Browse Theses

Reviewer: Adrian Constantin Atanasiu

This doctoral thesis, written by Susan Hohenberger and supervised by Ron Rivest, uses bilinear groups defined over rational points of an elliptic curve in order to introduce the concept of re-cryptography, which is based on the cooperation of a special party (called proxy). The concept is applied in three areas of security: encryption, e-signature, and e-commerce. After a general introduction, where formal notions are defined (bilinear groups in chapter 2 and complexity assumptions in chapter 3), the thesis details three cryptographic constructions. In ?Proxy Re-Signature,? chapter 4, a public key signature scheme is defined, Here, a semi-trusted proxy, when given special information, can translate Alice?s signature on a message into Bob?s signature on the same message. The special information does not allow the proxy to translate from Bob to Alice, nor to sign on behalf of either Alice or Bob. In particular, it is shown that a path through a graph can be cheaply authenticated using this scheme. Some applications are proposed: key management, weak group signatures, and short proofs that a valid path was chosen in a graph. In ?Proxy Re-Encryption, ? chapter 5, an original cryptosystem is proposed (based on bilinear maps). Here, a semi-trusted proxy, given special information, can translate an encryption of a message under Alice?s key into an encryption of the same message under Bob?s key. Again, the special information allows for nothing else. For example, the proxy cannot translate from Bob to Alice, decrypt on behalf of either Alice or Bob, or learn anything else about the message. This scheme can be applied for email forwarding, law enforcement, and to perform cryptographic operations on storage-limited devices (in particular, a new mechanism for secure distributed storage is proposed). In ?Compact E-Cash with Tracing? and ?Bounded-Anonymity,? chapters 6 and 7, an offline electronic cash system is presented. The features are assured by random-oracle model, under the strong Rivest, Shamir, and Adleman (RSA) and Decisional Diffie-Hellman Inversion assumptions. Namely, 2 s coins can be stored in O ( s + k ) bits and withdrawn or spent in O ( s + k ) time, where k is the security parameter. The user?s transactions are anonymous and unlikable, unless the user performs a forbidden action (such as double-spending a coin). Performing a forbidden action reveals the identity of the user, which optionally allows for the tracing of all of his or her past transactions. The solutions are provided without using a trusted party. The Appendix details two protocols to spend coins. The thesis is interesting, and, although the domains treated are quite different (signature and e-commerce), the homogeneity is remarkable.