Directly Revocable Key-Policy Attribute- Based Encryption with Verifiable Ciphertext Delegation
|
|
- Alexis Reynolds
- 5 years ago
- Views:
Transcription
1 Directly Revocable Key-Policy Attribute- Based Encryption with Verifiable Ciphertext Delegation Yanfeng Shi, Qingji Zheng, Jiqiang Liu, Zhen Han Beijing Jiaotong University
2 Traditional Encrypted Filesystem File 1 Owner: John File 2 Owner: Tim Encrypted Files stored on Untrusted Server Every user can decrypt its own files Files to be shared across different users? Credentials? 2
3 Key-Policy Attribute-Based Encryption File 1 Creator: John Computer Science Admissions Date: Label files with attributes File 2 Creator: Tim History Admissions Date:
4 Key-Policy Attribute-Based Encryption File 1 Creator: John Computer Science Admissions Date: Univ. Key Authority OR File 2 Creator: Tim History Admissions Date: AND Bob Computer Science Admissions 4
5 Our Work (1/4): Revocation Guarantees o Non-revoked users can decrypt data. o Revoked users can t decrypt data added in the future. o Revoked users can t decrypt data in the past. [22] (After termination, employee shouldn t be able to access anything he doesn t already have) [22] A. Sahai, H. Seyalioglu, B. Waters, Dynamic credentials and ciphertext delegation for attribute-based encryption, in: CRYPTO, 2012, pp
6 Our Work (2/4): Revocation o Non-revoked users can decrypt data. o Revoked users can t decrypt data added in the future. Direct mode: no need to update non-revoked users decryption keys. Indirect mode: need to update all the non-revoked users decryption keys.
7 Our Work (3/4): Revocation o Revoked users can t decrypt data in the past. Update the past encrypted data Traditional way: The data owner must download, decrypt, re-encrypt and upload the data stored in the cloud. Outsourcing to cloud: The cloud update the encrypted data- ciphertext delegation. Unverifiable: the process can t be accountable. Verifiable: the process can be accountable.
8 Our Work (4/4): Revocation [1] N. Attrapadung, H. Imai, Attribute-based encryption supporting direct/indirect revocation modes, in: IMA Int. Conf., 2009, pp [2] N. Attrapadung, H. Imai, Conjunctive broadcast and attribute-based encryption, in: Pairing-Based Cryptography Pairing 2009, Springer, 2009, pp [5] A. Boldyreva, V. Goyal, V. Kumar, Identity-based encryption with efficient revocation, in: ACM Conference on Computer and Communications Security, 2008, pp [22] A. Sahai, H. Seyalioglu, B. Waters, Dynamic credentials and ciphertext delegation for attribute-based encryption, in: CRYPTO, 2012, pp
9 System model Trusted authority Encrypt and Outsource outsource data user user verify Encrypt and outsource data Revocation-update ciphertext Cloud cloud sever Encrypt and Outsource data user
10 Techniques Techniques Multilinear Maps Subset cover
11 Multilinear Maps d + 3: G 0, G 1,, G d+2 order p d + 2 mappings e i : G 0 G i G i+1, i = 0,, d + 1 Properties: Given generator g 0 G 0, then g i+1 = e i g 0, g i is the generator of G i+1 e i g 0 α, g i β = e i g 0, g i αβ e i can be efficiently computed
12 Subset Cover
13 System Setup α, β R Z p, H 1 : {0,1} Z p, H 2 : {0,1} G 0, h j R Gd+1, 0 j max, max is the maximum number max y of attributes. Define Q y = h j j=0 j, y Z p pm=(e 0,, e d+1, G 0,, G d+2, g 0,, g d+2, e d+1 g 0, g d+1 α, g 0 β, H 1, H 2, h 0,, h max ) mk=(α, β)
14 Key Generation mk=(α, β) 1 α 1, v 2, v 3,, v k R Z p, set α 2, s. t. α = α 1 + α 2 mod p. 2 v = α 1, v 2, v 3,, v k, for i = 1,, l, compute λ π(i) = M i v, M is an l k matrix; (1) λ π D i = i gd+1 Q(H 1 (π(i))) r (2) r R i, D i = i g0, r i Zp ; Access control policy 3 Let P xi 0 = e 0(H 2 x i0, g 0 β ), compute Pxij = e j (H 2 x ij, P xij 1 ), where j = 1,, d. (path(uid)={x i0, x id }) Path(uid) is recorded using mullinear maps D (3) α = g 2 t d+1 P uid, D (4) = g 0 t, t R Z p ; sk= (uid, (M,π), (D i (1), D i 2 ) i [1,l], D (3), D (4) )
