Quantization using Jet Space Geometry and Identity Management using Credential Schemes Sietse Ringers This PhD project was carried out at the Johann Bernoulli Institute of the University of Groningen, and the Institute for Computing and Information Sciences of the Radboud University. It was financially supported by the FWN / JBI RUG and the Secure Self- Enrollment (SSE) project from KPN. Copyright © 2016 Sietse Ringers Cover page: a Calabi-Yau manifold processed by a machine learning algorithm called “Deep Style” This work is licensed under the Creative Commons Attribution- ShareAlike 4.0 International License. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/4.0/. ISBN: 978-90-367-9113-7 (printed version) ISBN: 978-90-367-9112-0 (electronic version) Quantization using Jet Space Geometry and Identity Management using Credential Schemes PhD thesis to obtain the degree of PhD at the University of Groningen on the authority of the Rector Magnificus Prof. E. Sterken and in accordance with the decision by the College of Deans. This thesis will be defended in public on Friday 7 October at 14:30 hours by Sietse Ringers born on 11 July 1984 in Lelystad Supervisor Prof. J. Top Co-supervisors Dr. A. V. Kiselev Dr. J.-H. Hoepman Assessment Committee Prof. G. R. Renardel de Lavalette Prof. S. Gutt Prof. B. de Decker Contents (chapters) Contents (chapters) .................................. i Contents (detailed)................................... iii Introduction ...................................... vii I Quantization using Jet Space Geometry1 1 The Schouten Bracket............................... 3 2 The BV-formalism................................. 25 3 Deformation quantization and the dual of Lie algebras............ 45 4 How not to deform quantize on jet spaces ................... 69 II Identity Management using Credential Schemes 81 5 Preliminaries.................................... 83 6 Linkability and malleability in self-blindable credentials . 111 7 Partially blind Boneh–Boyen signatures.....................125 8 The self-blindable U-Prove scheme from FC’14 is forgeable . 143 9 An efficient self-blindable attribute-based credential scheme . 151 End Matter 181 10 Summary and conclusions ............................183 Inleiding en samenvatting ..............................187 Acknowledgments...................................197 Biography........................................199 Bibliography ......................................201 List of notations ....................................215 Index ..........................................219 ii Contents (chapters) Contents (detailed) Contents (chapters)i Contents (detailed) iii Introduction vii Preface........................................ vii Part 1: Quantization using jet space geometry . vii Introduction ................................. vii Abstract.................................... ix Prerequisites................................. x Bibliographic notes ............................. xi Part 2: Identity management using credential schemes . xii Introduction ................................. xii Abstract.................................... xv Bibliographic notes .............................xvi I Quantization using Jet Space Geometry1 1 The Schouten Bracket3 1.1 The geometry of jet space.......................... 3 1.1.1 The infinite jet bundle........................ 4 1.1.2 The Einstein summation convention ............... 5 1.1.3 Tangent vectors and vector fields................. 5 1.1.4 Differential forms and covectors.................. 6 1.1.5 Horizontal jet bundles ....................... 8 1.1.6 Adjoint modules and total differential operators ........ 9 1.2 The Schouten bracket............................ 11 1.3 Variational multivectors........................... 12 1.4 Definitions of the bracket.......................... 15 1.4.1 Odd Poisson bracket ........................ 15 1.4.2 A recursive definition........................ 19 1.4.3 Graded vector fields......................... 22 2 The BV-formalism 25 iv Contents (detailed) 2.1 Introduction ................................. 25 2.2 Secondary calculus ............................. 26 2.3 BV-algebras and the quantum master equation ............. 28 2.4 Products of integral functionals ...................... 33 2.5 Euler-Lagrange equations with gauge symmetries ........... 36 2.6 A Laplacian.................................. 39 3 Deformation quantization and the dual of Lie algebras 45 3.1 Introduction ................................. 45 3.2 Star products................................. 48 3.3 The Kontsevich star product........................ 52 3.4 Gauge transformations ........................... 53 3.5 Hochschild cohomology .......................... 