Signature schemes and applications to cryptographic protocol design

Lysyanskaya, Anna

Author(s)

Lysyanskaya, Anna

DownloadFull printable version (10.63Mb)

Other Contributors

Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.

Advisor

Ronald L. Rivest.

Terms of use

M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

Signature schemes are fundamental cryptographic primitives, useful as a stand-alone application, and as a building block in the design of secure protocols and other cryptographic objects. In this thesis, we study both the uses that signature schemes find in protocols, and the design of signature schemes suitable for a broad range of applications. An important application of digital signature schemes is an anonymous credential system. In such a system, one can obtain and prove possession of credentials without revealing any additional information. Such systems are the best means of balancing the need of individuals for privacy with the need of large organizations to verify that the people they interact with have the required credentials. We show how to construct an efficient anonymous credential system using an appropriate signature scheme; we then give an example of such asignature scheme. The resulting system is the first one with satisfactory communication and computation costs. The signature scheme we use to construct an anonymous credential system is of independent interest for use in other protocols. The special property of this signature scheme is that it admits an efficient protocol for a zero-knowledge proof of knowledge of a signature. Further, we consider the question of revocation of signatures. We obtain an efficient revocation scheme.

(cont.) This has immediate consequences for revocation of credentials in our credential system. We explore other uses for signature schemes as building blocks for designing cryptographic objects and secure protocols. We give a unique signature scheme which has implications for verifiable random functions and for non-interactive zero-knowledge proofs. Finally, we consider the use of signatures for implementing a broadcast channel in a point-to-point network. It was previously shown that while broadcast was impossible without computational assumptions in a point-to-point network where one-third or more nodes exhibited adversarial behavior, using an appropriate set-up phase and a signature scheme, the impossibility could be overcome. We show that the situation is more complex than was previously believed. We consider the composition of protocols in this model, and discover severe limitations. We also show how to augment the model to overcome these limitations.

Description

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2002.

Includes bibliographical references (p. 123-134).

Date issued

2002

URI

http://hdl.handle.net/1721.1/29271

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Keywords

Electrical Engineering and Computer Science.

Collections

Doctoral Theses