15 Encryption pm=(e 0,, e d+1, G 0,, G d+2, g 0,, g d+2, e d+1 g 0, g d+1 α, g 0 β, H 1, H 2, h 0,, h max ) Encrypt the massage m G d+2 under attribute set S 1 C (1) = me d+1 (g 0, g d+1 ) αs, C (2) s = g 0, s R The Z p ; Attribut (3) 2 C at = Q(H1 (at)) s e set, at S; 3 path x = x i0,, x idepth x, x i0 = root x idepth x = x, x cover R, cover(r) is the cover set of revocation list R. P xi 0 = e 0(H 2 x i0, g 0 β ), compute Pxij = e j (H 2 x ij, P xij 1 ), where j = 1,, dept x, set C x (4) = Px s. The set cover nodes cph=(s,r,c (1), C (2) (3),{C at }at S, {C (4) x }x cover(r) )
16 Decryption Part I sk= (uid, (M,π), (D i (1), D i 2 ) i [1,l], D (3), D (4) ) For each satisfied node (uid R S satisfies (M,π)) perform a computation (1) With uid R, exist a node x s. t. x path uid cover R, suppose path uid = x i0,, x idepth x,, x id, x id = uid x idepth x = x; (4) (2) Let P xidepth = C x x, compute Pxij+1 = e j+1 (H 2 x ij+1, P xij ) for j = depth x,, d 1; (3) P uid = P xid Extend ciphertext of x to uid (using multilinear maps)
17 Decryption Part II (4) S satisfies (M,π), exist c i, s. t. c i M π i S i =(1,0,,0), then K = ( e d+1(c 2 (1), D i ) e d+1 (D 2 ) c i e d+1(c 2, D (3) ) (3) i, C π(i) ) e d+1 (D 4, P uid ) (5) m = C 1 / K. π i S S satisfies (M, π) uid R
18 Update Given a new revocation list R, update as follows: If exists x cover R s. t. x = x (4) (4), set C x = Cx ; Otherwise exists x cover R s. t. x is an ancestor of x,path x = path x {x idepth x,, x idepth x }, where x idepth x = x, x idepth x = x, set P xij+1 = e j+1 (H 2 x ij+1, P (4) xij ) and C x = Px ; Let C (1) = C (1), C (2) = C (2) (3) (3), C at = Cat. Updated ciphtext: cph =(S,R,C (1), C (2) (3),{C at }at S, {C (4) x }x cover(r ) ) X 7 is the new revoked user, the ciphertext part for x 14 needs to update to x 11 and x 8
19 Verification Verify the following equations: C (1) = C (1), C (2) = C (2) (3) (3) at S, C at = Cat, x cover(r) cover R, C x (4) = Cx (4). If hold, proceed to verify whether i, s. t. η c i Check each level η 4 ) c i i=0, e depth x +1 C 2, i=1 P xi = e depth x +1 g 0, (C x where c 1,, c η R Zp, x j cover R cover R,and depth x j i, i = 1,, d. =
20
Attribute-Based Encryption Optimized for Cloud Computing
ttribute-based Encryption Optimized for Cloud Computing Máté Horváth 27 January 1 / 17 Roadmap 1 Encryption in the Cloud 2 User Revocation 3 Background 4 The Proposed Scheme 5 Conclusion 2 / 17 Traditional
More informationTime-Based Direct Revocable Ciphertext-Policy Attribute-Based Encryption with Short Revocation List
Time-Based Direct Revocable Ciphertext-Policy Attribute-Based Encryption with Short Revocation List Joseph K. Liu 1, Tsz Hon Yuen 2, Peng Zhang 3, Kaitai Liang 4 1 Faculty of Information Technology, Monash
More informationThe k-bdh Assumption Family: Bilinear Cryptography from Progressively Weaker Assumptions
The k-bdh Assumption Family: Bilinear Cryptography from Progressively Weaker Assumptions Karyn Benson (UCSD) Hovav Shacham (UCSD) Brent Waters (UT-Austin) Provable Security How to show your cryptosystem
More informationSelf-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better Efficiency
Self-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better Efficiency Kwangsu Lee Seung Geol Choi Dong Hoon Lee Jong Hwan Park Moti Yung Abstract Revocation and key evolving
More informationBasics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018
Basics in Cryptology II Distributed Cryptography David Pointcheval Ecole normale supérieure, CNRS & INRIA ENS Paris 2018 NS/CNRS/INRIA Cascade David Pointcheval 1/26ENS/CNRS/INRIA Cascade David Pointcheval
More informationArbitrary-State Attribute-Based Encryption with Dynamic Membership
1/ 34 Arbitrary-State Attribute-Based Encryption with Dynamic Membership Speaker: Chun-I Fan Chun-I Fan, National Sun Yat-sen University, Kaohsiung Vincent Shi-Ming Huang, Industry Technology Research
More informationAn Efficient Cloud-based Revocable Identity-based Proxy Re-encryption Scheme for Public Clouds Data Sharing
