ebook img

Verifiable Composition of Signature and Encryption: A Comprehensive Study of the Design Paradigms PDF

154 Pages·2017·5.015 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Verifiable Composition of Signature and Encryption: A Comprehensive Study of the Design Paradigms

Laila El Aimani Verifi able Composition of Signature and Encryption A Comprehensive Study of the Design Paradigms Verifiable Composition of Signature and Encryption Laila El Aimani Verifiable Composition of Signature and Encryption A Comprehensive Study of the Design Paradigms 123 LailaElAimani ÉcoleNationaledesSciencesAppliquéesdeSafi CadiAyyadUniversity Safi,Morocco ISBN978-3-319-68111-5 ISBN978-3-319-68112-2 (eBook) https://doi.org/10.1007/978-3-319-68112-2 LibraryofCongressControlNumber:2017953945 ©SpringerInternationalPublishingAG2017 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbook arebelievedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsor theeditorsgiveawarranty,expressorimplied,withrespecttothematerialcontainedhereinorforany errorsoromissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictional claimsinpublishedmapsandinstitutionalaffiliations. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Tomyfamily Preface Scope Cryptographicmechanismsthatrequirethefunctionalitiesofbothsignature andencryptionarebecomingnowadaysincreasinglyimportant. Consider for example the case of interorganizational electronic documents; digital signatures on these documents are indispensable to resolve disputes as they ensure integrity and authenticity of the underlying messages; however, self- authentication of the signatures will make the messages vulnerable to industrial spy or extortionist. Therefore, it is imperative to control the signature verification by applying for instance an encryption layer that obscures the signatures and makes them opaque. Also, a secure email application requires signature and encryption simultaneously to guarantee confidentiality, integrity, and authenticity oftheexchangedemails. Verifiability is an important feature in those mechanisms. In fact, it can be applicable in filtering out spams in an email application; the spam filter should be abletocheckthevalidityoftheencryptedemailwithoutdecryptingit.Besides,the receiver that decrypts the email might be compelled, for instance to resolve later disputes,toprovethatthesenderisindeedtheauthorofagivenmessage.Likewise, theauthoroftheopaquesignaturemightneedtoproveitsvaliditywithrespecttoa givenmessage,ortodelegatethistasktoathirdparty. This Book’s Objectives This book attempts to give a thorough treatment of the celebratedcompositionsofsignatureandencryptionthatallowforgoodverifiability, i.e., possibility to efficiently prove properties about the encrypted data. The study isprovidedinthecontextoftwocryptographicprimitives:(1)designatedconfirmer signatures, an opaque signature which was introduced to control the proliferation of certified copies of documents, and (2) signcryption, a primitive that offers simultaneouslyandefficientlyprivacyandauthenticity. The choice of the case-study primitives is motivated by the need to have a representativeofprimitivesthatrequirebothconfidentialityandauthenticityofthe data, and a representative of opaque signatures which obfuscate the authenticity of the signed data while disclosing the latter. The hope is to be able to extend vii viii Preface thepresent studytocover theplethora ofcryptographic mechanisms thatuseboth signatureandencryption,andneedgoodverifiability. Insteadofgivingacompendiumofresultsaboutthestudiedprimitives,Itakean instructive approach to first analyze and explain the shortcomings of the existing paradigms used to build the primitives, then proceed to the exposition of the efficient variants while giving the reader understanding and appreciation of the design methodology. Moreover, I endeavor to gradually supplement and reinforce thesecuritymodelinwhichtheprimitivesarebeinganalyzed;thegoalistoprovide flexibledesignoptionsaccordingtotherequiredsecurity. Audience Thebookisaimedatthefollowingaudiences. • Researchers in cryptology/privacy. These readers will find a single-point refer- ence book which gives a sound and rigorous treatment of the existing compo- sitions of signature and encryption found in a great number of cryptographic and privacy-preserving mechanisms. Such a book can help this audience enter quickly into and master this vast area of study. It also presents an important literature survey material which can help them find further literature and consequentlyshapetheirownresearchtopics. • Graduate and PhD students beginning their research in cryptology and infor- mation security. These readers will find in this monograph a suitable cut-down set of many properly interwoven topics that form the basic pillars of modern cryptography;tonamebutafew:digitalsignatures,(tag-based)encryption,(non) interactiveproofs,zero-knowledge,(meta)reductions. • Security engineers in high-tech companies responsible for the design and developmentofcryptographicandprivacy-preservingsolutions.Infact,thebook providesdesignprinciplesandguidelinesforcertaincryptographicmechanisms in a pedagogical manner that allows to easily extend the study to further mechanisms.Itconstitutesthenasuitableself-teachingtextforthispopulationin theareasubjecttothestudy. Content The book is organized into four parts. There is a tight continuity from one part to the next to ensure a quick comprehension of the material. Thus, Part I (Chaps.1 and 2) gives the necessary background in the theoretical foundations of modern cryptography, including the definition of the case-study primitives. Part II (Chaps.3 and 4) and Part III (Chaps.5 and 6) cover the existing compositions of signature and encryption, namely Sign_then_Encrypt (StE)andCommit_then_Encrypt_and_Sign(CtEaS)includingthespecialinstance Encrypt_then_Sign (EtS). Both parts start with a close scrutiny of the mentioned paradigmsbeforeputtingforwardthemoreefficientnewanalogs.PartIV(Chaps.7– 9)buildsfromtheworkdevelopedinthepreviouspartstopropoundnewparadigms that respond to stronger security requirements without compromising efficiency. Finally,wesummarizeinChap.10theconclusionstobedrawnfromourstudy. Preface