Abstract
An attempt to derive signer-efficient digital signatures from aggregate signatures was made in a signature scheme referred to as Structure-free Compact Rapid Authentication (SCRA) (IEEE TIFS 2017). In this paper, we first mount a practical universal forgery attack against the NTRU instantiation of SCRA by observing only 8161 signatures. Second, we propose a new signature scheme (\(\texttt {FAAS}\)), which transforms any single-signer aggregate signature scheme into a signer-efficient scheme. We show two efficient instantiations of \(\texttt {FAAS}\), namely, \(\texttt {FAAS}\hbox {-}{} \texttt {NTRU}\) and \(\texttt {FAAS}\hbox {-}{} \texttt {RSA}\), both of which achieve high computational efficiency. Our experiments confirmed that \(\texttt {FAAS}\) schemes achieve up to 100\(\times \) faster signature generation compared to their underlying schemes. Moreover, \(\texttt {FAAS}\) schemes eliminate some of the costly operations such as Gaussian sampling, rejection sampling, and exponentiation at the signature generation that are shown to be susceptible to side-channel attacks. This enables \(\texttt {FAAS}\) schemes to enhance the security and efficiency of their underlying schemes. Finally, we prove that \(\texttt {FAAS}\) schemes are secure (in random oracle model), and open-source both our attack and \(\texttt {FAAS}\) implementations for public testing purposes.
Work done in part while Attila A. Yavuz was at Oregon State University.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Delay is defined as the aggregated time required to compute and verify a signature.
- 2.
- 3.
References
IEEE guide for wireless access in vehicular environments (wave) - architecture. IEEE Std 1609.0-2013, pp. 1–78, March 2014
D-Wave Systems Previews 2000-Qubit Quantum System (2016). https://www.dwavesys.com/press-releases/d-wave-systems-previews-2000-qubit-quantum-system
The cyber resilient energy delivery consortium (CREDC) (2018). https://cred-c.org/
Post-quantum cryptography standardization conference (2018). https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
American Bankers Association: ANSI X9.62-1998: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) (1999)
Aumasson, J.P., Henzen, L., Meier, W., Phan, R.C.W.: SHA-3 proposal blake. Submission to NIST (Round 3) (2010). http://131002.net/blake/blake.pdf
Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054130
Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_15
Bernstein, D., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012)
Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_26
Bos, J., et al.: Frodo: take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1006–1018. ACM, New York (2016). https://doi.org/10.1145/2976749.2978425
Bos, J.N.E., Chaum, D.: Provably unforgeable signatures. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 1–14. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_1
Brier, É., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45664-3_24
Coron, J.-S., Naccache, D.: Boneh et al.’s k-element aggregate extraction assumption is equivalent to the diffie-hellman assumption. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 392–397. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-40061-5_25
Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_3
Ducas, L., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., Stehle, D.: Crystals - dilithium: digital signatures from module lattices. Cryptology ePrint Archive, Report 2017/633 (2017). https://eprint.iacr.org/2017/633
El Bansarkhani, R., Buchmann, J.: Towards lattice based aggregate signatures. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 336–355. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06734-6_21
Espitau, T., Fouque, P., Gérard, B., Tibouchi, M.: Side-channel attacks on BLISS lattice-based signatures: exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1857–1874 (2017)
Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 263–275. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_24
Genkin, D., Valenta, L., Yarom, Y.: May the fourth be with you: a microarchitectural side channel attack on several real-world applications of curve25519. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 845–858. ACM, New York (2017). https://doi.org/10.1145/3133956.3134029
Granlund, T.: GNU multiple precision arithmetic library 6.1.2. https://gmplib.org/
Groot Bruinderink, L., Hülsing, A., Lange, T., Yarom, Y.: Flush, gauss, and reload – a cache attack on the BLISS lattice-based signature scheme. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 323–345. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_16
Gungor, V.C., et al.: Smart grid technologies: communication technologies and standards. IEEE Trans. Industr. Inf. 7(4), 529–539 (2011)
Harding, J., et al.: Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application. U.S, Department of Transportation National Highway Traffic Safety Administration (NHTSA), August 2014
Hoffstein, J., Pipher, J., Whyte, W., Zhang, Z.: A signature scheme from learning with truncation. Cryptology ePrint Archive, Report 2017/995 (2017). https://eprint.iacr.org/2017/995
Kalach, K., Safavi-Naini, R.: An efficient post-quantum one-time signature scheme. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 331–351. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_20
Katz, J., Lindell, Y.: Introduction to Modern Cryptography (Chapman & Hall/CRC Cryptography and Network Security Series). Chapman & Hall/CRC (2007)
