2,320 Hits in 1.5 sec

Warrant-Hiding Delegation-by-Certificate Proxy Signature Schemes [chapter]

Christian Hanser, Daniel Slamanig
2013 Lecture Notes in Computer Science  
Proxy signatures allow an entity (the delegator) to delegate his signing capabilities to other entities (called proxies), who can then produce signatures on behalf of the delegator. Typically, a delegator may not want to give a proxy the power to sign any message on his behalf, but only messages from a well defined message space. Therefore, the so called delegation by warrant approach has been introduced. Here, a warrant is included into the delegator's signature (the so called certificate) to
more » ... escribe the message space from which a proxy is allowed to choose messages to produce valid signatures for. Interestingly, in all previously known constructions of proxy signatures following this approach, the warrant is made explicit and, thus, is an input to the verification algorithm of a proxy signature. This means, that a verifier learns the entire message space for which the proxy has been given the signing power. However, it may be desirable to hide the remaining messages in the allowed message space from a verifier. This scenario has never been investigated in context of proxy signatures, but seems to be interesting for practical applications. In this paper, we resolve this issue by introducing so called warrant-hiding proxy signatures. We provide a formal security definition of such schemes by augmenting the well established security model for proxy signatures by Boldyreva et al. Furthermore, we discuss strategies how to realize this warrant-hiding property and we also provide two concrete instantiations of such a scheme. They enjoy different advantages, but are both entirely practical. Moreover, we prove them secure with respect to the augmented security model.
doi:10.1007/978-3-319-03515-4_5 fatcat:4caos2anknbffnlz4fnomfdoia

Speeding Up the Fixed-Base Comb Method for Faster Scalar Multiplication on Koblitz Curves [chapter]

Christian Hanser, Christian Wagner
2013 Lecture Notes in Computer Science  
Scalar multiplication is the most expensive arithmetical operation on elliptic curves. There are various methods available, which are optimized for different settings, such as high speed, side-channel resistance and small memory footprint. One of the fastest methods for fixed-base scalar multiplications is the so-called fixed-base comb scalar multiplication method, which is due to Lim and Lee. In this paper, we present a modification to this method, which exploits the possibility of exchanging
more » ... oublings for much cheaper applications of the Frobenius endomorphism on binary Koblitz curves. We have implemented the findings in software and compare the performance of the implementation to the performance of the reference WTNAF implementation and the performance of the conventional comb multiplication methods. For single scalar multiplications, we are able to achieve performance improvements over the WTNAF method of up to 25% and of up to 42% over the conventional comb methods. Finally, we emphasize that the implementation of the τ -comb method is straight-forward and requires only little effort. All in all, this makes it a good alternative to other fixed-base multiplication methods.
doi:10.1007/978-3-642-40588-4_12 fatcat:nkqi5olrrfddnh6p5maf4evyte

Ian Buruma, '45: Die Welt am Wendepunkt. Aus dem Engl. von Barbara Schaden, München: Hanser 2015, 412 S., EUR 26,00 [ISBN 978-3-446-24734-5]

Christian Koller
2016 Militärgeschichtliche Zeitschrift  
doi:10.1515/mgzs-2016-0058 fatcat:x5utpuxnprg5tow3nkajpr7umm

Implementing Rlwe-Based Schemes Using An Rsa Co-Processor

Martin R. Albrecht, Christian Hanser, Andrea Höller, Thomas Pöppelmann, Fernando Virdia, Andreas Wallner
2018 Zenodo  
We repurpose existing RSA/ECC co-processors for (ideal) lattice-based cryptography by exploiting the availability of fast long integer multiplication. Such co-processors are deployed in smart cards in passports and identity cards, secured microcontrollers and hardware security modules (HSM). In particular, we demonstrate an implementation of a variant of the Module-LWE-based Kyber Key Encapsulation Mechanism (KEM) that is tailored for optimal performance on a commercially available smart card
more » ... ip (SLE 78). To benefit from the RSA/ECC co-processor we use Kronecker substitution in combination with schoolbook and Karatsuba polynomial multiplication. Moreover, we speed-up symmetric operations in our Kyber variant using the AES co-processor to implement a PRNG and a SHA-256 co-processor to realise hash functions. This allows us to execute CCA-secure Kyber768 key generation in 79.6ms, encapsulation in 102.4 ms and decapsulation in 132.7 ms.
doi:10.5281/zenodo.1486565 fatcat:vuj3jabg75b3dnqtn72wpv5pwe

Track T. Modelling and Simulation - Cardio Technology

Christian Baumgartner, Roland Kienast, Michael Handler, Friedrich Hanser, Jörg Schröttner, Theresa Rienmüller
2016 Biomedical Engineering  
Hypothermia, a condition of abnormally low body temperature, has a relevant impact on physiological regulatory mechanisms in the cardiovascular system. Electrophysiological changes in hypothermia can be observed through morphological variances in the ECG caused by alterations in ion channel dynamics. These changes lead to modulations of the action potential morphology and a decreased intercellular conduction of atrial and ventricular cells, and subsequently to changes in the ECG. These changes
more » ... omprise e.g. an alteration of the T-wave, a prolongation of electrocardiographic time intervals and the formation of an additional wave (J-wave). This work provides an overview on mathematical modeling and experimental validation of hypothermal-induced mechanisms in the heart. A temperaturedependent cardiac cell model was developed, allowing for simulation and investigation of the action potential of single cells and the modulation of the electrical excitation and wavefront propagation in ventricular tissue. Using this model, a pseudo ECG can be computed, demonstrating alterations in ECG formation during cooling. To investigate transmural temperature profiles in the ventricular wall in strong hypothermia, a finite element model (FEM) using the Pennes' bioheat equation was developed. In cardiac cryoablation, a minimal invasive clinical procedure to treat cardiac arrhythmias, different ablation scenarios such as multiple freeze-thaw cycles can be applied. This FEM-Model was now used to simulate and evaluate different ablation scenarios to optimize the clinical intervention. In-vivo and in-vitro experiments were carried out to prove and validate the computer models. Changes in electrical excitation and ECG formation could be confirmed via ECG and field potential measurements in the house swine and chicken cardiomyocyte cell layers, respectively using multi electrode array technology. Our work contributes towards a better understanding of electrophysiological and biophysical mechanisms in cardiac tissue in hypothermia which is urgently needed for the development of new diagnostic and therapeutic applications in clinical cardiology. Nanoparticles feature an extraordinary potential for various beneficial applications in human life thanks to their unique size-related properties. However, with increasing exposure, justifiable concerns about negative health effects have emerged, which necessitates fundamental understanding of interactions between nanoparticles and cells to efficiently assess nanoparticle toxicity. As sedimentation experiments investigating nanoparticle-cell interactions in vitro are timeand cost-consuming, mathematical modeling and in-silico studies of the physical processes have become of major importance in analysing nanoparticle-specific behaviour. Using ISDD+ (our enhanced version of ISDD -In Vitro Sedimentation, Diffusion, and Dosimetry Model), a simulation tool for fluid particokinetics, one can calculate the direct cellular dose depending on the particles' physicochemical properties and time. The program is based on the Mason-Weaver equation, a partial differential equation for the time-and space-dependent particle density, and describes diffusional and sediment transport. With cellular components typically featuring nanoscale sizes, nanoparticles can easily penetrate cells and provoke a variety of cellular response. Hence, cellular uptake is crucial for understanding the predominant biological interactions. ISDD+, however, merely implicitly incorporates particle-cell interactions by imposing an unphysical constraint at the lower system border, where cells reside, instead of the Mason-Weaver flux boundary condition. To alternatively describe the interdependency between transport and uptake in a systematic way, a novel multi-state model (Naptake) based on a system of differential equations for time-dependent cellular uptake of cellassociated particles has been developed. Having connected Naptake with the original Mason-Weaver equation by introducing it to the lower boundary condition, the resulting hybrid model can be solved using modified PDE and ODE solvers in MATLAB. Hereby, cellular uptake and its mutual interaction with particle transport can not only be considered within an effective theory, but originate from a consistent, consecutively constructed approach. Though exact parameters are not determined yet, the model yields promising and physically reasonable results. Recently, a new method called joint spectral and time domain optical coherence tomography (STdOCT) for flow velocity measurement in spectral domain OCT (SD OCT) was presented. This method analyzes the detected time-resolved interference fringe spectra by using a two-dimensional fast Fourier transformation (2D FFT) to determine directly the Doppler frequency shift instead of calculating the phase difference at each depth position of adjacent A-scans. In this study, we describe the link of joint spectral and time domain optical coherence tomography (jSTdOCT) and the commonly used phase-resolved Doppler OCT (DOCT). Moreover, we improve the classic jSTdOCT algorithm, detecting the maximum intensity signal of the broadened Doppler frequency spectrum for velocity estimation, by calculating the center of gravity. The resulting enhanced jSTdOCT (enhjSTdOCT) significantly reduces the noise of the velocity measurement by choosing an exponent depending on the transverse velocity component of the sample movement and the signal-tonoise ratio of the OCT data. To verify enhjSTdOCT, numerical simulations and a flow phantom model are used to find optimal parameters for maximal velocity noise reduction.
doi:10.1515/bmt-2016-5018 pmid:27682700 fatcat:e7urq2qvfjdepjd6nsublsuhe4