56 3.5.1 The star product up to order 2................... 61 3.6 The Kontsevich star product on the dual of Lie algebras . 62 3.6.1 The dual as a Poisson manifold .................. 62 3.6.2 The enveloping and symmetric algebras............. 63 3.6.3 The Kontsevich star product.................... 65 4 How not to deform quantize on jet spaces 69 4.1 The variational Hamiltonian formalism.................. 69 4.2 Three candidate star products....................... 72 4.3 The Mathematica program......................... 74 II Identity Management using Credential Schemes 81 5 Preliminaries 83 5.1 Algorithms and efficient computations.................. 83 5.1.1 Turing machines........................... 83 5.1.2 Computation time and efficiency ................. 85 5.1.3 Conventions and notations..................... 86 5.2 Groups and group families......................... 86 5.2.1 Conventions and notations..................... 88 5.3 Intractability assumptions ......................... 89 5.4 Elliptic curves and bilinear pairings.................... 91 5.4.1 BN-curves .............................. 93 5.5 Zero-knowledge proofs........................... 94 5.5.1 Computational indistinguishability................ 94 5.5.2 Interactive algorithms........................ 95 5.5.3 Formal languages and zero-knowledgeness........... 95 5.5.4 S-protocols and other variations ................. 97 5.5.5 Examples............................... 98 5.5.6 Conventions and notations.....................101 5.6 Signature schemes..............................101 Contents (detailed) v 5.7 Credential schemes .............................103 5.7.1 Conventions and notations.....................106 5.7.2 Unforgeability............................107 5.7.3 Unlinkability.............................107 6 Linkability and malleability in self-blindable credentials 111 6.1 Introduction .................................112 6.2 Self-blindable credentials..........................113 6.2.1 Security properties .........................115 6.3 Relating malleability and linkability....................117 6.4 Broken self-blindable credential schemes . 119 6.5 Do unmalleable, unlinkable self-blindable credential schemes exist? . 122 6.6 Conclusion..................................124 7 Partially blind Boneh–Boyen signatures 125 7.1 Introduction .................................125 7.1.1 Partially blind signature schemes . 126 7.1.2 Weakly unforgeable signature schemes . 128 7.1.3 Paillier encryption..........................129 7.2 The Boneh–Boyen signature scheme....................130 7.3 The partially blind Boneh–Boyen scheme . 131 7.3.1 Blind Boneh–Boyen signatures...................134 7.4 Blindness and unforgeability........................134 7.4.1 Blindness...............................134 7.4.2 Unforgeability............................136 7.5 Attribute-based credentials using our scheme . 139 7.5.1 Signatures as credentials......................139 7.5.2 Showing a credential ........................139 7.6 Related work.................................140 7.7 Conclusion..................................141 8 The self-blindable U-Prove scheme from FC’14 is forgeable 143 8.1 Introduction .................................143 8.2 The credential scheme............................144 8.3 Forging new credentials...........................145 8.3.1 Constructing signatures on the elements gi . 145 8.3.2 Constructing a forged credential . 147 8.4 Analysis....................................147 8.4.1 The problem in the unforgeability argument . 147 8.4.2 Why Theorem 6.6 is not applicable . 148 8.4.3 The attack ..............................150 9 An efficient self-blindable attribute-based credential scheme 151 9.1 Introduction .................................151 9.1.1 Related work.............................153 vi Contents (detailed) 9.2 Preliminaries.................................154 9.2.1 The LRSW assumptions ......................154 9.2.2 The discrete logarithm problem in bilinear group pairs . 156 9.2.3 A signature scheme on the space of attributes . 157 9.3 The credential scheme............................159 9.3.1 Unforgeability............................162 9.3.2 Anonymity..............................166 9.3.3 Combining credentials using the private key . 168 9.4 Performance .................................169 9.4.1 The Fiat-Shamir heuristic......................169 9.4.2 Exponentiation count........................169 9.4.3 Implementation...........................170 9.5 Proving unforgeability using the XKEA assumption . 173 9.5.1 The XKEA assumption.......................173 9.5.2 The XKEA assumption and the generic group model . 175 9.5.3 Unforgeability based on XKEA ..................176 9.6 Conclusion..................................179 End Matter 181