Advertisement

Generic Double-Authentication Preventing Signatures and a Post-quantum Instantiation

  • David Derler
  • Sebastian Ramacher
  • Daniel Slamanig
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11192)

Abstract

Double-authentication preventing signatures (DAPS) are a variant of digital signatures which have received considerable attention recently (Derler et al. EuroS&P 2018, Poettering Africacrypt 2018). They are unforgeable signatures in the usual sense and sign messages that are composed of an address and a payload. Their distinguishing feature is the property that signatures on two different payloads with respect to the same address allow to publicly extract the secret signing key. Thus, they are a means to disincentivize double-signing and are a useful tool in various applications.

DAPS are known in the factoring, the discrete logarithm and the lattice setting. The majority of the constructions are ad-hoc. Only recently, Derler et al. (EuroS&P 2018) presented the first generic construction that allows to extend any discrete logarithm based secure signature scheme to DAPS. However, their scheme has the drawback that the number of potential addresses (the address space) used for signing is polynomially bounded (and in fact small) as the size of secret and public keys of the resulting DAPS are linear in the address space. In this paper we overcome this limitation and present a generic construction of DAPS with constant size keys and signatures. Our techniques are not tailored to a specific algebraic setting and in particular allow us to construct the first DAPS without structured hardness assumptions, i.e., from symmetric key primitives, yielding a candidate for post-quantum secure DAPS.

Keywords

Digital signatures Double-authentication prevention Shamir secret sharing Provable-security Generic construction Exponential size address space 

References

  1. 1.
    Agrawal, S., Ganesh, C., Mohassel, P.: Non-interactive zero-knowledge proofs for composite statements. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 643–673. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96878-0_22CrossRefGoogle Scholar
  2. 2.
    Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430–454. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_17CrossRefGoogle Scholar
  3. 3.
    Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. IACR Cryptology ePrint Archive 2016/687 (2016)Google Scholar
  4. 4.
    Ames, S., Hazay, C., Ishai, Y., Venkitasubramaniam, M.: Ligero: lightweight sublinear arguments without a trusted setup. In: CCS, pp. 2087–2104. ACM (2017)Google Scholar
  5. 5.
    Bellare, M., Poettering, B., Stebila, D.: From identification to signatures, tightly: a framework and generic transforms. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 435–464. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53890-6_15CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Poettering, B., Stebila, D.: Deterring certificate subversion: efficient double-authentication-preventing signatures. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10175, pp. 121–151. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54388-7_5CrossRefGoogle Scholar
  7. 7.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.: High-speed high-security signatures. J. Cryptographic. Eng. 2(2), 77–89 (2012)CrossRefGoogle Scholar
  8. 8.
    Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_15CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Eskandarian, S., Fisch, B.: Post-quantum group signatures from symmetric primitives. IACR Cryptology ePrint Archive 2018/261 (2018)Google Scholar
  10. 10.
    Boneh, D., Kim, S., Nikolaenko, V.: Lattice-based DAPS and generalizations: self-enforcement in signature schemes. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 457–477. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-61204-1_23CrossRefGoogle Scholar
  11. 11.
    Canetti, R., Micciancio, D., Reingold, O.: Perfectly one-way probabilistic hash functions (preliminary version). In: STOC, pp. 131–140. ACM (1998)Google Scholar
  12. 12.
    Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: CCS, pp. 1825–1842. ACM (2017)Google Scholar
  13. 13.
    Chase, M., et al.: The Picnic Signature Algorithm Specification (2017). https://github.com/Microsoft/Picnic/blob/master/spec.pdf
  14. 14.
    Chase, M., Lysyanskaya, A.: On signatures of knowledge. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 78–96. Springer, Heidelberg (2006).  https://doi.org/10.1007/11818175_5CrossRefGoogle Scholar
  15. 15.
    Derler, D., Ramacher, S., Slamanig, D.: Post-quantum zero-knowledge proofs for accumulators with applications to ring signatures from symmetric-key primitives. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 419–440. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-79063-3_20CrossRefzbMATHGoogle Scholar
  16. 16.
    Derler, D., Ramacher, S., Slamanig, D.: Short double- and n-times-authentication-preventing signatures from ECDSA and more. In: EuroS&P, pp. 273–287. IEEE (2018)Google Scholar
  17. 17.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987).  https://doi.org/10.1007/3-540-47721-7_12CrossRefGoogle Scholar
  18. 18.
    Fischlin, M.: Pseudorandom function tribe ensembles based on one-way permutations: improvements and applications. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 432–445. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_30CrossRefGoogle Scholar
  19. 19.
    Giacomelli, I., Madsen, J., Orlandi, C.: ZKBoo: faster zero-knowledge for Boolean circuits. In: USENIX Security Symposium, pp. 1069–1083. USENIX Association (2016)Google Scholar
  20. 20.
    Guillou, L.C., Quisquater, J.-J.: A “Paradoxical” indentity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, New York (1990).  https://doi.org/10.1007/0-387-34799-2_16CrossRefGoogle Scholar
  21. 21.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge proofs from secure multiparty computation. SIAM J. Comput. 39(3), 1121–1152 (2009)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. IACR Cryptology ePrint Archive 2018/475 (2018)Google Scholar
  23. 23.
    Micali, S., Reyzin, L.: Improving the exact security of digital signature schemes. J. Cryptol. 15(1), 1–18 (2002)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Poettering, B.: Shorter double-authentication preventing signatures for small address spaces. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 344–361. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-89339-6_19CrossRefGoogle Scholar
  25. 25.
    Poettering, B., Stebila, D.: Double-authentication-preventing signatures. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 436–453. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11203-9_25CrossRefGoogle Scholar
  26. 26.
    Poettering, B., Stebila, D.: Double-authentication-preventing signatures. Int. J. Inf. Sec. 16(1), 1–22 (2017)CrossRefGoogle Scholar
  27. 27.
    Ruffing, T., Kate, A., Schröder, D.: Liar, liar, coins on fire! Penalizing equivocation by loss of bitcoins. In: ACM Conference on Computer and Communications Security, pp. 219–230. ACM (2015)Google Scholar
  28. 28.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990).  https://doi.org/10.1007/0-387-34805-0_22CrossRefGoogle Scholar
  29. 29.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Unruh, D.: Quantum proofs of knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135–152. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_10CrossRefGoogle Scholar
  32. 32.
    Unruh, D.: Non-interactive zero-knowledge proofs in the quantum random oracle model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 755–784. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46803-6_25CrossRefzbMATHGoogle Scholar
  33. 33.
    Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 497–527. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_18CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • David Derler
    • 1
  • Sebastian Ramacher
    • 1
  • Daniel Slamanig
    • 2
  1. 1.IAIK, Graz University of TechnologyGrazAustria
  2. 2.AIT Austrian Institute of Technology GmbHViennaAustria

Personalised recommendations