An Efficient Cloud-based Revocable Identity-based Proxy Re-encryption Scheme for Public Clouds Data Sharing Kaitai Liang 1, Joseph K. Liu 2, Duncan S. Wong 1, Willy Susilo 3 Department of Computer Science,
More informationPublic Key Broadcast Encryption with Low Number of Keys and Constant Decryption Time
Public Key Broadcast Encryption with Low Number of Keys and Constant Decryption Time Yi-Ru Liu, Wen-Guey Tzeng Department of Computer Science National Chiao Tung University Hsinchu, Taiwan 30050 Email:
More informationNew Constructions of Revocable Identity-Based Encryption from Multilinear Maps
New Constructions of Revocable Identity-Based Encryption from Multilinear Maps Seunghwan Park Kwangsu Lee Dong Hoon Lee Abstract A revocation mechanism in cryptosystems for a large number of users is absolutely
More informationDistribution of the Number of Encryptions in Revocation Schemes for Stateless Receivers
Discrete Mathematics and Theoretical Computer Science DMTCS vol. subm., by the authors, 1 1 Distribution of the Number of Encryptions in Revocation Schemes for Stateless Receivers Christopher Eagle 1 and
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationVerifiable Delegation of Polynomials
International Journal of Network Security, Vol.8, No.2, PP.283-290, Mar. 206 283 Verifiable Delegation of Polynomials Jun Ye, Haiyan Zhang, and Changyou Fu 2 (Corresponding author: Jun Ye) School of Science,
More informationLesson 8 : Key-Policy Attribute-Based Encryption and Public Key Encryption with Keyword Search
Lesson 8 : Key-Policy Attribute-Based Encryption and Public Key Encryption with Keyword Search November 3, 2014 teacher : Benoît Libert scribe : Florent Bréhard Key-Policy Attribute-Based Encryption (KP-ABE)
More informationA New Functional Encryption for Multidimensional Range Query
A New Functional Encryption for Multidimensional Range Query Jia Xu 1, Ee-Chien Chang 2, and Jianying Zhou 3 1 Singapore Telecommunications Limited jia.xu@singtel.com 2 National University of Singapore
More informationA Strong Identity Based Key-Insulated Cryptosystem
A Strong Identity Based Key-Insulated Cryptosystem Jin Li 1, Fangguo Zhang 2,3, and Yanming Wang 1,4 1 School of Mathematics and Computational Science, Sun Yat-sen University, Guangzhou, 510275, P.R.China
More informationCiphertext-Policy Attribute-Based Encrypted Data Equality Test and Classification
Ciphertext-Policy Attribute-Based Encrypted Data Equality Test and Classification Yuzhao Cui 1, Qiong Huang 1, Jianye Huang 1, Hongbo Li 1, and Guomin Yang 2 1 College of Mathematics and Informatics, South
More informationExpressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts
Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts Nuttapong Attrapadung 1, Benoît Libert 2, and Elie de Panafieu 3 1 esearch Center for Information Security, AIST Japan) n.attrapadung@aist.go.jp
More informationGeneric Constructions for Chosen-Ciphertext Secure Attribute Based Encryption
Generic Constructions for Chosen-Ciphertext Secure Attribute Based Encryption Shota Yamada 1, Nuttapong Attrapadung 2, Goichiro Hanaoka 2 and Noboru Kunihiro 1 1 The University of Tokyo. {yamada@it., kunihiro@}
More informationEfficient Identity-based Encryption Without Random Oracles
Efficient Identity-based Encryption Without Random Oracles Brent Waters Weiwei Liu School of Computer Science and Software Engineering 1/32 Weiwei Liu Efficient Identity-based Encryption Without Random
More informationFully Secure (Doubly-)Spatial Encryption under Simpler Assumptions
Fully Secure (Doubly-)Spatial Encryption under Simpler Assumptions Cheng Chen, Zhenfeng Zhang, and Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences,
More informationGeneric Transformations of Predicate Encodings: Constructions and Applications
Generic Transformations of Predicate Encodings: Constructions and Applications Miguel Ambrona,2, Gilles Barthe, and Benedikt Schmidt 3 IMDEA Software Institute, Madrid, Spain {miguel.ambrona,gilles.barthe}@imdea.org
