The Experts below are selected from a list of 28656 Experts worldwide ranked by ideXlab platform
Georg Fuchsbauer - One of the best experts on this subject based on the ideXlab platform.
-
Subversion-Zero-Knowledge SNARKs
Public-Key Cryptography – PKC 2018, 2018Co-Authors: Georg FuchsbauerAbstract:Subversion zero knowledge for non-interactive proof systems demands that zero knowledge (ZK) be maintained even when the common reference string (CRS) is chosen maliciously. SNARKs are proof systems with succinct proofs, which are at the core of the cryptocurrency Zcash, whose anonymity relies on ZK-SNARKs; they are also used for ZK contingent payments in Bitcoin.We show that under a plausible hardness assumption, the most efficient SNARK schemes proposed in the literature, including the one underlying Zcash and contingent payments, satisfy Subversion ZK or can be made to at very little cost. In particular, we prove Subversion ZK of the original SNARKs by Gennaro et al. and the almost optimal construction by Groth; for the Pinocchio scheme implemented in libsnark we show that it suffices to add 4 group elements to the CRS. We also argue informally that Zcash is anonymous even if its parameters were set up maliciously.
-
Non-interactive Zaps of Knowledge
Applied Cryptography and Network Security, 2018Co-Authors: Georg Fuchsbauer, Michele OrrùAbstract:While non-interactive zero-knowledge (NIZK) proofs require trusted parameters, Groth, Ostrovsky and Sahai constructed non-interactive witness-indistinguishable (NIWI) proofs without any setup; they called their scheme a non-interactive zap. More recently, Bellare, Fuchsbauer and Scafuro investigated the security of NIZK in the face of parameter Subversion and observe that NI zaps provide Subversion-resistant soundness and WI. Arguments of knowledge prove that not only the statement is true, but also that the prover knows a witness for it, which is essential for anonymous identification. We present the first NIWI argument of knowledge without parameters, i.e., a NI zap of knowledge. Consequently, our scheme is also the first Subversion-resistant knowledge-sound proof system, a notion recently proposed by Fuchsbauer.
-
ASIACRYPT (2) - NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion
Advances in Cryptology – ASIACRYPT 2016, 2016Co-Authors: Mihir Bellare, Georg Fuchsbauer, Alessandra ScafuroAbstract:Motivated by the Subversion of "trusted" public parameters in mass-surveillance activities, this paper studies the security of NIZKs in the presence of a maliciously chosen common reference string. We provide definitions for Subversion soundness, Subversion witness indistinguishability and Subversion zero knowledge. We then provide both negative and positive results, showing that certain combinations of goals are unachievable but giving protocols to achieve other combinations.
-
NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion
Advances in Cryptology – ASIACRYPT 2016, 2016Co-Authors: Mihir Bellare, Georg Fuchsbauer, Alessandra ScafuroAbstract:Motivated by the Subversion of “trusted” public parameters in mass-surveillance activities, this paper studies the security of NIZKs in the presence of a maliciously chosen common reference string. We provide definitions for Subversion soundness, Subversion witness indistinguishability and Subversion zero knowledge. We then provide both negative and positive results, showing that certain combinations of goals are unachievable but giving protocols to achieve other combinations.
Alessandra Scafuro - One of the best experts on this subject based on the ideXlab platform.
-
ASIACRYPT (2) - NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion
Advances in Cryptology – ASIACRYPT 2016, 2016Co-Authors: Mihir Bellare, Georg Fuchsbauer, Alessandra ScafuroAbstract:Motivated by the Subversion of "trusted" public parameters in mass-surveillance activities, this paper studies the security of NIZKs in the presence of a maliciously chosen common reference string. We provide definitions for Subversion soundness, Subversion witness indistinguishability and Subversion zero knowledge. We then provide both negative and positive results, showing that certain combinations of goals are unachievable but giving protocols to achieve other combinations.
-
NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion
Advances in Cryptology – ASIACRYPT 2016, 2016Co-Authors: Mihir Bellare, Georg Fuchsbauer, Alessandra ScafuroAbstract:Motivated by the Subversion of “trusted” public parameters in mass-surveillance activities, this paper studies the security of NIZKs in the presence of a maliciously chosen common reference string. We provide definitions for Subversion soundness, Subversion witness indistinguishability and Subversion zero knowledge. We then provide both negative and positive results, showing that certain combinations of goals are unachievable but giving protocols to achieve other combinations.
Rongmao Chen - One of the best experts on this subject based on the ideXlab platform.
-
Security of Auditing Protocols Against Subversion Attacks
International Journal of Foundations of Computer Science, 2020Co-Authors: Yi Wang, Rongmao ChenAbstract:In 2013, the revelation of Edward Snowden rekindled cryptographic researchers’ interest in Subversion attacks. Since then, many works have been carried out to explore the power of Subversion attacks and feasible effective countermeasures as well. In this work, we investigate the study of Subversion attacks against cloud auditing protocol, which has been well-known as useful primitive for secure cloud storage. We demonstrate that subverted auditing protocol enables the cloud server to recover secret information stored on the data owner side. Particularly, we first define an asymmetric Subversion attack model for auditing protocol. This model serves as the principle for analyzing the undetectability and key recovery of Subversion attacks against auditing protocols. We then show a general framework of asymmetric Subversion attacks against auditing protocols with index-coefficient challenge. To illustrate the feasibility of our paradigm, several concrete auditing protocols are provided. As a feasible countermeasure, we propose a Subversion-resilient auditing protocol with index-coefficient challenge.
