Advertisement

Lattice-Based DAPS and Generalizations: Self-enforcement in Signature Schemes

  • Dan BonehEmail author
  • Sam Kim
  • Valeria Nikolaenko
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10355)

Abstract

Double authentication preventing signatures (DAPS) is a mechanism, due to Poettering and Stebila, for protecting certificate authorities (CAs) from coercion. We construct the first lattice-based DAPS signatures, thereby providing the first post-quantum DAPS system. We go further and generalize DAPS to a more general mechanism we call predicate authentication preventing signatures (PAPS). Here, for a given k-ary predicate \(\phi \), a PAPS system for \(\phi \) is regular signature scheme. However, if the signer ever signs k messages \(m_1,\ldots ,m_k\) such that \(\phi (m_1,\ldots ,m_k)\) is true then these k signatures reveal the signer’s secret key. This self-enforcement mechanism incentivizes the signer to never sign conflicting messages, namely messages that satisfy the predicate \(\phi \). The k conflicting messages can be signed at different times and the signatures may be generated independently of one another. We further generalize to the case when the signatures are generated by multiple signers. We motivate these primitives, give precise definitions, and provide several constructions. These primitives are challenging to construct and give rise to many new elegant open research questions.

Notes

Acknowledgements

This work is supported by NSF, DARPA, the Simons foundation, and a grant from ONR. Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA.

References

  1. [ABB10]
    Agrawal, S., Boneh, D., Boyen, X.: Efficient Lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_28 CrossRefGoogle Scholar
  2. [ACPS09]
    Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_35 CrossRefGoogle Scholar
  3. [Ajt96]
    Ajtai, M.: Generating hard instances of lattice problems. In: STOC (1996)Google Scholar
  4. [ALSY06]
    Au, M.H., Liu, J.K., Susilo, W., Yuen, T.H.: Constant-size ID-based linkable and revocable-iff-linked ring signature. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 364–378. Springer, Heidelberg (2006). doi: 10.1007/11941378_26 CrossRefGoogle Scholar
  5. [AP11]
    Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. Theory Comput. Syst. 48(3), 535–553 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  6. [ASP12]
    Alperin-Sheriff, J., Peikert, C.: Circular and KDM security for identity-based encryption. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 334–352. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-30057-8_20 CrossRefGoogle Scholar
  7. [BF14]
    Bellare, M., Fuchsbauer, G.: Policy-based signatures. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 520–537. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54631-0_30 CrossRefGoogle Scholar
  8. [BGI14]
    Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 501–519. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54631-0_29 CrossRefGoogle Scholar
  9. [BGV12]
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: ITCS. ACM (2012)Google Scholar
  10. [BGW05]
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005). doi: 10.1007/11535218_16 CrossRefGoogle Scholar
  11. [BKM06]
    Bender, A., Katz, J., Morselli, R.: Ring signatures: stronger definitions, and constructions without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 60–79. Springer, Heidelberg (2006). doi: 10.1007/11681878_4 CrossRefGoogle Scholar
  12. [BLP+13]
    Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: STOC. ACM (2013)Google Scholar
  13. [BPS15]
    Bellare, M., Poettering, B., Stebila, D.: Double-authentication-preventing signatures and trapdoor identification. Cryptology ePrint Archive, Report 2015/1157 (2015). http://eprint.iacr.org/
  14. [BRS02]
    Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003). doi: 10.1007/3-540-36492-7_6 CrossRefGoogle Scholar
  15. [BV11]
    Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22792-9_29 CrossRefGoogle Scholar
  16. [BV14]
    Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. SIAM J. Comput. 43(2), 831–871 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  17. [BWZ14]
    Boneh, D., Waters, B., Zhandry, M.: Low overhead broadcast encryption from multilinear maps. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 206–223. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_12 CrossRefGoogle Scholar
  18. [CD09]
    Cramer, R., Damgård, I.: On the amortized complexity of zero-knowledge protocols. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 177–191. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_11 CrossRefGoogle Scholar
  19. [CL01]
    Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). doi: 10.1007/3-540-44987-6_7 CrossRefGoogle Scholar
  20. [FN93]
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994). doi: 10.1007/3-540-48329-2_40 Google Scholar
  21. [Gen09]
    Gentry, C.: Fully homomorphic encryption using ideal lattices. STOC 9, 169–178 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  22. [GPV08]
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC. ACM (2008)Google Scholar
  23. [GSW13]
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_5 CrossRefGoogle Scholar
  24. [GVW15]
    Gorbunov, S., Vaikuntanathan, V., Wichs, D.: Leveled fully homomorphic signatures from standard lattices. In: STOC. ACM (2015)Google Scholar
  25. [LLK15]
    Laurie, B., Langley, A., Kasper, E.: Certificate Transparency. RFC 6962, (October 2015)Google Scholar
  26. [LM06]
    Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 144–155. Springer, Heidelberg (2006). doi: 10.1007/11787006_13 CrossRefGoogle Scholar
  27. [Lyu08]
    Lyubashevsky, V.: Lattice-based identification schemes secure under active attacks. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 162–179. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78440-1_10 CrossRefGoogle Scholar
  28. [Lyu12]
    Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_43 CrossRefGoogle Scholar
  29. [MBB+15]
    Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. USENIX Secur. 15, 383–398 (2015)Google Scholar
  30. [Mic04]
    Micciancio, D.: Almost perfect lattices, the covering radius problem, and applications to Ajtai’s connection factor. SIAM J. Comput. 34(1), 118–169 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  31. [MM11]
    Micciancio, D., Mol, P.: Pseudorandom knapsacks and the sample complexity of LWE search-to-decision reductions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 465–484. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22792-9_26 CrossRefGoogle Scholar
  32. [MP12]
    Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_41 CrossRefGoogle Scholar
  33. [MP13]
    Micciancio, D., Peikert, C.: Hardness of SIS and LWE with small parameters. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 21–39. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_2 CrossRefGoogle Scholar
  34. [MPR11]
    Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 376–392. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19074-2_24 CrossRefGoogle Scholar
  35. [MR07]
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  36. [Pei09]
    Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem. In: STOC. ACM (2009)Google Scholar
  37. [PR06]
    Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145–166. Springer, Heidelberg (2006). doi: 10.1007/11681878_8 CrossRefGoogle Scholar
  38. [PS14]
    Poettering, B., Stebila, D.: Double-authentication-preventing signatures. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 436–453. Springer, Cham (2014). doi: 10.1007/978-3-319-11203-9_25 Google Scholar
  39. [Reg09]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 34 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  40. [RST01]
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001). doi: 10.1007/3-540-45682-1_32 CrossRefGoogle Scholar
  41. [TX03]
    Tsudik, G., Xu, S.: Accumulating composites and improved group signing. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 269–286. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-40061-5_16 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Stanford UniversityStanfordUSA

Personalised recommendations