Proving Security Reduction Attacker on Signatures IBE Challenger PP m skm Chooses d0, d1 randomly m*, ?* (d0, d1), m* ct* Decrypts ct* using ?* Problem is to use ?* directly! Guess Doesn t work

  13. Naors Transformation: Proving Security Solution Estimates quality of forgery (/secret key) by counting Artificial Abort-type step [Waters05] Reduction runs verification sufficiently many times # of successful verifications <threshold Abort & Guess # of successful verifications threshold Decrypt & Test Worse than random guessing ? + ?/2 ? 0 ? + ? 1 Bad Good Mid ?-????(? ,? )

  14. Amplifying soundness Theorem. If ?-EUFCMA secure signature scheme with ? = 1 then signature scheme that is ?- EUFCMA secure with ? = 0. 1 ???? , Idea.Direct product amplification. Run Verify sufficiently many times with fresh randomness.

  15. Derandomization: ROM Assume starting scheme (0-)EUFCMA secure Randomness generated by hashing message- signature pair Proof Idea Adversary makes poly RO queries Each response is uniformly random Union bound

  16. Derandomization: Standard Model Sufficiently many random coins generated at Setup Verify accepts iff successful on all coins

  17. Derandomization: Standard Model Verification Key Standard reduction 2 cases Forgery is valid Forgery is invalid, but gets verified on r1, , rn Set ? log( | |) Note. Starting scheme is (0-)EUFCMA secure, and message and signature space is bounded. Set of random coins

  18. Conclusions Introduced a weaker security notion for signature schemes with randomized verification Proved security of Naor transformed scheme Generic soundness amplification Generic derandomization of verification Both in ROM and standard model

  19. Thank you! Questions?

Related


OCTIVUS Randomized Clinical Trial: OCT-Guided vs IVUS-Guided PCI

OCTIVUS Randomized Clinical Trial: OCT-Guided vs IVUS-Guided PCI

thoren
Discussion of Randomized Experiments and Experimental Design Challenges

Discussion of Randomized Experiments and Experimental Design Challenges

rowen
Biometrical Techniques in Animal Breeding: Analysis of Variance in Completely Randomized Design

Biometrical Techniques in Animal Breeding: Analysis of Variance in Completely Randomized Design

thisbe
Analysis of Variance in Completely Randomized Design

Analysis of Variance in Completely Randomized Design

yahir
Randomized Hill Climbing Algorithm for Challenging Problem Solving

Randomized Hill Climbing Algorithm for Challenging Problem Solving

nikhil
ACST-2 Trial: Stenting vs. Surgery for Carotid Artery Stenosis

ACST-2 Trial: Stenting vs. Surgery for Carotid Artery Stenosis

ashlynn
Low-Dose Tricyclic Antidepressants (TCA) for IBS: ATLANTIS Study Overview

Low-Dose Tricyclic Antidepressants (TCA) for IBS: ATLANTIS Study Overview

alden
Randomized Algorithms: Types and Examples

Randomized Algorithms: Types and Examples

harlee
Randomized Algorithms: A Deep Dive into Las Vegas and Monte Carlo Algorithms

Randomized Algorithms: A Deep Dive into Las Vegas and Monte Carlo Algorithms

nieve
Overview of Mutual Exclusion and Memory Models in Distributed Systems

Overview of Mutual Exclusion and Memory Models in Distributed Systems

pcol
Enhancing Privacy with Randomized MAC Addresses in 802.11 Networks

Enhancing Privacy with Randomized MAC Addresses in 802.11 Networks

kgorr
Electronic Case Report Form (eCRF) for Randomized Trial of Enteral Glutamine to Minimize Thermal Injury

Electronic Case Report Form (eCRF) for Randomized Trial of Enteral Glutamine to Minimize Thermal Injury

hall967
Expected Duration of a Randomized Experiment: Coupon Collector Problem Analysis

Expected Duration of a Randomized Experiment: Coupon Collector Problem Analysis

abri_426
Advanced Encoding Techniques in Randomized Algorithms

Advanced Encoding Techniques in Randomized Algorithms

burk_57
Probabilistic Concurrency Testing for Bug Detection

Probabilistic Concurrency Testing for Bug Detection

dam_don
Challenges and Solutions in Concurrency Testing with Randomized Algorithms

Challenges and Solutions in Concurrency Testing with Randomized Algorithms

harston_m
Statistical Issues in Clinical Trials: Insights from 13th Annual Conference

Statistical Issues in Clinical Trials: Insights from 13th Annual Conference

kastelic_s
Exact P-Value for Randomized Experiments and Quiz/HW Feedback

Exact P-Value for Randomized Experiments and Quiz/HW Feedback

anneliesb
A Journey to Reduce Missed Abusive Head Trauma: From Index Case to Cluster Randomized Trial

A Journey to Reduce Missed Abusive Head Trauma: From Index Case to Cluster Randomized Trial

tom_the
Randomized Algorithms for Approximate Median with Elementary Probability

Randomized Algorithms for Approximate Median with Elementary Probability

jhck213
Forty-eight-Week Outcomes of a Site-Randomized Trial for Depression Among Youth with HIV

Forty-eight-Week Outcomes of a Site-Randomized Trial for Depression Among Youth with HIV

main424
Methods for Quantifying Efficacy-Effectiveness Gap in Randomized Controlled Trials

Methods for Quantifying Efficacy-Effectiveness Gap in Randomized Controlled Trials

kore_i

More Related Content