ix Acknowledgments IdevelopedmostresultspresentedinthisbookduringmyPhDandmypostdocat the University of Bonn and Technicolor respectively. It is a pleasure to thank my PhD supervisor Joachim von zur Gathen for his invaluable support and feedback duringmystudies.AspecialnoteofthanksgotoDamienVergnaudformakingme discovercryptographicprotocolsandforhissubstantialhelpduringtheearlystages of my PhD. I would also like to express my deep gratitude to my postdoc mentor MarcJoyeforhisgeneroussupportandcountlesssuggestionstoimprovemyresults. MyPhDreviewerKennyPatersondeservesspecialmentionforreadingmythesis, apreliminaryversionofthepresentedresults,inexcruciatingdetailandgivingme constructive comments thatgreatlyimproved theresultsandinspiredmetoderive new ones. I benefited from collaboration/correspondence with many researchers; I wish to thank all my colleagues and coauthors for precious discussions which wereagreatsourceofinspirationwhilewritingthistext.IamalsogratefultoJorge NakaharaJr.forencouragingmetoturnmyresultsintoabookandforhisexcellent cooperation and availability throughout the edition process. Last but not least, I wishtoexpressmyprofoundgratitudetomyfamilyforconstantunderstandingand endless support over the years. I am also indebted to my institute ESTS at Cadi Ayyad University for providing a nice working environment for completing this work. Safi,Morocco LailaElAimani July2017 Contents PartI Background 1 Preliminaries................................................................ 3 1.1 CryptographicPrimitives.............................................. 3 1.1.1 DigitalSignatures ............................................. 3 1.1.2 Public-KeyEncryption(PKE)................................ 6 1.1.3 Key/DataEncapsulationMechanisms........................ 10 1.1.4 Tag-BasedEncryption(TBE)................................. 12 1.1.5 CommitmentSchemes ........................................ 14 1.2 Number-TheoreticProblems.......................................... 16 1.2.1 Factoring-RelatedProblems .................................. 16 1.2.2 Discrete-Log-RelatedProblems .............................. 17 1.3 ReductionistSecurity.................................................. 20 1.3.1 CryptographicReductions .................................... 20 1.3.2 ProofModels .................................................. 22 1.3.3 Meta-reductionsinCryptography ............................ 23 1.4 CryptographicProofSystems......................................... 24 1.4.1 InteractiveProofs.............................................. 24 1.4.2 Zero-Knowledge(ZK) ........................................ 25 1.4.3 †Protocols.................................................... 27 1.4.4 Non-interactiveProofs ........................................ 28 References.................................................................... 29 2 Case-StudyPrimitives...................................................... 31 2.1 ConvertibleDesignated-ConfirmerSignatures(CDCS) ............. 31 2.1.1 Motivation ..................................................... 31 2.1.2 Syntax.......................................................... 32 2.1.3 SecurityModelforCDCS .................................... 33 xi xii Contents 2.2 Signcryption ........................................................... 39 2.2.1 MotivationandChallenges.................................... 39 2.2.2 Syntax.......................................................... 41 2.2.3 SecurityModel ................................................ 42 References.................................................................... 43 PartII The“Sign_then_Encrypt”(StE)Paradigm 3 AnalysisofStE.............................................................. 49 3.1 StEforConfirmerSignatures ......................................... 49 3.1.1 TheStEParadigm............................................. 49 3.1.2 OtherVariants ................................................. 50 3.2 TheExactUnforgeabilityofStEConstructions...................... 52 3.2.1 RoadmapfortheRestoftheChapter......................... 53 3.3 ABreachinInvisibilitywithHomomorphicEncryption............ 53 3.4 ImpossibilityResultsforKey-PreservingReductions ............... 54 3.4.1 InsufficiencyofOW-CCASecureEncryption............... 55 3.4.2 InsufficiencyofNM-CPASecureEncryption................ 56 3.4.3 PuttingAllTogether........................................... 56 3.5 ExtensiontoArbitraryReductions.................................... 57 3.6 AnalysisofDamgård-Pedersen’sUndeniableSignatures ........... 60 3.7 SufficiencyofIND-PCASecureEncryption......................... 62 References.................................................................... 64 4 AnEfficientVariantofStE................................................ 67 4.1 TheNewStE........................................................... 67 4.1.1 Construction................................................... 67 4.1.2 SecurityAnalysis.............................................. 69 4.2 PracticalRealizations.................................................. 72 4.2.1 TheClassSofSignatures..................................... 73 4.2.2 TheClassEofEncryptionSchemes ......................... 74 4.2.3 Confirmation/DenialProtocols ............................... 76 4.3 FurtherEnhancements................................................. 78 4.3.1 ReducingtheSoundnessError................................ 78 4.3.2 OnlineNon-transferability.................................... 79 4.4 PerformanceoftheNewStE.......................................... 80 References.................................................................... 81 PartIII The “Commit_then_Encrypt_and_Sign” (CtEaS) Paradigm 5 AnalysisofCtEaS........................................................... 85 5.1 CtEaSforConfirmerSignatures ...................................... 85 5.2 TheExactInvisibilityofCtEaS....................................... 87 5.2.1 ImpossibilityResults.......................................... 87 5.2.2 SufficiencyofIND-PCASecureEncryption................. 89 References.................................................................... 91

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.