a survey of the server-aided verification models
DESCRIPTION
A survey of the server-aided verification models. Outline. Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion. GL05. Wu08. Wang10. Wu11. Wang11. Introduction. 簡單回顧從 2005 年到 2012 年之間,有關 server-aided verification (SAV) 的文章。. Outline. Introduction - PowerPoint PPT PresentationTRANSCRIPT
1
A survey of the server-aided verification models
2
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
3
Introduction
簡單回顧從 2005 年到 2012 年之間,有關 server-aided verification (SAV) 的文章。
GL05 Wu08 Wang10
Wang11Wu11
4
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
5
Server-Aided Verification: Theory and Practice
Marc Girault and David Lefranc
Asiacrypt2005, pp. 605 – 623, 2005
Cites: 16
6
Definitions
The model of an interactive proof of knowledge
7
Definitions
Definition 1. Legitimate / Misbehaving / Cheating. In an interactive proof of knowledge between a p
rover P and a verifier V, P maybe deviates from the protocol. : legitimate : cheating : misbehaving
8
Definitions
Definition 2. SAV protocol.
9
Definitions
Definition 2. SAV protocol. The protocol is said to be a server-aided
verification protocol (SAV) for if: Auxiliary completeness. Auxiliary soundness. Computational saving. Auxiliary non-repudiation.
10
Definitions
11
Auxiliary Soundness
The final predicate Hard to know
The final predicate is construction from the predicate by randomizing it, that only the verifier known it.
Hard to solve The final predicate is construction from the predicate
such that the final predicate is computationally hard to solve.
12
Security model in the case of signature scheme
To proof the soundness of a SAV protocol Assume
13
SAV protocol for identification schemes
Hard-to-know-based SAV protocol
14
SAV protocol for identification schemes
Hard-to-solve-based SAV protocol
15
Comparison table
16
Summary
提出 SAV 所需要滿足的安全性條件。 延伸原本 signature scheme 的協定,讓它具
有 server-aided 功能。
17
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
18
Server-Aided Verification Signatures: Definitions and New Constructions
Wei Wu, Yi Mu, Willy Susilo, and Xinyi huang
ProvSec 2008, pp. 141 – 155, 2008
Cites: 9
19
Definitions
A signature scheme
20
Definitions
Requirements Completeness Existential unforgeability of
Existential unforgeability under adaptive chose message attacks
21
Definitions
Requirements Existential unforgeability of
Setup. C: A:
Queries. A can request qs sign queries.
Output. A outputs a pair and wins this game if
22
Definitions
A server-aided verification signature scheme
The ordinary signature scheme
23
Definitions
Requirements Completeness Computational saving Existential unforgeability
24
Definitions Requirements
Existential unforgeability of Setup. C:
A: Queries. A can request the following queries.
qs sign queries
qv server-aided verification queries. A acts as the server, C acts as the verifier. Executing SAV-Verify, C returns the result to A at the end for
each queries. Output. A outputs a pair and wins this game if
25
Definitions
26
Definitions SAV- against Collusion and Adaptive chosen
message attacks Setup. C: A: Queries. A only need to make server-aided
verification queries. Output. A outputs a message m*. C chooses a
random element where is the set of valid signatures of m* as the response. A wins this game if
27
SAV protocol for signature schemes
28
SAV protocol for signature schemes
29
SAV protocol for signature schemes
30
Summary
定義 SAV 的不可偽造性。
提出 signer 與 server 共謀的攻擊。
31
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
32
Comment on Wu et al.’s Server-aided Verification Signature Scheme
Zhiwei Wang, Licheng Wang, Yixian Yang, and Zhengming HuInternational Journal of Network Security, Vol. 10, No. 3, pp. 204 – 206, 2010Cites: 5
33
New definition of the security of SAV-Σ against collusion and adaptive chosen message attacks
An untrusted server is very likely to collude with a signature forger. Setup. C:
A: Queries. A can only make qv server-aided verificati
on queries. Output. A outputs a pair where is chosen
by A under (pkf, skf). A wins this game if
34
Summary
作者認為 Wu 等人的攻擊方式不夠詳盡,於是提出一個更新的 model ,並証明 Wu 等人的 SAV-BLS 在這 model 之下是安全的。
35
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
36
Provably secure server-aided verification signatures
Wei Wu, Yi Mu, Willy Susilo, and Xinyi HuangComputer and Mathematics with Applications, pp. 1705 – 1723, 2011.Cites: 4
37
A new construction of the server-aided verification signature scheme
Zhiwei WangMathematical and Computer Modeling, Vol. 55, Issues 1 – 2, pp. 97 – 101, 2011Cites: 1
38
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
39
Comparisons
GL05 Wu08+11 Wang10+11
Proof type Interactive proof Game-based Game-based
Requirements Completeness
Soundness
Computational saving
Non-repudiation
Completeness
EUF => Soundness
Computational saving
Completeness+
Soundness+
Computational saving+
Attacks Classical attacks EUF
Collusion and ACMA
Collusion and ACMA
Proposed schemes 3 3+6 2+1
40
The different of the definition of the against collusion and ACMA
41
Conclusions
Models EUF => Soundness The different of the definition of the against
collusion and ACMA More rational attack model
Multi-signer Multi-server Server collude with a misbehaving verifier