Publicly Verifiable Secret Sharing for Cloud-based Key Management
|
|
- Beatrix Sparks
- 6 years ago
- Views:
Transcription
1 Publicly Verifiable Secret Sharing for Cloud-based Key Management Roy D Souza, David Jao, Ilya Mironov and Omkant Pandey Microsoft Corporation and University of Waterloo December 13, 2011
2 Overview Motivation: Allow users to store encrypted files in untrusted cloud servers. Experience shows that some proportion of users will forget their keys, necessitating key recovery services. One way to perform key recovery is via trusted third parties. Results: We define the notion of a public-key encryption scheme supporting publicly-verifiable secret sharing. We construct a PKE-supporting-PVSS scheme secure under DBDH. Our scheme is also the first (plain) PVSS scheme provably secure in the standard model.
3 Access structures Let {P 1,..., P n } be a set of parties. A collection A 2 {P 1,...,P n} is monotone if B, C: if B A and B C then C A. An access structure (resp., monotone access structure) is a collection (resp., monotone collection) A of non-empty subsets of {P 1,..., P n }. The sets in A are called authorized sets, and the sets not in A are called unauthorized sets. In this work we consider access structures (necessarily monotone) that are representable by a tree of threshold gates.
4 Public-key encryption scheme supporting Publicly-Verifiable Secret Sharing A PKE supporting PVSS for an access structure A consists of algorithms {K, E, D, Setup, GenShare, Verify, Reconst} where PKE = {K, E, D} is a public-key encryption scheme and: Setup(1 κ, n) : i [1, n] {(PP 1, SK 1 ),..., (PP n, SK n )} GenShare(PK, SK, A) : (PK, SK, A) π Verify(PK, π, A) : outputs either 1 or 0 where Prob[Verify(PK, π, A) = 1 : (PK, SK) K(1 κ ) π GenShare(PK, SK, A)] = 1. Reconst(PK, π, A, SK S ) : reconstructs the secret key SK from π, where S A is an authorized set.
5 Related work Stadler, Eurocrypt 1996: First PVSS scheme. Can easily be adapted to support public-key encryption. Schoenmakers, Crypto 1999: Fastest extant PVSS scheme. Does not support public-key encryption.
6 The scheme: Key generation, encryption, and decryption Let e : G 1 G 1 G 2 be a pairing. Key Generation K: h $ G 1. SK = h, and PK = e(g, h). Encryption E PK (m G 2 ): R g R, m PK R. $ Z p, output: Decryption D( C 1, C 2, SK): Output C 2 /e(c 1, SK).
7 The scheme: Setup and share generation Setup(1 κ $, n) : For every i [1, n]: sample y i Zp ; output SK i = y i and PP i = g y i. GenShare(PK, SK, T ) : Choose a polynomial q x for every node x (including the leaves) in the T. For the root node r, set q r (0) = s. Choose d r more points randomly to completely fix the polynomial q r. For every other node x, set qx (0) = q parent(x) (id(x)); i.e., the constant term of q x is set to q parent(x) (id(x)). Choose the remaining d x points randomly to completely define the polynomial q x. Encapsulate shares: For every leaf node x, the share of node x is defined by: λ x = g qx (id(x)) (compute using polynomial interpolation). For every node x and every 0 i dx, define the following values: A x,i = g qx (i) and Âx,i = e(g, A x,i ) = e(g, g) qx (i).
8 The scheme: Share generation The output string π consists of the following: 1. For every node x (including the leaf nodes), the committed polynomial : {Âx,i} dx i=1 ; 2. For every leaf node, the encapsulations: B x, C x.
