CITS » Lehre » Wintersemester 2015/2016

Oberseminar über Kryptographie



Dozent Zeit Raum Erstmals am
Prof. A. May
Prof. Eike Kiltz 		freitags, 10.45-12.00 NA 5/64 16.10.15
Datum Vor­tra­gen­de Per­son Titel Raum­num­mer Be­ginn
16.10 Carla Rafols Succinct Non-Interactive Zero-Knowledge Proofs 5/64 10.45 Uhr
30.10 Gennadij Liske Construction of fully CCA2-secure predicate encryption schemes 5/64 10.45 Uhr
06.11 Manuel Fersch An analysis of DSA and ECDSA without generic groups 5/64 10.45 Uhr

Succinct Non-Interactive Zero-Knowledge Proofs

In this talk I will present recent developments on the construction of SNARKs (Succint Non-Interactive Arguments of Knowledge). The term succint is used to indicate that these arguments of knowledge are independent of the size of the witness and in particular, known constructions (in the standard model but under knowledge assumptions) achieve constant-size. SNARKs have attracted a lot of attention recently due to their applcation to verifiable computation. To construct SNARKs in the standard model, Gentry, Gennaro, Parno and Raykova (EC'13) gave a new characterization of NP as Quadratic Span Programs. Danezis, Fournet, Groth and Kohlweiss (AC'14) simplified this result and introduced the notion of Square Span Programs. I will review these results, mostly concentrating on the work of Danezis, Fournet, Groth and Kohlweiss at AC'14.

CCA-secure constructions of PE

We present a new framework for constructing fully CCA2-secure predicate encryption schemes with public index in composite-order groups from pair encoding schemes defined by Nuttapong Attrapadung [1]. Our construction is the first in the context of general predicate encryption which uses the technique of so-called well-formedness proofs known from public key encryption [2] and identity-based encryption [3]. The resulting constructions are simpler and more efficient compared to the schemes achieved using known generic transformation from CPA-secure to CCA2-secure schemes [4], which adapts the ideas of BCHK transformation [5]. The reduction costs of our framework are comparable to the reduction costs of the underlying CPA-secure framework of Nuttapong Attrapadung. We achieve this last result by applying the dual system encryption methodology of Brent Waters [6] in a novel way.

An analysis of DSA and ECDSA without generic groups

Arguably, the digital signature schemes most widely deployed in practice are the Digital Signature Algorithm (DSA) and its variant ECDSA defined over Elliptic Curves. This is in sharp contrast to the absence of a rigorous security analysis. Previous considerations either consider modified versions of (EC)DSA or provide a security analysis of unmodified ECDSA in the generic group model. The latter result has been criticized due to the fact that it actually proves strong unforgeability, a security property that ECDSA does not posses. There is no known security analysis that applies to DSA. In this work we propose GenericDSA, a signature framework which subsumes both DSA and ECDSA in unmodified form. It carefully models the “modulo q” conversion function of (EC)DSA as a composition of three independent functions. The two outer functions mimic algebraic properties in the function’s domain and range, the inner one is modeled as a random bijection. We prove several results about the unforgeability of GenericDSA implying that forging signatures in DSA and ECDSA is as hard as solving discrete logarithms, making only reasonable assumptions to the hash function. Our results do not involve any generic group assumption.