2022
|
May, Alexander; Zweydinger, Floyd Legendre PRF (Multiple) Key Attacks and the Power of Preprocessing Inproceedings 35th IEEE Computer Security Foundations Symposium, pp. 11, IEEE, 2022. Links | BibTeX @inproceedings{May2022,
title = {Legendre PRF (Multiple) Key Attacks and the Power of Preprocessing},
author = {Alexander May and Floyd Zweydinger},
url = {https://iblockchain-projekt.de/wp-content/uploads/2021/08/2021-645.pdf
https://eprint.iacr.org/2021/645
https://www.ieee-security.org/TC/CSF2022/index.html},
year = {2022},
date = {2022-08-01},
booktitle = {35th IEEE Computer Security Foundations Symposium},
pages = {11},
publisher = {IEEE},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
|
2021
|
Das, Poulami; Erwig, Andreas; Faust, Sebastian; Loss, Julian; Riahi, Siavash The Exact Security of BIP32 Wallets Inproceedings CCS ’21- Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2021. BibTeX @inproceedings{Das2021,
title = {The Exact Security of BIP32 Wallets},
author = {Poulami Das and Andreas Erwig and Sebastian Faust and Julian Loss and Siavash Riahi
},
year = {2021},
date = {2021-11-15},
booktitle = {CCS ’21- Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security},
publisher = {ACM},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
|
Döttling, Nico; Hartmann, Dominik; Hofheinz, Dennis; Kiltz, Eike; Schäge, Sven; Ursu, Bogdan On the Impossibility of Purely Algebraic Signatures Inproceedings Theory of Cryptography (TCC 2021), Springer International Publishing, 2021. Abstract | Links | BibTeX @inproceedings{Döttling2021,
title = {On the Impossibility of Purely Algebraic Signatures},
author = {Nico Döttling and Dominik Hartmann and Dennis Hofheinz and Eike Kiltz and Sven Schäge and Bogdan Ursu},
url = {https://eprint.iacr.org/2021/738},
year = {2021},
date = {2021-11-08},
booktitle = {Theory of Cryptography (TCC 2021)},
publisher = {Springer International Publishing},
abstract = {The existence of one-way functions implies secure digital signatures, but not public-key encryption (at least in a black-box setting). Somewhat surprisingly, though, efficient public-key encryption schemes appear to be much easier to construct from concrete algebraic assumptions (such as the factoring of Diffie-Hellman-like assumptions) than efficient digital signature schemes. In this work, we provide one reason for this apparent difficulty to construct efficient signature schemes.
Specifically, we prove that a wide range of algebraic signature schemes (in which verification essentially checks a number of linear equations over a group) fall to conceptually surprisingly simple linear algebra attacks. In fact, we prove that in an algebraic signature scheme, sufficiently many signatures can be linearly combined to a signature of a fresh message. We present attacks both in known-order and hidden-order groups (although in hidden-order settings, we have to restrict our definition of algebraic signatures a little). More explicitly, we show: - the insecurity of all signature schemes in Maurer's generic group model (in pairing-free groups), as long as the signature schemes do not rely on other cryptographic assumptions, such as hash functions. - the insecurity of a natural class of signatures in hidden-order groups, where verification consists of linear equations over group elements.
We believe that this highlights the crucial role of public verifiability in digital signature schemes. Namely, while public-key encryption schemes do not require any publicly verifiable structure on ciphertexts, it is exactly this structure on signatures that invites attacks like ours and makes it hard to construct efficient signatures. },
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The existence of one-way functions implies secure digital signatures, but not public-key encryption (at least in a black-box setting). Somewhat surprisingly, though, efficient public-key encryption schemes appear to be much easier to construct from concrete algebraic assumptions (such as the factoring of Diffie-Hellman-like assumptions) than efficient digital signature schemes. In this work, we provide one reason for this apparent difficulty to construct efficient signature schemes.
Specifically, we prove that a wide range of algebraic signature schemes (in which verification essentially checks a number of linear equations over a group) fall to conceptually surprisingly simple linear algebra attacks. In fact, we prove that in an algebraic signature scheme, sufficiently many signatures can be linearly combined to a signature of a fresh message. We present attacks both in known-order and hidden-order groups (although in hidden-order settings, we have to restrict our definition of algebraic signatures a little). More explicitly, we show: - the insecurity of all signature schemes in Maurer's generic group model (in pairing-free groups), as long as the signature schemes do not rely on other cryptographic assumptions, such as hash functions. - the insecurity of a natural class of signatures in hidden-order groups, where verification consists of linear equations over group elements.