More informationCryptographic Solutions for Data Integrity in the Cloud
Cryptographic Solutions for Stanford University, USA Stanford Computer Forum 2 April 2012 Homomorphic Encryption Homomorphic encryption allows users to delegate computation while ensuring secrecy. Homomorphic
More informationHidden-Vector Encryption with Groups of Prime Order
Hidden-Vector Encryption with Groups of Prime Order Vincenzo Iovino 1 and Giuseppe Persiano 1 Dipartimento di Informatica ed Applicazioni, Università di Salerno, 84084 Fisciano (SA), Italy. iovino,giuper}@dia.unisa.it.
More informationResearch Article Re-Encryption Method Designed by Row Complete Matrix
Hindawi Publishing Corporation Mathematical Problems in Engineering Volume 2012, Article ID 402890, 14 pages doi:10.1155/2012/402890 Research Article Re-Encryption Method Designed by Row Complete Matrix
More informationResistance to Pirates 2.0: A Method from Leakage Resilient Cryptography
Resistance to Pirates 2.0: A Method from Leakage Resilient Cryptography Duong Hieu Phan 1,2 and Viet Cuong Trinh 1 1 LAGA, University of Paris 8 2 ENS / CNRS / INRIA Abstract. In the classical model of
More informationCS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing
Lecture 11: Key Management, Secret Sharing Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Key Management Secret Sharing Shamir s Threshold
More informationType-based Proxy Re-encryption and its Construction
Type-based Proxy Re-encryption and its Construction Qiang Tang Faculty of EWI, University of Twente, the Netherlands q.tang@utwente.nl Abstract. Recently, the concept of proxy re-encryption has been shown
More informationAn Introduction to Pairings in Cryptography
An Introduction to Pairings in Cryptography Craig Costello Information Security Institute Queensland University of Technology INN652 - Advanced Cryptology, October 2009 Outline 1 Introduction to Pairings
More informationStructure Preserving CCA Secure Encryption
Structure Preserving CCA Secure Encryption presented by ZHANG Tao 1 / 9 Introduction Veriable Encryption enable validity check of the encryption (Camenisch et al. @ CRYPTO'03): veriable encryption of discrete
More informationEvaluating 2-DNF Formulas on Ciphertexts
Evaluating 2-DNF Formulas on Ciphertexts Dan Boneh, Eu-Jin Goh, and Kobbi Nissim Theory of Cryptography Conference 2005 Homomorphic Encryption Enc. scheme is homomorphic to function f if from E[A], E[B],
More informationThreshold broadcast encryption with keyword search
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2016 Threshold broadcast encryption with keyword
More informationDelegation in Predicate Encryption Supporting Disjunctive Queries
Author manuscript, published in "Security and Privacy - Silver Linings in the Cloud Springer Ed. 2012 229-240" DOI : 10.1007/978-3-642-15257-3_21 Delegation in Predicate Encryption Supporting Disjunctive
More informationLattice-based Multi-signature with Linear Homomorphism
Copyright c 2016 The Institute of Electronics, Information and Communication Engineers SCIS 2016 2016 Symposium on Cryptography and Information Security Kumamoto, Japan, Jan. 19-22, 2016 The Institute
More informationAttribute-based Encryption & Delegation of Computation
Lattices and Homomorphic Encryption, Spring 2013 Instructors: Shai Halevi, Tal Malkin Attribute-based Encryption & Delegation of Computation April 9, 2013 Scribe: Steven Goldfeder We will cover the ABE
More informationarxiv: v1 [cs.cr] 24 Jan 2018
Server-Aided Revocable Predicate Encryption: Formalization and Lattice-Based Instantiation arxiv:1801.07844v1 [cs.cr] 24 Jan 2018 San Ling, Khoa Nguyen, Huaxiong Wang, Juanyang Zhang Division of Mathematical
More informationAttribute-Based Encryption Schemes with Constant-Size Ciphertexts
Attribute-Based Encryption Schemes with Constant-Size Ciphertexts Nuttapong Attrapadung 1, Javier Herranz 2, Fabien Laguillaume 3, Benoît Libert 4, Elie de Panafieu 5, and Carla Ràfols 2 1 Research Center
