Adaptive Pseudo-Free Groups and Applications

In this paper we explore a powerful extension of the notion of pseudo-free groups, proposed by Rivest at TCC 2004. We identify, motivate, and study pseudo-freeness in face of adaptive adversaries who may learn solutions to other non-trivial equations before having to solve a new non-trivial equation. We present a novel, carefully crafted definition of adaptive pseudofreeness that walks a fine line between being too weak and being unsatisfiable. We show that groups that satisfy our definition yield, via a generic construction, digital and network coding signature schemes. Finally, we obtain concrete constructions of such schemes in the RSA group by showing this group to be adaptive pseudo-free. In particular, we demonstrate the generality of our framework for signatures by showing that most existing schemes are instantiations of our generic construction.

[1]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[2]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[3]  Bogdan Warinschi,et al.  Soundness of Formal Encryption in the Presence of Active Adversaries , 2004, TCC.

[4]  Jonathan Katz,et al.  Secure Network Coding Over the Integers , 2010, IACR Cryptol. ePrint Arch..

[5]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[6]  Ronald L. Rivest On the Notion of Pseudo-Free Groups , 2004, TCC.

[7]  Jonathan Katz,et al.  Signing a Linear Subspace: Signature Schemes for Network Coding , 2009, IACR Cryptol. ePrint Arch..

[8]  Hugo Krawczyk,et al.  Chameleon Signatures , 2000, NDSS.

[9]  Huafei Zhu A Formal Proof of Zhu's Signature Scheme , 2003, IACR Cryptol. ePrint Arch..

[10]  Marc Fischlin The Cramer-Shoup Strong-RSASignature Scheme Revisited , 2003, Public Key Cryptography.

[11]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[12]  Rudolf Ahlswede,et al.  Network information flow , 2000, IEEE Trans. Inf. Theory.

[13]  Shuo-Yen Robert Li,et al.  Linear network coding , 2003, IEEE Trans. Inf. Theory.

[14]  Daniele Micciancio The RSA Group is Pseudo-Free , 2009, Journal of Cryptology.

[15]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[16]  T. Ho,et al.  On Linear Network Coding , 2010 .

[17]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[18]  Susan Rae Hohenberger,et al.  The cryptographic impact of groups with infeasible inversion , 2003 .

[19]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[20]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[21]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, CRYPTO.

[22]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.