[Resource Topic] 2020/598: Cryptanalysis of Au et al. Dynamic Universal Accumulator

Welcome to the resource topic for 2020/598

Title:
Cryptanalysis of Au et al. Dynamic Universal Accumulator

Authors: Alex Biryukov, Aleksei Udovenko, Giuseppe Vitto

Abstract:

In this paper we cryptanalyse the two accumulator variants proposed by Au et al., namely the a-based construction and the reference string-based (RS-based) construction. We show that if non-membership witnesses are issued according to the a-based construction, colluding users can efficiently discover the secret accumulator parameter a and takeover the Accumulator Manager. More precisely, if p is the order of the underlying bilinear group, the knowledge of O(log(p)loglog(p)) non-membership witnesses permits to successfully recover a. Further optimizations and different attack scenarios allow to reduce the number of required witnesses to O(log(p)), together with practical attack complexity. Moreover, we show that accumulator collision resistance can be broken if just one of these non-membership witnesses is known to the attacker. In the case when non-membership witnesses are issued using the RS-based construction (with RS kept secret by the Manager), we show that a group of colluding users can reconstruct the RS and compute witnesses for arbitrary new elements. In particular, if the accumulator is initialized by adding m secret elements, m colluding users that share their non-membership witnesses will succeed in such attack.

ePrint: https://eprint.iacr.org/2020/598

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .