Abstract
Server-Aided Verification (SAV) is a method that can be employed to speed up the process of verifying signatures by letting the verifier outsource part of its computation load to a third party. Achieving fast and reliable verification under the presence of an untrusted server is an attractive goal in cloud computing and internet of things scenarios. In this paper, we describe a simple framework for SAV where the interaction between a verifier and an untrusted server happens via a single-round protocol. We propose a security model for SAV that refines existing ones and includes the new notions of SAV -anonymity and extended unforgeability. In addition, we apply our definitional framework to provide the first generic transformation from any signature scheme to a single-round SAV scheme that incorporates verifiable computation. Our compiler identifies two independent ways to achieve SAV-anonymity: computationally, through the privacy of the verifiable computation scheme, or unconditionally, through the adaptibility of the signature scheme.
Finally, we define three novel instantiations of SAV schemes obtained through our compiler. Compared to previous works, our proposals are the only ones which simultaneously achieve existential unforgeability and soundness against collusion.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
To improve readability, we put the subscript \(\varSigma \) (resp. superscript \(\varGamma \)) to each algorithm related to the signature (resp. verifiable computation) scheme.
- 3.
This claim will become clear after seeing examples of SAV signature schemes.
- 4.
To provide an example, consider the BLS signature scheme [3]. Given \({\mathsf {pk}}=g^{\mathsf {sk}}\), \( m \in \{0,1\}^*\), \(\sigma \in {\mathbb G}_{p}\) and \({\mathsf {h}}\in {\mathbb Z}_{p}\), the output of \({\mathsf {Adapt}}\) can be defined as: \({\mathsf {pk}}' = {\mathsf {pk}}\cdot g^{\mathsf {h}}\) and \(\sigma '=\sigma \cdot H( m )^{\mathsf {h}}\). It is immediate to check that \((\sigma ', m )\) is a valid pair under \({\mathsf {pk}}'\).
- 5.
To give benchmarks, let \(M_p\) denote the computational cost of a base field multiplication in \(\mathbb {F}_p\) with \(\log p = 256\), then computing \(z^a\) for any \(z\in \mathbb {F}_p\) and \(a\in [p]\) costs about \(256M_p\), while computing the Optimal Ate pairing on the bn curve requires about \(16000M_p\) (results extrapolated from Table 1 in [16]).
- 6.
Efficiency gain is the ratio \(\big (cost(\mathsf{{ SAV.ProbGen}}) + cost(\mathsf{{ SAV.Verify}}) \big ) / cost(\mathsf {Verify}_\varSigma )\).
References
Béguin, P., Quisquater, J.-J.: Fast server-aided RSA Signatures secure against active attacks. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 57–69. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_5
Benabbas, S., Gennaro, R., Vahlis, Y.: Verifiable delegation of computation over large datasets. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 111–131. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_7
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. J. Cryptol. 17(4), 297–319 (2004)
Boneh, D., Shen, E., Waters, B.: Strongly unforgeable signatures based on computational diffie-Hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229–240. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_15
Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_4
Canard, S., Devigne, J., Sanders, O.: Delegating a pairing can be both secure and efficient. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 549–565. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07536-5_32
Cao, Z., Liu, L., Markowitch, O.: On two kinds of flaws in some server-aided verification schemes. Int. J. Netw. Secur. 18(6), 1054–1059 (2016)
Chow, S.S., Au, M.H., Susilo, W.: Server-aided signatures verification secure against collusion attack. Inf. Secur. Tech. Rep. 17(3), 46–57 (2013)
Costello, C., et al.: Geppetto: versatile verifiable computation. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 253–270. IEEE (2015)
Derler, D., Slamanig, D.: Key-homomorphic signatures and applications to multiparty signatures. Technical report, IACR Cryptology ePrint Archive 2016, 792 (2016)
Ding, X., Mazzocchi, D., Tsudik, G.: Experimenting with server-aided signatures. In: NDSS (2002)
