اثبات هاي دانش-صفر غيرتعاملي و امضاهاي رقمي كارآمد با تحويل امنيت چفت

چكيده انگليسي :

Efficient Non Interactive Zero Knowledge Proofs and Digital Signatures with Tight Security Reduction Mojtaba Khalili m khalili@ec iut ac ir 19th September 2019 Department of Electrical and Computer EngineeringIsfahan University of Technology 84156 83111 Isfahan IranSupervisor Dr Mohammad Dakhilalian mdalian@cc iut ac ir Advisor Dr Ali Fanian a fanian@cc iut ac ir Department Graduate Program Coordinator Dr Gholamreza Yousefi Isfahan University of Technology 84156 83111 Isfahan IranAbstract We show how to construct structure preserving signatures SPS and unbounded quasi adaptive non interactivezero knowledge USS QA NIZK proofs with a tight security reduction to simple assumptions being the firstwith a security loss of O 1 Specifically we present a SPS scheme which is more efficient than existing tightlysecure SPS schemes and from an efficiency point of view is even comparable with other non tight SPS schemes In contrast to existing work however we only have a lower security loss of O 1 resolving an open problemposed by Abe et al CRYPTO 2017 In particular our tightly secure SPS scheme under the SXDH assumptionrequires 11 group elements Moreover we present the first tightly secure USS QA NIZK proofs with a securityloss of O 1 which also simultaneously have a compact common reference string and constant size proofs 5elements under the SXDH assumption which is only one element more than the best non tight USS QA NIZK Moreover we present the first EUF CMA secure SPS EQ scheme under standard assumptions So far onlyconstructions in the generic group model are known One recent candidate under standard assumptions are theweakly secure equivalence class signatures by Fuchsbauer and Gay PKC 18 a variant of SPS EQ satisfyingonly a weaker unforgeability and adaption notion Fuchsbauer and Gay show that this weaker unforgeabilitynotion is sufficient for many known applications of SPS EQ Unfortunately the weaker adaption notion is onlyproper for a semi honest passive model and as we show in this paper makes their scheme unusable in thecurrent models for almost all of their advertised applications of SPS EQ from the literature We then present anew EUF CMA secure SPS EQ scheme with a tight security reduction under the SXDH assumption providingthe notion of perfect adaption under malicious keys To achieve the strongest notion of perfect adaption undermalicious keys we require a common reference string CRS which seems inherent for constructions understandard assumptions However most known applications of SPS EQ can be instantiated without requiring aCRS even with our construction Key WordsStructure Preserving Cryptography Non Interactive Zero Knowledge Proofs Chameleon Hash Function Shuf fle Proofs Equivalance Classes Signatures Standard Model IntroductionA structure preserving signature SPS scheme Abe et al 2010 is an interesting cryp tographic primitive which is compatible with efficient pairing based non interactive zero knowledge proofs due to Groth and Sahai More precisely a SPS scheme is defined overbilinear groups and the messages public keys and signatures are required to be source groupelements Furthermore the signature verification consists of only group membership test ing and evaluating pairing product equations PPEs This feature allows to use them in theconstruction of many efficient cryptographic tools such as blind signatures group signa tures traceable signatures group encryption homomorphic signatures delegatable anony mous credentials compact verifiable shuffles network coding signatures oblivious transfer tightly secure encryption and anonymous e cash Since SPS are used in the aforementioned

خليلي، مجتبي

اثبات هاي دانش-صفر غيرتعاملي و امضاهاي رقمي كارآمد با تحويل امنيت چفت

رمزنگاري حافظ ساختار , امضاي حافظ ساختار روي كلاس هاي هم ارز , اثبات هاي دانش-صفر غيرتعاملي , چكيده ساز كميلين , بر زدن وارسي پذير , مدل استاندارد , تحويل چفت