Malleable Signatures: New Definitions and Delegatable Anonymous Credentials

Chase, Melissa; Kohlweiss, Markulf; Lysyanskaya, Anna; Meiklejohn, Sarah

doi:10.1109/csf.2014.22

Cited by 39 publications

(32 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Well known ABC systems are for instance the multishow system Idemix [5] and the one-show system U-Prove [29]. Recently also some alternative approaches for ABC systems from malleable signature schemes [6,9] and a variant of structure-preserving signatures [22] have been proposed.…”

Section: Privacy Preserving Service Usagementioning

confidence: 99%

Towards a New Paradigm for Privacy and Security in Cloud Services

Lorünser

Rodriguez

Demirel

et al. 2015

Cyber Security and Privacy

View full text Add to dashboard Cite

Abstract. The market for cloud computing can be considered as the major growth area in ICT. However, big companies and public authorities are reluctant to entrust their most sensitive data to external parties for storage and processing. The reason for their hesitation is clear: There exist no satisfactory approaches to adequately protect the data during its lifetime in the cloud. The EU Project Prismacloud (Horizon 2020 programme; duration 2/2015-7/2018) addresses these challenges and yields a portfolio of novel technologies to build security enabled cloud services, guaranteeing the required security with the strongest notion possible, namely by means of cryptography. We present a new approach towards a next generation of security and privacy enabled services to be deployed in only partially trusted cloud infrastructures.

show abstract

Section: Privacy Preserving Service Usagementioning

confidence: 99%

Towards a New Paradigm for Privacy and Security in Cloud Services

Lorünser

Rodriguez

Demirel

et al. 2015

Cyber Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Constructing delegatable anonymous credentials out of malleable signatures has very recently been investigated by Chase et al [23]. However, the authors only consider one fixed set of allowable transformations per malleable signature scheme and do not allow the signer to restrict malleability (per message) nor does their system allow any way to restrict delegation.…”

Section: Related Workmentioning

confidence: 99%

Delegatable Functional Signatures

Backes

Meiser

Schröder

2016

Public-Key Cryptography – PKC 2016

View full text Add to dashboard Cite

We introduce delegatable functional signatures (DFS) which support the delegation of signing capabilities to another party, called the evaluator, with respect to a functionality F. In a DFS, the signer of a message can choose an evaluator, specify how the evaluator can modify the signature without voiding its validity, allow additional input and decide how the evaluator can further delegate its capabilities.The main contribution of this paper is twofold. First, we propose DFS, a novel cryptographic primitive that unifies several seemingly different signature primitives, including functional signatures as defined by Boyle, Goldwasser, and Ivan (eprint 2013/401), sanitizable signatures, identity based signatures, and blind signatures. To achieve this unification, we present several definitions of unforgeability and privacy. Finding appropriate and meaningful definitions in this context is challenging due to the natural mealleability of DFS and due to the multi-party setting that may involve malicious keys.Second, we present a complete characterization of the instantiability of DFS under common assumptions, like the existence of one-way functions. Here, we present both positive and negative results. On the positive side we show that DFS not achieving our notion of privacy can be constructed from one-way functions. Furthermore, we show that unforgerable and private DFS can be constructed from doubly enhanced trapdoor permutations. On the negative side we show that the previous result is optimal regarding its underlying assumptions presenting an impossibility result for unforgeable private DFS from one-way permutations.

show abstract

“…The EXT game includes a possibly non-PT test of membership in the range of the family, but we will ensure that adversaries (who must remain PT) do not perform this test. Our definition of simulatability follows [35,1,34]. Those definitions were for general signatures, not F-keyed ones, and one difference is that our simulator can set only the auxiliary parameters, not the full parameters, meaning it does not set fp.…”

Section: Key-versatile Signaturesmentioning

confidence: 99%

“…The claims established about the construction are however different, with [43] establishing leakage resilience and unforgeability of the signature and our work showing simulatability and key-extractability. The technique of [43] was also used by [34] to construct malleable signatures. Going back further, the first NIZK-based signature scheme was that of [11].…”

Section: Key-versatile Signaturesmentioning

confidence: 99%

“…Our simulatability condition, adapting [35,1,34], asks for a trapdoor allowing the creation of simulated signatures given only the message and public key, even when the secret key underlying this public key is adversarially chosen. Our key-extractability condition, adapting [35], asks that, using the same trapdoor, one can extract from a valid signature the corresponding secret key, even when the public key is adversarially chosen.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Key-Versatile Signatures and Applications: RKA, KDM and Joint Enc/Sig

Bellare

Meiklejohn

Thomson

2014

Advances in Cryptology – EUROCRYPT 2014

Self Cite

View full text Add to dashboard Cite

This paper introduces key-versatile signatures. Key-versatile signatures allow us to sign with keys already in use for another purpose, without changing the keys and without impacting the security of the original purpose. This allows us to obtain advances across a collection of challenging domains including joint Enc/Sig, security against related-key attack (RKA) and security for key-dependent messages (KDM). Specifically we can (1) Add signing capability to existing encryption capability with zero overhead in the size of the public key (2) Obtain RKA-secure signatures from any RKA-secure one-way function, yielding new RKA-secure signature schemes (3) Add integrity to encryption while maintaining KDM-security.

show abstract

Malleable Signatures: New Definitions and Delegatable Anonymous Credentials

Cited by 39 publications

References 48 publications

Towards a New Paradigm for Privacy and Security in Cloud Services

Towards a New Paradigm for Privacy and Security in Cloud Services

Delegatable Functional Signatures

Key-Versatile Signatures and Applications: RKA, KDM and Joint Enc/Sig

Contact Info

Product

Resources

About