Zusammenfassung der Projektergebnisse

As security and privacy-protection are central features of virtually every future CPS and IoT scenario, the goal of this project was the design of practical cryptographic building blocks dedicated to important CPS as well as the application of these building blocks in order to compose suitable security protocols for selected CPS. One of the most important scientific contributions of this project is the introduction and improvement of a novel cryptographic building-block, called black-box accumulators (BBA), which can be used as an alternative to e-cash (for settings where point-of-sales are trusted not to collude with users). Loosely speaking, BBA may be viewed as a cryptographic “piggy bank” that allows a user to collect and spend points (aka incentives, coins, etc.) in an anonymous and unlinkable fashion. BBA features a collection and spending protocol as well as a user storage size of constant complexity (i.e., independent of the balance or transferred value). Thus, it allows for very efficient payments. Moreover, we also improve the efficiency of certain zero-knowledge proofs being the core buildingblock and often the bottleneck in privacy-preserving protocols in general, and black-box accumulators in particular. We were able to significantly speed-up the verification of so-called Groth- Sahai zero-knowledge proofs by batching the verification equations in a novel way. As a further contribution, we devise very communication-efficient and conceptually simple zero-knowledge proofs. Furthermore, we developed cryptographic primitives with additional, helpful but non-standard features. For instance, we propose so-called updatable encryption schemes which can be used in a cloud-storage scenario to outsource the work to regularly update the ciphertexts in the cloud to a new key in a secure way. We are the first to not only achieve confidentiality protection but also integrity protection in this setting (ciphertext-independent updates). As another contribution, we introduce the notion of fault-tolerance for aggregate signature schemes and give a generic construction satisfying this notion. An aggregate signature scheme allows to combine and “compress” signatures for multiple individual messages into one compact so-called aggregate signature. This allows to save bandwidth and space in many application scenarios. Fault-tolerance now prevents a few faulty signatures to destroy the proof of integrity and authenticity for all signed messages. Apart from the construction of cryptographic building blocks, we also designed and implemented complex security protocols for a few CPS scenarios. First and foremost, we proposed a practical privacy-preserving toll collection system which also takes real-world issues, like broken on-board units, into account. It comes with with a rigorous security model, proof, and implementation on realistic hardware and is arguably the most comprehensive formal treatment of security and privacy in electronic toll collection today. Moreover, we also apply black-box accumulators and our advances on zero-knowledge proofs to devise novel privacy-preserving protocols for Vehicleto-Grid and Participatory Sensing. Finally, we presented the research results of this project to the general public by means of a demonstrator exhibited at Cebit’18, and interviews in German newspapers and magazines such as Frankfurter Allgemeine Zeitung, Die Zeit, Linux Magazin, Technology Review, as well as in radio programs such as “Forschung Aktuell” at Deutschlandfunk Radio or podcasts such as “Resonator, Der Forschungspodcast der Helmholtz-Gemeinschaft”.

Projektbezogene Publikationen (Auswahl)

• Black-box accumulation: Collecting incentives in a privacy-preserving way. PoPETs, 2016(3):62–82 2016
  T. Jager and A. Rupp
  (Siehe online unter https://doi.org/10.1515/popets-2016-0016)
• Fault-tolerant aggregate signatures. In PKC 2016, Part I, vol. 9614 of LNCS, pp. 331–356. Springer, Heidelberg 2016
  G. Hartung, B. Kaidel, A. Koch, J. Koch, and A. Rupp
  (Siehe online unter https://doi.org/10.1007/978-3-662-49384-7_13)
• BBA+: Improving the security and applicability of privacy-preserving point collection. In ACM CCS 2017, pp. 1925–1942. ACM Press 2017
  G. Hartung, M. Hoffmann, M. Nagel, and A. Rupp
  (Siehe online unter https://doi.org/10.1145/3133956.3134071)
• New techniques for structural batch verification in bilinear groups with applications to groth-sahai proofs. In ACM CCS 2017, pp. 1547–1564. ACM Press 2017
  G. Herold, M. Hoffmann, M. Klooß, C. Rafols, and A. Rupp
  (Siehe online unter https://doi.org/10.1145/3133956.3134068)
• (R)CCA secure updatable encryption with integrity protection. In EUROCRYPT 2019, Part I, vol. 11476 of LNCS, pp. 68–99. Springer, Heidelberg 2019
  M. Klooß, A. Lehmann, and A. Rupp
  (Siehe online unter https://doi.org/10.1007/978-3-030-17653-2_3)
• Efficient zero-knowledge arguments in the discrete log setting, revisited. In ACM CCS 2019, pp. 2093–2110. ACM Press 2019
  M. Hoffmann, M. Klooß, and A. Rupp
  (Siehe online unter https://doi.org/10.1145/3319535.3354251)
• P6V2G: A privacy-preserving V2G scheme for two-way payments and reputation. Energy Informatics, 2 (Suppl 1)(32), 2019
  R. Schwerdt, M. Nagel, V. Fetzer, T. Gräf, and A. Rupp
  (Siehe online unter https://doi.org/10.1186/s42162-019-0075-1)
• Black-box wallets: Fast anonymous two-way payments for constrained devices. PoPETs, 2020(1):165–194, 2020
  M. Hoffmann, M. Klooß, M. Raiber, and A. Rupp
  (Siehe online unter https://dx.doi.org/10.2478/popets-2020-0010)
• P4TC - provably-secure yet practical privacy-preserving toll collection. PoPETs, 2020(3):62–152, 2020
  V. Fetzer, M. Hoffmann, M. Nagel, A. Rupp, and R. Schwerdt
  (Siehe online unter https://doi.org/10.2478/popets-2020-0046)