Be More and be Merry: Enhancing Data and User Authentication in Collaborative Settings
Doktorsavhandling, 2018

Cryptography is the science and art of keeping information secret to un-intended parties. But, how can we determine who is an intended party and who is not? Authentication is the branch of cryptography that aims at confirming the source of data or at proving the identity of a person. This Ph.D. thesis is a study of different ways to perform cryptographic authentication of data and users.

The main contributions are contained in the six papers included in this thesis and cover the following research areas: (i) homomorphic authentication; (ii) server-aided verification of signatures; (iii) distance-bounding authentication; and (iv) biometric authentication. The investigation flow is towards collaborative settings, that is, application scenarios where different and mutually distrustful entities work jointly for a common goal. The results presented in this thesis allow for secure and efficient authentication when more entities are involved, thus the title “be more and be merry”.

Concretely, the first two papers in the collection are on homomorphic authenticators and provide an in-depth study on how to enhance existing primitives with multi- key functionalities. In particular, the papers extend homomorphic signatures and homomorphic message authentication codes to support computations on data authenticated using different secret keys. The third paper explores signer anonymity in the area of server-aided verification and provides new secure constructions. The fourth paper is in the area of distance-bounding authentication and describes a generic method to make existing protocols not only authenticate direct-neighbors, but also entities located two-hop away. The last two papers investigate the leakage of information that affects a special family of biometric authentication systems and how to combine verifiable computation techniques with biometric authentication in order to mitigate known attacks.

Homomorphic Signatures

Server-Aided Verification

Distance-Bounding Authentication Protocols

Verifiable Com- putation

Biometric Authentication.

Room ED (5th floor) EDIT Building
Opponent: Bart Preneel, Dept. Elektrotechniek-ESAT /COSIC, KU Leuven, Belgium


Elena Pagnin

Chalmers, Data- och informationsteknik, Informationssäkerhet

Multi-Key Homomorphic Authenticators

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 10032(2016)p. 499-530

Paper i proceeding

Two-Hop Distance-Bounding Protocols: Keep Your Friends Close

IEEE Transactions on Mobile Computing,; Vol. 17(2018)p. 1723-1736

Artikel i vetenskaplig tidskrift

On the Leakage of Information in Biometric Authentication

In Proceedings of Indocrypt - 15th International Conference on Cryptology in India 2014, New Delhi, December 2014.,; (2014)p. 265-280

Paper i proceeding

Revisiting Yasuda et al.’s Biometric Authentication Protocol: Are you Private Enough?

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 11261(2018)p. 161-178

Paper i proceeding

Since the dawn of human civilisation, information has been one of our most treasured assets. In modern societies, people store and exchanged information in digital form: we ‘talk’ in chats and save important data in the cloud. However, how can we be really sure that the person we are talking to is who we think they are, or that the messages we send will not be modified before they reach the destination?

Cryptography is a branch of computer science that aims at developing techniques for communicating and storing information securely. One of the goals of cryptography is authentication of data and users. To give an example, user authentication is what makes your car unlock only when pressing the unlock button on your car key, and not someone else’s. Data authentication relies on advanced mathematical mechanisms that extract fingerprint-like information from digital data and can tell whether the messages we receive have been manipulated or are authentic.

Cryptographic authentication is used everywhere: in our smart phones and credit cards, for online banking and e-commerce shopping, and at automatised border controls. This thesis has the objective of developing tools for data and user authentication. Concretely, it contains state-of-the art solutions that are secure even when an attacker tries to tamper with the authentication process. The application scenarios considered in this work are collaborative ones, that is, processes that involve multiple entities. For example, this thesis contains constructions that can be used by a team of researchers to perform statistics on data produced by different team members in such a way that anyone can check the correctness of the statistical results, and no one can add fake measurements or replace someone else’s.


Annan data- och informationsvetenskap


Datavetenskap (datalogi)



Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 4455


Chalmers tekniska högskola

Room ED (5th floor) EDIT Building

Opponent: Bart Preneel, Dept. Elektrotechniek-ESAT /COSIC, KU Leuven, Belgium

Mer information

Senast uppdaterat