9 The scheme: Verification Verify(PK, π, T ) : 1. For every node x in T, parse π to obtain the committed points {Âx,i} dx i=1 of polynomial q x. For every leaf node x in T, parse π to obtain the encapsulations B x, C x of secrets λ x. 2. For the root node, verify that Âr,0 = PK. For every other node x, verify that: d z ) i,γz (w) Â x,0 = (Âz,i, (1) i=0 where z = parent(x), w = id(x), and γ z = {0, 1,..., d z }. 3. For every leaf node x, verify that: where i = id(x). If all tests pass, output 1; otherwise output 0. Â x,0 = e(g, C x) e(b x, PP i ), (2)
10 The scheme: Reconstruction To define Reconst(PK, π, T, SK S ) we define a recursive algorithm DecryptNode(π, SK S, x) that outputs an element in G 1 or. If x is a leaf node then let y i SK S be the secret key corresponding to PP i where i = id(x). Set DecryptNode(π, SK S, x) = C x B y i x = λ x PP Rx i g Rx y i qx (0) = λ x = g for i S and DecryptNode(π, SK S, x) = for i / S.
11 The scheme: Reconstruction If x is not a leaf node: For all nodes z that are children of x, call DecryptNode(π, SK S, z) and store the output as F z. Let γ x be an arbitrary k x -sized set of child nodes z such that F z. (If no such set exists then return.) Compute: F x = (0) i,γ F x z z γ x = g qz (0) (0) i,γ x z γ x = z γ x g qparent(z)(id(z)) i,γ (0) x = z γ x g qx (i) i,γ where i = id(z) and γ x = {id(z) : z γ x }. (0) x = g q x (0) Set Reconst(PK, π, T, SK S ) = DecryptNode(π, SK S, r).
12 Security for our PKE supporting PVSS scheme Theorem If a polynomial time adversary A wins the security game for PKE scheme supporting publicly verifiable secret-sharing scheme, then there exists a polynomial time simulator B to break the Bilinear Diffie-Hellman Assumption. See paper for the definition of the PKE-supporting-PVSS security game and the proof of the theorem.
13 Performance: Share generation 128 bit k = n = Figure: Time in milliseconds for GenShare, at the 128-bit security level, for various k and n. Top numbers in each cell are for our scheme; bottom numbers are for [Schoenmakers 99].
14 Performance: Verification 128 bit k = n = Figure: Time in milliseconds for Verify, at the 128-bit security level, for various k and n. Top numbers in each cell are for our scheme; bottom numbers are for [Schoenmakers 99].
15 Performance: Reconstruction 128 bit k = n = Figure: Time in milliseconds for Reconst, at the 128-bit security level, for various k and n. Top numbers in each cell are for our scheme; bottom numbers are for [Schoenmakers 99].
Publicly Verifiable Secret Sharing for Cloud-Based Key Management
Publicly Verifiable Secret Sharing for Cloud-Based Key Management Roy D Souza 1,DavidJao 2,, Ilya Mironov 1,3, and Omkant Pandey 1, 1 Microsoft Corporation, Redmond WA, USA {royd,omkantp}@microsoft.com
More informationAttribute-based encryption with encryption and decryption outsourcing
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2014 Attribute-based encryption with encryption and decryption outsourcing
More informationBounded Ciphertext Policy Attribute Based Encryption
Bounded Ciphertext Policy Attribute Based Encryption Vipul Goyal, Abhishek Jain, Omkant Pandey, and Amit Sahai Department of Computer Science, UCLA {vipul,abhishek,omkant,sahai}@cs.ucla.edu Abstract. In
More informationMTAT Research Seminar in Cryptography IND-CCA2 secure cryptosystems
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov October 31, 2005 Abstract Standard security assumptions (IND-CPA, IND- CCA) are explained. A number of cryptosystems
More informationOn the Security of a Certificateless Public-Key Encryption
On the Security of a Certificateless Public-Key Encryption Zhenfeng Zhang, Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080,
More informationOn the Insecurity of a Method for Providing Secure and Private Fine-Grained Access to Outsourced Data
On the Insecurity of a Method for Providing Secure and Private Fine-Grained Access to Outsourced Data Alfredo Rial Interdisciplinary Centre for Security, Reliability and Trust (SnT) University of Luxembourg
More informationFine-Grained Data Sharing Supporting Attribute Extension in Cloud Computing
wwwijcsiorg 10 Fine-Grained Data Sharing Supporting Attribute Extension in Cloud Computing Yinghui Zhang 12 1 National Engineering Laboratory for Wireless Security Xi'an University of Posts and Telecommunications
More informationPublicly-verifiable proof of storage: a modular construction. Federico Giacon
Publicly-verifiable proof of storage: a modular construction Federico Giacon Ruhr-Universita t Bochum federico.giacon@rub.de 6th BunnyTN, Trent 17 December 2015 Proof of Storage Proof of Storage (PoS)
More informationCCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts
CCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts Vanesa Daza 1, Javier Herranz 2, az Morillo 3 and Carla Ràfols 3 1 Dept. D Enginyeria Informàtica i Matemàtiques, Universitat Rovira
More informationIND-CCA2 secure cryptosystems, Dan Bogdanov
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee 1 Overview Notion of indistinguishability The Cramer-Shoup cryptosystem Newer results
More informationThe Exact Security of a Stateful IBE and New Compact Stateful PKE Schemes
The Exact Security of a Stateful IBE and New Compact Stateful PKE Schemes S. Sree Vivek, S. Sharmila Deva Selvi, C. Pandu Rangan Theoretical Computer Science Lab, Department of Computer Science and Engineering,
More informationSECURE AND ANONYMOUS HYBRID ENCRYPTION FROM CODING THEORY
SECURE AND ANONYMOUS HYBRID ENCRYPTION FROM CODING THEORY Edoardo Persichetti University of Warsaw 06 June 2013 (UNIVERSITY OF WARSAW) SECURE AND ANONYMOUS KEM 06 JUNE 2013 1 / 20 Part I PRELIMINARIES
More informationRelaxing IND-CCA: Indistinguishability Against Chosen. Chosen Ciphertext Verification Attack
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Indian Statistical Institute Kolkata January 14, 2012 Outline 1 Definitions Encryption Scheme IND-CPA IND-CCA IND-CCVA
More informationLecture 20: Public-key Encryption & Hybrid Encryption. Public-key Encryption
Lecture 20: & Hybrid Encryption Lecture 20: & Hybrid Encryption Overview Suppose there is a 2-round Key-Agreement protocol. This means that there exists a protocol where Bob sends the first message m B
More informationCryptography: More Primitives
Design and Analysis of Algorithms May 8, 2015 Massachusetts Institute of Technology 6.046J/18.410J Profs. Erik Demaine, Srini Devadas and Nancy Lynch Recitation 11 Cryptography: More Primitives 1 Digital
More informationKey-Policy Attribute-Based Encryption
Key-Policy Attribute-Based Encryption Present by Xiaokui Shu 09/08/2011 Identity-Based Encryption Basic KP-ABE Secret-Sharing Scheme Fine-grained Access Control Application Scenario Advanced Topics Related
More informationTimed-Release Certificateless Encryption
Timed-Release Certificateless Encryption Toru Oshikiri Graduate School of Engineering Tokyo Denki University Tokyo, Japan Taiichi Saito Tokyo Denki University Tokyo, Japan Abstract Timed-Release Encryption(TRE)
More informationInsecurity of an Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption Scheme
2014 Tenth 10th International Conference on Computational Intelligence and Security Insecurity of an Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption Scheme Changji Wang, Haitao
More informationEfficient Generation of Linear Secret Sharing. Scheme Matrices from Threshold Access Trees
Efficient Generation of Linear Secret Sharing 1 Scheme Matrices from Threshold Access Trees Zhen Liu, Zhenfu Cao, and Duncan S. Wong Abstract Linear Secret Sharing Scheme (LSSS) matrices are commonly used
More informationAn Efficient ID-KEM Based On The Sakai Kasahara Key Construction
An Efficient ID-KEM Based On The Sakai Kasahara Key Construction L. Chen 1, Z. Cheng 2, J. Malone Lee 3, and N.P. Smart 3 1 Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol, BS34 8QZ,
More informationLecture 15: Public Key Encryption: I
CSE 594 : Modern Cryptography 03/28/2017 Lecture 15: Public Key Encryption: I Instructor: Omkant Pandey Scribe: Arun Ramachandran, Parkavi Sundaresan 1 Setting In Public-key Encryption (PKE), key used
More informationEncryption from the Diffie-Hellman assumption. Eike Kiltz
Encryption from the Diffie-Hellman assumption Eike Kiltz Elliptic curve public-key crypto Key-agreement Signatures Encryption Diffie-Hellman 76 passive security ElGamal 84 passive security Hybrid DH (ECDH)
More informationA Key-Policy Attribute-based Encryption Scheme for General Circuit from Bilinear Maps
International Journal of Network Security, Vol.19, No.5, PP.704-710, Sept. 2017 (DOI: 10.6633/IJNS.201709.19(5).07) 704 A Key-Policy Attribute-based Encryption Scheme for General Circuit from Bilinear
More informationDefinitions and Notations
