A New Biometric Identity Based Encryption Scheme
|
|
- Briana Gallagher
- 6 years ago
- Views:
Transcription
1 NEYIRE DENIZ SARIER (2008). A New Bometrc Identty Based Encrypton Scheme. In Techncal Sessons for 2008 Internatonal Symposum on Trusted Computng (TrustCom 2008) n Proceedngs of the 9th Internatonal Conference for Young Computer Scentsts, ICYCS 2008, Zhang Ja Je, Hunan, Chna, November 18-21, 2008, GUOJUN WANG, JIANER CHEN, MICHAEL R. FELLOWS & HUADONG MA, edtors, IEEE Computer Socety. ISBN URL ng any of these documents wll adhere to the terms and constrants nvoked by each copyrght holder, and n partcular use them only for noncommercal purposes. These works may not be posted elsewhere wthout the explct wrtten permsson of the copyrght holder. (Last update 2017/11/29-18 :21.) are mantaned by the authors or by other copyrght holders, notwthstandng that these works are posted here electroncally. It s understood that all persons copy- A New Bometrc Identty Based Encrypton Scheme Neyre Denz Sarer Bonn-Aachen Internatonal Center for Informaton Technology Computer Securty Group Dahlmannstr. 2, D Bonn Germany denzsarer@yahoo.com Abstract In ths paper, we present a new and effcent bometrc dentty based encrypton scheme (BIO-IBE) usng the Saka Kasahara Key Constructon and prove ts securty n the random oracle model based on the well-exploted k- BDHI computatonal problem. Our new scheme acheves better effcency n terms of the key generaton and decrypton algorthms compared to the exstng fuzzy IBE schemes. The man dfference of the new BIO-IBE scheme s the structure of the key generaton algorthm, where a unque bometrc dentty strng ID obtaned from the bometrc attrbutes s used nstead of pckng a dfferent polynomal for each user as n other fuzzy IBE schemes. Keywords: Bometrcs, fuzzy IBE, fuzzy extracton. 1. Introducton Recently, Saha and Waters proposed a new Identty Based Encrypton (IBE) system called fuzzy IBE that uses bometrc attrbutes as the dentty nstead of an arbtrary strng lke an emal address. In fuzzy IBE, the prvate key components are generated by combnng the values of a unque polynomal on each attrbute wth the master secret key. However, due to the nosy nature of bometrcs, fuzzy IBE allows for error tolerance n the decrypton stage, where a cphertext encrypted wth the bometrcs w could be decrypted by the recever usng the prvate key correspondng to the dentty w, provded that w and w are wthn a certan dstance of each other. Besdes, the bometrcs s used as publc nformaton, hence the compromse of the bometrcs does not affect the securty of the system. Ths document s provded as a means to ensure tmely dssemnaton of scholarly and techncal work on a non-commercal bass. Copyrght and all rghts theren 1.1. Related Work The frst fuzzy IBE scheme s descrbed by Saha and Waters n [11] and the securty s reduced to the MBDH problem n the standard model, where the sze of the publc parameters s lnear n the number of the attrbutes of the system or the number of attrbutes of a user. Prett et al [10] acheved a more effcent fuzzy IBE scheme wth short publc parameter sze by usng the random oracle model (ROM). Baek et al [1] descrbed two new fuzzy IBE schemes wth an effcent key generaton algorthm and proved the securty n the random oracle model based on the DBDH assumpton. Besdes, Burnett et al [4] descrbed a bometrc dentty based sgnature scheme, where they used the bometrc nformaton as the dentty and construct the publc key of the user usng a fuzzy extractor [8], whch s then used n the modfed SOK-IBS scheme [2] Our Contrbuton In ths paper, we present a new bometrc dentty based encrypton scheme usng the Saka Kasahara Key Constructon [6] and acheve better effcency compared to the exstng fuzzy IBE schemes n terms of the key generaton and decrypton algorthms. Frst, we have a structurally smpler key generaton algorthm compared to [10, 1] snce we use an ordnary one-way hash functon nstead of a MaptoPont hash functon and we reduce the number of exponentatons n the group G from 3n as n [10] (and from 2n as n [1]) to n. Also, the decrypton algorthm requres d blnear parng computatons and d exponentatons, whereas the exstng schemes requre d + 1 blnear parng computatons and 2d exponentatons. The securty of our new scheme reduces to the well exploted k-bdhi computatonal problem n the random oracle model. The man dfference of our bometrc IBE scheme s the structure of the key generaton algorthm, where a unque bometrc dentty strng ID obtaned from the bometrc attrbutes s used nstead of pckng a dfferent polynomal for each user and computng the prvate key components for each attrbute usng ths polynomal, the master key and the attrbutes. Thus, our scheme s constructed usng a dfferent approach compared to the exstng fuzzy IBE schemes.
2 2. Defntons and Buldng Blocks In order to ntroduce the new bometrc IBE scheme, at frst, we revew the defntons and requred computatonal prmtves. Gven a set S, x R S defnes the assgnment of a unformly dstrbuted random element from the set S to the varable x. A functon ǫ(k) s defned as neglgble f for any constant c, there exsts k 0 N wth k > k 0 such that ǫ < (1/k) c. Fnally, we defne the Lagrange coeffcent µ,s for µ Z p and a set S of elements n Z p as x µ j µ,s(x) = µ µ j µ j S,µ j µ Defnton 2.1. Blnear Parng Let G and F be multplcatve groups of prme order p and let g be a generator of G. Z p denotes Z p \ {0} and G denotes G \ {1}, where {0} and {1} are the dentty elements of Z p and G, respectvely. A blnear parng s denoted by ê : G G F f the followng two condtons hold. 1. a, b Z p, we have ê(g a, g b ) = ê(g, g) ab 2. ê(g, g) 1, namely the parng s non-degenerate. The securty of our scheme s reduced to the wellexploted complexty assumpton (k-bdhi) [6], whch s stated as follows. Defnton 2.2. k-blnear Dffe-Hellman Inverse (k- BDHI) For an nteger k, and x R Z p, g G, ê : G G F, gven (g, g x, g x2,..., g xk ), computng ê(g, g) 1/x s hard Fuzzy Identty Based Encrypton In [1], the generc fuzzy IBE scheme s defned as follows. Setup(): Gven a securty parameter k 0, the Prvate Key Generator (PKG) generates the master secret key ms and the publc parameters of the system. Key Generaton: Gven a user s dentty and ms, the PKG returns the correspondng prvate key D ID. Encrypt: A probablstc algorthm that takes as nput an dentty w U, publc parameters and a message m M and outputs the cphertext c C. Here, M, C and U denote the message space, the cphertext space and the unverse of attrbutes. Decrypt: A determnstc algorthm that gven the prvate key D ID and a cphertext encrypted wth w such that w w d, returns ether the underlyng message m or a reject message. Here d s the error tolerance parameter of the scheme. In our new bometrc IBE scheme, the dentty s equal to the bometrc nformaton of the user, from whch the key generaton algorthm obtans the bometrc features (or attrbutes) w and a unque bometrc dentty strng ID. The detals of ths extracton process s presented n secton Securty Model In [11], the Selectve-ID model of securty for fuzzy IBE (IND-FSID-CPA) s defned usng a game between a challenger and an adversary as follows. Phase 1: The adversary declares the challenge dentty w = (µ 1,..., µ n ). Phase 2: The challenger runs the Setup algorthm and returns to the adversary the system parameters. Phase 3: The adversary ssues prvate key queres for any dentty w such that w w < d. Phase 4: The adversary sends two equal length messages m 0 and m 1. The challenger returns the cphertext that s encrypted usng the dentty w and the message m β, where β R {0, 1}. Phase 5: Phase 3 s repeated. Phase 6: The adversary outputs a guess β for β. The advantage of the adversary A s defned as Adv IND FSID CPA A = Pr[β = β] 1 2 For our bometrc IBE scheme we gve the securty proof based on the noton of IND-FSID-CPA (Indstngushablty aganst Fuzzy Selectve Identty, Chosen Plantext Attack), but our scheme can easly be modfed usng the generc constructon REACT [9] to be secure aganst CCA (Chosen Cphertext Attack) Bometrc Fuzzy Extracton Any bometrc based encrypton or sgnature scheme requres the bometrc measurement of the recever or the sgner, respectvely. Bascally, the framework for bometrc encrypton s (1) extractng features; (2) quantzaton and codng per feature and concatenatng the output codes; (3) applyng error correcton codng (ECC) and hashng [5]. After capturng the bometrc nformaton of the user through a readng devce, feature extracton s appled to obtan the feature vector (or the attrbutes) of the bometrcs. In [11, 1], each attrbute s assocated wth a unque nteger µ Z p usng a hash functon and used as the dentty w = (µ 1,..., µ n ) n the fuzzy IBE scheme. Here, n denotes the sze of the attrbutes of each user. Snce some of the
3 attrbutes could be common n some users, a unque polynomal s selected for each user and ncluded n the key generaton algorthm to bnd the prvate key to the user. Ths way, dfferent users cannot collude n order to decrypt a cphertext that should be only decrypted by the real recever. In our bometrc IBE scheme, we use the bometrc template b of the user, whch s obtaned by concatenatng the extracted features, n order to bnd the prvate key to the user s dentty and thus avod colluson attacks. Instead of choosng a unque polynomal for each user, we use a fuzzy extractor to obtan a unque strng ID va error correcton codes from the bometrc template b of the user n such a way that an error tolerance t s allowed. In other words, we wll obtan the same strng ID even f the fuzzy extractor s appled on a dfferent b such that ds(b, b ) < t. Here, ds() s the dstance metrc used to measure the varaton n the bometrc readng and t s the error tolerance parameter. Formally, an (M, l, t) fuzzy extractor s defned as follows. Defnton 2.3. Let M = {0, 1} v be a fnte dmensonal metrc space wth a dstance functon ds : M M Z +. Here, b M and ds measures the dstance between b and b, where b, b M. An (M, l, t) fuzzy extractor conssts of two functons Gen and Rep. Gen: A probablstc generaton procedure that takes as nput b M and outputs an dentty strng ID {0, 1} l and a publc parameter PAR, that s used by the Rep functon to regenerate the same strng ID from b such that ds(b, b ) t. Rep: A determnstc reproducton procedure that takes as nput b and the publcly avalable parameter PAR, and outputs ID f ds(b, b ) t. In [4], the authors descrbe a concrete fuzzy extractor usng a [n, k, 2t + 1] BCH error correcton code, Hammng Dstance metrc and a one-way hash functon H : {0, 1} n {0, 1} l. Specfcally, The Gen functon takes the bometrcs b as nput and returns ID = H(b) and publc parameter PAR = b C e (ID), where C e s a one-to-one encodng functon. The Rep functon takes a bometrc b and PAR as nput and computes ID = C d (b PAR) = C d (b b C e (ID)). ID = ID f and only f ds(b, b ) t. Here C d s the decodng functon that corrects the errors upto the threshold t. 3. A New Effcent Bometrc IBE Scheme Our new bometrc IBE scheme BIO-IBE uses Saka- Kasahara s Key Constructon [6, 12] for the generaton of the prvate keys. Ths way, BIO-IBE acheves better performance over exstng fuzzy IBE schemes due to the use of an ordnary hash functon and due the total number of exponentatons and blnear parngs requred. Besdes, the fuzzy extracton process s only performed by the sender to form the cphertext and can be effcently mplemented on the fnte feld F 2 m, where m 10 as descrbed n [4, 8]. In order to encrypt a message, the sender obtans the bometrc nformaton and the correspondng publc parameter P AR of the recever, extracts the features (attrbutes) and computes the bometrc strng ID usng the fuzzy extractor. We assume that f w w d, then we have ds(b, b ) t and thus ID = ID. The detals of BIO-IBE s presented as follows. Setup(): Gven a securty parameter k 0, the parameters of the scheme are generated as follows. 1. Generate two cyclc groups G and F of prme order p > 2 k0 and a blnear parng ê : G G F. Pck a random generator g G. 2. Pck a random x Z p and compute P pub = g x. 3. Pck two cryptographc hash functons H 1 : Z p {0, 1} Z p and H 2 : F {0, 1} k1. In addton, the PKG pcks H : b {0, 1}, an encodng functon C e and a decodng functon C d together wth a specfc feature extracton method F e appled on the bometrc b. The message space s M = {0, 1} k1. The cphertext space s C = U G n {0, 1} k1. The master publc key s (p, G, F, ê, k 1, g, P pub, H 1, H 2, H, C e, C d, F e ) and the master secret key s ms = x. Key Generaton: Frst, a user s bometrc attrbutes w U are obtaned from the raw bometrc nformaton usng a reader and the feature extractor F e and each attrbute µ w s assocated to a unque nteger n Z p as n [11]. Besdes, the dentty strng ID = H(b) s calculated from the bometrc template b (whch s composed of the µ s) usng a fuzzy extractor as n [4]. Gven a user s bometrc attrbutes w and ID, the PKG returns Dµ ID = g 1/(x+H1(µ,ID)) = g 1/(x+hID ) for each µ w. Encrypt: The sender obtans a bometrc readng of the recever together wth the assocated publc parameter PAR, extracts the feature vector w and computes ID = Rep(b, PAR). Here, f ds((b, b ) < t, then ID = ID. Gven a plantext m M, ID and w, the followng steps are performed. 1. Pck a random polynomal r( ) of degree d 1 over Z p such that r(0) = r and compute the shares r(µ ) = r Z p for µ w.
4 2. Compute L = P pub g H1(µ,ID ) = g x+hid and the sesson key V = H 2 (ê(g, g) r ). 3. Set the cphertext to c = (w, U, W) = (w, L r, m V ) for each [1, n]. Decrypt: Gven c = (w, U, W) C and Dµ ID for µ w and [1, n], choose an arbtrary set S w w such that S = d and compute m = W V as V = H 2 ( (ê(u, Dµ ID )) µ,s(0) ) µ S = H 2 ( µ S (ê(g r(x+hid ), g 1/(x+hID ) )) µ,s(0) ) = H 2 ( (ê(g, g) r ) µ,s(0) ) µ S = H 2 (ê(g, g) r ) Here, the polynomal r( ) of degree d 1 s nterpolated usng d ponts by polynomal nterpolaton n the exponents usng Shamr s secret sharng method [13]. Also, h ID = h ID for each µ S and ID = ID. Theorem 3.1. Suppose the hash functons H 1, H 2 are random oracles and there exsts a polynomal tme adversary A wth advantage ǫ that can break the scheme BIO-IBE n the Fuzzy Selectve ID model by makng q 1, q 2 random oracle queres, and q ex prvate key extracton queres. Then there exsts a polynomal tme algorthm B that solves the k-bdhi problem wth k = q 1 + q ex + 1. Proof. Assume that a polynomal tme attacker A breaks BIO-IBE, then usng A, we show that one can construct an attacker B solvng the k-bdhi problem. Suppose that B s gven the k-bdhi problem (q, g, ê, G, F, g x, g x2,..., g xk ), B wll compute ê(g, g) 1/x usng A as follows. Phase 1: A outputs the challenge dentty w. Phase 2: B smulates the publc parameters for A. 1. B selects h 0,..., h k 1 Z p and sets f(z) = k 1 j=1 (z+h j), whch could be wrtten as f(z) = k 1 j=0 c jz j. The constant term c 0 s non-zero because h j 0 and c j are computable from h j. 2. B computes Q = k 1 j=0 (gxj ) cj = g f(x) and Q x = g xf(x) = k 1 j=0 (gxj+1 ) cj. If Q = 1, then x = h j for some j, then k- BDHI problem could be solved drectly [7]. 3. B computes f j (z) = f(z) z+h j = k 2 v=0 d j,vz j for 1 j < k and Q 1/(x+hj) = g fj(x) = k 2 v=0 (gxv ) dj,v [7]. 4. Set T = k 1 j=1 (gxj 1 ) cj = g (f(x) c0)/x and set T 0 = ê(t, Q g c0 ). B returns A the publc parameters (q, g, ê, G, F, P pub, H 1, H 2, d, FE), where d Z +, P pub = Q x h0 and H 1, H 2 are random oracles controlled by B as follows. Here, FE denotes the fuzzy extracton algorthm. H 1 -queres: For a query (µ, ID w ), where [1, n], f there exsts j, l, µ, ID w, h j + h 0, Q 1/(x+hj) n H 1 Lst, return h j + h 0. Otherwse, 1. If µ w, ID w = ID and l d, return h j + h 0 and add j, l, µ, ID, h j +h 0, Q 1/(x+hj) to H 1 Lst. Increment j and l by If µ w, ID w = ID and l = d, then return h 0, add the tuple j, d, µ, ID w, h 0, to H 1 Lst. Increment j by Else, return h j + h 0 and add the tuple j, l, µ, ID w, h j + h 0, Q 1/(x+hj) to H 1 Lst. Increment j by 1. Here, j and l denotes the values of two counters, where 1 j q 1 and 1 l d. H 2 -queres: Upon recevng a query R, 1. If there exsts (R, ξ) n H 2 Lst, return ξ. Else, 2. Choose ξ R {0, 1} k1 and return to A. Phase 3: B smulates the prvate key extracton queres of A as follows. Extracton queres: Upon recevng a query (w, ID w ) wth w w < d, (thus ID w ID ), for every µ w, run the H 1 -oracle smulator and obtan j, l, µ, ID w, h j + h 0, Q 1/(x+hj) from H 1 Lst. If ID w ID, return Dµ IDw = Q 1/(x+hj) for each µ w. Remark 3.1. To mprove the reducton cost, we can add the followng condton to the extracton queres: If the extracton query s on the challenge dentty ID w = ID, (namely w w d), A s gven the frst d 1 prvate key components Dµ ID = Q 1/(x+hj) upto the case when µ = µ, whch s the d th entry n the H 1 Lst wth respect to the second counter. Then, we slghtly change the securty model of our scheme by requrng the adversary A to select the arbtrary subset S of w for the computaton of the sesson key such that µ S wth S = d. Phase 4: Upon recevng the messages (m 0, m 1 ) wth m 0 = m 1, B generates the challenge C. R 1. Pck r Z p for each µ w unless µ = µ.
5 2. Compute U µ = Q r(x+h1(µ,id )) for each µ w except for µ = µ. 3. Pck r R Z p and compute U µ = Q r. 4. B chooses β {0, 1} and W R {0, 1} k1. 5. Set the cphertext to C = (w, U µ, m β W ) where µ w. Remark 3.2. If the condton n Remark 3.1 s appled, then the only way for the adversary A to have any advantage s to query the H 2 oracle wth the correct sesson key constructed usng the d prvate key components, where A already knows d 1 of them except for µ. And A has to compute the prvate key share of µ due to the Remark 3.1. Phase 5: B answers A s random oracle and prvate key extracton queres as before. The only condton on the prvate key extracton queres s that the attacker A cannot query the prvate key Dµ ID. Phase 6: At some pont, A responds wth ts guess β for the underlyng plantext m β, whch could only be computed from m β = W H 2 ( µ S (ê(u µ, D ID µ ))). The only way for A to have any advantage n ths game s when H 2 Lst contans the value R = ê(u µ, Dµ ID ) µ,s(0) µ S = ê(q, Q 1/x ) r µ,s (0) Λ where Λ = µ S,µ µ ê(q, Q) r µ,s(0) Remark 3.3. Obvously, the value Λ can be computed by B (also computable by A f the condtons of Remark 3.1 s appled), snce B knows the prvate key components Dµ ID for each µ S, µ µ, and B also knows the correspondng r s. We set T = (R /Λ) 1/(r µ,s (0)) = ê(q, Q 1/x ). The soluton to the k-bdhi problem, ê(g, g 1/x ), s obtaned by outputtng (T/T 0 ) 1/c2 0 = ê(g, g 1/x ) as n [7]. T/T 0 = ê(g, g) f(x) f(x)/x /ê(g (f(x) c0)/x, g f(x)+c0 ) = ê(g, g) f(x) f(x)/x f(x) f(x)/x+c2 0 /x = ê(g, g) c2 0 /x Let H be the event that algorthm A ssues a query for H 2 (R ) at some pont durng the smulaton. Pr[H] n the smulaton above s equal to Pr[H] n the real attack [3]. Also, n the real attack we have Pr[H] ǫ due to the followng facts. If the H 2 Lst does not contan the value R, then we have Pr[β = β H] = 1 2. By the defnton of A, we have Pr[β = β] 1 2 > ǫ. Combnng all the results and defnng the event E as E = Pr[β = β ], we obtan the followng as n [3] E = Pr[β = β H]Pr[H] + Pr[β = β H]Pr[ H] Pr[β = β ] 1 2 (1 Pr[H]) Pr[β = β ] 1 2 (1 + Pr[H]). Therefore, ǫ Pr[β = β H] Pr[H] Pr[H] 2ǫ. It follows that B produces the correct answer by pckng a random entry from the H 2 Lst wth probablty ( ) at least 2ǫ n due to the q ( n 2 entres n the H 2 Lst and dfferent d) q 2 d choces for A to compute the sesson key. Hence, 2Adv FSID-IND-CPA (A) ( n BIO-IBE d) q2 Adv k-bdhi (B) When we apply the condton on Remark 3.1, the adversary( A) wll have only one choce for the set S, thus the n factor s elmnated from the reducton cost resultng d n 2Adv FSID-IND-CPA BIO-IBE (A) q 2 Adv k-bdhi (B) The modfed securty model gves the adversary as much power as possble by provdng the adversary wth d 1 prvate key components, and the restrcton for the set S s necessary for B to have any advantage n ths game. Thus, the mproved reducton cost s obtaned by requrng a stronger securty model than the Fuzzy Selectve-ID model of [11, 1]. 4. Concluson In ths paper, we propose a new bometrc dentty based encrypton scheme BIO-IBE. Due to the employment of the Saka Kasahara Key Constructon, we obtan a more effcent scheme compared to the schemes n [10, 1]. We summarze n the followng tables the propertes of BIO- IBE and compare the computatonal costs of each algorthm used n the schemes. Obvously, BIO-IBE s more effcent n terms of the sub-algorthms of the schemes. Besdes, the computatonal cost of the fuzzy extracton F E s small, snce the operatons n FE algorthm are performed on the fnte feld of F 2 m, where m 10 accordng to [4]. The only dsadvantage s that the reducton s not tght, however, the BIO-IBE s reduced to a well-exploted computatonal
6 Fgure 1. Computatonal Costs of Varous Fuzzy IBE Schemes [1] SW-RO EFIBE-I EFIBE-II BIO-IBE Sze of D ID 2n G 2n G 2n G n G Sze of C (n + 1) G + F (n + 1) G + F (n + 1) G + F n G + k 1 Cost of Key n(t e + T ) n(t H + T m + 3T e) n(t H + 2T e) n(t H + T m + 2T e) Generaton +FE ID Cost of n(t e + T H) n(t e + T m + T H) n(t e + T H) n(2t e + T m) Encrypt +2T e + T p + T m +2T e + T p + T m +2T e + T p + T m +T p + FE ID Cost of d(2t e + T m + T p) d(2t e + T m + T p) d(2t e + T m + T p) Decrypt +T p + T + T m +T p + T + T m +T p + T + T m d(t e + T p) Abbrevatons: S s the bt-length of an element n set (or group) S; n s the number of elements n an dentty; T e s the computaton tme for a sngle exponentaton n G; T H s the computaton tme for MaptoPont hash functon; T m s the computaton tme for a sngle multplcaton n G; T s the computaton tme for a sngle nverse operaton n Z p; T p s the computaton tme for a sngle parng operaton; T m s the computaton tme for a sngle multplcaton n F; T the computaton tme for a sngle nverse operaton n F; d s the error tolerance parameter; FE ID s the computaton tme for the fuzzy extracton process; k 1 output sze of the hash functon. problem. Fnally, an open problem s to prove the securty of BIO-IBE n the standard model. Table 1. Propertes of Varous Fuzzy IBE Schemes Scheme Assumpton Hash Securty Functon Model SW-RO Decsonal BDH MaptoPont ROM EFIBE-I Decsonal BDH MaptoPont ROM EFIBE-II Decsonal BDH MaptoPont ROM BIO-IBE Computatonal k-bdhi One-way ROM Acknowledgement The author s grateful to her supervsor Prof. Joachm von zur Gathen for hs valuable support. References Dr. [1] J. Baek, W. Suslo, and J. Zhou, "New constructons of fuzzy dentty-based encrypton," n ACM Symposum on Informaton, Computer and Communcatons Securty (ASI- ACCS 2007), ACM, 2007, pp [2] M. Bellare, C. Namprempre, and G. Neven, "Securty Proofs for Identty-Based Identfcaton and Sgnature Schemes," n Advances n Cryptology-EUROCRYPT 2004, LNCS 3027, Sprnger, 2004, pp [3] D. Boneh and M. K. Frankln, "Identty-Based Encrypton from the Wel Parng," SIAM J. Comput., vol.32, pp , [4] A. Burnett, F. Byrne, T. Dowlng, and A. Duffy, "A Bometrc Identty Based Sgnature Scheme," Internatonal Journal of Network Securty, vol.5, pp , [5] C. Chen, R. N. J. Veldhus, T. A. M. Kevenaar, and A. H. M. Akkermans, "Mult-bts bometrc strng generaton based on the lkelyhood rato," IEEE conference on Bometrcs: Theory, Applcatons and Systems, 2007, pp [6] L. Chen and Z. Cheng, "Securty Proof of Saka-Kasahara s Identty-Based Encrypton Scheme," n Cryptography and Codng, IMA Int. Conf., LNCS 3796, Sprnger, 2005, pp [7] L. Chen, Z. Cheng, J. Malone-Lee, and N. Smart, "Effcent ID-KEM based on the Saka-Kasahara key constructon," IEE Proceedngs Informaton Securty, vol. 153, pp , [8] Y. Dods, R. Ostrovsky, L. Reyzn, and A. Smth, "Fuzzy Extractors: How to Generate Strong Keys from Bometrcs and Other Nosy Data," CoRR, abs/cs/ , [9] T. Okamoto and D. Pontcheval, "REACT: Rapd Enhanced- Securty Asymmetrc Cryptosystem Transform," n Topcs n Cryptology (CT-RSA 2001), LNCS 2020, Sprnger, 2001, pp [10] M. Prrett, P. Traynor, P. McDanel, and B. Waters, "Secure attrbute-based systems," n ACM Conference on Computer and Communcatons Securty, ACM, 2006, pp [11] A. Saha and B. Waters, "Fuzzy Identty-Based Encrypton," n Advances n Cryptology-EUROCRYPT 2005, LNCS 3494, Sprnger, 2005, pp [12] R. Saka and M. Kasahara, "ID based Cryptosystems wth Parng on Ellptc Curve," Cryptology eprnt Archve, Report 2003/054, [13] A. Shamr, "How to Share a Secret," Commun. ACM, vol.22, pp , 1979.
Cryptanalysis of pairing-free certificateless authenticated key agreement protocol
Cryptanalyss of parng-free certfcateless authentcated key agreement protocol Zhan Zhu Chna Shp Development Desgn Center CSDDC Wuhan Chna Emal: zhuzhan0@gmal.com bstract: Recently He et al. [D. He J. Chen
More informationProvable Security Signatures
Provable Securty Sgnatures UCL - Louvan-la-Neuve Wednesday, July 10th, 2002 LIENS-CNRS Ecole normale supéreure Summary Introducton Sgnature FD PSS Forkng Lemma Generc Model Concluson Provable Securty -
More informationAugmented Broadcaster Identity-based Broadcast Encryption
Augmented Broadcaster Identty-based Broadcast Encrypton Janhong Zhang Yuwe Xu Zhpeng Chen Insttuton of Image Processng and Pattern Recognton North Chna Unversty of Technology Bejng Chna 100144 ywxupaper@163com
More informationSecure and practical identity-based encryption
Secure and practcal dentty-based encrypton D. Naccache Abstract: A varant of Waters dentty-based encrypton scheme wth a much smaller system parameters sze (only a few klobytes) s presented. It s shown
More informationAnonymous Identity-Based Broadcast Encryption with Revocation for File Sharing
Anonymous Identty-Based Broadcast Encrypton wth Revocaton for Fle Sharng Janchang La, Y Mu, Fuchun Guo, Wlly Suslo, and Rongmao Chen Centre for Computer and Informaton Securty Research, School of Computng
More informationAnonymous identity-based broadcast encryption with revocation for file sharing
Unversty of Wollongong Research Onlne Faculty of Engneerng and Informaton Scences - Papers: Part A Faculty of Engneerng and Informaton Scences 2016 Anonymous dentty-based broadcast encrypton wth revocaton
More informationCHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 12 Jan. 2017, 14:00-18:00
CHALMERS GÖTEBORGS UNIVERSITET CRYPTOGRAPHY TDA352 (Chalmers) - DIT250 (GU) 12 Jan. 2017, 14:00-18:00 No extra materal s allowed durng the exam except for pens and a smple calculator (not smartphones).
More informationComments on a secure dynamic ID-based remote user authentication scheme for multiserver environment using smart cards
Comments on a secure dynamc ID-based remote user authentcaton scheme for multserver envronment usng smart cards Debao He chool of Mathematcs tatstcs Wuhan nversty Wuhan People s Republc of Chna Emal: hedebao@63com
More informationG /G Advanced Cryptography 12/9/2009. Lecture 14
G22.3220-001/G63.2180 Advanced Cryptography 12/9/2009 Lecturer: Yevgeny Dods Lecture 14 Scrbe: Arsteds Tentes In ths lecture we covered the Ideal/Real paradgm and the noton of UC securty. Moreover, we
More informationThe Synchronous 8th-Order Differential Attack on 12 Rounds of the Block Cipher HyRAL
The Synchronous 8th-Order Dfferental Attack on 12 Rounds of the Block Cpher HyRAL Yasutaka Igarash, Sej Fukushma, and Tomohro Hachno Kagoshma Unversty, Kagoshma, Japan Emal: {garash, fukushma, hachno}@eee.kagoshma-u.ac.jp
More informationSpeeding up Computation of Scalar Multiplication in Elliptic Curve Cryptosystem
H.K. Pathak et. al. / (IJCSE) Internatonal Journal on Computer Scence and Engneerng Speedng up Computaton of Scalar Multplcaton n Ellptc Curve Cryptosystem H. K. Pathak Manju Sangh S.o.S n Computer scence
More informationOn a CCA2-secure variant of McEliece in the standard model
On a CCA2-secure varant of McElece n the standard model Edoardo Perschett Department of Mathematcs, Unversty of Auckland, New Zealand. e.perschett@math.auckland.ac.nz Abstract. We consder publc-key encrypton
More informationAttacks on RSA The Rabin Cryptosystem Semantic Security of RSA Cryptology, Tuesday, February 27th, 2007 Nils Andersen. Complexity Theoretic Reduction
Attacks on RSA The Rabn Cryptosystem Semantc Securty of RSA Cryptology, Tuesday, February 27th, 2007 Nls Andersen Square Roots modulo n Complexty Theoretc Reducton Factorng Algorthms Pollard s p 1 Pollard
More informationA Threshold Digital Signature Issuing Scheme without Secret Communication
A Threshold Dgtal Sgnature Issung Scheme wthout Secret Communcaton Kazuo Takarag, Kunhko Myazak, Masash Takahash Systems Development Laboratory, Htach, Ltd e-mal: {takara, kunhko, takahas}@sdlhtachcop
More informationPractical Functional Encryption for Quadratic Functions with Applications to Predicate Encryption
Practcal Functonal Encrypton for Quadratc Functons wth Applcatons to Predcate Encrypton Carmen Elsabetta Zara Baltco 1, Daro Catalano 1, Daro Fore 2, and Roman Gay 3 1 Dpartmento d Matematca e Informatca,
More informationLecture 5 Decoding Binary BCH Codes
Lecture 5 Decodng Bnary BCH Codes In ths class, we wll ntroduce dfferent methods for decodng BCH codes 51 Decodng the [15, 7, 5] 2 -BCH Code Consder the [15, 7, 5] 2 -code C we ntroduced n the last lecture
More informationA Model of Bilinear-Pairings Based Designated-Verifier Proxy Signatue Scheme*
A Model of Blnear-Parngs Based Desgnated-Verfer Proxy Sgnatue Scheme Fengyng L,, Qngshu Xue, Jpng Zhang, Zhenfu Cao Department of Educaton Informaton Technology, East Chna Normal Unversty, 0006, Shangha,
More informationAttribute-Based Encryption with Non-Monotonic Access Structures
Attrbute-Based Encrypton wth Non-Monotonc Access Structures Rafal Ostrovsky UCLA rafal@cs.ucla.edu Amt Saha UCLA saha@cs.ucla.edu Brent Waters SRI Internatonal bwaters@csl.sr.com ABSTRACT We construct
More informationLecture 4: Universal Hash Functions/Streaming Cont d
CSE 5: Desgn and Analyss of Algorthms I Sprng 06 Lecture 4: Unversal Hash Functons/Streamng Cont d Lecturer: Shayan Oves Gharan Aprl 6th Scrbe: Jacob Schreber Dsclamer: These notes have not been subjected
More informationCryptanalysis of Threshold Proxy Signature Schemes 1)
MM Research Preprnts, 226 233 MMRC, AMSS, Academa Snca No. 23, December 24 Cryptanalyss of Threshold Proxy Sgnature Schemes 1) Zuo-Wen Tan and Zhuo-Jun Lu Key Laboratory of Mathematcs Mechanzaton Insttute
More informationDecentralized Multi-Client Functional Encryption for Inner Product
Ths paper s a slght varant of the Extended Abstract that appears n Advances n Cryptology ASIACRYPT 2018 (December 2 6, Brsbane, Australa) Sprnger-Verlag, LNCS?????, pages??????. Decentralzed Mult-Clent
More informationFinding Malleability in NTRUSign
Fndng Malleablty n TRUSgn SungJun Mn, Go Yamamoto, and Kwangjo Km Auto-ID Labs Whte Paper WP-HARDWARE-33 Sungjun Mn Senor Researcher, atonal Computerzaton Agency Go Yamamoto Senor Researcher, Informaton
More informationInformation-Theoretic Timed-Release Security: Key-Agreement, Encryption, and Authentication Codes
Informaton-Theoretc Tmed-Release Securty: Key-Agreement, Encrypton, and Authentcaton Codes Yohe Watanabe, Takenobu Seto, Junj Shkata Graduate School of Envronment and Informaton Scences, Yokohama Natonal
More informationIntroduction to Algorithms
Introducton to Algorthms 6.046J/8.40J Lecture 7 Prof. Potr Indyk Data Structures Role of data structures: Encapsulate data Support certan operatons (e.g., INSERT, DELETE, SEARCH) Our focus: effcency of
More informationCiphertext policy Attribute based Encryption with anonymous access policy
Cphertext polcy Attrbute based Encrypton wth anonymous access polcy A.Balu, K.Kuppusamy 2 Research Assocate, 2 Assocate Professor Department of Computer Scence & En.,Alaappa Unversty, Karakud, Taml Nadu,
More informationModule 3 LOSSY IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur
Module 3 LOSSY IMAGE COMPRESSION SYSTEMS Verson ECE IIT, Kharagpur Lesson 6 Theory of Quantzaton Verson ECE IIT, Kharagpur Instructonal Objectves At the end of ths lesson, the students should be able to:
More informationTightly CCA-Secure Encryption without Pairings
Tghtly CCA-Secure Encrypton wthout Parngs Roman Gay 1,, Denns Hofhenz 2,, Eke Kltz 3,, and Hoeteck Wee 1, 1 ENS, Pars, France rgay,wee@d.ens.fr 2 Ruhr-Unverstät Bochum, Bochum, Germany eke.kltz@rub.de
More informationNotes on Frequency Estimation in Data Streams
Notes on Frequency Estmaton n Data Streams In (one of) the data streamng model(s), the data s a sequence of arrvals a 1, a 2,..., a m of the form a j = (, v) where s the dentty of the tem and belongs to
More informationGeneric Hardness of the Multiple Discrete Logarithm Problem
Generc Hardness of the Multple Dscrete Logarthm Problem Aaram Yun Ulsan Natonal Insttute of Scence and Technology (UNIST) Republc of Korea aaramyun@unst.ac.kr Abstract. We study generc hardness of the
More informationCHAPTER 5 NUMERICAL EVALUATION OF DYNAMIC RESPONSE
CHAPTER 5 NUMERICAL EVALUATION OF DYNAMIC RESPONSE Analytcal soluton s usually not possble when exctaton vares arbtrarly wth tme or f the system s nonlnear. Such problems can be solved by numercal tmesteppng
More informationPassword Based Key Exchange With Mutual Authentication
Password Based Key Exchange Wth Mutual Authentcaton Shaoquan Jang and Guang Gong Department of Electrcal and Computer Engneerng Unversty of Waterloo Waterloo, Ontaro N2L 3G1, CANADA Emal:{angshq,ggong}@callope.uwaterloo.ca
More informationErrors for Linear Systems
Errors for Lnear Systems When we solve a lnear system Ax b we often do not know A and b exactly, but have only approxmatons  and ˆb avalable. Then the best thng we can do s to solve ˆx ˆb exactly whch
More informationCryptanalysis of a Public-key Cryptosystem Using Lattice Basis Reduction Algorithm
www.ijcsi.org 110 Cryptanalyss of a Publc-key Cryptosystem Usng Lattce Bass Reducton Algorthm Roohallah Rastagh 1, Hamd R. Dall Oskoue 2 1,2 Department of Electrcal Engneerng, Aeronautcal Unversty of Snce
More informationInner Product. Euclidean Space. Orthonormal Basis. Orthogonal
Inner Product Defnton 1 () A Eucldean space s a fnte-dmensonal vector space over the reals R, wth an nner product,. Defnton 2 (Inner Product) An nner product, on a real vector space X s a symmetrc, blnear,
More informationAggregate Message Authentication Codes
Aggregate Message Authentcaton Codes Jonathan Katz Dept. of Computer Scence Unversty of Maryland, USA. jkatz@cs.umd.edu Yehuda Lndell Dept. of Computer Scence Bar-Ilan Unversty, Israel. lndell@cs.bu.ac.l.
More informationFinding Primitive Roots Pseudo-Deterministically
Electronc Colloquum on Computatonal Complexty, Report No 207 (205) Fndng Prmtve Roots Pseudo-Determnstcally Ofer Grossman December 22, 205 Abstract Pseudo-determnstc algorthms are randomzed search algorthms
More informationn α j x j = 0 j=1 has a nontrivial solution. Here A is the n k matrix whose jth column is the vector for all t j=0
MODULE 2 Topcs: Lnear ndependence, bass and dmenson We have seen that f n a set of vectors one vector s a lnear combnaton of the remanng vectors n the set then the span of the set s unchanged f that vector
More informationClassical Encryption and Authentication under Quantum Attacks
Classcal Encrypton and Authentcaton under Quantum Attacks arxv:1307.3753v1 [cs.cr] 14 Jul 2013 Mara Velema July 12, 2013 Abstract Post-quantum cryptography studes the securty of classcal,.e. non-quantum
More information6.842 Randomness and Computation February 18, Lecture 4
6.842 Randomness and Computaton February 18, 2014 Lecture 4 Lecturer: Rontt Rubnfeld Scrbe: Amartya Shankha Bswas Topcs 2-Pont Samplng Interactve Proofs Publc cons vs Prvate cons 1 Two Pont Samplng 1.1
More informationAdditional Codes using Finite Difference Method. 1 HJB Equation for Consumption-Saving Problem Without Uncertainty
Addtonal Codes usng Fnte Dfference Method Benamn Moll 1 HJB Equaton for Consumpton-Savng Problem Wthout Uncertanty Before consderng the case wth stochastc ncome n http://www.prnceton.edu/~moll/ HACTproect/HACT_Numercal_Appendx.pdf,
More informationCiphertext-policy attribute-based encryption with key-delegation abuse resistance
Unversty of Wollongong Research Onlne Faculty of Engneerng and Informaton Scences - Papers: Part A Faculty of Engneerng and Informaton Scences 2016 Cphertext-polcy attrbute-based encrypton wth key-delegaton
More informationRSA /2002/13(08) , ); , ) RSA RSA : RSA RSA [2] , [1,4]
1000-9825/2002/13(081729-06 2002 Journal of Software Vol13, No8 RSA 1,2 1, 1 (, 200433; 2 (, 200070 E-mal: yfhu@fudaneducn http://wwwfudaneducn : RSA RSA :, ; RSA,,, RSA,, : ; RSA ; ;RSA; : TP309 : A RSA
More informationLOW BIAS INTEGRATED PATH ESTIMATORS. James M. Calvin
Proceedngs of the 007 Wnter Smulaton Conference S G Henderson, B Bller, M-H Hseh, J Shortle, J D Tew, and R R Barton, eds LOW BIAS INTEGRATED PATH ESTIMATORS James M Calvn Department of Computer Scence
More informationLectures - Week 4 Matrix norms, Conditioning, Vector Spaces, Linear Independence, Spanning sets and Basis, Null space and Range of a Matrix
Lectures - Week 4 Matrx norms, Condtonng, Vector Spaces, Lnear Independence, Spannng sets and Bass, Null space and Range of a Matrx Matrx Norms Now we turn to assocatng a number to each matrx. We could
More informationMin Cut, Fast Cut, Polynomial Identities
Randomzed Algorthms, Summer 016 Mn Cut, Fast Cut, Polynomal Identtes Instructor: Thomas Kesselhem and Kurt Mehlhorn 1 Mn Cuts n Graphs Lecture (5 pages) Throughout ths secton, G = (V, E) s a mult-graph.
More informationCryptanalysis of Some Double-Block-Length Hash Modes of Block Ciphers with n-bit Block and n-bit Key
Cryptanalyss of Some Double-Block-Length Hash Modes of Block Cphers wth n-bt Block and n-bt Key Deukjo Hong and Daesung Kwon Abstract In ths paper, we make attacks on DBL (Double-Block-Length) hash modes
More informationarxiv:quant-ph/ Jul 2002
Lnear optcs mplementaton of general two-photon proectve measurement Andrze Grudka* and Anton Wóck** Faculty of Physcs, Adam Mckewcz Unversty, arxv:quant-ph/ 9 Jul PXOWRZVNDR]QDRODQG Abstract We wll present
More informationarxiv: v1 [cs.cr] 22 Oct 2018
CRYPTOGRAPHIC ANALYSIS OF THE MODIFIED MATRIX MODULAR CRYPTOSYSTEM arxv:181109876v1 [cscr] 22 Oct 2018 VITALIĬ ROMAN KOV Abstract We show that the Modfed Matrx Modular Cryptosystem proposed by SK Rososhek
More informationIdentity-Set-based Broadcast Encryption supporting Cut-or-Select with Short Ciphertext
Identty-Set-based Broadcast Encrypton supportng Cut-or-Select wth Short Cphertext ABSTRACT Yan Zhu, Xn Wang, RuQ Guo Unversty of Scence and Technology Bejng zhuyan@ustb.edu.cn In ths paper we present an
More informationAn efficient algorithm for multivariate Maclaurin Newton transformation
Annales UMCS Informatca AI VIII, 2 2008) 5 14 DOI: 10.2478/v10065-008-0020-6 An effcent algorthm for multvarate Maclaurn Newton transformaton Joanna Kapusta Insttute of Mathematcs and Computer Scence,
More informationVARIATION OF CONSTANT SUM CONSTRAINT FOR INTEGER MODEL WITH NON UNIFORM VARIABLES
VARIATION OF CONSTANT SUM CONSTRAINT FOR INTEGER MODEL WITH NON UNIFORM VARIABLES BÂRZĂ, Slvu Faculty of Mathematcs-Informatcs Spru Haret Unversty barza_slvu@yahoo.com Abstract Ths paper wants to contnue
More informationLearning Theory: Lecture Notes
Learnng Theory: Lecture Notes Lecturer: Kamalka Chaudhur Scrbe: Qush Wang October 27, 2012 1 The Agnostc PAC Model Recall that one of the constrants of the PAC model s that the data dstrbuton has to be
More informationISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 1, July 2013
ISSN: 2277-375 Constructon of Trend Free Run Orders for Orthogonal rrays Usng Codes bstract: Sometmes when the expermental runs are carred out n a tme order sequence, the response can depend on the run
More informationIntroduction to information theory and data compression
Introducton to nformaton theory and data compresson Adel Magra, Emma Gouné, Irène Woo March 8, 207 Ths s the augmented transcrpt of a lecture gven by Luc Devroye on March 9th 207 for a Data Structures
More informationSecurity Vulnerability in Identity-Based Public Key Cryptosystems from Pairings
Internatonal Journal of Informaton and Educaton Technology Vol No 4 August 0 Securty Vulnerablty n Identty-Based ublc Key Cryptosystems from arngs Jyh-aw Yeh Abstract Many dentty-based lc key cryptosystems
More informationMAXIMUM A POSTERIORI TRANSDUCTION
MAXIMUM A POSTERIORI TRANSDUCTION LI-WEI WANG, JU-FU FENG School of Mathematcal Scences, Peng Unversty, Bejng, 0087, Chna Center for Informaton Scences, Peng Unversty, Bejng, 0087, Chna E-MIAL: {wanglw,
More informationThe Order Relation and Trace Inequalities for. Hermitian Operators
Internatonal Mathematcal Forum, Vol 3, 08, no, 507-57 HIKARI Ltd, wwwm-hkarcom https://doorg/0988/mf088055 The Order Relaton and Trace Inequaltes for Hermtan Operators Y Huang School of Informaton Scence
More informationCalculation of time complexity (3%)
Problem 1. (30%) Calculaton of tme complexty (3%) Gven n ctes, usng exhaust search to see every result takes O(n!). Calculaton of tme needed to solve the problem (2%) 40 ctes:40! dfferent tours 40 add
More informationSimple SK-ID-KEM 1. 1 Introduction
1 Simple SK-ID-KEM 1 Zhaohui Cheng School of Computing Science, Middlesex University The Burroughs, Hendon, London, NW4 4BT, United Kingdom. m.z.cheng@mdx.ac.uk Abstract. In 2001, Boneh and Franklin presented
More informationResearch on State Collisions of Authenticated Cipher ACORN
4th Internatonal Conference on Sensors, Measurement and Intellgent Materals (ICSMIM 2015) Research on State Collsons of Authentcated Cpher ACORN Pe Zhanga*, Je Guanb, Junzh Lc and Tarong Shd Informaton
More informationMMA and GCMMA two methods for nonlinear optimization
MMA and GCMMA two methods for nonlnear optmzaton Krster Svanberg Optmzaton and Systems Theory, KTH, Stockholm, Sweden. krlle@math.kth.se Ths note descrbes the algorthms used n the author s 2007 mplementatons
More informationApplication of Nonbinary LDPC Codes for Communication over Fading Channels Using Higher Order Modulations
Applcaton of Nonbnary LDPC Codes for Communcaton over Fadng Channels Usng Hgher Order Modulatons Rong-Hu Peng and Rong-Rong Chen Department of Electrcal and Computer Engneerng Unversty of Utah Ths work
More informationPower law and dimension of the maximum value for belief distribution with the max Deng entropy
Power law and dmenson of the maxmum value for belef dstrbuton wth the max Deng entropy Bngy Kang a, a College of Informaton Engneerng, Northwest A&F Unversty, Yanglng, Shaanx, 712100, Chna. Abstract Deng
More informationCircular chosen-ciphertext security with compact ciphertexts
Crcular chosen-cphertext securty wth compact cphertexts Denns Hofhenz January 19, 2013 Abstract A key-dependent message (KDM secure encrypton scheme s secure even f an adversary obtans encryptons of messages
More informationLecture 3: Shannon s Theorem
CSE 533: Error-Correctng Codes (Autumn 006 Lecture 3: Shannon s Theorem October 9, 006 Lecturer: Venkatesan Guruswam Scrbe: Wdad Machmouch 1 Communcaton Model The communcaton model we are usng conssts
More informationEfficient Ring Signatures Without Random Oracles
Effcent Rng Sgnatures Wthout Random Oracles Hovav Shacham hovav.shacham@wezmann.ac.l Brent Waters bwaters@csl.sr.com Abstract We descrbe the frst effcent rng sgnature scheme secure, wthout random oracles,
More informationOutline. Communication. Bellman Ford Algorithm. Bellman Ford Example. Bellman Ford Shortest Path [1]
DYNAMIC SHORTEST PATH SEARCH AND SYNCHRONIZED TASK SWITCHING Jay Wagenpfel, Adran Trachte 2 Outlne Shortest Communcaton Path Searchng Bellmann Ford algorthm Algorthm for dynamc case Modfcatons to our algorthm
More informationStanford University CS254: Computational Complexity Notes 7 Luca Trevisan January 29, Notes for Lecture 7
Stanford Unversty CS54: Computatonal Complexty Notes 7 Luca Trevsan January 9, 014 Notes for Lecture 7 1 Approxmate Countng wt an N oracle We complete te proof of te followng result: Teorem 1 For every
More informationPractical and Secure Solutions for Integer Comparison (Extended Abstract)
Practcal and Secure Solutons for Integer Comparson (Extended Abstract) Juan Garay 1, erry Schoenmakers 2, and José Vllegas 2 1 ell Labs Lucent Technologes, 600 Mountan Ave., Murray Hll, NJ 07974 garay@research.bell-labs.com
More informationPractical Attribute-Based Encryption: Traitor Tracing, Revocation, and Large Universe
Practcal Attrbute-Based Encrypton: Trator Tracng, Revocaton, and Large Unverse Zhen Lu 1 and Duncan S Wong 2 1 Cty Unversty of Hong Kong, Hong Kong SAR, Chna zhenlu7-c@myctyueduhk 2 Securty and Data Scences,
More informationPost-quantum Key Exchange Protocol Using High Dimensional Matrix
Post-quantum Key Exchange Protocol Usng Hgh Dmensonal Matrx Rchard Megrelshvl I. J. Tbls State Unversty rchard.megrelshvl@tsu.ge Melksadeg Jnkhadze Akak Tseretel State Unversty Kutas, Georga mn@yahoo.com
More informationHomomorphic Trapdoor Commitments to Group Elements
Homomorphc Trapdoor Commtments to Group Elements Jens Groth Unversty College London j.groth@ucl.ac.uk Abstract We present homomorphc trapdoor commtments to group elements. In contrast, prevous homomorphc
More informationAPPENDIX A Some Linear Algebra
APPENDIX A Some Lnear Algebra The collecton of m, n matrces A.1 Matrces a 1,1,..., a 1,n A = a m,1,..., a m,n wth real elements a,j s denoted by R m,n. If n = 1 then A s called a column vector. Smlarly,
More informationHIBE with Polynomially Many Levels
HIBE wth Polynomally Many Levels Crag Gentry (Stanford & IBM Sha Halev (IBM Abstract We present the frst herarchcal dentty based encrypton (HIBE system that has full securty for more than a constant number
More informationThe Minimum Universal Cost Flow in an Infeasible Flow Network
Journal of Scences, Islamc Republc of Iran 17(2): 175-180 (2006) Unversty of Tehran, ISSN 1016-1104 http://jscencesutacr The Mnmum Unversal Cost Flow n an Infeasble Flow Network H Saleh Fathabad * M Bagheran
More informationLecture Space-Bounded Derandomization
Notes on Complexty Theory Last updated: October, 2008 Jonathan Katz Lecture Space-Bounded Derandomzaton 1 Space-Bounded Derandomzaton We now dscuss derandomzaton of space-bounded algorthms. Here non-trval
More information18.1 Introduction and Recap
CS787: Advanced Algorthms Scrbe: Pryananda Shenoy and Shjn Kong Lecturer: Shuch Chawla Topc: Streamng Algorthmscontnued) Date: 0/26/2007 We contnue talng about streamng algorthms n ths lecture, ncludng
More informationU.C. Berkeley CS294: Spectral Methods and Expanders Handout 8 Luca Trevisan February 17, 2016
U.C. Berkeley CS94: Spectral Methods and Expanders Handout 8 Luca Trevsan February 7, 06 Lecture 8: Spectral Algorthms Wrap-up In whch we talk about even more generalzatons of Cheeger s nequaltes, and
More informationShort Pairing-based Non-interactive Zero-Knowledge Arguments
Short Parng-based Non-nteractve Zero-Knowledge Arguments Jens Groth Unversty College London j.groth@ucl.ac.uk October 26, 2010 Abstract. We construct non-nteractve zero-knowledge arguments for crcut satsfablty
More informationHardening the ElGamal Cryptosystem in the Setting of the Second Group of Units
54 The Internatonal Arab Journal of Informaton Technology, Vol., o. 5, September 204 Hardenng the ElGamal Cryptosystem n the Settng of the Second Group of Unts Ramz Haraty, Abdulasser ElKassar, and Suzan
More informationExpressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts
Expressve Key-Polcy Attrbute-Based Encrypton wth Constant-Sze Cphertexts Nuttapong Attrapadung 1, Benoît Lbert 2, and Ele de Panafeu 3 1 Research Center for Informaton Securty, AIST Japan) 2 Unversté catholque
More informationLecture Notes on Linear Regression
Lecture Notes on Lnear Regresson Feng L fl@sdueducn Shandong Unversty, Chna Lnear Regresson Problem In regresson problem, we am at predct a contnuous target value gven an nput feature vector We assume
More informationA Robust Method for Calculating the Correlation Coefficient
A Robust Method for Calculatng the Correlaton Coeffcent E.B. Nven and C. V. Deutsch Relatonshps between prmary and secondary data are frequently quantfed usng the correlaton coeffcent; however, the tradtonal
More informationA new Approach for Solving Linear Ordinary Differential Equations
, ISSN 974-57X (Onlne), ISSN 974-5718 (Prnt), Vol. ; Issue No. 1; Year 14, Copyrght 13-14 by CESER PUBLICATIONS A new Approach for Solvng Lnear Ordnary Dfferental Equatons Fawz Abdelwahd Department of
More informationGeneralized Key Delegation for Hierarchical Identity-Based Encryption
A prelmnary verson of ths paper appears n the proceedngs of ESORICS 2007, Lecture Notes n Computer Scence Vol.????, Sprnger-Verlag, 2007. Ths s the full verson. Generalzed Key Delegaton for Herarchcal
More informationMessage modification, neutral bits and boomerangs
Message modfcaton, neutral bts and boomerangs From whch round should we start countng n SHA? Antone Joux DGA and Unversty of Versalles St-Quentn-en-Yvelnes France Jont work wth Thomas Peyrn 1 Dfferental
More informationLecture 3 January 31, 2017
CS 224: Advanced Algorthms Sprng 207 Prof. Jelan Nelson Lecture 3 January 3, 207 Scrbe: Saketh Rama Overvew In the last lecture we covered Y-fast tres and Fuson Trees. In ths lecture we start our dscusson
More informationProblem Set 9 Solutions
Desgn and Analyss of Algorthms May 4, 2015 Massachusetts Insttute of Technology 6.046J/18.410J Profs. Erk Demane, Srn Devadas, and Nancy Lynch Problem Set 9 Solutons Problem Set 9 Solutons Ths problem
More informationDecoding of the Triple-Error-Correcting Binary Quadratic Residue Codes
Automatc Control and Informaton Scences, 04, Vol., No., 7- Avalable onlne at http://pubs.scepub.com/acs/// Scence and Educaton Publshng DOI:0.69/acs--- Decodng of the rple-error-correctng Bnary Quadratc
More informationConfined Guessing: New Signatures From Standard Assumptions
Confned Guessng: New Sgnatures From Standard Assumptons Floran Böhl 1, Denns Hofhenz 1, Tbor Jager 2, Jessca Koch 1, and Chrstoph Strecks 1 1 Karlsruhe Insttute of Technology, Germany, {floran.boehl,denns.hofhenz,jessca.koch,chrstoph.strecks}@kt.edu
More informationInvertible Universal Hashing and the TET Encryption Mode
Invertble Unversal Hashng and the TET Encrypton Mode Sha Halev IBM T.J. Watson Research Center, Hawthorne, NY 10532, USA shah@alum.mt.edu May 24, 2007 Abstract Ths work descrbes a mode of operaton, TET,
More informationHashing. Alexandra Stefan
Hashng Alexandra Stefan 1 Hash tables Tables Drect access table (or key-ndex table): key => ndex Hash table: key => hash value => ndex Man components Hash functon Collson resoluton Dfferent keys mapped
More informationAlgebraic partitioning: Fully compact and (almost) tightly secure cryptography
Algebrac parttonng: Fully compact and (almost) tghtly secure cryptography Denns Hofhenz October 12, 2015 Abstract We descrbe a new technque for conductng parttonng arguments. Parttonng arguments are a
More informationExploring Naccache-Stern Knapsack Encryption
Explorng Naccache-Stern Knapsack Encrypton Érc Brer 1, Rém Géraud 2, and Davd Naccache 2 1 Ingenco Termnals 9 Avenue de la Gare f-26300 Alxan, France erc.brer@ngenco.com 2 École normale supéreure 45 rue
More informationChapter 5. Solution of System of Linear Equations. Module No. 6. Solution of Inconsistent and Ill Conditioned Systems
Numercal Analyss by Dr. Anta Pal Assstant Professor Department of Mathematcs Natonal Insttute of Technology Durgapur Durgapur-713209 emal: anta.bue@gmal.com 1 . Chapter 5 Soluton of System of Lnear Equatons
More informationSimultaneous Optimization of Berth Allocation, Quay Crane Assignment and Quay Crane Scheduling Problems in Container Terminals
Smultaneous Optmzaton of Berth Allocaton, Quay Crane Assgnment and Quay Crane Schedulng Problems n Contaner Termnals Necat Aras, Yavuz Türkoğulları, Z. Caner Taşkın, Kuban Altınel Abstract In ths work,
More informationHigh-Speed Decoding of the Binary Golay Code
Hgh-Speed Decodng of the Bnary Golay Code H. P. Lee *1, C. H. Chang 1, S. I. Chu 2 1 Department of Computer Scence and Informaton Engneerng, Fortune Insttute of Technology, Kaohsung 83160, Tawan *hpl@fotech.edu.tw
More informationAn Efficient Certificate-based Verifiable Encrypted Signature Scheme Without Pairings
Send Orders for Reprnts to reprnts@benthamscence.ae The Open Cybernetcs & Systemcs Journal, 014, 8, 39-47 39 Open ccess n Effcent Certfcate-based Verfable Encrypted Sgnature Scheme Wthout Parngs Rufen
More informationResource Allocation with a Budget Constraint for Computing Independent Tasks in the Cloud
Resource Allocaton wth a Budget Constrant for Computng Independent Tasks n the Cloud Wemng Sh and Bo Hong School of Electrcal and Computer Engneerng Georga Insttute of Technology, USA 2nd IEEE Internatonal
More informationLinearly Homomorphic Structure-Preserving Signatures and Their Applications
Lnearly Homomorphc Structure-Preservng Sgnatures and Ther Applcatons Benoît Lbert 1, Thomas Peters 2, Marc Joye 1, and Mot Yung 3 1 Techncolor (France) 2 Unversté catholque de Louvan, Crypto Group (Belgum)
More information