More informationA Comment on Gu Map-1
A Comment on Gu Map-1 Yupu Hu and Huiwen Jia ISN Laboratory, Xidian University, 710071 Xi an, China yphu@mail.xidian.edu.cn Abstract. Gu map-1 is a modified version of GGH map. It uses same ideal lattices
More informationPseudonym and Anonymous Credential Systems. Kyle Soska 4/13/2016
Pseudonym and Anonymous Credential Systems Kyle Soska 4/13/2016 Moving Past Encryption Encryption Does: Hide the contents of messages that are being communicated Provide tools for authenticating messages
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationMulti-Key Homomorphic Authenticators
Multi-Key Homomorphic Authenticators Dario Fiore 1, Aikaterini Mitrokotsa 2, Luca Nizzardo 1, and Elena Pagnin 2 1 IMDEA Software Institute, Madrid, Spain {dario.fiore, luca.nizzardo}@imdea.org 2 Chalmers
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationCryptographic e-cash. Jan Camenisch. IBM Research ibm.biz/jancamenisch. IACR Summerschool Blockchain Technologies
IACR Summerschool Blockchain Technologies Cryptographic e-cash Jan Camenisch IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch ecash scenario & requirements Bank Withdrawal User Spend Deposit Merchant
More informationRevocable Identity-Based Encryption from Lattices
Revocable Identity-Based Encryption from Lattices Jie Chen, Hoon Wei Lim, San Ling, Huaxiong Wang, and Khoa Nguyen Nanyang Technological University, Singapore s080001@e.ntu.edu.sg {hoonwei,lingsan,hxwang}@ntu.edu.sg
More informationPredicate Privacy in Encryption Systems
Predicate Privacy in Encryption Systems Emily Shen 1, Elaine Shi 2, and Brent Waters 3 1 MIT eshen@csail.mit.edu 2 CMU/PARC eshi@parc.com 3 UT Austin bwaters@cs.utexas.edu Abstract. Predicate encryption
More informationA Full Homomorphic Message Authenticator with Improved Efficiency
International Journal of Computer and Communication Engineering, Vol. 3, No. 4, July 2014 A Full Homomorphic Message Authenticator with Improved Efficiency Wenbin Chen and Hao Lei Abstract In the system
More informationAdaptive-ID Secure Revocable Identity-Based Encryption from Lattices via Subset Difference Method
Adaptive-ID Secure Revocable Identity-Based Encryption from Lattices via Subset Difference Method Shantian Cheng and Juanyang Zhang Division of Mathematical Sciences, School of Physical and Mathematical
More informationDynamic Key-Aggregate Cryptosystem on Elliptic Curves for Online Data Sharing
Dynamic Key-Aggregate Cryptosystem on Elliptic Curves for Online Data Sharing Sikhar Patranabis, Yash Shrivastava and Debdeep Mukhopadhyay Department of Computer Science and Engineering Indian Institute
More informationFrequency-hiding Dependency-preserving Encryption for Outsourced Databases
Frequency-hiding Dependency-preserving Encryption for Outsourced Databases ICDE 17 Boxiang Dong 1 Wendy Wang 2 1 Montclair State University Montclair, NJ 2 Stevens Institute of Technology Hoboken, NJ April
More informationNon- browser TLS Woes
Non- browser TLS Woes Dan Boneh Joint work with M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, and V. Shma?kov Proc. ACM CCS 2012 30 second summary Lots of non- browser systems using TLS: Payment gateway
More informationShai Halevi IBM August 2013
Shai Halevi IBM August 2013 I want to delegate processing of my data, without giving away access to it. I want to delegate the computation to the cloud, I want but the to delegate cloud the shouldn t computation
More informationRemote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant
Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Araújo, Amira Barki, Solenn Brunet and Jacques Traoré 1st Workshop on Advances in Secure Electronic Voting Schemes VOTING
More informationID-based Encryption Scheme Secure against Chosen Ciphertext Attacks
