Resgate de autoria em esquemas de assinatura em anel / Retrieving authorship from ring signature schemes

Antonio Emerson Barros Tomaz

23 May 2014

A proposta apresentada nesta dissertaÃÃo representa uma expansÃo do conceito original de assinatura em anel. Um esquema de assinatura em anel permite que um membro de um grupo divulgue uma mensagem anonimamente, de tal forma que cada um dos membros do grupo seja considerado o possÃvel autor da mensagem. A ideia principal de uma assinatura em anel à garantir o anonimato do assinante e ainda garantir a autenticidade da informaÃÃo, mostrando que a mensagem partiu de um dos membros do referido grupo. Esta dissertaÃÃo apresenta um esquema de assinatura em anel baseado no esquema de Rivest et al. (2001), em que o assinante pode, mais tarde, revogar seu anonimato apresentando valores secretos que provam que somente ele seria capaz de gerar tal assinatura. Esta propriedade serà chamada aqui de resgate de autoria. A principal diferenÃa em relaÃÃo ao trabalho de Rivest et al. (2001) à apresentada antes mesmo de comeÃar a geraÃÃo da assinatura. Os valores utilizados como entrada para a funÃÃo trapdoor serÃo cÃdigos de autenticaÃÃo de mensagem - MACs gerados pelo algoritmo HMAC, um algoritmo de autenticaÃÃo de mensagem baseado em funÃÃo hash resistente à colisÃo. Essa modificaÃÃo simples permitirà que, no futuro, o assinante revele-se como o verdadeiro autor da mensagem apresentando os valores secretos que geraram os MACs. / The proposal presented in this thesis represents an expansion of the original concept of ring signature. A ring signature scheme allows a member of a group to publish a message anonymously, so that each member of the group can be considered the author of the message. The main idea of a ring signature is to guarantee the anonymity of the subscriber also ensure the authenticity of information, showing that the message came from one of the members of that group. This thesis presents a signature scheme based on (RIVEST et al., 2001), where the subscriber can later revoke anonymity presenting secret values that prove that he would only be able to generate such a signature. This property will be referred to here as rescue of authorship. The main difference to the proposal of Rivest et al. (2001) is presented before we even begin signature generation. The values used as input to the trapdoor function are message authentication codes - MACs generated by the HMAC algorithm, an algorithm for message authentication based on hash function collision resistant. This simple modification will allow, in the future, the subscriber to reveal itself as the true author of the message by showing the secret values to generate those MACs.

CÃdigos de autenticaÃÃo de mensagem

FunÃÃes hash

FunÃÃes trapdoor

Ring signature

Message authentication code

MAC

Hash functions

Trapdoor functions

RSA

Cryptography

TELEINFORMATICA

Signature et identification pour l'anonymat basées sur les réseaux / Lattice-based signature and identification schemes for anonymity

Bettaieb, Slim

26 September 2014

La cryptographie basée sur les réseaux a connu depuis quelques années un très fort développement notamment du fait qu’il existe des systèmes cryptographiques basés sur les réseaux avec des propriétés de sécurité plus fortes que dans les cas plus classiques de théorie des nombres. Les problèmes difficiles des réseaux, par exemple le problème de trouver des vecteurs courts non nuls, semblent résister aux attaques utilisant des ordinateurs quantiques et les meilleurs algorithmes qui existent pour les résoudre sont exponentiels en fonction du temps. L’objet de cette thèse est la construction de primitives cryptographiques à clé publique pour l’ano- nymat dont la sécurité repose sur des problèmes difficiles des réseaux.Nous nous intéressons aux schémas de signature de cercle. Tout d’abord, nous proposons une nouvelle définition d’anonymat et nous exposons un nouveau schéma de signature de cercle. Ensuite, nous donnons une étude de sécurité rigoureuse suivant deux définitions de résistance la contrefaçon. La première est la résistance à la contrefaçon contre les attaques à sous-cercles choisis et la deuxième est la résistance à la contrefaçon contre les attaques de corruption interne.Nous présentons ensuite un nouveau schéma d’identification de cercle et nous développons une analyse complète de sa sécurité. Enfin, nous montrons que les techniques utilisées pour construire le schéma précédent peuvent être utilisées pour construire un schéma d’identification de cercle à seuil. / Lattice-based cryptography has known during the last decade rapid develop- ments thanks to stronger security properties. In fact, there exist lattice-based cryp- tographic systems whose security is stronger than those based on the conventional number theory approach. The hard problems of lattices, for example the problem of finding short non-zero vectors, seems to resist quantum computers attacks. Mo- reover, the best existing algorithms solving them are exponential in time. The pur- pose of this thesis is the construction of public key cryptographic primitives for anonymity, whose security is based on the latter.In particular, we are interested in ring signature schemes. First, we propose a new formal definition of anonymity and we present a new ring signature scheme. Second, we give a rigorous study of security, following two definitions of unfor- geability. The first of which is unforgeability against chosen-subring attacks and the other one is unforgeability with respect to insider corruption.Afterwards, we present a new ring identification scheme and we develop a full analysis of its security. Finally, we show that the techniques used to build this scheme, can be used to construct a threshold ring identification scheme.

Cryptographie à clé publique

Réseaux

Signature de cercle

Anonymat

Sécurité prouvée

Lattices

Ring signature

Anonymity

Provable security

005.8