Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Signature schemes based on the strong RSA assumption
ACM Transactions on Information and System Security (TISSEC)
Traffic analysis: protocols, attacks, design issues, and open problems
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Security Analysis of IKE's Signature-Based Key-Exchange Protocol
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Key-Privacy in Public-Key Encryption
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Short Signatures from the Weil Pairing
Journal of Cryptology
A computational introduction to number theory and algebra
A computational introduction to number theory and algebra
Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups
Journal of Cryptology
Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Information Security and Cryptology
Anonymous Signatures Revisited
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Anonymous signatures made easy
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
A signature scheme with efficient protocols
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Invisibility and anonymity of undeniable and confirmer signatures
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Efficient indifferentiable hashing into ordinary elliptic curves
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Password based key exchange protocols on elliptic curves which conceal the public parameters
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Confidential signatures and deterministic signcryption
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
| Hi-index | 0.00 |
We develop a three-level hierarchy of privacy notions for (unforgeable) digital signature schemes. We first prove mutual independence of existing notions of anonymity and confidentiality, and then show that these are implied by higher privacy goals. The top notion in our hierarchy is pseudorandomness: signatures with this property hide the entire information about the signing process and cannot be recognized as signatures when transmitted over a public network. This implies very strong unlinkability guarantees across different signers and even different signing algorithms, and gives rise to new forms of private public-key authentication. We show that one way towards pseudorandom signatures leads over our mid-level notion, called indistinguishability: such signatures can be simulated using only the public parameters of the scheme. As we reveal, indistinguishable signatures exist in different cryptographic settings (e.g. based on RSA, discrete logarithms, pairings) and can be efficiently lifted to pseudorandomness deploying general transformations using appropriate encoding techniques. We also examine a more direct way for obtaining pseudorandomness for any unforgeable signature scheme. All our transformations work in the standard model. We keep public verifiability of signatures in the setting of system-wide known public keys. Some results even hold if signing keys are disclosed to the adversary --- given that signed messages have high entropy.