ID-based Encryption Scheme Secure against Chosen Ciphertext Attacks ongxing Lu and Zhenfu Cao Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200030, P.. China {cao-zf,
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationSecret sharing schemes
Secret sharing schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction Shamir s secret sharing scheme perfect secret
More informationRecent Advances in Identity-based Encryption Pairing-based Constructions
Fields Institute Workshop on New Directions in Cryptography 1 Recent Advances in Identity-based Encryption Pairing-based Constructions Kenny Paterson kenny.paterson@rhul.ac.uk June 25th 2008 Fields Institute
More informationNew Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts
New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts Allison Lewko University of Texas at Austin alewko@cs.utexas.edu Brent Waters University of Texas at Austin bwaters@cs.utexas.edu
More informationExpressive and Secure Searchable Encryption in the Public Key Setting (Full Version)
Expressive and Secure Searchable Encryption in the Public Key Setting (Full Version) Zhiquan Lv 1,2, Cheng Hong 1, Min Zhang 1, and Dengguo Feng 1 1 Trusted Computing and Information Assurance Laboratory,
More informationEscrow-Free Encryption Supporting Cryptographic Workflow
Escrow-Free Encryption Supporting Cryptographic Workflow S.S. Al-Riyami 1, J. Malone-Lee 2 and N.P. Smart 2 1 Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX,
More informationType 1.x Generalized Feistel Structures
Noname manuscript No. (will be inserted by the editor) Type 1.x Generalized eistel Structures Shingo Yanagihara Tetsu Iwata Received: date / Accepted: date Abstract We formalize the Type 1.x Generalized
More informationImplementation of Automatic Invertible Matrix Mechanism in NTRU Matrix Formulation Algorithm
Implementation of Automatic Invertible Matrix Mechanism in NTRU Matrix Formulation Algorithm Mohan Rao Mamdikar, Vinay Kumar & D. Ghosh National Institute of Technology, Durgapur E-mail : Mohanrao.mamdikar@gmail.com,
More informationLecture 9 and 10: Malicious Security - GMW Compiler and Cut and Choose, OT Extension
CS 294 Secure Computation February 16 and 18, 2016 Lecture 9 and 10: Malicious Security - GMW Compiler and Cut and Choose, OT Extension Instructor: Sanjam Garg Scribe: Alex Irpan 1 Overview Garbled circuits
More informationRevocable Group Signature Schemes with Constant Costs for Signing and Verifying
Revocable Group Signature Schemes with Constant Costs for Signing and Verifying Toru Nakanishi, Hiroki Fujii, Yuta Hira, and Nobuo Funabiki Department of Communication Network Engineering, Okayama University,
More informationApplied cryptography
Applied cryptography Identity-based Cryptography Andreas Hülsing 19 November 2015 1 / 37 The public key problem How to obtain the correct public key of a user? How to check its authenticity? General answer:
More informationEfficient and Secure Delegation of Linear Algebra
Efficient and Secure Delegation of Linear Algebra Payman Mohassel University of Calgary pmohasse@cpsc.ucalgary.ca Abstract We consider secure delegation of linear algebra computation, wherein a client,
More informationANALYSIS OF PRIVACY-PRESERVING ELEMENT REDUCTION OF A MULTISET
J. Korean Math. Soc. 46 (2009), No. 1, pp. 59 69 ANALYSIS OF PRIVACY-PRESERVING ELEMENT REDUCTION OF A MULTISET Jae Hong Seo, HyoJin Yoon, Seongan Lim, Jung Hee Cheon, and Dowon Hong Abstract. The element
More information6.892 Computing on Encrypted Data October 28, Lecture 7
6.892 Computing on Encrypted Data October 28, 2013 Lecture 7 Lecturer: Vinod Vaikuntanathan Scribe: Prashant Vasudevan 1 Garbled Circuits Picking up from the previous lecture, we start by defining a garbling
More informationInstantiating the Dual System Encryption Methodology in Bilinear Groups
Instantiating the Dual System Encryption Methodology in Bilinear Groups Allison Lewko joint work with Brent Waters Motivation classical public key cryptography: Alice Bob Eve Motivation functional encryption:
More informationIdentity-Based Online/Offline Encryption
Fuchun Guo 2 Yi Mu 1 Zhide Chen 2 1 University of Wollongong, Australia ymu@uow.edu.au 2 Fujian Normal University, Fuzhou, China fuchunguo1982@gmail.com Outline 1 2 3 4 Identity-based Encryption Review
More informationAttribute-Based Ring Signatures
Attribute-Based Ring Signatures Jin Li and Kwangjo Kim International Research center for Information Security (IRIS) Information and Communications University(ICU) 103-6 Munji-Dong, Yuseong-Gu, Daejeon,
More informationA New Approach to Threshold Attribute Based Signatures
A New Approach to Threshold Attribute Based Signatures S Sharmila Deva Selvi, Subhashini Venugopalan, C. Pandu Rangan Theoretical Computer Science Laboratory Department of Computer Science and Engineering
More informationFully Homomorphic Encryption
Fully Homomorphic Encryption Thomas PLANTARD Universiy of Wollongong - thomaspl@uow.edu.au Plantard (UoW) FHE 1 / 24 Outline 1 Introduction Privacy Homomorphism Applications Timeline 2 Gentry Framework
More informationc Copyright by Mike Hamburg 2011 All Rights Reserved
SPATIAL ENCRYPTION A DISSERTATION SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE AND THE COMMITTEE ON GRADUATE STUDIES OF STANFORD UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE
More informationBounded Ciphertext Policy Attribute Based Encryption
Bounded Ciphertext Policy Attribute Based Encryption Vipul Goyal Abhishek Jain Omkant Pandey Amit Sahai Department of Computer Science, UCLA {vipul,abhishek,omkant,sahai}@cs.ucla.edu Abstract In a ciphertext
More informationINFORMATION-THEORETICALLY SECURE STRONG VERIFIABLE SECRET SHARING
INFORMATION-THEORETICALLY SECURE STRONG VERIFIABLE SECRET SHARING Changlu Lin State Key Lab. of Information Security, Graduate University of Chinese Academy of Sciences, China Key Lab. of Network Security
More informationConstrained Pseudorandom Functions and Their Applications
Constrained Pseudorandom Functions and Their Applications Dan Boneh dabo@cs.stanford.edu Brent Waters bwaters@cs.utexas.edu September 9, 2013 Abstract We put forward a new notion of pseudorandom functions
More informationCiphertext-Policy Hierarchical Attribute-Based Encryption with Short Ciphertexts: Efficiently Sharing Data among Large Organizations
Ciphertext-Policy Hierarchical Attribute-Based Encryption with Short Ciphertexts: Efficiently Sharing Data among Large Organizations Hua Deng a, Qianhong Wu* b, Bo Qin c, Josep Domingo-Ferrer d, Lei Zhang
More informationOutline. The Game-based Methodology for Computational Security Proofs. Public-Key Cryptography. Outline. Introduction Provable Security
The Game-based Methodology for Computational s David Pointcheval Ecole normale supérieure, CNRS & INRIA Computational and Symbolic Proofs of Security Atagawa Heights Japan April 6th, 2009 1/39 2/39 Public-Key
More informationDan Boneh. Introduction. Course Overview
Online Cryptography Course Introduction Course Overview Welcome Course objectives: Learn how crypto primitives work Learn how to use them correctly and reason about security My recommendations: Take notes
More informationSecurity: Foundations, Security Policies, Capabilities
Department of Computer Science, Institute of Systems Architecture, Operating Systems Group Distributed Operating Systems Lecture 2014 Marcus Völp / Hermann Härtig Can you trust your system? to protect
More informationAvailable online at J. Math. Comput. Sci. 6 (2016), No. 3, ISSN:
Available online at http://scik.org J. Math. Comput. Sci. 6 (2016), No. 3, 281-289 ISSN: 1927-5307 AN ID-BASED KEY-EXPOSURE FREE CHAMELEON HASHING UNDER SCHNORR SIGNATURE TEJESHWARI THAKUR, BIRENDRA KUMAR
More informationSecure and Practical Identity-Based Encryption
Secure and Practical Identity-Based Encryption David Naccache Groupe de Cyptographie, Deṕartement d Informatique École Normale Supérieure 45 rue d Ulm, 75005 Paris, France david.nacache@ens.fr Abstract.
