Khanh Quoc Nguyen

Elliptic Curve Based Password Authenticated Key Exchange Protocols

We investigate password authenticated key exchange (PAKE) protocols in low resource environments, such as smartcards or mobile devices. In such environments, particularly in the future, it may be that the cryptosystems available for signatures and/or encryptions will be based on elliptic curves, because of their well-known advantages with regard to processing and size constraints. As a result, any PAKE protocols which the device requires should also preferably be implemented over elliptic curves. We show that the direct elliptic curve (EC) analogs of some PAKE protocols are insecure against partition attacks. We go on to propose a new EC based PAKE protocol. A modified version of the protocol for highly constrained devices, such as smartcards, is also presented.

An Online Public Auction Protocol Protecting Bidder Privacy

On-line auctioning is one of the fundamental services for the new Internet economy. Most current auction services are public auction where all bids are made available to any party. User privacy is a primary concern in electronic world because electronic environment facilitates the gathering of personal data. This paper proposes a public auction protocol that achieves bidder privacy using binding group signatures. A concrete solution for preventing defaults in auctions is also presented.

Asymmetric concurrent signatures

The concept of concurrent signatures allows two entities to produce two signatures in such a way that, the signer of each signature is ambiguous from a third party’s point of view until the release of a secret, known as the keystone. Once the keystone is released, both signatures become binding to their respective signers concurrently. Previous concurrent signature schemes use the concept of ring signatures in their construction. Ring signatures identify the ring and thus concurrent signatures constructed from ring signature are related and linkable. We propose a new concurrent signature scheme which is independent of the ring signature concept. Our concurrent signatures are anonymous. The ordinary signatures obtained from our concurrent signature protocol are unlinkable and do not reveal which concurrent signature transaction has occurred. The price we pay is our concurrent signatures are asymmetric in the sense that the initial signature and subsequent signatures are not of the same construction.

Multi-party fair exchange with an off-line trusted neutral party

Recently developed cryptographic techniques make it possible to construct fair exchange protocols with an off-line trusted third party (TTP). The technique is referred to as a verifiable encryption scheme (VES) and proves that a ciphertext is the result of the encryption of a specified value without revealing this value. In this paper we apply the technique to multi-party fair exchange (MPFE) protocols which leads to the trusted neutral party (TNP, it is not the third party in multi-party protocols) involved in the protocol to be off-line. Multi-party fair exchange has been studied by Asokan et al. (1996) and Franklin and Tsudik (1998) where the TNP is on-line. For off-line TNP-based MPFE, the issues are different from that of on-line TNP MPFE. We give a definition of fairness of the MPFE with off-line TNP. We then present our MPFE protocol and prove its fairness.

A Fair Electronic Cash Scheme

This paper proposes a fair anonymous electronic cash scheme that ensures fairness for both clients and vendors. The proposed scheme is based on the Nyberg-Rueppel digital signature scheme, therefore it provides an alternative for the construction of fair electronic cash. The proposed scheme meets all basic security requirements for fair electronic cash including fairness, anonymity, confidentiality, authenticity, efficiency and double-spending detection.

On the design of efficient RSA-based off-line electronic cash schemes

Electronic cash is arguably one of the most important applications of modern cryptology. There have been two types of electronic cash schemes namely on-line and off-line. In general off-line schemes are more efficient than on-line ones. The two fundamental issues with any off-line electronic cash scheme have been the detection of double spending and provision of anonymity. These issues make the design of secure off-line electronic cash schemes not an easy task. Cut-and-choose technology was one of the first techniques that was introduced to address the issue of double spending in an off-line scheme. However, this technique is not very efficient. Subsequently, other techniques had been proposed to achieve both double spending and client anonymity without using the cut and choose method. These include the works of Brands based on the discrete logarithm and that of Ferguson based on RSA and polynomial secret sharing scheme. In this paper, we propose an improved version of off-line electronic cash scheme based on the Fergusons protocol. This scheme improves the efficiency by making some of the parameters used in the protocol to be reusable and removes the risk of framing by the bank by hiding the clients identity.

A New Digital Cash Scheme Based on Blind Nyberg-Rueppel Digital Signature

We propose a new untraceable digital cash scheme using blind Nyberg-Rueppel digital signature. The scheme provides security features such as client anonymity, coin forgery prevention and double spending detection. The proposed scheme is also more efficient than previously proposed schemes by Chaum and Brands.

Undeniable Confirmer Signature

In undeniable signature, a signature can only be verified with cooperation of the signer. If the signer refuses to cooperate, it is infeasible to check the validity of a signature. This problem is eliminated in confirmer signature schemes where the verification capacity is given to a confirmer rather than the signer. In this paper, we present a variation of confirmer signature, called undeniable confirmer signature in that both the signer and a confirmer can verify the validity of a signature. The scheme provides a better flexibility for the signer and the user as well as reduces the involvement of designated confirmers, who are usually trusted in practice. Furthermore, we show that our scheme is divertible, i.e., our signature can be blindly issued. This is essential in some applications such as subscription payment system, which is also shown.

How to Prove That a Committed Number Is Prime

The problem of proving a number is of a given arithmetic format with some prime elements, is raised in RSA undeniable signature, group signature and many other cryptographic protocols. So far, there have been several studies in literature on this topic. However, except the scheme of Camenisch and Michels, other works are only limited to some special forms of arithmetic format with prime elements. In Camenisch and Michelss scheme, the main building block is a protocol to prove a committed number to be prime based on algebraic primality testing algorithms. In this paper, we propose a new protocol to prove a committed number to be prime. Our protocol is O(t) times more efficient than Camenisch and Michelss protocol, where t is the security parameter. This results in O(t) time improvement for the overall scheme.

Divertible Zero-Knowledge Proof of Polynominal Relations and Blind Group Signature

A divertible protocol is a protocol between three parties in which one party is able to divert another partys proof of some facts to prove some other facts to the other party. This paper presents a divertible protocol to prove multi-variant polynomial relations. Its direct application to blind group signature is also shown.