scholarly journals On the Tight Security of TLS 1.3: Theoretically Sound Cryptographic Parameters for Real-World Deployments

2021 ◽  
Vol 34 (3) ◽  
Author(s):  
Denis Diemert ◽  
Tibor Jager
Keyword(s):  
Real World ◽  
Large Scale ◽  
Random Oracle Model ◽  
Building Blocks ◽  
Random Oracle ◽  
Security Proof ◽  
Security Guarantees ◽  
Digital Signature Scheme ◽  
Tight Security ◽  
Selection Of

AbstractWe consider the theoretically sound selection of cryptographic parameters, such as the size of algebraic groups or RSA keys, for TLS 1.3 in practice. While prior works gave security proofs for TLS 1.3, their security loss is quadratic in the total number of sessions across all users, which due to the pervasive use of TLS is huge. Therefore, in order to deploy TLS 1.3 in a theoretically sound way, it would be necessary to compensate this loss with unreasonably large parameters that would be infeasible for practical use at large scale. Hence, while these previous works show that in principle the design of TLS 1.3 is secure in an asymptotic sense, they do not yet provide any useful concrete security guarantees for real-world parameters used in practice. In this work, we provide a new security proof for the cryptographic core of TLS 1.3 in the random oracle model, which reduces the security of TLS 1.3 tightly (that is, with constant security loss) to the (multi-user) security of its building blocks. For some building blocks, such as the symmetric record layer encryption scheme, we can then rely on prior work to establish tight security. For others, such as the RSA-PSS digital signature scheme currently used in TLS 1.3, we obtain at least a linear loss in the number of users, independent of the number of sessions, which is much easier to compensate with reasonable parameters. Our work also shows that by replacing the RSA-PSS scheme with a tightly secure scheme (e.g., in a future TLS version), one can obtain the first fully tightly secure TLS protocol. Our results enable a theoretically sound selection of parameters for TLS 1.3, even in large-scale settings with many users and sessions per user.

scholarly journals Pairing-Free Certificateless Signature with Security Proof

2014 ◽  
Vol 2014 ◽  
pp. 1-6 ◽  
Author(s):  
Wenhao Liu ◽  
Qi Xie ◽  
Shengbao Wang ◽  
Lidong Han ◽  
Bin Hu
Keyword(s):  
Discrete Logarithm ◽  
Random Oracle Model ◽  
Bilinear Pairings ◽  
Random Oracle ◽  
Public Key ◽  
Public Key Cryptosystem ◽  
Management Problem ◽  
Security Proof ◽  
Certificateless Public Key Cryptosystem ◽  
Certificateless Signature

Since certificateless public key cryptosystem can solve the complex certificate management problem in the traditional public key cryptosystem and the key escrow problem in identity-based cryptosystem and the pairing computation is slower than scalar multiplication over the elliptic curve, how to design certificateless signature (CLS) scheme without bilinear pairings is a challenge. In this paper, we first propose a new pairing-free CLS scheme, and then the security proof is presented in the random oracle model (ROM) under the discrete logarithm assumption. The proposed scheme is more efficient than the previous CLS schemes in terms of computation and communication costs and is more suitable for the applications of low-bandwidth environments.

scholarly journals A Generic Framework for Accountable Optimistic Fair Exchange Protocol

Symmetry ◽  
2019 ◽  
Vol 11 (2) ◽  
pp. 285
Author(s):  
Jia-Ch’ng Loh ◽  
Swee-Huay Heng ◽  
Syh-Yuan Tan
Keyword(s):  
Standard Model ◽  
Random Oracle Model ◽  
Building Blocks ◽  
Random Oracle ◽  
Fair Exchange ◽  
Generic Framework ◽  
The Standard Model ◽  
Security Properties ◽  
Optimistic Fair Exchange ◽  
The One

Optimistic Fair Exchange protocol was designed for two parties to exchange in a fair way where an arbitrator always remains offline and will be referred only if any dispute happens. There are various optimistic fair exchange protocols with different security properties in the literature. Most of the optimistic fair exchange protocols satisfy resolution ambiguity where a signature signed by the signer is computational indistinguishable from the one resolved by the arbitrator. Huang et al. proposed the first generic framework for accountable optimistic fair exchange protocol in the random oracle model where it possesses resolution ambiguity and is able to reveal the actual signer when needed. Ganjavi et al. later proposed the first generic framework in the standard model. In this paper, we propose a new generic framework for accountable optimistic fair exchange protocol in the standard model using ordinary signature, convertible undeniable signature, and ring signature scheme as the underlying building blocks. We also provide an instantiation using our proposed generic framework to obtain an efficient pairing-based accountable optimistic fair exchange protocol with short signature.

scholarly journals Flexible selection of heterogeneous and unreliable services in large-scale grids

2009 ◽  
Vol 367 (1897) ◽  
pp. 2483-2494 ◽  
Author(s):  
Sebastian Stein ◽  
Terry R. Payne ◽  
Nicholas R. Jennings
Keyword(s):  
Real World ◽  
Large Scale ◽  
Service Providers ◽  
Service Selection ◽  
Third Party ◽  
Distributed Services ◽  
On Demand ◽  
Bioinformatics Workflow ◽  
Selection Of

As grids become larger and more interconnected in nature, scientists can benefit from a growing number of distributed services that may be invoked on demand to complete complex computational workflows. However, it also means that these scientists become dependent on the cooperation of third-party service providers, whose behaviour may be uncertain, failure prone and highly heterogeneous. To address this, we have developed a novel decision-theoretic algorithm that automatically selects appropriate services for the tasks of an abstract workflow and deals with failures through redundancy and dynamic re-invocation of functionally equivalent services. In this paper, we summarize our approach, describe in detail how it can be applied to a real-world bioinformatics workflow and show that it offers a significant improvement over current service selection techniques.

scholarly journals A Process Model for Dashboard Onboarding

2021 ◽  
Author(s):  
Vaishali Dhanoa ◽  
Conny Walchshofer ◽  
Andreas Hinterreiter ◽  
Holger Stitz ◽  
Eduard Gröller ◽  
...  
Keyword(s):  
Real World ◽  
Process Model ◽  
Building Blocks ◽  
Selection Of ◽  
Complex Datasets

Dashboards are used ubiquitously to gain and present insights into data by means of interactive visualizations.To bridge the gap between non-expert dashboard users and potentially complex datasets and/or visualizations, a variety of onboarding strategies are employed, including videos, narration, and interactive tutorials. We propose a process model for dashboard onboarding which formalizes and unifies such diverse onboarding strategies. Our model introduces the onboarding loop alongside the dashboard usage loop. Unpacking the onboarding loop reveals how each onboarding strategy combines selected building blocks of the dashboard with an onboarding narrative. Specific means are applied to this narration sequence for onboarding, which results in onboarding artifacts that are presented to the user via an interface. We concretize these concepts by showing how our process model can be used to describe a selection of real-world onboarding examples. Finally, we discuss how our model can serve as an actionable blueprint for developing new onboarding systems.

On the General Construction of Tightly Secure Identity-Based Signature Schemes

2020 ◽  
Vol 63 (12) ◽  
pp. 1835-1848
Author(s):  
Ge Wu ◽  
Zhen Zhao ◽  
Fuchun Guo ◽  
Willy Susilo ◽  
Futai Zhang
Keyword(s):  
Random Oracle Model ◽  
Random Oracle ◽  
General Construction ◽  
Security Level ◽  
Signature Schemes ◽  
Small Constant ◽  
Security Parameter ◽  
Cryptographic Primitive ◽  
Identity Based ◽  
Tight Security

Abstract A tightly secure scheme has a reduction, where the reduction loss is a small constant. Identity-based signature (IBS) is an important cryptographic primitive, and tightly secure IBS schemes enjoy the advantage that the security parameter can be optimal to achieve a certain security level. General constructions of IBS schemes (Bellare, M., Namprempre, C., and Neven, G. (2004) Security Proofs for Identity-Based Identification and Signature Schemes. In Proc. EUROCRYPT 2004, May 2–6, pp. 268–286. Springer, Berlin, Interlaken, Switzerland; Galindo, D., Herranz, J., and Kiltz, E. (2006) On the Generic Construction of Identity-Based Signatures With Additional Properties. In Proceedings of ASIACRYPT 2006, December 3–7, pp. 178–193. Springer, Berlin, Shanghai, China) and their security have been extensively studied. However, the security is not tight and how to generally construct a tightly secure IBS scheme remains unknown. In this paper, we concentrate on the general constructions of IBS schemes. We first take an insight into previous constructions and analyze the reason why it cannot achieve tight security. To further study possible tightly secure constructions, we propose another general construction, which could be seen as a different framework of IBS schemes. Our construction requires two traditional signature schemes, whereas the construction by Bellare et al. uses one scheme in a two-round iteration. There are no additional operations in our general construction. Its main advantage is providing the possibility of achieving tight security for IBS schemes in the random oracle model. Combining two known signature schemes, we present an efficient IBS scheme with tight security as an example.

Double-authentication-preventing signatures in the standard model

2021 ◽  
pp. 1-36
Author(s):  
Dario Catalano ◽  
Georg Fuchsbauer ◽  
Azam Soleimanian
Keyword(s):  
Standard Model ◽  
Random Oracle Model ◽  
Random Oracle ◽  
Polynomial Size ◽  
The Standard Model ◽  
Generic Construction ◽  
Self Enforcement ◽  
Digital Signature Scheme ◽  
Chameleon Hash ◽  
Main Construction