More informationLecture 7: Boneh-Boyen Proof & Waters IBE System
CS395T Advanced Cryptography 2/0/2009 Lecture 7: Boneh-Boyen Proof & Waters IBE System Instructor: Brent Waters Scribe: Ioannis Rouselakis Review Last lecture we discussed about the Boneh-Boyen IBE system,
More informationarxiv: v1 [cs.cr] 16 Dec 2015
A Note on Efficient Algorithms for Secure Outsourcing of Bilinear Pairings arxiv:1512.05413v1 [cs.cr] 16 Dec 2015 Lihua Liu 1 Zhengjun Cao 2 Abstract. We show that the verifying equations in the scheme
More informationCryptographic Multilinear Maps. Craig Gentry and Shai Halevi
Cryptographic Multilinear Maps Craig Gentry and Shai Halevi China Summer School on Lattices and Cryptography, June 2014 Multilinear Maps (MMAPs) A Technical Tool A primitive for building applications,
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationLecture 10. Public Key Cryptography: Encryption + Signatures. Identification
Lecture 10 Public Key Cryptography: Encryption + Signatures 1 Identification Public key cryptography can be also used for IDENTIFICATION Identification is an interactive protocol whereby one party: prover
More informationTowards Symmetric Functional Encryption for Regular Languages with Predicate Privacy
Towards Symmetric Functional Encryption for egular Languages with Predicate Privacy Fu-Kuo Tseng, ong-jaye Chen, and Bao-Shuh Paul Lin National Chiao-Tung University, No.1001, Daxue oad, Hsinchu City 300,
More informationColluding Attacks to a Payment Protocol and Two Signature Exchange Schemes
Colluding Attacks to a Payment Protocol and Two Signature Exchange Schemes Feng Bao Institute for Infocomm Research 21 Heng Mui Keng Terrace, Singapore 119613 Email: baofeng@i2r.a-star.edu.sg Abstract.
More informationk-nearest Neighbor Classification over Semantically Secure Encry
k-nearest Neighbor Classification over Semantically Secure Encrypted Relational Data Reporter:Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU May 9, 2014 1 2 3 4 5 Outline 1. Samanthula B K, Elmehdwi
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationOn the security of Jhanwar-Barua Identity-Based Encryption Scheme
On the security of Jhanwar-Barua Identity-Based Encryption Scheme Adrian G. Schipor aschipor@info.uaic.ro 1 Department of Computer Science Al. I. Cuza University of Iași Iași 700506, Romania Abstract In
More informationSome Bounds and a Construction for Secure Broadcast Encryption
Some Bounds and a Construction for Secure Broadcast Encryption Kaoru Kurosawa 1, Takuya Yoshida 1, Yvo Desmedt 2,3, and Mike Burmester 3 1 Dept. of EE, Tokyo Institute of Technology 2 12 1 O-okayama, Meguro-ku,
More informationCarmen s Core Concepts (Math 135)
Carmen s Core Concepts (Math 135) Carmen Bruni University of Waterloo Week 8 1 The following are equivalent (TFAE) 2 Inverses 3 More on Multiplicative Inverses 4 Linear Congruence Theorem 2 [LCT2] 5 Fermat
More informationarxiv: v1 [cs.cr] 21 Dec 2015
Noname manuscript No. (will be inserted by the editor) Flexible Attribute-Based Encryption Applicable to Secure E-Healthcare ecords Bo Qin Hua Deng Qianhong Wu Josep Domingo-Ferrer David Naccache Yunya
More informationVerifiable Delegation of Computation over Large Datasets
Verifiable Delegation of Computation over Large Datasets Siavosh Benabbas 1, Rosario Gennaro 2, and Yevgeniy Vahlis 3 1 University of Toronto, siavosh@cs.toronto.edu 2 IBM Research, rosario@us.ibm.com
More informationExpressive Search on Encrypted Data
Singapore Management University Institutional Knowledge at Singapore Management University Research Collection School Of Information Systems School of Information Systems 5-2013 Expressive Search on Encrypted
More informationAccumulators and U-Prove Revocation
Accumulators and U-Prove Revocation Tolga Acar 1, Sherman S.M. Chow 2, and Lan Nguyen 3 1 Intel Corporation tolga.acar@intel.com 2 Microsoft Research lan.duy.nguyen@microsoft.com 3 Department of Information
More informationAttribute-Based Encryption with Fast Decryption
Attribute-Based Encryption with Fast Decryption Susan Hohenberger and Brent Waters May 8, 2013 Abstract Attribute-based encryption (ABE) is a vision of public key encryption that allows users to encrypt
More information