Kelly, J.: A preview of bristlecone, Google’s new quantum processor (2018). https://ai.googleblog.com/2018/03/a-preview-of-bristlecone-googles-new.html
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Ma, D., Tsudik, G.: A new approach to secure logging. ACM Trans. Storage (TOS) 5(1), 1–21 (2009)
Mykletun, E., Narasimha, M., Tsudik, G.: Signature bouquets: immutability for aggregated/condensed signatures. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 160–176. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30108-0_10
Mykletun, E., Tsudik, G.: Aggregation queries in the database-as-a-service model. In: Damiani, E., Liu, P. (eds.) DBSec 2006. LNCS, vol. 4127, pp. 89–103. Springer, Heidelberg (2006). https://doi.org/10.1007/11805588_7
Naccache, D., M’Raïhi, D., Vaudenay, S., Raphaeli, D.: Can D.S.A. be improved?—complexity trade-offs with the digital signature standard. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, pp. 77–85. Springer, Heidelberg. https://doi.org/10.1007/BFb0053426
Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Crypt. 30(2), 201–217 (2003)
Ozmen, M.O., Behnia, R., Yavuz, A.A.: Fast authentication from aggregate signatures with improved security. Cryptology ePrint Archive, Report 2018/1141 (2018). https://eprint.iacr.org/2018/1141
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Schindler, W.: Exclusive exponent blinding may not suffice to prevent timing attacks on RSA. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 229–247. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_12
Seo, S.H., Won, J., Bertino, E., Kang, Y., Choi, D.: A security framework for a drone delivery service. In: Proceedings of the 2nd Workshop on Micro Aerial Vehicle Networks, Systems, and Applications for Civilian Use, DroNet 2016, pp. 29–34. ACM (2016)
Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_21
Shamus: Multiprecision integer and rational arithmetic C/C++ library (MIRACL). https://github.com/miracl/MIRACL. Accessed 30 Jan 2018
Song, W., Wang, B., Wang, Q., Peng, Z., Lou, W.: Tell me the truth: practically public authentication for outsourced databases with multi-user modification. Inf. Sci. 387, 221–237 (2017)
Tesfay, T., Boudec, J.Y.L.: Experimental comparison of multicast authentication for wide area monitoring systems. IEEE Trans. Smart Grid 9(5), 4394–4404 (2017)
Won, J., Seo, S.H., Bertino, E.: A secure communication protocol for drones and smart objects. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015, pp. 249–260. ACM (2015)
Yavuz, A.A.: An efficient real-time broadcast authentication scheme for command and control messages. IEEE Trans. Inf. Forensics Secur. 9(10), 1733–1742 (2014)
Yavuz, A.A., Mudgerikar, A., Singla, A., Papapanagiotou, I., Bertino, E.: Real-time digital signatures for time-critical networks. IEEE Trans. Inf. Forensics Secur. 12(11), 2627–2639 (2017)
Acknowledgments
We would like to thank Zhenfei Zhang and the anonymous reviewers for their insightful comments and suggestions. This work is supported by the Department of Energy Award DE-OE0000780 and NSF Award #1652389.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix A Security Definitions
Appendix A Security Definitions
Definition 6
Aggregate Existential Unforgeability under Chosen Message Attack \(( A\hbox {-}EU\hbox {-}CMA )\) for a single user aggregate signature is as follows.
\(Exp^{ A\hbox {-}EU\hbox {-}CMA }_{\texttt {Asig}, \mathcal {A}}(1^\kappa ):\)
We say \(\mathcal {A}\) wins in time t, and after \( q_S \) and \( q_h \) queries if \( ( (\texttt {Asig.Ver} (\overrightarrow{m}^{*}{}, \sigma ^*, PK {}) \wedge (\overrightarrow{m}^{*}{}\cap L_m =\emptyset ) )\) .The \( A\hbox {-}EU\hbox {-}CMA \) advantage of \( \mathcal {A}\) is defined as \( Adv ^{ A \hbox {-} EU \hbox {-} CMA }_{\texttt {Asig}, \mathcal {A}} (t, q_S,q_h) = \Pr [ Exp ^{ A \hbox {-} EU \hbox {-} CMA }_{\texttt {Asig}, \mathcal {A}}= 1]\).
\(\texttt {FAAS}\) requires that the underlying aggregate signature achieves k -element Aggregate Extraction (AE) property [10, 14], which is defined in the following.
Definition 7
For a given aggregate signature \(s \leftarrow {}\texttt {SigA}_ sk {}( \overrightarrow{m}{})\) computed on k individual data items \( \overrightarrow{m}{}=(m_1,\ldots ,m_k)\), it is difficult to extract the individual signatures \((\gamma _1,\ldots ,\gamma _k)\) of \((m_1,\ldots ,m_k)\) provided that only s is known to the extractor.
Initially, Boneh et al. [10] assumed that it is a hard problem to extract individual BLS signatures given an aggregate BLS signature, which was then proven to hold in [14] under the Computational Diffie-Hellmann assumption. We note that C-RSA [31] and pqNTRUsign [25], which are used in \(\texttt {FAAS}\) instantiations, achieve this property.
Rights and permissions
Copyright information
© 2019 International Financial Cryptography Association
About this paper
Cite this paper
Ozmen, M.O., Behnia, R., Yavuz, A.A. (2019). Fast Authentication from Aggregate Signatures with Improved Security. In: Goldberg, I., Moore, T. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11598. Springer, Cham. https://doi.org/10.1007/978-3-030-32101-7_39
Download citation
DOI: https://doi.org/10.1007/978-3-030-32101-7_39
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32100-0
Online ISBN: 978-3-030-32101-7
eBook Packages: Computer ScienceComputer Science (R0)