Skip to main content
SpringerLink
Log in

CRFs for Digital Signature and NIZK Proof System in Web Services

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13777))

Abstract

Web services are service-oriented computing technology which allows computers running different operating domains to access and share each other’s databases. Each web service is an application (like online business) which may require the private information of users. Thus, it will be important to preserve these web users’ individual privacy. The traditional approaches to achieve this goal in web security is to use the cryptographic technologies, such as digital signature, NIZK proof system. Whereas, some recent research results indicate that these cryptographic technologies may suffer from the algorithm substitution attack (ASA). ASA means that the cryptographic technology would be embedded some backdoor in the process of its implementation by the attacker, and with the backdoor information the attacker can steal the user’s private information. To address this problem, the concept of cryptographic reverse firewall (CRF) has been introduced, which could sanitize the messages inputting and outputting the user’s computer. In this paper, we construct the CRFs for the efficient Pointcheval-Sanders (PS) signature as well as the NIZK proof system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Boncella, R.J.: Web and web security. Commun. Assoc. Inf. Syst. 14(1), 344–363 (2004)

    Google Scholar 

  2. Bertino, E., Martino, L., Paci, F., et al.: Security for Web Services and Service-Oriented Architectures. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-87742-4

    Book  Google Scholar 

  3. Ra, G., Kim, T., Lee, I.: VAIM: verifiable anonymous identity management for human-centric security and privacy in the internet of things. IEEE Access 9(2021), 75945–75960 (2021)

    Article  Google Scholar 

  4. Xu, L., Jiang, C., Wang, J., et al.: Information security in big data: privacy and data mining. IEEE Access 2(2014), 1149–1176 (2014)

    Google Scholar 

  5. Crampton, J., Lim, H.W., Paterson, K.G.: What can identity-based cryptography offer to web services? In: Proceedings of the 2007 ACM workshop on Secure Web Services, pp. 26–36 (2007)

    Google Scholar 

  6. Chen, R., Huang, X., Yung, M.: Subvert KEM to break DEM: practical algorithm-substitution attacks on public-key encryption. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 98–128. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_4

    Chapter  Google Scholar 

  7. Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_6

    Chapter  Google Scholar 

  8. Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signature schemes. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 364–375 (2015)

    Google Scholar 

  9. Dodis, Y., Mironov, I., Stephens-Davidowitz, N.: Message transmission with reverse firewalls—secure communication on corrupted machines. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 341–372. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_13

    Chapter  Google Scholar 

  10. Ouyang, M., Wang, Z., Li, F.: Digital signature with cryptographic reverse firewalls. J. Syst. Archit. 116(2021), 102029 (2021)

    Article  Google Scholar 

  11. Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_1

    Chapter  Google Scholar 

  12. Mironov, I., Stephens-Davidowitz, N.: Cryptographic reverse firewalls. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 657–686. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_22

    Chapter  Google Scholar 

  13. Kang, B., Meng, X., Zhang, L., et al.: Nonce-based key agreement protocol against bad randomness. Int. J. Found. Comput. Sci. 30(04), 619–633 (2021)

    Google Scholar 

  14. Kang, B., Huang, Z., Zhang, L.: Selective-opening security for public-key encryption in the presence of parameter subversion. In: Security and Communication Networks, 2021 (2021)

    Google Scholar 

  15. Meng, X., Zhang, L., Kang, B.: Fast secure and anonymous key agreement against bad randomness for cloud computing. IEEE Trans. Cloud Comput. (2020). https://doi.org/10.1109/TCC.2020.3008795

    Article  Google Scholar 

  16. Zhang, L., Kang, B., Dai, F., et al.: Hybrid and hierarchical aggregation-verification scheme for VANET. IEEE Trans. Veh. Technol. (2022). https://doi.org/10.1109/TVT.2022.3189540

    Article  Google Scholar 

  17. Baudet, M., Sonnino, A., Kelkar, M., et al.: Zef: low-latency, scalable, private payments. arXiv preprint arXiv:2201.05671 (2022)