Chapter 2 Definitions and Notations In this chapter, we present definitions and notation. We start with the definition of public key encryption schemes and their security models. This forms the basis of
More informationBrief Introduction to Provable Security
Brief Introduction to Provable Security Michel Abdalla Département d Informatique, École normale supérieure michel.abdalla@ens.fr http://www.di.ens.fr/users/mabdalla 1 Introduction The primary goal of
More informationALIKE: Authenticated Lightweight Key Exchange. Sandrine Agagliate, GEMALTO Security Labs
ALIKE: Authenticated Lightweight Key Exchange Sandrine Agagliate, GEMALTO Security Labs Outline: Context Description of ALIKE Generic description Full specification Security properties Chip Unforgeability
More informationCSC 5930/9010 Modern Cryptography: Digital Signatures
CSC 5930/9010 Modern Cryptography: Digital Signatures Professor Henry Carter Fall 2018 Recap Implemented public key schemes in practice commonly encapsulate a symmetric key for the rest of encryption KEM/DEM
More informationTwo-Dimensional Representation of Cover Free Families and its Applications: Short Signatures and More Shota Yamada The University of Tokyo
Two-Dimensional Representation of Cover Free Families and its Applications: Short Signatures and More Shota Yamada The University of Tokyo Session ID: CRYP-303 Session Classification: Advanced Our Results
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationStateful Key Encapsulation Mechanism
Stateful Key Encapsulation Mechanism Peng Yang, 1 Rui Zhang, 2 Kanta Matsuura 1 and Hideki Imai 2 The concept of stateful encryption was introduced to reduce computation cost of conventional public key
More informationRelaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey, Santanu Sarkar and Mahavir Prasad Jhanwar CR Rao AIMSCS Hyderabad November 2, 2012 Outline 1 Definitions
More informationSecurity Analysis and Modification of ID-Based Encryption with Equality Test from ACISP 2017
Security Analysis and Modification of ID-Based Encryption with Equality Test from ACISP 2017 Hyung Tae Lee 1, Huaxiong Wang 2, Kai Zhang 3, 4 1 Chonbuk National University, Republic of Korea 2 Nanyang
More informationMulti-Theorem Preprocessing NIZKs from Lattices
Multi-Theorem Preprocessing NIZKs from Lattices Sam Kim and David J. Wu Stanford University Soundness: x L, P Pr P, V (x) = accept = 0 No prover can convince honest verifier of false statement Proof Systems
More informationA CCA2 Secure PKE Based on McEliece Assumptions in the Standard Model
A CCA2 Secure PKE Based on McEliece Assumptions in the Standard Model Jörn Müller-Quade European Institute for System Security KIT, Karlsruhe, Germany 04/23/09 Session ID: CRYP301 Session Classification:
More informationAuthenticating compromisable storage systems
Authenticating compromisable storage systems Jiangshan Yu Interdisciplinary Center for Security, Reliability and Trust University of Luxembourg Email: jiangshan.yu@uni.lu Mark Ryan School of Computer Science
More informationAttribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption
Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption Rakesh Bobba, Himanshu Khurana and Manoj Prabhakaran University of Illinois at Urbana-Champaign {rbobba,hkhurana,mmp}@illinois.edu
More informationSpatial Encryption. March 17, Adam Barth, Dan Boneh, Mike Hamburg
Adam Barth Dan Boneh Mike Hamburg March 17, 2008 Traditional Public-Key Infrastructure CA Alice Bob Traditional Public-Key Infrastructure CA PK Bob, proof of identity Alice Bob Traditional Public-Key Infrastructure
More informationA Designer s Guide to KEMs. Errata List
A Designer s Guide to KEMs Alexander W. Dent Information Security Group, Royal Holloway, University of London, Egham Hill, Egham, Surrey, U.K. alex@fermat.ma.rhul.ac.uk http://www.isg.rhul.ac.uk/~alex/
More informationAttribute-Based Authenticated Key Exchange
1 / 22 Attribute-Based Authenticated Key Exchange Choudary Gorantla, Colin Boyd and Juan González Nieto ACISP 2010 2 / 22 Outline Introduction 1 Introduction 2 3 4 3 / 22 Outline Introduction 1 Introduction
More informationCryptography Today. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 44
Cryptography Today Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 About the Course Regular classes with worksheets so you can work with some concrete examples (every Friday at 1pm).
