-
Chapter and Conference Paper
Powers-of-Tau to the People: Decentralizing Setup Ceremonies
We propose several decentralized ceremonies for constructing a powers-of-tau structured reference string (SRS). Our protocols make use of a blockchain platform to run in a permissionless manner, where anyone c...
-
Chapter and Conference Paper
Homomorphic Decryption in Blockchains via Compressed Discrete-Log Lookup Tables
Many privacy preserving blockchain and e-voting systems are based on the modified ElGamal scheme that supports homomorphic addition of encrypted values. For practicality reasons though, decryption requires the...
-
Chapter and Conference Paper
Threshold Schnorr with Stateless Deterministic Signing from Standard Assumptions
Schnorr’s signature scheme permits an elegant threshold signing protocol due to its linear signing equation. However each new signature consumes fresh randomness, which can be a major attack vector in practice...
-
Chapter and Conference Paper
Non-interactive Half-Aggregation of EdDSA and Variants of Schnorr Signatures
Schnorr’s signature scheme provides an elegant method to derive signatures with security rooted in the hardness of the discrete logarithm problem, which is a well-studied assumption and conducive to efficient ...
-
Chapter and Conference Paper
Taming the Many EdDSAs
This paper analyses security of concrete instantiations of EdDSA by identifying exploitable inconsistencies between standardization recommendations and Ed25519 implementations. We mainly focus on current ambig...
-
Chapter and Conference Paper
Lattice-Based DAPS and Generalizations: Self-enforcement in Signature Schemes
Double authentication preventing signatures (DAPS) is a mechanism, due to Poettering and Stebila, for protecting certificate authorities (CAs) from coercion. We construct the first lattice-based DAPS signature...
-
Chapter and Conference Paper
Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits
We construct the first (key-policy) attribute-based encryption (ABE) system with short secret keys: the size of keys in our system depends only on the depth of the policy circuit, not its size. Our constructio...
