Abstract
The goal of this research is to raise technical doubts regarding the usefulness of the repeated attempts by governments to curb Cryptography (aka the “Crypto Wars”), and argue that they, in fact, cause more damage than adding effective control. The notion of Anamorphic Encryption was presented in Eurocrypt’22 for a similar aim. There, despite the presence of a Dictator who possesses all keys and knows all messages, parties can arrange a hidden “anamorphic” message in an otherwise indistinguishable from regular ciphertexts (wrt the Dictator).
In this work, we postulate a stronger cryptographic control setting where encryption does not exist (or is neutralized) since all communication is passed through the Dictator in, essentially, cleartext mode (or otherwise, when secure channels to and from the Dictator are the only confidentiality mechanism). Messages are only authenticated to assure recipients of the identity of the sender. We ask whether security against the Dictator still exists, even under such a strict regime which allows only authentication (i.e., authenticated/ signed messages) to pass end-to-end, and where received messages are determined by/ known to the Dictator, and the Dictator also eventually gets all keys to verify compliance of past signing. To frustrate the Dictator, this authenticated message setting gives rise to the possible notion of anamorphic channels inside signature and authentication schemes, where parties attempt to send undetectable secure messages (or other values) using signature tags which are indistinguishable from regular tags. We define and present implementation of schemes for anamorphic signature and authentication; these are applicable to existing and standardized signature and authentication schemes which were designed independently of the notion of anamorphic messages. Further, some cornerstone constructions of the foundations of signatures, in fact, introduce anamorphism.
The extended version of this paper, including extra results and proofs, is available as [17].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the Fiat-Shamir transform: minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 418–433. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_28
Beth, T.: Efficient zero-knowledge identification scheme for smart cards. In: Günther, C.G. (ed.) EUROCRYPT’88. LNCS, vol. 330, pp. 77–84. Springer, Heidelberg (1988)
Brickell, E.F., McCurley, K.S.: An interactive identification scheme based on discrete logarithms and factoring. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 63–71. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46877-3_6
Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_13
Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_7
Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_19
Davies, D.W.: Applying the RSA digital signature to electronic mail. Computer 16(2), 55–62 (1983)
Digital Signature Standard (DSS). National Institute of Standards and Technology (NIST), FIPS PUB 186–4, U.S. Department of Commerce, July (2013)
Durumeric, Z., et al.: The security impact of HTTPS interception. In: NDSS 2017. The Internet Society, February/March (2017)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_2
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO’86. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Girault, M.: An identity-based identification scheme based on discrete logarithms modulo a composite number (rump session). In: Damgård, I. (ed.) EUROCRYPT’90. LNCS, vol. 473, pp. 481–486. Springer, Heidelberg (1991)
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design (extended abstract). In: 27th FOCS, pages 174–187. IEEE Computer Society Press, October (1986)
Goyal, R., Kim, S., Manohar, N., Waters, B., David, J.W.: Watermarking public-key cryptographic primitives. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. Part III, volume 11694 of LNCS, pp. 367–398. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-26954-8_12
Guillou, L.C., Quisquater, J.-J.: A “Paradoxical’’ indentity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_16
Hopper, N., Molnar, D., Wagner, D.: From weak to strong watermarking. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 362–382. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_20
Kutyłowski, M., Persiano, G., Hieu Phan, D., Yung, M., Zawada, M.: Anamorphic signatures: secrecy from a dictator who only permits authentication! Cryptology ePrint Archive, Report 2023/356 (2023). https://eprint.iacr.org/2023/356
Lamport, L.: Constructing digital signatures from a one-way function. Technical Report SRI-CSL-98, SRI International Computer Science Laboratory, October (1979)
Micali, S., Shamir, A.: An improvement of the Fiat-Shamir identification and signature scheme. In: Goldwasser, S. (ed.) CRYPTO’88. LNCS, vol. 403, pp. 244–247. Springer, Heidelberg (1990)
Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: 21st ACM STOC, pp. 33–43. ACM Press, May (1989)
Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO’92. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_3
Ong, H., Schnorr, C.P.: Fast signature generation with a Fiat Shamir — like scheme. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 432–440. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46877-3_38
Persiano, G., Hieu Phan, D., Yung, M.: Anamorphic encryption: private communication against a dictator. In: Dunkelman, O., Dziembowski, S., editors, EUROCRYPT 2022, Part II, volume 13276 of LNCS, pp. 34–63. Springer, Heidelberg, May/June (2022). https://doi.org/10.1007/978-3-031-07085-3_2
Pointcheval, D.: A new identification scheme based on the perceptrons problem. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT’95. LNCS, vol. 921, pp. 319–328. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-49264-X_26
Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT’96. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_33
Rivest, R.L.: Chaffing and Winnowing: confidentiality without encryption (1998). https://people.csail.mit.edu/rivest/pubs/Riv98a.prepub.txt
Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: 22nd ACM STOC, pp. 387–394. ACM Press, May (1990)
Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Cliptography: clipping the power of kleptographic attacks. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 34–64. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_2
Schnorr, C.-P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)
Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Chaum, D., editor, CRYPTO’83, pp. 51–67. Plenum Press, New York, USA (1983)
Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_2
Young, A., Yung, M.: The dark side of “Black-Box’’ cryptography or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_8
Acknowledgment
The first and the last author have been supported by the National Centre for Research and Development (Warsaw), project ESCAPE PL-TW/VII/5/2020.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Kutyłowski, M., Persiano, G., Phan, D.H., Yung, M., Zawada, M. (2023). Anamorphic Signatures: Secrecy from a Dictator Who Only Permits Authentication!. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14082. Springer, Cham. https://doi.org/10.1007/978-3-031-38545-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-38545-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38544-5
Online ISBN: 978-3-031-38545-2
eBook Packages: Computer ScienceComputer Science (R0)