More informationPublic-Key Cryptography
Computer Security Spring 2008 Public-Key Cryptography Aggelos Kiayias University of Connecticut A paradox Classic cryptography (ciphers etc.) Alice and Bob share a short private key using a secure channel.
More informationSecurity of Identity Based Encryption - A Different Perspective
Security of Identity Based Encryption - A Different Perspective Priyanka Bose and Dipanjan Das priyanka@cs.ucsb.edu,dipanjan@cs.ucsb.edu Department of Computer Science University of California Santa Barbara
More informationA Pairing Based Strong Designated Verifier Signature Scheme without Random Oracles
A Pairing Based Strong Designated Verifier Signature Scheme without Random Oracles Maryam Rajabzadeh Asaar 1, Mahmoud Salmasizadeh 2 1 Department of Electrical Engineering, 2 Electronics Research Center,
More informationFighting Pirates 2.0
9th International Conference on Applied Cryptography and Network Security (ACNS '11) Nerja (Málaga), Spain, June 7-10, 2011 Fighting Pirates 2.0 By Paolo D Arco and Ángel L. Pérez del Pozo Universidad
More informationIron: Functional encryption using Intel SGX
Iron: Functional encryption using Intel SGX Sergey Gorbunov University of Waterloo Joint work with Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh. Motivation DNA_A DB = Database of DNA sequences DNA_B
More informationWhat Can Be Proved About Security?
What Can Be Proved About Security? Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in Centre for Artificial Intelligence and Robotics Bengaluru 23 rd
More informationHash Proof Systems and Password Protocols
Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David Pointcheval CNRS, Ecole normale supe rieure/psl & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationNotes for Lecture 21. From One-Time Signatures to Fully Secure Signatures
U.C. Berkeley CS276: Cryptography Handout N21 Luca Trevisan April 7, 2009 Notes for Lecture 21 Scribed by Anand Bhaskar, posted May 1, 2009 Summary Today we show how to construct an inefficient (but efficiently
More informationKey-policy Attribute-based Encryption for Boolean Circuits from Bilinear Maps
Key-policy Attribute-based Encryption for Boolean Circuits from Bilinear Maps Ferucio Laurenţiu Ţiplea and Constantin Cătălin Drăgan Department of Computer Science Al.I.Cuza University of Iaşi Iaşi 700506,
More informationThreshold Cryptosystems from Threshold Fully Homomorphic Encryption
Threshold Cryptosystems from Threshold Fully Homomorphic Encryption Sam Kim Stanford University Joint work with Dan Boneh, Rosario Gennaro, Steven Goldfeder, Aayush Jain, Peter M. R. Rasmussen, and Amit
More informationCRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION
#RSAC SESSION ID: CRYP-W04 CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION Adam Shull Recent Ph.D. Graduate Indiana University Access revocation on the cloud #RSAC sk sk Enc Pub Sym pk k
More informationThe Simplex Algorithm for LP, and an Open Problem
The Simplex Algorithm for LP, and an Open Problem Linear Programming: General Formulation Inputs: real-valued m x n matrix A, and vectors c in R n and b in R m Output: n-dimensional vector x There is one
More informationAttribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption
Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption Rakesh Bobba, Himanshu Khurana and Manoj Prabhakaran University of Illinois, Urbana-Champaign IL USA, {rbobba,hkhurana,mmp}@illinois.edu
More informationEnforcing Role-Based Access Control for Secure Data Storage in the Cloud
The Author 211. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions please email: journals.permissions@oup.com Advance Access publication
More informationMulti-authority attribute based encryption with honest-but-curious central authority
Proceedings of the 10th International Conference on Computational and Mathematical Methods in Science and Engineering, CMMSE 2010 27 30 June 2010. Multi-authority attribute based encryption with honest-but-curious
More informationProvable Partial Key Escrow
Provable Partial Key Escrow Kooshiar Azimian Electronic Research Center, Sharif University of Technology, and Computer Engineering Department, Sharif University of Technology Tehran, Iran Email: Azimian@ce.sharif.edu
More informationVerifiably Encrypted Signature Scheme with Threshold Adjudication
Verifiably Encrypted Signature Scheme with Threshold Adjudication M. Choudary Gorantla and Ashutosh Saxena Institute for Development and Research in Banking Technology Road No. 1, Castle Hills, Masab Tank,
More informationMulti-authority attribute based encryption with honest-but-curious central authority
Multi-authority attribute based encryption with honest-but-curious central authority Vladimir Božović 1, Daniel Socek 2, Rainer Steinwandt 1, and Viktória I. Villányi 1 1 Department of Mathematical Sciences,
More informationDynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption
Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption Amit Sahai 1, Hakan Seyalioglu 2, and Brent Waters 3 1 Department of Computer Science, UCLA 2 Department of Mathematics, UCLA
More informationSecure Multiparty Computation
Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare
More informationScalable Bias-Resistant Distributed Randomness
Scalable Bias-Resistant Distributed Randomness Ewa Syta*, Philipp Jovanovic, Eleftherios Kokoris Kogias, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Michael J. Fischer, Bryan Ford *Trinity College, USA
More informationFORMALIZING GROUP BLIND SIGNATURES... PRACTICAL CONSTRUCTIONS WITHOUT RANDOM ORACLES. Essam Ghadafi ACISP 2013
FORMALIZING GROUP BLIND SIGNATURES AND PRACTICAL CONSTRUCTIONS WITHOUT RANDOM ORACLES Essam Ghadafi ghadafi@cs.bris.ac.uk University of Bristol ACISP 2013 FORMALIZING GROUP BLIND SIGNATURES... OUTLINE
More informationVeriStream A Framework for Verifiable Data Streaming
VeriStream A Framework for Verifiable Data Streaming Dominique Schöder and Mark Simkin Saarland University Saarbrücken, Germany Abstract In a Verifiable Data Streaming (VDS) protocol a computationally
More informationInference Attack-Resistant E-Healthcare Cloud System with Fine-Grained Access Control
JOURNAL OF L A T E X CLASS FILES, VOL., NO., JANUARY 2017 1 Inference Attack-Resistant E-Healthcare Cloud System with Fine-Grained Access Control Wei Zhang, Yaping Lin, Member, IEEE, Jie Wu, Fellow, IEEE,
More informationCiphertext-Policy Attribute-Based Encryption (CP-ABE)
Ciphertext-Policy Attribute-Based Encryption (CP-ABE) Presented by Sherley Codio Fall, 2011 - Privacy&Security - Virginia Tech Computer Science Application Scenario Sharing data on distributed systems
More informationSecret Sharing With Trusted Third Parties Using Piggy Bank Protocol
Secret Sharing With Trusted Third Parties Using Piggy Bank Protocol Adnan Memon Abstract This paper presents a new scheme to distribute secret shares using two trusted third parties to increase security
More informationPrivacy Preserving Revocable Predicate Encryption Revisited
Privacy Preserving Revocable Predicate Encryption Revisited Kwangsu Lee Intae Kim Seong Oun Hwang Abstract Predicate encryption (PE) that provides both the access control of ciphertexts and the privacy
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 El Gamal Encryption RSA Encryption Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationTime-Specific Encryption
Time-Specific Encryption Kenneth G. Paterson and Elizabeth A. Quaglia Information Security Group, Royal Holloway, University of London, Kenny.Paterson@rhul.ac.uk, E.A.Quaglia@rhul.ac.uk Abstract. This
More informationPaper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage
1 Announcements Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage 2 Recap and Overview Previous lecture: Symmetric key
More informationEfficient Dynamic Provable Possession of Remote Data via Balanced Update Trees
Efficient Dynamic Provable Possession of Remote Data via Balanced Update Trees Yihua Zhang and Marina Blanton Department of Computer Science and Engineering University of Notre Dame {yzhang16,mblanton}@nd.edu
More informationNon-Interactive Conference Key Distribution and Its Applications
