Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cryptology and Information Security in Latin America

LATINCRYPT 2021: Progress in Cryptology – LATINCRYPT 2021 pp 67–87Cite as

Post-quantum Key-Blinding for Authentication in Anonymity Networks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12912))

Abstract

Anonymity networks, such as the Tor network, are highly decentralized and make heavy use of ephemeral identities. Both of these characteristics run in direct opposition to a traditional public key infrastructure, so entity authentication in an anonymity network can be a challenge. One system that Tor relies on is key-blinded signatures, which allow public keys to be transformed so that authentication is still possible, but the identity public key is masked. This is used in Tor during onion service descriptor lookup, in which a .onion address is resolved to a rendezvous point through which a client and an onion service can communicate. The mechanism currently used is based on elliptic curve signatures, so a post-quantum replacement will be needed.

We consider three fully post-quantum key-blinding schemes, and prove the unlinkability and unforgeability of all schemes in the random-oracle model. We provide a generic framework for proving unlinkability of key-blinded schemes by reducing to two properties, signing with oracle reprogramming and independent blinding. Of the three schemes, one is based on a Round 3 candidate in NIST’s post-quantum signature standardization process, Dilithium. The other two are based on much newer schemes, CSI-FiSh and LegRoast, which have more favourable characteristics for blinding. CSI-FiSh is based on isogenies and boasts a very small public key plus signature sizes, and its group action structure allows for key-blinding in a straightforward way. LegRoast uses the Picnic framework, but with the Legendre symbol PRF as a symmetric primitive, the homomorphic properties of which can be exploited to blind public keys in a novel way. Our schemes require at most small changes to parameters, and are generally almost as fast as their unblinded counterparts.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    The verifier must also be convinced that the prover did not lie about the value of \(\mathcal {L}_0^\ell (r)\). This is accomplished by having the prover commit to this value before the challenge X is issued, so that the prover cannot choose the output of the PRF in a way to help them.

References

  1. Abdalla, M., Fouque, P.-A., Lyubashevsky, V., Tibouchi, M.: Tightly secure signatures from lossy identification schemes. J. Cryptol. 29(3), 597–631 (2016)

    Article  MathSciNet  Google Scholar 

  2. Alkadri, N.A., et al.: Deterministic wallets in a quantum world. In: ACM Conference on Computer and Communications Security (CCS) 2020, pp. 1017–1031 (2020)

    Google Scholar 

  3. Barreto, P.S.L.M., Ricardini, J.E., Simplício, M.A., Jr., Patil, H.K.: qSCMS: post-quantum certificate provisioning process for V2X. Cryptology ePrint Archive, Report 2018/1247 (2018)

    Google Scholar 

  4. Baum, C., et al.: Banquet: short and fast signatures from AES. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 266–297. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75245-3_11

    Chapter  Google Scholar 

  5. Bellare, M., Rogaway, P.: Code-based game-playing proofs and the security of triple encryption. In: Vaudenay, S. (ed.) Eurocrypt 2006. LNCS, vol. 4004, pp. 40–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679

    Chapter  Google Scholar 

  6. Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_34

    Chapter  Google Scholar 

  7. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_9

    Chapter  Google Scholar 

  8. Bernstein, D.J., Hülsing, A., Kölbl, S., Niederhagen, R., Rijneveld, J., Schwabe, P.: The SPHINCS\({}^{\text{+}}\) signature framework. In: ACM Conference on Computer and Communications Security (CCS) 2019, pp. 2129–2146 (2019)

    Google Scholar 

  9. Beullens, W., de Saint Guilhem, C.D.: LegRoast. GitHub Repository (2020). https://github.com/WardBeullens/LegRoast. Accessed May 2021

  10. Beullens, W., Delpech de Saint Guilhem, C.: LegRoast: efficient post-quantum signatures from the legendre PRF. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 130–150. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44223-1_8