We believe that this highlights the crucial role of public verifiability in digital signature schemes. Namely, while public-key encryption schemes do not require any publicly verifiable structure on ciphertexts, it is exactly this structure on signatures that invites attacks like ours and makes it hard to construct efficient signatures. |
Amler, Hendrik; Eckey, Lisa; Faust, Sebastian; Kaiser, Marcel; Sandner, Philipp; Schlosser, Benjamin DeFi-ning DeFi: Challenges & Pathway Miscellaneous arXiv eprint report arXiv:2101.05589, 2021. Abstract | Links | BibTeX @misc{Amler2021,
title = {DeFi-ning DeFi: Challenges & Pathway},
author = {Hendrik Amler and Lisa Eckey and Sebastian Faust and Marcel Kaiser and Philipp Sandner and Benjamin Schlosser},
url = {https://arxiv.org/pdf/2101.05589.pdf},
year = {2021},
date = {2021-01-14},
journal = {arXiv},
number = {2101.05589},
abstract = {The decentralized and trustless nature of cryptocurrencies and blockchain technology leads to a shift in the digital world. The possibility to execute small programs, called smart contracts, on cryptocurrencies like Ethereum opened doors to countless new applications. One particular exciting use case is decentralized finance (DeFi), which aims to revolutionize traditional financial services by founding them on a decentralized infrastructure. We show the potential of DeFi by analyzing its advantages compared to traditional finance. Additionally, we survey the state-of-the-art of DeFi products and categorize existing services. Since DeFi is still in its infancy, there are countless hurdles for mass adoption. We discuss the most prominent challenges and point out possible solutions. Finally, we analyze the economics behind DeFi products. By carefully analyzing the state-of-the-art and discussing current challenges, we give a perspective on how the DeFi space might develop in the near future.},
howpublished = {arXiv eprint report arXiv:2101.05589},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
The decentralized and trustless nature of cryptocurrencies and blockchain technology leads to a shift in the digital world. The possibility to execute small programs, called smart contracts, on cryptocurrencies like Ethereum opened doors to countless new applications. One particular exciting use case is decentralized finance (DeFi), which aims to revolutionize traditional financial services by founding them on a decentralized infrastructure. We show the potential of DeFi by analyzing its advantages compared to traditional finance. Additionally, we survey the state-of-the-art of DeFi products and categorize existing services. Since DeFi is still in its infancy, there are countless hurdles for mass adoption. We discuss the most prominent challenges and point out possible solutions. Finally, we analyze the economics behind DeFi products. By carefully analyzing the state-of-the-art and discussing current challenges, we give a perspective on how the DeFi space might develop in the near future. |
Erwig, Andreas; Faust, Sebastian; Hostáková, Kristina; Maitra, Monosij; Riahi, Siavash Two-Party Adaptor Signatures From Identification Schemes Miscellaneous Cryptology ePrint Archive, Report 2021/150, 2021. Abstract | Links | BibTeX @misc{cryptoeprint:2021:150,
title = {Two-Party Adaptor Signatures From Identification Schemes},
author = {Andreas Erwig and Sebastian Faust and Kristina Hostáková and Monosij Maitra and Siavash Riahi},
url = {https://eprint.iacr.org/2021/150},
year = {2021},
date = {2021-01-01},
abstract = {Adaptor signatures are a novel cryptographic primitive with important applications for cryptocurrencies. They have been used to construct second layer solutions such as payment channels or cross-currency swaps. The basic idea of an adaptor signature scheme is to tie the signing process to the revelation of a secret value in the sense that, much like a regular signature scheme, an adaptor signature scheme can authenticate messages, but simultaneously leaks a secret to certain parties. Recently, Aumayr et al. provide the first formalization of adaptor signature schemes, and present provably secure constructions from ECDSA and Schnorr signatures. Unfortunately, the formalization and constructions given in this work have two limitations: (1) current schemes are limited to ECDSA and Schnorr signatures, and no
generic transformation for constructing adaptor signatures is known; (2) they do not offer support for aggregated two-party signing, which can significantly reduce the blockchain footprint in applications of adaptor signatures.
In this work, we address these two shortcomings. First, we show that signature schemes that are constructed from identification (ID) schemes, which additionally satisfy certain homomorphic properties, can generically be transformed into adaptor signature schemes. We further provide an impossibility result which proves that unique signature schemes (e.g., the BLS scheme) cannot be transformed into an adaptor signature scheme. In addition, we define two-party adaptor signature schemes with aggregatable public keys and show how to instantiate them via a generic transformation from ID-based signature schemes. Finally, we give instantiations of our generic transformations for the Schnorr, Katz-Wang and Guillou-Quisquater signature schemes.},
howpublished = {Cryptology ePrint Archive, Report 2021/150},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Adaptor signatures are a novel cryptographic primitive with important applications for cryptocurrencies. They have been used to construct second layer solutions such as payment channels or cross-currency swaps. The basic idea of an adaptor signature scheme is to tie the signing process to the revelation of a secret value in the sense that, much like a regular signature scheme, an adaptor signature scheme can authenticate messages, but simultaneously leaks a secret to certain parties. Recently, Aumayr et al. provide the first formalization of adaptor signature schemes, and present provably secure constructions from ECDSA and Schnorr signatures. Unfortunately, the formalization and constructions given in this work have two limitations: (1) current schemes are limited to ECDSA and Schnorr signatures, and no
generic transformation for constructing adaptor signatures is known; (2) they do not offer support for aggregated two-party signing, which can significantly reduce the blockchain footprint in applications of adaptor signatures.
In this work, we address these two shortcomings. First, we show that signature schemes that are constructed from identification (ID) schemes, which additionally satisfy certain homomorphic properties, can generically be transformed into adaptor signature schemes. We further provide an impossibility result which proves that unique signature schemes (e.g., the BLS scheme) cannot be transformed into an adaptor signature scheme. In addition, we define two-party adaptor signature schemes with aggregatable public keys and show how to instantiate them via a generic transformation from ID-based signature schemes. Finally, we give instantiations of our generic transformations for the Schnorr, Katz-Wang and Guillou-Quisquater signature schemes. |
