Abstract
Web services are service-oriented computing technology which allows computers running different operating domains to access and share each other’s databases. Each web service is an application (like online business) which may require the private information of users. Thus, it will be important to preserve these web users’ individual privacy. The traditional approaches to achieve this goal in web security is to use the cryptographic technologies, such as digital signature, NIZK proof system. Whereas, some recent research results indicate that these cryptographic technologies may suffer from the algorithm substitution attack (ASA). ASA means that the cryptographic technology would be embedded some backdoor in the process of its implementation by the attacker, and with the backdoor information the attacker can steal the user’s private information. To address this problem, the concept of cryptographic reverse firewall (CRF) has been introduced, which could sanitize the messages inputting and outputting the user’s computer. In this paper, we construct the CRFs for the efficient Pointcheval-Sanders (PS) signature as well as the NIZK proof system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Boncella, R.J.: Web and web security. Commun. Assoc. Inf. Syst. 14(1), 344–363 (2004)
Bertino, E., Martino, L., Paci, F., et al.: Security for Web Services and Service-Oriented Architectures. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-87742-4
Ra, G., Kim, T., Lee, I.: VAIM: verifiable anonymous identity management for human-centric security and privacy in the internet of things. IEEE Access 9(2021), 75945–75960 (2021)
Xu, L., Jiang, C., Wang, J., et al.: Information security in big data: privacy and data mining. IEEE Access 2(2014), 1149–1176 (2014)
Crampton, J., Lim, H.W., Paterson, K.G.: What can identity-based cryptography offer to web services? In: Proceedings of the 2007 ACM workshop on Secure Web Services, pp. 26–36 (2007)
Chen, R., Huang, X., Yung, M.: Subvert KEM to break DEM: practical algorithm-substitution attacks on public-key encryption. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 98–128. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_4
Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_6
Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signature schemes. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 364–375 (2015)
Dodis, Y., Mironov, I., Stephens-Davidowitz, N.: Message transmission with reverse firewalls—secure communication on corrupted machines. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 341–372. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_13
Ouyang, M., Wang, Z., Li, F.: Digital signature with cryptographic reverse firewalls. J. Syst. Archit. 116(2021), 102029 (2021)
Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_1
Mironov, I., Stephens-Davidowitz, N.: Cryptographic reverse firewalls. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 657–686. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_22
Kang, B., Meng, X., Zhang, L., et al.: Nonce-based key agreement protocol against bad randomness. Int. J. Found. Comput. Sci. 30(04), 619–633 (2021)
Kang, B., Huang, Z., Zhang, L.: Selective-opening security for public-key encryption in the presence of parameter subversion. In: Security and Communication Networks, 2021 (2021)
Meng, X., Zhang, L., Kang, B.: Fast secure and anonymous key agreement against bad randomness for cloud computing. IEEE Trans. Cloud Comput. (2020). https://doi.org/10.1109/TCC.2020.3008795
Zhang, L., Kang, B., Dai, F., et al.: Hybrid and hierarchical aggregation-verification scheme for VANET. IEEE Trans. Veh. Technol. (2022). https://doi.org/10.1109/TVT.2022.3189540
Baudet, M., Sonnino, A., Kelkar, M., et al.: Zef: low-latency, scalable, private payments. arXiv preprint arXiv:2201.05671 (2022)
Chow, S.S.M., Russell, A., Tang, Q., Yung, M., Zhao, Y., Zhou, H.-S.: Let a non-barking watchdog bite: cliptographic signatures with an offline watchdog. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11442, pp. 221–251. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17253-4_8
Russell, A., Tang, Q., Yung, M., et al.: Generic semantic security against a kleptographic adversary. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 907–922 (2017)
Fischlin, M., Mazaheri, S.: Self-guarding cryptographic protocols against algorithm substitution attacks. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 76–90. IEEE (2018)
Chakraborty, S., Dziembowski, S., Nielsen, J.B.: Reverse firewalls for actively secure MPCs. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 732–762. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_26
Ganesh, C., Magri, B., Venturi, D.: Cryptographic reverse firewalls for interactive proof systems. Theoret. Comput. Sci. 855(2021), 104–132 (2021)
Eastlake, D., Reagle, J., Solo, D., et al.: XML-signature syntax and processing. W3C recommendation, December 2002
Wang, Y., Chen, R., Liu, C., et al.: Asymmetric subversion attacks on signature and identification schemes. Pers. Ubiquitous Comput. 1–14 (2019)
Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an untrusted CRS: security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 777–804. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_26
Fuchsbauer, G.: Subversion-zero-knowledge SNARKs. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 315–347. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_11
Baghery, K.: Subversion-resistant simulation (knowledge) sound NIZKs. In: Albrecht, M. (ed.) IMACC 2019. LNCS, vol. 11929, pp. 42–63. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35199-1_3
Berndt, S., Wichelmann, J., Pott, C., et al.: ASAP: algorithm substitution attacks on cryptographic protocols. In: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 712–726 (2022)
Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008)
Kilian, J., Petrank, E.: An efficient noninteractive zero-knowledge proof system for NP with general assumptions. J. Cryptol. 11(1), 1–27 (1998)
Dodis, Y., Ganesh, C., Golovnev, A., Juels, A., Ristenpart, T.: A formal treatment of backdoored pseudorandom generators. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 101–126. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_5
Pointcheval, D., Sanders, O.: Short randomizable signatures. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 111–126. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_7
Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_7
Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_24
Acknowledgement
This work is supported in part by the National Key R &D program of China (No. 2017YFB0802000); by the NSF of China under Grants 61972159; by the Foundation of Science and Technology on Communication Security Laboratory of China (No. 61421030108012104).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this paper
Cite this paper
Kang, B., Zhang, L., Yang, Y., Meng, X. (2023). CRFs for Digital Signature and NIZK Proof System in Web Services. In: Meng, W., Lu, R., Min, G., Vaidya, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2022. Lecture Notes in Computer Science, vol 13777. Springer, Cham. https://doi.org/10.1007/978-3-031-22677-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-22677-9_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22676-2
Online ISBN: 978-3-031-22677-9
eBook Packages: Computer ScienceComputer Science (R0)