  18. Chow, S.S.M., Russell, A., Tang, Q., Yung, M., Zhao, Y., Zhou, H.-S.: Let a non-barking watchdog bite: cliptographic signatures with an offline watchdog. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11442, pp. 221–251. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17253-4_8

    Chapter  Google Scholar 

  19. Russell, A., Tang, Q., Yung, M., et al.: Generic semantic security against a kleptographic adversary. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 907–922 (2017)

    Google Scholar 

  20. Fischlin, M., Mazaheri, S.: Self-guarding cryptographic protocols against algorithm substitution attacks. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 76–90. IEEE (2018)

    Google Scholar 

  21. Chakraborty, S., Dziembowski, S., Nielsen, J.B.: Reverse firewalls for actively secure MPCs. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 732–762. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_26

    Chapter  Google Scholar 

  22. Ganesh, C., Magri, B., Venturi, D.: Cryptographic reverse firewalls for interactive proof systems. Theoret. Comput. Sci. 855(2021), 104–132 (2021)

    Article  MathSciNet  MATH  Google Scholar 

  23. Eastlake, D., Reagle, J., Solo, D., et al.: XML-signature syntax and processing. W3C recommendation, December 2002

    Google Scholar 

  24. Wang, Y., Chen, R., Liu, C., et al.: Asymmetric subversion attacks on signature and identification schemes. Pers. Ubiquitous Comput. 1–14 (2019)

    Google Scholar 

  25. Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an untrusted CRS: security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 777–804. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_26

    Chapter  MATH  Google Scholar 

  26. Fuchsbauer, G.: Subversion-zero-knowledge SNARKs. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 315–347. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_11

    Chapter  Google Scholar 

  27. Baghery, K.: Subversion-resistant simulation (knowledge) sound NIZKs. In: Albrecht, M. (ed.) IMACC 2019. LNCS, vol. 11929, pp. 42–63. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35199-1_3

    Chapter  Google Scholar 

  28. Berndt, S., Wichelmann, J., Pott, C., et al.: ASAP: algorithm substitution attacks on cryptographic protocols. In: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 712–726 (2022)

    Google Scholar 

  29. Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  30. Kilian, J., Petrank, E.: An efficient noninteractive zero-knowledge proof system for NP with general assumptions. J. Cryptol. 11(1), 1–27 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  31. Dodis, Y., Ganesh, C., Golovnev, A., Juels, A., Ristenpart, T.: A formal treatment of backdoored pseudorandom generators. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 101–126. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_5

    Chapter  Google Scholar 

  32. Pointcheval, D., Sanders, O.: Short randomizable signatures. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 111–126. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_7

    Chapter  Google Scholar 

  33. Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_7

    Chapter  Google Scholar 

  34. Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_24

    Chapter  Google Scholar 

Download references

Acknowledgement

This work is supported in part by the National Key R &D program of China (No. 2017YFB0802000); by the NSF of China under Grants 61972159; by the Foundation of Science and Technology on Communication Security Laboratory of China (No. 61421030108012104).

Author information

Authors and Affiliations

  1. Engineering Research Center of Software/Hardware Co-design Technology and Application, Ministry of Education, East China Normal University, Shanghai, 200062, China

    Burong Kang, Lei Zhang & Xinyu Meng

  2. Science and Technology on Communication Security Laboratory, 610041, Sichuan, China

    Burong Kang, Lei Zhang & Xinyu Meng

  3. Research Institute of China Telecom Corporation Limited, Shanghai, 200062, China

    Burong Kang

  4. School of Computer Science, Fudan University, Shanghai, 200433, China

    Yafang Yang

Authors
  1. Burong Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yafang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xinyu Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lei Zhang .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  2. University of New Brunswick, Fredericton, NB, Canada

    Rongxing Lu

  3. University of Exeter, Exeter, UK

    Geyong Min

  4. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kang, B., Zhang, L., Yang, Y., Meng, X. (2023). CRFs for Digital Signature and NIZK Proof System in Web Services. In: Meng, W., Lu, R., Min, G., Vaidya, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2022. Lecture Notes in Computer Science, vol 13777. Springer, Cham. https://doi.org/10.1007/978-3-031-22677-9_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22677-9_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22676-2

  • Online ISBN: 978-3-031-22677-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation