Déjà Q All Over Again
|
|
- Joleen Cummings
- 5 years ago
- Views:
Transcription
1 Royal Holloway, February /43 Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Déjà Q All Over Again Melissa Chase 1 Mary Maller 2 1 MSR Redmond Sarah Meiklejohn 2 2 University College London
2 2/43
3 3/43 Subgroup Hiding certain q-type Assumptions
4 /43 Example: Broadcast Encryption Methods of delivering encrypted content over a broadcast channel where only qualified users can decrypt the content. Example Boneh Gentry and Waters broadcast encryption scheme [BGW-Crypto05]. Pairing based solution Short ciphertexts and private keys Collusion resistant
5 5/43 The q-bdhe Assumption The BGW broadcast encryption scheme bases its security on the q-bdhe assumption [BGW-Crypto05]. Given g,g c,g α,...,g αq,g αq+2,...,g α2q it is hard to distinguish e(g,g c ) q+1 from random.
6 5/43 The q-bdhe Assumption The BGW broadcast encryption scheme bases its security on the q-bdhe assumption [BGW-Crypto05]. Given g,g c,g α,...,g αq,?,g αq+2,...,g α2q it is hard to distinguish e(g,g c ) q+1 from random.
7 Déjà Q: Using Dual Systems to Revisit q-type Assumptions [CM-Eurocrypt14] Subgroup Hiding Specific classes of q-type & assumptions in asymmetric Parameter Hiding bilinear groups of order N = p 1 p 1 2. Pr[break q-type assumption] O(q) Pr[break subgroup hiding] 6/43 1 Asymmetric composite order bilinear groups do exist - see [BRS-JNT11].
8 /43 [CM-Eurocrypt14]: Contributions Decides Computes Source Group given info in one group given info in both groups Target Group given info in one group given info in both groups q-bdhe
9 8/43 Our Contributions: Broader Decides Computes Source Group given info in one group given info in both groups Target Group given info in one group given info in both groups q-bdhe
10 9/43 Our Contributions: Tighter Subgroup Hiding Specific classes of q-type & assumptions in asymmetric Parameter Hiding bilinear groups of order N = p 1 p 2 p 3. Pr[break q-type assumption] O(log q) Pr[break subgroup hiding]
11 0/43 Outline of Presentation
12 1/43 Bilinear Groups Standard Bilinear Groups: G = (N,G,H,G T,e,g,h). N = group order; prime or composite G = H = kn, G T = λn G =< g >, H =< h > e : G H G T Properties Bilinearity: e(g a,h b ) = e(g,h) ab Non-degeneracy: e(x,y) = 1 y H x = 1.
13 2/43 Subgroup Hiding [BGN - TCC05]
14 2/43 Subgroup Hiding [BGN - TCC05]
15 2/43 Subgroup Hiding [BGN - TCC05]
16 3/43 Parameter Hiding [Lewko-Eurocrypt12]
17 3/43 Parameter Hiding [Lewko-Eurocrypt12]
18 3/43 Parameter Hiding [Lewko-Eurocrypt12]
19 3/43 Parameter Hiding [Lewko-Eurocrypt12]
20 4/43 Outline of Presentation
21 5/43 Reductions we can Cover
22 6/43 Aim of Reduction Model q-type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14]
23 6/43 Aim of Reduction Model q-type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14]
24 6/43 Aim of Reduction Model q-type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14]
25 6/43 Aim of Reduction Model q-type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14]
26 6/43 Aim of Reduction Model q-type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14]
27 6/43 Aim of Reduction Model q-type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14]
28 7/43 Déjà Q: Reduction Techniques
29 7/43 Déjà Q: Reduction Techniques
30 7/43 Déjà Q: Reduction Techniques
31 7/43 Déjà Q: Reduction Techniques
32 7/43 Déjà Q: Reduction Techniques
33 8/43 Our Tight Reduction Techniques Double the randomness.
34 8/43 Our Tight Reduction Techniques Double the randomness.
35 8/43 Our Tight Reduction Techniques Double the randomness.
36 8/43 Our Tight Reduction Techniques Double the randomness.
37 8/43 Our Tight Reduction Techniques Double the randomness.
38 8/43 Our Tight Reduction Techniques Double the randomness.
39 9/43 Result Given g ρ 1(x),...,g ρ q(x),h σ 1(x),...,h σ q(x) ĥ Then Adv[Deciding e(g,ĥ) f(x) from random] (3 + log(q + 2)) Pr[Breaks Subgroup Hiding]
40 20/43 Result Subgroup Hiding Specific classes of q-type & assumptions in asymmetric Parameter Hiding bilinear groups of order N = p 1 p 2 p 3. Pr[break q-type assumption] O(log q) Pr[break subgroup hiding]
41 21/43 Outline of Presentation
42 22/43 Example: Broadcast Encryption Methods of delivering encrypted content over a broadcast channel where only qualified users can decrypt the content. Example Boneh Gentry and Waters broadcast encryption scheme [BGW-Crypto05]. Pairing based solution Short ciphertexts and private keys Collusion resistant
43 23/43 Broadcast Encryption The asymmetric q-bdhe assumption: given ĥ,g α,h α,...,g αq,h αq,g αq+2,h αq+2,...,g α2q,h α2q it is hard to distinguish e(g,ĥ) q+1 from random is tightly implied by subgroup hiding and parameter hiding. The BGW broadcast encryption scheme is implied by the symmetric q-bdhe assumption.
44 24/43 Symmetric Reductions The previous asymmetric reduction fails in the symmetric case. Adversary given components that would allow it to trivially break subgroup hiding in the symmetric case (e(g 1,H 2 ) = 1). Show how to push through the same reduction in the symmetric case by adding randomness from a fourth subgroup. Symmetric schemes can also be translated into asymmetric groups.
45 25/43 The Asymmetric BGW Variant Techniques from [AGOT-Crypto14]. g p0[1] di gi p0[0] gc p1[0] vi C0 = G = G&H = H p2[0] Ci p2[1] p1[1]
46 26/43 Identity Based KEM [ACF-Eurocrypt09] g Bi g1 gc p1[0] gij hi p0[0] C p2[0] p3[0] skid p0[1] p1[1] p2[1] p3[1] p4[0] p4[1]
47 27/43 ABE Scheme [Waters08] The less efficient construction. g ga gi msk gc p0[1] p1[0] p5[1] p5[0] K hi L p0[0] p1[1] C' p2[1] Ci Kx p3[1] p2[0] p4[0] p3[0] p4[1]
48 28/43 HIBE Scheme [BBG-Eurocrypt05] g yi gc g1 a1 g2 g3 hi B p0[0] p1[0] p0[1] msk bi C p2[0] a0 p1[1] p2[1]
49 29/43 Outline of Presentation
50 30/43 Open Problems How can we analyse are q-type assumptions in prime order groups? How can we analyse are q-power knowledge of exponent assumptions ("non-falsifiable" assumptions)? How can we analyse are q-type when the adversary has inputs from both source groups and the challenge component is also in the source group?
51 31/43 Thank-you for Listening.
Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More
Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More Nuttapong Attrapadung (Nuts) AIST, Japan @Eurocrypt 2014, Copenhagen
More informationResistance to Pirates 2.0: A Method from Leakage Resilient Cryptography
Resistance to Pirates 2.0: A Method from Leakage Resilient Cryptography Duong Hieu Phan 1,2 and Viet Cuong Trinh 1 1 LAGA, University of Paris 8 2 ENS / CNRS / INRIA Abstract. In the classical model of
More informationNew Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts
New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts Allison Lewko University of Texas at Austin alewko@cs.utexas.edu Brent Waters University of Texas at Austin bwaters@cs.utexas.edu
More informationGentry IBE Paper Reading
Gentry IBE Paper Reading Y. Jiang 1 1 University of Wollongong September 5, 2014 Literature Craig Gentry. Practical Identity-Based Encryption Without Random Oracles. Advances in Cryptology - EUROCRYPT
More informationDéjà Q: Encore! Un Petit IBE
Déjà Q: Encore! Un Petit IBE Hoeteck Wee ENS, Paris, France Abstract. We present an identity-based encryption (IBE) scheme in composite-order bilinear groups with essentially optimal parameters: the ciphertext
More informationFoundations. P =! NP oneway function signature schemes Trapdoor oneway function PKC, IBS IBE
Foundations P =! NP oneway function signature schemes Trapdoor oneway function PKC, IBS IBE NP problems: IF, DL, Knapsack Hardness of these problems implies the security of cryptosytems? 2 Relations of
More informationNon- browser TLS Woes
Non- browser TLS Woes Dan Boneh Joint work with M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, and V. Shma?kov Proc. ACM CCS 2012 30 second summary Lots of non- browser systems using TLS: Payment gateway
More informationNew Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko University of Texas at Austin alewko@cs.utexas.edu Brent Waters University of Texas
More informationAdaptively Simulation-Secure Attribute-Hiding Predicate Encryption
Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption by Pratish Datta 1 joint work with Tatsuaki Okamoto 1 and Katsuyuki Takashima 2 1 NTT Secure Platform Laboratories 3-9-11 Midori-cho,
More informationIdentity Based Encryption
Bilinear Pairings in Cryptography: Identity Based Encryption Dan Boneh Stanford University Recall: Pub-Key Encryption (PKE) PKE Three algorithms : (G, E, D) G(λ) (pk,sk) outputs pub-key and secret-key
More informationPairing-Based Cryptography An Introduction
ECRYPT Summer School Samos 1 Pairing-Based Cryptography An Introduction Kenny Paterson kenny.paterson@rhul.ac.uk May 4th 2007 ECRYPT Summer School Samos 2 The Pairings Explosion Pairings originally used
More informationConverting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups
Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups David Mandell Freeman Stanford University, USA Eurocrypt 2010 Monaco, Monaco 31 May 2010 David Mandell Freeman (Stanford)
More informationFully Secure (Doubly-)Spatial Encryption under Simpler Assumptions
Fully Secure (Doubly-)Spatial Encryption under Simpler Assumptions Cheng Chen, Zhenfeng Zhang, and Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences,
More informationEfficient Identity-based Encryption Without Random Oracles
Efficient Identity-based Encryption Without Random Oracles Brent Waters Weiwei Liu School of Computer Science and Software Engineering 1/32 Weiwei Liu Efficient Identity-based Encryption Without Random
More informationPractical Hierarchical Identity Based Encryption and Signature schemes Without Random Oracles
Practical Hierarchical Identity Based Encryption and Signature schemes Without Random Oracles Man Ho Au 1, Joseph K. Liu 2, Tsz Hon Yuen 3, and Duncan S. Wong 4 1 Centre for Information Security Research
More informationFunction-Hiding Inner Product Encryption
Function-Hiding Inner Product Encryption Allison Bishop Columbia University allison@cs.columbia.edu Abhishek Jain Johns Hopkins University abhishek@cs.jhu.edu Lucas Kowalczyk Columbia University luke@cs.columbia.edu
More informationDéjà Q: Using Dual Systems to Revisit q-type Assumptions
Déjà Q: Using Dual Systems to Revisit q-type Assumptions Melissa Chase Microsoft Research Redmond melissac@microsoft.com Sarah Meiklejohn UC San Diego smeiklej@cs.ucsd.edu Abstract After more than a decade
More informationInstantiating the Dual System Encryption Methodology in Bilinear Groups
Instantiating the Dual System Encryption Methodology in Bilinear Groups Allison Lewko joint work with Brent Waters Motivation classical public key cryptography: Alice Bob Eve Motivation functional encryption:
More informationSecurity Analysis of an Identity-Based Strongly Unforgeable Signature Scheme
Security Analysis of an Identity-Based Strongly Unforgeable Signature Scheme Kwangsu Lee Dong Hoon Lee Abstract Identity-based signature (IBS) is a specific type of public-key signature (PKS) where any
More informationNew Constructions of Revocable Identity-Based Encryption from Multilinear Maps
New Constructions of Revocable Identity-Based Encryption from Multilinear Maps Seunghwan Park Kwangsu Lee Dong Hoon Lee Abstract A revocation mechanism in cryptosystems for a large number of users is absolutely
More informationLimitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures
Limitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures Sarah Meiklejohn (UC San Diego) Hovav Shacham (UC San Diego) David Mandell Freeman
More informationUnbounded HIBE and Attribute-Based Encryption
Unbounded HIBE and ttribute-based Encryption llison Lewko University of Texas at ustin alewko@cs.utexas.edu Brent Waters University of Texas at ustin bwaters@cs.utexas.edu bstract In this work, we present
More informationBoneh-Franklin Identity Based Encryption Revisited
Boneh-Franklin Identity Based Encryption Revisited David Galindo Institute for Computing and Information Sciences Radboud University Nijmegen P.O.Box 9010 6500 GL, Nijmegen, The Netherlands. d.galindo@cs.ru.nl
More informationDual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More
Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More Nuttapong Attrapadung AIST, Japan n.attrapadung@aist.go.jp Abstract Dual
More informationThe k-bdh Assumption Family: Bilinear Cryptography from Progressively Weaker Assumptions
The k-bdh Assumption Family: Bilinear Cryptography from Progressively Weaker Assumptions Karyn Benson (UCSD) Hovav Shacham (UCSD) Brent Waters (UT-Austin) Provable Security How to show your cryptosystem
More informationA Comment on Gu Map-1
A Comment on Gu Map-1 Yupu Hu and Huiwen Jia ISN Laboratory, Xidian University, 710071 Xi an, China yphu@mail.xidian.edu.cn Abstract. Gu map-1 is a modified version of GGH map. It uses same ideal lattices
More informationFully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption
Fully Secure Functional Encryption: ttribute-based Encryption and (Hierarchical) Inner Product Encryption llison Lewko University of Texas at ustin alewko@cs.utexas.edu mit Sahai UCL sahai@cs.ucla.edu
More informationContribution to functional encryption through encodings
University of Wollongong Research Online University of Wollongong Thesis Collection 1954-2016 University of Wollongong Thesis Collections 2016 Contribution to functional encryption through encodings Jongkil
More informationTools for Simulating Features of Composite Order Bilinear Groups in the Prime Order Setting
Tools for Simulating Features of Composite Order Bilinear Groups in the Prime Order Setting Allison Lewko The University of Texas at Austin alewko@csutexasedu Abstract In this paper, we explore a general
More informationarxiv: v1 [cs.cr] 24 Feb 2017
Efficient Hidden Vector Encryptions and Its Applications 1 arxiv:1702.07456v1 [cs.cr] 24 Feb 2017 Kwangsu Lee A Thesis for the Degree of Doctor of Philosophy Department of Information Security, Graduate
More informationCryptography from Pairings
DIAMANT/EIDMA Symposium, May 31st/June 1st 2007 1 Cryptography from Pairings Kenny Paterson kenny.paterson@rhul.ac.uk May 31st 2007 DIAMANT/EIDMA Symposium, May 31st/June 1st 2007 2 The Pairings Explosion
More informationSolving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know?
Solving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know? Alexander May, Maike Ritzenhofen Faculty of Mathematics Ruhr-Universität Bochum, 44780 Bochum,
More informationExpressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts
Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts Nuttapong Attrapadung 1, Benoît Libert 2, and Elie de Panafieu 3 1 esearch Center for Information Security, AIST Japan) n.attrapadung@aist.go.jp
More informationPublic Key Broadcast Encryption with Low Number of Keys and Constant Decryption Time
Public Key Broadcast Encryption with Low Number of Keys and Constant Decryption Time Yi-Ru Liu, Wen-Guey Tzeng Department of Computer Science National Chiao Tung University Hsinchu, Taiwan 30050 Email:
More informationProofs on Encrypted Values in Bilinear Groups and an Application to Anonymity of Signatures
Proofs on Encrypted Values in Bilinear Groups and an Application to Anonymity of Signatures G. Fuchsbauer D. Pointcheval École normale supérieure Pairing'09, 13.08.2009 Fuchsbauer, Pointcheval (ENS) Proofs
More informationEfficient Secure Auction Protocols Based on the Boneh-Goh-Nissim Encryption
Efficient Secure Auction Protocols Based on the Boneh-Goh-Nissim Encryption Takuho Mistunaga 1, Yoshifumi Manabe 2, Tatsuaki Okamoto 3 1 Graduate School of Informatics, Kyoto University, Sakyo-ku Kyoto
More informationA New Functional Encryption for Multidimensional Range Query
A New Functional Encryption for Multidimensional Range Query Jia Xu 1, Ee-Chien Chang 2, and Jianying Zhou 3 1 Singapore Telecommunications Limited jia.xu@singtel.com 2 National University of Singapore
More informationWhite-Box Security Notions for Symmetric Encryption Schemes
White-Box Security Notions for Symmetric Encryption Schemes Cécile Delerablée 1 Tancrède Lepoint 1,2 Pascal Paillier 1 Matthieu Rivain 1 CryptoExperts 1, École Normale Supérieure2 SAC 2013 Outline 1 What
More informationREMARKS ON IBE SCHEME OF WANG AND CAO
REMARKS ON IBE SCEME OF WANG AND CAO Sunder Lal and Priyam Sharma Derpartment of Mathematics, Dr. B.R.A.(Agra), University, Agra-800(UP), India. E-mail- sunder_lal@rediffmail.com, priyam_sharma.ibs@rediffmail.com
More informationCiphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization
Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization Brent Waters University of Texas at Austin bwaters@csutexasedu Abstract We present a new methodology
More informationDual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions
Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions Brent Waters University of Texas at Austin Abstract We present a new methodology for proving security of encryption
More informationDuality in ABE: Converting Attribute Based Encryption for Dual Predicate and Dual Policy via Computational Encodings
Duality in ABE: Converting Attribute Based Encryption for Dual Predicate and Dual Policy via Computational Encodings Nuttapong Attrapadung AIST, Japan n.attrapadung@aist.go.jp Shota Yamada AIST, Japan
More informationFully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption
Fully Secure Functional Encryption: ttribute-based Encryption and (Hierarchical) Inner Product Encryption llison Lewko 1, Tatsuaki Okamoto 2, mit Sahai 3, Katsuyuki Takashima 4, and Brent Waters 5 1 University
More informationFunctional Encryption for Computational Hiding in Prime Order Groups via Pair Encodings
Functional Encryption for Computational Hiding in Prime Order Groups via Pair Encodings Jongkil Kim, Willy Susilo, Fuchun Guo, and Man Ho Au 2 Centre for Computer and Information Security Research School
More informationBasics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018
Basics in Cryptology II Distributed Cryptography David Pointcheval Ecole normale supérieure, CNRS & INRIA ENS Paris 2018 NS/CNRS/INRIA Cascade David Pointcheval 1/26ENS/CNRS/INRIA Cascade David Pointcheval
More informationLow Overhead Broadcast Encryption from Multilinear Maps
Low Overhead Broadcast Encryption from Multilinear Maps Dan Boneh Stanford University dabo@cs.stanford.edu Mark Zhandry Stanford University zhandry@cs.stanford.edu Brent Waters University of Texas at Austin
More informationSnarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs
Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs Jens Groth University College London Mary Maller University College London Crypto Santa Barbara: 21/08/2017 How can
More informationCiphertext-Policy Hierarchical Attribute-Based Encryption with Short Ciphertexts: Efficiently Sharing Data among Large Organizations
Ciphertext-Policy Hierarchical Attribute-Based Encryption with Short Ciphertexts: Efficiently Sharing Data among Large Organizations Hua Deng a, Qianhong Wu* b, Bo Qin c, Josep Domingo-Ferrer d, Lei Zhang
More informationRecent Advances in Identity-based Encryption Pairing-based Constructions
Fields Institute Workshop on New Directions in Cryptography 1 Recent Advances in Identity-based Encryption Pairing-based Constructions Kenny Paterson kenny.paterson@rhul.ac.uk June 25th 2008 Fields Institute
More informationA Note On Groth-Ostrovsky-Sahai Non-Interactive Zero-Knowledge Proof System
A Note On Groth-Ostrovsky-Sahai Non-Interactive Zero-Knowledge Proof System Zhengjun Cao 1, Lihua Liu 2, Abstract. In 2006, Groth, Ostrovsky and Sahai designed one non-interactive zero-knowledge (NIZK
More informationFully homomorphic encryption scheme using ideal lattices. Gentry s STOC 09 paper - Part II
Fully homomorphic encryption scheme using ideal lattices Gentry s STOC 09 paper - Part GGH cryptosystem Gentry s scheme is a GGH-like scheme. GGH: Goldreich, Goldwasser, Halevi. ased on the hardness of
More informationFunctional Encryption for Regular Languages
Functional Encryption for Regular Languages Brent Waters 1 The University of Texas at Austin bwaters@cs.utexas.edu Abstract. We provide a functional encryption system that supports functionality for regular
More informationEfficient Identity-Based Encryption Without Random Oracles
Efficient Identity-Based Encryption Without Random Oracles Brent Waters Abstract We present the first efficient Identity-Based Encryption (IBE) scheme that is fully secure without random oracles. We first
More informationOutline. The Game-based Methodology for Computational Security Proofs. Public-Key Cryptography. Outline. Introduction Provable Security
The Game-based Methodology for Computational s David Pointcheval Ecole normale supérieure, CNRS & INRIA Computational and Symbolic Proofs of Security Atagawa Heights Japan April 6th, 2009 1/39 2/39 Public-Key
More informationToward Hierarchical Identity-Based Encryption
Toward Hierarchical Identity-Based Encryption Jeremy Horwitz and Ben Lynn Stanford University, Stanford, CA 94305, USA, {horwitz blynn}@cs.stanford.edu Abstract. We introduce the concept of hierarchical
More informationOn the security of Jhanwar-Barua Identity-Based Encryption Scheme
On the security of Jhanwar-Barua Identity-Based Encryption Scheme Adrian G. Schipor aschipor@info.uaic.ro 1 Department of Computer Science Al. I. Cuza University of Iași Iași 700506, Romania Abstract In
More informationFully Key-Homomorphic Encryption and its Applications
Fully Key-Homomorphic Encryption and its Applications D. Boneh, C. Gentry, S. Gorbunov, S. Halevi, Valeria Nikolaenko, G. Segev, V. Vaikuntanathan, D. Vinayagamurthy Outline Background on PKE and IBE Functionality
More informationLattice Cryptography
CSE 06A: Lattice Algorithms and Applications Winter 01 Instructor: Daniele Micciancio Lattice Cryptography UCSD CSE Many problems on point lattices are computationally hard. One of the most important hard
More informationPost-Quantum Security of the Fujisaki-Okamoto (FO) and OAEP Transforms
Post-Quantum Security of the Fujisaki-Okamoto (FO) and OAEP Transforms Made by: Ehsan Ebrahimi Theory of Cryptography Conference, Beijing, China Oct. 31 - Nov. 3, 2016 Joint work with Dominique Unruh Motivation:
More informationCLASSICAL CRYPTOSYSTEMS IN A QUANTUM WORLD
CLASSICAL CRYPTOSYSTEMS IN A QUANTUM WORLD Mark Zhandry Stanford University * Joint work with Dan Boneh But First: My Current Work Indistinguishability Obfuscation (and variants) Multiparty NIKE without
More informationAn efficient variant of Boneh-Gentry-Hamburg's identity-based encryption without pairing
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2015 An efficient variant of Boneh-Gentry-Hamburg's
More informationHierarchical identity-based encryption
Hierarchical identity-based encryption Michel Abdalla ENS & CNS September 26, 2011 MPI - Course 2-12-1 Lecture 3 - Part 1 Michel Abdalla (ENS & CNS) Hierarchical identity-based encryption September 26,
More informationAttribute-Based Encryption with Fast Decryption
Attribute-Based Encryption with Fast Decryption Susan Hohenberger and Brent Waters May 8, 2013 Abstract Attribute-based encryption (ABE) is a vision of public key encryption that allows users to encrypt
More informationConverting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups
Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups David Mandell Freeman CWI and Universiteit Leiden freeman@cwi.nl Abstract. We develop an abstract framework that
More informationAdaptive CCA Broadcast Encryption with Constant-Size Secret Keys and Ciphertexts
This Journal Version appears in International Journal of Information Security, Volume 12, Number 4, pages 251 265. 2013. Adaptive CCA Broadcast Encryption with Constant-Size Secret Keys and Ciphertexts
More informationID-based Encryption Scheme Secure against Chosen Ciphertext Attacks
ID-based Encryption Scheme Secure against Chosen Ciphertext Attacks ongxing Lu and Zhenfu Cao Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200030, P.. China {cao-zf,
More informationGeneral Impossibility of Group Homomorphic Encryption in the Quantum World
General Impossibility of Group Homomorphic Encryption in the Quantum World Frederik Armknecht Tommaso Gagliardoni Stefan Katzenbeisser Andreas Peter PKC 2014, March 28th Buenos Aires, Argentina 1 An example
More informationAdaptively secure identity-based broadcast encryption with a constant-sized ciphertext
University of Wollongong esearch Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 05 Adaptively secure identity-based broadcast encryption
More informationSequential and Dynamic Frameproof Codes
Sequential and Dynamic Frameproof Codes Maura Paterson m.b.paterson@rhul.ac.uk Department of Mathematics Royal Holloway, University of London Egham, Surrey TW20 0EX Abstract There are many schemes in the
More informationDiscrete logarithm and related schemes
Discrete logarithm and related schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Discrete logarithm problem examples, equivalent
More informationIdentity-based encryption
Identity-based encryption Michel Abdalla ENS & CNRS MPRI - Course 2-12-1 Michel Abdalla (ENS & CNRS) Identity-based encryption 1 / 43 Identity-based encryption (IBE) Goal: Allow senders to encrypt messages
More informationFully-secure Key Policy ABE on Prime-Order Bilinear Groups
Fully-secure Key Policy ABE on Prime-Order Bilinear Groups Luke Kowalczyk, Jiahui Liu, Kailash Meiyappan Abstract We present a Key-Policy ABE scheme that is fully-secure under the Decisional Linear Assumption.
More informationCS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 7
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky Lecture 7 Lecture date: Monday, 28 February, 2005 Scribe: M.Chov, K.Leung, J.Salomone 1 Oneway Trapdoor Permutations Recall that a
More informationSelf-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better Efficiency
Self-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better Efficiency Kwangsu Lee Seung Geol Choi Dong Hoon Lee Jong Hwan Park Moti Yung Abstract Revocation and key evolving
More informationAttribute-Based Encryption Optimized for Cloud Computing
ttribute-based Encryption Optimized for Cloud Computing Máté Horváth 27 January 1 / 17 Roadmap 1 Encryption in the Cloud 2 User Revocation 3 Background 4 The Proposed Scheme 5 Conclusion 2 / 17 Traditional
More informationSearchable encryption & Anonymous encryption
Searchable encryption & Anonymous encryption Michel Abdalla ENS & CNS February 17, 2014 MPI - Course 2-12-1 Michel Abdalla (ENS & CNS) Searchable encryption & Anonymous encryption February 17, 2014 1 /
More informationCryptographic Multilinear Maps. Craig Gentry and Shai Halevi
Cryptographic Multilinear Maps Craig Gentry and Shai Halevi China Summer School on Lattices and Cryptography, June 2014 Multilinear Maps (MMAPs) A Technical Tool A primitive for building applications,
More informationPrivate Puncturable PRFs from Standard Lattice Assumptions
Private Puncturable PRFs from Standard Lattice Assumptions Sam Kim Stanford University Joint work with Dan Boneh and Hart Montgomery Pseudorandom Functions (PRFs) [GGM84] Constrained PRFs [BW13, BGI13,
More informationA Profitable Sub-Prime Loan: Obtaining the Advantages of Composite Order in Prime-Order Bilinear Groups
Full version of an extended abstract published in Proceedings of PKC 2015, Springer-Verlag, 2015. Available from the IACR Cryptology eprint Archive as Report 2013/300. A Profitable Sub-Prime Loan: Obtaining
More informationSolution of Exercise Sheet 7
saarland Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University university computer science Solution of Exercise Sheet 7 1 Variants of Modes of Operation Let (K,
More informationAdaptive Security in Broadcast Encryption Systems
Adaptive Security in Broadcast Encryption Systems Craig Gentry cgentry@cs.stanford.edu Brent Waters bwaters@csl.sri.com Abstract We present new techniques for achieving adaptive security in broadcast encryption
More informationnon-trivial black-box combiners for collision-resistant hash-functions don t exist
non-trivial black-box combiners for collision-resistant hash-functions don t exist Krzysztof Pietrzak (CWI Amsterdam) Eurocrypt May 21 2007 black-box combiners [H05,HKNRR05,PM06,BB06] C is a secure combiner
More informationTighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model. Shuichi Katsumata (The University of Tokyo /AIST) Takashi Yamakawa (NTT)
1 Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo /AIST) *Pronounced as Shuichi Katsumata (The University of Tokyo /AIST) Shota Yamada (AIST) Takashi Yamakawa
More informationDynamic Key-Aggregate Cryptosystem on Elliptic Curves for Online Data Sharing
Dynamic Key-Aggregate Cryptosystem on Elliptic Curves for Online Data Sharing Sikhar Patranabis, Yash Shrivastava and Debdeep Mukhopadhyay Department of Computer Science and Engineering Indian Institute
More informationhttps://hal.inria.fr/hal /
https://hal.inria.fr/hal-00767404/ sk sk Encrypt sk (m ) = c Decrypt sk (c ) = m Encrypt sk (m ) = c Decrypt sk (c ) = m m, m c, c Encrypt Decrypt sk pk, sk Encrypt pk (m) = c Decrypt sk (c) = m pk sk
More informationAdvanced Topics in Cryptography
Advanced Topics in Cryptography Lecture 6: El Gamal. Chosen-ciphertext security, the Cramer-Shoup cryptosystem. Benny Pinkas based on slides of Moni Naor page 1 1 Related papers Lecture notes of Moni Naor,
More informationA survey on quantum-secure cryptographic systems
A survey on quantum-secure cryptographic systems Tomoka Kan May 24, 2018 1 Abstract Post-quantum cryptography refers to the search for classical cryptosystems which remain secure in the presence of a quantum
More informationSome Efficient Algorithms for the Final Exponentiation of η T Pairing
Some Efficient Algorithms for the Final Exponentiation of η T Pairing Masaaki Shirase 1, Tsuyoshi Takagi 1, and Eiji Okamoto 2 1 Future University-Hakodate, Japan 2 University of Tsukuba, Japan Abstract.
More informationCONSTRUCTIONS SECURE AGAINST RECEIVER SELECTIVE OPENING AND CHOSEN CIPHERTEXT ATTACKS
CONSRUCIONS SECURE AGAINS RECEIVER SELECIVE OPENING AND CHOSEN CIPHEREX AACKS Dingding Jia, Xianhui Lu, Bao Li jiadingding@iie.ac.cn C-RSA 2017 02-17 Outline Background Motivation Our contribution Existence:
More informationOn The Security of The ElGamal Encryption Scheme and Damgård s Variant
On The Security of The ElGamal Encryption Scheme and Damgård s Variant J. Wu and D.R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, ON, Canada {j32wu,dstinson}@uwaterloo.ca
More informationOutsider-Anonymous Broadcast Encryption with Sublinear Ciphertexts
Outsider-Anonymous Broadcast Encryption with Sublinear Ciphertexts elly Fazio 1,2 and Irippuge Milinda Perera 2 1 The City College of CUY fazio@cs.ccny.cuny.edu 2 The Graduate Center of CUY {nfazio,iperera}@gc.cuny.edu
More informationOpen problems in lattice-based cryptography
University of Auckland, New Zealand Plan Goal: Highlight some hot topics in cryptography, and good targets for mathematical cryptanalysis. Approximate GCD Homomorphic encryption NTRU and Ring-LWE Multi-linear
More informationPredicate Privacy in Encryption Systems
Predicate Privacy in Encryption Systems Emily Shen 1, Elaine Shi 2, and Brent Waters 3 1 MIT eshen@csail.mit.edu 2 CMU/PARC eshi@parc.com 3 UT Austin bwaters@cs.utexas.edu Abstract. Predicate encryption
More informationAdaptive partitioning. Dennis Hofheinz (KIT, Karlsruhe)
Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key Encryption Accepted security notion: chosen-ciphertext security (IND-CCA) Public-Key Encryption Accepted security
More informationA New Attack on RSA with Two or Three Decryption Exponents
A New Attack on RSA with Two or Three Decryption Exponents Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France nitaj@math.unicaen.fr http://www.math.unicaen.fr/~nitaj
More informationLesson 8 : Key-Policy Attribute-Based Encryption and Public Key Encryption with Keyword Search
Lesson 8 : Key-Policy Attribute-Based Encryption and Public Key Encryption with Keyword Search November 3, 2014 teacher : Benoît Libert scribe : Florent Bréhard Key-Policy Attribute-Based Encryption (KP-ABE)
More informationAdaptively Secure Puncturable Pseudorandom Functions in the Standard Model
Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model Susan Hohenberger 1, Venkata Koppula 2, and Brent Waters 2 1 Johns Hopkins University, Baltimore, USA susan@cs.jhu.edu 2 University
More informationLecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security
Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security Boaz Barak November 21, 2007 Cyclic groups and discrete log A group G is cyclic if there exists a generator
More informationAdaptively Secure Non-Interactive Threshold Cryptosystems
Adaptively Secure Non-Interactive Threshold Cryptosystems Benoît Libert 1 and Moti Yung 2 1 Université catholique de Louvain, ICTEAM Institute (Belgium) 2 Google Inc. and Columbia University (USA) Abstract.
More informationAn Efficient Broadcast Encryption Supporting Designation and Revocation Mechanisms
Chinese Journal of Electronics Vol.27, No.1, Jan. 2018 An Efficient Broadcast Encryption Supporting Designation and Revocation Mechanisms ZHU Yan 1, YU Ruyun 1, CHEN E 1 and HUANG Dijiang 2 (1. School
More information