Toward Generic Method for Server-Aided Cryptography

  • Sébastien Canard
  • Iwen Coisel
  • Julien Devigne
  • Cécilia Gallais
  • Thomas Peters
  • Olivier Sanders
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8233)


Portable devices are very useful to access services from anywhere at any time. However, when the security underlying the service requires complex cryptography, implying the execution of several costly mathematical operations, these devices may become inadequate because of their limited capabilities. In this case, it is desirable to adapt the way to use cryptography. One possibility, which has been widely studied in many particular cases, is to propose a server-aided version of the executed cryptographic algorithm, where some well-chosen parts of the algorithm are delegated to a more powerful entity. As far as we know, nothing has been done to generically change a given well-known secure instance of a cryptographic primitive in its initial form to a secure server-aided version where the server (called the intermediary) may be corrupted by the adversary. In this paper, we propose an almost generic method to simplify the work of the operator who wants to construct this secure server-aided instance. In particular, we take into account the efficiency of the resulting server-aided instance by giving the best possible way to separate the different tasks of the instance so that the resulting time efficiency is optimal. Our methodology can be applied to most of public key cryptographic schemes.


Smart Card Security Property Secret Data Cryptographic Algorithm Modular Exponentiation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Blanchet, B., Comon-Lundh, H.: Models and proofs of protocol security: A progress report. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 35–49. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Atallah, M.J., Frikken, K.B.: Securely outsourcing linear algebra computations. In: ASIACCS, pp. 48–59 (2010)Google Scholar
  3. 3.
    Barthe, G., Daubignard, M., Kapron, B., Lakhnech, Y.: Computational indistinguishability logic. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 375–386. ACM (2010)Google Scholar
  4. 4.
    Barthe, G., Grégoire, B., Heraud, S., Béguelin, S.Z.: Computer-aided security proofs for the working cryptographer. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 71–90. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Béguin, P., Quisquater, J.-J.: Fast server-aided RSA signatures secure against active attacks. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 57–69. Springer, Heidelberg (1995)Google Scholar
  6. 6.
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Blanchet, B., Pointcheval, D.: Automated security proofs with sequences of games. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 537–554. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: ACM Conference on Computer and Communications Security 2004, pp. 132–145. ACM (2004)Google Scholar
  9. 9.
    Canard, S., Coisel, I., De Meulenaer, G., Pereira, O.: Group signatures are suitable for constrained devices. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 133–150. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Canard, S., Girault, M.: Implementing group signature schemes with smart cards. In: CARDIS 2002, pp. 1–10. USENIX (2002)Google Scholar
  11. 11.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  12. 12.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  13. 13.
    Chen, L.: A daa scheme requiring less tpm resources. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 350–365. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Chevallier-Mames, B., Coron, J.-S., McCullagh, N., Naccache, D., Scott, M.: Secure delegation of elliptic-curve pairing. Cryptology ePrint Archive, Report 2005/150 (2005),
  15. 15.
    Chevallier-Mames, B., Coron, J.-S., McCullagh, N., Naccache, D., Scott, M.: Secure delegation of elliptic-curve pairing. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 24–35. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Cramer, R., Pedersen, T.P.: Improved privacy in wallets with observers (extended abstract). In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 329–343. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  17. 17.
    Delerablée, C., Pointcheval, D.: Dynamic fully anonymous short group signatures. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 193–210. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Girault, M., Lefranc, D.: Public key authentication with one (online) single addition. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 413–427. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Girault, M., Lefranc, D.: Server-aided verification: theory and practice. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 605–623. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Hohenberger, S., Lysyanskaya, A.: How to securely outsource cryptographic computations. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 264–282. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Kawamura, S.I., Shimbo, A.: Fast server-aided secret computation protocols for modular exponentiation. IEEE Journal on Selected Areas in Communications 11(5), 778–784 (1993)CrossRefGoogle Scholar
  22. 22.
    Kang, B.G., Lee, M.S., Park, J.H.: Efficient delegation of pairing computation. IACR Cryptology ePrint Archive, 2005:259 (2005)Google Scholar
  23. 23.
    Lim, C.H., Lee, P.J.: Server (prover/signer)-aided verification of identity proofs and signatures. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 64–78. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  24. 24.
    Maitland, G., Boyd, C.: Co-operatively formed group signatures. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 218–235. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. 25.
    Matsumoto, T., Kato, K., Imai, H.: Speeding up secret computations with insecure auxiliary devices. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 497–506. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  26. 26.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: A very compact and a threshold implementation of aes. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  27. 27.
    Nguyên, P.Q., Shparlinski, I.E.: On the insecurity of a server-aided RSA protocol. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 21–35. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Nguyên, P.Q., Stern, J.: The béguin-quisquater server-aided RSA protocol from crypto ’95 is not secure. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 372–379. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  29. 29.
    Pfitzmann, B., Waidner, M.: Attacks on protocols for server-aided RSA computation. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 153–162. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  30. 30.
    Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar
  31. 31.
    van Dijk, M., Clarke, D.E., Gassend, B., Edward Suh, G., Devadas, S.: Speeding up exponentiation using an untrusted computational resource. Des. Codes Cryptography 39(2), 253–273 (2006)CrossRefzbMATHGoogle Scholar
  32. 32.
    Xu, S., Yung, M.: Accountable ring signatures: a smart card approach. In: CARDIS 2004, pp. 271–286. Kluwer (2004)Google Scholar
  33. 33.
    Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: FOCS, pp. 160–164. IEEE Computer Society (1982)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Sébastien Canard
    • 1
  • Iwen Coisel
    • 2
  • Julien Devigne
    • 1
    • 3
  • Cécilia Gallais
    • 4
  • Thomas Peters
    • 5
  • Olivier Sanders
    • 1
    • 6
  1. 1.Orange Labs - Applied Crypto GroupCaenFrance
  2. 2.Institute for the Protection and the Security of the Citizen - Digital Citizen SecurityEuropean Commission - Joint Research Centre (JRC)IspraItaly
  3. 3.Laboratoire GREYCUniversité de Caen Basse-NormandieCaenFrance
  4. 4.TevalisRennesFrance
  5. 5.ICTEAM/Crypto GroupUniversité catholique de LouvainLouvain-la-NeuveBelgium
  6. 6.Ecole Normale Supérieure - Département d’InformatiqueParis Cedex 05France

Personalised recommendations