Amandine Jambert

On extended sanitizable signature schemes

Sanitizable signature schemes allow a semi-trusted entity to modify some specific portions of a signed message while keeping a valid signature of the original off-line signer. In this paper, we give a new secure sanitizable signature scheme which is, to the best of our knowledge, the most efficient construction with such a high level of security. We also enhance the Brzuska et al. model on sanitizable signature schemes by adding new features. We thus model the way to limit the set of possible modifications on a single block, the way to force the same modifications on different admissible blocks, and the way to limit both the number of modifications of admissible blocks and the number of versions of a signed message. We finally present two cryptanalysis on proposals for two of these features due to Klonowski and Lauks at ICISC 2006 and propose some new practical constructions for two of them.

Batch Groth-Sahai

In 2008, Groth and Sahai proposed a general methodology for constructing non-interactive zeroknowledge (and witness-indistinguishable) proofs in bilinear groups. While avoiding expensive NP-reductions, these proof systems are still inefficient due to a number of pairing computations required for verification. We apply recent techniques of batch verification to the Groth-Sahai proof systems and manage to improve significantly the complexity of proof verification. We give explicit batch verification formulas for generic Groth-Sahai equations (whose cost is less than a tenth of the original) and also for specific popular protocols relying on their methodology (namely Groth’s group signatures and Belenkiy-Chase-Kohlweiss-Lysyanskaya’s P-signatures).

Sanitizable signatures with several signers and sanitizers

Sanitizable signatures allow a signer of a message to give one specific receiver, called a sanitizer, the power to modify some designated parts of the signed message. Most of the existing constructions consider one single signer giving such a possibility to one single sanitizer. In this paper, we formalize the concept with n signers and m sanitizers, taking into account recent models (for 1 signer and 1 sanitizer) on the subject. We next give a generic construction based on the use of both group signatures and a new cryptographic building block, called a trapdoor or proof, that may be of independent interest.

New Results for the Practical Use of Range Proofs

Zero-knowledge proofs of knowledge are now used in numerous applications and permit to prove the knowledge of secrets with many (complex) properties. Among them, the proof that a secret lies in a given interval is very useful in the context of electronic voting, e-cash or anonymous credentials. In this paper, we propose new contributions to the practical use of these so-called range proofs, for which several types of methods exist. We first introduce a variant of the signature-based method which allows the prover to avoid pairing computations. We also give several improvements to the solution based on the multi-base decomposition of the secret. We finally make the first complete comparison between all existing range proofs. This permits to prove that our methods are useful in many practical cases. This also allows service designers to decide which method is the best to use in their case, depending on their practical needs and constraints on the size of the interval, the power of the verifier and the prover, etc.

Group Key Management: From a Non-hierarchical to a Hierarchical Structure

Since the very beginnings of cryptography many centuries ago, key management has been one of the main challenges in cryptographic research. In case of a group of players wanting to share a common key, many schemes exist in the literature, managing groups where all players are equal or proposing solutions where the group is structured as a hierarchy. This paper presents the first key management scheme suitable for a hierarchy where no central authority is needed and permitting to manage a graph representing the hierarchical group with possibly several roots. This is achieved by using a HMAC and a non-hierarchical group key agreement scheme in an intricate manner and introducing the notion of virtual node.