Non-Interactive Conference Key Distribution and Its Applications Reihaneh Safavi-Naini and Shaoquan Jiang Department of Computer Science University of Calgary {rei,sqjiang}@ucalgary.ca Abstract. A non-interactive
More informationDAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems
1790 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOVEMBER 2013 DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems Kan Yang, Associate Member,
More informationProofs for Key Establishment Protocols
Information Security Institute Queensland University of Technology December 2007 Outline Key Establishment 1 Key Establishment 2 3 4 Purpose of key establishment Two or more networked parties wish to establish
More informationSecurity of Cryptosystems
Security of Cryptosystems Sven Laur swen@math.ut.ee University of Tartu Formal Syntax Symmetric key cryptosystem m M 0 c Enc sk (m) sk Gen c sk m Dec sk (c) A randomised key generation algorithm outputs
More informationSecurity Weaknesses of an Anonymous Attribute Based Encryption appeared in ASIACCS 13
Security Weaknesses of an Anonymous Attribute Based Encryption appeared in ASIACCS 13 Payal Chaudhari, Manik Lal Das, Anish Mathuria DA-IICT, Gandhinagar, India {payal chaudhari, maniklal das, anish mathuria}@daiict.ac.in
More information6 Pseudorandom Functions
6 Pseudorandom Functions A pseudorandom generator allows us to take a small amount of uniformly sampled bits, and amplify them into a larger amount of uniform-looking bits A PRG must run in polynomial
More informationSecure digital certificates with a blockchain protocol
Secure digital certificates with a blockchain protocol Federico Pintore 1 Trento, 10 th February 2017 1 University of Trento Federico Pintore Blockchain and innovative applications Trento, 10 th February
More informationOn the Security of an Efficient Group Key Agreement Scheme for MANETs
On the Security of an Efficient Group Key Agreement Scheme for MANETs Purushothama B R 1,, Nishat Koti Department of Computer Science and Engineering National Institute of Technology Goa Farmagudi, Ponda-403401,
More informationNotes for Lecture 14
COS 533: Advanced Cryptography Lecture 14 (November 6, 2017) Lecturer: Mark Zhandry Princeton University Scribe: Fermi Ma Notes for Lecture 14 1 Applications of Pairings 1.1 Recap Consider a bilinear e
More informationMatrix Access structure Policy used in Attribute-Based Proxy Re-encryption
Matrix Access structure Policy used in Attribute-Based Proxy Re-encryption Keying Li Faculty of science, Xidian University, Xi'an 710071, China Abstract Proxy re-encryption (PRE) allows a semi-trusted
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationFurther Observations on Certificate-Base Encryption and its Generic Construction from Certificateless Public Key Encryption
Further Observations on Certificate-Base Encryption and its Generic Construction from Certificateless Public Key Encryption Yang Lu College of Computer and Information Engineering, Hohai University 210098
More informationHomework 3: Solution
Homework 3: Solution March 28, 2013 Thanks to Sachin Vasant and Xianrui Meng for contributing their solutions. Exercise 1 We construct an adversary A + that does the following to win the CPA game: 1. Select
More informationIdentity-based Encryption with Efficient Revocation
Identity-based Encryption with Efficient Revocation Alexandra Boldyreva School of Computer Science Georgia Institute of Technology Atlanta, GA aboldyre@cc.gatech.edu Vipul Goyal Dept. of Computer Science
More informationGroup Selection and Key Management Strategies for Ciphertext-Policy Attribute-Based Encryption
Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 12-2013 Group Selection and Key Management Strategies for Ciphertext-Policy Attribute-Based Encryption Russell
More informationBlind Identity-Based Encryption and Simulatable Oblivious Transfer
An extended abstract of this paper appears in Kaoru Kurosawa (Ed.): Advances in Cryptology - ASIACRYPT 2007, volume 4833 of Lecture Notes in Computer Science, pages 265 282, Springer-Verlag, 2007. This
More informationA compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems.
A compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems. G Swetha M.Tech Student Dr.N.Chandra Sekhar Reddy Professor & HoD U V N Rajesh Assistant Professor Abstract Cryptography
More informationAn Efficient Verifiable Multi-Authority Secret Access control scheme in Cloud Storage M.Sreelakshmi & P.Gangadhara
An Efficient Verifiable Multi-Authority Secret Access control scheme in Cloud Storage M.Sreelakshmi & P.Gangadhara 1 M.Tech, Dept of CSE,Shri Shirdi Sai Institute of Science and Engineering, Affiliated
More informationCryptographic Primitives and Protocols for MANETs. Jonathan Katz University of Maryland
Cryptographic Primitives and Protocols for MANETs Jonathan Katz University of Maryland Fundamental problem(s) How to achieve secure message authentication / transmission in MANETs, when: Severe resource
More informationBlock cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75
Block cipher modes Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 75 Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 76 Block cipher modes Block ciphers (like
More informationGroup-based Proxy Re-encryption Scheme Secure against Chosen Ciphertext Attack
International Journal of Network Security, Vol.8, No., PP.266 270, May 2009 266 Group-based Proxy Re-encryption Scheme Secure against Chosen Ciphertext Attack Chunbo Ma and Jun Ao (Corresponding author:
More informationRing Signatures: Stronger Definitions, and Constructions without Random Oracles
Ring Signatures: Stronger Definitions, and Constructions without Random Oracles Adam Bender Jonathan Katz Ruggero Morselli Abstract Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable
More informationMurali Godi. A Thesis
NEW TECHNIQUES FOR PUBLIC KEY ENCRYPTION WITH SENDER RECOVERY Murali Godi A Thesis Submitted to the Graduate Faculty of the State University of New York Polytechnic Institute in Partial Fulfillment of
More informationSession Based Ciphertext Policy Attribute Based Encryption Method for Access Control in Cloud Storage
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 09 (September. 2014), V3 PP 21-25 www.iosrjen.org Session Based Ciphertext Policy Attribute Based Encryption
More informationZERO KNOWLEDGE UNDENIABLE SIGNATURE SCHEME OVER SEMIGROUP ACTION PROBLEM
ITALIAN JOURNAL OF PURE AND APPLIED MATHEMATICS N. 38 2017 (45 53) 45 ZERO KNOWLEDGE UNDENIABLE SIGNATURE SCHEME OVER SEMIGROUP ACTION PROBLEM Neha Goel Department of Mathematics University of Delhi Delhi
More informationRevisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives
S C I E N C E P A S S I O N T E C H N O L O G Y Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives David Derler, Christian Hanser, and Daniel Slamanig, IAIK,
More informationWhite-box Cryptomania
White-box Cryptomania Pascal Paillier CryptoExperts ECRYPT NET Workshop on Crypto for the Cloud & Implementation Paris, June 27-28 2017 Overview 1 What is white-box crypto? 2 White-box compilers for signatures
More informationImproved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption
Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption Dan Boneh 1 and Jonathan Katz 2 1 Computer Science Department, Stanford University, Stanford CA 94305 dabo@cs.stanford.edu
More information