The dual receiver cryptosystem and its applications

We put forth the notion of a dual receiver cryptosystem and implement it based on bilinear pairings over certain elliptic curve groups. The cryptosystem is simple and efficient yet powerful, as it solves two problems of practical importance whose solutions have proven to be elusive before:(1) A provably secure "combined" public-key cryptosystem (with a single secret key per user in space-limited environment) where the key is used for both decryption and signing and where encryption can be escrowed and recovered, while the signature capability never leaves its owner. This is an open problem proposed by the work of Haber and Pinkas. (2) A puzzle is a method for rate-limiting remote users by forcing them to solve a computational task (the puzzle). Puzzles have been based on cryptographic challenges in the past, but the successful design of embedding a useful cryptographic task inside a puzzle, originally posed by Dwork and Naor, remained an open problem till today. We model and present "useful security puzzles" applicable in two scenarios: a secure fileserver, and an online transaction server (such as a webserver).

[1]  Virgil D. Gligor Guaranteeing Access in Spite of Distributed Service-Flooding Attacks , 2003, Security Protocols Workshop.

[2]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[3]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.

[4]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[5]  Felix Schlenk,et al.  Proof of Theorem 3 , 2005 .

[6]  Moti Yung,et al.  Scalability and flexibility in authentication services: the KryptoKnight approach , 1997, Proceedings of INFOCOM '97.

[7]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[8]  Adam Stubblefield,et al.  Using Client Puzzles to Protect TLS , 2001, USENIX Security Symposium.

[9]  David Pointcheval,et al.  Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks , 2001, ASIACRYPT.

[10]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[11]  Benny Pinkas,et al.  Securely combining public-key cryptosystems , 2001, CCS '01.

[12]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[13]  Matt Bishop,et al.  Attack class: address spoofing , 1997 .

[14]  Ted Wobber,et al.  Moderately hard, memory-bound functions , 2005, TOIT.

[15]  Rolf Oppliger,et al.  Protecting Key Exchange and Management Protocols Against Resource Clogging Attacks , 1999, Communications and Multimedia Security.

[16]  R. Varga,et al.  Proof of Theorem 4 , 1983 .

[17]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[18]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[19]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[20]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[21]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[22]  Robert R. Moeller,et al.  Network Security , 1993, Inf. Secur. J. A Glob. Perspect..

[23]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[24]  William Allen Simpson,et al.  Photuris: Session-Key Management Protocol , 1999, RFC.

[25]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[26]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[27]  Antoine Joux,et al.  Separating Decision Diffie-Hellman from Diffie-Hellman in cryptographic groups , 2001, IACR Cryptology ePrint Archive.

[28]  Pekka Nikander,et al.  Stateless connections , 1997, ICICS.

[29]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[30]  Ari Juels,et al.  $evwu Dfw , 1998 .

[31]  Jonathan Lemon,et al.  Resisting SYN Flood DoS Attacks with a SYN Cache , 2002, BSDCon.

[32]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[33]  Dawn Xiaodong Song,et al.  SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[34]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[35]  Shoichi Hirose,et al.  Enhancing the Resistence of a Provably Secure Key Agreement Protocol to a Denial-of-Service Attack , 1999, ICICS.

[36]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[37]  Markus Jakobsson,et al.  Timed Release of Standard Digital Signatures , 2002, Financial Cryptography.

[38]  Pekka Nikander,et al.  Towards Network Denial of Service Resistant Protocols , 2000, SEC.

[39]  Antoine Joux,et al.  The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems , 2002, ANTS.

[40]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[41]  Angelos D. Keromytis,et al.  Efficient, DoS-resistant, secure key exchange for internet protocols , 2001, CCS '02.

[42]  Moti Yung,et al.  Escrow Encryption Systems Visited: Attacks, Analysis and Designs , 1995, CRYPTO.

[43]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[44]  Gerhard Frey,et al.  The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems , 1999, IEEE Trans. Inf. Theory.

[45]  Alice Silverberg,et al.  Supersingular Abelian Varieties in Cryptology , 2002, CRYPTO.

[46]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[47]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, EUROCRYPT.

[48]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[49]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[50]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..