Abstract. Asymmetric fingerprinting protocols are designed to prevent an untrustworthy Provider incriminating an innocent Buyer. These protocols enable the Buyer to generate their own fingerprint by themself, and ensure that the Provider never has access to the Buyer’s copy of the Work. Until recently, such protocols were not practical because the collusion-resistant codes they rely on were too long. However, the advent of Tardos codes means that the probabilistic collusion-resistant codes are now sufficiently short that asymmetric fingerprint codes should, in theory, be practical. Unfortunately, previous asymmetric fingerprinting protocols cannot be directly applied to Tardos codes, because generation of the Tardos codes depends on a secret vector that is only known to the Provider. This knowledge allows an untrustworthy Provider to attack traditional asymmetric fingerprinting protocols. We describe this attack, and then propose a new asymmetric fingerprinting protocol, specifically designed for Tardos codes. 1

Abstract. Due to the forensic value of audit logs, it is vital to provide compromise resiliency and append-only properties in a logging system to prevent active attackers. Unfortunately, existing symmetric secure logging schemes are not publicly verifiable and cannot address applications that require public auditing (e.g., public financial auditing), besides being vulnerable to certain attacks and dependent on continuous trusted server support. Moreover, Public Key Cryptography (PKC)-based secure logging schemes require Expensive Operations (ExpOps) that are costly for both loggers and verifiers, and thus are impractical for computation-intensive environments. In this paper, we propose a new class of secure audit logging scheme called Log Forward-secure and Append-only Signature (LogFAS). LogFAS achieves the most desirable properties of both symmetric and PKC-based schemes. LogFAS can produce publicly verifiable forward-secure and append-only signatures without requiring any online trusted server support or time factor. Most notably, Log-FAS is the only PKC-based secure audit logging scheme that achieves the high verifier computational and storage efficiency. That is, LogFAS can verify L log entries with always a small-constant number of ExpOps regardless of the value of L. Moreover, each verifier stores only a small and constant-size public key regardless of the number of log entries to be verified or the number of loggers in the system. In addition, a LogFAS variation allows fine-grained verification of any subset of log entries and fast detection of corrupted log entries. All these properties make LogFAS an ideal scheme for secure audit logging in computationintensive applications.

Abstract. Electronic archives are increasingly being used to store information that needs to be available for a long time such as land register information and medical records. In order for the data in such archives to remain useful, their integrity and authenticity must be protected over their entire life span. Also, in many cases it must be possible to prove that the data existed at a certain point in time. In this paper we survey solutions that provide long-term integrity, authenticity, and proof of existence of archived data. We analyze which trust assumptions they require and compare their efficiency. Based on our analysis, we discuss open problems and promising research directions.