Non-interactive Provably Secure Attestations for Arbitrary RSA Prime Generation Algorithms

Benhamouda, Fabrice; Ferradi, Houda; Géraud, Rémi; Naccache, David

doi:10.1007/978-3-319-66402-6_13

Cited by 7 publications

(5 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, in the well-known public key cryptosystem, invented by Rivest, Shamir and Adleman (RSA), the need for selection of prime numbers is fundamental, and the selection of prime numbers in many ways determines the strength of the encryption [100]. Recently Benhamouda et al study new type of general-purpose compact non-interactive proofs, called attestations, which allow to confirm that n was a properly generated prime number [101].…”

Section: Methods For Generating Prime Numbers For Datamentioning

confidence: 99%

Information Security Methods—Modern Research Directions

et al. 2019

View full text Add to dashboard Cite

In Tomsk University of Control Systems and Radioelectronics (TUSUR) one of the main areas of research is information security. The work is carried out by a scientific group under the guidance of Professor Shelupanov. One of the directions is the development of a comprehensive approach to assessing the security of the information systems. This direction includes the construction of an information security threats model and a protection system model, which allow to compile a complete list of threats and methods of protection against them. The main directions of information security tools development are dynamic methods of biometrics, methods for generating prime numbers for data encryption, steganography, methods and means of data protection in Internet of Things (IoT) systems. The article presents the main results of research in the listed areas of information security. The resultant properties in symmetric cryptography are based on the properties of the power of the generating functions. The authors have obtained symmetric principles for the development of primality testing algorithms, as discussed in the Appendix.Symmetry 2018, 10, x FOR PEER REVIEW 3 of 33 Ported to AMR system devices, IPsec ensures mutual authentication of network devices using the IKEv2 protocol. Optionally, the network can be configured based on the EAP-PSK protocol. During configuration, the devices receive network addresses and authentication keys, at which point the execution of EAP-PSK is stopped and data is transferred via IPsec. Another option is to use pre-installed certificates on the devices. In this case, the initial configuration is done manually, but the network does not require EAP-PSK to be used.Data integrity control and encryption during transmission are provided by ESP, which is the protocol used in IPsec at the transport level. This protocol ensures the security of both the data transmitted and packet headers at the network level.This approach makes it possible to ensure reliable authentication of the AMR system devices and the security of the data to be transmitted and opens a wide range of options for the configuration of network operation; however, it cannot be used in networks with heterogeneous communication channels. The EAP-PSK-based approach offers less flexibility but is suitable for networks with heterogeneous communication channels. For an AMR system, a list of threats was proposed based on the developed methodology. Threats to the confidentiality of the system are threats related to the collection of information about the system. This can be a list of devices, software versions, authentication data, access control policies, network addresses, interaction protocols, etc. Threats to the integrity of the automated system for commercial accounting are: substitution of an object, substitution of a communication channel, deletion of an object, destruction of a communication channel, addition of an unauthorized object, creation of an unauthorized communication channel; change of communication channel or object settings...

show abstract

Section: Methods For Generating Prime Numbers For Datamentioning

confidence: 99%

Information Security Methods—Modern Research Directions

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Proofs of Correct Form of Moduli. An orthogonal to the above line of work intends to prove that the group itself is not subverted [3,10,19,41,42,61], meaning that the modulus N of the RSA group has some beneficial property; for example is square-free, a product of two primes, a product of equally-sized primes, a Blum integer or a product of two safe primes, etc. Other works consider proving that moduli are correctly formed in the context of specific applications as password-based key agreement [23] or threshold ECDSA signatures [21].…”

Section: Proofs Over Groups Of Unknownmentioning

confidence: 99%

“…The DV Prot protocol is knowledgesound in the designated verifier model, provided that the AHE is IND-CPA secure. 10 Proof. Suppose that (vpk, vsk, τ) $ ← − KeyGen(1 λ ), where τ = {c 1 , .…”

Section: Theorem 1 (Knowledge Soundness)mentioning

confidence: 99%

Zero-Knowledge Arguments for Subverted RSA Groups

Kolonelos

Maller²,

Volkhov

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This work investigates zero-knowledge protocols in subverted RSA groups where the prover can choose the modulus and where the verifier does not know the group order. We introduce a novel technique for extracting the witness from a general homomorphism over a group of unknown order that does not require parallel repetitions. We then present a NIZK range proof for general homomorphisms as Paillier encryptions in the designated verifier model that works under a subverted setup. The key ingredient of our proof is a constant sized NIZK proof of knowledge for a plaintext. Security is proven in the ROM assuming an IND-CPA additively homomorphic encryption scheme. The verifier's public key can be maliciously generated and is reusable and linear in the number of proofs to be verified.

show abstract

“…Wong, Chan, and Zhu [WCZ03, Section 3.2] and Catalano, Pointcheval, and Pornin [CPP07, Appendix D.2] present interactive protocols (using techniques similar to ours) that, like the protocols of [AP18], also work only over Z * N rather than the entire Z N . The protocols given by Camenisch and Michels [CM99, Section 5.2] and Benhamouda et al [BFGN17] achieve much stronger goals. The former proves N = pq is a product of two safe primes (i.e., p, q, (p−1)/2, and (q−1)/2 are all prime); the second can prove that any prespecified procedure for generating the primes p and q was followed.…”

Section: Related Workmentioning

confidence: 99%

“…The former proves N = pq is a product of two safe primes (i.e., p, q, (p−1)/2, and (q−1)/2 are all prime); the second can prove that any prespecified procedure for generating the primes p and q was followed. These protocols can be used to prove that (N, e) specifies a permutation by imposing mild additional conditions on e (and the prime generation procedure for [BFGN17]). However, these stronger goals are not necessary for our purposes.…”

Section: Related Workmentioning

confidence: 99%

Efficient Noninteractive Certification of RSA Moduli and Beyond

Goldberg

Reyzin

Sagga

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In many applications, it is important to verify that an RSA public key (N, e) specifies a permutation over the entire space Z N , in order to prevent attacks due to adversarially-generated public keys. We design and implement a simple and efficient noninteractive zero-knowledge protocol (in the random oracle model) for this task. Applications concerned about adversarial key generation can just append our proof to the RSA public key without any other modifications to existing code or cryptographic libraries. Users need only perform a one-time verification of the proof to ensure that raising to the power e is a permutation of the integers modulo N . For typical parameter settings, the proof consists of nine integers modulo N ; generating the proof and verifying it both require about nine modular exponentiations.We extend our results beyond RSA keys and also provide efficient noninteractive zeroknowledge proofs for other properties of N , which can be used to certify that N is suitable for the Paillier cryptosystem, is a product of two primes, or is a Blum integer. As compared to the recent work of Auerbach and Poettering (PKC 2018), who provide two-message protocols for similar languages, our protocols are more efficient and do not require interaction, which enables a broader class of applications.

show abstract

Non-interactive Provably Secure Attestations for Arbitrary RSA Prime Generation Algorithms

Cited by 7 publications

References 27 publications

Information Security Methods—Modern Research Directions

Information Security Methods—Modern Research Directions

Zero-Knowledge Arguments for Subverted RSA Groups

Efficient Noninteractive Certification of RSA Moduli and Beyond

Contact Info

Product

Resources

About