Authentication Schemes In The New Era:Fundamental Theory And Scheme Design

Nowadays,we have entered the information age due to the invention and the worldwide application of the computer network.New technologies such as cloud computing,IoT,Big Data etc.,bring great convenience to us and make the Internet and all kinds of information systems new infrastructures for our daily life.In this new era,we have a greater need to protect our information,and as the main approach for providing information security,cryptography has gained great attentions and become an area with solid foundations and wide applications.Authentication is one of the two core tasks of cryptography(the other is encryption).Cryptographic authentication schemes are widely employed to build trusted connections over entities in information systems,including ensuring the integrity and the authenticity of data,authenticating for a user's identity,status and behaviors,etc.These trusted connections are necessary for us to exploit these information systems assisting us with our work and life.It is fair to say,cryptographic authentication is essential for guaranteeing the usability of the Internet and all information systems.Cryptographic authentication mainly concerns design of mechanisms for secure identity identification,message authentication,behavior authentication,etc.Many different but related cryptographic schemes are constructed for this purpose.Especially,zero-knowledge proof system can serve as a building block to construct most cryptographic authentication schemes and is extensively discussed in this work.Currently,the main focus of cryptographic authentication is to improve constructions of basic authentication tools,aiming at achieving better security,efficiency and usability.Meanwhile,many works attempts to design new cryptographic authentication schemes to meet requirements raised in practice.Recently,breakthroughs in computer theory and technology bring several new challenges for cryptographic authentication.First,the rapid progress in implementing practical quantum computers are significantly threatening most traditional cryptographic schemes,including many basic tools for building secure authentication schemes.Also,new requirements such as authentication of executable codes are demanded by practice.Besides,the invention of blockchain also brings new possibility for designing more powerful authentication schemes and we should make full use of this convenience.In this thesis,we attempts to answer aforementioned new challenges for authentication schemes and the results are as follows:·Practical Post-Quantum Zero-Knowledge Proofs and their applications.In this work,we give a new method to construct zero-knowledge proofs from lattice-based problems,which are widely believed to remain hard even if quantum computers are available.The constructed protocols have a standard soundness and achieve a low soundness error.Prior to this work,practical lattice-based zero-knowledge proofs either have a constant soundness error(2/3),or fail to achieve a standard soundness.Our protocol is the first one immune to both restrictions.Also,our method is applicable in constructing zero-knowledge proofs for a large class of lattice relations,including most(if not all)common relations appeared in latticebased cryptographic primitives.Besides being of theoretical interest,our results are also of practical significance.First,as protocols constructed under our approach have a standard soundness,they are not restricted to applications that a relaxed(i.e.,non-standard)soundness is tolerant.Moreover,our protocols have a low soundness error and does not need too many(e.g.,200)repetitions to achieve a negligible soundness error.Thus,our protocols can lead to more efficient applications.To demonstrate the practicability of our approach,we present several new constructions of common privacy-preserving primitives in the standard lattice setting from our new protocols,including group signature,ring signature,electronic cash system,etc.Our new constructions are one to three orders of magnitude more efficient than the state of the art(in standard lattice).·Cryptographic Watermarking.Cryptographic watermarking is a special type of authentication scheme that can provide authentication for executable programs.There are numerous open problems in this area.In this work,we focus on designing new watermarking schemes with appealing properties and the results include two parts:1.First,we construct the first unforgeable watermarking scheme with public extraction.This could boost the applicability of cryptographic watermarking schemes.2.Moreover,we examine current security definitions for watermarking schemes and find that they are not able to capture the scenarios that several adversaries can collude.Even worse,we observe that current provable secure watermarking schemes will not remain secure if collusion attacks are available.Addressing this problem,we present the notion of collusion resistant watermarking scheme and propose the first candidate construction.This bridge a large gap between security of cryptographic watermarking schemes and that demanded in practice.·Decentralized Anonymous Authentication.We present the notion of decentralized blacklistable anonymous credential and consttruct it from the blockchain technology and some standard cryptographic techniques.Compared to a traditional blacklistable anonymous credential system,the scheme presented in this work does not need a trusted party to register users.Besides,it enables secure blacklist sharing and is partially resilient to the blacklist gaming attack.Thus,our scheme can provide a better protection for both the users' privacy and the services providers'security when deployed in practice.Besides,compared to previous decentralized anonymous authentication schemes,our scheme supports the functionality of user revocation,which provides a better way to manage users,and has a better efficiency.To summarize,this work concerns various aspects of cryptographic authentication,including theoretical foundations of cryptographic authentication(i.e.,zero-knowledge proofs),various traditional cryptographic authentication schemes(i.e.,privacy-preserving primitives),novel cryptographic authentication schemes(i.e.,cryptographic watermarking),and cryptographic authentication systems useable in real-world(i.e.,decentralized anonymous authentication).