Inagroupsignaturescheme,userscananonymouslysignmessagesonbehalfofthegroup theybelongto,yetitispossibletotracethesignerwhenneeded.Sincethefirstproposal oflattice-basedgroupsignaturesintherandomoraclemodelbyGordon,Katz,andVaikuntanathan(ASIACRYPT2010),therealizationoftheminthestandardmodelfromlattices...
Abstract.Wepresentaquantumlysecureidentity-basedsignature schemebasedonthestandardshortintegersolutionproblem,featuringtightsecurityreductionsinthequantumandclassicrandomoracle models.Theschemehasshortsignatures.Eachsignaturecontainsasinglelatticevectorplusasinglebit.Comparedtotheexistingtightly sec...
Inthispaper,westudyzero-knowledge(ZK)proofsforcircuitsatisfiabilitythatcanproveton verifiersatatimeefficiently.Theproofsaresecureagainstthecollusionofaproverandasubsetoft verifiers.WerefertosuchZKproofsasmulti-verifierzero-knowledge(MVZK)proofsandfocusonthe casethatamajorityofverifiersarehonest(i.e....
Zero-knowledgeandsuccinctnessaretwoimportantpropertiesthatariseinthestudyofnon-interactivearguments.Previously,Kitagawaetal.(TCC2020)showedhowtoobtainanon-interactivezero-knowledge(NIZK) argumentforNPfromasuccinctnon-interactiveargument(SNARG)forNP.Inparticular,theirworkdemonstrates howtoleveragethe...
Abstract.Althoughtheyhavebeenstudiedforalongtime,distributedsignatureprotocolshavegarneredrenewedinterestinrecentyearsinviewofnovelapplications totopicslikeblockchains.Mostrecentworkshavefocusedondistributedversionsof ECDSAorvariantsofSchnorrsignatures;however,andinparticular,littleattentionhas been...
Abstract.Althoughtheyhavebeenstudiedforalongtime,distributedsignatureprotocolshavegarneredrenewedinterestinrecentyearsinviewofnovelapplications totopicslikeblockchains.Mostrecentworkshavefocusedondistributedversionsof ECDSAorvariantsofSchnorrsignatures;however,andinparticular,littleattentionhas been...
Abstract—Vehicularad-hocnetworks(VANETs)havedrawn alotofattentionfortheirpotentialtoimprovetrafficefficiency andsafety.Todealwithanonymousauthenticationandmessageintegrityduringcommunication,manyprotocolshavebeen designed.OneimportantapproachisusingRingSignatureto obtainsuperiorsecurityandbettereffi...
ABSTRACT Voteprivacyisafundamentalright,whichneedstobeprotected notonlyduringanelection,orforalimitedtimeafterwards,but fortheforeseeablefuture.Numerouselectronicvoting(e-voting) protocolshavebeenproposedtoaddressthischallenge,striving foreverlastingprivacy.Thispropertyguaranteesthatevencomputationa...
Abstract.Inreallife,onerequiressignaturestobefrompeoplewhoful fillcertaincriteria,implyingthattheyshouldpossessspecificattributes. Forexample,AlicemightwantasignaturefromanemployeeinBobs companywhoisamemberintheITstaff,aseniormanagerwithinthe biometricsteamoratleastajuniormanagerinthecryptographytea...
Abstract—InternetofVehicles(IoV)realizesinformationinteractionbetweenvehiclesandallnetworkedentities,andthe heterogeneous,openness,anddiversitymakeitsufferfromvarioussecuritychallengessuchasauthenticationandaccesscontrolproblems.Attribute-basedsignature(ABS)isapromising cryptographictoolforaddressin...
Abstract.Inreallife,onerequiressignaturestobefrompeoplewhoful fillcertaincriteria,implyingthattheyshouldpossessspecificattributes. Forexample,AlicemightwantasignaturefromanemployeeinBobs companywhoisamemberintheITstaff,aseniormanagerwithinthe biometricsteamoratleastajuniormanagerinthecryptographytea...
AttributeBasedGroupSignatureswerefirstintroducedin[12].Itwasproposed toservethepurposeofincludingattributesinagroupsignaturescheme.Group Signaturesallowamemberofagrouptosignonbehalfoftheotherswhilein ABGSschemestheaimistoallowamemberofthegrouponlypossessingcertain attributestosignonbehalfoftherest. ...
Abstract.Inreallife,onerequiressignaturestobefrompeoplewhoful fillcertaincriteria,implyingthattheyshouldpossessspecificattributes. Forexample,AlicemightwantasignaturefromanemployeeinBobs companywhoisamemberintheITstaff,aseniormanagerwithinthe biometricsteamoratleastajuniormanagerinthecryptographytea...
Abstract—Theultimategoalinmodernsecuree-votingis toenableeveryonetoverifywhetherthefinalelection resultcorrectlyreflectsthevoteschosenbythe(human) voters,withoutexposinghoweachindividualvoted.These fundamentalsecuritypropertiesarecalledend-to-endveri fiabilityandvoterprivacy.Unfortunately,itturnsout...
Todate,thesecurityofallpracticalend-to-endveri fiablee-votingprotocolsrelieson“traditional”hardness assumptions,suchasfactoringintegersorcomputingdiscretelogarithms.Withmoreandmorepowerfulquantum computersonthehorizon(see,e.g.,[5]),thesevoting protocolsmayberenderedcompletelyinsecure.This threatmoti...
Abstract.Weconstructthefirsttightlysecuresignatureschemesinthe multi-usersettingwithadaptivecorruptionsfromlattices.Instarkcontrasttotheprevioustightconstructionswhosesecurityissolelybasedon number-theoreticassumptions,ourschemesarebasedontheLearning withErrors(LWE)assumptionwhichissupposedtobepost-...
Abstract.Weconstructthefirsttightlysecuresignatureschemesinthe multi-usersettingwithadaptivecorruptionsfromlattices.Instarkcontrasttotheprevioustightconstructionswhosesecurityissolelybasedon number-theoreticassumptions,ourschemesarebasedontheLearning withErrors(LWE)assumptionwhichissupposedtobepost-...