Blank Digital Signatures: Optimization and Practical Experiences [chapter]

David Derler, Christian Hanser, Daniel Slamanig
2015 IFIP Advances in Information and Communication Technology  
doi:10.1007/978-3-319-18621-4_14 fatcat:malam7jrhzfxha7ffwictgq7fm

Blank digital signatures

Christian Hanser, Daniel Slamanig
2013 Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security - ASIA CCS '13  
In this paper we present a novel type of digital signatures, which we call blank digital signatures. The basic idea behind this scheme is that an originator can define and sign a message template, describing fixed parts of a message as well as multiple choices for exchangeable parts of a message. One may think of a form with blank fields, where for such fields the originator specifies all the allowed strings to choose from. Then, a proxy is given the power to sign an instantiation of the
more » ... e signed by the originator by using some secret information. By an instantiation, the proxy commits to one allowed choice per blank field in the template. The resulting message signature can be publicly verified under the originator's and the proxy's signature verification keys. Thereby, no verifying party except the originator and the proxy learn anything about the "unused" choices from the message template given a message signature. Consequently, the template is hidden from verifiers. We discuss several applications, provide a formal definition of blank digital signature schemes and introduce a security model. Furthermore, we provide an efficient construction of such a blank digital signature scheme from any secure digital signature scheme, pairing-friendly elliptic curves and polynomial commitments, which we prove secure in our model. We also provide a detailed efficiency analysis of our proposed construction supporting its practicality. Finally, we outline several open issues and extensions for future work.
doi:10.1145/2484313.2484324 dblp:conf/ccs/HanserS13 fatcat:ezb6fr6hh5bxjolk4e6vnfcqeu

Privacy-Enhancing Proxy Signatures from Non-interactive Anonymous Credentials [chapter]

David Derler, Christian Hanser, Daniel Slamanig
2014 Lecture Notes in Computer Science  
Proxy signatures enable an originator to delegate the signing rights for a restricted set of messages to a proxy. The proxy is then able to produce valid signatures only for messages from this delegated set on behalf of the originator. Recently, two variants of privacy-enhancing proxy signatures, namely blank signatures [25] and warrant-hiding proxy signatures [26] , have been introduced. In this context, privacy-enhancing means that a verifier of a proxy signature does not learn anything about
more » ... the delegated message set beyond the message being presented for verification. We observe that this principle bears similarities with functionality provided by anonymous credentials. Inspired by this observation, we examine black-box constructions of the two aforementioned proxy signatures from non-interactive anonymous credentials, i.e., anonymous credentials with a non-interactive showing protocol, and show that the so obtained proxy signatures are secure if the anonymous credential system is secure. Moreover, we present two concrete instantiations using well-known representatives of anonymous credentials, namely Camenisch-Lysyanskaya (CL) and Brands' credentials. While constructions of anonymous credentials from signature schemes with particular properties, such as CL signatures or structure-preserving signatures, as well as from special variants of signature schemes, such as group signatures, sanitizable and indexed aggregate signatures, are known, this is the first paper that provides constructions of special variants of signature schemes, i.e., privacy-enhancing proxy signatures, from anonymous credentials.
doi:10.1007/978-3-662-43936-4_4 fatcat:3tdjgmmkmng3znesngeoiozsry

Practical Round-Optimal Blind Signatures in the Standard Model [chapter]

Georg Fuchsbauer, Christian Hanser, Daniel Slamanig
2015 Lecture Notes in Computer Science  
The notion of SPS on equivalence classes (SPS-EQ) was introduced by Hanser and Slamanig [HS14] . Their initial instantiation turned out to only be secure against randommessage attacks (cf.  ...  , pk, b)} there is a negligible function (·) such that Pr BG ← BGGen R (1 κ ), b ← R {0, 1}, (st, sk, pk) ← A(BG, ), b * ← A O (st, sk, pk) : b * = b ∧ VKey R (sk, pk) = 1 − 1 2 ≤ (κ) . ♦ Fuchsbauer, Hanser  ... 
doi:10.1007/978-3-662-48000-7_12 fatcat:qkhhfijxavbalpg3f3nrp34sge

A New Approach to Efficient Revocable Attribute-Based Anonymous Credentials [chapter]

David Derler, Christian Hanser, Daniel Slamanig
2015 Lecture Notes in Computer Science  
[HS] Christian Hanser and Daniel Slamanig. Structure-Preserving Signatures on Equivalence Classes and their Application to Anonymous Credentials. In ASIACRYPT.  ...  [NP14] Lan Nguyen and Christian Paquin. U-Prove Designated-Verifier Accumula- tor Revocation Extension. Technical report, Microsoft Research, 2014. [PZ13] Christian Paquin and Greg Zaverucha.  ... 
doi:10.1007/978-3-319-27239-9_4 fatcat:xfgh3gbkibfjnnqow2irbjupja

Towards Authenticity and Privacy Preserving Accountable Workflows [chapter]

David Derler, Christian Hanser, Henrich C. Pöhls, Daniel Slamanig
2016 IFIP Advances in Information and Communication Technology  
doi:10.1007/978-3-319-41763-9_12 fatcat:52wvnoo7ajhk3b3bncmjzmutjq

Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials

Georg Fuchsbauer, Christian Hanser, Daniel Slamanig
2018 Journal of Cryptology  
They were also used to construct conceptually simple verifiably encrypted signatures in the standard model by Hanser et al. [HRS15] .  ...  Differences to the Original Work The original version of this paper by Hanser and Slamanig [HS14] contained an SPS-EQ instantiation that was shown not to be EUF-CMA by Fuchsbauer [Fuc14] .  ... 
doi:10.1007/s00145-018-9281-4 fatcat:yo4uxp4sb5aubiosnkp2fbvrja

Revisiting Cryptographic Accumulators, Additional Properties and Relations to Other Primitives [chapter]

David Derler, Christian Hanser, Daniel Slamanig
2015 Lecture Notes in Computer Science  
Cryptographic accumulators allow to accumulate a finite set of values into a single succinct accumulator. For every accumulated value, one can efficiently compute a witness, which certifies its membership in the accumulator. However, it is computationally infeasible to find a witness for any nonaccumulated value. Since their introduction, various accumulator schemes for numerous practical applications and with different features have been proposed. Unfortunately, to date there is no unifying
more » ... el capturing all existing features. Such a model can turn out to be valuable as it allows to use accumulators in a black-box fashion. To this end, we propose a unified formal model for (randomized) cryptographic accumulators which covers static and dynamic accumulators, their universal features and includes the notions of undeniability and indistinguishability. Additionally, we provide an exhaustive classification of all existing schemes. In doing so, it turns out that most accumulators are distinguishable. Fortunately, a simple, light-weight generic transformation allows to make many existing dynamic accumulator schemes indistinguishable. As this transformation, however, comes at the cost of reduced collision freeness, we additionally propose the first indistinguishable scheme that does not suffer from this shortcoming. Finally, we employ our unified model for presenting a black-box construction of commitments from indistinguishable accumulators as well as a black-box construction of indistinguishable, undeniable universal accumulators from zero-knowledge sets. Latter yields the first universal accumulator construction that provides indistinguishability.
doi:10.1007/978-3-319-16715-2_7 fatcat:ilvfycrawfakfp3t476wu3eusi

Group Signatures on Mobile Devices: Practical Experiences [chapter]

Klaus Potzmader, Johannes Winter, Daniel Hein, Christian Hanser, Peter Teufl, Liqun Chen
2013 Lecture Notes in Computer Science  
doi:10.1007/978-3-642-38908-5_4 fatcat:rhwfreqoe5f23bwy2s2emedghy

Structure-Preserving Signatures on Equivalence Classes and Their Application to Anonymous Credentials [chapter]

Christian Hanser, Daniel Slamanig
2014 Lecture Notes in Computer Science  
Hanser, C., Slamanig, D.: Blank Digital Signatures. IACR Cryptology ePrint Archive (2013) 43. Johnson, R., Molnar, D., Song, D.X., Wagner, D.: Homomorphic Signature Schemes. In: CT-RSA.  ... 
doi:10.1007/978-3-662-45611-8_26 fatcat:s4hwcekdevbfpaaylgdhp6264a
« Previous Showing results 1 — 15 out of 2,320 results