Leak-free Group Signatures with Immediate Revocation
AUTHORS: X. Ding and G. Tsudik and S. Xu
REFERENCE: The 24th International Conference on Distributed Computing Systems (ICDCS'2004)
Abstract
Group signatures are an interesting and appealing cryptographic construct with many promising potential applications. The popularity of group signatures is evident from many recent research results that investigated precise definitions and realizations of group signature schemes. This paper is motivated by attractive features of group signatures, particularly, the potential to serve as foundation for anonymous credential systems. With that in mind, we re-examine the whole notion of group signatures from a systems perspective. Somewhat surprisingly, we discover that there are two new and hereto un-addressed requirements: leak-freedom and immediate-revocation, that are crucial for a large class of enterprise-centric applications. We then propose a new group signature scheme that achieves all identified properties. Our scheme is based on the so-called systems architecture approach. It is appreciably more efficient than the state-of-the-art, easy to implement and reflects the well-known separation-of-duty principle. Another benefit of our scheme is the obviated reliance on underlying anonymous communication channels, which has been a requirement in all previous group signature schemes.
Fine-grained
Control of Security Capabilities
AUTHORS: D. Boneh and X. Ding and G. Tsudik
REFERENCE: ACM Transactions on Internet Technology, (to appear in 2004)
Abstract
We present a new approach for fine-grained control over users' security privileges (fast revocation of credentials) centered around the concept of an on-line semi-trusted mediator SEM . The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a number of practical advantages over current revocation techniques. The benefits include simplified validation of digital signatures, efficient certificate revocation for legacy systems and fast revocation of signature and decryption capabilities. This paper discusses both the architecture and the implementation of our approach as well as its performance and compatibility with the existing infrastructure. Experimental results demonstrate its practical aspects.
Simple
Identity-Based Encryption with Mediated RSA
AUTHORS: X. Ding and G. Tsudik
REFERENCE: Cryptographer's Track RSA Conference, 2003
Abstract
Identity-based public key encryption facilitates easy introduction of public key cryptography by allowing an entity's public key to be derived from an arbitrary identification value, such as name or email address. The main practical benefit of identity-based cryptography is in greatly reducing the need for, and reliance on, public key certificates. Although some interesting identity-based techniques have been developed in the past, none are compatible with popular public key encryption algorithms (such as El Gamal and RSA). This limits the utility of identity-based cryptography as a transitional step to full-blown public key cryptography. Furthermore, it is fundamentally difficult to reconcile fine-grained revocation with identity-based cryptography.
Mediated RSA (mRSA) is a simple and practical method of splitting a RSA private key between the user and a Security Mediator (SEM). Neither the user nor the SEM can cheat one another since each cryptographic operation (signature or decryption) involves both parties. mRSA allows fast and fine-grained control of users' security privileges. However, mRSA still relies on conventional public key certificates to store and communicate public keys. In this paper, we present IB-mRSA, a simple variant of mRSA that combines identity-based and mediated cryptography. Under the random oracle model, IB-mRSA with OAEP[BelRog94a] is shown as secure (against adaptive chosen ciphertext attack) as standard RSA with OAEP. Furthermore, IB-mRSA is simple, practical, and compatible with current public key infrastructures.
Experimenting with Server-Aided Signatures
AUTHORS: X. Ding, G. Tsudik and D. Mazzocchi
REFERENCE: Network and Distributed System Security Symposium,2002
Abstract
This paper explores practical and conceptual implications of using Server-Aided Signatures (SAS). SAS is a signature method that relies on partially-trusted servers for generating public key signatures for regular users. Although the primary goal is to aid small, resource-limited devices in computing heavy-weight (normally expensive) digital signatures, SAS also offers fast certificate revocation, signature causality and reliable timestamping. It also has some interesting features such as built-in attack detection for users and DoS resistance for servers.
A Method for Fast Revocation of Public Key Certificates and Security Capabilities
AUTHORS: D. Boneh, X. Ding, G. Tsudik and M. Wong
REFERENCE: 10th Usenix Security Symposium, Washington D.C. 2001
Abstract
We present a new approach to fast certificate revocation centered around the concept of an on-line semi-trusted mediator (SEM). The use of a SEM in conjunction with a simple threshold variant of the RSA cryptosystem (mediated RSA) offers a number of practical advantages over current revocation techniques. Our approach simplifies validation of digital signatures and enables certificate revocation within legacy systems. It also provides immediate revocation of all security capabilities. This paper discusses both the architecture and implementation of our approach as well as performance and compatibility with the existing infrastructure. Our results show that threshold cryptography is practical for certificate revocation.
Generating RSA Keys on a Handheld Using an Untrusted Server
AUTHORS: N. Modadugu, D. Boneh, and M. Kim
REFERENCE: Cryptographer's Track RSA Conference, 2000
Abstract
We show how to efficiently generate RSA keys on a low power handheld device with the help of an untrusted server. Most of the key generation work is offloaded onto the server. However, the server learns no information about the key it helped generate. We experiment with our techniques and show they result in up to a factor of 5 improvement in key generation time. The resulting RSA key looks like an RSA key for paranoids. It can be used for encryption and key exchange, but cannot be used for signatures.
Server-Supported Signatures
AUTHORS: N. Asokan, G. Tsudik and M. Waidners
REFERENCE: Journal of Computer Security, November 1997
Abstract
Non-repudiation is one of the most important security services. In this paper, we present a novel non-repudiation technique, called Server Supported Signatures, S3. It is based on one-way hash functions and traditional digital signatures. One of its highlights is that for ordinary users the use of asymmetric cryptography is limited to signature verification. S3 is efficient in terms of computational, communication and storage costs. It also offers a degree of security comparable to that of existing techniques based on asymmetric cryptography.