Fiore, D., Gennaro, R., Pastro, V.: Efficiently verifiable computation on encrypted data. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 844–855. ACM (2014)
Fischlin, M.: Anonymous signatures made easy. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 31–42. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_3
Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_25
Girault, M., Lefranc, D.: Server-aided verification: theory and practice. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 605–623. Springer, Heidelberg (2005). https://doi.org/10.1007/11593447_33
Guillevic, A., Vergnaud, D.: Algorithms for outsourcing pairing computation. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 193–211. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16763-3_12
Guo, F., Mu, Y., Susilo, W., Varadharajan,V.: Server-aided signature verification for lightweight devices. Comput. J. bxt003 (2013)
Lim, C.H., Lee, P.J.: Server(Prover/Signer)-aided verification of identity proofs and signatures. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 64–78. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-49264-X_6
Pagnin, E., Mitrokotsa, A., Tanaka, K.: Anonymous single-round server-aided verification (2017). http://eprint.iacr.org/2017/794
Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 238–252. IEEE (2013)
Wang, B.: A server-aided verification signature scheme without random oracles. Int. Rev. Comput. Softw. 7, 3446 (2012)
Wang, Z.: A new construction of the server-aided verification signature scheme. Math. Comput. Model. 55(1), 97–101 (2012)
Wang, Z., Wang, L., Yang, Y., Hu, Z.: Comment on Wu et al’s server-aided verification signature schemes. IJ Netw. Secur. 10(2), 158–160 (2010)
Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_7
Wu, W., Mu, Y., Susilo, W., Huang, X.: Server-aided verification signatures: definitions and new constructions. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 141–155. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88733-1_10
Wu, W., Mu, Y., Susilo, W., Huang, X.: Provably secure server-aided verification signatures. Comput. Math. Appl. 61(7), 1705–1723 (2011)
Yang, G., Wong, D.S., Deng, X., Wang, H.: Anonymous signature schemes. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 347–363. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_23
Zhang, F., Safavi-Naini, R., Susilo, W.: An efficient signature scheme from bilinear pairings and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 277–290. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_20
Acknowledgements
We thank Dario Fiore (Assistant Research Professor) for providing useful comments on the contributions of this paper. This work was partially supported by the Japanese Society for the Promotion of Science (JSPS), summer program, the SNSF project SwissSenseSynergy and the STINT project IB 2015-6001.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Detailed Descriptions of Our SAV Schemes
A Detailed Descriptions of Our SAV Schemes
In this Appendix we present thorough descriptions of the new SAV scheme proposed in this paper (Sect. 6). The complete explanations of the algorithms in SAV\(^\mathsf{{CDS_1}}_{\mathsf{{BLS}}}\), SAV\(^\mathsf{{CDS_1}}_{\mathsf{Wat}}\) and SAV\(^{\mathsf{{CDS_2}}}_{\mathsf{{CL}}}\) are presented in Figs. 4, 5 and 6 respectively. For consistency, we adopt the multiplicative notation for describing the operation elliptic curve groups.
SAV\(^\mathsf{{CDS_1}}_{\mathsf{{BLS}}}\) : Our SAV for the BLS Signature in [3].
SAV\(^\mathsf{{CDS_1}}_{\mathsf{Wat}}\): Our SAV for the Wat Signature in [24].
SAV\(^{\mathsf{{CDS_2}}}_{\mathsf{{CL}}}\) : Our SAV for the CL Signature in [5].
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Pagnin, E., Mitrokotsa, A., Tanaka, K. (2019). Anonymous Single-Round Server-Aided Verification. In: Lange, T., Dunkelman, O. (eds) Progress in Cryptology – LATINCRYPT 2017. LATINCRYPT 2017. Lecture Notes in Computer Science(), vol 11368. Springer, Cham. https://doi.org/10.1007/978-3-030-25283-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-25283-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-25282-3
Online ISBN: 978-3-030-25283-0
eBook Packages: Computer ScienceComputer Science (R0)