Bernardo David

Constant-Size structure-preserving signatures: generic constructions and simple assumptions

This paper presents efficient structure-preserving signature schemes based on assumptions as simple as Decisional-Linear. We first give two general frameworks for constructing fully secure signature schemes from weaker building blocks such as variations of one-time signatures and random-message secure signatures. They can be seen as refinements of the Even-Goldreich-Micali framework, and preserve many desirable properties of the underlying schemes such as constant signature size and structure preservation. We then instantiate them based on simple (i.e., not q-type) assumptions over symmetric and asymmetric bilinear groups. The resulting schemes are structure-preserving and yield constant-size signatures consisting of 11 to 17 group elements, which compares favorably to existing schemes relying on q-type assumptions for their security.

Tagged One-Time Signatures: Tight Security and Optimal Tag Size

We present an efficient structure-preserving tagged one-time signature scheme with tight security reductions to the decision-linear assumption. Our scheme features short tags consisting of a single group element and gives rise to the currently most efficient structure-preserving signature scheme based on the decision-liner assumption with constant-size signatures of only 14 group elements, where the record-so-far was 17 elements.

Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol

We present “Ouroboros”, the first blockchain protocol based on proof of stake with rigorous security guarantees. We establish security properties for the protocol comparable to those achieved by the bitcoin blockchain protocol. As the protocol provides a “proof of stake” blockchain discipline, it offers qualitative efficiency advantages over blockchains based on proof of physical resources (e.g., proof of work). We also present a novel reward mechanism for incentivizing Proof of Stake protocols and we prove that, given this mechanism, honest behavior is an approximate Nash equilibrium, thus neutralizing attacks such as selfish mining.

Rate-1, Linear Time and Additively Homomorphic UC Commitments

We construct the first UC commitment scheme for binary strings with the optimal properties of rate approaching 1 and linear time complexity in the amortised sense, using a small number of seed OTs. On top of this, the scheme is additively homomorphic, which allows for applications to maliciously secure 2-party computation. As tools for obtaining this, we make three contributions of independent interest: we construct the first binary linear time encodable codes with non-trivial distance and rate approaching 1, we construct the first almost universal hash function with small seed that can be computed in linear time, and we introduce a new primitive called interactive proximity testing that can be used to verify whether a string is close to a given linear code.

Compact VSS and Efficient Homomorphic UC Commitments

We present a new compact verifiable secret sharing scheme, based on this we present the first construction of a homomorphic UC commitment scheme that requires only cheap symmetric cryptography, except for a small number of seed OTs. To commit to a k-bit string, the amortized communication cost is O(k) bits. Assuming a sufficiently efficient pseudorandom generator, the computational complexity is O(k) for the verifier and O(k 1 + e ) for the committer (where e < 1 is a constant). In an alternative variant of the construction, all complexities are O(k·polylog(k)). Our commitment scheme extends to vectors over any finite field and is additively homomorphic. By sending one extra message, the prover can allow the verifier to also check multiplicative relations on committed strings, as well as verifying that committed vectors a, b satisfy a = φ( b) for a linear function φ. These properties allow us to non-interactively implement any one-sided functionality where only one party has input (this includes UC secure zero-knowledge proofs of knowledge). We also present a perfectly secure implementation of any multiparty functionality, based directly on our VSS. The communication required is proportional to a circuit implementing the functionality, up to a logarithmic factor. For a large natural class of circuits the overhead is even constant. We also improve earlier results by Ranellucci et al. on the amount of correlated randomness required for string commitments with individual opening of bits.

Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions

This paper presents efficient structure-preserving signature schemes based on simple assumptions such as decisional linear. We first give two general frameworks for constructing fully secure signature schemes from weaker building blocks such as variations of one-time signatures and random message secure signatures. They can be seen as refinements of the Even–Goldreich–Micali framework, and preserve many desirable properties of the underlying schemes such as constant signature size and structure preservation. We then instantiate them based on simple (i.e., not q-type) assumptions over symmetric and asymmetric bilinear groups. The resulting schemes are structure-preserving and yield constant-size signatures consisting of 11–14 group elements, which compares favorably to existing schemes whose security relies on q-type assumptions.

Universally Composable Oblivious Transfer Based on a Variant of LPN

Oblivious transfer OT is a fundamental two-party cryptographic primitive that implies secure multiparty computation. In this paper, we introduce the first OT based on the Learning Parity with Noise LPN problem. More specifically, we use the LPN variant that was introduced by Alekhnovich FOCS 2003. We prove that our protocol is secure against active static adversaries in the Universal Composability framework in the common reference string model. Our constructions are based solely on a LPN style assumption and thus represents a clear next step from current code-based OT protocols, which require an additional assumption related to the indistinguishability of public keys from random matrices. Our constructions are inspired by the techniques used to obtain OT based on the McEliece cryptosystem.

Universally composable private proximity testing

This paper aims at studying privacy-preserving tests for proximity. In a private proximity test, Alice can verify if she is close to Bob without either party revealing any other information about their location. We propose a system for private proximity testing based on the pre-distribution of data: the so-called commodity-based model. Our system is proven secure in the Universal Composability (UC) framework and uses as the core building block an efficient UC-secure equality testing protocol. To our knowledge this is the first work in the literature that contemplates this problem in the UC framework.

Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain

We present “Ouroboros Praos”, a proof-of-stake blockchain protocol that, for the first time, provides security against fully-adaptive corruption in the semi-synchronous setting: Specifically, the adversary can corrupt any participant of a dynamically evolving population of stakeholders at any moment as long the stakeholder distribution maintains an honest majority of stake; furthermore, the protocol tolerates an adversarially-controlled message delivery delay unknown to protocol participants.

Efficient Unconditionally Secure Comparison and Privacy Preserving Machine Learning Classification Protocols

We propose an efficient unconditionally secure protocol for privacy preserving comparison of