Jean Monnerat

Generic Homomorphic Undeniable Signatures

We introduce a new computational problem related to the interpolation of group homomorphisms which generalizes many famous cryptographic problems including discrete logarithm, Diffie-Hellman, and RSA. As an application, we propose a generic undeniable signaturescheme which generalizes the MOVA schemes. Our scheme is generic in the sense that we transform a private group homomorphism from public groups G to H (the order of H being public) into an undeniable signature scheme. It is provably secure in the random oracle model provided that the interpolation problem is hard and it offers the advantage of making the signature size arbitrarily short (depending on a security level). We (im)prove some security results from MOVA. We also propose a new example with complexity similar to RSA and with 3-byte signatures.

Undeniable Signatures Based on Characters: How to Sign with One Bit

We present a new undeniable signature scheme which is based on the computation of characters. Our signature scheme offers the advantage of having an arbitrarily short signature. Its asymptotic complexity is attractive: the asymptotic complexity of all algorithms (even the key setup) are quadratic in the size of the modulus n in bits when the other parameters are fixed. The practical complexity can be quite low depending on parameter and variant choices. We present also a proof of security of our scheme containing the standard security requirements of an undeniable signature.

Short 2-move undeniable signatures

Attempting to reach a minimal number of moves in cryptographic protocols is a quite classical issue. Besides the theoretical interests, minimizing the number of moves can clearly facilitate practical implementations in environments with communication constraints. In this paper, we offer a solution to this problem in the context of undeniable signatures with interactive verification protocols by proposing a way to achieve these protocols in 2 moves. To this goal, we review a scheme we proposed at Asiacrypt 2004 whose property is the full scalability of the signature length against security. We slightly modify (to make it non-transferable) a 2-move version of this scheme which was mentioned in the original article without a proof of security. In the random oracle model, we prove the security of the modified version against an active adversary and precisely assess the security in terms of the signature length. To the best of our knowledge, this scheme is the first 2-move undeniable signature scheme with a security proof.

Advances in alternative non-adjacent form representations

From several decades, non-adjacent form (NAF) representations for integers have been extensively studied as an alternative to the usual binary number system where digits are in {0,1}. In cryptography, the non-adjacent digit set (NADS) {–1,0,1} is used for optimization of arithmetic operations in elliptic curves. At SAC 2003, Muir and Stinson published new results on alternative digit sets: they proposed infinite families of integers x such that {0,1,x} is a NADS as well as infinite families of integers x such that {0,1,x} is not a NADS, so called a NON-NADS. Muir and Stinson also provided an algorithm that determines whether x leads to a NADS by checking if every integer

Optimization of the MOVA undeniable signature scheme

n \epsilon [0, \lfloor \frac{-x}{3} \rfloor]

Chaum's designated confirmer signature revisited

has a {0,1,x}-NAF. In this paper, we extend these results by providing generators of NON-NADS infinite families. Furthermore, we reduce the search bound from

On Some Weak Extensions of AES and BES

\lfloor \frac{-x}{3} \rfloor

Short Undeniable Signatures Based on Group Homomorphisms

to

Efficient Deniable Authentication for Signatures

\lfloor \frac{-x}{12} \rfloor

Method to generate, verify and deny an undeniable signature

. We introduce the notion of worst NON-NADS and give the complete characterization of such sets. Beyond the theoretical results, our contribution also aims at exploring some algorithmic aspects. We supply a much more efficient algorithm than those proposed by Muir and Stinson, which takes only 343 seconds to compute all x’s from 0 to –107 such that {0,1,x} is a NADS.