International Association for Cryptologic Research

International Association
for Cryptologic Research


Gregory M. Zaverucha


Short One-Time Signatures
G.M. Zaverucha D.R. Stinson
We present a new one-time signature scheme having short signatures. Our new scheme supports aggregation, batch veri fication, and admits efficient proofs of knowledge. It has a fast signing algorithm, requiring only modular additions, and its veri fication cost is comparable to ECDSA verifi cation. These properties make our scheme suitable for applications on resource-constrained devices such as smart cards and sensor nodes. Along the way, we give a unifi ed description of fi ve previous one-time signature schemes and improve parameter selection for these schemes, and as a corollary we give a fail-stop signature scheme with short signatures.
Anonymity in Shared Symmetric Key Primitives
Gregory M. Zaverucha Douglas R. Stinson
We provide a stronger definition of anonymity in the context of shared symmetric key primitives, and show that existing schemes do not provide this level of anonymity. A new scheme is presented to share symmetric key operations amongst a set of participants according to a $(t,n)$-threshold access structure. We quantify the amount of information the output of the shared operation provides about the group of participants which collaborated to produce it.
Pairing-Based Onion Routing with Improved Forward Secrecy
Aniket Kate Greg Zaverucha Ian Goldberg
This paper presents new protocols for onion routing anonymity networks. We define a provably secure privacy-preserving key agreement scheme in an identity-based infrastructure setting, and use it to forge new onion routing circuit constructions. These constructions, based on a user's selection, offer immediate or eventual forward secrecy at each node in a circuit and require significantly less computation and communication than the telescoping mechanism used by Tor. Further, the use of the identity-based infrastructure also leads to a reduction in the required amount of authenticated directory information. Therefore, our constructions provide practical ways to allow onion routing anonymity networks to scale gracefully.
A Bound on the Size of Separating Hash Families
The paper provides an upper bound on the size of a (generalised) separating hash family, a notion introduced by Stinson, Wei and Chen. The upper bound generalises and unifies several previously known bounds which apply in special cases, namely bounds on perfect hash families, frameproof codes, secure frameproof codes and separating hash families of small type.