A subliminal-free variant of ECDSA

Authors:
Jens-Matthias Bohli;María Isabel González Vasco;Rainer Steinwandt
Affiliations:
Institut für Algorithmen und Kognitive Systeme, Universität Karlsruhe, Karlsruhe, Germany;Departamento de Matemática Aplicada, Universidad Rey Juan Carlos, Madrid, Spain;Center for Cryptology and Information Security, Dept. of Mathematical Sciences, Florida Atlantic University, Boca Raton, FL
Venue:
IH'06 Proceedings of the 8th international conference on Information hiding
Year:
2006

Citing 22
Cited 0

The subliminal channel and digital signatures

Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
Subliminal-free authentication and signature

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Pseudo-random generation from one-way functions

STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Noninteractive zero-knowledge

SIAM Journal on Computing
Subliminal communication is easy using the DSA

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Unique Signatures and Verifiable Random Functions from the DH-DDH Separation

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Special Uses and Sbuses of the Fiat-Shamir Passport Protocol

CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Gradual and Verifiable Release of a Secret

CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Abuses in Cryptography and How to Fight Them

CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Invariant Signatures and Non-Interactive Zero-Knowledge Proofs are Equivalent (Extended Abstract)

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
The Security of DSA and ECDSA

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Simmons' protocol is not free of subliminal channels

CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Verifiable Random Functions

FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Number-theoretic constructions of efficient pseudo-random functions

Journal of the ACM (JACM)
Foundations of Cryptography: Volume 2, Basic Applications

Foundations of Cryptography: Volume 2, Basic Applications
Malicious Cryptography: Exposing Cryptovirology

Malicious Cryptography: Exposing Cryptovirology
How to recycle random bits

SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Proving in zero-knowledge that a number is the product of two safe primes

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Efficient proofs that a committed number lies in an interval

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
On subliminal channels in deterministic signature schemes

ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

A mode of operation of the Elliptic Curve Digital Signature Algorithm (ECDSA) is presented which provably excludes subliminal communication through ECDSA signatures. For this, the notion of a signature scheme that is subliminal-free with proof is introduced which can be seen as generalizing subliminal-free signatures and being intermediate to the established concepts of invariant and unique signatures. Motivated by the proposed use of ECDSA for signing passports, our focus is not on proving the mere existence of a subliminal-free ECDSA mode of operation, but on demonstrating its practical potential. The proposed construction relies on the availability of a party acting as warden and on a reasonably-sized non-interactive proof of subliminal-freeness. For instance, in the passport scenario, the passport holder plays the role of the warden, and we show that a suitable combination of the pseudo random function of Naor and Reingold with bit commitments and noninteractive zero-knowledge proofs can be used for accomplishing the required proof of subliminal-freeness with acceptable efficiency.