Identity-Based Online/Offline Encryption
|
|
- Joanna Bryan
- 5 years ago
- Views:
Transcription
1 Fuchun Guo 2 Yi Mu 1 Zhide Chen 2 1 University of Wollongong, Australia ymu@uow.edu.au 2 Fujian Normal University, Fuzhou, China fuchunguo1982@gmail.com Outline
2 Identity-based Encryption Review Identity-based Encryption IBE The notion was first proposed in 1984 by Shamir and there have been many efficient schemes since 2001, e.g., Boneh-Franklin IBE in 2001; Boneh-Boyen IBE in 2004; Waters IBE in 2005; Gentry IBE in 2006; Simply the certificate management The public key is a piece of public information such as address, ID number or telephone number The private key is computed by the private key generator PKG Encryption When Alice wants to send some sensitive data m to Bob, for secure, she must encrypt it first in a secure encryption system. E.g.: A secure Identity-based Encryption system. Cm = E Bob m Alice Bob
3 Encryption in a untrusted environment When Alice is home, she may just store the data in her secure PC. When Alice is outside, she may store her data in a convenient device with a limited computation power, such as a smartcard. The encryption must be achieved in the smartcard which is not powerful enough for efficient encryption Need a better IBE A more suitable identity-based encryption system for smartcard application should satisfy the property: Part of the encryption process can be performed prior to knowing the data item and the public key of the recipient. The real encryption process is very quick once the data item and the ID are known.
4 IBOOE The encryption can be divided into two phases: Offline Phase: Pre-computation before the data item and the public key are known. Online Phase: Very efficient encryption after the data item and the public key are presented. Unfortunately... All previously published IBE schemes do not accommodate this feature Computation depends on the public key Cannot be naturally slitted into efficient online/offline phases
5 Our Contribution 1 We propose two IBOOE schemes from the two previous IBE schemes. Boneh-Boyen IBE: secure in the selective-id model Gentry IBE: secure in the standard model 2 The computation in the online phase of our IBOOE is very efficient Boneh-Boyen IBE We only show its CPA construction for simplicity. Let e : G G G T be the bilinear map, G, G T be two cyclic groups of order p and g be the corresponding generator in G. Setup: The system parameters are generated as follow. Choose at random a secret a Z p, choose g, g 2, h 1 randomly from G, and set the value g 1 = g a. The master public params and master secret key K are, respectively, params = g, g 1, g 2, h 1, K = g2 a.
6 Boneh-Boyen IBE KeyGen: To generate a private key for ID Z p, pick a random r Z p and output d ID = d 1, d 2 = g2 a h 1g1 ID r, g r Encrypt: General Encryption: Given a message m G T and the public key ID Z p, randomly choose s Z p, and output the ciphertext C µ = h 1 g1 ID s, g s, eg 1, g 2 s m = c 1, c 2, c 3 Natural" Online/offline Encryption Let s try to separate it into online and offline phases naturally": Offline encryption: randomly choose s Z p and output C of = h1 s, gs 1, gs, eg 1, g 2 s. Store the offline parameters C of for the online phase. Online encryption: given m G T and ID Z p, and output C on = h 1 gs s 1 ID, eg 1, g 2 s m. The ciphertext for ID is C ν and C ν = h 1 g1 ID s, g s, eg 1, g 2 s m.
7 Offline encryption: choose α,β, s Z p and output C of = h 1 g1 α s, g sβ 1, gs, eg 1, g 2 s. Store C of, α, β 1 for the online phase. Online encryption: given m G T and ID Z p, and output C on = β 1 ID α, eg 1, g 2 s m. The ciphertext for ID is C ν, and C ν = h 1 g1 α s, g sβ 1, β 1 ID α, g s, eg 1, g 2 s m Decryption From Original Encryption: C µ = h 1 g1 ID s, g s, eg 1, g 2 s m From Natural" Online/offline Encryption: C ν = h 1 g1 ID s, g s, eg 1, g 2 s m.
8 Decryption C ν = h 1 g1 α s, g sβ 1, β 1 ID α, g s, eg 1, g 2 s m. h 1 g1 α s g sβ ID α 1 β 1 = h 1 g1 ID s C ν C µ = h 1 g1 ID s, g s, eg 1, g 2 s m Therefore, the decryption of these three schemes is the same. Analysis Natural" Online/offline Encryption Online Phase: C on = h 1 gs s 1 ID, eg 1, g 2 s m. The cost is one exponentiation + two multiplications Online Phase: C on = β 1 ID α, eg 1, g 2 s m. The cost is one modular computation + one multiplication
9 CCA secure The Boneh-Boyen IBE uses one-time strong signature scheme to achieve CCA secure. We can choose a proper signature scheme, such as Boneh-Boyen short signature, so that we can divide it into online/offline signature and the cost on online phase is only one modular computation. Analysis CCA Natural" Online/offline Encryption Online Phase: C on = h 1 gs s 1 ID, eg 1, g 2 s m, σ on The cost is one exponentiation + two multiplications +one modular computation Online Phase: C on = β 1 ID α, eg 1, g 2 s m, σ on The cost is two modular computations + one multiplication
10 Gentry IBE Let e : G G G T be the bilinear map, G, G T be two cyclic groups of order p and g be the corresponding generator in G. Setup: Choose at random a secret a Z p, choose g, h 1, h 2, h 3 randomly from G, and set the value g 1 = g a G. Choose a secure hash function H : {0, 1} Z p. The master public params and the master secret key K are params = g, g 1, h 1, h 2, h 3, H, K = a. KeyGen KeyGen: To generate a private key for ID Z p, pick random r ID,i Z p for i = 1, 2, 3, and output { d ID = r ID,i, h ID,i : i = 1, 2, 3 }, where h ID,i = h i g r ID,i 1 a ID. If ID = a, abort. It requires the same random values r ID,i for ID.
11 Encryption Encryption: General Encryption: Given a message m G T and the public key ID Z p, randomly choose s Z p and output the ciphertext C µ = g1 s g sid, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sh c = c 1, c 2, c 3, c 4 where H c = Hc 1, c 2, c 3 Z p. Natural" Online/offline Encryption Offline encryption: randomly choose s Z p, and output C of = g s 1, g s, eg, g s, eg, h 1 s, eg, h 2 s, eg, h 3 s. Store the offline parameters C of for the online phase. Online encryption: given m G T and ID Z p, and output C on = g 1 g s s ID, eg, h 1 s m, eg, h 2 s eg, h 3 s H c, where the computation of H c is the same as the general encryption and the ciphertext for ID is C ν = g1 s g sid, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sh c.
12 Offline Encryption: Choose α,β, γ, θ, s Z p, and output C of = g1 s g sα, g sβ, eg, g s, eg, h 1 s, eg, h 2 s eg, h 3 sγ, eg, h 3 sθ Store C of, α, β 1, γ, θ 1 for the online computation. Online Encryption: Given m G T and ID Z p, output C on = β 1 α ID, eg, h 1 s m, θ 1 H c γ, where H c is the hash value of all elements and C ν is C ν = g1 s g sα, g sβ, β 1 α ID, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sγ, eg, h 3 sθ, θ 1 H c γ. Decryption General Encryption: C µ = g1 s g sid, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sh c Natural Online/offline Encryption C ν = g1 s g sid, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sh c
13 Decryption C ν = g1 s g sα, g sβ, β 1 α ID, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sγ, eg, h 3 sθ, θ 1 H c γ. g s 1 g sα g sβ β 1 α ID = g s 1 g sid eg, h 2 s eg, h 3 sγ eg, h 3 sθ θ 1 H c γ = eg, h 2 s eg, h 3 sh c C ν g1 s g sid, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sh c Therefore, the decryptions for all three are the same. Analysis Natural Online/offline Encryption Online Phase: C on = g s 1 g s ID, eg, h 1 s m, eg, h 2 s eg, h 3 s H c The cost is two exponentiations + three multiplications Online Phase: C on = β 1 α ID, eg, h 1 s m, θ 1 H c γ. The cost is two modular computations + one multiplication.
14 The proof for the two schemes are similar, we just take the IBOOE based on Gentry IBE as the example. Private Key Encryption Decryption Gentry IBE & IBOOE same different actually same Therefore, we just show that the simulator can simulate the challenge ciphertext C ν for IBOOE from the challenge ciphertext C µ for Gentry IBE. Ciphertext Gentry IBE C µ = g1 s g sid, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sh c C ν = g1 s g sα, g sβ, β 1 α ID, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sγ, eg, h 3 sθ, θ 1 H c γ.
15 Simulation Gentry IBE IBOOE g1 sg sid g1 sg sα, g sβ, β 1 α ID Given g1 sg sid, randomly choose k 1, k 2 Z p and output g1 sg sα g sβ β 1 α ID g k 1 s 1 1 g sid k 1 +k 2 g1 sg sid k 1 +k 2 k 2 Analysis g s 1 g sid k 1 k 1 +k 2 g s 1 g sid 1 k 1 +k 2 k 2 Let α = k 1ID+k 2 a k 1 +k 2, β = a ID k 1 +k 2, we have g k 1 s 1 1 g sid k 1 +k 2 g1 sg sid k 1 +k 2 k 2 g1 sg sα g sβ β 1 α ID
16 Simulation Gentry IBE IBOOE eg, h 2 s eg, h 3 sh c eg, h 2 s eg, h 3 sγ, eg, h 3 sθ, θ 1 H c γ In Gentry IBE, the simulator can simulate eg, h 2 s eg, h 3 sh c because it can simulate eg, h 2 s, eg, h 3 s and H c. Therefore, randomly choose γ,θ Z p, we can simulate eg, h 2 s eg, h 3 sγ, eg, h 3 sθ, θ 1 H c γ from eg, h 2 s, eg, h 3 s and H c too. Analysis Gentry IBE C µ = g1 s g sid, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sh c C ν = g1 s g sα, g sβ, β 1 α ID, eg, g s, eg, h 1 s m, eg, h 2 s eg, h 3 sγ, eg, h 3 sθ, θ 1 H c γ. 1 We can simulate IBOOE based on the simulation of Gentry IBE without any additional requirements. 2 Therefore, IBOOE achieve the same leave of security to Gentry IBE.
17 Comparison E: the exponentiation in G; M: the multiplication in G; m: the modular computation in Z p. Scheme Boneh-Boyen IBOOE Gentry IBOOE Online natural 1E+2M+1m 2E+3M Online ours 1M+2m 1M+2m When the data is pre-encrypted in the offline phase, the online phase can be much more efficient and requires only one modular computation. 1 We introduced a new notion of Identity-Based Online/offline Encryption IBOOE. 2 IBOOE schemes are useful where the computational power of a device is limited. 3 We presented two IBOOE schemes based on two existing IBE schemes, such that online encryption is extremely efficient.
An efficient variant of Boneh-Gentry-Hamburg's identity-based encryption without pairing
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2015 An efficient variant of Boneh-Gentry-Hamburg's
More informationID-based Encryption Scheme Secure against Chosen Ciphertext Attacks
ID-based Encryption Scheme Secure against Chosen Ciphertext Attacks ongxing Lu and Zhenfu Cao Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200030, P.. China {cao-zf,
More informationGentry IBE Paper Reading
Gentry IBE Paper Reading Y. Jiang 1 1 University of Wollongong September 5, 2014 Literature Craig Gentry. Practical Identity-Based Encryption Without Random Oracles. Advances in Cryptology - EUROCRYPT
More informationLecture 7: Boneh-Boyen Proof & Waters IBE System
CS395T Advanced Cryptography 2/0/2009 Lecture 7: Boneh-Boyen Proof & Waters IBE System Instructor: Brent Waters Scribe: Ioannis Rouselakis Review Last lecture we discussed about the Boneh-Boyen IBE system,
More informationPractical Hierarchical Identity Based Encryption and Signature schemes Without Random Oracles
Practical Hierarchical Identity Based Encryption and Signature schemes Without Random Oracles Man Ho Au 1, Joseph K. Liu 2, Tsz Hon Yuen 3, and Duncan S. Wong 4 1 Centre for Information Security Research
More informationA Strong Identity Based Key-Insulated Cryptosystem
A Strong Identity Based Key-Insulated Cryptosystem Jin Li 1, Fangguo Zhang 2,3, and Yanming Wang 1,4 1 School of Mathematics and Computational Science, Sun Yat-sen University, Guangzhou, 510275, P.R.China
More informationLecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security
Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security Boaz Barak November 21, 2007 Cyclic groups and discrete log A group G is cyclic if there exists a generator
More informationSearchable encryption & Anonymous encryption
Searchable encryption & Anonymous encryption Michel Abdalla ENS & CNS February 17, 2014 MPI - Course 2-12-1 Michel Abdalla (ENS & CNS) Searchable encryption & Anonymous encryption February 17, 2014 1 /
More informationSecure and Practical Identity-Based Encryption
Secure and Practical Identity-Based Encryption David Naccache Groupe de Cyptographie, Deṕartement d Informatique École Normale Supérieure 45 rue d Ulm, 75005 Paris, France david.nacache@ens.fr Abstract.
More informationOn the security of Jhanwar-Barua Identity-Based Encryption Scheme
On the security of Jhanwar-Barua Identity-Based Encryption Scheme Adrian G. Schipor aschipor@info.uaic.ro 1 Department of Computer Science Al. I. Cuza University of Iași Iași 700506, Romania Abstract In
More informationIdentity-based encryption
Identity-based encryption Michel Abdalla ENS & CNRS MPRI - Course 2-12-1 Michel Abdalla (ENS & CNRS) Identity-based encryption 1 / 43 Identity-based encryption (IBE) Goal: Allow senders to encrypt messages
More informationApplied cryptography
Applied cryptography Identity-based Cryptography Andreas Hülsing 19 November 2015 1 / 37 The public key problem How to obtain the correct public key of a user? How to check its authenticity? General answer:
More informationVerifiable Security of Boneh-Franklin Identity-Based Encryption. Federico Olmedo Gilles Barthe Santiago Zanella Béguelin
Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe Santiago Zanella Béguelin IMDEA Software Institute, Madrid, Spain 5 th International Conference on Provable
More informationEfficient Identity-based Encryption Without Random Oracles
Efficient Identity-based Encryption Without Random Oracles Brent Waters Weiwei Liu School of Computer Science and Software Engineering 1/32 Weiwei Liu Efficient Identity-based Encryption Without Random
More informationEfficient Identity-Based Encryption Without Random Oracles
Efficient Identity-Based Encryption Without Random Oracles Brent Waters Abstract We present the first efficient Identity-Based Encryption (IBE) scheme that is fully secure without random oracles. We first
More informationAn Introduction to Pairings in Cryptography
An Introduction to Pairings in Cryptography Craig Costello Information Security Institute Queensland University of Technology INN652 - Advanced Cryptology, October 2009 Outline 1 Introduction to Pairings
More informationREMARKS ON IBE SCHEME OF WANG AND CAO
REMARKS ON IBE SCEME OF WANG AND CAO Sunder Lal and Priyam Sharma Derpartment of Mathematics, Dr. B.R.A.(Agra), University, Agra-800(UP), India. E-mail- sunder_lal@rediffmail.com, priyam_sharma.ibs@rediffmail.com
More informationRecent Advances in Identity-based Encryption Pairing-free Constructions
Fields Institute Workshop on New Directions in Cryptography 1 Recent Advances in Identity-based Encryption Pairing-free Constructions Kenny Paterson kenny.paterson@rhul.ac.uk June 25th 2008 Fields Institute
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationPublic-Key Cryptography. Public-Key Certificates. Public-Key Certificates: Use
Public-Key Cryptography Tutorial on Dr. Associate Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur http://cse.iitkgp.ac.in/ abhij/ January 30, 2017 Short
More informationMulti-key Hierarchical Identity-Based Signatures
Multi-key Hierarchical Identity-Based Signatures Hoon Wei Lim Nanyang Technological University 9 June 2010 Outline 1 Introduction 2 Preliminaries 3 Multi-key HIBS 4 Security Analysis 5 Discussion 6 Open
More informationG Advanced Cryptography April 10th, Lecture 11
G.30-001 Advanced Cryptography April 10th, 007 Lecturer: Victor Shoup Lecture 11 Scribe: Kristiyan Haralambiev We continue the discussion of public key encryption. Last time, we studied Hash Proof Systems
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationRemove Key Escrow from The Identity-Based Encryption System
Remove Key Escrow from The Identity-Based Encryption System Zhaohui Cheng, Richard Comley and Luminita Vasiu School of Computing Science, Middlesex University, White Hart Lane, London N17 8HR, UK. {m.z.cheng,r.comley,l.vasiu}@mdx.ac.uk
More informationBoneh-Franklin Identity Based Encryption Revisited
Boneh-Franklin Identity Based Encryption Revisited David Galindo Institute for Computing and Information Sciences Radboud University Nijmegen P.O.Box 9010 6500 GL, Nijmegen, The Netherlands. d.galindo@cs.ru.nl
More informationOutline. The Game-based Methodology for Computational Security Proofs. Public-Key Cryptography. Outline. Introduction Provable Security
The Game-based Methodology for Computational s David Pointcheval Ecole normale supérieure, CNRS & INRIA Computational and Symbolic Proofs of Security Atagawa Heights Japan April 6th, 2009 1/39 2/39 Public-Key
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationOn (Hierarchical) Identity Based Encryption Protocols with Short Public Parameters (With an Exposition of Waters Artificial Abort Technique)
On (Hierarchical) Identity Based Encryption Protocols with Short Public Parameters (With an Exposition of Waters Artificial Abort Technique) Sanjit Chatterjee and Palash Sarkar Applied Statistics Unit
More informationEfficient Selective Identity-Based Encryption Without Random Oracles
Efficient Selective Identity-Based Encryption Without Random Oracles Dan Boneh Xavier Boyen March 21, 2011 Abstract We construct two efficient Identity-Based Encryption (IBE) systems that admit selectiveidentity
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationCS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing
Lecture 11: Key Management, Secret Sharing Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Key Management Secret Sharing Shamir s Threshold
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationToward Hierarchical Identity-Based Encryption
Toward Hierarchical Identity-Based Encryption Jeremy Horwitz and Ben Lynn Stanford University, Stanford, CA 94305, USA, {horwitz blynn}@cs.stanford.edu Abstract. We introduce the concept of hierarchical
More informationPairing-Based Cryptography An Introduction
ECRYPT Summer School Samos 1 Pairing-Based Cryptography An Introduction Kenny Paterson kenny.paterson@rhul.ac.uk May 4th 2007 ECRYPT Summer School Samos 2 The Pairings Explosion Pairings originally used
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationDigital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay
Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay July 24, 2018 1 / 29 Group Theory Recap Groups Definition A set
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationSecurity Analysis of an Identity-Based Strongly Unforgeable Signature Scheme
Security Analysis of an Identity-Based Strongly Unforgeable Signature Scheme Kwangsu Lee Dong Hoon Lee Abstract Identity-based signature (IBS) is a specific type of public-key signature (PKS) where any
More informationIntroduction to Elliptic Curve Cryptography
Indian Statistical Institute Kolkata May 19, 2017 ElGamal Public Key Cryptosystem, 1984 Key Generation: 1 Choose a suitable large prime p 2 Choose a generator g of the cyclic group IZ p 3 Choose a cyclic
More informationSimple SK-ID-KEM 1. 1 Introduction
1 Simple SK-ID-KEM 1 Zhaohui Cheng School of Computing Science, Middlesex University The Burroughs, Hendon, London, NW4 4BT, United Kingdom. m.z.cheng@mdx.ac.uk Abstract. In 2001, Boneh and Franklin presented
More informationIdentity Based Encryption
Bilinear Pairings in Cryptography: Identity Based Encryption Dan Boneh Stanford University Recall: Pub-Key Encryption (PKE) PKE Three algorithms : (G, E, D) G(λ) (pk,sk) outputs pub-key and secret-key
More informationEfficient chosen ciphertext secure identity-based encryption against key leakage attacks
SECURITY AND COMMUNICATION NETWORKS Security Comm Networks 26; 9:47 434 Published online 2 February 26 in Wiley Online Library (wileyonlinelibrarycom) DOI: 2/sec429 RESEARCH ARTICLE Efficient chosen ciphertext
More informationSecure Certificateless Public Key Encryption without Redundancy
Secure Certificateless Public Key Encryption without Redundancy Yinxia Sun and Futai Zhang School of Mathematics and Computer Science Nanjing Normal University, Nanjing 210097, P.R.China Abstract. Certificateless
More informationConditional Proxy Broadcast Re-Encryption
Conditional Proxy Broadcast Re-Encryption Cheng-Kang Chu 1, Jian Weng 1,2, Sherman S.M. Chow 3, Jianying Zhou 4, and Robert H. Deng 1 1 School of Information Systems Singapore Management University, Singapore
More informationNew Framework for Secure Server-Designation Public Key Encryption with Keyword Search
New Framework for Secure Server-Designation Public Key Encryption with Keyword Search Xi-Jun Lin,Lin Sun and Haipeng Qu April 1, 2016 Abstract: Recently, a new framework, called secure server-designation
More informationPost-quantum security models for authenticated encryption
Post-quantum security models for authenticated encryption Vladimir Soukharev David R. Cheriton School of Computer Science February 24, 2016 Introduction Bellare and Namprempre in 2008, have shown that
More informationGeneric construction of (identity-based) perfect concurrent signatures
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2005 Generic construction of (identity-based) perfect concurrent signatures
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationCryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05
Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05 Fangguo Zhang 1 and Xiaofeng Chen 2 1 Department of Electronics and Communication Engineering, Sun Yat-sen
More informationCertificateless Signcryption without Pairing
Certificateless Signcryption without Pairing Wenjian Xie Zhang Zhang College of Mathematics and Computer Science Guangxi University for Nationalities, Nanning 530006, China Abstract. Certificateless public
More informationPairing-Based Cryptographic Protocols : A Survey
Pairing-Based Cryptographic Protocols : A Survey Ratna Dutta, Rana Barua and Palash Sarkar Cryptology Research Group Stat-Math and Applied Statistics Unit 203, B. T. Road, Kolkata India 700108 e-mail :{ratna
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationFully Homomorphic Encryption
Fully Homomorphic Encryption Thomas PLANTARD Universiy of Wollongong - thomaspl@uow.edu.au Plantard (UoW) FHE 1 / 24 Outline 1 Introduction Privacy Homomorphism Applications Timeline 2 Gentry Framework
More informationCryptography from Pairings
DIAMANT/EIDMA Symposium, May 31st/June 1st 2007 1 Cryptography from Pairings Kenny Paterson kenny.paterson@rhul.ac.uk May 31st 2007 DIAMANT/EIDMA Symposium, May 31st/June 1st 2007 2 The Pairings Explosion
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationIdentity-Based Authenticated Asymmetric Group Key Agreement Protocol
Identity-Based Authenticated Asymmetric Group Key Agreement Protocol Lei Zhang, Qianhong Wu,2, Bo Qin,3, Josep Domingo-Ferrer Universitat Rovira i Virgili, Dept of Comp Eng and Maths UNESCO Chair in Data
More informationType-based Proxy Re-encryption and its Construction
Type-based Proxy Re-encryption and its Construction Qiang Tang Faculty of EWI, University of Twente, the Netherlands q.tang@utwente.nl Abstract. Recently, the concept of proxy re-encryption has been shown
More informationLecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures
Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures Boaz Barak November 27, 2007 Quick review of homework 7 Existence of a CPA-secure public key encryption scheme such that oracle
More informationFixed Argument Pairings
craig.costello@qut.edu.au Queensland University of Technology LatinCrypt 2010 Puebla, Mexico Joint work with Douglas Stebila Pairings A mapping e : G 1 G 2 G T : P G 1, Q G 2 and e(p, Q) G T : groups are
More informationRSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen
RSA-256bit 數位電路實驗 TA: 吳柏辰 Author: Trumen Outline Introduction to Cryptography RSA Algorithm Montgomery Algorithm for RSA-256 bit 2 Introduction to Cryptography 3 Communication Is Insecure Alice Bob Paparazzi
More informationHierarchical identity-based encryption
Hierarchical identity-based encryption Michel Abdalla ENS & CNS September 26, 2011 MPI - Course 2-12-1 Lecture 3 - Part 1 Michel Abdalla (ENS & CNS) Hierarchical identity-based encryption September 26,
More informationDual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More
Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More Nuttapong Attrapadung (Nuts) AIST, Japan @Eurocrypt 2014, Copenhagen
More informationCryptology. Scribe: Fabrice Mouhartem M2IF
Cryptology Scribe: Fabrice Mouhartem M2IF Chapter 1 Identity Based Encryption from Learning With Errors In the following we will use this two tools which existence is not proved here. The first tool description
More information10 Modular Arithmetic and Cryptography
10 Modular Arithmetic and Cryptography 10.1 Encryption and Decryption Encryption is used to send messages secretly. The sender has a message or plaintext. Encryption by the sender takes the plaintext and
More informationEXAM IN. TDA352 (Chalmers) - DIT250 (GU) 12 January 2018, 08:
CHALMERS GÖTEBORGS UNIVERSITET EXAM IN CRYPTOGRAPHY TDA352 (Chalmers) - DIT250 (GU) 12 January 2018, 08:30 12.30 Tillåtna hjälpmedel: Typgodkänd räknare. Annan minnestömd räknare får användas efter godkännande
More informationA New Functional Encryption for Multidimensional Range Query
A New Functional Encryption for Multidimensional Range Query Jia Xu 1, Ee-Chien Chang 2, and Jianying Zhou 3 1 Singapore Telecommunications Limited jia.xu@singtel.com 2 National University of Singapore
More informationInstantiating the Dual System Encryption Methodology in Bilinear Groups
Instantiating the Dual System Encryption Methodology in Bilinear Groups Allison Lewko joint work with Brent Waters Motivation classical public key cryptography: Alice Bob Eve Motivation functional encryption:
More informationLogic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation
Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationIdentity Based Proxy Signature from RSA without Pairings
International Journal of Network Security, Vol.19, No.2, PP.229-235, Mar. 2017 (DOI: 10.6633/IJNS.201703.19(2).07) 229 Identity Based Proxy Signature from RSA without Pairings Lunzhi Deng, Huawei Huang,
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationShort Signatures Without Random Oracles
Short Signatures Without Random Oracles Dan Boneh and Xavier Boyen (presented by Aleksandr Yampolskiy) Outline Motivation Preliminaries Secure short signature Extensions Conclusion Why signatures without
More informationTighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model. Shuichi Katsumata (The University of Tokyo /AIST) Takashi Yamakawa (NTT)
1 Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo /AIST) *Pronounced as Shuichi Katsumata (The University of Tokyo /AIST) Shota Yamada (AIST) Takashi Yamakawa
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationT Advanced Course in Cryptology. March 28 th, ID-based authentication frameworks and primitives. Mikko Kiviharju
March 28 th, 2006 ID-based authentication frameworks and primitives Helsinki University of Technology mkivihar@cc.hut.fi 1 Overview Motivation History and introduction of IB schemes Mathematical basis
More informationSecure Identity Based Encryption Without Random Oracles
Secure Identity Based Encryption Without Random Oracles Dan Boneh 1, and Xavier Boyen 2 1 Computer Science Department, Stanford University, Stanford CA 94305-9045 dabo@cs.stanford.edu 2 Voltage Security,
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More informationPERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY
PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY BURTON ROSENBERG UNIVERSITY OF MIAMI Contents 1. Perfect Secrecy 1 1.1. A Perfectly Secret Cipher 2 1.2. Odds Ratio and Bias 3 1.3. Conditions for Perfect
More informationCryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg
Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationAvailable online at J. Math. Comput. Sci. 6 (2016), No. 3, ISSN:
Available online at http://scik.org J. Math. Comput. Sci. 6 (2016), No. 3, 281-289 ISSN: 1927-5307 AN ID-BASED KEY-EXPOSURE FREE CHAMELEON HASHING UNDER SCHNORR SIGNATURE TEJESHWARI THAKUR, BIRENDRA KUMAR
More informationNew Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts
New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts Allison Lewko University of Texas at Austin alewko@cs.utexas.edu Brent Waters University of Texas at Austin bwaters@cs.utexas.edu
More informationABHELSINKI UNIVERSITY OF TECHNOLOGY
Identity-Based Cryptography T-79.5502 Advanced Course in Cryptology Billy Brumley billy.brumley at hut.fi Helsinki University of Technology Identity-Based Cryptography 1/24 Outline Classical ID-Based Crypto;
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationA Key Recovery Attack on MDPC with CCA Security Using Decoding Errors
A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors Qian Guo Thomas Johansson Paul Stankovski Dept. of Electrical and Information Technology, Lund University ASIACRYPT 2016 Dec 8th, 2016
More informationLattice Reduction Attack on the Knapsack
Lattice Reduction Attack on the Knapsack Mark Stamp 1 Merkle Hellman Knapsack Every private in the French army carries a Field Marshal wand in his knapsack. Napoleon Bonaparte The Merkle Hellman knapsack
More informationCertificate-Based Signature Schemes without Pairings or Random Oracles
Certificate-Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu 1, Joonsang Baek 1, Willy Susilo 2, and Jianying Zhou 1 1 Cryptography and Security Department Institute for Infocomm
More informationDATA PRIVACY AND SECURITY
DATA PRIVACY AND SECURITY Instructor: Daniele Venturi Master Degree in Data Science Sapienza University of Rome Academic Year 2018-2019 Interlude: Number Theory Cubum autem in duos cubos, aut quadratoquadratum
More informationPublic Key Encryption with Conjunctive Field Keyword Search
Public Key Encryption with Conjunctive Field Keyword Search Dong Jin PARK Kihyun KIM Pil Joong LEE IS Lab, POSTECH, Korea August 23, 2004 Contents 1 Preliminary 2 Security Model 3 Proposed Scheme 1 4 Proposed
More informationCOS Cryptography - Final Take Home Exam
COS 433 - Cryptography - Final Take Home Exam Boaz Barak May 12, 2010 Read these instructions carefully before starting to work on the exam. If any of them are not clear, please email me before you start
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationDelegation in Predicate Encryption Supporting Disjunctive Queries
Author manuscript, published in "Security and Privacy - Silver Linings in the Cloud Springer Ed. 2012 229-240" DOI : 10.1007/978-3-642-15257-3_21 Delegation in Predicate Encryption Supporting Disjunctive
More informationIntroduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.
Yoyo Game with AES Navid Ghaedi Bardeh University of Bergen May 8, 2018 1 / 33 Outline 1 Introduction on Block cipher 2 Yoyo Game 3 Application on AES 4 Conclusion 2 / 33 Classical Model of Symmetric Cryptography
More informationRecent Advances in Identity-based Encryption Pairing-based Constructions
Fields Institute Workshop on New Directions in Cryptography 1 Recent Advances in Identity-based Encryption Pairing-based Constructions Kenny Paterson kenny.paterson@rhul.ac.uk June 25th 2008 Fields Institute
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationThe k-bdh Assumption Family: Bilinear Cryptography from Progressively Weaker Assumptions
The k-bdh Assumption Family: Bilinear Cryptography from Progressively Weaker Assumptions Karyn Benson (UCSD) Hovav Shacham (UCSD) Brent Waters (UT-Austin) Provable Security How to show your cryptosystem
More informationAn Overview of Homomorphic Encryption
An Overview of Homomorphic Encryption Alexander Lange Department of Computer Science Rochester Institute of Technology Rochester, NY 14623 May 9, 2011 Alexander Lange (RIT) Homomorphic Encryption May 9,
More information