1 / 41

A survey of the server-aided verification models

A survey of the server-aided verification models. Outline. Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion. GL05. Wu08. Wang10. Wu11. Wang11. Introduction. 簡單回顧從 2005 年到 2012 年之間,有關 server-aided verification (SAV) 的文章。. Outline. Introduction

quentin-good
Download Presentation

A survey of the server-aided verification models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A survey of the server-aided verification models

  2. Outline • Introduction • Survey: GL05 • Survey: Wu08 • Survey: Wang10 • Survey: Wu11 and Wang11 • Conclusion

  3. GL05 Wu08 Wang10 Wu11 Wang11 Introduction • 簡單回顧從2005年到2012年之間,有關server-aided verification (SAV)的文章。

  4. Outline • Introduction • Survey: GL05 • Survey: Wu08 • Survey: Wang10 • Survey: Wu11 and Wang11 • Conclusion

  5. Server-Aided Verification: Theory and Practice Marc Girault and David Lefranc Asiacrypt2005, pp. 605 – 623, 2005 Cites: 16

  6. Definitions • The model of an interactive proof of knowledge

  7. Definitions • Definition 1. Legitimate / Misbehaving / Cheating. • In an interactive proof of knowledge between a prover P and a verifier V, P maybe deviates from the protocol. • : legitimate • : cheating • : misbehaving

  8. Definitions • Definition 2. SAV protocol.

  9. Definitions • Definition 2. SAV protocol. • The protocol is said to be a server-aided verification protocol (SAV) for if: • Auxiliary completeness. • Auxiliary soundness. • Computational saving. • Auxiliary non-repudiation.

  10. Definitions

  11. Auxiliary Soundness • The final predicate • Hard to know • The final predicate is construction from the predicate by randomizing it, that only the verifier known it. • Hard to solve • The final predicate is construction from the predicate such that the final predicate is computationally hard to solve.

  12. Security model in the case of signature scheme • To proof the soundness of a SAV protocol • Assume

  13. SAV protocol for identification schemes Hard-to-know-based SAV protocol

  14. SAV protocol for identification schemes Hard-to-solve-based SAV protocol

  15. Comparison table

  16. Summary • 提出SAV所需要滿足的安全性條件。 • 延伸原本signature scheme的協定,讓它具有server-aided功能。

  17. Outline • Introduction • Survey: GL05 • Survey: Wu08 • Survey: Wang10 • Survey: Wu11 and Wang11 • Conclusion

  18. Server-Aided Verification Signatures: Definitions and New Constructions Wei Wu, Yi Mu, Willy Susilo, and Xinyi huang ProvSec 2008, pp. 141 – 155, 2008 Cites: 9

  19. Definitions • A signature scheme

  20. Definitions • Requirements • Completeness • Existential unforgeability of • Existential unforgeability under adaptive chose message attacks

  21. Definitions • Requirements • Existential unforgeability of • Setup. C: A: • Queries. A can request qs sign queries. • Output. A outputs a pair and wins this game if

  22. Definitions • A server-aided verification signature scheme • The ordinary signature scheme

  23. Definitions • Requirements • Completeness • Computational saving • Existential unforgeability

  24. Definitions • Requirements • Existential unforgeability of • Setup. C: A: • Queries. A can request the following queries. • qs sign queries • qv server-aided verification queries. • A acts as the server, C acts as the verifier. • Executing SAV-Verify, C returns the result to A at the end for each queries. • Output. A outputs a pair and wins this game if

  25. Definitions

  26. Definitions • SAV- against Collusion and Adaptive chosen message attacks • Setup. C: A: • Queries. A only need to make server-aided verification queries. • Output. A outputs a message m*. C chooses a random element where is the set of valid signatures of m* as the response. A wins this game if

  27. SAV protocol for signature schemes

  28. SAV protocol for signature schemes

  29. SAV protocol for signature schemes

  30. Summary • 定義SAV的不可偽造性。 • 提出signer與server共謀的攻擊。

  31. Outline • Introduction • Survey: GL05 • Survey: Wu08 • Survey: Wang10 • Survey: Wu11 and Wang11 • Conclusion

  32. Comment on Wu et al.’s Server-aided Verification Signature Scheme Zhiwei Wang, Licheng Wang, Yixian Yang, and Zhengming Hu International Journal of Network Security, Vol. 10, No. 3, pp. 204 – 206, 2010 Cites: 5

  33. New definition of the security of SAV-Σ against collusion and adaptive chosen message attacks • An untrusted server is very likely to collude with a signature forger. • Setup. C: A: • Queries. A can only make qv server-aided verification queries. • Output. A outputs a pair where is chosen by A under (pkf, skf). A wins this game if

  34. Summary • 作者認為Wu等人的攻擊方式不夠詳盡,於是提出一個更新的model,並証明Wu等人的SAV-BLS在這model之下是安全的。

  35. Outline • Introduction • Survey: GL05 • Survey: Wu08 • Survey: Wang10 • Survey: Wu11 and Wang11 • Conclusion

  36. Provably secure server-aided verification signatures Wei Wu, Yi Mu, Willy Susilo, and Xinyi Huang Computer and Mathematics with Applications, pp. 1705 – 1723, 2011. Cites: 4

  37. A new construction of the server-aided verification signature scheme Zhiwei Wang Mathematical and Computer Modeling, Vol. 55, Issues 1 – 2, pp. 97 – 101, 2011 Cites: 1

  38. Outline • Introduction • Survey: GL05 • Survey: Wu08 • Survey: Wang10 • Survey: Wu11 and Wang11 • Conclusion

  39. Comparisons

  40. The different of the definition of the against collusion and ACMA

  41. Conclusions • Models • EUF => Soundness • The different of the definition of the against collusion and ACMA • More rational attack model • Multi-signer • Multi-server • Server collude with a misbehaving verifier

More Related