Vector Commitments and Their Applications

Catalano, Dario; Fiore, Dario

doi:10.1007/978-3-642-36362-7_5

Cited by 216 publications

(129 citation statements)

References 30 publications

Supporting

Mentioning

128

Contrasting

Order By: Relevance

“…algorithm can be run by any user who holds a proof for some message at position with respect to , and it allows the user to compute an updated proof ′ (and the updated commitment ′) such that ′ will be valid with respect to ′ which contains ′ as the new message at position . Basically, the value U contains the update information which is needed to compute such values [22].…”

Section: Vector Commitmentmentioning

confidence: 99%

Cloud Data Integrity Auditing Over Dynamic Data for Multiple Users

Kumar¹,

Parthiban²

2017

IJIES

View full text Add to dashboard Cite

Abstract:Cloud computing is a state-of-the-art computing model, which encourages remote data storage. This facility shoots up the necessity of secure data auditing mechanism over outsourced data. Several mechanisms are proposed in the literature for supporting dynamic data. However, most of the existing schemes lack the security feature, which can withstand collusion attacks between the cloud server and the abrogated users. This paper presents a technique to overthrow the collusion attacks and the data auditing mechanism is achieved by means of vector commitment and backward unlinkable verifier local abrogation group signature. The proposed work allows multiple users to deal with the remote cloud data. The performance of the proposed approach is checked in terms of update, verify and enquiry time cost. The performance of the proposed work is analysed and compared with the existing techniques. The update time cost is lesser than the comparative techniques. However the verify time cost is greater, because of the process of integrity verification of the signature. Hence, this work ensures quality of service and tightened security by having reasonable update time and a strict verification policy respectively.

show abstract

Section: Vector Commitmentmentioning

confidence: 99%

Cloud Data Integrity Auditing Over Dynamic Data for Multiple Users

Kumar¹,

Parthiban²

2017

IJIES

View full text Add to dashboard Cite

show abstract

“…We provide two ideal functionalities F REV for revocation and propose two different constructions built from the vector commitments [10]. The first one hides the revocation status of a user from other users and from the verifiers, whereas in the second one, as for accumulators, revocation lists are public.…”

Section: Example: Flexible Revocation For Attribute-based Credentialsmentioning

confidence: 99%

UC Commitments for Modular Protocol Design and Applications to Revocation and Attribute Tokens

Camenisch

Dubovitskaya

Rial³

2016

Advances in Cryptology – CRYPTO 2016

View full text Add to dashboard Cite

Abstract. Complex cryptographic protocols are often designed from simple cryptographic primitives, such as signature schemes, encryption schemes, verifiable random functions, and zero-knowledge proofs, by bridging between them with commitments to some of their inputs and outputs. Unfortunately, the known universally composable (UC) functionalities for commitments and the cryptographic primitives mentioned above do not allow such constructions of higher-level protocols as hybrid protocols. Therefore, protocol designers typically resort to primitives with property-based definitions, often resulting in complex monolithic security proofs that are prone to mistakes and hard to verify. We address this gap by presenting a UC functionality for non-interactive commitments that enables modular constructions of complex protocols within the UC framework. We also show how the new functionality can be used to construct hybrid protocols that combine different UC functionalities and use commitments to ensure that the same inputs are provided to different functionalities. We further provide UC functionalities for attribute tokens and revocation that can be used as building blocks together with our UC commitments. As an example of building a complex system from these new UC building blocks, we provide a construction (a hybrid protocol) of anonymous attribute tokens with revocation. Unlike existing accumulator-based schemes, our scheme allows one to accumulate several revocation lists into a single commitment value and to hide the revocation status of a user from other users and verifiers.

show abstract

“…For instance, in the traditional discrete logarithm setting, there are different solutions [21,4,2], where the size of the actual non-membership proof is O(k), O( √ k), O(log k), respectively. In other settings, the primitive of universal and dynamic cryptographic accumulators [9,20] can be used to obtain non-membership proofs whose size is independent of k. This is possible in the pairing-based setting (by using the accumulator-based protocols in [6,11]) and in the RSA-based setting (by using the accumulator-based protocol in [20]). …”

Section: The Problemmentioning

confidence: 99%

On the Efficiency of Revocation in RSA-Based Anonymous Systems

Fueyo

Herranz

2016

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Abstract. The problem of revocation in anonymous authentication systems is subtle and has motivated a lot of work. One of the preferable solutions consists in maintaining either a whitelist LW of non-revoked users or a blacklist LB of revoked users, and then requiring users to additionally prove, when authenticating themselves, that they are in LW (membership proof) or that they are not in LB (non-membership proof). Of course, these additional proofs must not break the anonymity properties of the system, so they must be zero-knowledge proofs, revealing nothing about the identity of the users. In this paper we focus on the RSA-based setting and we consider the case of non-membership proofs to blacklists L = LB. The existing solutions for this setting rely on the use of universal dynamic accumulators [20]; the underlying zero-knowledge proofs are a bit complicated and thus their efficiency, although being independent from the size of the blacklist L, seems to be improvable. Peng and Bao [21] already tried to propose simpler and more efficient zeroknowledge proofs for this setting, but we prove in this paper that their protocol is not secure. We fix the problem by designing a new protocol and formally proving its security properties. We then compare the efficiency of the new zero-knowledge non-membership protocol with that of the protocol in [20], when they are integrated with anonymous authentication systems based on RSA (notably, the IBM product Idemix for anonymous credentials). We discuss for which values of the size k of the blacklist L one protocol is preferable to the other one and we propose different ways to combine and implement the two protocols.

show abstract

Vector Commitments and Their Applications

Cited by 216 publications

References 30 publications

Cloud Data Integrity Auditing Over Dynamic Data for Multiple Users

Cloud Data Integrity Auditing Over Dynamic Data for Multiple Users

UC Commitments for Modular Protocol Design and Applications to Revocation and Attribute Tokens

On the Efficiency of Revocation in RSA-Based Anonymous Systems

Contact Info

Product

Resources

About