-
Security of Auditing Protocols Against Subversion Attacks
International Journal of Foundations of Computer Science, 2020Co-Authors: Yi Wang, Rongmao ChenAbstract:In 2013, the revelation of Edward Snowden rekindled cryptographic researchers’ interest in Subversion attacks. Since then, many works have been carried out to explore the power of Subversion attack...
-
On the Security of LWE Cryptosystem against Subversion Attacks
The Computer Journal, 2019Co-Authors: Zhichao Yang, Rongmao Chen, Guomin YangAbstract:Abstract Subversion of cryptography has received wide attentions especially after the Snowden Revelations in 2013. Most of the currently proposed Subversion attacks essentially rely on the freedom of randomness choosing in the cryptographic protocol to hide backdoors embedded in the cryptosystems. Despite the fact that significant progresses in this line of research have been made, most of them mainly considered the classical setting, while the research gap regarding Subversion attacks against post-quantum cryptography remains tremendous. Inspired by this observation, we investigate a Subversion attack against existing protocol that is proved post-quantum secure. Particularly, we show an efficient way to undetectably subvert the well-known lattice-based encryption scheme proposed by Regev (STOC 2005). Our Subversion enables the subverted algorithm to stealthily leak arbitrary messages to the outsider who knows the backdoor. Through theoretical analysis and experimental observations, we demonstrate that the Subversion attack against the LWE encryption scheme is feasible and practical.
-
Asymmetric Subversion attacks on signature and identification schemes
Personal and Ubiquitous Computing, 2019Co-Authors: Yi Wang, Chi Liu, Rongmao Chen, Baosheng Wang, Yongjun WangAbstract:Studies of Subversion attack against cryptosystem could be dated to several decades ago, while the Snowden revelation in 2013 has set off a new wave of exploring possible approaches to protect or subvert cryptography primitives in practice. Inspired by kleptographic attacks proposed by Young et al. [Crypto’96], we present the asymmetric Subversion attack on signature and identification schemes in this work. Our contributions is summarized as follows: We present the asymmetric Subversion model for signature and identification schemes. The properties of our model are stronger than that of existing Subversion model proposed by Giuseppe et al. [CCS’15] and show higher requirement in attack goal.We propose the notion of splittable signature scheme and give a universal asymmetric Subversion attack on such schemes. Our attack is independent of secret key size and more efficient than symmetric attacks introduced by Giuseppe et al. [CCS’15].We introduce the asymmetric Subversion attack on a special type of identification schemes and show that it can be transformed from splittable signature scheme.Our Subversion attack is demonstrated to be practical and could be mounted on many common schemes, which shows the danger of Subversion attacks and spurs the exploring of effective deterrents.
-
Asymmetric Subversion attacks on signature and identification schemes
Personal and Ubiquitous Computing, 2019Co-Authors: Yi Wang, Chi Liu, Rongmao Chen, Baosheng Wang, Yongjun WangAbstract:Studies of Subversion attack against cryptosystem could be dated to several decades ago, while the Snowden revelation in 2013 has set off a new wave of exploring possible approaches to protect or subvert cryptography primitives in practice. Inspired by kleptographic attacks proposed by Young et al. [Crypto’96], we present the asymmetric Subversion attack on signature and identification schemes in this work. Our contributions is summarized as follows: Our Subversion attack is demonstrated to be practical and could be mounted on many common schemes, which shows the danger of Subversion attacks and spurs the exploring of effective deterrents.
Mihir Bellare - One of the best experts on this subject based on the ideXlab platform.
-
public key encryption resistant to parameter Subversion and its realization from efficiently embeddable groups
Public Key Cryptography, 2018Co-Authors: Benedikt Auerbach, Mihir Bellare, Eike KiltzAbstract:We initiate the study of public-key encryption (PKE) schemes and key-encapsulation mechanisms (KEMs) that retain security even when public parameters (primes, curves) they use may be untrusted and subverted. We define a strong security goal that we call ciphertext pseudo-randomness under parameter Subversion attack (CPR-PSA). We also define indistinguishability (of ciphertexts for PKE, and of encapsulated keys from random ones for KEMs) and public-key hiding (also called anonymity) under parameter Subversion attack, and show they are implied by CPR-PSA, for both PKE and KEMs. We show that hybrid encryption continues to work in the parameter Subversion setting to reduce the design of CPR-PSA PKE to CPR-PSA KEMs and an appropriate form of symmetric encryption. To obtain efficient, elliptic-curve-based KEMs achieving CPR-PSA, we introduce efficiently-embeddable group families and give several constructions from elliptic-curves.
