Add section on random-witness time-stamping

cabca121 · Keno Goertz · 7afbe3a5 · cabca121 · cabca121 · cabca121
Commit cabca121 authored 4 days ago by Keno Goertz
--- a/chapters/01_introduction.tex
+++ b/chapters/01_introduction.tex
@@ -313,3 +313,22 @@ A document owner can directly send her document hash and the current time to $n$
 By sending $n'$ witness signatures to a verifier, the document owner can prove the validity of her time-stamp.

 \subsubsection{\label{section::random_witness}Random-witness time-stamping}
+
+\citeauthor{Haber1991Timestamp} proposed using a pseudo-random number generator (PRNG) to ensure uniformly distributed random witness selection for the purpose of distributed time-stamping.\footfullcite{Haber1991Timestamp}
+Each participating witness is initially assigned a unique identifier.
+The document owner can then seed the PRNG with the hash of her document and interpret the PRNG's output as witness identifiers.
+This way, she selects the $n$ witnesses responsible for signing her time-stamp.
+To confirm the time-stamp's validity, a verifier first checks the witness signatures.
+She then verifies that the $n$ identifiers produced by the PRNG when seeded with the document's hash are a superset of the identifiers corresponding to the $n'$ witness signatures.
+
+This scheme is secure if the hash function applied to the document has the \emph{one-way} property:
+Given a desired output hash, it should be computationally hard to find an input for which the hash function produces this output.
+If the hash function did not have this property, a document owner could possibly carry out a backdating attack by colluding with at least $n'$ witnesses.
+She would be able to construct a meaningful document such that the witnesses selected by the PRNG would be those colluding with her ($\omega\rightarrow\infty$).
+
+Another security requirement is that the PRNG produces uniformly distributed identifiers.
+A non-uniform distribution could again potentially be exploited ($\omega>1$) to increase the probability of a successful backdating or DoS attack.
+
+The random-witness scheme proposed by \citeauthor{Haber1991Timestamp} is desirable if we are not sure that Equations~\eqref{equation::backdating_protection} and \eqref{equation::dos_protection} hold, and hence want to ensure $\omega=1$ to minimize the probability of successful backdating and DoS attacks.
+
+\subsubsection{Threshold cryptography}
--- a/figures/backdating_probability_hypergeometric.pdf
+++ b/figures/backdating_probability_hypergeometric.pdf
--- a/figures/backdating_probability_hypergeometric_available.pdf
+++ b/figures/backdating_probability_hypergeometric_available.pdf
--- a/figures/backdating_probability_noncentral.pdf
+++ b/figures/backdating_probability_noncentral.pdf
--- a/figures/backdating_probability_noncentral_available.pdf
+++ b/figures/backdating_probability_noncentral_available.pdf
--- a/figures/dos_hypergeometric.pdf
+++ b/figures/dos_hypergeometric.pdf
--- a/figures/dos_noncentral.pdf
+++ b/figures/dos_noncentral.pdf
--- a/glossary.tex
+++ b/glossary.tex
@@ -27,5 +27,6 @@
 }

 \newacronym{dos}{DoS}{Denial of Service}
+\newacronym{prng}{PRNG}{Pseudo-Random Number Generator}
 \newacronym{tsa}{TSA}{Time-Stamp Authority}
 \newacronym{ttp}{TTP}{Trusted Third Party}
--- a/main.tex
+++ b/main.tex
@@ -95,7 +95,7 @@
 \pagenumbering{roman} % start roman page numbers from here (optional)
 \section*{Appendix} \label{Appendix}
 \addcontentsline{toc}{section}{Appendix}    % adds entry to table of contents
-\selbstaendigkeitserklaerung{\today}
+\selbstaendigkeitserklaerung{1. Januar 1970}
 %\input{chapters/xxx}                       % add in case you have additional images/tables
 \end{document}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
--- a/thesis.pdf
+++ b/thesis.pdf