Abstract
Double-authentication preventing signatures (DAPS) are a variant of digital signatures which have received considerable attention recently (Derler et al. EuroS&P 2018, Poettering Africacrypt 2018). They are unforgeable signatures in the usual sense and sign messages that are composed of an address and a payload. Their distinguishing feature is the property that signatures on two different payloads with respect to the same address allow to publicly extract the secret signing key. Thus, they are a means to disincentivize double-signing and are a useful tool in various applications.
DAPS are known in the factoring, the discrete logarithm and the lattice setting. The majority of the constructions are ad-hoc. Only recently, Derler et al. (EuroS&P 2018) presented the first generic construction that allows to extend any discrete logarithm based secure signature scheme to DAPS. However, their scheme has the drawback that the number of potential addresses (the address space) used for signing is polynomially bounded (and in fact small) as the size of secret and public keys of the resulting DAPS are linear in the address space. In this paper we overcome this limitation and present a generic construction of DAPS with constant size keys and signatures. Our techniques are not tailored to a specific algebraic setting and in particular allow us to construct the first DAPS without structured hardness assumptions, i.e., from symmetric key primitives, yielding a candidate for post-quantum secure DAPS.
The full version of this paper is available as IACR Cryptology ePrint Archive Report. All authors have been supported by EU H2020 project Prismacloud, grant agreement n\(^{\circ }\)644962.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agrawal, S., Ganesh, C., Mohassel, P.: Non-interactive zero-knowledge proofs for composite statements. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 643–673. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_22
Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430–454. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_17
Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. IACR Cryptology ePrint Archive 2016/687 (2016)
Ames, S., Hazay, C., Ishai, Y., Venkitasubramaniam, M.: Ligero: lightweight sublinear arguments without a trusted setup. In: CCS, pp. 2087–2104. ACM (2017)
Bellare, M., Poettering, B., Stebila, D.: From identification to signatures, tightly: a framework and generic transforms. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 435–464. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_15
Bellare, M., Poettering, B., Stebila, D.: Deterring certificate subversion: efficient double-authentication-preventing signatures. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10175, pp. 121–151. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54388-7_5
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.: High-speed high-security signatures. J. Cryptographic. Eng. 2(2), 77–89 (2012)
Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_15
Boneh, D., Eskandarian, S., Fisch, B.: Post-quantum group signatures from symmetric primitives. IACR Cryptology ePrint Archive 2018/261 (2018)
Boneh, D., Kim, S., Nikolaenko, V.: Lattice-based DAPS and generalizations: self-enforcement in signature schemes. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 457–477. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_23
Canetti, R., Micciancio, D., Reingold, O.: Perfectly one-way probabilistic hash functions (preliminary version). In: STOC, pp. 131–140. ACM (1998)
Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: CCS, pp. 1825–1842. ACM (2017)
Chase, M., et al.: The Picnic Signature Algorithm Specification (2017). https://github.com/Microsoft/Picnic/blob/master/spec.pdf
Chase, M., Lysyanskaya, A.: On signatures of knowledge. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 78–96. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_5
Derler, D., Ramacher, S., Slamanig, D.: Post-quantum zero-knowledge proofs for accumulators with applications to ring signatures from symmetric-key primitives. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 419–440. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_20
Derler, D., Ramacher, S., Slamanig, D.: Short double- and n-times-authentication-preventing signatures from ECDSA and more. In: EuroS&P, pp. 273–287. IEEE (2018)
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12
Fischlin, M.: Pseudorandom function tribe ensembles based on one-way permutations: improvements and applications. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 432–445. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_30
Giacomelli, I., Madsen, J., Orlandi, C.: ZKBoo: faster zero-knowledge for Boolean circuits. In: USENIX Security Symposium, pp. 1069–1083. USENIX Association (2016)
Guillou, L.C., Quisquater, J.-J.: A “Paradoxical” indentity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_16
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge proofs from secure multiparty computation. SIAM J. Comput. 39(3), 1121–1152 (2009)
Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. IACR Cryptology ePrint Archive 2018/475 (2018)
Micali, S., Reyzin, L.: Improving the exact security of digital signature schemes. J. Cryptol. 15(1), 1–18 (2002)
Poettering, B.: Shorter double-authentication preventing signatures for small address spaces. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 344–361. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89339-6_19
Poettering, B., Stebila, D.: Double-authentication-preventing signatures. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 436–453. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_25
Poettering, B., Stebila, D.: Double-authentication-preventing signatures. Int. J. Inf. Sec. 16(1), 1–22 (2017)
Ruffing, T., Kate, A., Schröder, D.: Liar, liar, coins on fire! Penalizing equivocation by loss of bitcoins. In: ACM Conference on Computer and Communications Security, pp. 219–230. ACM (2015)
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Unruh, D.: Quantum proofs of knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135–152. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_10
Unruh, D.: Non-interactive zero-knowledge proofs in the quantum random oracle model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 755–784. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_25
Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 497–527. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_18
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A One-Way Functions and Pseudorandom Function Families
A One-Way Functions and Pseudorandom Function Families
We recall the definitions of one-way functions and pseudorandom function (families).
Definition 10
(OWF). Let \(f: S \rightarrow P\) be a function. For a PPT adversary \(\mathcal {A}\) we define the advantage function as
The function f is one-way function (OWF) if it is efficiently computable and for all PPT adversaries \(\mathcal {A}\) there exists a negligible function \(\varepsilon (\cdot )\) such that
Definition 11
(PRF). Let \(\mathcal {F}: \mathcal {S} \times D \rightarrow \mathsf {R}\) be a family of functions and let \(\varGamma \) be the set of all functions \(D \rightarrow \mathsf{R}\). For a PPT distinguisher \(\mathcal {D}\) we define the advantage function as
\(\mathcal {F}\) is a pseudorandom function (family) if it is efficiently computable and for all PPT distinguishers \(\mathcal {D}\) there exists a negligible function \(\varepsilon (\cdot )\) such that
Below, we provide a slightly stronger variant of a definition of a notion introduced in [11, 18].
Definition 12
(Fixed-Value-Key-Binding PRF). A PRF family \(\mathcal {F}: \mathcal {S} \times D \rightarrow \mathsf {R}\) and a \(\beta \in D\), is fixed-value-key-binding if for all adversaries \(\mathcal {A}\)
Moreover, we present a relaxed (computational) version of the above definition.
Definition 13
(Computational Fixed-Value-Key-Binding PRF). For a PRF family \(\mathcal {F}: \mathcal {S} \times D \rightarrow \mathsf {R}\) and a \(\beta \in D\), we define the advantage function of a PPT adversary \(\mathcal {A}\) as
\(\mathcal {F}\) is computationally fixed-value-key-binding if for all PPT adversaries there exists as negligible function \(\varepsilon (\cdot )\) such that
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Derler, D., Ramacher, S., Slamanig, D. (2018). Generic Double-Authentication Preventing Signatures and a Post-quantum Instantiation. In: Baek, J., Susilo, W., Kim, J. (eds) Provable Security. ProvSec 2018. Lecture Notes in Computer Science(), vol 11192. Springer, Cham. https://doi.org/10.1007/978-3-030-01446-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-01446-9_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01445-2
Online ISBN: 978-3-030-01446-9
eBook Packages: Computer ScienceComputer Science (R0)