STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Minimum disclosure proofs of knowledge
Journal of Computer and System Sciences - 27th IEEE Conference on Foundations of Computer Science October 27-29, 1986
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Communications of the ACM
Communications of the ACM
Abuse-Free Multi-party Contract Signing
Proceedings of the 13th International Symposium on Distributed Computing
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Identification Tokens - or: Solving the Chess Grandmaster Problem
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Shared Generation of Authenticators and Signatures (Extended Abstract)
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Simmons' protocol is not free of subliminal channels
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Protocols for secure computations
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Publicly verifiable secret sharing
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Kleptography: using cryptography against cryptography
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Weaknesses of undeniable signature schemes
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
The history of subliminal channels
IEEE Journal on Selected Areas in Communications
Leak-free mediated group signatures
Journal of Computer Security
Secure applications of Pedersen's distributed key generation protocol
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Assigning applications to servers: a simulation study
SpringSim '10 Proceedings of the 2010 Spring Simulation Multiconference
Hi-index | 0.00 |
It is typical for a cryptographic technology to be useful in its primary goal and applications, yet to exhibit also a dark side, namely to allow abuses in some other situations. Examples are subliminal channels in strong (randomized) signature schemes, employing authentication for encryption, kleptography exploiting strong randomness, etc. Threshold cryptography was introduced to realize better security and availability. However, its "dark side" has never been addressed seriously. We investigate some possible abuses of threshold cryptography which result from users not possessing the entire private key due to threshold splitting. This is a deficiency which can hurt de-commitment in procedures like "contract signing" and nullify non-transferability properties. To attempt solving the problem, one may suggest to assure that the user has full control of his private key via a zero-knowledge confirmation. However, advances in cryptography itself defeat this, since the Completeness Theorem for secure computations implies that servers in possession of shares of a key can answer on behalf of the "virtual holder" of the entire private key, without compromising the secrecy of their shares. We are then forced to look at more physical limitations of the setting. We propose a notion we call Verifiable Secret Non-Sharing (VSNS) where we can replace the strong (i.e., less realistic) physical isolation assumption (namely, a Faraday cage) with a more realistic timing assumption. We then introduce a new class of "combined software engineering and cryptography" adversarial capability, which employs software preprocessing and cryptography in breaking all previous suggestions to our problem. It seems that the adversary is so powerful that we have to rely on certain tamper-resistant device to block it. We show how to prevent a malicious participant from compromising the secrecy of the provers' secret keys in this case. Our treatment is a step towards a model of computing with trusted and non-trusted tamper-proof (black box) elements.