-
ASIACRYPT (2) - NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion
Advances in Cryptology – ASIACRYPT 2016, 2016Co-Authors: Mihir Bellare, Georg Fuchsbauer, Alessandra ScafuroAbstract:Motivated by the Subversion of "trusted" public parameters in mass-surveillance activities, this paper studies the security of NIZKs in the presence of a maliciously chosen common reference string. We provide definitions for Subversion soundness, Subversion witness indistinguishability and Subversion zero knowledge. We then provide both negative and positive results, showing that certain combinations of goals are unachievable but giving protocols to achieve other combinations.
-
NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion
Advances in Cryptology – ASIACRYPT 2016, 2016Co-Authors: Mihir Bellare, Georg Fuchsbauer, Alessandra ScafuroAbstract:Motivated by the Subversion of “trusted” public parameters in mass-surveillance activities, this paper studies the security of NIZKs in the presence of a maliciously chosen common reference string. We provide definitions for Subversion soundness, Subversion witness indistinguishability and Subversion zero knowledge. We then provide both negative and positive results, showing that certain combinations of goals are unachievable but giving protocols to achieve other combinations.
Yi Wang - One of the best experts on this subject based on the ideXlab platform.
-
Security of Auditing Protocols Against Subversion Attacks
International Journal of Foundations of Computer Science, 2020Co-Authors: Yi Wang, Rongmao ChenAbstract:In 2013, the revelation of Edward Snowden rekindled cryptographic researchers’ interest in Subversion attacks. Since then, many works have been carried out to explore the power of Subversion attacks and feasible effective countermeasures as well. In this work, we investigate the study of Subversion attacks against cloud auditing protocol, which has been well-known as useful primitive for secure cloud storage. We demonstrate that subverted auditing protocol enables the cloud server to recover secret information stored on the data owner side. Particularly, we first define an asymmetric Subversion attack model for auditing protocol. This model serves as the principle for analyzing the undetectability and key recovery of Subversion attacks against auditing protocols. We then show a general framework of asymmetric Subversion attacks against auditing protocols with index-coefficient challenge. To illustrate the feasibility of our paradigm, several concrete auditing protocols are provided. As a feasible countermeasure, we propose a Subversion-resilient auditing protocol with index-coefficient challenge.
-
Security of Auditing Protocols Against Subversion Attacks
International Journal of Foundations of Computer Science, 2020Co-Authors: Yi Wang, Rongmao ChenAbstract:In 2013, the revelation of Edward Snowden rekindled cryptographic researchers’ interest in Subversion attacks. Since then, many works have been carried out to explore the power of Subversion attack...
-
Asymmetric Subversion attacks on signature and identification schemes
Personal and Ubiquitous Computing, 2019Co-Authors: Yi Wang, Chi Liu, Rongmao Chen, Baosheng Wang, Yongjun WangAbstract:Studies of Subversion attack against cryptosystem could be dated to several decades ago, while the Snowden revelation in 2013 has set off a new wave of exploring possible approaches to protect or subvert cryptography primitives in practice. Inspired by kleptographic attacks proposed by Young et al. [Crypto’96], we present the asymmetric Subversion attack on signature and identification schemes in this work. Our contributions is summarized as follows: We present the asymmetric Subversion model for signature and identification schemes. The properties of our model are stronger than that of existing Subversion model proposed by Giuseppe et al. [CCS’15] and show higher requirement in attack goal.We propose the notion of splittable signature scheme and give a universal asymmetric Subversion attack on such schemes. Our attack is independent of secret key size and more efficient than symmetric attacks introduced by Giuseppe et al. [CCS’15].We introduce the asymmetric Subversion attack on a special type of identification schemes and show that it can be transformed from splittable signature scheme.Our Subversion attack is demonstrated to be practical and could be mounted on many common schemes, which shows the danger of Subversion attacks and spurs the exploring of effective deterrents.
-
Asymmetric Subversion attacks on signature and identification schemes
Personal and Ubiquitous Computing, 2019Co-Authors: Yi Wang, Chi Liu, Rongmao Chen, Baosheng Wang, Yongjun WangAbstract:Studies of Subversion attack against cryptosystem could be dated to several decades ago, while the Snowden revelation in 2013 has set off a new wave of exploring possible approaches to protect or subvert cryptography primitives in practice. Inspired by kleptographic attacks proposed by Young et al. [Crypto’96], we present the asymmetric Subversion attack on signature and identification schemes in this work. Our contributions is summarized as follows: Our Subversion attack is demonstrated to be practical and could be mounted on many common schemes, which shows the danger of Subversion attacks and spurs the exploring of effective deterrents.
-
ACISP - Asymmetric Subversion Attacks on Signature Schemes
Information Security and Privacy, 2018Co-Authors: Chi Liu, Rongmao Chen, Yi Wang, Yongjun WangAbstract:Subversion attacks against cryptosystems have already received wide attentions since several decades ago, while the Snowden revelations in 2013 reemphasized the need to further exploring potential avenues for undermining the cryptography in practice. In this work, inspired by the kleptographic attacks introduced by Young and Yung in 1990s [Crypto’96], we initiate a formal study of asymmetric Subversion attacks against signature schemes. Our contributions can be summarized as follows.
