International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Jan Camenisch

Publications

Year
Venue
Title
2019
ASIACRYPT
iUC: Flexible Universal Composability Made Simple
Proving the security of complex protocols is a crucial and very challenging task. A widely used approach for reasoning about such protocols in a modular way is universal composability. A perfect model for universal composability should provide a sound basis for formal proofs and be very flexible in order to allow for modeling a multitude of different protocols. It should also be easy to use, including useful design conventions for repetitive modeling aspects, such as corruption, parties, sessions, and subroutine relationships, such that protocol designers can focus on the core logic of their protocols.While many models for universal composability exist, including the UC, GNUC, and IITM models, none of them has achieved this ideal goal yet. As a result, protocols cannot be modeled faithfully and/or using these models is a burden rather than a help, often even leading to underspecified protocols and formally incorrect proofs.Given this dire state of affairs, the goal of this work is to provide a framework for universal composability which combines soundness, flexibility, and usability in an unmatched way. Developing such a security framework is a very difficult and delicate task, as the long history of frameworks for universal composability shows.We build our framework, called iUC, on top of the IITM model, which already provides soundness and flexibility while lacking sufficient usability. At the core of iUC is a single simple template for specifying essentially arbitrary protocols in a convenient, formally precise, and flexible way. We illustrate the main features of our framework with example functionalities and realizations.
2019
JOFC
On the Impossibility of Structure-Preserving Deterministic Primitives
In structure-preserving cryptography over bilinear groups, cryptographic schemes are restricted to exchange group elements only, and their correctness must be verifiable only by evaluating pairing product equations. Several primitives, such as structure-preserving signatures, commitments, and encryption schemes, have been proposed. Although deterministic primitives, such as verifiable pseudorandom functions or verifiable unpredictable functions, play an important role in the construction of cryptographic protocols, no structure-preserving realizations of them are known. This is not coincident: In this paper, we show that it is impossible to construct algebraic structure-preserving deterministic primitives that provide provability, uniqueness, and unpredictability. This includes verifiable random functions, unique signatures, and verifiable unpredictable functions as special cases. The restriction of structure-preserving primitives to be algebraic is natural, otherwise it would not be known how to verify correctness only by evaluating pairing product equations. We further extend our negative result to pseudorandom functions and deterministic public key encryption as well as non-strictly structure-preserving primitives, where target group elements are also allowed in their ranges and public keys.
2018
EUROCRYPT
2017
PKC
2017
CRYPTO
2016
CRYPTO
2016
PKC
2016
ASIACRYPT
2015
JOFC
2015
PKC
2015
ASIACRYPT
2014
CRYPTO
2014
TCC
2014
ASIACRYPT
2012
TCC
2012
JOFC
Batch Verification of Short Signatures
With computer networks spreading into a variety of new environments, the need to authenticate and secure communication grows. Many of these new environments have particular requirements on the applicable cryptographic primitives. For instance, a frequent requirement is that the communication overhead inflicted be small and that many messages be processable at the same time. In this paper, we consider the suitability of public key signatures in the latter scenario. That is, we consider (1) signatures that are short and (2) cases where many signatures from (possibly) different signers on (possibly) different messages can be verified quickly. Prior work focused almost exclusively on batching signatures from the same signer.We propose the first batch verifier for messages from many (certified) signers without random oracles and with a verification time where the dominant operation is independent of the number of signatures to verify. We further propose a new signature scheme with very short signatures, for which batch verification for many signers is also highly efficient. Combining our new signatures with the best known techniques for batching certificates from the same authority, we get a fast batch verifier for certificates and messages combined. Although our new signature scheme has some restrictions, it is very efficient and still practical for some communication applications.
2011
PKC
2011
ASIACRYPT
2011
ASIACRYPT
2010
TCC
2010
TCC
2010
CRYPTO
2009
PKC
2009
PKC
2009
EUROCRYPT
2009
EUROCRYPT
2009
CRYPTO
2008
ASIACRYPT
2007
EUROCRYPT
2007
EUROCRYPT
2005
CRYPTO
2005
EUROCRYPT
2005
PKC
2004
CRYPTO
2003
CRYPTO
2002
CRYPTO
2002
CRYPTO
2001
CRYPTO
2001
EUROCRYPT
2000
ASIACRYPT
2000
ASIACRYPT
2000
CRYPTO
2000
CRYPTO
2000
EUROCRYPT
1999
CRYPTO
1999
EUROCRYPT
1998
ASIACRYPT
1997
CRYPTO
1997
EUROCRYPT
1995
EUROCRYPT
1994
EUROCRYPT

Program Committees

Eurocrypt 2018
Eurocrypt 2015
Crypto 2013
PKC 2009
Crypto 2005
Eurocrypt 2004 (Program chair)
Crypto 2003
Eurocrypt 2001
Crypto 2001