Abstract
A mode of operation of the Elliptic Curve Digital Signature Algorithm (ECDSA) is presented which provably excludes subliminal communication through ECDSA signatures. For this, the notion of a signature scheme that is subliminal-free with proof is introduced which can be seen as generalizing subliminal-free signatures and being intermediate to the established concepts of invariant and unique signatures.
Motivated by the proposed use of ECDSA for signing passports, our focus is not on proving the mere existence of a subliminal-free ECDSA mode of operation, but on demonstrating its practical potential. The proposed construction relies on the availability of a party acting as warden and on a reasonably-sized non-interactive proof of subliminal-freeness. For instance, in the passport scenario, the passport holder plays the role of the warden, and we show that a suitable combination of the pseudo random function of Naor and Reingold with bit commitments and non-interactive zero-knowledge proofs can be used for accomplishing the required proof of subliminal-freeness with acceptable efficiency.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Brickell, E.F., Chaum, D., Damgård, I.B., van de Graaf, J.: Gradual and verifiable release of a secret. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 156–166. Springer, Heidelberg (1988)
Burmester, M., Desmedt, Y., Itoh, T., Sakurai, K., Shizuya, H.: Divertible and Subliminal-Free Zero-Knowledge Proofs for Languages. Journal of Cryptology 12(3), 197–223 (1999)
Boudot, F.: Efficient Proofs that a Committed Number Lies in an Interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)
Jens-Matthias, B., Steinwandt, R.: On Subliminal Channels in Deterministic Signature Schemes. In: Park, C., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 182–194. Springer, Heidelberg (2005)
Blum, M., De Santis, A., Micali, S., Persiano, G.: Noninteractive Zero-Knowledge. SIAM Journal on Computing 20, 1084–1118 (1991)
Bundesamt für Sicherheit in der Informationstechnik. Digitale Sicherheitsmerkmale im elektronischen Reisepass (2005), At the time of writing available at http://www.bsi.de/fachthem/epass/Sicherheitsmerkmale.pdf
Camenisch, J., Michels, M.: Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999)
Carter, L., Wegman, M.N.: Universal Classes of Hash Functions. Journal of Computer and System Sciences 18(2), 143–154 (1979)
Desmedt, Y.: Abuses in Cryptography and How to Fight Them. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 375–389. Springer, Heidelberg (1990)
Desmedt, Y.: Subliminal-Free Authentication and Signature (Extended Abstract). In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 23–33. Springer, Heidelberg (1988)
Desmedt, Y.: Simmons’ Protocol is Not Free of Subliminal Channels. In: Proceedings 9th IEEE Computer Security Foundations Workshop, pp. 170–175. IEEE Computer Society Press, Los Alamitos, CA, USA (1996)
Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)
Fujisaki, E., Okamoto, T.: Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)
Goldwasser, S., Ostrovsky, R.: Invariant Signatures and Non-interactive Zero-Knowledge Proofs Are Equivalent. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, Springer, Heidelberg (1993)
Goldreich, O.: Foundations of Cryptography, Volume II. Cambridge University Press, Cambridge (2004)
Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: Proceedings of the twenty-first annual ACM symposium on Theory of computing, pp. 12–24. ACM Press, New York, NY, USA (1989)
ISO/IEC 15946-2: Information technology – Security techniques – Cryptographic techniques based on elliptic curves – Part 1: Digital Signatures (2002)
Impagliazzo, R., Zuckerman, D.: How to recycle random bits. In: 30th Annual Symposium on Foundations of Computer Science, pp. 248–253. IEEE, New York (1989)
Lysyanskaya, A.: Unique Signatures and Verifiable Random Functions from the DH-DDH Separation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 597–612. Springer, Heidelberg (2002)
Micali, S., Rabin, M., Vadhan, S.: Verifiable Random Functions. In: Proceedings of the 40th Annual Symposium on the Foundations of Computer Science, pp. 120–130. IEEE, New York (1999)
Naor, M., Reingold, O.: Number-Theoretic Constructions of Efficient Pseudo-Random Functions. Journal of the ACM 51(2), 231–262 (2004)
Pedersen, T.P.: Non-interactive and Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)
Simmons, G.J.: The Prisoners’ Problem and the Subliminal Channel. In: Advances in Cryptology – CRYPTO 1983, pp. 51–67. Plenum Press, New York and London (1984)
Simmons, G.J.: An Introduction to the Mathematics of Trust in Security Protocols. In: Proceedings of the Computer Security Foundations Workshop VI, pp. 121–127. IEEE Computer Society Press, Los Alamitos, CA, USA (1993)
Gustavus, J.: Subliminal Communication Is Easy Using the DSA. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 218–232. Springer, Heidelberg (1994)
Stinson, D.R.: Universal hash families and the leftover hash lemma, and applications to cryptography and computing. Journal of Combinatorial Mathematics and Combinatorial Computing 42, 3–31 (2002)
Vaudenay, S.: The Security of DSA and ECDSA. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 309–323. Springer, Heidelberg (2002)
Young, A., Yung, M.: Malicious Cryptography: Exposing Cryptovirology. Wiley Publishing, Chichester (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bohli, JM., González Vasco, M.I., Steinwandt, R. (2007). A Subliminal-Free Variant of ECDSA. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds) Information Hiding. IH 2006. Lecture Notes in Computer Science, vol 4437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74124-4_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-74124-4_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74123-7
Online ISBN: 978-3-540-74124-4
eBook Packages: Computer ScienceComputer Science (R0)