Olivier Blazy

Spreading Alerts Quietly: New Insights from Theory and Practice

With the emergence of the Internet of things and of electronic home health-care, more and more sensitive signals are transiting over easily accessible wireless networks. It has become an important task to manage to spread alerts on a wireless network at the same time as to hide the nature of these signals, in a secure and efficient way. No one (an adversarial observer or even the node transmitting the signal) should be able to learn whether a signal corresponds to an alert or a normal echo. Blind Coupon Mechanism is a primitive proposed at Asiacrypt 2005 that allows to spread such alerts quietly and quickly. In this paper, we propose to strengthen their security model and we give a concrete solution which is both more secure and more efficient than the protocol originally proposed.

Non-Interactive Key Exchange from Identity-Based Encryption

Since the seminal work of Diffie and Hellman [19], Non-Interactive Key Exchange (NIKE) has become one of the fundamental problems of modern cryptography, but additional security requirements have led to elaborated ad-hoc constructions, which often lack simplicity in their design. In particular, Identity-Based NIKE is still a major problem with few available constructions, and those ad-hoc constructions do not give a lot of insight on what is required to be able to achieve such a NIKE scheme only based on the identity (and not relying on the public-key setting). In this work, we focus on the public-key setting and show how to generically build a NIKE scheme using a specific kind of Identity-Based Encryption, while also opening research on a new kind of Identity-Based Key Encapsulation Mechanisms (IBKEM), which we call identity-independent 2-tier IBKEM. As an interesting result, this construction also leads to the first known NIKE construction based on lattices. While most of the instantiations given in this paper lie in the random oracle model, this is not an inherent problem of our generic construction but rather a consequence of the lack of an existing identity-independent 2-tier IBKEM scheme in the standard model. Our proposal thus allows to reduce the problem to the construction of several building blocks, which can be studied independently in order to lead to an instantiation of NIKE in the standard model.

A code-based blind signature

In this paper we give the first blind signature protocol for code-based cryptography. Our approach is different from the classical original RSA based blind signature scheme, it is done in the spirit of the Fischlin approach [9] which is based on proofs of knowledge. To achieve our goal we consider a new tool for zero-knowledge (ZK) proofs, the Concatenated Stern ZK protocol, which permits to obtain an authentication protocol for concatenated matrices. A signature is then obtained from the usual Fiat-Shamir heuristic. We describe our blind signature protocol for cryptography based on Hamming metric and show how it can be extended to rank based cryptography. The security of our blind protocol is based on the security of a trapdoor function for the syndrome decoding problem: the CFS signature scheme for Hamming distance and on the more recent RankSign protocol for rank metric. We give proofs in the random oracle model (ROM) for our blind signature scheme, which rely on the Syndrome Decoding problem. The parameters we obtain for our protocol are practical for rank metric (200kBytes) for the signature length and 15kBytes for public key size) and a little less practical for Hamming distance.

Efficient ID-based Designated Verifier Signature

The concept of undeniable signatures has been introduced at Crypto89 by Chaum and van Antwerpen. It has been revisited several times since, in particular by Jakobsson, Sako and Impagliazzo at Eurocrypt96 who introduced designated verifier signatures and by Steinfeld, Bull, Wang and Pieprzyk at Asiacrypt03 who designed universal designated verifier signatures. Behind all those notions lies the idea to produce some kind of signature that can be verified only by a targeted verifier. However the verifier should not be able to convince anyone that the signature is valid. In this paper, we present an efficient way to solve those three problems, under classical assumptions, namely DLin and CDH in the standard model. Once we propose such construction, we generalize our approach to a framework showing how to build efficient ID-based Designated Verifier Signature, in the standard model under classical assumptions.