1 a survey of the server-aided verification models
TRANSCRIPT
![Page 1: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/1.jpg)
1
A survey of the server-aided verification models
![Page 2: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/2.jpg)
2
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
![Page 3: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/3.jpg)
3
Introduction
簡單回顧從 2005 年到 2012 年之間,有關 server-aided verification (SAV) 的文章。
GL05 Wu08 Wang10
Wang11Wu11
![Page 4: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/4.jpg)
4
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
![Page 5: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/5.jpg)
5
Server-Aided Verification: Theory and Practice
Marc Girault and David Lefranc
Asiacrypt2005, pp. 605 – 623, 2005
Cites: 16
![Page 6: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/6.jpg)
6
Definitions
The model of an interactive proof of knowledge
![Page 7: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/7.jpg)
7
Definitions
Definition 1. Legitimate / Misbehaving / Cheating. In an interactive proof of knowledge between a p
rover P and a verifier V, P maybe deviates from the protocol. : legitimate : cheating : misbehaving
![Page 8: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/8.jpg)
8
Definitions
Definition 2. SAV protocol.
![Page 9: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/9.jpg)
9
Definitions
Definition 2. SAV protocol. The protocol is said to be a server-aided
verification protocol (SAV) for if: Auxiliary completeness. Auxiliary soundness. Computational saving. Auxiliary non-repudiation.
![Page 10: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/10.jpg)
10
Definitions
![Page 11: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/11.jpg)
11
Auxiliary Soundness
The final predicate Hard to know
The final predicate is construction from the predicate by randomizing it, that only the verifier known it.
Hard to solve The final predicate is construction from the predicate
such that the final predicate is computationally hard to solve.
![Page 12: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/12.jpg)
12
Security model in the case of signature scheme
To proof the soundness of a SAV protocol Assume
![Page 13: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/13.jpg)
13
SAV protocol for identification schemes
Hard-to-know-based SAV protocol
![Page 14: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/14.jpg)
14
SAV protocol for identification schemes
Hard-to-solve-based SAV protocol
![Page 15: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/15.jpg)
15
Comparison table
![Page 16: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/16.jpg)
16
Summary
提出 SAV 所需要滿足的安全性條件。 延伸原本 signature scheme 的協定,讓它具
有 server-aided 功能。
![Page 17: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/17.jpg)
17
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
![Page 18: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/18.jpg)
18
Server-Aided Verification Signatures: Definitions and New Constructions
Wei Wu, Yi Mu, Willy Susilo, and Xinyi huang
ProvSec 2008, pp. 141 – 155, 2008
Cites: 9
![Page 19: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/19.jpg)
19
Definitions
A signature scheme
![Page 20: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/20.jpg)
20
Definitions
Requirements Completeness Existential unforgeability of
Existential unforgeability under adaptive chose message attacks
![Page 21: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/21.jpg)
21
Definitions
Requirements Existential unforgeability of
Setup. C: A:
Queries. A can request qs sign queries.
Output. A outputs a pair and wins this game if
![Page 22: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/22.jpg)
22
Definitions
A server-aided verification signature scheme
The ordinary signature scheme
![Page 23: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/23.jpg)
23
Definitions
Requirements Completeness Computational saving Existential unforgeability
![Page 24: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/24.jpg)
24
Definitions Requirements
Existential unforgeability of Setup. C:
A: Queries. A can request the following queries.
qs sign queries
qv server-aided verification queries. A acts as the server, C acts as the verifier. Executing SAV-Verify, C returns the result to A at the end for
each queries. Output. A outputs a pair and wins this game if
![Page 25: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/25.jpg)
25
Definitions
![Page 26: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/26.jpg)
26
Definitions SAV- against Collusion and Adaptive chosen
message attacks Setup. C: A: Queries. A only need to make server-aided
verification queries. Output. A outputs a message m*. C chooses a
random element where is the set of valid signatures of m* as the response. A wins this game if
![Page 27: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/27.jpg)
27
SAV protocol for signature schemes
![Page 28: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/28.jpg)
28
SAV protocol for signature schemes
![Page 29: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/29.jpg)
29
SAV protocol for signature schemes
![Page 30: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/30.jpg)
30
Summary
定義 SAV 的不可偽造性。
提出 signer 與 server 共謀的攻擊。
![Page 31: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/31.jpg)
31
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
![Page 32: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/32.jpg)
32
Comment on Wu et al.’s Server-aided Verification Signature Scheme
Zhiwei Wang, Licheng Wang, Yixian Yang, and Zhengming HuInternational Journal of Network Security, Vol. 10, No. 3, pp. 204 – 206, 2010Cites: 5
![Page 33: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/33.jpg)
33
New definition of the security of SAV-Σ against collusion and adaptive chosen message attacks
An untrusted server is very likely to collude with a signature forger. Setup. C:
A: Queries. A can only make qv server-aided verificati
on queries. Output. A outputs a pair where is chosen
by A under (pkf, skf). A wins this game if
![Page 34: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/34.jpg)
34
Summary
作者認為 Wu 等人的攻擊方式不夠詳盡,於是提出一個更新的 model ,並証明 Wu 等人的 SAV-BLS 在這 model 之下是安全的。
![Page 35: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/35.jpg)
35
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
![Page 36: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/36.jpg)
36
Provably secure server-aided verification signatures
Wei Wu, Yi Mu, Willy Susilo, and Xinyi HuangComputer and Mathematics with Applications, pp. 1705 – 1723, 2011.Cites: 4
![Page 37: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/37.jpg)
37
A new construction of the server-aided verification signature scheme
Zhiwei WangMathematical and Computer Modeling, Vol. 55, Issues 1 – 2, pp. 97 – 101, 2011Cites: 1
![Page 38: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/38.jpg)
38
Outline
Introduction Survey: GL05 Survey: Wu08 Survey: Wang10 Survey: Wu11 and Wang11 Conclusion
![Page 39: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/39.jpg)
39
Comparisons
GL05 Wu08+11 Wang10+11
Proof type Interactive proof Game-based Game-based
Requirements Completeness
Soundness
Computational saving
Non-repudiation
Completeness
EUF => Soundness
Computational saving
Completeness+
Soundness+
Computational saving+
Attacks Classical attacks EUF
Collusion and ACMA
Collusion and ACMA
Proposed schemes 3 3+6 2+1
![Page 40: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/40.jpg)
40
The different of the definition of the against collusion and ACMA
![Page 41: 1 A survey of the server-aided verification models](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649f145503460f94c29265/html5/thumbnails/41.jpg)
41
Conclusions
Models EUF => Soundness The different of the definition of the against
collusion and ACMA More rational attack model
Multi-signer Multi-server Server collude with a misbehaving verifier