A double-authentication preventing signature (DAPS) scheme is a digital signature scheme equipped with a self-enforcement mechanism. Messages consist of an address and a payload component, and a signer is penalized if she signs two messages with the same addresses but different payloads. The penalty is the disclosure of the signer’s signing key. Most of the existing DAPS schemes are proved secure in the random oracle model (ROM), while the efficient ones in the standard model only support address spaces of polynomial size. We present DAPS schemes that are efficient, secure in the standard model under standard assumptions and support large address spaces. Our main construction builds on vector commitments (VC) and double-trapdoor chameleon hash functions (DCH). We also provide a DAPS realization from Groth–Sahai (GS) proofs that builds on a generic construction by Derler et al., which they instantiate in the ROM. The GS-based construction, while less efficient than our main one, shows that a general yet efficient instantiation of DAPS in the standard model is possible. An interesting feature of our main construction is that it can be easily modified to guarantee security even in the most challenging setting where no trusted setup is provided. To the best of our knowledge, ours seems to be the first construction achieving this in the standard model.

scholarly journals Compiled Constructions towards Post-Quantum Group Key Exchange: A Design from Kyber

Mathematics ◽  
2020 ◽  
Vol 8 (10) ◽  
pp. 1853
Author(s):  
José Ignacio Escribano Pablos ◽  
María Isabel González Vasco ◽  
Misael Enrique Marriaga ◽  
Ángel Luis Pérez del Pozo
Keyword(s):  
Random Oracle Model ◽  
Building Blocks ◽  
Random Oracle ◽  
Key Exchange ◽  
Encryption Scheme ◽  
Secret Key ◽  
Key Exchange Protocol ◽  
Group Key ◽  
Group Key Exchange ◽  
Starting Point

A group authenticated key exchange (GAKE) protocol allows a set of parties belonging to a certain designated group to agree upon a common secret key through an insecure communication network. In the last few years, many new cryptographic tools have been specifically designed to thwart attacks from adversaries which may have access to (different kinds of) quantum computation resources. However, few constructions for group key exchange have been put forward. Here, we propose a four-round GAKE which can be proven secure under widely accepted assumptions in the Quantum Random Oracle Model. Specifically, we integrate several primitives from the so-called Kyber suite of post-quantum tools in a (slightly modified) compiler from Abdalla et al. (TCC 2007). More precisely, taking as a starting point an IND-CPA encryption scheme from the Kyber portfolio, we derive, using results from Hövelmanns et al. (PKC 2020), a two-party key exchange protocol and an IND-CCA encryption scheme and prove them fit as building blocks for our compiled construction. The resulting GAKE protocol is secure under the Module-LWE assumption, and furthermore achieves authentication without the use of (expensive) post-quantum signatures.

New Signature and Multi-Signature Schemes with Tight Security Reduction Based on D-DDH Problem

2012 ◽  
Vol 263-266 ◽  
pp. 3052-3059
Author(s):  
Ze Cheng Wang
Keyword(s):  
Random Oracle Model ◽  
Random Oracle ◽  
Signature Scheme ◽  
Signature Schemes ◽  
Main Method ◽  
Discrete Logarithms ◽  
Diffie Hellman ◽  
Intractable Problem ◽  
Tight Security

Based on the newly introduced d-decisional Diffie-Hellman (d-DDH) intractable problem, a signature scheme and a multi-signature scheme are proposed. The main method in the constructions is a transformation of a knowledge proof on the equality of two discrete logarithms. The two schemes are proved secure in the random oracle model and the security reductions to the d-DDH problem are tight. Moreover, one can select different d for different security demand of applications. Thus the schemes are secure, efficient and practical.

scholarly journals HORSIC+: An Efficient Post-Quantum Few-Time Signature Scheme

2021 ◽  
Vol 11 (16) ◽  
pp. 7350
Author(s):  
Jaeheung Lee ◽  
Yongsu Park
Keyword(s):  
Security Analysis ◽  
Random Oracle Model ◽  
Random Oracle ◽  
Security Level ◽  
Signature Scheme ◽  
Signature Schemes ◽  
Security Proof ◽  
Time Signature ◽  
Resistant Family ◽  
Cryptographic Hash Functions

It is well known that conventional digital signature algorithms such as RSA and ECDSA are vulnerable to quantum computing attacks. Hash-based signature schemes are attractive as post-quantum signature schemes in that it is possible to calculate the quantitative security level and the security is proven. SPHINCS is a stateless hash-based signature scheme and introduces HORST few-time signature scheme which is an improvement of HORS. However, HORST as well as HORS suffers from pretty large signature sizes. HORSIC is proposed to reduce the signature size, yet does not provide in-depth security analysis. In this paper, we propose HORSIC+, which is an improvement of HORSIC. HORSIC+ differs from HORSIC in that HORSIC+ does not apply f as a plain function to the signature key, but uses a member of a function family. In addition, HORSIC+ uses the chaining function similar to W-OTS+. These enable the strict security proof without the need for the used function family to be a permutation or collision resistant. HORSIC+ is existentially unforgeable under chosen message attacks, assuming a second-preimage resistant family of undetectable one-way functions and cryptographic hash functions in the random oracle model. HORSIC+ reduces the signature size by as much as 37.5% or 18.75% compared to HORS and by as much as 61.5% or 45.8% compared to HORST for the same security level.

Sign in / Sign up

Export Citation Format

Share Document