A survey of the server-aided verification models

1

A survey of the server-aided verification models

2

Outline

Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion

3

Introduction

簡單回顧從 2005 年到 2012 年之間，有關 server-aided verification (SAV) 的文章。

GL05 Wu08 Wang10

Wang11Wu11

4

Outline

Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion

5

Server-Aided Verification: Theory and Practice

Marc Girault and David Lefranc

Asiacrypt2005, pp. 605 – 623, 2005

Cites: 16

6

Definitions

The model of an interactive proof of knowledge

7

Definitions

Definition 1. Legitimate / Misbehaving / Cheating. In an interactive proof of knowledge between a p

rover P and a verifier V, P maybe deviates from the protocol. : legitimate : cheating : misbehaving

8

Definitions

Definition 2. SAV protocol.

9

Definitions

Definition 2. SAV protocol. The protocol is said to be a server-aided

verification protocol (SAV) for if: Auxiliary completeness. Auxiliary soundness. Computational saving. Auxiliary non-repudiation.

10

Definitions

11

Auxiliary Soundness

The final predicate Hard to know

The final predicate is construction from the predicate by randomizing it, that only the verifier known it.

Hard to solve The final predicate is construction from the predicate

such that the final predicate is computationally hard to solve.

12

Security model in the case of signature scheme

To proof the soundness of a SAV protocol Assume

13

SAV protocol for identification schemes

Hard-to-know-based SAV protocol

14

SAV protocol for identification schemes

Hard-to-solve-based SAV protocol

15

Comparison table

16

Summary

提出 SAV 所需要滿足的安全性條件。 延伸原本 signature scheme 的協定，讓它具

有 server-aided 功能。

17

Outline

Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion

18

Server-Aided Verification Signatures: Definitions and New Constructions

Wei Wu, Yi Mu, Willy Susilo, and Xinyi huang

ProvSec 2008, pp. 141 – 155, 2008

Cites: 9

19

Definitions

A signature scheme

20

Definitions

Requirements Completeness Existential unforgeability of

Existential unforgeability under adaptive chose message attacks

21

Definitions

Requirements Existential unforgeability of

Setup. C: A:

Queries. A can request qs sign queries.

Output. A outputs a pair and wins this game if

22

Definitions

A server-aided verification signature scheme

The ordinary signature scheme

23

Definitions

Requirements Completeness Computational saving Existential unforgeability

24

Definitions Requirements

Existential unforgeability of Setup. C:

A: Queries. A can request the following queries.

qs sign queries

qv server-aided verification queries. A acts as the server, C acts as the verifier. Executing SAV-Verify, C returns the result to A at the end for

each queries. Output. A outputs a pair and wins this game if

25

Definitions

26

Definitions SAV- against Collusion and Adaptive chosen

message attacks Setup. C: A: Queries. A only need to make server-aided

verification queries. Output. A outputs a message m*. C chooses a

random element where is the set of valid signatures of m* as the response. A wins this game if

27

SAV protocol for signature schemes

28

SAV protocol for signature schemes

29

SAV protocol for signature schemes

30

Summary

定義 SAV 的不可偽造性。

提出 signer 與 server 共謀的攻擊。

31

Outline

Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion

32

Comment on Wu et al.’s Server-aided Verification Signature Scheme

Zhiwei Wang, Licheng Wang, Yixian Yang, and Zhengming HuInternational Journal of Network Security, Vol. 10, No. 3, pp. 204 – 206, 2010Cites: 5

33

New definition of the security of SAV-Σ against collusion and adaptive chosen message attacks

An untrusted server is very likely to collude with a signature forger. Setup. C:

A: Queries. A can only make qv server-aided verificati

on queries. Output. A outputs a pair where is chosen

by A under (pkf, skf). A wins this game if

34

Summary

作者認為 Wu 等人的攻擊方式不夠詳盡，於是提出一個更新的 model ，並証明 Wu 等人的 SAV-BLS 在這 model 之下是安全的。

35

Outline

Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion

36

Provably secure server-aided verification signatures

Wei Wu, Yi Mu, Willy Susilo, and Xinyi HuangComputer and Mathematics with Applications, pp. 1705 – 1723, 2011.Cites: 4

37

A new construction of the server-aided verification signature scheme

Zhiwei WangMathematical and Computer Modeling, Vol. 55, Issues 1 – 2, pp. 97 – 101, 2011Cites: 1

38

Outline

Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion

39

Comparisons

GL05 Wu08+11 Wang10+11

Proof type Interactive proof Game-based Game-based

Requirements Completeness

Soundness

Computational saving

Non-repudiation

Completeness

EUF => Soundness

Computational saving

Completeness+

Soundness+

Computational saving+

Attacks Classical attacks EUF

Collusion and ACMA

Collusion and ACMA

Proposed schemes 3 3+6 2+1

40

The different of the definition of the against collusion and ACMA

41

Conclusions

Models EUF => Soundness The different of the definition of the against

collusion and ACMA More rational attack model

Multi-signer Multi-server Server collude with a misbehaving verifier