    Chapter  Google Scholar 

  11. Beullens, W., Kleinjung, T., Vercauteren, F.: CSI-FiSh. GitHub Repository (2019). https://github.com/KULeuven-COSIC/CSI-FiSh. Accessed May 2021

  12. Beullens, W., Kleinjung, T., Vercauteren, F.: CSI-FiSh: efficient isogeny based signatures through class group computations. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 227–247. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_9

    Chapter  Google Scholar 

  13. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    Chapter  Google Scholar 

  14. Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: ACM Conference on Computer and Communications Security (CCS) 2017, pp. 1825–1842 (2017)

    Google Scholar 

  15. Damgård, I.B.: On the randomness of Legendre and Jacobi sequences. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 163–172. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_13

    Chapter  Google Scholar 

  16. Ding, J., Chen, M.-S., Petzoldt, A., Schmidt, D., Yang, B.-Y.: Rainbow (2019). https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions

  17. Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., Stehlé, D.: CRYSTALS-Dilithium: a lattice-based digital signature scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(1), 238–268 (2018)

    Article  Google Scholar 

  18. Gutoski, G., Stebila, D.: Hierarchical deterministic bitcoin wallets that tolerate key leakage. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 497–504. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_31

    Chapter  Google Scholar 

  19. Hauck, E., Kiltz, E., Loss, J., Nguyen, N.K.: Lattice-based blind signatures, revisited. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 500–529. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_18

    Chapter  Google Scholar 

  20. Hopper, N.: Proving security of Tor’s hidden service identity blinding protocol (2013). https://www-users.cs.umn.edu/~hoppernj/basic-proof.pdf

  21. Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In: ACM Symposium on Theory of Computing (STOC) 2007, pp. 21–30 (2007)

    Google Scholar 

  22. Kiltz, E., Lyubashevsky, V., Schaffner, C.: a concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 552–586. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_18

    Chapter  MATH  Google Scholar 

  23. Liu, Z., Nguyen, K., Yang, G., Wang, H., Wong, D.S.: a lattice-based linkable ring signature supporting stealth addresses. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 726–746. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_35

    Chapter  Google Scholar 

  24. Peikert, C.: He gives C-sieves on the CSIDH. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 463–492. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_16

    Chapter  Google Scholar 

  25. Petzoldt, A., Szepieniec, A., Mohamed, M.S.E.: A practical multivariate blind signature scheme. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 437–454. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_25

    Chapter  Google Scholar 

  26. Prest, T., et al.: Falcon (2019). https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions

  27. The Tor Project, Inc., Tor Metrics (2020). https://metrics.torproject.org/. Accessed May 2020

  28. The Tor Project, Inc., Tor Rendezvous Specification - Version 3 (2020). https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt

Download references

Acknowledgements

E.E. was supported by a Natural Sciences and Engineering Research Council of Canada (NSERC) Alexander Graham Bell Canada Graduate Scholarship. D.S. was supported by NSERC Discovery grant RGPIN-2016-05146 and a Discovery Accelerator Supplement.

Author information

Authors and Affiliations

  1. University of Waterloo, Waterloo, Canada

    Edward Eaton, Douglas Stebila & Roy Stracovsky

Authors
  1. Edward Eaton
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Douglas Stebila
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Roy Stracovsky
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Edward Eaton .

Editor information

Editors and Affiliations

  1. Microsoft Research, Redmond, WA, USA

    Patrick Longa

  2. Universitat Pompeu Fabra, Barcelona, Spain

    Carla Ràfols

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Eaton, E., Stebila, D., Stracovsky, R. (2021). Post-quantum Key-Blinding for Authentication in Anonymity Networks. In: Longa, P., Ràfols, C. (eds) Progress in Cryptology – LATINCRYPT 2021. LATINCRYPT 2021. Lecture Notes in Computer Science(), vol 12912. Springer, Cham. https://doi.org/10.1007/978-3-030-88238-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-88238-9_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-88237-2

  • Online ISBN: 978-3-030-88238-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation